Detecting and preventing cyber-security threats

Once you know the threats (CS6.1) and the malware (CS6.3) and social-engineering tactics (CS6.2), the next step is defence. AQA highlights five technical and procedural measures: biometrics, password systems, CAPTCHA, email confirmation and automatic software updates.

1. Biometric measures

Authentication based on physical or behavioural characteristics:

• Fingerprint scanners.
• Face recognition.
• Iris / retina scans.
• Voice recognition.

Pros:

• Hard to forget or "forget to bring".
• Hard to share with others.
• Convenient for the user.

Cons:

• Once stolen (e.g. fingerprint database leak), can't be reset.
• False positives / negatives.
• Can sometimes be spoofed (photos, casts).
• Privacy implications.

Often combined with passwords as part of 2FA.

2. Password systems

Best practice for password authentication:

• Long passphrases (12+ characters, multiple words).
• Unique for every account (use a password manager).
• Salted hashing on the server (never store plaintext).
• Account lockout after several failed attempts.
• 2FA — second factor (phone code, hardware key).
• Forced rotation is now considered counterproductive — encourages weak choices.
• Banned-list checks against known-leaked passwords.

3. CAPTCHA

"Completely Automated Public Turing test to tell Computers and Humans Apart". A challenge that's easy for humans but hard for bots:

• Distorted text recognition.
• "Select all images with traffic lights".
• Invisible / behaviour-based modern CAPTCHAs.

Use cases: signup forms, login pages, comment forms — to block automated bot attacks (account creation, brute-force, spam).

Limitations:

• Accessibility — not all users can solve visual challenges.
• Some bots can now solve simple CAPTCHAs.
• Annoyance for legitimate users.

4. Email confirmation

When a user signs up, the system sends a link to the email address provided. Only by clicking the link does the account become active.

Purpose:

• Verifies the email belongs to the user (not just a typo or spam).
• Provides a recovery channel if the password is lost.
• Reduces fake / throwaway accounts.

Limitations:

• Doesn't prove identity beyond email control.
• Phishers can mimic confirmation emails.

5. Automatic software updates

Most successful attacks exploit known vulnerabilities that have already been patched. Automatic updates apply patches as soon as they're released, before attackers exploit them at scale.

Pros:

• No user effort.
• Closes security gaps quickly.
• Operating systems and major apps support it.

Cons:

• Updates occasionally break things.
• Sometimes interrupt the user (forced restart).
• Servers in production may need careful staged rollout.

Defence-in-depth combination

Real systems combine these measures with the layers from CS5.5:

• Authentication — strong passwords + 2FA + biometrics.
• Access control — least privilege.
• Network defences — firewall, encryption, MAC filtering.
• Application defences — input validation, secure coding.
• Monitoring — logs, intrusion detection, anomaly detection.
• Bot mitigation — CAPTCHA, rate-limiting.
• Email verification — for accounts and reset flows.
• Patching — automatic where safe.
• Education — anti-phishing training.