Professional Documents
Culture Documents
3
Cybersecurity 4
History of Cybersecurity
1970s: viruses and computer security were born; creeper is a first
virus moves through ARPANET and leave the message “catch me if
you can”, reaper anti-virus to delete creeper.
1980s: From ARPANET to internet; virus spread (Trojan Virus).
1987: The birth of cybersecurity; release of McAfee virus scan.
1990s: The world goes online; Melissa virus (MS word macro to
hijack MS outlook to send email to first 50’s addresses) unleashed.
2000s: Threats diversify and multiply; identity theft (phishing),
internet attacks (DDOS), ClamAV and Avast ani-virus are lunched.
2010s: The next generation; credit card theft, yahoo hacked,
WannaCry ransomware infects 230,000 computers.
6
Computer Security
17
Computer Security
• Computer Security: the protection afforded to an
automated information system in order to attain the applicable
objectives of preserving the integrity, availability, and
confidentiality of information system resources (includes
hardware, software, firmware, information/data, and
telecommunications).
الحماٌة الممنوحة لنظام المعلومات اآللً من أجل تحمٌك األهداف المابلة:• أمان الكمبٌوتر
للتطبٌك للحفاظ على سالمة موارد نظام المعلومات وتوافرها وسرٌتها (بما فً ذلن
.) البٌانات واالتصاالت/ األجهزة والبرامج والبرامج الثابتة والمعلومات
18
Confidentiality
• Keeping data and resources hidden
• Need-to-know principle
• illegal access to information
• Methods
Cryptography: Encrypting data with a cryptographic
key will assure
Privacy: only those with the decryption key can
access the contents.
• Resource hiding
• Access control mechanisms support privacy
Integrity 20
Availability
• Asset
Data of an information system, service provided
by a system, or a system component.
• Threat agent
An entity that attacks, or is a threat to, a system.
• Threat
A potential for violation of security, that could
breach security and cause harm.
Basic Terms 25
• Vulnerability
A defect or weakness in a system’s design,
implementation, or operation and management that
could be exploited to violate the system’s security policy
• Risk
A particular threat will exploit a particular vulnerability
with a particular harmful result.
• Countermeasure or control
An action, device, procedure, or technique that reduces a
threat, a vulnerability, or an attack by eliminating or
preventing it, by minimizing the harm it can cause.
26
Threats
• A threat is a potential violation of security.
• The violation need not occur for there to be a threat.
• The fact that the violation might occur means that the actions
that might cause it should be guarded against.
• The three security services discussed earlier (CIA)
counter/prevent threats to the security of the system.
.التهدٌد هو انتهان محتمل لألمن •
.ال ٌلزم حدوث االنتهان حتى ٌكون هنان تهدٌد •
.تعنً حمٌمة حدوث االنتهان أنه ٌجب االحتراس من اإلجراءات التً لد تسببها •
منع/ بمواجهةCIA تموم األجهزة األمنٌة الثالثة التً تمت منالشتها سابما •
.التهدٌدات ألمن النظام
27
Vulnerabilities, Threats, Attacks, Controls
• Vulnerability is a weakness in the security system
(i.e., in procedures, design, or implementation), that might be exploited to cause
loss or harm.
• A threat to a computing system is a set of circumstances
that has the potential to cause loss or harm.
• A human who exploits a vulnerability perpetrates (carry
out or commit a harmful, illegal, or immoral action) an
attack on the system.
• How do we address these problems?
We use a control as a protective measure.
- That is, a control is an action, device, procedure, or
technique that removes or reduces a vulnerability
28
Types of Threats
Types of Threats 29
Individuals
• Originally, computer attackers were individuals, acting with motives of fun,
challenge, or revenge
• Early attackers acted alone
كان مهاجمو الكمبٌوتر أفرادا ٌتصرفون بدوافع التسلٌة أو التحدي أو االنتمام، • فً األصل
• المهاجمون األوائل تصرفوا بمفردهم
Organized crime
• Attackers’ goals include fraud, extortion, money laundering, and drug trafficking,
areas in which organized crime has a well-established presence.
• Traditional criminals are enrolling hackers to join the world of cybercrime.
• Organized crime may use computer crime (such as stealing credit card numbers
or bank account details) to finance other aspects of crime
وهً المناطك التً ٌكون، • شمل أهداف المهاجمٌن االحتٌال واالبتزاز وغسل األموال واالتجار بالمخدرات
.للجرٌمة المنظمة وجود راسخ فٌها
.• ٌموم المجرمون التملٌدٌون بتجنٌد المتسللٌن لالنضمام إلى عالم الجرٌمة السٌبرانٌة المربح
• لد تستخدم الجرٌمة المنظمة جرائم الكمبٌوتر (مثل سرلة أرلام بطالات االئتمان أو تفاصٌل الحساب
المصرفً) لتموٌل جوانب أخرى من الجرٌمة
35
Types of Attackers
Terrorists anyone with hostile intents that has access and
knowledge of utilizing cyber, capabilities such as amateur and
professional hackers, disgruntled employees, cybercriminals,
cyber-terrorist groups and others.
39