How do we keep a network and its data safe?
Understand the methods used to keep a network secure, including authentication, encryption, firewalls and MAC address filtering.
A focused answer to AQA GCSE Computer Science 3.5.4, covering the methods used to keep a network secure, including authentication, encryption, firewalls and MAC address filtering.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
Jump to a section
What this dot point is asking
AQA wants you to describe the methods used to keep a network secure, including authentication, encryption, firewalls and MAC address filtering, and explain how each one protects the network.
Authentication
Authentication controls who can use the network, but it does not protect the data itself once a user is in, which is why it is combined with other methods. Strong passwords and two-factor authentication make it much harder for an attacker to impersonate a legitimate user.
Encryption
Encryption is the defence against interception (eavesdropping). Even if an attacker captures the packets, they see only meaningless ciphertext, so the confidentiality of the data is preserved. This is why HTTPS (encrypted web traffic) is used for logins, banking and any sensitive data.
Firewalls
A firewall works by inspecting each connection against rules (for example which ports and addresses are allowed) and dropping anything not permitted. It prevents unauthorised access from outside, but it controls traffic rather than removing malware that is already present, which is the job of anti-malware software.
MAC address filtering
Why several methods are combined
The recurring theme of network security is defence in depth: because each method protects against a different kind of threat, they are layered so that defeating one does not break the whole system. Authentication stops unauthorised users logging in, but does nothing once data is travelling, which is encryption's job. A firewall blocks unwanted connections from outside, but does not check who a logged-in user is. MAC address filtering controls which devices connect, but does not protect the data they send. Combining authentication, encryption, a firewall and MAC filtering means an attacker would have to defeat several independent defences at once, which is far harder than beating any one alone.
Try this
Q1. State the purpose of a firewall. [2 marks]
- Cue. To monitor and control traffic entering and leaving a network, blocking unwanted or unauthorised connections.
Q2. Explain how MAC address filtering improves network security. [2 marks]
- Cue. Only devices with an approved unique hardware address can join, so unknown devices are blocked.
Exam-style practice questions
Practice questions written in the style of AQA exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
AQA 20194 marksDescribe two methods of keeping a network secure. For each method, explain how it protects the network.Show worked answer →
Encryption: data is scrambled using a key before it is sent, so anyone who intercepts it on the network cannot read it without the matching key. This protects the confidentiality of data in transit.
Firewall: it monitors and filters traffic entering and leaving the network against a set of rules, blocking connections that are not permitted, so it stops unauthorised access from outside such as the internet.
Markers reward two distinct named methods (from authentication, encryption, firewall, MAC filtering) each with an explanation of how it protects, not just a definition.
AQA 20224 marksA school worries that data sent over its network could be read if intercepted, and that unknown devices could connect. Recommend one security method for each concern and justify each choice.Show worked answer →
For intercepted data: use encryption. It scrambles the data with a key so that even if a packet is captured, it cannot be read without the key, directly addressing the interception concern.
For unknown devices: use MAC address filtering (and authentication). MAC filtering only allows devices whose unique hardware address is on an approved list to connect, so an unknown device is blocked even if it is in range.
Markers reward matching encryption to confidentiality of intercepted data and MAC filtering or authentication to controlling which devices connect, each with a justification tied to the concern.
Related dot points
- Understand the purpose of network protocols, the common protocols and ports, and the four-layer TCP/IP model and why layering is used.
A focused answer to AQA GCSE Computer Science 3.5.3, covering the purpose of network protocols, the common protocols and ports, and the four-layer TCP/IP model and why layering is used.
- Compare wired and wireless connectivity, understand how Wi-Fi works, and the role of encryption in wireless networks.
A focused answer to AQA GCSE Computer Science 3.5.2, covering the comparison of wired and wireless connectivity, how Wi-Fi works, and the role of encryption in wireless networks.
- Understand the methods used to detect and prevent cyber security threats, including penetration testing, anti-malware, firewalls, user access levels, passwords and encryption.
A focused answer to AQA GCSE Computer Science 3.6, covering the methods used to detect and prevent cyber security threats, including penetration testing, anti-malware, firewalls, user access levels, passwords and encryption.
- Understand the main cyber security threats, including the difference between vulnerabilities and attacks, and forms such as brute-force and denial-of-service attacks.
A focused answer to AQA GCSE Computer Science 3.6, covering the main cyber security threats, the difference between vulnerabilities and attacks, and forms such as brute-force and denial-of-service attacks.
Sources & how we know this
- AQA GCSE Computer Science (8525) specification — AQA (2020)