A-Level CCEA Computer Science: Cybersecurity Exam Essentials | 网络安全考点精讲

📚 A-Level CCEA Computer Science: Cybersecurity Exam Essentials | 网络安全考点精讲

Cybersecurity is a vital field in computer science, focusing on safeguarding digital systems, networks, and data from malicious attacks and unauthorised access. For A-Level CCEA learners, mastering the core principles of threats, encryption, network defences, and legal frameworks is key to exam success and responsible practice.

网络安全是计算机科学中至关重要的领域,侧重于保护数字系统、网络和数据免受恶意攻击和未经授权的访问。对于 A-Level CCEA 学生而言,掌握威胁、加密、网络防御和法律框架的核心原理是考试成功和负责任实践的关键。

1. What is Cybersecurity? | 什么是网络安全?

Cybersecurity is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from digital attacks. Its primary goal is to maintain the confidentiality, integrity, and availability of information — often referred to as the CIA triad.

网络安全是保护计算机、服务器、移动设备、电子系统、网络和数据免受数字攻击的实践。其主要目标是维护信息的机密性、完整性和可用性 —— 通常称为 CIA 三元组。

Confidentiality ensures that sensitive data is only accessible to authorised individuals. Integrity guarantees that the data remains accurate and unaltered during storage or transmission. Availability ensures systems and data are reliably accessible when needed.

机密性确保敏感数据只能由授权个人访问。完整性保证数据在存储或传输过程中保持准确且未被更改。可用性确保系统和数据在需要时能够可靠访问。

With the rise of interconnected systems and cloud computing, cybersecurity has become a fundamental concern for individuals, businesses, and governments to prevent financial loss, data breaches, and reputation damage.

随着互联系统和云计算的兴起,网络安全已成为个人、企业和政府关注的基本问题,以防止财务损失、数据泄露和声誉损害。


2. Common Cyber Threats | 常见网络威胁

Malware, short for malicious software, is any program designed to harm or exploit computers and networks. It includes various subtypes, each with distinct behaviours.

恶意软件(malware)是任何旨在损害或利用计算机和网络的程序的简称。它包括多种子类型,每种都有不同的行为特征。

A virus attaches itself to legitimate files and requires user action to spread, often corrupting or deleting data.

病毒附着在合法文件上,并需要用户操作才能传播,通常会破坏或删除数据。

A worm replicates itself automatically to spread across networks, consuming bandwidth and overloading systems without user intervention.

蠕虫会自动复制自身并在网络中传播,消耗带宽并使系统过载,无需用户干预。

A Trojan horse disguises itself as useful software while carrying a hidden malicious payload, such as creating backdoors for attackers.

特洛伊木马伪装成有用的软件,同时携带隐藏的恶意载荷,例如为攻击者创建后门。

Ransomware encrypts a victim’s files and demands a ransom payment to restore access. WannaCry is a notorious example that caused global disruption.

勒索软件会加密受害者的文件并要求支付赎金以恢复访问。WannaCry 便是一个臭名昭著的例子,在全球造成了破坏。

Spyware secretly monitors user activity, capturing keystrokes, browsing habits, or login credentials, often for identity theft or advertising purposes.

间谍软件会秘密监视用户活动,捕获击键、浏览习惯或登录凭据,通常用于身份盗窃或广告目的。


3. Social Engineering Attacks | 社会工程攻击

Social engineering exploits human psychology rather than technical vulnerabilities to gain confidential information or access. It often proves more effective than hacking tools.

社会工程利用人的心理而非技术漏洞来获取机密信息或访问权限。它常常比黑客工具更有效。

Phishing involves sending deceptive emails or messages that appear to come from trusted sources, tricking recipients into revealing passwords or financial details. Spear phishing targets specific individuals with personalised information.

网络钓鱼涉及发送看似来自可信来源的欺骗性电子邮件或消息,诱使收件人泄露密码或财务细节。鱼叉式网络钓鱼利用个性化信息针对特定个人。

Baiting uses false promises, such as free movies or software, to lure victims into executing malware or inserting infected USB drives into their computers.

诱饵攻击使用虚假承诺(如免费电影或软件)引诱受害者执行恶意软件或将受感染的 USB 驱动器插入计算机。

Shoulder surfing is the simple technique of directly observing someone typing a password or PIN in a public place. Tailgating occurs when an intruder follows an authorised person through a secured door without authentication.

肩窥是一种直接观察他人在公共场所输入密码或 PIN 的简单技术。尾随攻击是指入侵者跟随授权人员通过安全门,而无需身份验证。

Pharming redirects users from a legitimate website to a fraudulent one, even if the correct URL is typed, by corrupting DNS settings or the host file.

域名欺骗通过破坏 DNS 设置或主机文件,将用户从合法网站重定向到欺诈网站,即使输入了正确的网址。


4. Network Attacks | 网络攻击

A Denial-of-Service (DoS) attack floods a server with traffic to overwhelm its resources, making it unavailable to legitimate users. A Distributed DoS (DDoS) leverages multiple compromised machines (a botnet) to amplify the assault.

拒绝服务(DoS)攻击通过用流量淹没服务器来耗尽资源,使其无法为合法用户提供服务。分布式拒绝服务(DDoS)利用多台被入侵的机器(僵尸网络)来增强攻击。

A Man-in-the-Middle (MitM) attack intercepts communication between two parties without their knowledge, allowing the attacker to eavesdrop or alter data. This can occur on unencrypted Wi-Fi networks.

中间人(MitM)攻击在两方不知情的情况下拦截通信,使攻击者能够窃听或篡改数据。这可能发生在未加密的 Wi-Fi 网络上。

SQL injection exploits poorly sanitised input fields by inserting malicious SQL code that manipulates a database, potentially exposing or deleting sensitive records.

SQL 注入利用未充分清理的输入字段,通过插入恶意 SQL 代码来操纵数据库,可能暴露或删除敏感记录。

Cross-Site Scripting (XSS) injects malicious scripts into web pages viewed by others, enabling the attacker to steal cookies, session tokens, or redirect users.

跨站脚本攻击(XSS)将恶意脚本注入到其他人查看的网页中,使攻击者能够窃取 cookie、会话令牌或重定向用户。

A brute-force attack attempts all possible combinations of passwords or keys until the correct one is found. Dictionary attacks use lists of common passwords for speed. Botnets are networks of enslaved devices used to launch large-scale attacks or send spam.

暴力破解攻击尝试所有可能的密码或密钥组合,直到找到正确的一个。字典攻击使用常见密码列表以提高速度。僵尸网络是被奴役的设备网络,用于发动大规模攻击或发送垃圾邮件。


5. Authentication and Access Control | 认证与访问控制

Authentication verifies the identity of a user or system, while authorisation determines what resources or actions that identity is permitted to access. Both are crucial for robust security.

认证验证用户或系统的身份,而授权决定该身份被允许访问哪些资源或执行哪些操作。两者对于强大的安全性都至关重要。

Authentication factors include something you know (password), something you have (smart card, security token), and something you are (biometrics). Multi-factor authentication (MFA) combines two or more of these.

认证因素包括你知道的东西(密码)、你拥有的东西(智能卡、安全令牌)以及你固有的特征(生物识别)。多因素认证(MFA)结合了其中的两个或更多因素。

Strong password policies mandate a minimum length, use of upper-case and lower-case letters, digits, and symbols, and require regular changes without reuse of previous passwords.

强密码策略要求最小长度、使用大小写字母、数字和符号,并要求定期更改,不得重复使用以前的密码。

Biometrics, such as fingerprint scanning, iris recognition, or facial recognition, offer convenient and unique verification but raise privacy concerns if centralised biometric databases are breached.

生物识别,如指纹扫描、虹膜识别或面部识别,提供了方便且唯一的验证方式,但如果中央生物特征数据库遭到破坏,则会引起隐私问题。

Access control models like role-based access control (RBAC) grant permissions based on job roles, ensuring the principle of least privilege — users only receive the minimum necessary access to perform their duties.

基于角色的访问控制(RBAC)等模型根据工作角色授予权限,确保最小权限原则 —— 用户仅获得履行其职责所需的最低权限。


6. Encryption Fundamentals | 加密基础

Encryption transforms readable plaintext into unreadable ciphertext using an algorithm and a key. The security of encrypted data relies on keeping the key secret, not the algorithm.

加密使用算法和密钥将可读的明文转换为不可读的密文。加密数据的安全性依赖于密钥的保密,而非算法。

Symmetric encryption uses a single shared secret key for both encryption and decryption. It is fast and efficient for bulk data, but the key must be securely exchanged beforehand.

对称加密使用单个共享秘密密钥进行加密和解密。它对于批量数据快速且高效,但密钥必须事先安全交换。

Common symmetric block ciphers include AES (Advanced Encryption Standard) with key sizes of 128, 192, or 256 bits, and the older DES (Data Encryption Standard), which is now insecure due to its short 56-bit key length.

常见的对称分组密码包括密钥长度为 128、192 或 256 位的 AES(高级加密标准)以及较旧的 DES(数据加密标准),由于密钥长度仅为 56 位,现已被认为不安全。

Asymmetric encryption, also known as public-key cryptography, employs a key pair: a public key for encryption and a private key for decryption. It eliminates the key distribution problem but is computationally slower.

非对称加密,也称为公钥密码学,使用一对密钥:公钥用于加密,私钥用于解密。它消除了密钥分发问题,但计算速度较慢。

RSA (Rivest-Shamir-Adleman) is a widely used asymmetric algorithm based on the mathematical difficulty of factoring large prime numbers. It is often used to securely exchange symmetric keys in hybrid systems.

RSA(Rivest-Shamir-Adleman)是一种广泛使用的非对称算法,基于大质数因数分解的数学困难。它常用于混合系统中安全地交换对称密钥。


7. Symmetric vs Asymmetric Encryption | 对称与非对称加密对比

The table below highlights the principal differences between symmetric and asymmetric encryption, helping you select the appropriate method for a given scenario.

下表突出了对称加密和非对称加密之间的主要区别,帮助您为特定场景选择合适的方法。

Feature Symmetric Encryption Asymmetric Encryption
Key Usage One secret key shared by both parties Key pair – public and private keys
Speed Fast; suitable for large data volumes Slower; computationally intensive
Key Distribution Requires secure channel to share the key Public key can be openly distributed
Security Key secrecy critical; compromise exposes all communications Private key never shared; more resilient to interception
Common Algorithms AES, DES, 3DES, Blowfish RSA, ECC, ElGamal
Typical Use Real-time bulk encryption, VPNs, database encryption Secure key exchange, digital signatures, small data

In practice, hybrid cryptosystems combine both approaches: asymmetric encryption is used to securely transmit a symmetric session key, which then encrypts the actual data stream for efficiency.

在实践中,混合密码系统结合了两种方法:非对称加密用于安全传输对称会话密钥,然后对称加密高效地对实际数据流进行加密。

Understanding this trade-off is essential for designing secure protocols, such as the TLS handshake, where the server’s public key encrypts a symmetric key that protects the session.

理解这种权衡对于设计安全协议至关重要,例如 TLS 握手,其中服务器的公钥加密对称密钥以保护会话。


8. Hashing and Digital Signatures | 哈希与数字签名

A hash function takes an input of arbitrary length and produces a fixed-size digest. It is deterministic, fast to compute, and must satisfy pre-image resistance, second pre-image resistance, and collision resistance.

哈希函数接受任意长度的输入并产生固定大小的摘要。它是确定性的、计算快速,并且必须满足抗原像性、抗第二原像性和抗碰撞性。

If even a single bit of the input changes, the hash output appears radically different — a property known as the avalanche effect. Common hash algorithms include SHA-256 and SHA-3; MD5 and SHA-1 are deprecated due to collision vulnerabilities.

即使输入只有一个比特位发生变化,哈希输出也会显著不同 —— 这一特性称为雪崩效应。常见的哈希算法包括 SHA-256 和 SHA-3;MD5 和 SHA-1 由于存在碰撞漏洞已被弃用。

A digital signature provides authentication, non-repudiation, and integrity. The sender hashes the message and encrypts the hash with their private key. The recipient decrypts the signature using the sender’s public key and compares it with a freshly computed hash of the received message.

数字签名提供认证、不可否认性和完整性。发送方对消息进行哈希处理并用其私钥加密哈希值。收件人使用发送方的公钥解密签名,并将其与接收消息重新计算的哈希值进行比较。

If the hashes match, the message is verified as authentic and unaltered. Digital signatures rely on the security of the underlying asymmetric algorithm and the uniqueness of the private key.

如果哈希值匹配,则消息被验证为真实且未更改。数字签名依赖于底层非对称算法的安全性和私钥的唯一性。

Applications include software distribution (checking authenticity of downloads), email signing, and certificate authorities that vouch for the ownership of public keys.

应用包括软件分发(检查下载的真实性)、电子邮件签名以及担保公钥所有权的证书颁发机构。


9. Firewalls and Network Security Devices | 防火墙与网络安全设备

A firewall monitors incoming and outgoing network traffic and permits or blocks packets based on predefined security rules. It forms the first line of defence between a trusted internal network and untrusted external networks.

防火墙监控传入和传出的网络流量,并根据预定义的安全规则允许或阻止数据包。它构成了可信内部网络与不可信外部网络之间的第一道防线。

Packet-filtering firewalls inspect headers (source/destination IP, port, protocol) and filter packets statelessly, meaning each packet is examinated in isolation without remembering connection state.

包过滤防火墙检查报头(源/目标 IP、端口、协议)并以无状态方式过滤数据包,即每个数据包独立检查,不记忆连接状态。

Stateful inspection firewalls keep track of the state of active connections and make decisions in context, providing greater security by detecting unsolicited incoming packets that do not belong to an established session.

状态检测防火墙记录活动连接的状态,并根据上下文做出决策,通过检测不属于已建立会话的未经请求的传入数据包提供更高的安全性。

Proxy firewalls (application-level gateways) act as intermediaries, receiving all requests and responses on behalf of the internal clients, hiding internal IP addresses and filtering content at the application layer.

代理防火墙(应用级网关)充当中间人,代表内部客户端接收所有请求和响应,隐藏内部 IP 地址并在应用层过滤内容。

Intrusion Detection Systems (IDS) monitor traffic for suspicious patterns and alert administrators. Intrusion Prevention Systems (IPS) go further by actively blocking detected threats. Both complement firewalls for layered defence.

入侵检测系统(IDS)监控流量中的可疑模式并提醒管理员。入侵防御系统(IPS)更进一步,主动阻止检测到的威胁。两者与防火墙互补,形成分层防御。


10. Security Protocols | 安全协议

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) encrypt communication between a client and a server, ensuring privacy and data integrity. HTTPS is HTTP layered over TLS, indicated by the padlock icon in browsers.

SSL(安全套接字层)及其后继协议 TLS(传输层安全)对客户端与服务器之间的通信进行加密,确保隐私和数据完整性。HTTPS 是 HTTP 在 TLS 之上运行,由浏览器中的挂锁图标标识。

The TLS handshake involves the server presenting a digital certificate, the client verifying it, and both parties agreeing on a symmetric session key through asymmetric key exchange. This hybrid approach balances speed and security.

TLS 握手涉及服务器出示数字证书、客户端验证证书,双方通过非对称密钥交换商定对称会话密钥。这种混合方法平衡了速度与安全性。

A Virtual Private Network (VPN) extends a private network across a public network, enabling encrypted tunnelling of data. It allows remote workers to securely access corporate resources as if they were on the internal network.

虚拟专用网络(VPN)将私有网络扩展到公共网络上,实现数据的加密隧道传输。它允许远程工作者像在内部网络一样安全地访问公司资源。

IPsec (Internet Protocol Security) operates at the network layer, authenticating and encrypting each IP packet in a communication session. It is widely used for site-to-site VPNs and can be combined with L2TP.

IPsec(互联网协议安全)工作在网络层,对通信会话中的每个 IP 数据包进行认证和加密。它广泛用于站点到站点 VPN,并可与 L2TP 结合使用。


11. Security Policies and Best Practices | 安全策略与最佳实践

A comprehensive security policy defines the rules, procedures, and responsibilities for protecting an organisation’s information assets. The Acceptable Use Policy (AUP) outlines what users can and cannot do on company systems.

全面的安全策略定义了保护组织信息资产的规则、程序和职责。可接受使用策略(AUP)概述了用户在公司系统上可以做什么和不能做什么。

Regular backups are a critical defence against ransomware and data corruption. The 3-2-1 backup strategy recommends keeping three copies of data on two different media, with one copy stored off-site.

定期备份是抵御勒索软件和数据损坏的关键防御措施。3-2-1 备份策略建议保留三份数据副本,存储在两种不同介质上,其中一份异地存储。

Software patches and updates must be applied promptly to close known vulnerabilities, as attackers often exploit unpatched systems. Automated patch management systems help reduce the window of exposure.

必须及时应用软件补丁和更新,以关闭已知漏洞,因为攻击者经常利用未打补丁的系统。自动化补丁管理系统有助于缩短暴露窗口。

The principle of least privilege dictates that users and processes are granted only the permissions essential to perform their

Published by TutorHao | A-Level Computer Science Revision Series | aleveler.com

更多咨询请联系16621398022(同微信)

Comments

屏轩国际教育cambridge primary/secondary checkpoint, cat4, ukiset,ukcat,igcse,alevel,PAT,STEP,MAT, ibdp,ap,ssat,sat,sat2课程辅导,国外大学本科硕士研究生博士课程论文辅导

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from aleveler.com

Subscribe now to keep reading and get access to the full archive.

Continue reading