What are the main forms of attack on a computer system or network?
The forms of attack on computer systems and networks: malware, phishing, social engineering, brute-force attacks, denial of service, data interception and theft, SQL injection, and people as a weak point.
An OCR J277 1.4.1 answer on the forms of attack on computer systems and networks: malware, phishing, social engineering, brute-force attacks, denial of service, data interception and theft, SQL injection, and people as the weak point.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
Jump to a section
What this dot point is asking
OCR wants you to describe the main forms of attack on a computer system or network and to recognise that people are often the weakest link. Each attack has a precise definition, and the exam frequently asks you to describe two or three and to tell apart ones that are easily confused (phishing versus brute force, DoS versus SQL injection).
Malware
Phishing and social engineering
Brute force, denial of service, interception and SQL injection
People as the weak point
Try this
Q1. Describe what is meant by phishing. [2 marks]
- Cue. Sending fake, trusted-looking messages to trick the user into revealing personal information, often via a link to a fake website.
Q2. State what a denial of service (DoS) attack does. [1 mark]
- Cue. It floods a server with requests so it cannot respond to legitimate users, making the service unavailable.
Q3. Explain why people are often described as the weakest point in security. [1 mark]
- Cue. Many attacks exploit human trust and error (clicking phishing links, weak passwords) rather than defeating the technology.
Exam-style practice questions
Practice questions written in the style of OCR exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
OCR 20214 marksDescribe what is meant by phishing and by a brute-force attack.Show worked answer →
Phishing (2 marks): sending fake messages (usually emails) that appear to come from a trusted organisation such as a bank, to trick the user into revealing personal information such as passwords or bank details, often by clicking a link to a fake website that looks genuine.
Brute-force attack (2 marks): an attempt to gain access by systematically trying many possible passwords or keys, often using automated software, until the correct one is found. Short or simple passwords are cracked quickly; long, complex passwords take much longer.
Markers reward "fake/trusted-looking message to trick the user into giving information" for phishing, and "trying many combinations until the password is found" for brute force. Confusing the two loses marks.
OCR 20234 marksDescribe a denial of service (DoS) attack and explain how an SQL injection attack works.Show worked answer →
Denial of service (2 marks): an attack that floods a server or network with so many requests that it becomes overwhelmed and cannot respond to legitimate users, making the website or service unavailable. (A distributed denial of service, DDoS, uses many computers at once.)
SQL injection (2 marks): entering malicious SQL code into an input box (such as a login or search field) on a website that does not validate its inputs, so that the code is run by the database. This can let an attacker bypass a login, or read, change or delete data they should not be able to access.
Markers reward "flooding with requests so legitimate users cannot get a response" for DoS, and "malicious SQL entered into an input that the database runs" for SQL injection.
Related dot points
- Methods to identify and prevent vulnerabilities: penetration testing, anti-malware software, firewalls, user access levels, passwords, encryption, physical security and network policies.
An OCR J277 1.4.2 answer on the methods used to identify and prevent vulnerabilities: penetration testing, anti-malware software, firewalls, user access levels, passwords, encryption, physical security and network policies.
- Types of network (LAN and WAN), the factors that affect network performance, and the difference between client-server and peer-to-peer networks.
An OCR J277 1.3.1 answer on LANs and WANs, the factors that affect network performance (bandwidth, number of users, transmission media, interference), and the difference between client-server and peer-to-peer networks.
- Wired (Ethernet) versus wireless (Wi-Fi) connections and their relative advantages and disadvantages, and the role of encryption in wireless networks.
An OCR J277 1.3.2 answer on wired (Ethernet) versus wireless (Wi-Fi) connections, their relative advantages and disadvantages, and the role of encryption in keeping wireless networks secure.
- Common network protocols (TCP/IP, HTTP, HTTPS, FTP, POP, IMAP, SMTP), the concept of layers and the benefits of using them.
An OCR J277 1.3.2 answer on the common network protocols (TCP/IP, HTTP, HTTPS, FTP, POP, IMAP, SMTP), what a protocol is, the concept of network layers and the benefits of using a layered model.
- Legislation relevant to computer science: the Data Protection Act 2018, the Computer Misuse Act 1990, the Copyright, Designs and Patents Act 1988, and software licensing (open source versus proprietary).
An OCR J277 1.6.1 answer on the key computing laws: the Data Protection Act 2018, the Computer Misuse Act 1990 and its three offences, the Copyright, Designs and Patents Act 1988, and the difference between open source and proprietary software licensing.
Sources & how we know this
- OCR GCSE (9-1) Computer Science (J277) specification — OCR (2020)