Université Moulay Ismail

Faculté Polydisciplinaire Errachidia

Licence Professionnelle Réseaux et Télécoms

The safety of our internet communication

(Cyber security)

Realized by:

ERRAFIK Asmae
AMINE Safae

Année universitaire : 2018/2019

1
 Summary

Summary .................................................................................................................................... 2
Abstract ...................................................................................................................................... 3
Introduction ................................................................................................................................ 3
I- Need of cyber security ........................................................................................................ 4
II– Definition of cyber security .............................................................................................. 4
1- People ............................................................................................................................. 5
2- Processes ......................................................................................................................... 5
3- Technology ..................................................................................................................... 5
III- Advantages & Disadvantages of cyber security ............................................................... 5
1- Advantages of Cyber Security ........................................................................................ 6
2- Disadvantages of Cyber Security ................................................................................... 6
IV- Types of Cyber security ................................................................................................... 6
1- Information Security ....................................................................................................... 6
2- Network Security ............................................................................................................ 6
3- Application Security ....................................................................................................... 7
4- Website Security ............................................................................................................. 7
5- Endpoint Security ........................................................................................................... 7
V- Types of Cyber security Threats and there solutions ........................................................ 7
1- Viruses ............................................................................................................................ 7
2- Identity Theft .................................................................................................................. 7
3- Password Attacks ............................................................................................................ 8
4- Malware .......................................................................................................................... 8
5- Trojan Horses ................................................................................................................. 8
VI- consequences of cyber security Threats ........................................................................... 8
VII- Steps of cyber security .................................................................................................... 9
1- Network Security ............................................................................................................ 9
2- Malware Protection ......................................................................................................... 9
3- Monitoring ...................................................................................................................... 9
4-Incident Management ...................................................................................................... 9
5- User Education and Awareness ...................................................................................... 9
6- Home and Mobile Working .......................................................................................... 10
7- Secure Configuration .................................................................................................... 10
8- Removable Media Controls .......................................................................................... 10
9- Managing User Privileges............................................................................................. 10
10- Information Risk Management Regime ..................................................................... 10
Conclusion ................................................................................................................................ 11
Webographic ............................................................................................................................ 12

2
 Abstract
Governments, military, organizations, financial institutions, universities and other
businesses collect process and store a large amount of confidential information and
data on computers and transmit that data over networks to other computers. With the
continuous rapid growth of volume and sophistication of cyber attacks, quick attempts
are required to secure sensitive business and personal information, as well as to
protect national security.

In this presentation we will talking about the nature of cyberspace and show how
the internet is unsecure to transmit the confidential and financial information. We will
demonstrate that hacking is now common and harmful for global economy and
security and presented the various methods of cyber attacks in worldwide.

Introduction
Cyber security is defined as technologies and processes constructed to protect
computers, computer hardware, software, networks and data from unauthorized
access, vulnerabilities supplied through Internet by cyber criminals, terrorist groups
and hackers. Cyber security is related to protecting your internet and network based
digital equipments and information from unauthorized access and alteration. Internet
is now not only the source of information but also has established as a medium
through which we do business, to advertise and sell our products in various forms,
communicate with our customers and retailers and do our financial transactions. The
internet offers lots of benefits and provides us opportunity to advertise our business
across the globe in minimum charges and in less human efforts in very short span of
time. As internet was never constructed to track and trace the behavior of users. The
Internet was actually constructed to link autonomous computers for resource sharing
and to provide a common platform to community of researchers. As internet offers on
the one hand huge number of benefits and on the other hand it also provides equal
opportunities for cyber-terrorists and hackers. Terrorist organizations and their
supporters are using internet for a wide range of purposes such as gathering
information and dissemination of it for terrorist purpose, recruiting fresh terrorists,
funding attacks and to motivate acts of terrorism. It is often used to facilitate
communication within terrorist groups and gathering and dissemination of information
for terrorist purposes.

3
I- Need of cyber security
Cyber security is now considered as important part of individuals and families, as
well as organizations, governments, educational institutions and our business. It is
essential for families and parents to protect the children and family members from
online fraud. In terms of financial security, it is crucial to secure our financial
information that can affect our personal financial status. Internet is very important and
beneficial for faculty, student, staff and educational institutions, has provided lots of
learning opportunities with number of online risks. There is vital need for internet
users to understand how to protect themselves from online fraud and identity theft.
Appropriate learning about the online behavior and system protection results
reduction in vulnerabilities and safer online environment. Small and medium-sized
organizations also experience various security related challenges because of limited
resources and appropriate cyber security skills. The rapid expansion of technologies
is also creating and making the cyber security more challenging as we do not present
permanent solutions for concerned problem. Although, we are actively fighting and
presenting various frameworks or technologies to protect our network and information
but all of these providing protection for short term only. However, better security
understanding and appropriate strategies can help us to protect intellectual property
and trade secrets and reduce financial and reputation loss. Central, state and local
governments hold large amount of data and confidential records online in digital form
that becomes primary target for a cyber attack. Most of time governments face
difficulties due to inappropriate infrastructure, lack of awareness and sufficient
funding. It is important for the government bodies to provide reliable services to
society, maintain healthy citizen- to-government communications and protection of
confidential information.

II– Definition of cyber security

Cyber security is the practice of protecting systems, networks, and programs from
digital attacks. These attacks are usually aimed at accessing, changing, or destroying
sensitive information; extorting money from users; or interrupting normal business
processes.
A successful cyber security approach has multiple layers of protection spread
across the computers, networks, programs, or data that one intends to keep safe. In
an organization, the people, processes, and technology must all complement one
another to create an effective defense from cyber attacks.

4
1- People

Users must understand and comply with basic data security principles like
choosing strong passwords, being wary of attachments in email, and backing up
data.

Figure 1 : creating an effective defense from cyber attacks

2- Processes

Organizations must have a framework for how they deal with both attempted and
successful cyber attacks.
3- Technology

Technology is essential to giving organizations and individuals the computer

security tools needed to protect themselves from cyber attacks. Three main entities
must be protected: endpoint devices like computers, smart devices, and routers;
networks; and the cloud. Common technology used to protect these entities include
next-generation firewalls, DNS filtering, malware protection, antivirus software, and
email security solutions.

Figure 2 : the protection against malware, antivirus software and email security
solutions.

III- Advantages & Disadvantages of cyber security

5
1- Advantages of Cyber Security

Some of the advantages of having cyber security are:

 Improved security of cyberspace;
 Protects systems and computers against virus, worms, Malware;
 Protects individual private information;
 Protects networks and resources;
 Fight against computer hackers and identity theft;
 Protected against data from theft;
 Protected the computer from being hacked;
 Gived privacy to users.
2- Disadvantages of Cyber Security

Some of the disadvantages of having cyber security are:

 It will be costly for average users;

 Firewalls can be difficult to configure correctly;
 Need to keep updating the new software in order to keep security up to date;
 Make system slower than before;
 Incorrectly configured firewalls may block users from performing certain
actions on the Internet, until the firewall configured correctly.
IV- Types of Cyber security
Cyber Security is classified into the following types:

1- Information Security

Information security aims to protect the users' private information from

unauthorized access, identity theft. It protects the privacy of data and hardware that
handle, store and transmit that data. (Examples of Information security include User
Authentication and Cryptography.)

2- Network Security

Network security aims to protect the usability, integrity, and safety of a network,
associated components, and data shared over the network. (When a network is
secured, potential threats gets blocked from entering or spreading on that network.
Examples of Network Security includes Antivirus programs, Firewall that block

6
unauthorized access to a network and VPNs (Virtual Private Networks) used for
secure remote access.)
3- Application Security

Application security aims to protect software applications from vulnerabilities that

occur due to the flaws in application design, development, installation, upgrade or
maintenance phases.

4- Website Security

This is used to prevent and protect websites from cyber security risks on the
internet.

5- Endpoint Security

This enables organizations to protect their servers, workstations and mobile

devices from remote and local cyber-attacks. Since devices on a network are
interconnected, it creates entry points for threats and vulnerabilities. Endpoint
security effectively secures the network by blocking attempts made to access these
entry points. File integrity monitoring, antivirus and anti-malware software, etc. are
major techniques used.

V- Types of Cyber security Threats and there solutions

There are many different types of cyber security threats, some of the most
common types of threats are listed below:
1- Viruses

Viruses are a type of malware programs that are specially designed to cause
damage to the victim’s computer. Viruses can self-replicate under the right conditions
and can infect a computer system without the permission or knowledge of the user.

 Install a security suite that protects the computer against threats such as
viruses and worms.
2- Identity Theft

It is a type of cyber security threat which involves the stealing of personal

information of the victims from social media websites such as Facebook, Instagram,
etc. and using that info to build a picture of the victims. If sufficient sensitive

7
information is gathered it could allow the cybercriminal to pretend as you in some
way.

In some cases, hackers may steal the bank details of the victims and use it for
their personal gain.

 It may be impossible to prevent computer hacking, however effective

security controls including strong passwords, and the use of firewalls can
helps.
3- Password Attacks

It is a type of cyber security threat which involves a hacking attempt by hackers to

crack the passwords of the user. With the help of a hacking tool, hackers may enter
many passwords a second to crack the victim’s account credentials and gain access.
Hackers may also perform password attacks on a computer login screen to gain
access to a victim's computer and the data stored in it.

 Use always Strong password.

 Never use same password for two different sites.
4- Malware

The word "malware" comes from the term "MALicious softWARE."

Malware is any software that infects and damages a computer system without the
owner's knowledge or permission.

 Download an anti-malware program that also helps prevent infections.

 Activate Network Threat Protection, Firewall, and Antivirus.
5- Trojan Horses

Trojan horses are email viruses that can duplicate themselves, steal information,
or harm the computer system;

These viruses are the most serious threats to computers.

 Security suites, such as Avast Internet Security, will prevent you from
downloading Trojan Horses.
VI- consequences of cyber security Threats

Cyber Security Threats may include the following consequences:

8
  Identity theft, fraud, extortion;

 Stolen hardware, such as laptops or mobile devices;

 Denial-of-service and distributed denial-of-service attacks;

 Breach of access;

 Password sniffing;

 System infiltration.

VII- Steps of cyber security

To protect our business against the majority of cyber threats we use this regime:

1- Network Security

 Protect your networks against external and internal attack;

 Manage the network primer;
 Filter out unauthorized access and malicious contents;
 Monitor and test security controls.
2- Malware Protection

 Produce relevant policy and establish anti-malware defences that are

applicable and relevant to all business areas;
 Scan for malware across the Orgn.
3- Monitoring

 Establish a monitoring strategy and produce supporting policies. Continuously

monitor all ICT system and networks.
 Analyse logs for unusual activity that could indicate an attack.
4-Incident Management

 Establish an incident response and disaster recovers capability;

 Produce and test incident management plans;
 Provide specialist training to the incident management team;
 Report criminal incidents to law enforcement.
5- User Education and Awareness

9
  Produce user policies covering acceptable and secure use of the
organisation’s systems;
 Establish a staff training programme;
 Maintain user awareness of the cyber risks.
6- Home and Mobile Working

 Develop a mobile working policy and train staff to adhere to it;

 Apply the secure baseline to all devices;
 Protect data both in transit and at rest.
7- Secure Configuration

 Apply security patches and ensure that the secure configuration of all ICT
systems is maintained;
 Create a system inventory & define a base line build for all ICT devices.
8- Removable Media Controls

 Produce a policy to control all access to removable media;

 Limit media types and use;
 Scan all media for malware before imported on the corporate system.
9- Managing User Privileges

 Establish account management processes and limit the number of privileged

accounts;
 Limit user privileges and monitor user activity;
 Control access to activity and audit logs.
10- Information Risk Management Regime

 Establish and effective governance structure and determine your risk appetite;
 Maintain boards engagement with cyber risk;
 Produce supporting information risk management policies.

10
 Conclusion

Cyber security is a complex subject, whose understanding requires knowledge

and expertise from multiple disciplines, including but not limited to computer science
and information technology, psychology, eco nomics, organizational behavior,
political science, engineering, sociology, decision sciences, international relations,
and law. In practice, although technical measures are an important element, cyber
security is not primarily a technical matter, although it is easy for policy analysts and
others to get lost in the technical details. Furthermore, what is known about cyber
security is often compartmented along disciplinary lines, reducing the insights
available from cross-fertilization.

To summarize, information is a critical part of any organization and investing on

the right service provider keeps our business in safe hands in the ever-expanding IoT
(Internet of Things) world. A scalable and customized cyber security-driven business
model includes disaster-recovery capabilities and secures data and the underlying
infrastructure of the organization, thus building a safe barrier for the information even
before it is attacked and saving the organization from a loss of billions of dollars that
could result from the security threat.

11
 Webographic

https://pdfs.semanticscholar.org/5cfb/7a5bd2e6c181e8a69ebd49b1dadb795f493b.pd
f
http://www.asmltd.com/wp-content/uploads/2017/04/CyberSecurity-1.pdf
http://asmartc.blogspot.com/2015/04/cyber-security-advantages-and_18.html
https://sites.google.com/site/xinyicyber/the-disadvantages-and-advantages-of-cyber-
security
https://searchsecurity.techtarget.com/definition/cybersecurity

https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html
https://one.comodo.com/blog/cyber-security/what-is-cyber-security.php

http://niti.gov.in/writereaddata/files/document_publication/CyberSecurityConclaveAtVi
gyanBhavanDelhi_1.pdf

12