2

Advanced Cyber Security ID Card

• Course Code: 430601
• Course level: Master
• Prerequisite:
• Credit Hours: 3 Hours
• Course Type: Blended (In presence + asynchronous)
• Time: 9:30 – 11:00
Saturday (In Presence) +Thursday (Virtual)
• Course Lecturer: Dr. Adnan Al-Helali
 Chapter 1
Advanced Cyber Security
(Introduction)

3
 Cybersecurity 4

• Cyberspace: is an electronic space unbounded by distance or

other physical limitations, where the computers/digital devices
are connected, which allow users to share information, interact,
learn, conduct business, ...etc.
• Cyber security: is the practice of protecting systems,
networks, computers, and programs from digital attacks. These
cyberattacks are usually aimed at accessing, changing, or
destroying sensitive information; extorting money from users; or
interrupting normal business processes.
‫ هو مساحة إلكترونٌة غٌر محدودة بالمسافة أو بأي لٌود مادٌة‬:ً‫• الفضاء اإللكترون‬
‫ مما ٌسمح‬، ‫ األجهزة الرلمٌة‬/ ‫ حٌث ٌتم توصٌل أجهزة الكمبٌوتر‬، ‫أخرى‬
.‫ إلخ‬... ‫للمستخدمٌن بمشاركة المعلومات والتفاعل والتعلم وإجراء األعمال‬
‫ هو ممارسة حماٌة األنظمة والشبكات وأجهزة الكمبٌوتر والبرامج‬:ً‫• األمن السٌبران‬
‫ تهدف هذه الهجمات اإللكترونٌة عادة إلى الوصول إلى‬.‫من الهجمات الرلمٌة‬
‫المعلومات الحساسة أو تغٌٌرها أو إتالفها ؛ ابتزاز األموال من المستخدمٌن ؛ أو‬
.‫مماطعة العملٌات التجارٌة العادٌة‬
 5

History of Cybersecurity
1970s: viruses and computer security were born; creeper is a first
virus moves through ARPANET and leave the message “catch me if
you can”, reaper anti-virus to delete creeper.
1980s: From ARPANET to internet; virus spread (Trojan Virus).
1987: The birth of cybersecurity; release of McAfee virus scan.
1990s: The world goes online; Melissa virus (MS word macro to
hijack MS outlook to send email to first 50’s addresses) unleashed.
2000s: Threats diversify and multiply; identity theft (phishing),
internet attacks (DDOS), ClamAV and Avast ani-virus are lunched.
2010s: The next generation; credit card theft, yahoo hacked,
WannaCry ransomware infects 230,000 computers.
 6

Information Security and Cybersecurity

• Cybersecurity: is concerned in protecting the digital
devices, networks, computer systems and applications
from unauthorized access or being damaged or made
inaccessible.
‫ ٌهتم بحماٌة األجهزة الرلمٌة والشبكات وأنظمة الكمبٌوتر‬:ً‫• األمن السٌبران‬
.‫والتطبٌمات من الوصول غٌر المصرح به أو التلف أو عدم الوصول إلٌها‬
• Information Security: is concerned in protecting
all assets of information, whether in hard or digital copy.
‫ ٌهتم بحماٌة جمٌع أصول المعلومات سواء فً النسخ‬:‫• أمن المعلومات‬
.‫المطبوعة أو الرلمٌة‬
 7
Why is cyber security important?
• The costs of cyber security breaches are rising, and cyber attacks are
increasingly sophisticated.
• Cyber security is a critical and sensitive issue, since everyone relies on
critical infrastructure like power plants, hospitals, education, and
financial service companies. Thereby, securing these and other
organizations is essential to keeping our society functioning.
• At an individual level, a cybersecurity attack can result in everything
from identity theft, to extortion attempts, to the loss of important data.
‫ والهجمات اإللكترونٌة متطورة بشكل‬، ‫• تكالٌف خرولات األمن السٌبرانً آخذة فً االرتفاع‬
.‫متزاٌد‬
‫ حٌث ٌعتمد الجمٌع على البنٌة التحتٌة الحٌوٌة‬، ‫• ٌعد األمن السٌبرانً لضٌة حساسة وحاسمة‬
‫ فإن تأمٌن هذه‬، ً‫ وبالتال‬.‫مثل محطات الطالة والمستشفٌات والتعلٌم وشركات الخدمات المالٌة‬
.‫المنظمات وغٌرها أمر ضروري للحفاظ على عمل مجتمعنا‬
‫ ٌمكن أن ٌؤدي هجوم األمن السٌبرانً إلى كل شًء من سرلة الهوٌة‬، ‫• على المستوى الفردي‬
.‫إلى محاوالت االبتزاز وفمدان البٌانات المهمة‬
 Cybersecurity Main Domains 8

• Computer security: protecting computer systems, hardware and information,

including mobile and smart devices from harm, theft, and unauthorized use.
• Network security: protecting a computer network, including servers and hosts,
firewalls, operating systems (OS), wired and wireless (Wi-Fi) connections.
• Cloud security: is concerned with securing data, applications and infrastructure in
the Cloud (managed virtually online).
• Application security: protecting applications operating on premises and in the
cloud.
• Information security: protecting the integrity and privacy of the data, both in
storage and in transit.
‫ بما فً ذلن األجهزة المحمولة والذكٌة‬، ‫ حماٌة أنظمة الكمبٌوتر واألجهزة والمعلومات‬:‫أمان الكمبٌوتر‬ •
.‫من األذى والسرلة واالستخدام غٌر المصرح به‬
‫ بما فً ذلن الخوادم والمضٌفٌن وجدران الحماٌة وأنظمة التشغٌل‬، ‫ حماٌة شبكة الكمبٌوتر‬:‫أمان الشبكة‬ •
Wi-Fi ‫واالتصاالت السلكٌة والالسلكٌة‬OS
‫ ٌهتم بتأمٌن البٌانات والتطبٌمات والبنٌة التحتٌة فً السحابة (تتم إدارتها عبر اإلنترنت‬:‫أمان السحابة‬ •
.)‫تمرٌبا‬
.‫ حماٌة التطبٌمات التً تعمل فً أماكن العمل وفً السحابة‬:‫أمان التطبٌك‬ •
.‫ سواء فً التخزٌن أو أثناء النمل‬، ‫ حماٌة سالمة وخصوصٌة البٌانات‬:‫أمن المعلومات‬ •
 Cybercrime 9

• Cybercrime: is any criminal activity that involves a network or computer or

an electronic devices.
The primary aim of cybercrime is to damage computers for-profit- personal or
political. The U.S. Department of Justice divides cybercrime into three categories:
1. Crimes in which the computing device is the target -- for example, to gain
network access.
2. Crimes in which the computer is used as a weapon -- for example, to launch a
denial-of-service (DoS) attack.
3. Crimes in which the computer is used as an accessory to a crime -- for example,
using a computer to store illegally obtained data.
.ً‫ هً أي نشاط إجرامً ٌشمل شبكة أو حاسوب أو جهاز إلكترون‬:‫• الجرٌمة السٌبرانٌة‬
‫ تمسم‬. ‫ شخصٌا أو سٌاسٌا‬- ‫الهدف األساسً من الجرائم اإللكترونٌة هو إتالف أجهزة الكمبٌوتر بغرض الربح‬
:‫وزارة العدل األمرٌكٌة الجرائم اإللكترونٌة إلى ثالث فئات‬
.‫ للوصول إلى الشبكة‬، ‫ على سبٌل المثال‬- ‫• الجرائم التً ٌكون فٌها جهاز الكمبٌوتر هو الهدف‬
DoS ‫ لشن هجوم رفض الخدمة‬، ‫ على سبٌل المثال‬- ‫• الجرائم التً ٌتم فٌها استخدام الكمبٌوتر كسالح‬
‫ استخدام جهاز كمبٌوتر‬، ‫ على سبٌل المثال‬- ‫• الجرائم التً ٌتم فٌها استخدام الكمبٌوتر كملحك لجرٌمة‬
.ً‫لتخزٌن البٌانات التً تم الحصول علٌها بشكل غٌر لانون‬
 Types of Cybercrimes 10

• Cyber Extortion: A crime involving an attack or threat of an attack coupled

with a demand for money to stop the attack.
• Crypto Jacking: An attack that uses scripts to mine crypto currencies within
browsers without the user's consent.
• Identity Theft: An attack that occurs when an individual accesses a computer
to glean a user's personal information, which they then use to steal that
person's identity or access their valuable accounts, such as banking and credit
cards.
• Cyber Espionage: A crime involving a cybercriminal who hacks into systems or
networks to gain access to confidential information held by a government or
other organization.
• Cyber Bullying: a crime involving online harassment, including stalking, sexual
harassment, doxing and fraping.
‫ جرٌمة تنطوي على هجوم أو تهدٌد بهجوم ممترن بالمطالبة بالمال لولف الهجوم‬:ً‫االبتزاز اإللكترون‬ •
.‫هجوم ٌستخدم البرامج النصٌة لتعدٌن العمالت المشفرة داخل المتصفحات دون موافمة المستخدم‬Crypto Jacking . •
، ‫ هجوم ٌحدث عندما ٌموم شخص ما بالوصول إلى جهاز كمبٌوتر للحصول على معلومات شخصٌة للمستخدم‬:‫سرلة الهوٌة‬ •
.‫ مثل البنون وبطالات االئتمان‬، ‫والتً ٌستخدمها بعد ذلن لسرلة هوٌة هذا الشخص أو الوصول إلى حساباته المٌمة‬
‫ جرٌمة تنطوي على مجرم إلكترونً ٌخترق أنظمة أو شبكات للوصول إلى المعلومات السرٌة التً تحتفظ بها‬:ً‫التجسس السٌبران‬ •
.‫حكومة أو منظمة أخرى‬
.‫ بما فً ذلن المطاردة والتحرش الجنسً والخداع والخداع‬، ‫ جرٌمة تنطوي على مضاٌمات عبر اإلنترنت‬:ً‫التنمر اإللكترون‬ •
 Cyber Threats 11

• Malware: refer to a malicious software, which is software that a

cybercriminal or hacker has created to disrupt or damage victim
computer.
• Phishing: targeting victims with emails that appear to be from a
legitimate company asking for sensitive information.
• Man-in-the-middle: cybercriminal intercepts communication between
two individuals in order to steal data.
• Distributed denial-of-service (DDoS): preventing a computer system
from fulfilling requests by overwhelming the networks and servers with
traffic.
• Insider threats: employees or anyone who has had access to a systems
can be considered an insider threat if they abuse their access
permissions.
• Advanced persistent threats: an intruder(s) infiltrate a system and
remain undetected. The intruder can spy on business activity and steal
sensitive data while avoiding the activation of defensive
countermeasures.
 12
Malware Types
• Virus: a self-replicating program that attaches itself to clean
file and spreads throughout a computer system, infecting files
with malicious code.
• Trojans: a type of malware that is disguised as legitimate
software, which cause damage or collect data.
• Spyware: a program that secretly records what a user does,
so that cybercriminals can make use of this information.
• Ransomware: malware which locks down a user’s files and
data, with the threat of erasing it unless a ransom is paid.
• Botnets: networks of malware infected computers which
cybercriminals use to perform tasks online without the user’s
permission.
• Pharming: a malware to redirect users to fake websites
where they pass their details used for malicious activities.
 Cybersecurity Technologies 13

Network Monitoring: analyze network data and detect threats.

Cryptography: encrypt/decrypt data transferred over network so
that only the sender and the intended receiver can view the content.
Web Vulnerability Scanning: software programs for scanning web
applications to identify security vulnerabilities.
Penetration Testing: simulates an attack on a computer system in
order to evaluate the security of the system.
Network Intrusion Detection: monitor network and traffic for
unusual or suspicious activity and notifies the admin if a potential
threat is detected.
Packet Sniffers: protocol analyzer or network analyzer, is used to
intercept, log, and analyze network traffic and data.
Security DevOps: checking and reviewing software development
and IT operations to deliver applications and services at high velocity
securely.
 Cybersecurity Technologies 14

Incident Response: detect and analyze security events and correctly

respond by taking appropriate action, whether that means
disconnecting a machine, or simply sand-boxing a piece of software to
determine if it is malware.
Forensic Analysis: analyzing and documenting digital evidence and
investigates computer security incidents to derive useful information
about the cybercrime.
Identity and Access Management: managing identification,
authorization and permissions/role-based access across all systems.
Data Loss Prevention: deploying and managing security applications
such as anti-viruses and web access firewall (WAF) on the endpoints
and servers.
Reverse Engineering: the process of decompiling and disassemble a
piece of software and analyzing its functions and flow to understand its
behavior. Malware is commonly reverse-engineered in cyber defense.

Cybersecurity Job Roles
• Chief information security
officer (CISO)
• Cybersecurity manager.
• Security architect.
• Computer Forensics
Analyst.
• Digital forensic examiner.
• Security engineer
• Cryptography engineer.
• Network security engineer.
15
• Malware Analyst.
• Penetration tester.
• Information security
manager.
• Information security
analyst.
• Information security
specialist.
• Security systems
administrator.
• Data recovery professional
 16

Computer Security
 17

Computer Security
• Computer Security: the protection afforded to an
automated information system in order to attain the applicable
objectives of preserving the integrity, availability, and
confidentiality of information system resources (includes
hardware, software, firmware, information/data, and
telecommunications).
‫ الحماٌة الممنوحة لنظام المعلومات اآللً من أجل تحمٌك األهداف المابلة‬:‫• أمان الكمبٌوتر‬
‫للتطبٌك للحفاظ على سالمة موارد نظام المعلومات وتوافرها وسرٌتها (بما فً ذلن‬
.)‫ البٌانات واالتصاالت‬/ ‫األجهزة والبرامج والبرامج الثابتة والمعلومات‬
 18

Basic Concepts (C-I-A Triad)

 19

Confidentiality
• Keeping data and resources hidden
• Need-to-know principle
• illegal access to information
• Methods
Cryptography: Encrypting data with a cryptographic
key will assure
Privacy: only those with the decryption key can
access the contents.
• Resource hiding
• Access control mechanisms support privacy
Integrity 20

• Data integrity (integrity)

The data is authentic, i.e., has not been changed
• Origin integrity (authentication)
 The source of the information is authentic
• Integrity mechanisms fall into two classes:
1- Prevention mechanisms (block unauthorized attempts)
2- Detection mechanisms (analyze system events and
report integrity failures)
 21

Availability

• Enable/Ensure access to data and resources

• Reliability
• Denial of Service attacks (DoS)
Can be the most difficult to detect because the
analyst must determine if an unusual access
pattern is attributable to deliberate manipulation
of resources or of the environment (failure in the
reliability).
 22
Authentication & Non-repudiation
• ISO 7498-2 [ISO89] adds to the C-I-A triad two
more properties that are desirable, particularly
in communication networks:
• 1. Authentication
The ability of a system to confirm the identity of
a sender
• 2. Nonrepudiation or accountability
The ability of a system to confirm that a sender
cannot deny having sent something
 23

Cyber Security Entities

 Basic Terms 24

• Asset
 Data of an information system, service provided
by a system, or a system component.
• Threat agent
 An entity that attacks, or is a threat to, a system.
• Threat
 A potential for violation of security, that could
breach security and cause harm.
 Basic Terms 25

• Vulnerability
A defect or weakness in a system’s design,
implementation, or operation and management that
could be exploited to violate the system’s security policy
• Risk
A particular threat will exploit a particular vulnerability
with a particular harmful result.
• Countermeasure or control
An action, device, procedure, or technique that reduces a
threat, a vulnerability, or an attack by eliminating or
preventing it, by minimizing the harm it can cause.
 26
Threats
• A threat is a potential violation of security.
• The violation need not occur for there to be a threat.
• The fact that the violation might occur means that the actions
that might cause it should be guarded against.
• The three security services discussed earlier (CIA)
counter/prevent threats to the security of the system.
.‫التهدٌد هو انتهان محتمل لألمن‬ •
.‫ال ٌلزم حدوث االنتهان حتى ٌكون هنان تهدٌد‬ •
.‫تعنً حمٌمة حدوث االنتهان أنه ٌجب االحتراس من اإلجراءات التً لد تسببها‬ •
‫ منع‬/ ‫ بمواجهة‬CIA ‫تموم األجهزة األمنٌة الثالثة التً تمت منالشتها سابما‬ •
.‫التهدٌدات ألمن النظام‬
 27
Vulnerabilities, Threats, Attacks, Controls
• Vulnerability is a weakness in the security system
 (i.e., in procedures, design, or implementation), that might be exploited to cause
loss or harm.
• A threat to a computing system is a set of circumstances
that has the potential to cause loss or harm.
• A human who exploits a vulnerability perpetrates (carry
out or commit a harmful, illegal, or immoral action) an
attack on the system.
• How do we address these problems?
We use a control as a protective measure.
- That is, a control is an action, device, procedure, or
technique that removes or reduces a vulnerability
 28
Types of Threats
 Types of Threats 29

Examples of nonhuman threats include

• natural disasters like fires or floods
• loss of electrical power
• failure of a component such as a communications cable,
processor chip, or disk drive
Human threats can be either benign (non-malicious) or
malicious.
Non-malicious kinds of harm include
• someone’s by accident spilling a soft drink on a laptop
• by mistake deleting text, by mistake sending an email
message to the wrong person
 Types of Threats 30

Most computer security activity relates to malicious,

human-caused harm
 Malicious attacks can be random or directed
 In a random attack the attacker wants to harm any
computer or user
• An example of a random attack is malicious code posted
on a website that could be visited by anybody
 In a directed attack, the attacker intends harm to
specific computers, perhaps at one organization or
belonging to a specific individual
• Another class of directed attack is against a particular
product, such as any computer running a particular
browser.
 31
Types of Harm
The C-I-A triad can be protected from a different harm
caused to assets.
Harm can also be characterized by four acts:
interception, interruption, modification, and
fabrication
• Confidentiality can protect from someone intercepts
data
• Availability is lost if someone or something interrupts a
flow of data or access to a computer.
• Integrity can fail if someone or something modifies
data or fabricates false data.
Types of Harms 32
Types of Attackers 33
 Types of Attackers 34

 Individuals
• Originally, computer attackers were individuals, acting with motives of fun,
challenge, or revenge
• Early attackers acted alone
‫ كان مهاجمو الكمبٌوتر أفرادا ٌتصرفون بدوافع التسلٌة أو التحدي أو االنتمام‬، ‫• فً األصل‬
‫• المهاجمون األوائل تصرفوا بمفردهم‬
 Organized crime
• Attackers’ goals include fraud, extortion, money laundering, and drug trafficking,
areas in which organized crime has a well-established presence.
• Traditional criminals are enrolling hackers to join the world of cybercrime.
• Organized crime may use computer crime (such as stealing credit card numbers
or bank account details) to finance other aspects of crime
‫ وهً المناطك التً ٌكون‬، ‫• شمل أهداف المهاجمٌن االحتٌال واالبتزاز وغسل األموال واالتجار بالمخدرات‬
.‫للجرٌمة المنظمة وجود راسخ فٌها‬
.‫• ٌموم المجرمون التملٌدٌون بتجنٌد المتسللٌن لالنضمام إلى عالم الجرٌمة السٌبرانٌة المربح‬
‫• لد تستخدم الجرٌمة المنظمة جرائم الكمبٌوتر (مثل سرلة أرلام بطالات االئتمان أو تفاصٌل الحساب‬
‫المصرفً) لتموٌل جوانب أخرى من الجرٌمة‬
 35

Types of Attackers
 Terrorists anyone with hostile intents that has access and
knowledge of utilizing cyber, capabilities such as amateur and
professional hackers, disgruntled employees, cybercriminals,
cyber-terrorist groups and others.

 Loosely Connected Groups are a group of criminals all over the

world who work together to break into systems and steal and sell
information, such as credit card numbers.
‫ إرهابً أي شخص لدٌه نواٌا عدائٌة لدٌه إمكانٌة الوصول والمعرفة باستخدام اإلنترنت‬
‫والمدرات مثل المتسللٌن الهواة والمحترفٌن والموظفٌن الساخطٌن ومجرمً اإلنترنت‬
.‫والجماعات اإلرهابٌة اإللكترونٌة وغٌرها‬
‫ المجموعات المتصلة بشكل فضفاض هً مجموعة من المجرمٌن فً جمٌع أنحاء العالم‬
.‫ مثل أرلام بطالات االئتمان‬، ‫ٌعملون معا اللتحام األنظمة وسرلة المعلومات وبٌعها‬
 36
Control or Countermeasure
 A control or countermeasure is a means to counter threats
 Harm occurs when a threat is realized against a vulnerability
 We can deal with harm in several ways:
• prevent it, by blocking the attack or closing the vulnerability
• deter it, by making the attack harder but not impossible
• deflect it, by making another target more attractive (or this one less so)
• mitigate it, by making its impact less severe
• detect it, either as it happens or some time after the fact
• recover from its effects
‫ عن طرٌك منع الهجوم أو إغالق الثغرة األمنٌة‬، ‫منعه‬ •
‫ بجعل الهجوم أصعب ولكن لٌس مستحٌال‬، ‫ردعه‬ •
)‫صرفه عن طرٌك جعل هدف آخر أكثر جاذبٌة (أو هذا ألل جاذبٌة‬ •
‫ بجعل تأثٌرها ألل حدة‬، ‫التخفٌف‬ •
‫ إما عند حدوثه أو بعد مرور بعض الولت على ولوعه‬، ‫اكتشافه‬ •
‫التعافً من آثاره‬ •
Types of Controls 37

We can group controls into three largely independent classes:

 Physical controls stop or block an attack by using something
tangible too
• i.e., walls and fences, locks, (human) guards, sprinklers or other
fire extinguishers
 Procedural or administrative controls use a command or
agreement that requires or advises people how to act
• i.e., laws, regulations, policies, procedures, guidelines,
copyrights, patents, contracts, or agreements
 Technical controls counter threats with technology (hardware or
software)
• i.e., passwords, program, operating system access controls,
network protocols, firewalls, intrusion detection systems,
encryption or network traffic flow regulators
 38
Types of Countermeasures
End of Chapter 1

39