Network Security (AQA GCSE Computer Science): Revision Notes
Network security
Network security is a crucial area of computer science that focuses on protecting networks from unauthorised access and cyber threats. When networks are compromised, hackers can access multiple connected devices, steal sensitive information, or install harmful software across entire systems.
Network security is more critical than ever in our interconnected world. A single security breach can affect thousands of users and compromise entire organisational systems, making robust protection essential for any network infrastructure.
What is network security?
Network security involves preventing unauthorised individuals from accessing computer networks. This protection is essential because networks are more vulnerable to attacks than individual standalone devices. Once a hacker gains access to one device on a network, they can potentially access other connected devices, steal important data, or install malicious software on network servers.
Networks create a significant security vulnerability: if one device is compromised, hackers can potentially access all connected devices. This interconnectedness makes network security far more complex than protecting individual computers.
The main goal of network security is to ensure that only authorised users can access network resources while keeping potential threats out.
Authentication methods
Authentication is the process of verifying that users are who they claim to be. There are several different approaches used to authenticate users before granting network access.
Username and password authentication
The most widely used authentication method involves usernames and passwords. Users select a unique username and secret password, and when these credentials are entered into a computer system, it checks them against stored user records. To prevent unauthorised access attempts, systems often lock user accounts after multiple failed login attempts, which stops people from repeatedly guessing passwords.
Account lockout mechanisms are a critical security feature. They typically activate after 3-5 failed attempts and may lock accounts for a specified time period or require administrator intervention to unlock.
Possession-based authentication
This method relies on something that only the legitimate user should possess, such as an electronic key, specific device, or account access. Some systems verify identity by sending a secret code via email or text message to a registered phone number, ensuring that only the account owner can receive and enter the code.
Example: SMS Authentication
- User enters username and password
- System sends 6-digit code to registered phone: "Your login code is 847291"
- User enters the code within 5 minutes
- System grants access only if code matches
Biometric authentication
Biometrics uses unique biological characteristics to identify users. Common examples include fingerprint scanners and voice recognition systems. Many schools use fingerprint scanners for student identification, and banks increasingly use voice recognition for telephone banking services.
Biometric authentication is highly secure because biological characteristics are nearly impossible to replicate or steal, unlike passwords which can be guessed or compromised.
Two-factor authentication
Two-factor authentication combines two different authentication methods for enhanced security. For example, you might first log in with your username and password, then immediately receive and enter a text message code. This dual approach makes accounts much more secure because an attacker would need to compromise both authentication factors.
Two-factor authentication dramatically increases security. Even if someone steals your password, they still cannot access your account without the second authentication factor, such as your phone or biometric data.
Once users are properly authenticated, access levels can be implemented to ensure people can only access the specific files and resources they need for their roles.
Encryption techniques
Encryption transforms data into an unreadable format to protect it from unauthorised access. This is particularly important for internet communications, where data travelling between devices could potentially be intercepted by hackers.
Why encryption matters
Any information sent over the internet is vulnerable to being intercepted and read by unauthorised individuals. Encryption is especially crucial for protecting sensitive data like credit card numbers used in online shopping. Data transmitted wirelessly is particularly susceptible to interception, so encryption disguises the content to make it meaningless to anyone without the proper decryption key.
Wireless data transmission is extremely vulnerable to interception. Without encryption, anyone with the right equipment can potentially read your data as it travels through the air between devices.
How encryption works
Encryption uses special keys and algorithms to scramble data. A simple example is the Caesar cipher, which shifts letters by a fixed number of positions in the alphabet.
Worked Example: Caesar Cipher Encryption
Using a Caesar cipher with a 4-position shift:
- Original message: "COMPUTING"
- Apply 4-position shift to each letter:
- C → G, O → S, M → Q, P → T, U → Y, T → X, I → M, N → R, G → K
- Encrypted message: "GSQTYXMRK"
To decrypt, the recipient shifts each letter back 4 positions using the same key.
Types of encryption
Symmetric encryption (like the Caesar cipher) uses the same key for both encrypting and decrypting data. Both the sender and receiver must share this identical key.
Asymmetric encryption uses a pair of keys: a public key that can be shared with anyone, and a private key that remains secret. Anyone can use your public key to encrypt messages to send to you, but only your private key can decrypt those messages.
The key difference is key sharing: symmetric encryption requires secure key exchange between parties, while asymmetric encryption eliminates this problem by using separate public and private keys.
Firewall protection
A firewall is a network security device that monitors and controls incoming and outgoing network traffic. Think of it as a digital security guard that decides what traffic is allowed to pass through based on predetermined security rules.
The firewall analogy is quite literal - just as a physical firewall prevents fire from spreading between building sections, a network firewall prevents malicious traffic from spreading into your network.
How firewalls work
Firewalls are primarily designed to prevent unwanted internet traffic from accessing a network. They can block specific types of files, data from particular IP addresses, or access to certain websites. For example, a company might use a firewall to block employee access to social media sites during work hours.
Firewalls use network ports to control data flow, and these ports can be opened or closed to manage what information passes through.
Network ports function like doorways - each port serves a specific purpose (port 80 for web traffic, port 25 for email), and firewalls can selectively open or close these "doors" based on security policies.
Firewall implementation
Many operating systems include built-in firewall software, but firewalls can also be separate hardware devices. They are often integrated into routers. Firewall technology continues to evolve rapidly, with capabilities expanding significantly in recent years.
MAC address filtering
A Media Access Control (MAC) address is a unique identifier assigned to every network interface controller inside a device. This address is permanently assigned when the network card is manufactured and cannot be changed.
MAC addresses are like digital fingerprints for network devices - each one is completely unique and permanently assigned, making them reliable for device identification.
Understanding MAC addresses
MAC addresses consist of 48 bits, displayed as six groups of two hexadecimal digits (for example: b8:09:8a:b8:57:17). Each hexadecimal digit represents 4 bits of data, so six groups of two hexadecimal digits equals 12 hexadecimal digits, which represents 48 bits total.
Worked Example: MAC Address Bit Calculation
MAC address format: b8:09:8a:b8:57:17
- 6 groups of 2 hexadecimal digits = 12 total hex digits
- Each hex digit represents 4 bits
- Total bits: 12 × 4 = 48 bits
This gives every device a unique 48-bit identifier from approximately 281 trillion possible combinations.
How MAC address filtering works
MAC address filtering controls network access by allowing or blocking specific devices based on their MAC addresses. This can be implemented in two ways:
White list approach: Only devices on an approved list can connect to the network. This is more secure but requires manually adding each approved device to the list.
Black list approach: All devices can connect except those specifically blocked on a deny list.
The white list approach provides better security but requires more administrative work. Organisations must balance security needs with practical management requirements when choosing their filtering strategy.
Comprehensive network security
Authentication, encryption, firewalls, and MAC address filtering work together to create robust network security. Authentication ensures only authorised users can log in, while encryption protects data even if it gets intercepted. Firewalls monitor and philtre all network traffic, and MAC address filtering controls which devices can access the network in the first place.
On wireless networks, data transmissions are encrypted to prevent eavesdropping, even if someone intercepts the signals. The combination of these security measures creates multiple layers of protection, making networks much more secure than relying on any single security method alone.
Key Points to Remember:
- Network security prevents unauthorised access - Multiple security layers protect networks better than single methods
- Authentication verifies user identity - Common methods include passwords, biometrics, and two-factor authentication
- Encryption scrambles data - Caesar cipher is simple; symmetric uses same key; asymmetric uses public/private key pairs
- Firewalls control network traffic - They block unwanted connections and can be software or hardware-based
- MAC address filtering manages device access - Uses unique device identifiers to allow or block network connections