📚 IGCSE WJEC Computer Science: Cybersecurity Key Points | IGCSE WJEC 计算机:网络安全 考点精讲
In today’s interconnected world, cybersecurity is essential for protecting computer systems, networks and data from digital attacks. The WJEC IGCSE Computer Science specification requires learners to understand a range of threats, including malware, social engineering and network attacks, as well as the technical, procedural and legal countermeasures that keep systems safe. This revision guide breaks down every key area, offering bilingual explanations to reinforce your understanding.
在万物互联的今天,网络安全对于保护计算机系统、网络和数据免受数字攻击至关重要。WJEC IGCSE 计算机科学大纲要求学生了解各类威胁,包括恶意软件、社会工程学和网络攻击,以及保障系统安全的技术、流程和法律对策。本考点精讲逐一梳理重点,并以双语解释强化理解。
1. Types of Malware | 恶意软件类型
Malware, short for malicious software, is any program designed to damage, disrupt or gain unauthorised access to a computer system. WJEC expects you to recognise several common types and describe their behaviour.
恶意软件(malware)即恶意编写的程序,旨在破坏、干扰或未经授权地访问计算机系统。WJEC 要求你认识几种常见类型并描述其行为。
-
Virus: Attaches itself to a legitimate file and replicates when the file is run, spreading to other files and systems. It often corrupts or deletes data.
病毒:附着在合法文件上,文件被运行时进行复制,传播到其他文件及系统,通常会损坏或删除数据。
-
Worm: A standalone program that replicates across networks without needing a host file. It consumes bandwidth and can deliver payloads like backdoors.
蠕虫:独立程序,通过网络自我复制,不需要宿主文件。它会消耗带宽并可能投递后门等载荷。
-
Trojan horse: Disguised as harmless software, it tricks users into installing it. Once activated, it can steal data, install ransomware or create backdoors.
特洛伊木马:伪装成无害软件,诱骗用户安装。激活后可窃取数据、安装勒索软件或创建后门。
-
Spyware: Secretly monitors user activity and collects personal information such as passwords and browsing habits, sending it to a third party.
间谍软件:暗中监视用户活动,收集密码、浏览习惯等个人信息,并发送给第三方。
-
Ransomware: Encrypts the victim’s files and demands a ransom payment in exchange for the decryption key. Recent examples include WannaCry and CryptoLocker.
勒索软件:加密受害者的文件,要求支付赎金以换取解密密钥。近期案例有 WannaCry、CryptoLocker 等。
-
Adware: Automatically displays unwanted advertisements, often bundled with free software. While usually less harmful, it can degrade performance and track browsing.
广告软件:自动弹出不需要的广告,常与免费软件捆绑。虽然危害通常较小,但会降低性能并跟踪浏览行为。
2. Social Engineering Threats | 社会工程学威胁
Social engineering exploits human psychology rather than technical flaws to gain confidential information. Candidates need to explain methods such as phishing, pharming, blagging and shouldering.
社会工程学利用人的心理而非技术漏洞来获取机密信息。考生需能解释网络钓鱼、域欺骗、冒名通话和肩窥等方法。
-
Phishing: Fraudulent emails or messages pretending to be from trusted organisations to trick recipients into revealing passwords or banking details. Often includes links to fake websites.
网络钓鱼:假冒可信机构发送欺诈邮件或消息,诱骗收件人透露密码或银行信息,通常包含指向假网站的链接。
-
Pharming: Malware or a compromised DNS server redirects users from a legitimate website to a fake one without their knowledge, capturing login credentials.
域欺骗:恶意软件或被入侵的 DNS 服务器将用户从真实网站重定向到虚假网站,在不知情中获取登录凭证。
-
Blagging (pretexting): Impersonating someone in authority – such as a technician or manager – via phone or in person to persuade the target to disclose sensitive information.
冒名通话(托词):通过电话或面谈冒充技术人员、经理等权威人员,说服目标透露敏感信息。
-
Shouldering (shoulder surfing): Observing a person’s screen or keyboard directly, such as watching someone type a PIN at an ATM or a password on a laptop.
肩窥:直接观察他人屏幕或键盘输入,如在 ATM 旁偷看他人输入 PIN 码或笔记本电脑密码。
3. Network-Based Attacks | 基于网络的攻击
Network attacks target the infrastructure or the communication channels between systems. WJEC highlights denial-of-service, brute-force attacks, SQL injection and man-in-the-middle attacks.
网络攻击针对基础设施或系统间的通信通道。WJEC 重点包括拒绝服务攻击、暴力破解、SQL 注入和中间人攻击。
-
Denial of Service (DoS): Floods a server with more requests than it can handle, preventing legitimate users from accessing the service. A Distributed DoS (DDoS) uses many compromised computers (botnet) to amplify the attack.
拒绝服务攻击(DoS):用大量请求淹没服务器,使其无法处理合法用户的服务。分布式拒绝服务攻击(DDoS)利用大量被入侵的计算机(僵尸网络)放大攻击效果。
-
Brute-force attack: Attempts every possible password combination until the correct one is found. Automated tools can try millions of combinations per second, making weak passwords very vulnerable.
暴力破解攻击:尝试所有可能的密码组合,直到找到正确密码。自动化工具每秒可尝试数百万个组合,这使得弱密码极易被攻破。
-
SQL injection: Inserting malicious SQL code into a web form input field that is poorly validated, allowing an attacker to read, modify or delete the database content.
SQL 注入:在缺乏严格验证的网页表单输入框中插入恶意 SQL 代码,使攻击者能够读取、修改或删除数据库内容。
-
Man-in-the-Middle (MitM): The attacker secretly intercepts and possibly alters the communication between two parties who believe they are talking directly. Can be done via compromised Wi-Fi hotspots or ARP spoofing.
中间人攻击(MitM):攻击者暗中拦截并可能篡改双方认为直接进行的通信。可通过被入侵的 Wi‑Fi 热点或 ARP 欺骗实现。
4. Authentication and Password Policies | 身份验证与密码策略
Strong authentication ensures that only authorised users can access a system. The WJEC syllabus covers passwords, biometrics, two‑factor authentication and CAPTCHA tests.
强身份验证确保只有授权用户才能访问系统。WJEC 大纲涵盖密码、生物识别、双因素认证和验证码测试。
-
Password strength: Passwords should be long, include mixed case letters, digits and special characters, and not be based on personal information. Systems should lock after a number of failed attempts.
密码强度:密码应足够长,包含大小写字母、数字和特殊字符,且不基于个人信息。系统在多次失败尝试后应锁定。
-
Two-factor authentication (2FA): Combines something you know (password) with something you have (a mobile token) or something you are (fingerprint). This greatly reduces the risk of unauthorised access even if the password is stolen.
双因素认证(2FA):结合“你知道的”(密码)与“你拥有的”(手机令牌)或“你本身的”(指纹)。即使密码被盗,也能大幅降低未授权访问的风险。
-
Biometrics: Uses unique physical characteristics such as fingerprint, iris scan or facial recognition. Hard to replicate but raise privacy concerns if biometric data is leaked.
生物识别:利用指纹、虹膜扫描或面部识别等唯一生理特征。难以复制,但生物识别数据一旦泄漏会引发隐私问题。
-
CAPTCHA: A challenge‑response test that determines whether the user is human. Protects against automated bots attempting to create accounts or brute‑force logins.
验证码(CAPTCHA):一种区分人机的挑战响应测试,可防止自动机器人注册账户或暴力破解登录。
5. Firewalls and Perimeter Security | 防火墙与边界安全
A firewall monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a trusted internal network and untrusted external networks, such as the Internet.
防火墙根据预设的安全规则监控进出网络流量,充当可信内部网络与互联网等不可信外部网络之间的屏障。
Firewalls can be hardware appliances or software applications. They inspect data packets and decide whether to allow or block them using criteria such as IP addresses, port numbers and protocols. A stateful firewall tracks the state of active connections, while packet‑filtering inspects each packet independently. Proxy firewalls act as intermediaries, fully inspecting the entire content before forwarding.
防火墙可以是硬件设备或软件应用。它检查数据包,根据 IP 地址、端口号和协议等标准决定允许或阻止。有状态防火墙会跟踪活跃连接的状态,而包过滤防火墙独立检查每个数据包。代理防火墙充当中介,在转发前全面检查内容。
6. Encryption and Secure Communication | 加密与安全通信
Encryption scrambles data into an unreadable format, ensuring confidentiality even if intercepted. WJEC candidates must understand symmetric and asymmetric encryption, as well as protocols like HTTPS and SSL/TLS.
加密将数据打乱成不可读的格式,确保即使被截获仍保持机密性。WJEC 考生需理解对称加密与非对称加密,以及 HTTPS、SSL/TLS 等协议。
Encryption methods
Published by TutorHao | IGCSE Computer Science Revision Series | aleveler.com
更多咨询请联系16621398022(同微信)
屏轩国际教育cambridge primary/secondary checkpoint, cat4, ukiset,ukcat,igcse,alevel,PAT,STEP,MAT, ibdp,ap,ssat,sat,sat2课程辅导,国外大学本科硕士研究生博士课程论文辅导