Passer au contenu principal
FUN CORPORATE
  • Mon compte
  • Nous contacter
  • Accueil
  • FUN-Partenaires
  • Découvrez nos services
  • Notre offre de formation
  • Etablissements
  • Actualités
  • Vous êtes ici:
  • Accueil
  • Notre offre de formation
  • Cybersecurity

Cybersecurity

  • Durée : 6 semaines
  • Effort : 30 heures
  • Rythme: ~5 heures/semaine
  • Langues: NA

Vous souhaitez proposer cette formation à vos salariés ?

Nous contacter

Compétences visées

À la fin de ce cours, vous saurez :

Acquire a global knowledge of the different areas of IT security:

  • Vulnerability and attack
  • Security policy
  • Access control and flow control
  • Cryptography
  • Respect for private life
  • Authentication

Description

This course aims to provide an overview of cyber security.

Most topics of the cybersecurity are covered (attacks, malwares, security policy, security mechanisms, user authentication, symmetric and asymmetric Cryptography, network security, personal data protection).

In the introduction we present the objectives of cybersecurity (Confidentiality, Integrity, Availability) and we insist on the distinction between the security policy and the security mechanisms.

We define a secure system as a system in which the security policy cannot be violated. We review the main existing cyber-attacks including social engineering attacks. For each type of attack we propose solutions to prevent them. We also study the concept of malware (virus, worm, Trojan horse).

Regarding security policy, we present the Discretionary Access Control (DAC) policy and show how it can be implemented through Access Control Lists (ACL) and access control mechanisms.

Format

We use Unix as a case study.

After highlighting the weakness of DAC systems against Trojan horse attacks, we review several types of Mandatory Access Control (MAC) policy including the multilevel security policy. We introduce the concepts of information flow control and covert channel. We review the main existing tools to control information flows in a network, like firewall, proxy servers, Network Address Translation (NAT) or Virtual Private Network (VPN). We present several ways to authenticate a user like password or two-factor authentication and show some attacks against these authentication systems.

We also present the concept of Single-Sign On (SSO) with Kerberos as a case study. We give a comprehensive overview of the main cryptographic mechanisms for encryption and integrity protection. We show how to build a symmetric cipher and a Message Authentication Code (MAC) We show how asymmetric cryptography can provide us with solutions for symmetric key exchange, to ensure authentication of communicating parties, or to guarantee the non-repudiation property.

We also address the issue of personal data protection. We show that data anonymization cannot be used as a general solution to protect personal data.

We show that personal data can be protected by ensuring that entities handling personal data comply with a set of obligations We illustrate this by presenting the European General Data Protection Regulation (GDPR).

Prérequis

Computer skills at the bachelor's level

Evaluation et Certification

The learner can take an exam at the end of each course. 

Plan de cours

    • Introduction
      Vulnerability and Privilege
      Software Attack: Buffer Overflow, SQL injection
      Browser Security, Cross Site Scripting Attack
      Cross Site Request Forgery Attack
    • Social Engineering: Phishing, Baiting, Fake President Fraud
      Distributed Denial of Service: DDOS via a botnet, DDOS by amplification
      Malware: Virus, Worm, Trojan Horse
    • Security Policy,
      Security Mechanisms,
      Discretionary Access Control policy: Access Control Lists, Capabilities, Unix DAC
    • Mandatory Access Control: Multilevel Security, Covert Channels, Multilevel Security for Integrity, Domain and Type Enforcement, Role-Based Access Control, Attribute-Based Access Control
      Privacy; Personal Data Protection, General Data Protection Regulation
    • Symmetric Cryptography: Stream Cipher, Block Cipher, Feistel Networks, Data Encryption Standard, Nonce-based Encryption, Hash Function, Message Authentication Code, Authenticated Encryption
    • Asymmetric Cryptography: Diffie Hellman Key Exchange, Asymmetric Encryption, Digital Signature, Public Key Certificate, Transport Layer Security
    • User authentication: Passwords, 2-Factor Authentication, Single-Sign On, Kerberos
      Network security: Firewall, Proxy servers, Network Address Translation, Virtual Private Networks

Équipe pédagogique

Alban Gabillon

Catégories

Professeur des Universités en Informatique Université de la Polynésie Française

Établissements

ESTIA

Des formations pour développer des compétences !

FacebookTwitterLinkedin

En savoir plus

  • Accès apprenant-formateur
  • Centre d'aide
  • A propos de FUN Corporate
  • Qui sommes-nous ?
  • Politique de confidentialité
  • Charte Utilisateur
  • Mentions légales
  • Conditions d'utilisation
Propulsé par Richie