Technical Prevention
Now the other side of the coin - the technical measures that defend against attacks. Firewalls, encryption, anti-malware, authentication and automatic updates. Understanding when and why each is used is the key to answering prevention questions well.
The same data packet - the same password - transmitted twice from the same device. In one transmission it is intercepted by an attacker on the network. In the other, the attacker intercepts it too. But only one of the transmissions results in the password being stolen. The data was identical. The only difference was one word.
The answer is encryption. The same intercepted data - unreadable in one case, readable in the other. Technical prevention measures work by making attacks either impossible, impractical, or ineffective even when they succeed.
When a question gives you a scenario and asks which prevention measure to use, match the threat to the defence. Firewalls filter traffic - good against network intrusion. Encryption protects data in transit - good against interception. Anti-malware detects threats - good against malware. Be specific about how each measure works, not just what it's called.
Firewalls and encryption
A firewall monitors and filters incoming and outgoing network traffic based on a set of security rules. It acts as a barrier between a trusted internal network and untrusted external networks (like the internet).
Hardware firewalls are physical devices sitting at the network boundary. Software firewalls run on individual devices. Both use rules to decide which traffic to allow and which to block - by port, IP address, protocol, or application.
Encryption converts readable data (plaintext) into an unreadable format (ciphertext) using an algorithm. Only someone with the correct decryption key can read it. Even if an attacker intercepts encrypted data, they see meaningless characters.
HTTPS uses encryption to protect web traffic. Data at rest (stored files) can also be encrypted - so even if physical storage is stolen, the data cannot be read.
Symmetric vs asymmetric encryption
There are two fundamentally different approaches to encryption. The key difference is how many keys are used, and this creates a critical practical problem that asymmetric encryption was invented to solve.
The same key is used to both encrypt and decrypt the data. Sender and receiver must both have this secret key before communication begins.
Advantage: Fast and efficient. Good for encrypting large files or stored data.
Problem: How do you share the secret key securely in the first place? If you send it over the internet, an attacker can intercept it - then all future communications are compromised.
Uses two mathematically linked keys: a public key (share with everyone) and a private key (kept secret by the owner). What one key encrypts, only the other can decrypt.
Advantage: The public key can be shared openly - no secret channel needed. Solves the key distribution problem.
Use: Used in HTTPS to establish a secure connection, then symmetric encryption takes over for speed.
If asked to compare the two types: symmetric = one shared key, fast, key distribution problem. Asymmetric = two linked keys, public key can be shared openly, solves key distribution. HTTPS uses asymmetric encryption to establish the session, then switches to symmetric for speed. Always state which key does what - "the public key encrypts; the private key decrypts."
Anti-malware, authentication and updates
Anti-malware software scans files and running processes against a database of known malware signatures and monitors for suspicious behaviour. When a threat is detected, it is quarantined (isolated) or removed before it can cause harm.
Modern anti-malware also uses heuristic analysis - detecting behaviour that looks suspicious even if the specific malware hasn't been seen before.
A strong password is long, complex, and unique - making brute force attacks computationally impractical. A 12-character password with mixed character types could take thousands of years to crack.
Two-factor authentication (2FA) adds a second verification step - typically a code sent to a device you own. Even if an attacker discovers your password, they cannot log in without the second factor.
Software vulnerabilities are discovered regularly. Automatic updates ensure that security patches are installed promptly, closing vulnerabilities before attackers can exploit them.
The WannaCry ransomware exploited a Windows vulnerability for which a patch had been released two months earlier. Systems with automatic updates were protected; unpatched systems were devastated.
Firewall challenge - allow or block?
A firewall uses rules to decide whether to allow or block network traffic. Study each packet description and decide what a well-configured firewall should do. Apply these rules: HTTPS (port 443) from any source = allowed; SSH (port 22) from external = blocked; unknown executable from external = blocked; DNS (port 53) = allowed.
7g#Kp9$mR2@.... What protection prevented them from reading the actual data?A business uses a firewall, strong passwords, and encryption on all its systems. Despite this, a successful ransomware attack occurs. Suggest how this could have happened and what additional measures might have prevented it.
Additional measures that could have prevented it:
1. Anti-malware software - would have detected and quarantined the malicious file before it executed.
2. Staff training - employees trained to recognise phishing emails would not have opened the attachment.
3. Automatic updates - an up-to-date operating system would have patches for known exploits.
4. Regular backups - even if ransomware encrypted files, recent backups would allow recovery without paying the ransom.
This illustrates why no single technical measure is sufficient - a layered approach is needed.
Practice what you have learned
Three levels of worksheet for this lesson. Download, print and complete offline.