How can a system or network be protected against attacks?
Methods to identify and prevent vulnerabilities: penetration testing, anti-malware software, firewalls, user access levels, passwords, encryption, physical security and network policies.
An OCR J277 1.4.2 answer on the methods used to identify and prevent vulnerabilities: penetration testing, anti-malware software, firewalls, user access levels, passwords, encryption, physical security and network policies.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
Jump to a section
What this dot point is asking
OCR wants you to describe the methods used to identify and prevent vulnerabilities, and to explain how each one reduces risk. Higher-tariff questions ask you to recommend several methods for a scenario, so you must be able to name a method and give its mechanism, not just list words.
Identifying vulnerabilities
Preventing attacks: software defences
Preventing attacks: access and policy
Defence in depth
No single method protects a system on its own, which is why organisations layer them. Firewalls and anti-malware keep threats out, encryption protects data even if it is stolen, access levels and passwords control who can do what, physical security protects the hardware, and policies and training address the human weak point. Penetration testing checks the whole lot. In the exam, choose methods that match the scenario and always say how each one reduces the specific risk.
Try this
Q1. State the purpose of a firewall. [1 mark]
- Cue. It monitors and filters the traffic entering and leaving a network by rules, blocking unauthorised access.
Q2. Explain how user access levels help keep a network secure. [2 marks]
- Cue. Each user gets only the permissions their role needs, so they cannot access data they should not, limiting damage if an account is compromised.
Q3. State what penetration testing is used for. [1 mark]
- Cue. Deliberately attacking your own system to find weaknesses before a real attacker does, so they can be fixed.
Exam-style practice questions
Practice questions written in the style of OCR exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
OCR 20204 marksState the purpose of a firewall and explain how user access levels help to keep a network secure.Show worked answer →
Firewall (2 marks): a firewall monitors and controls the traffic entering and leaving a network, allowing through only data that meets its rules and blocking anything that does not, helping to keep out unauthorised access and attacks.
User access levels (2 marks): different users are given different permissions, so each person can only access the files and functions they need for their role. This limits the damage if an account is compromised and stops ordinary users from changing or seeing data they should not, for example only managers can access payroll.
Markers reward "controls/filters traffic in and out by rules" for the firewall and "restricting what each user can access according to their role" for access levels.
OCR 20226 marksA company wants to protect its network from attack. Describe three different methods it could use to identify or prevent vulnerabilities, explaining how each helps.Show worked answer →
Award up to two marks per method (named plus how it helps), to a maximum of six. Any three of:
Penetration testing: deliberately attacking the system (as a hacker would) to find weaknesses before a real attacker does, so they can be fixed.
Anti-malware software: scans for, detects and removes malware, and prevents known malware from running, protecting the system from viruses and similar threats.
Firewall: monitors and filters traffic in and out of the network by rules, blocking unauthorised access.
Encryption: scrambles data so that if it is intercepted or stolen it cannot be read without the key.
User access levels and strong passwords: limit what each user can access and make accounts harder to break into.
Physical security and network policies: lock server rooms and set rules (for example password rules, regular updates and staff training) to reduce risk.
Markers reward three distinct methods each with a clear explanation of how it reduces the risk.
Related dot points
- The forms of attack on computer systems and networks: malware, phishing, social engineering, brute-force attacks, denial of service, data interception and theft, SQL injection, and people as a weak point.
An OCR J277 1.4.1 answer on the forms of attack on computer systems and networks: malware, phishing, social engineering, brute-force attacks, denial of service, data interception and theft, SQL injection, and people as the weak point.
- Types of network (LAN and WAN), the factors that affect network performance, and the difference between client-server and peer-to-peer networks.
An OCR J277 1.3.1 answer on LANs and WANs, the factors that affect network performance (bandwidth, number of users, transmission media, interference), and the difference between client-server and peer-to-peer networks.
- Wired (Ethernet) versus wireless (Wi-Fi) connections and their relative advantages and disadvantages, and the role of encryption in wireless networks.
An OCR J277 1.3.2 answer on wired (Ethernet) versus wireless (Wi-Fi) connections, their relative advantages and disadvantages, and the role of encryption in keeping wireless networks secure.
- The purpose of utility software, and the purpose of encryption software, defragmentation software, data compression and backup utilities (full and incremental).
An OCR J277 1.5.2 answer on the purpose of utility software and the specific roles of encryption software, defragmentation software, data compression and backup utilities, including full and incremental backups.
- Legislation relevant to computer science: the Data Protection Act 2018, the Computer Misuse Act 1990, the Copyright, Designs and Patents Act 1988, and software licensing (open source versus proprietary).
An OCR J277 1.6.1 answer on the key computing laws: the Data Protection Act 2018, the Computer Misuse Act 1990 and its three offences, the Copyright, Designs and Patents Act 1988, and the difference between open source and proprietary software licensing.
Sources & how we know this
- OCR GCSE (9-1) Computer Science (J277) specification — OCR (2020)