How are networks kept secure and how does encryption protect data?
Understand network security threats, firewalls and proxy servers, the use of encryption, digital certificates and digital signatures, and the difference between symmetric and asymmetric encryption in transmission.
A focused answer to AQA A-Level Computer Science 4.8.5, covering network security threats, firewalls and proxy servers, encryption in transmission, digital certificates and digital signatures, and symmetric versus asymmetric encryption.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
Jump to a section
What this dot point is asking
AQA wants you to describe network security threats and protections (firewalls and proxy servers), explain the use of encryption in transmission, and describe digital certificates and digital signatures.
Threats and protections
The firewall and the proxy serve complementary roles. The firewall is the gatekeeper that decides which traffic may cross the boundary, enforcing security policy; the proxy is the middleman that handles requests on the clients' behalf, masking their identities and improving performance through caching. A network often uses both together, and recognising that their primary purposes differ (filtering versus intermediation) is what distinguishes a precise answer.
Encryption in transmission
In practice the two are combined. Asymmetric encryption is slow but solves key distribution, so a secure session (such as HTTPS) typically uses asymmetric encryption only to exchange a one-time symmetric session key, then switches to fast symmetric encryption for the bulk of the data. This hybrid gets the security of asymmetric key exchange with the speed of symmetric encryption, and it links directly to the data representation topic where the two encryption types are first introduced.
Digital signatures and certificates
Signatures and certificates solve different but related problems. A signature gives authenticity and integrity (this really came from the sender and was not tampered with), relying on the private key being secret. A certificate solves the prior question of trust in the public key itself: without it, an attacker could publish their own public key claiming to be a bank. The certificate authority acts as a trusted third party vouching for the binding between a public key and an identity, which is the foundation of trust on the web.
Exam-style practice questions
Practice questions written in the style of AQA exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
AQA 20194 marksExplain how a firewall and a proxy server each help to protect a network, and state one difference between their roles.Show worked answer →
A firewall controls traffic passing between networks (such as a LAN and the internet) by checking each packet against a set of rules and blocking anything not permitted, using packet filtering (inspecting addresses and ports) and stateful inspection (tracking the state of connections). This prevents unauthorised access and unwanted traffic reaching the internal network.
A proxy server acts as an intermediary between clients and the internet: it can hide the clients' IP addresses, cache frequently requested pages to speed access and reduce traffic, and filter or log requests.
A difference is that a firewall's primary role is filtering traffic to enforce security rules, whereas a proxy's primary role is to act as an intermediary that hides clients, caches content and filters requests on their behalf.
Markers reward a correct role for each device and a valid stated difference between them.
AQA 20215 marksExplain how a digital signature is created and verified, and explain how a digital certificate helps a user trust that a website's public key is genuine.Show worked answer →
To create a digital signature, the sender produces a hash (digest) of the message and encrypts that hash with their own private key; the signature is attached to the message. To verify it, the recipient decrypts the signature with the sender's public key to recover the original hash, independently hashes the received message, and compares the two hashes. If they match, the message came from the holder of the private key (authenticity) and has not been altered (integrity).
A digital certificate, issued by a trusted certificate authority, binds a public key to the identity of its owner. When a browser connects to a website it receives the site's certificate; because the certificate is signed by a trusted authority, the user can trust that the public key in it genuinely belongs to that website and was not substituted by an attacker.
Markers reward hashing then encrypting with the private key, verifying by decrypting with the public key and comparing hashes, and the certificate authority vouching that the public key belongs to the stated identity.
Related dot points
- Understand the structure of the internet, packet switching, the TCP/IP four-layer model, IP addressing, DNS, routers and gateways, and how data is routed across networks.
A focused answer to AQA A-Level Computer Science 4.8.4, covering the structure of the internet, packet switching, the TCP/IP four-layer model, IP addressing, DNS, routers and gateways, and how data is routed across networks.
- Understand LANs and WANs, star and bus topologies, wired and wireless networks, the role of switches, routers and the Wi-Fi standards including CSMA/CA and SSID.
A focused answer to AQA A-Level Computer Science 4.8.2 and 4.8.3, covering LANs and WANs, star and bus topologies, wired versus wireless networks, network hardware, and wireless networking with CSMA/CA and the SSID.
- Understand serial and parallel transmission, synchronous and asynchronous transmission, bit rate, baud rate and bandwidth, and the trade-offs between these methods.
A focused answer to AQA A-Level Computer Science 4.8.1, covering serial and parallel transmission, synchronous and asynchronous transmission, the meaning of bit rate, baud rate and bandwidth, and the trade-offs between methods.
- Understand lossy and lossless compression, run length encoding and dictionary-based compression, symmetric and asymmetric encryption, and error-checking methods such as parity and check digits.
A focused answer to AQA A-Level Computer Science 4.5.12 to 4.5.14, covering lossy and lossless compression, run length encoding and dictionary-based compression, symmetric and asymmetric encryption, and error checking with parity and check digits.
- Understand the client-server and peer-to-peer models, web technologies including HTML, CSS and JavaScript, the role of web servers, and the use of APIs and thin versus thick clients.
A focused answer to AQA A-Level Computer Science 4.8.6, covering the client-server and peer-to-peer models, web technologies including HTML, CSS and JavaScript, the role of web servers, and thin versus thick clients.
Sources & how we know this
- AQA A-level Computer Science (7517) specification — AQA (2015)