Vous souhaitez proposer cette formation à vos salariés ?Nous contacter
À la fin de ce cours, vous serez capable de :
Acquire a global knowledge of the different areas of IT security:
This course aims to provide an overview of cyber security.
Most topics of the cybersecurity are covered (attacks, malwares, security policy, security mechanisms, user authentication, symmetric and asymmetric Cryptography, network security, personal data protection).
In the introduction we present the objectives of cybersecurity (Confidentiality, Integrity, Availability) and we insist on the distinction between the security policy and the security mechanisms.
We define a secure system as a system in which the security policy cannot be violated. We review the main existing cyber-attacks including social engineering attacks. For each type of attack we propose solutions to prevent them. We also study the concept of malware (virus, worm, Trojan horse).
Regarding security policy, we present the Discretionary Access Control (DAC) policy and show how it can be implemented through Access Control Lists (ACL) and access control mechanisms.
We use Unix as a case study.
After highlighting the weakness of DAC systems against Trojan horse attacks, we review several types of Mandatory Access Control (MAC) policy including the multilevel security policy. We introduce the concepts of information flow control and covert channel. We review the main existing tools to control information flows in a network, like firewall, proxy servers, Network Address Translation (NAT) or Virtual Private Network (VPN). We present several ways to authenticate a user like password or two-factor authentication and show some attacks against these authentication systems.
We also present the concept of Single-Sign On (SSO) with Kerberos as a case study. We give a comprehensive overview of the main cryptographic mechanisms for encryption and integrity protection. We show how to build a symmetric cipher and a Message Authentication Code (MAC) We show how asymmetric cryptography can provide us with solutions for symmetric key exchange, to ensure authentication of communicating parties, or to guarantee the non-repudiation property.
We also address the issue of personal data protection. We show that data anonymization cannot be used as a general solution to protect personal data.
We show that personal data can be protected by ensuring that entities handling personal data comply with a set of obligations We illustrate this by presenting the European General Data Protection Regulation (GDPR).
Computer skills at the bachelor's level
The learner can take an exam at the end of each course.