2/8/2025

Lecture: Introduction To CyberSecurity

Sebbar Anass, PhD in CS&S

Email : [email protected]
Introduction to Cybersecurity Office Location: Building 2, 4th Floor, Room B413
Coordinator of the Cybersecurity Track:

PRESENTED BY:

Année universitaire: 2024-2025

1

1 2

Outline Introduction

Cybersecurity Overview
Network Security
Authentication Process Information System

?
Traditional Firewall vs Next Generation Firewall
Symmetric Cryptography
Asymmetric Cryptography
Digital Signature / PKI
Credential Authority – SSL/TLS? (Application of the Crypto)

3 4

3 4
 2/8/2025

Introduction
Motivation
Cybercrime is Rising
CyberSecurity While
Readiness Declines.*

? Cybercrime is clearly evolving, while

Cyberdefense measures remain far behind!!

* 2014 U.S. State of Cybercrime Survey co-sponsored by PwC, CSO magazine, the CERT® Division of
the Software Engineering Institute at Carnegie Mellon University, and the United States Secret
Service.

5 6

Introduction Introduction
What is an information system?
Information
"Information is an asset that, like other important
business assets, is valuable to an organization and,
therefore, must be properly protected."
Information system:
 Printed or written on paper Organization of activities consisting of
to acquire, store, transform, disseminate, exploit, manage, ....
 Electronically stored Information
One of the technical ways to operate an information system is to use a
 Sent by mail or electronically Computer system
 communicated in conversations...

7 8
 2/8/2025

Introduction : Information system Introduction

Evolution of Information Systems
• IS today:
• Change dynamically:
- Constant integration of new tools;
- Updates, reorganizations, ...
- Great diversity in the nature of the information (financial,
technical, medical data, etc.).
• Become more complex (heterogeneity of systems),
• Interconnect (internally, but also externally)
• Technologies are evolving (object-oriented programming, intelligent
agents, wired networks, wireless networks, ....)
- like threats!!

9 10

Introduction
People !! What does Cybersecurity mean:
National Security Telecommunication and Information Systems Security Committe (NSTISSC)
définie la Security des réseaux comme suit:

Computer Security: Measures and controls that ensure confidentiality,

integrity, and availability of information system assets including hardware,
software, firmware, and information being processed, stored, and
communicated.

Computer security is the protection of information and systems and

hardware that use, store, and transmit that information.

12

11 12
 2/8/2025

Introduction Introduction
Why Cyber security? What is the impact of cybercrime on business:
1- Internet connection 24/7
2- Increase in cybercrime 1- Decreased productivity
3- Impact on businesses and individuals 2- Loss of turnover
4- Legislation and responsibilities 3- Release of unauthorized sensitive data
5- Proliferation of threats 4- Threat of trade secrets of formulas
6- The sophistication of threats 5- Compromise of reputation and trust
6- Loss of communication
7- Loss of time

13 14

13 14

Introduction Introduction
Challenges of cybersecurity

• Equifax data breach

 Application security • Breach that may affect 500 million
 Network security customers
 Endpoint security • Names, social security numbers,
 Data security
credit card numbers, addresses, etc
• Hillary Clinton Emails
 Identity management
• Ransomware (WannaCry, Petya)
 Database and infrastructure security
• Hospitals, Renault, etc
 Cloud security • Power companies, airports, public
 Mobile security transits, central bank in Ukraine
 Disaster recovery/business continuity planning

15 16

15 16
 2/8/2025

Introduction TRIAD DE LA CIA

• Equifax data breach

• Breach that may affect 143 Confidentiality: This term covers two related concepts:
million customers
• Names, social security Data confidentiality: Assures that private or confidential
numbers, credit card information is not made available or disclosed to
unauthorized individuals.
numbers, addresses, etc
Privacy: Assures that individuals control or influence
• Hillary Clinton Emails what information related to them may be collected and
• Ransomware (WannaCry, stored and by whom and to whom that information may
Petya) be disclosed
• Hospitals, Renault, etc
• Power companies,
airports, public transits,
central bank in Ukraine
17 18

17 18

TRIAD DE LA CIA CyberSecurity goals

Goals of CyberSecurity:
 Authenticity: Ensure the identity of communication participants is
• Integrity: This term covers two related concepts: verified.

Data integrity: Assures that information and programs are
changed only in a specified and authorized manner.
System integrity: Assures that a system performs its
intended function in an unimpaired manner, free from
deliberate or inadvertent unauthorized manipulation of the
system.
 Confidentiality: Guard against unauthorized access to sensitive
information.
 Integrity: Safeguard system information and processes from both
intentional and accidental alterations.
 Availability: Guarantee that systems and data remain accessible to
authorized users when needed.

 Non-repudiation: Ensure that participants in a communication

• Availability: Assures that systems work promptly and
service is not denied to authorized users.
19
cannot deny their involvement.
 Traceability: Ability to track and verify the history or location of an
item through documented records. In cybersecurity, this means
ensuring actions on a system can be linked to a specific entity or
process. 20

19 20
 2/8/2025

CyberSecurity goals Challenge Activity : FTP & Telnet Authentication

Security Objective: Explore the "FTP-authentication" challenge on Root Me.

Threat Instructions:
Information System •Navigate to https://www.root-me.org/.
•Create an account if you don't have one.

Security
Security

Availability
S
Integrity
Risk •Once logged in, follow this path: Challenges > Network > FTP-
Confidentiality authentication.
Traceability
•Let’s find the password.

Vulnerability
Security

21 22

21 22