Spec & Goals 3 min
AQA Spec 3.6.2 — Methods to detect and prevent threats: anti-malware, firewalls, access rights, encryption, updates, physical security
By the end of this lesson you can:
- Describe the role of anti-malware, a firewall and user access levels.
- Explain how encryption, software updates and physical security protect a system.
- Choose suitable defences for a given scenario.
Warm-Up 5 min
No single defence stops everything. Good security uses layers — so if one fails, others still protect the system.
Quick starter
A school server is in a locked room and behind a firewall and its data is encrypted. Why use all three rather than just one?
Reveal the idea
Each guards against a different threat — theft of the machine, network attacks, and data being read if stolen. Layered "defence in depth" means no single failure is fatal.
Key Concept — layers of defence 14 min
| Defence | What it does | Mainly stops… |
|---|---|---|
| Anti-malware / antivirus | Scans for, detects and removes malware; blocks known threats. | Viruses, worms, trojans, spyware. |
| Firewall | Monitors and filters network traffic in/out by a set of rules, blocking unauthorised connections. | Network attacks, unauthorised access, some DoS. |
| User access levels (access rights) | Each user only gets the access they need (e.g. students can't change grades). | Misuse, insider threats, accidental damage. |
| Encryption | Scrambles data so intercepted/stolen data is unreadable without the key. | Data interception & theft. |
| Automatic software updates | Patch security holes as soon as fixes are released. | Attacks on unpatched/outdated software. |
| Physical security | Locks, guards, CCTV, locked server rooms. | Theft of, or tampering with, the hardware. |
Worked Example — securing a clinic 12 min
Problem: A clinic in Ipoh stores patient records on a networked server. Recommend a layered set of defences and say what each protects against.
| Defence | Protects against |
|---|---|
| Anti-malware on all machines | Malware from emails/downloads. |
| Firewall on the network | Unauthorised remote access / network attacks. |
| User access levels (receptionist ≠ doctor ≠ admin) | Staff seeing/changing data beyond their role; insider misuse. |
| Encrypt the patient database | Data being read if intercepted or the disk is stolen. |
| Automatic updates | Exploits of unpatched software. |
| Locked server room + CCTV | Physical theft or tampering. |
Plus: regular backups so data survives ransomware or hardware failure.
Try It Yourself 12 min
Goal: State what a firewall does.
Goal: Explain why a school uses user access levels.
Goal: A shop only uses antivirus software. Recommend three further defences and justify each against a different threat.
📝 Exam Practice 10 min
Describe the role of a firewall.
Mark scheme
- It monitors/filters traffic entering and leaving the network (1).
- Blocking unauthorised connections / according to a set of rules (1).
Explain why user access levels improve security.
Mark scheme
- Each user can only access the data/actions their role needs (1).
- So damage/misuse is limited if an account is misused or compromised (1).
Explain why keeping software up to date with automatic updates improves security.
Mark scheme
- Updates patch known security weaknesses/vulnerabilities (1).
- So attackers cannot exploit holes in outdated software (1).
A small business stores customer data on a server. Describe four different measures it could use to keep the data secure.
Mark scheme
- Any four distinct measures (1 each): anti-malware; firewall; user access levels; encryption; automatic updates; physical security; strong passwords/2FA; backups.
Recap & Key Terms 3 min
Good security is layered. Anti-malware removes malware; a firewall filters network traffic; access levels limit each user; encryption protects stolen data; updates patch holes; physical security stops theft. Match each defence to the threat it stops.
- Anti-malware software
- Software that scans for, detects and removes malware.
- Firewall
- Monitors and filters network traffic, blocking unauthorised connections.
- User access levels
- Permissions limiting each user to only what their role requires.
- Encryption
- Scrambling data so it is unreadable without the key, even if stolen.
- Automatic updates
- Applying security patches promptly to close known vulnerabilities.
- Physical security
- Locks, guards and CCTV that protect the hardware itself.
Homework 1 min
Task (≤ 15 min): For each threat from earlier lessons — malware, brute force, data interception, physical theft — name the single best defence and explain why it fits.
Model answer
Malware → anti-malware + updates (detects/removes it and patches the holes). Brute force → strong passwords + attempt limits/CAPTCHA (too many combinations; bots blocked). Data interception → encryption (intercepted data is unreadable). Physical theft → physical security (locked room/CCTV) with encryption as backup (stolen disk is unreadable).
Award marks for: each correctly matched defence (up to 4); a valid reason for each (up to 4).