INTRODUCTION TO INFORMATION SECURITY

Presented by: Charbel ACHADE

 Plan
Introduction

Module 1: Introduction to Computer Security

Module 2: The Objectives of Information Security
Module 3: The Areas of Application of Computer Security
Module 4: Terminology of Computer Security
Module 5: Types of attacks
Modules 6: Profiles and capabilities of attackers
Module 7: Core services of information security
Module 8: Ethical Hacking

Conclusion

Practical Test
Introduction

Nowadays, the world is experiencing very significant advancements in the field

computer science; security needs are somewhat more pressing, and the predisposition
is not necessarily on the decline. For several years now, we have been participating in a change
constant of techniques, whether these are techniques aimed at securing data exchange
or techniques for bypassing secured systems. Hence, security
data tends to improve. And as this Chinese proverb advocates: "the art of war is
based on deception, similarly by analogy, information security must represent a
strategy that eradicates this deception.

It goes without saying that computer equipment is almost everywhere. Indeed, of a

on one hand, the hardware is available at a very affordable price, and on the other hand, the software tends to
simplify and allow for quick handling.

In addition, companies that are computerized require a secure network for the transfer of
data both between the machines of the said company and with external machines. This
Generally speaking, security is present at several levels, whether it concerns
different scopes of information.
Module 1: Introduction to Computer Security

Cybersecurity is a crucial field in the current context of technology.

information. It encompasses a set of measures, technologies, and best practices.
aimed at protecting computer systems, data, and networks against threats
malicious attacks. The main objective is to ensure confidentiality, integrity and
availability of information.
Module 2 : Les objectifs de la sécurité informatique

Confidentiality is a set of rules that prevents disclosure.

sensitive information to individuals, resources, and processes not
authorized. Methods to ensure confidentiality include the
data encryption, identity verification, and two-factor authentication.

Integrity ensures that the information or processes of the system are protected.
against any intentional or accidental modification. The use of a function of
hashing or a checksum is a way to ensure integrity.

Availability means that authorized users can access the systems and
to the data when and where they need it and that those who do not comply with the
established conditions do not have access to it. It can be achieved by maintaining the equipment,
by performing hardware repairs, by maintaining operating systems and
up-to-date software and by creating backups.

Non-repudiation means that the transaction cannot be denied by either party.

Correspondents. The non-repudiation of the origin and reception of the data proves
that the data has been successfully received. This is done through digital certificates
thanks to a private key.

Authentication - It restricts access to authorized individuals. It is necessary to ensur

the identity of a user before the data exchange.
Modules 3: The scopes of security
computer science
The scope of cybersecurity extends to various areas in order to
protect systems, data, and users against malicious attacks.

Network security
System security
Data Security
Application Security
Physical security
Cloud Security

3-1 Network Security:

Network security aims to protect the data that travels across networks.
computer science against unauthorized access, interceptions, and alterations.

Some key principles of network security include:

Firewalls: Setting up firewalls to filter incoming and outgoing traffic.

-VPN (Virtual Private Network): Using secure connections to exchange

data on public networks.

Wi-Fi Security: Secure configuration of wireless networks to prevent

intrusions.

Intrusion Detection (IDS): Implementation of detection systems to identify

suspicious activities.

Regular updates: Application of security patches for equipment

network.
3-2 System Security:
The security of systems aims to protect computers, servers, and computing devices.
against threats such as malware, viruses, and exploit attacks.

Main aspects of system security:

Antivirus/Antimalware: Use of software to detect and eliminate

malicious programs.

Regular updates: Application of security patches for systems

operating systems and software.

Password policies: Implementation of robust policies for passwords

to strengthen the authentication.

Access control: Management of user access rights to limit

permissions.

Regular backups: Creating backup copies for recovery in case

of data loss.

3-3 Data Security:

Data security aims to protect the integrity, confidentiality, and availability of
stored information.

Key elements of data security:

Encryption: Use of encryption techniques to make the data

illegible to unauthorized persons.
 Access control: Management of data access rights to restrict unauthorized access
authorized.

Regular backups: Creating backup copies to prevent loss of

data.

Identity management: Access control based on users' identities.

Employee training: Raising employee awareness about data protection

to prevent information leaks.

3-4 Application Security:

Application security aims to ensure that the software developed and used is free from
of vulnerabilities.

Key security measures for applications:

Security tests: Conducting security tests to identify vulnerabilities.

Regular updates: Application of security patches for applications.

Vulnerability management: Proactive correction of identified weaknesses in the

code.

Authentication and authorization: Implementation of robust mechanisms for

user authentication and access authorization.

Access control: Limiting access permissions to critical features.

3-5 Physical Security:
Physical security concerns the protection of physical equipment and premises against
physical threats.

Main physical security measures:

Physical access control: Use of access cards, electronic locks,

etc.

Video surveillance: Use of security cameras for monitoring premises.

Alarm systems: Setting up alarms in case of intrusion or suspicious activity.

Off-site backups: Storage of backup copies in locations

secured externals.

Employee training: Raising staff awareness about physical security and

emergency procedures.

3-6 Cloud Security:

With the increasing shift towards cloud-based services, cloud security is

become essential. It focuses on the protection of data stored in the cloud, the
access management and the security of cloud services.
Modules 4 : Terminologie de la securité informatique

Cybersecurity is a crucial field in the modern technological landscape.

aimed at protecting computer systems, data, and networks against threats
potential. To understand this complex field, it is essential to master the
key terminologies associated with computer security.

Cybersecurity
Cybersecurity encompasses all practices, technologies, and processes designed to
protect computer systems, networks, and data against attacks,
damage, unauthorized access, and other potential threats.

Firewall

A firewall is a security device, hardware or software, that monitors and controls the
network traffic between a private network and a public network (like the Internet). Its main role is
to filter traffic by allowing or blocking certain data packets based on rules
predefined security. Firewalls help protect networks from unauthorized access.
authorized, malicious attacks and intrusions.

Antivirus

An antivirus is software designed to detect, prevent, and eliminate malware.

malicious, such as viruses, worms, Trojans, and spywares. It analyzes the
files and programs looking for signatures or suspicious behaviors, then
take measures to quarantine or remove detected threats. The
antivirus play an essential role in protecting computer systems against
infections by malware.

Cryptography

Cryptography is the art of protecting information by making it unreadable for

unauthorized persons. It uses mathematical algorithms to encrypt data,
transforming them into an incomprehensible format without the appropriate decryption key. The
Cryptography is widely used in computer security to ensure confidentiality.
communications, data integrity, and the authenticity of the parties involved.
 Authentication

Authentication is the process of verifying the identity of a user,

system or an entity. It aims to ensure that the person or device claiming to be a
the specific entity is indeed this one. Authentication methods include the use
of passwords, fingerprints, smart cards, PIN codes, or a combination of
these elements, based on the required level of security.

Intrusion

An intrusion occurs when an unauthorized person or malicious program

enters a computer system, a network, or an application, thereby circumventing the
security mechanisms in place. Intrusions can be classified as attacks
aiming to compromise the confidentiality, integrity or availability of information. The
Intrusion detection systems are used to detect and prevent such activities.

Vulnerability

A vulnerability refers to a weakness or flaw in a system, an application or

a network that can be exploited by malicious individuals to compromise security.
Vulnerabilities can result from design flaws, programming, or
Configuration. Vulnerability management involves the identification, assessment, and correction.
proactive in addressing these weaknesses to strengthen the overall security of a system.

Brute force attack

A brute force attack is a method where an attacker tries to discover a password.
pass or a key by systematically trying all possible combinations until this
that he finds the right one.

Phishing
Phishing is an attack technique where cybercriminals use fake e-
emails, websites or messages to deceive users and encourage them to disclose
personal information, such as passwords or financial information.
Module 5: Types of Attacks

5-1 Brute Force Attacks

Brute force attacks are repeated and systematic attempts to

discovering a password, an encryption key, or other secret information by trying
different combinations exhaustively.

Attackers use automated programs that iteratively generate

all the possibilities until they find the right key. To protect themselves against these
In response to attacks, organizations often implement robust password policies,
limit the number of authentication attempts and use locking mechanisms
accounts after a certain number of failures.

5-2 Phishing :

Phishing is a social engineering attack technique that aims to deceive users into
encouraging the disclosure of sensitive information such as login credentials,
passwords or financial information.

Attackers often use emails, instant messages, or websites.

fraudulent that imitate legitimate entities to entice users to provide their
Information. Phishing can also involve telephone calls or other
forms of communication.

Users are generally encouraged to click on malicious links or to

download infected attachments. To protect against phishing, it is essential
to educate users on recognizing phishing attempts, to use filters
anti-phishing and adopting rigorous security practices.
 5-3 Malware

Cybercriminals use many types of malware to carry out their

activities. Malware is code that can be used to steal
data, bypass access controls, damage or compromise a system. It is
It is essential to understand the different types of malware and their mode of propagation.
to be able to contain them and delete them.

Spyware: Designed to track and spy on you, spyware monitors.

your online activity and can record every keystroke you press on
your keyboard, as well as capturing almost all of your data, including
sensitive personal information such as your online banking details.
spywares modify the security settings of your devices.

They often integrate into legitimate software or Trojans.

Adware: Adware is often installed with certain

software versions and are designed to automatically broadcast advertisements to
the user, most often on a web browser. You know it when you
You see. It is difficult to ignore when you are faced with windows.
advertisements that constantly appear on the screen.

It is common for adware to be accompanied by spyware.

Backdoor: This type of malware is used to gain unauthorized access.

bypassing normal authentication procedures to access a system. The
pirates can thus access the resources of an application remotely and launch
remote commands.
A backdoor operates in the background and is difficult to detect.
 Ransomware: This malicious software is designed to take a system hostage.
computer or the data it contains until payment is made. The
ransomware generally works by encrypting your data in such a way that
you cannot access it.

Some versions of ransomware can exploit specific vulnerabilities of

system to lock it. Ransomware often spreads through emails
phishing that encourages you to download a malicious attachment or via
of a software vulnerability.

Scareware: This is a type of malware that uses tactics

of scaring to encourage you to take a specific action. The scareware
mainly consists of operating system type windows that display
to warn you that your system is in danger and that it must execute a program
specific to return to normal operation.

If you agree to run the program in question, your system will be infected by malware.
malicious.

-Rootkit: This malware is designed to modify the operating system in order to

to create a backdoor, which attackers can then use to gain access to
your remote computer. Most rootkits take advantage of vulnerabilities
software to access resources that should not normally be
accessible (privilege escalation) and modify system files.

Rootkits can also modify system analysis and monitoring tools.

which makes them very difficult to detect. In most cases, an infected computer by a
The rootkit must be removed and all necessary software reinstalled.
 Virus: A virus is a type of computer program that, when executed, increases
replicates and attaches itself to other executable files, like a document, by inserting itself in it.
its own code. Most viruses require interaction from the end user to
to be activated and can be written to act at a specific date or time.

Viruses can be relatively harmless, like those that display an image.

funny. They can also be destructive, like those that modify or delete
data.
Viruses can also be programmed to mutate in order to avoid detection.
Most viruses spread through USB drives, optical discs, file sharing
network or email.

Trojan horse: This malware performs malicious operations.

masking its true intention. It may seem legitimate, but it is actually very
dangerous. Trojan horses exploit your user privileges and are located
most often in image files, audio files, or games.

Unlike viruses, Trojans do not reproduce on their own, but

act as a decoy to pass malware to users who do not
doubt nothing.

Worms: This is a type of malware that replicates itself in order to spread.

from one computer to another. Unlike a virus, which requires a host program
To function, the worms can operate alone. Besides the initial infection of the host,
they do not require user participation and can spread very
quickly on the network.

Worms exhibit similar characteristics: They exploit vulnerabilities.

of the system, they have a way to propagate and they all contain malicious code (payload
useful) to damage computer systems or networks.

Worms are responsible for some of the most devastating attacks on the internet.
In 2001, the Code Red worm infected more than 300,000 servers in just 19 hours.
 5-4 Denial of Service (DDoS)

Denial-of-Service: Denial of Service (DoS) attacks are a type of attack

relatively simple network to set up, even by an unqualified attacker. A denial of service attack
The service leads to a kind of network service interruption for users, devices.
or the applications.

Example:
• Excessive traffic quantity: This is the case when a network, a host or a
application receives a huge amount of data at a pace that it cannot
not manage. This leads to a slowdown in transmission or response,
or the blocking of the device or service.

• Maliciously formatted packets: A packet is a set of

data that circulates between a computer or a source application and a
receiver on a network, such as the internet. When a packet formatted in a way
malicious is sent, the recipient is unable to process it.

IMPORTANT: Denial of service attacks are considered a major risk because

they can easily interrupt communications and lead to loss of time and
considerable money.

- Distributed DoS: A DDoS attack is similar to a DoS attack but comes from
multiple sources and coordinates. For example, an attacker builds a network
(botnet) infected hosts called zombies:

• An attacker builds a network (botnet) of infected hosts called zombies, which

are controlled by manipulative systems.
• Zombie computers will constantly scan and infect other hosts,
thus creating more and more zombies.
• When he is ready, the pirate orders the management systems to make sure
that the zombie botnet executes a DDoS attack.
 5-5 Botnet
A zombie computer is typically infected by visiting a dangerous website or by
the opening of an infected attachment or multimedia file. A network of bots is a
group of robots, connected via the internet, that can be controlled by an individual or a group
malicious. It can count tens of thousands, even hundreds of thousands of bots that
are generally controlled by a command and control server.

These bots can be activated to distribute malware, launch attacks

DDoS, distribute unsolicited emails or execute brute force attacks
brute force on passwords. Cybercriminals often rent bot networks from third parties.
for malicious purposes.

5-6 Social engineering

Social engineering involves manipulating people into performing actions.

you disclose confidential information. Social engineers often rely on the
the willingness of people to be helpful, but they also exploit their weaknesses. For example, a
A pirate will call an authorized employee to present an urgent problem requiring access.
immediate to the network and will appeal to the employee's vanity or greed or invoke their authority
by using whistleblowing techniques to gain this access.

Example:
• Pretextat: It is about the fact that a hacker calls a person and lies to them to
attempt to access privileged data. He claims to need the data
personal or financial information of a person to confirm their identity.

• Stalking: This refers to the case where an attacker quickly follows a person.
authorized in a secure physical location
Modules 6: Profiles and Abilities of Attackers

Let's examine some of the main types of cyber attackers who are ready for anything.
to get our information. They are often classified into three categories: White
White Hat, Gray Hat or Black Hat

Amateurs: The term "script kiddies" emerged in the 1990s and refers to the
amateur or inexperienced pirates who use existing tools or instructions
found on the internet to launch attacks. Some script kiddies are
simplement curieux, d'autres essaient de démontrer leurs compétences et de nuire.
Even though script kiddies use basic tools, their attacks can have
devastating consequences.

Cyber pirates (Hackers): This group of attackers breaks into systems

or computer networks to access it. Depending on the intention of their intrusion,
they can be classified as White Hat, Gray Hat or Black Hat

• White Hat hackers infiltrate networks or

computer systems in order to identify their weaknesses and thus improve them
security of a system or network. These intrusions are carried out with a
Prior authorization and the results are communicated to the owner.

• The "Gray Hats" may seek to find vulnerabilities in a system, but

they will only communicate their results to the system owners if that
coincide with their objectives. They can even publish the details of the
vulnerability on the internet so that other attackers can exploit it.

• The "Black Hats" take advantage of any vulnerability for personal gain,
illegal financial or political activities.
 Organized cyber pirates:

These attackers include cybercriminal organizations, hacktivists,

state-sponsored terrorists and hackers. They are generally very
sophisticated and organized, and can even provide cybercrime services to others
criminals.

Hacktivists make political statements to raise public awareness about issues.

that are dear to them.

State-sponsored attackers gather intelligence or commit acts

of sabotage on behalf of their government. They are generally very well trained and
well-funded, and their attacks are focused on specific targets that benefit their
government.
Module 7: Main services of information security

Cybersecurity relies on a set of essential services aimed at protecting

the systems, networks, and data against growing digital threats. These services
are designed to anticipate, detect, respond to, and mitigate security risks.

In this introduction, we will explore the main services of security

computer science plays a central role in preserving integrity, confidentiality and
of the availability of digital information.

Security Audit

Identity and Access Management (IAM)

Web application security

Surveillance and threat detection

Vulnerability management

Backup and recovery

Incident Planning and Response

 7-1 Audit and Security:
The security audit is the foundation of any protection strategy. It involves
the comprehensive assessment of systems, networks, and applications to identify the
potential vulnerabilities. Security audits help to understand the weaknesses and
to take preventive measures to strengthen the resilience of infrastructure.

Identity and Access Management (IAM)

Identity and Access Management (IAM) is a set of processes and

technologies aimed at ensuring that only authorized individuals have access to resources
IT of an organization. This encompasses the creation, management, and revocation of
user identities, as well as the definition and management of associated access rights. IAM
contributes to enhancing security by ensuring proper authentication and authorization.

7-3 Web Application Security:

The security of web applications aims to protect applications accessible via a

web browser against attacks and vulnerabilities. This includes protection against
injection attacks (such as SQL injections), bypass attacks
authentication, insufficient validation, session management, and other vulnerabilities
specific to web applications. The security practices for web applications include
input validation, secure session management, and the use of application firewalls.

7-4 Surveillance and Threat Detection:

Surveillance and threat detection involve real-time monitoring of

activities on networks, systems and applications to identify behaviors
suspects or signs of attacks. This involves the use of detection systems.
intrusion, log analysis, network traffic monitoring, and other tools to
detect anomalies and malicious activities. The rapid response to detected threats.
reduces risks and mitigates potential damage.
 7-5 Gestion des Vulnérabilités :

Vulnerability management is the process of searching, assessing, and correcting.

weaknesses in systems, networks, and applications. This involves the achievement
vulnerability analysis, the use of security scanners, and the implementation of patches
to address the identified vulnerabilities. Proactive vulnerability management helps to
strengthen security by preventing attacks exploiting these vulnerabilities.

7-6 Backup and Recovery:

Backup and recovery involve creating backup copies of data.

critiques and to implement disaster recovery plans to ensure continuity
operations in case of data loss or serious incidents. Backup strategies
comprennent la planification régulière de sauvegardes, la validation des sauvegardes, et la mise
quick restoration procedures in place. These measures ensure availability and
the integrity of data even in the event of major incidents.

7-7 Planning and Incident Response:

Incident planning and response services prepare organizations for
to face attacks. This includes developing intervention plans, training
security teams and the establishment of procedures to minimize damage in case of
of incident.
Module 8: Ethical Hacking

Ethical hacking involves the legal and authorized use of hacking skills.
to identify and correct vulnerabilities in systems. Hacking professionals
"ethics", also known as "ethical hackers" or "pentesters", are hired to strengthen the
security of systems and networks rather than to exploit weaknesses for purposes
malicious.
It is a responsible practice aimed at improving the resilience of systems in the face of
potential threats.

Objectives:
To protect against malicious hackers in the face of their access attempts to
system
To discover vulnerabilities
To strengthen the security of an organization
To ensure data protection
To avoid security breaches

Terminologies used
Hack Value: notion to express that something is worth doing or is
interesting.

Vulnerability: flaws, implementation or configuration errors that can be

used to reach targets.

Exploit: concept used to express a security breach of a computer system.

Payload: it is a part of a malicious code that is used to carry out an attack.

Zero-day attack: refers to an attack based on a vulnerability in an application.

the publisher is not yet aware or has not yet found a solution
corrective.

Daisy Chaining: It is the act of accessing a network or a computer and using it.
to take possession of other networks

Doxing: It is the act of publishing personal information about an individual.

The Phases of Ethical Hacking
Conclusion
In conclusion, computer security is of crucial importance in a world of
increasingly dependent on information technology. It encompasses a set of
practices, technologies, and strategies aimed at protecting systems, networks, and
data against potential threats and malicious attacks. The objectives
fundamentals of cybersecurity, such as confidentiality, integrity, and
availability of information requires a holistic and proactive approach.

The scope of information security is diverse, ranging from protection

of networks and systems for securing sensitive data, applications and even
the physical aspects of IT infrastructure. The terminology associated with security
information technology, from firewalls to cryptography through authentication, reflects the
the complexity and diversity of challenges faced by security professionals.

The types of attacks, such as brute force attacks and phishing, highlight the
variety of threats to which systems are exposed. Understanding the profiles and
The attackers' capabilities allow for better anticipation and countering of these threats. The services
main computer security measures, such as identity and access management, monitoring
threats, and vulnerability management, are essential pillars for maintaining a
robust security level.

Finally, ethical hacking emerges as a responsible approach aimed at strengthening the

security by identifying and correcting vulnerabilities legally. Security
computer science is a constantly evolving challenge, requiring ongoing adaptation to
new threats and the adoption of better practices to ensure the resilience of systems
in the face of increasingly sophisticated attacks. By investing in awareness,
training and the implementation of cutting-edge technologies, organizations can better
prepare to face the complex challenges of cybersecurity.