Preventing network vulnerabilities
OCR J277 Paper 1 pairs this topic with 1.4.1 (threats). You need to know each preventive method, what kind of threat it counters, and how it works.
Preventive methods
| Method | What it does | Threats it counters |
|---|---|---|
| Penetration testing | A controlled attack on a system, by authorised testers, to find weaknesses before real attackers do. White-box (with insider info) or black-box (no info). | Reveals all categories of weakness so they can be patched. |
| Anti-malware | Software that scans for, quarantines and removes malware. Uses signature databases (must be kept up to date) and heuristic/behavioural detection. | Viruses, worms, trojans, spyware, ransomware. |
| Firewall | Hardware or software that monitors and filters network traffic between an internal network and the outside world based on rules (allow/deny by IP, port, protocol). | Unauthorised remote access, brute-force probes, some DoS. |
| User-access levels | Different user accounts have different permissions — e.g. read-only, read-write, admin. Principle of least privilege. | Limits damage from social engineering or compromised accounts; reduces insider risk. |
| Strong passwords | Long, mixture of upper/lower/digits/symbols; not reused. Combined with multi-factor authentication where possible. | Brute-force, dictionary attacks, credential stuffing. |
| Encryption | Scrambles data using a key so it is unreadable to anyone without the key. Used at rest (disk) and in transit (HTTPS, VPN). | Eavesdropping, man-in-the-middle, theft of data files or backups. |
| Physical security | Locks, swipe cards, CCTV, server-room access controls. | Theft, tailgating, hardware tampering, shoulder-surfing. |
How preventive methods are layered
Defence in depth — no single method blocks every threat. A real organisation combines firewalls, anti-malware, user-access, encryption and physical security so that breaching one layer is not enough to compromise the system.
Penetration testing — internal vs external
- Internal pen-test simulates an insider — what could a disgruntled employee or compromised account do?
- External pen-test simulates an outside attacker — what is reachable from the internet?
Common OCR exam mistakes
- Saying "encryption stops malware" — encryption protects confidentiality of data, it does not stop malicious software running.
- Saying "a firewall stops viruses" — that is anti-malware. A firewall blocks unauthorised network traffic.
- Forgetting penetration testing is authorised — without authorisation it is illegal under the Computer Misuse Act.
- Listing methods without saying which threat each counters.
AI-generated · claude-opus-4-7 · v3-ocr-computer-science-leaves