What does OCR 1.4 Network security cover?

It covers the forms of attack on computer systems and networks (malware, phishing, social engineering, brute-force attacks, denial of service, data interception and theft, SQL injection, and people as a weak point) and the methods used to identify and prevent these vulnerabilities (penetration testing, anti-malware software, firewalls, user access levels, passwords, encryption, physical security and network policies). It is examined in Paper J277/01.

What is the difference between phishing and social engineering?

Social engineering is the broad practice of manipulating people into giving away confidential information or access, exploiting human trust rather than technical weaknesses. Phishing is a specific form of social engineering: sending fake, trusted-looking messages (usually emails) to trick the user into revealing details, often via a link to a fake website.

What does a firewall do?

A firewall monitors and controls the traffic entering and leaving a network, allowing through only data that meets its rules and blocking anything that does not. This helps keep out unauthorised access and attacks. It filters network traffic, which is different from anti-malware software that scans for and removes malicious software on a device.

How does encryption protect data?

Encryption scrambles data using a key so that if it is intercepted or stolen it appears as meaningless ciphertext and cannot be read without the key. It does not stop data being intercepted or stolen, but it makes the stolen data useless to an attacker who does not have the key.

What is penetration testing?

Penetration testing is deliberately attacking your own system, as a hacker would, to find weaknesses before a real attacker does, so they can be fixed. It is a way of identifying vulnerabilities, and regular testing keeps defences up to date as new threats appear.

EnglandComputer Science

OCR GCSE Computer Science 1.4 Network security: forms of attack and how to identify and prevent vulnerabilities

A deep-dive OCR GCSE Computer Science guide to topic 1.4 Network security. Covers the forms of attack (malware, phishing, social engineering, brute force, denial of service, SQL injection, the human weak point) and the methods to identify and prevent them (penetration testing, anti-malware, firewalls, access levels, encryption, physical security, policies).

Generated by Claude Opus 4.812 min readJ277 1.4Updated 2026-06-02

Reviewed by: AI editorial process; not yet individually human-reviewed

Jump to a section

What topic 1.4 actually demands
The forms of attack
Identifying and preventing vulnerabilities
Check your knowledge

What topic 1.4 actually demands

Network security is a definition-heavy topic examined in Paper 1, where the marks reward precise descriptions of attacks and a clear mechanism for each defence. You need to know the forms of attack, recognise that people are often the weak point, and describe the methods used to identify and prevent vulnerabilities.

This guide ties together the two dot-point pages for the topic.

The forms of attack

The attacks OCR lists are malware (malicious software: viruses, worms, trojans, ransomware, spyware), phishing (fake trusted-looking messages to trick users), social engineering (manipulating people for information or access), brute-force attacks (trying many passwords until one works), denial of service (flooding a server so it cannot serve real users), data interception and theft (capturing data in transit), and SQL injection (entering malicious SQL into an unvalidated input so the database runs it). Crucially, people are often the weakest point, because many attacks exploit human trust and error.

Identifying and preventing vulnerabilities

The defences are: penetration testing (attacking your own system to find weaknesses first), anti-malware software (detecting and removing malware), firewalls (filtering traffic in and out by rules), user access levels (giving each user only what their role needs), passwords (especially strong ones), encryption (scrambling data so it cannot be read without the key), physical security (locking server rooms and devices), and network policies (rules and staff training). No single method is enough, so organisations layer them.

Check your knowledge

A mix of recall and applied questions covering topic 1.4. Attempt them, then check against the solutions.

Name two types of malware. (2 marks)
Describe what is meant by phishing. (2 marks)
State what a denial of service (DoS) attack does. (1 mark)
Explain how an SQL injection attack works. (2 marks)
State the purpose of a firewall. (1 mark)
Explain how user access levels improve security. (2 marks)
State how encryption protects data. (1 mark)
State what penetration testing is used for. (1 mark)

Solutions

Q1: Any two of: virus, worm, trojan, ransomware, spyware.
Q2: Sending fake, trusted-looking messages (usually emails) to trick the user into revealing personal information, often via a link to a fake website.
Q3: It floods a server or network with requests so it cannot respond to legitimate users, making the service unavailable.
Q4: Malicious SQL code is entered into an input box on a website that does not validate its inputs, so the database runs it, letting the attacker bypass a login or read, change or delete data.
Q5: It monitors and filters the traffic entering and leaving a network by rules, blocking unauthorised access.
Q6: Each user gets only the permissions their role needs, so they cannot access data they should not, which limits the damage if an account is compromised.
Q7: It scrambles the data with a key, so if it is intercepted or stolen it cannot be read without the key.
Q8: Deliberately attacking your own system to find weaknesses before a real attacker does, so they can be fixed.

Sources & how we know this

OCR GCSE (9-1) Computer Science (J277) specification — OCR (2020)