Comptia A+ 1002 (Core 2)
Content filtering (Securing SOHO Network)
-Controls traffic based on data within the content • Data in the packets -Corporate can control outbound and inbound data that contains sensitive materials -Controls inappropriate content • Not safe for work, parental controls -Can protect against evil • Anti-virus, anti-malware
ch modes (Linux Command)
# Permission r w x 7 Read, Write, Execute r w x 6 Read, Write r w 5 Read, Execute r - x 4 Read only r - - 3 Write, Execute - w x 2 Write only - w - 1 Execute only - - x 0 none - - -
Task Manager
- Provides Real-time system statistics • CPU, memory, disk access, etc. -Starting the Task Manager: • Ctrl-Alt-Del, select Task manager • Right mouse click the taskbar and select Task Manager • Ctrl-Shift-Esc -Enhancements since Windows 7 • More information and features
Windows 7 Editions
- Windows 7 Starter - Windows 7 Home Basic - Windows 7 Home Premium - Windows 7 Ultimate - Windows 7 Professional - Windows 7 Enterprise
Windows 8/8.1 Editions
- Windows 8/8.1 (Core) - Windows 8/8.1 Pro - Windows 8/8.1 Enterprise
Host-based firewalls (Logical Security)
-"Personal" firewalls • Software-based -Included in many operating systems • 3rd-party solutions also available -Stops unauthorized network access • "Stateful" firewall • Can allow or deny traffic by application through the network interface -Windows Firewall • Can filter traffic by allowing/denying through the port number and/or application
Image recovery (Mac OS Tools)
-Build a disk image in Disk Utility • Creates an Apple Disk Image (.dmg) file -Mount on any Mac OS X system • Appears as a normal file system • Copy files from the image -Use the restore feature in Disk utility • Restore a disk image to a volume
HomeGroup
-Can easily share information • Available in Windows 7 / Windows 8/8.1 • HomeGroup support was removed from Windows 10 • Documents, pictures, music, video -A network for the home • Must be set to "Home" in Windows -Enable HomeGroup - A single password for everyone
BIOS settings network settings
-Can enable/disable network adapters • On and off - Not much nuance • Might show up as "integrated devices" > "Onboard LAN controller"
RDP (Remote Desktop Protocol) (Remote Access Technologies)
-Can share a desktop from a remote location over tcp/3389 -Remote Desktop Services available on many Windows versions -Can connect to an entire desktop or just an application -Clients for Windows, MacOS, Linux, Unix, iPhone, and others
Domains
-Central database • Active Directory Domain Services • Designed for the enterprise -User accounts are managed centrally • Devices are added to the domain -Manage all devices and users • Deploy software • Manage the operating system -Managed in Control Panel / System
User authentication
-Authentication • Prove you are the valid account holder • Username / Password • Perhaps additional credentials are required -Single sign-on (SSO) • Built into the Windows Domain • Provide credentials one time (No additional pop-ups or interruptions) • Managed through Kerberos
General tab
-Controls the startup process • Normal, Diagnostic, Selective -Normal startup • Nothing to see here, go about your business -Diagnostic startup • Similar to Safe Mode, but not quite the same -Selective startup • You decide what to load
Cloud Storage (Disaster Recovery)
-Data is available anywhere, anytime, on any device • If you have a network, you have your data -Advantages over local backups • No tape drives to manage • No offsite storage processing -Disadvantages over local backups • Data is not under your direct control • Strong encryption mechanisms are critical
Application Installation methods
-Local installation • Downloadable executable • CD-ROM / DVD-ROM, Optical media -USB • Very compatible with most devices • Supports large installation programs -Network-based installation • The default in most organizations • Applications are staged and deployed from a central server • Can be centrally managed
Windows 8/8.1 processor requirements
-PAE (Physical Address Extension) • 32-bit processors can use more than 4 GB of physical memory -NX (NX Processor Bit) • Allows CPU to protect against malicious software from running -SSE2 (Streaming SIMD Extensions 2) • A standard processor instruction set • Used by third-party applications and drivers
Screen sharing (Linux tools)
-Screen access to remote devices • Manage from your desk -Many options available - Like most of Linux -May be included with your distribution • Such as UltraVNC or Remmina
Starting the console
-Windows 7 - System Recovery Options / Command Prompt • need to boot from the installation media • Or select from F8 Advanced Boot Menu -Windows 8/8.1/10 • Troubleshoot / Advanced Options / Command Prompt • need to boot from the installation media
Run as administrator
-Administrators have special rights and permissions • Editing system files, installing services -Uses the rights and permissions of the administrator • You don't get these by default, even if you're in the Administrators group -To Run as Administrator: • Right-click the application • Run as administrator (Or Ctrl-Shift-Enter)
apt-get (Linux Command)
-Advanced Packaging Tool • Handles the management of application packages • Applications and utilities -Install, update, remove software • "> sudo apt-get install wireshark" shows the command installing wireshark
Patching/OS updates (Mobile Devices)
-All devices need updates - Even mobile devices -Device patches •Security updates need to be up-to-date to close any vulnerabilities -Operating system updates •Can contain new features or fix any bugs -Don't get behind! •Updates are done automatically to avoid security problems
Disabling unnecessary accounts
-All operating systems include other accounts • guest, root, mail, etc. -Not all accounts are necessary • Disable/remove the unnecessary • Disable the guest account -Disable any interactive logins • Not all accounts need to login -Change the default usernames / passwords • User:admin Password:admin • Helps with brute-force attacks
Processes Tab
-Can view all running processes • Interactive and system tray apps • View services and processes from other accounts -Manage the view • Can move columns, add metrics -Later versions combine all apps, processes, and services into a single tab • Easy to view and sort
Networking Tab
-Can view network performance • Separate tab in Windows 7 • Integrated into the Performance tab in Windows 8/8.1/10 -View utilization, link speeds, and interface connection state
Why do you need an OS?
-Controls the interaction between the components • Such as the memory, hard drives, keyboard, CPU -A common platform for applications -A way for humans to interact with the machine • Contains a "user interface" (either by command line or GUI) • Hardware can't do everything! It needs software to tell it what to do
Copy command
-Copy files from one location to another • copy (/v, /y) -copy /v • Verifies that new files are written correctly -copy /y • Suppresses prompting to confirm you want to overwrite an existing destination file
5. Schedule scans and run updates (Removing Malware)
-Built into the antivirus software • Automated signature updates and scans -If Anti-Malware software does not have a way to automatically update, use Task scheduler • Run any task including signature updates -Check Windows operating system updates • Make sure its enabled and working
Memory diagnostics
-Is your memory working? • I don't remember -May be launch automatically • Or launched manually - Will run multiple passes • Will Try to find the bad chip/module -Located in Control Panel under Administrative Tools
Temporal Key Integrity Protocol (TKIP)
-It mixed the keys • It combined the secret root key with the Initialization Vector (IV) -Provided a sequence counter • Prevents traffic from replaying in the wireless network -Implemented a 64-bit Message Integrity Check • To protect against wireless data tampering as it went across the wireless network -TKIP also had it's own set of vulnerabilities • Was removed from the 802.11-standard in 2012
NTFS and CDFS
-NTFS - NT File System • Extensive improvements over FAT32 • Can set quotas, file compression, encryption • Contains symbolic links, large file support, security, recoverability -CDFS - Compact Disk File System • ISO 9660 standard • All operating systems can read the CD
Surge suppressor (Disaster Recovery)
-Not all power is "clean" from the main power • Self-inflicted power spikes and noise • Storms, power grid changes -Diverts spikes to the ground -Contains noise filters to remove line noise • Decibel (Db) levels at a specified frequency • Higher Db is better
Overheating (Troubleshooting Mobile Apps)
-Phone will automatically shut down to avoid damage caused by overheating -Heat comes from charging/discharging the battery, CPU usage, display light • All of them create heat -Check app usage - Some apps can use a lot of CPU -Avoid direct sunlight - Quickly overheats
Physical security (Securing SOHO Network)
-Physical access • A relatively easy hack • Highly secure data centers -Door access • Lock and key • Electronic keyless -Biometric • Eyeballs and fingers -Must be a well documented process that can be applied to any SOHO locations
Users Tab
-Who is connected? What are they doing? -Provides a User list Windows 7 which allows you to: • Disconnect • Logoff • Send message -In Windows 8/8.1/10, Users tab provides: • Separate processes for each user • Performance statistics for each user
Gestures (Mac OS Features)
-You can do more than just point and click • Extend the capabilities of your trackpad -Use one, two, three fingers • Swipe, pinch, click -Customization • Can enable/disable preferences under System Preferences > Trackpad
Other file systems
-ext3 • Third extended file system • Commonly used by the Linux OS -ext4 • Fourth extended file system • An update to ext3 • Commonly seen in Linux and Android OS -NFS • Network File System • Access files across the network as if they were local • NFS clients is available across many operating systems -HFS+ / HFS Plus • Hierarchical File System • Also called Mac OS Extended • Replaced by Apple File System (AFPS) in Mac OS High Sierra (10.13) -Swap partition • Memory management • Frees memory by moving unused pages onto disk • Copies back to RAM when needed • Usually a fast drive or SSD
Robust Copy
-robocopy • A better xcopy • Has the ability to resume a file transfer if it is interrupted • Looks and acts similar to xcopy • Most syntax is the same as xcopy • Shows results, time taken, and throughput of the copy process -Included with Windows 7, 8.1, and 10
Shutdown command
-shutdown • Shutdown a computer • And optionally restart "shutdown /r" -shutdown /s /t nn • Wait nn seconds, then shutdown -shutdown /r /t nn • Shutdown and restart after nn seconds -shutdown /a • Abort the countdown!
Disabling ports (Securing SOHO Network)
-disable physical ports • Conference rooms or break rooms -Administratively disable unused ports which would prevent someone going into a wiring closet and connecting to the network • More to maintain, but more secure -Network Access Control (NAC) • 802.1X controls • You can't communicate unless you are authenticated
shutdown /s /t nn
waits seconds before shutting down pc from the cmd prompt
Example of a script (Scripting)
#!/bin/sh // Add the first input string INPUT_STRING=hello // Keep looping if the string isn't equal to bye while [ "$INPUT_STRING" != "bye" ] do echo "Please type something in (bye to quit)" read INPUT_STRING echo "You typed: $INPUT_STRING" done
Services tab
- Can enable and disable Windows services • Determine what starts during boot -Easier to manage than the Services applet • Click/unclick -Useful for trial and error • It may take many reboots to find your problem
Dim display (Troubleshooting Mobile Apps)
- If difficult to see the screen, even in low light -Check the brightness setting located at: • iOS: Settings / Display and brightness • Android: Settings / Display / Brightness level -If issue is not fixed, then replace the bad display - most likely a backlight issue
Network setup
- Located in Control Panel under "Network and Sharing Center" • can set up a new connection or network -Step-by-step wizard - Confirmation during the process • Many different connections such as Direct, VPN, dial-up, etc.
Preventing static discharge (Managing Electrostatic Discharge)
-An Anti-static strap • This connects your wrist to a metal part of the computer -An Anti-static pad • A workspace for the computer -An Anti-static mat • A grounded mat for standing or sitting -An Anti-static bag • Allows you to safely move or ship components
Repair application (Troubleshooting Solutions)
-Application issues • Problems with the application files or its configurations -Each application might have its own repair process • To fix missing files • To replace corrupted files • Can fix application shortcuts • Can repair registry entries • Or just update or reconfigure drivers -Not all applications have a repair option
Critical application backups (Disaster Recovery)
-Application software • Might be a simple backup • Or often distributed across multiple servers -Application data • Store in a single databases • Or data is stored throughout the application servers -Location of data • Might be stored locally and/or cloud-based -All of these are needed when doing a restore • They all work together
Account recovery options (Disaster Recovery)
-Apps won't work if users can't login • Your Windows Domain will most likely be the foundation of your recovery efforts -Consider other authentication requirements • Multi-factor authentication validation • Additional authentication databases such as RADIUS or TACACS -Another good reason for centralized administration • No local accounts
Clarify customer statements (Communication)
-Ask pertinent questions • Drill-down into the details • Avoid an argument • Avoid being judgmental -Repeat your understanding of the problem back to the customer • Did you understand the customer correctly? • Repeating information might allow for other details to arise -Keep an open mind • Ask clarifying questions, even if the issue seems obvious • Never make assumptions
Effective social engineering
-Attacks are constantly changing • You never know what they'll use next -Attacks may involve a single person or multiple people • May involve one organization or multiple organizations • There are ties that may connect many organizations -May be in person or electronic: • Phone calls from aggressive "customers" • Emails for funeral notifications of a friend or associate
Windows 7 Starter
-Built for netbooks -No DVD playback or Windows Media Center -No Windows Aero -No Internet Connection Sharing (ICS) -No IIS Web Server -Does not support enterprise technologies • Cannot join a domain • No BitLocker support • No EFS (Encrypting File System) support -Only available as x86, maximum of 2 GB of RAM -Not supported in x64 bit version
EFS (Encrypting File System)
-Encrypts at the file system level on NTFS -Supported operating systems • 7 Professional, Enterprise and Ultimate • 8 and 8.1 Pro and Enterprise • 10 Pro, Enterprise, and Education -Uses password and username to encrypt the key • Administrative resets will cause EFS files to be inaccessible
Vendor-specific limitations
-End-of-life • Different companies set their own EOL policies -Software Updates • iOS, Android, and Windows 10 check and prompt for updates • Chrome OS will update automatically -Compatibility between OS's • Some movies and music can be shared -Almost no direct application compatibility • Fortunately, many apps have been built to run on different OS's • Some data files can be moved across systems • Web-based apps have potential
Dock (Mac OS Features)
-Fast access to apps • Quickly launch programs -View running applications • Dot underneath the icon -Keep folders in the dock • Easy access to files -Move to different sides of the screen • Auto-hide or always display
services.msc
-Located in Control Panel under Administrative Tools as Services • Can also open through the cmd line or Run cmd -Useful when troubleshooting the startup process -Control background applications -Services can reveal dependencies between applications
Deleting Windows profiles (Troubleshooting Solutions)
-Login to the computer with Domain Administrator rights -Rename the \Users\name folder such as user.old • This will save important files -Backup the user's registry • HKLM\SOFTWARE\Microsoft\Windows NT\ CurrentVersion\ProfileList • Right-click and Export • Delete the registry entry - (You have a backup) • Restart the computer
Disk Utility (Mac OS Tools)
-Manages disks and images • Used to resolve issues -File system utilities • Verify and repair file systems • Modify partition details • Erase disks -Can Manage RAID arrays • Restore a disk image to a volume -Create, convert, and restore images • Manage the image structure
Startup tab
-Manages which programs start with a Windows login • Easily toggle on and off -Multiple reboots needed before locating the troublesome application during troubleshooting (You'll find it) -This feature has moved to the Task Manager in Windows 8/8.1/10
Zero-day attacks
-Many OS's or applications have vulnerabilities • They just haven't discovered them yet -Someone is working hard to find the next big vulnerability • The good guys share these with the developer -Bad guys keep these yet-to-be-discovered holes to themselves • They want to use these vulnerabilities for personal gain or to sell -Zero-day • The vulnerability has not been detected or published • Zero-day exploits are increasingly common -Known vulnerabilities can be found at Common Vulnerabilities and Exposures (CVE) • http://cve.mitre.org/
Trusted vs. untrusted sources (Mobile Devices)
-Once malware is on a phone, it has a huge amount of access • In Android OS, Don't install APK files from an untrusted source -iOS • All apps are curated by Apple -Android • Apps can be downloaded from Google Play or sideloaded (3rd party) • 3rd party installs are where problems can occur
Software firewalls
-Monitors the local computer • Alert on unknown or unauthorized network communication -Prevents malware communication • Downloads after infection • Botnet communication -Use Windows Firewall • At a minimum -Runs by default • Constantly monitoring any network connection
Frozen system (Troubleshooting Mobile Apps)
-Nothing works - No screen or button response -Perform a Soft reset - Hold power down and turn off -Perform a Hard reset • In iOS: Hold power and home button for 10 seconds • In Android: Combinations of power, home, and volume -Ongoing problems may require a factory reset
6. Enable System Protection (Removing Malware)
-Now that you're clean • Put things as they were • Turn on System Protection -Create a restore point manually • Start populating again
ODBC Data Sources
-ODBC - Open Database Connectivity -Application independence • Database and OS doesn't matter -Configure in Control Panel / Administrative Tools • Users probably won't need this -Located in Control Panel under Administrative Tools
1. Identifying malware symptoms (Removing Malware)
-Odd error messages may appear • Application failures • Security alerts -May cause system performance issues • Slow boot-up • Slow applications -Research the malware • Research the messages to now what you're dealing with • Research any fake applications that appear
Setting expectations (Communication)
-Offer different options • Repair • Replace • Let the user make the decision -Document everything • Leave no room for questions • Useful when different scenarios are expected -Keep everyone informed • Even if the status is unchanged -Follow up afterwards • Verify satisfaction
7. Educate the end user (Removing Malware)
-One on one personal training -Place posters and signs in high visibility -Physical message board postings -Login messages as a quick reminder (switch often) -On the Intranet page that explains more about malware and what should be done if you suspect you are infected with malware
End user education
-One on one with end users • Personal training -Posters and signs as reminders • High visibility -Message board posting • The real kind -Login messages • These become invisible -Intranet page resources • Always available to the user
Policies and best practices (Privacy, Licensing, and Policies)
-Policies • These are general IT guidelines • Determines how technology should be used • Provides processes for handling important technology decisions -Security best practices • Some security techniques are accepted standards within the industry • Covers both processes and technologies • For example: You need a firewall. Use WPA2. Use strong passwords • Create steps to follow if there's a breach
Testing the printer (Troubleshooting Windows)
-Print or scan a test page • Built into Windows printer properties • Not the application -Use diagnostic tools • Can be web-based utilities (Built into the printer) • Can be Vendor specific (Download from the web site) • Or Generic (Available in LiveCD form)
Network shares
-Can make a folder available across the network • "Share" with others, view in Windows Explorer -Assign (map) a drive letter to a share • can set to reconnect automatically -Shares ending with a dollar sign ($) are "hidden" • Not a security feature -Located in Control Panel / Administrative Tools / Computer Management to view shared folders
Mobile Device Management (MDM) (Logical Security)
-Can manage company-owned and user-owned devices • User owned devices are referred to BYOD (Bring Your Own Device) -Centralized management of the mobile devices • Specialized functionality -Can set policies on apps, data, camera, etc. • Controls the remote device • Can control the entire device or a "partition" when managing company data and personal data -Manage access control • Forces screen locks and PINs on these single user devices
Mission Control and Spaces (Mac OS Features)
-Can quickly view everything that's running • Spread out the desktop into a viewable area • Swipe upwards with three fingers or Control-Up arrow -Spaces • Multiple desktops • Add Spaces inside of Mission Control
Malware OS symptoms (Troubleshooting Security Issues)
-Can renamed or delete system files -Files disappear or are deleted • Or even encrypted -Can cause file permissions to change • Protections are modified -Access denied • Malware locks itself away • It doesn't leave easily -Use a malware cleaner or restore from known good backup • Some malware is exceptionally difficult to remove
Malware network symptoms (Troubleshooting Security Issues)
-Can slow performance or cause lock-ups • Malware isn't the best written code -Can cause Internet connectivity issues • Malware likes to control everything • You go where it wants you to go • You can't protect yourself if you can't download anti-malware software -Can also keep OS updates from installing • Malware keeps you vulnerable • Some malware uses multiple communication paths -Reload or clean to remove malware • Either use a malware cleaner or recover from known good backup
Terminal (Mac OS Tools)
-Command line access to the operating system • Manage the OS without a graphical interface -OS access • Run scripts, manage files • Configure OS and application settings
Windows PowerShell (Scripting)
-Command line for system administrators • Conains a ".ps1" file extension • Included with Windows 8/8.1 and 10 -Extends command-line functions • Uses and referred to as cmdlets (command-lets) • Can run as powerShell scripts and functions or standalone executables -System administrators can use Windows PowerShell to automate and integrate the OS and workstations into an AD infrastructure
System updates (Linux)
-Command line tools • Depending on linux distro, either "apt-get" or "yum" will be used -Graphical update managers • Software updater -Patch management • Updates can be scheduled -Software center is used to install applications • The Linux "App Store"
Windows 7 Ultimate
-Complete functionality -Supports the following: • DVD playback • Windows Aero • Internet Connection Sharing • IIS Web Server -Supports all enterprise technologies: • Can join a domain • Bitlocker support • EFS (Encrypting File System) -Same features as Windows 7 Enterprise • But for the home user -x86 version supports 4gb RAM -x64 version supports 192gb RAM
Maintain confidentiality (Professionalism)
-Concerns regarding privacy • You'll have access to sensitive information • Both professional and private • Whether on the computer, desktop, printer, mobile phone, desk -You have professional responsibilities • IT professionals have access to a lot of corporate data • Must maintain confidentiality -Be respectful of personal information • Treat people as you would want to be treated
Port security example (Logical Security)
-Configure a maximum number of source MAC addresses on an interface • You decide how many is too many • You can also configure specific MAC addresses -The switch monitors the number of unique MAC addresses • Maintains a list of every source MAC address -Once you exceed the maximum, port security activates • Default is to disable the interface
Wireless security modes
-Configure the authentication on your wireless access point / wireless router -Open System wireless configuration • No authentication password is required Home wireless configuration: -WPA2-Personal / WPA2-PSK • WPA2 with a pre-shared key • Everyone uses the same 256-bit key Business/Company wireless configuration: -WPA2-Enterprise / WPA2-802.1X • Authenticates users individually with an authentication server (i.e., RADIUS, TACACS+) • It adds additional factors such as disable/enabling user accounts or not having to manage other WiFi passphrases
Incident response: Chain of custody (Privacy, Licensing, and Policies)
-Control evidence • Maintain integrity -Everyone who contacts the evidence • Avoid tampering • Use hashes -Label and catalog everything • Seal, store, and protect • User digital signatures to avoid tampering
Privacy filters (Physical Security)
-Control your input • Be aware of your surroundings -Use privacy filters to lower the viewable screen -Keep your monitor out of sight • Away from windows and hallways
Boot tab
-Controls the boot location • Multiple locations and operating systems -Advanced options • Number of processors, maximum memory, etc. -Boot options • Safe boot, remove the GUI, create a boot log file, base video, OS boot information (shows drivers as they load), set timeout for booting
Types of door access controls (Physical Security)
-Conventional method • Lock and key -Deadbolt method • Physical bolt -Electronic method • Keyless, RFID badge -Token-based method • Magnetic swipe card or key fob -Biometric method • Hand, fingers or retina -Multi-factor method • Smart card and PIN
Avoid being judgmental (Professionalism)
-Cultural sensitivity at work • Use appropriate professional titles -You're the teacher • Not the warden • Leave insults on the playground -Make people smarter by spending extra time with teaching the user • They'll be better technologists -You're going to make some BIG mistakes • Remember them so that they happen again
How Windows gets an IP address
-DHCP (Dynamic Host Configuration Protocol) • Automatic IP addressing • This is the default -APIPA (Automatic Private IP Addressing) • There's no static address or DHCP server • Communicates locally (link-local address) • Assigns IP range of 169.254.1.0 to 169.254.254.255 • No Internet connectivity -Static address • Assigns all IP address parameters manually • Specific details will need to known
IP addressing (Securing SOHO Network)
-DHCP (automatic) IP addressing vs. manual IP addressing -IP addresses are easy to see in a unencrypted network -If the encryption is broken, the IP addresses will be obvious -Configuring a static IP address is not a security technique • Security through obscurity
Locking cabinets (Physical Security)
-Data center hardware is often managed by different groups • Responsibility lies with the owner -Racks can be installed together • placed Side-to-side -Enclosed cabinets with locks • Ventilation on front, back, top, and bottom
BitLocker and EFS
-Data confidentiality is the most important asset • Important information needs to be encrypted -Encrypting File System (EFS) protects individual files and folders • Built-in to the NTFS file system -BitLocker • Full Disk Encryption (FDE) • Everything on the drive is encrypted • Even the operating system -Home and business use • Especially on mobile devices
The WPS hack (Securing SOHO Network)
-December 2011 - WPS has a design flaw • It was built wrong from the beginning -PIN is an eight-digit number • Really seven digits and a checksum • Seven digits, 10,000,000 possible combinations -The WPS process validates each half of the PIN • First half, 4 digits. Second half, 3 digits. • First half, 10,000 possibilities. • Second half, 1,000 possibilities -It takes about four hours to go through all of them if no lockout process was implemented • Most devices now include a lockout function in newer devices • Most people disable WPS completely
Environment variables (Scripting)
-Describes the environment the operating system is working under • Scripts use these to make decisions -Common environment variables • Location of the Windows installation • The search path • The name of the computer • The drive letter and path of the user's home directory
Network topology diagrams (Documentation Best Practices)
-Describes the network layout • May be a logical diagram • Can include physical rack locations
Windows 10 Home
-Designed for home user, retail customer -Integrates with Microsoft account • Microsoft OneDrive can be used to backup your files -Windows Defender is included • Anti-virus and anti-malware software -Cortana is included • Allows you to talk to your OS -Does not support: • Hyper-V • Bitlocker • Cannot join the domain • AppLocker • BranchCache -Max x86 RAM 4 GB -Max x64 RAM 128 GB
Certificate of destruction
-Destruction is often done by a 3rd party • 3rd parties usually have the drills and degaussers to perform the work -Need confirmation that your data is destroyed • Service should include a certificate (If not, request one) -A paper trail of broken data will be needed for future auditing purposes • You know exactly what happened
Roll back (Troubleshooting Solutions)
-Restore points • Rewind to an earlier point in time • Time travel without erasing your work -Application updates • Restore point is created automatically during application installations -Device Drivers • These can break Windows • You can roll back from the Windows start menu (F8)
3. Disable System Restore (Removing Malware)
-Restore points make it easy to rewind • Malware infects restore points -Disable System Protection to delete all previous restore points • No reason to save an infected config -Delete all restore points • Remove all infection locations
Screen locks (Mobile Devices)
-Restrict access to the device •By Fingerprint through the built-in fingerprint reader •With Face Unlock through Face recognition •A swipe by choosing a pattern •With a passcode by choosing a PIN or adding complexity -After many failed attempts: • iOS will erase everything after 10 failed attempts • Android will lock the device and require a Google login
Least privilege (Logical Security)
-Rights and permissions should be set to the bare minimum • You only get exactly what's needed to complete your objective -All user accounts must be limited • Applications should run with minimal privileges -Don't allow users to run with administrative privileges • Limit the scope of malicious behavior
BitLocker (Windows Security Settings)
-Encrypts an entire volume • Not just a single file • Protects all of your data, including the OS -What If the laptop is lost? • Doesn't matter without the password -Data is always protected • Even if the physical drive is moved to another computer -BitLocker To Go • Encrypts removable USB flash drives
WWAN connections
-Wireless Wide Area Network • Built-in mobile technology -Hardware adapter is installed on computer • Antenna connections -Can be USB connected or 802.11 wireless • Tether • Hotspot -Might require third-party software • Each provider is different
Mitigating DDoS attacks
-You may be able to filter out traffic patterns • Stopping the traffic at your firewall -Internet service provider may have anti-DDoS systems • These can help "turn down" the DDoS volume -Third-party technologies available • Such as CloudFlare, etc.
Anti-virus and anti-malware
-You need both -Real-time options • Not just an on-demand scan -Modern anti-malware recognizes malicious activity • Doesn't require a specific set of signatures
Shoulder surfing
-You probably have access to important information that many people want to see • Causes curiosity, industrial espionage, competitive advantage -Surprisingly easy to do • At Airports / Flights • With hallway-facing monitors • Coffee shops -Surfing from afar • by using Binoculars / Telescopes • Easy in the big city -Webcam monitoring
Upgrade Windows 7 Enterprise to Windows 10
Can upgrade to: • Windows 10 Enterprise Cannot upgrade to (requires clean installation): • Windows 10 Home • Windows 10 Pro
Upgrade Windows 8.1 Enterprise to Windows 10
Can upgrade to: • Windows 10 Enterprise Cannot upgrade to (requires clean installation): • Windows 10 Home • Windows 10 Pro
Upgrade Windows 7 Home Basic to Windows 10
Can upgrade to: • Windows 10 Home • Windows 10 Pro Cannot upgrade to (requires clean installation): • Windows 10 Enterprise
Upgrade Windows 7 Home Premium to Windows 10
Can upgrade to: • Windows 10 Home • Windows 10 Pro Cannot upgrade to (requires clean installation): • Windows 10 Enterprise
Upgrade Windows 7 Starter to Windows 10
Can upgrade to: • Windows 10 Home • Windows 10 Pro Cannot upgrade to (requires clean installation): • Windows 10 Enterprise
Upgrade Windows 8.1 Core to Windows 10
Can upgrade to: • Windows 10 Home • Windows 10 Pro Cannot upgrade to (requires clean installation): • Windows 10 Enterprise
Upgrade Windows 7 Ultimate to Windows 10
Can upgrade to: • Windows 10 Pro Cannot upgrade to (requires clean installation): • Windows 10 Home • Windows 10 Enterprise
Upgrade Windows 7 Professional to Windows 10
Can upgrade to: • Windows 10 Pro • Windows 10 Enterprise Cannot upgrade to (requires clean installation): • Windows 10 Home
Upgrade Windows 8.1 Professional to Windows 10
Can upgrade to: • Windows 10 Pro • Windows 10 Enterprise Cannot upgrade to (requires clean installation): • Windows 10 Home
Windows 7 Professional
Supports the following: • DVD playback • Windows Aero • Internet Connection Sharing • IIS Web Server -Supports all enterprise technologies: • Can join a domain • EFS (Encrypting File System) • Supports Remote Desktop Host -Missing enterprise technologies • BitLocker is NOT supported -x86 version supports 4gb RAM -x64 version supports 192gb RAM
cd/
Takes you back to the root of the cmd prompt
Slow profile loads (Troubleshooting Windows)
-Roaming user profile • Your desktop follows you to any computer • Changes are synchronized -Network latency to the domain controller • Slows login script transfers • Slow to apply computer and user policies • May require many hundreds (or thousands) of LDAP queries -Client workstation picks a remote domain controller instead of local DC • Problems with local infrastructure
Botnets
-Robot networks • Skynet is self-aware -Once your machine is infected, it becomes a bot • You may not even know -How does it get on your computer? • Trojan Horse (I just saw a funny video of you! Click here.) or you run a program or click an ad you THOUGHT was legit, but... • OS or application vulnerability -A day in the life of a bot • Sits around. Checks in with the mothership. Waits for instructions from a 3rd party
Virus alerts and hoaxes (Troubleshooting Security Issues)
-Rogue antivirus • May include recognizable logos and language -They may require money to "unlock" your PC • Or to "subscribe" to their service -Often requires a specific anti-malware removal utility or technique • Very difficult to remove once the virus is embedded into the system
Windows 10 processor requirements
-Same requirements as Windows 8/8.1 -PAE (Physical Address Extension) • 32-bit processors can use more than 4 GB of physical memory -NX (NX Processor Bit) • Protects against malicious software -SSE2 (Streaming SIMD Extensions 2) • A standard processor instruction set • Used by third-party applications and drivers
sfc (System File Checker) command
-Scans the integrity of all protected system files • sfc /scannow
Task Scheduler
-Schedules an application or batch file to run • Plan ahead -Includes predefined schedules - Click and go -Organized - Managed through folders -Located in Control Panel under Administrative Tools
JavaScript (Scripting)
-Scripting inside of your browser • Contains a ".js" file extension -Adds interactivity to HTML and CSS • Used on almost every web site -JavaScript is not Java • Different developers and origins • Very different use and implementation
Shell script (Scripting)
-Scripting the Unix/Linux shell • Automate and extend the command line -Starts with a shebang or a hash-bang #! • Often has a ".sh" file extension
Guards and access lists (Physical Security)
-Security guard • Physical protection • Validates identification of existing employees • Provides guest access -ID badge • Picture, name, other details • Must be worn at all times -Access list • Physical list of names • Enforced by security guard
Incident response: Documentation (Documentation Best Practices)
-Security policy • An ongoing challenge • Covers every aspect of IT security for the company -Documentation must be available for everyone • Any employee can access that information • Commonly posted on the intranet -Documentation always changes • Constant updating • A process needs to be in place • Use the wiki model so that changes can be made quickly and seen by everyone in the organization
The disk partition
-Separates the physical drive into logical pieces • Useful to keep data separated • Multiple partitions are not always necessary -Useful for maintaining separate operating systems • Windows, Linux, etc. -Formatted partitions are called volumes • Microsoft's nomenclature • Volume and Partition mean the same thing
SSID management (Securing SOHO Network)
-Service Set Identifier • Name of the wireless network • Common SSID's : LINKSYS, DEFAULT, NETGEAR -You have the option to change the SSID to something not-so obvious -You can also disable SSID broadcast • SSID is easily determined through wireless network analysis • Security through obscurity
Restart services (Troubleshooting Solutions)
-Services • Applications that run in the background • No user interaction -Similar issues as a normal process • Resource utilization • Memory leaks • Crashes -View status in Task Manager • Under Services tab • You can right-click to start, stop, or restart • You can open service to get more info
Network and Sharing Center Applet
-Shows all network adapters • Wired, wireless, etc. -All network configs • Shows the HomeGroup option (n/a in Windows 10) • Can change Adapter settings • Can change network addressing
shutdown (Linux Command)
-Shuts the system down • Safely turn off the computer in software • Similar to the Windows shutdown command -sudo shutdown 2 • Shuts down and turns off the computer in two minutes -sudo shutdown -r 2 • Shuts down and reboots in two minutes • Important when you're not on site • "Ctrl-C" or "shutdown -c" to cancel shutdown process
Printer shares
-Similar to sharing a folder • But it's a printer instead • Can be shared through the "Sharing" tab under the printers properties -Can add a printer through Windows Explorer through "Devices and Printers"
SOHO firewalls (Securing SOHO Network)
-Small office / home office appliances • Generally has reduced throughput requirements -Usually includes multiple functions • Wireless access point, router, firewall, content filter -May not provide advanced capabilities • Dynamic routing • Remote support -Always install the latest software • Update and upgrade the firmware for the firewalls, routers, switches, etc.
Tokens and cards (Physical Security)
-Smart card • Integrates with devices • May require a PIN -USB token • Certificate is on the USB device -Hardware or software tokens • Generates pseudo-random authentication codes -Your phone • SMS a code to your phone
Email security (Troubleshooting Security Issues)
-Spam • Any unsolicited email messages • Advertisements • Phishing attacks • Spread viruses via attachments within the email • Spam filters can be helpful to filter out unwanted emails -If the email is hijacked • Infected computers can become email spammers • You'll receive odd replies from other users • You'll receive bounced messages from unknown email addresses -Scan for malware to see if malware can be identified
Room control (Environmental Impacts)
-Specific temperature level • Devices need constant cooling (So do humans) -Humidity level • High humidity promotes condensation • Low humidity promotes static discharges • 50% is a good number but might be difficult to maintain -Proper ventilation is needed • Computers generate heat • Don't put everything in a closet • Need a method to get hot air out and cool air in
Bluescreens and spontaneous shutdowns (Troubleshooting Windows)
-Startup and shutdown BSOD • Possible bad hardware, bad drivers, or bad application -If problem is related to a recent change •You can use Last Known Good, System Restore, or Rollback Driver • Try Safe mode -Re-seat or remove any hardware changes or if the pc was recently moved • May be a possible loose connections -If issue may be related to hardware • Run hardware diagnostics • Provided by the manufacturer • BIOS may have hardware diagnostics
What is electrostatic discharge? (Managing Electrostatic Discharge)
-Static electricity • Its electricity that doesn't move -Static electricity isn't harmful to computers • It's the discharge that gets them -ESD can be very damaging to computer components • Silicon is very sensitive to high voltages -If you've ever felt static discharge when touching a doorknob is around ~3,500 volts • Damage to an electronic component is only 100 volts or less
Mitigating man-in-the-middle
-Use encrypted protocols to mitigate MITM attacks • use HTTPS (not HTTP) if using a browser • use SSH (not telnet) if connecting to a console -Communicate over a secure channel • Client-based VPN -Use encrypted wireless networks • Avoid insecure networks such as Public WiFis or Hotel WiFi's
Closing Programs (Linux)
-Use terminal • sudo for proper permissions -killall • e.g. "sudo killall firefox" ends all firefox instances -xkill • Graphical kill -"kill <pid>" ends that specific instance by process id if you are working at the command line
Trojan horse
-Used by the Greeks to capture Troy from the Trojans • A digital wooden horse -Software that pretends to be something else • So it can conquer your computer • Doesn't really care much about replicating -Circumvents your existing security • The end-user is the one who installs the software • Anti-virus may catch it when it runs • The better trojans are built to avoid and disable the anti-virus -Once it's inside it has free reign • And it may open the gates for other programs
Standard OS features
-Used for file management • You can Add, Delete, Rename files -For application support • Manages memory or swap file (swap space or pagefile) -Input and Output support • Printers, keyboards, hard drives, USB drives -Operating system configuration and management tools
Access Control Lists (ACLs) (Logical Security)
-Used to allow or deny traffic • Also used for NAT, QoS, etc. -Defined on the ingress or egress of an interface • Often on a router or switch • Can be configured to either view Incoming or outgoing traffic or both -ACLs evaluate on certain criteria • Identify traffic based on Source IP, Destination IP, • Either on TCP port numbers, UDP port numbers, • Certain protocol, such as ICMP -Can deny or permit if the criteria is met • What happens when an ACL matches the traffic?
grep (Linux Command)
-Used to find text in a file • Search through one or many files at a time -grep PATTERN [FILE] • "> grep failed auth.log" command would match all the lines for the word "failed" within the file "auth.log" • command is case sensitive
Third-party tools (Remote Access Technologies)
-VNC (Virtual Network Computing) • Uses the Remote Frame Buffer (RFB) protocol • Clients for many operating systems • Many are open source -Commercial solutions available • Such as TeamViewer, LogMeIn, etc. -Allows for screen sharing • Controls the desktop • Can file share • Or transfer files between devices
Scripting basics(Scripting)
-Variables • Can associate a name with an area of memory -Variable "x=1" • x=1. y=x+7. Therefore, y=8. • Variable "pi" can hold the value of "3.14" • pi=3.14 • Variable "greeting" can hold text values "Hello and welcome." • greeting="Hello and welcome."
Windows 8 and 8.1 history
-Windows 8 • Available October 26, 2012 • New user interface - no traditional "Start" button -Windows 8.1 • Released October 17, 2013 • A free update to Windows 8 - not an upgrade -Mainstream support ended January 9, 2018 • Extended support ends January 10, 2023
Explorer
-Windows Explorer / File Explorer (Windows 10) • File management -View, copy, launch files from File Explorer • Granular control -Easy access to network resources • Browse and view
Organizing network devices
-Windows HomeGroup • Can share files, photos, video, etc. between all devices • Works on a single private network only -Windows Workgroups • Logical groups of network devices • Each device is a standalone system, everyone is a peer • Single subnet -Windows Domain • Business network • Centralized authentication and device access • Supports thousands of devices across many networks
DiskPart command
• Manage disk configurations • "diskpart" - start the DiskPart command interpreter at the cmd prompt
dism (Deployment Image Servicing and Management tool)
• Manages Windows Imaging Format (WIM) files -You can make changes to your image with DISM • Get information about an image • Update applications • Manage drivers • Manage updates • Mount an image -All command-line based • Many different options • Easy to automate
Workgroups
• Non-centralized • Small departments • Each computer maintains its own user information • Managed in Control Panel / System
Hard drive security
-2019 study from Blancco and Ontrack on 159 storage drives from eBay •66 drives had data, 25 drives with Personal Identifiable Information •Some contained personal documents, video from a hospital monitoring system and more -Use 3rd party utilities if doing a regular format is not an option -File level overwriting •Sdelete - Windows Sysinternals -Whole drive wipe secure data removal • DBAN - Darik's Boot and Nuke -Physical drive destruction • One-off or industrial removal and destroy
Operating system technologies
-32-bit vs. 64-bit • Processor specific -32-bit processors can store 2³² = 4,294,967,296 values -64-bit processors can store 2⁶⁴ = 18,446,744,073,709,551,616 values • 4 GB vs. 17 billion GB • The OS has a maximum supported value -Hardware drivers are also specific to the installed OS version (32-bit or 64-bit) • 32-bit (x86), 64-bit (x64) -32-bit OS cannot run 64-bit apps • But 64-bit OS can run 32-bit apps -Location of programs in a Windows 64-bit OS • 32-bit apps: \Program Files (x86) • 64-bit apps: \Program Files
Windows 8/8.1 Core
-A basic version for the home user • available in x86 and x64 versions -Integrates a microsoft account into the OS • Ability to log into your computer and all of your services -Includes Windows Defender • An integrated anti-virus and anti-malware -Supports the following: • Windows Media Player -Does not support: • Cannot join a domain • EFS (Encrypting File System) • Bitlocker • AppLocker • BranchCache -x86 version supports 4gb RAM -x64 version supports 128gb RAM
Non-compliant systems
-A constant challenge to stay in compliance when systems are deployed • There are always changes and updates -Standard operating environments (SOE) • A set of tested and approved hardware/software systems • Often a standard operating system image -Operating system and application updates • Must have patches to be in compliance • OS updates, anti-virus signatures • Needs to be checked and verified before access is given
Slow data speeds (Troubleshooting Mobile Device Security)
-A malicious application can cause the data network to go slow • Causes unusual network activity • Unintended WiFi connections • Data transmissions can go over the limit -Check your network connection • Run a WiFi analyzer • Make sure you are on a trusted WiFi network -Check network speed with a 3rd party app • Run a speed check / cell tower analyzer -Examine running apps for unusual activity • Such as large file transfers or constant network activity
Crypto-malware
-A new generation of ransomware • Your data is unavailable until you pay for the decryption key -Malware encrypts your data files • Pictures, documents, music, movies, etc. • Malware cannot be simply removed • Your OS remains available • They want you running, but not working • All personal data has been encrypted by the bad guys -You must pay the bad guys to obtain the decryption key • This encryption is powerful and cannot be brute forced • Ransom is charged through an untraceable payment system • An unfortunate use of public-key cryptography -Make sure you have an offline backup of your files in case you are infected
Computer Management
-A pre-built Microsoft Management Console • A predefined mix of plugins • Control Panel / Administrative Tools - To create your own Microsoft Management Console, you can do the following: • Go to "C:\Windows\System32" and click on "mmc.exe" • Click on Start and search for mmc.exe • cmd prompt and type in mmc.exe • You can add or remove snap-ins as needed -A handy starting point • Events • User accounts • Storage management • Services • And more!
Inventory management (Documentation Best Practices)
-A record of every asset • Routers, switches, cables, fiber modules, etc. -Required for financial records, audits, depreciation • information such as make/model, configuration, purchase date, etc. -Tag the asset once added to the database • Barcode, RFID, visible tracking number • Tagging an asset can help track the device no matter where it happens to go
HomeGroup Applet
-A way to easily share information • Windows 7 / Windows 8 • No HomeGroup options on Windows 10 • Documents, pictures, music, video -A network for the home • Must be set to "Home" in Windows -Enable HomeGroup • A single password is created for everyone to use
Storage spaces
-A windows feature -Storage primarily designed for data centers, cloud infrastructures to easily add storage space • Multiple tiers of available spaces • Different types of administrative control that can be assigned to those spaces -Storage pool • A group of storage drives • Can combine different storage devices into a single pool • Easy to add or remove space in the pool -Storage space • Virtual disks are allocated from available space in the pool • Can specify if its a standalone, mirrored, or striped virtual disk • Includes options for mirroring and parity • Hot spare available as a replacement drive
Cannot broadcast to monitor (Troubleshooting Mobile Apps)
-Ability to broadcast to a TV • Apple TV, Xbox, Playstation, Chromecast, etc. -Check the app requirements • Every broadcast device is different -All devices must be on the same wireless network • Can't mix your private and guest network -Signal strength is important • Between the phone and television • Between the television and the Internet
Mapping drives
-Access a share • This PC / Map network drive -Local drive letter and share name • May require additional authentication -Or use the command line: • e.g. "net use x: \\sg-server\mission-reports"
Domain Services
-Active Directory Domain Services • Large database of your network • Contains info. on users, computers, and the systems they connect to. -Distributed architecture • Many servers • Not suitable for home use -Everything documented/managed in one place • User accounts, servers, volumes, printers -Many different uses such as authentication • Can be managed from a centralized location
Shared files and folders
-Administrative shares • These shares are created automatically by the OS during installation process • Most of these shares are hidden from view (i.e., C$) • Local shares are created by users • Any share with a $ sign at the end of it is automatically hidden by the OS -System files and folders • C$ - \ • ADMIN$ - \Windows • PRINT$ - Printers folder -To view the shares available on the system: • Go to Computer Management > Shared Folders > Share • Or go to the cmd prompt and type in "net share"
Default usernames and passwords (Securing SOHO Network)
-All access points have default usernames and passwords • Change yours ASAP! -The right credentials provide full control • Administrator access -Very easy to find the defaults for your WAP or router • http://www.routerpasswords.com
Password expiration and recovery
-All passwords should expire • Change every 30 days, 60 days, 90 days -Critical systems might change more frequently • Every 15 days or every week -The recovery (password reset) process should not be trivial! • Some organizations have a very formal process
Wireless encryption
-All wireless computers are radio transmitters and receivers • Anyone can listen in -Solution: Encrypt the data • Everyone gets the password (shared password) • Or they get their own password -Only people with the password can transmit and listen • WPA and WPA2 are two common forms of wireless encryption
Wireless encryption (Securing SOHO Network)
-All wireless computers are radio transmitters and receivers • Anyone can listen in -Solution: Encrypt the data • Everyone gets the password -Only people with the password can transmit and listen • WPA2 encryption
Windows Firewall with Advanced Security
-Allows for a more detailed control of inbound/outbound traffic -Can configure: • Inbound rules • Outbound rules • Connection security rules -Can also configure granular rules to specify: • Program • Port number • Predefined services • Custom Variables -Custom variables can include options for the rule such as: • Program • Protocol/Port • Scope • Action • Profile
Scripting and automation (Scripting)
-Allows you to automate tasks • You don't have to be there • Solve problems in your sleep • Monitor and resolve problems before they happen -The need for speed • The script is as fast as the computer • No typing or delays • No human error -Automate mundane tasks • You can do something more productive with your time
Driver/firmware updates for Mac OS
-Almost invisible in Mac OS X • Designed to be that way -Can get hardware Information by looking in the hardware section in System Information • Detailed hardware list broken down by category -View/Read only mode • No changes can be made to the settings • This is by design
Backup / restore
-Always have a backup to recover from a malware infection • This is the best insurance policy ever -Image backup built into Windows • In Windows 8/10 it's called Backup and Restore (Windows 7) • In Windows 7 it's called Backup and Restore -This is the only way to be 100% sure that malware has been removed • Seriously. Cleaning isn't 100%.
Maintain positive attitude (Professionalism)
-Always have a positive tone of voice • Partner with your customer • Project confidence -Problems can't always be fixed • Do your best • Provide helpful options -Your attitude has a direct impact on the overall customer experience
Rainbow tables
-An optimized, pre-built set of hashes • Doesn't need to contain every hash • The calculations have already been done -Remarkable speed increase • Especially with longer password lengths -Need different tables for different hashing methods • Windows passwords are stored differently than MySQL passwords • Different applications store passwords in different ways -Rainbow tables won't work with salted hashes • A salted hash adds an additional random value to the original hash
Anti-virus and anti-malware (Logical Security)
-Anti-malware software runs on the computer • Each device manages its own protection -Updates must be completed on all devices • This becomes a scaling issue -Large organizations need enterprise management • Track updates, push updates, confirm updates, manage engine updates -Mobile devices adds to the challenge • Need additional management
PII - Personally identifiable information (Privacy, Licensing, and Policies)
-Any data that can identify an individual • Part of a company privacy policy - How will PII be handled? -Not everyone realizes the importance of this data • It becomes a "normal" part of the day • It can be easy to forget its importance -Example of a breach - July 2015 • U.S. Office of Personnel Management (OPM) • Personal identifiable information was compromised • Compromised information contained Personnel file information; name, SSN, date of birth, job assignments, etc. • Approximately 21.5 million people were affected
Anti-virus and Anti-malware (Mobile Devices)
-Apple iOS • Closed environment, tightly regulated OS • Malware has to find a vulnerability -Android • More open, apps can be installed from anywhere • Easier for malware to find its way in -Apps on mobile devices run in a "sandbox" • You can control what data an app can view
Apple iOS history
-Apple iPhone and Apple iPad OS • Based on Unix • Closed-source - No access to source code • Exclusive only to Apple products -iOS Apps • Apps are developed with iOS SDK on Mac OS X • Apps must be approved by Apple before release • Apps are available to users in the Apple App Store
Social engineering principles
-Authority • The social engineer is in charge • Social engineer might say they are calling from the help desk/office of the CEO/police -Intimidation • There will be bad things if you don't help • Social engineer might save "If you don't help me, the payroll checks won't be processed" -Consensus / Social proof • Convince based on what's normally expected • Social engineer might say "Your co-worker Jill did this for me last week" -Scarcity • The situation will not be this way for long • Social engineer might say "the changes need to be made before the time expires" -Urgency • Works alongside scarcity • Social engineer wants you to act quickly without thinking or verify the information -Familiarity / Liking • Someone you know, we have common friends • Social engineer might say "i'm a friend of yours or a friend of a friend" -Trust • Someone who is safe • Social engineer might say "I'm from IT, and I'm here to help"
Time Machine backups (Mac OS Tools)
-Automatically does backups and easy to use • Familiar Finder UI -Dates along the right side to locate the correct date • Files in the middle -Mac OS takes snapshots if the Time Machine storage isn't available • You can restore from the snapshot
Network locations in Windows 7
-Automatically sets security levels • You don't even have to remember to set the level -Home • The network is trusted -Work • You can see other devices, but can't join a HomeGroup -Public (most restrictive) • Airport, coffee shop • You are invisible
Knowledge base and articles (Documentation Best Practices)
-Available from external sources • Manufacturer knowledge base (e.g. Microsoft, Cisco, etc...) • Internet communities such as forums -Internal documentation • Institutional knowledge • Usually part of help desk software -Helps find the solution quickly • Contains a searchable archive • It can automatically search with keywords placed in the helpdesk ticket
Windows 8/8.1 Enterprise
-Available to "Software Assurance" customers • Large volume licenses -Supports enterprise features such as: • Joining a windows domain • AppLocker • Windows To Go • DirectAccess • BranchCache • EFS (Encrypting File System) • Bitlocker -x86 version supports 4gb RAM -x64 version supports 512gb RAM
Avoid jargon (Communication)
-Avoid abbreviations and TLAs • Three Letter Acronyms -Avoid acronyms and slang • Be the translator for others -Communicate in terms that everyone can understand • Normal conversation puts everyone at ease • Decisions are based on what you say -Abbreviations, acronyms, and slang are the easiest problems to avoid
Services
-Background process • No user interaction • File indexing, anti-virus, network browsing, etc. -Useful when troubleshooting the startup process • Many services startup automatically -Command-line control • Can start/stop services with the net start/net stop command -Services is located in Control Panel under Administrative Tools • Type in "services.msc" through search or cmd prompt
Handling toxic waste (Safety Procedures)
-Batteries from Uninterruptible Power Supplies • Needs to be disposed of at your local hazardous waste facility -CRTs • Cathode ray tubes - there's a few of those left • Glass contains lead • Dispose at your local hazardous waste facility -Toner Cartridges • Can be recycled and reused • Many printer manufacturers provide a return box • Some office supply companies will provide a discount for each cartridge
Browser security alerts (Troubleshooting Security Issues)
-Be aware of security alerts and invalid certificates • Something isn't quite right • Should raise your interest -Look at the certificate details • Click the lock icon for more information • May be expired or the wrong domain name • The certificate may not be properly signed (untrusted certificate authority)
File systems
-Before data can be written to the partition, it must be formatted -Operating systems expect data to be written in a particular format • FAT32 and NTFS is popular -Many operating systems can read (and perhaps write) multiple file system types • FAT, FAT32, NTFS, exFAT, etc.
Local Security Policy
-Big companies have big security policies • Managed through Active Directory Group Policies • Affects many computers at once -Stand-alone computers aren't managed through AD • Local policies are managed by Local Security Policy -Not available in Home editions • Available in Pro, Ultimate, & Enterprise editions -Local Security Policy is located at: • C:\Windows\system32 and click on secpol.msc • Click on Start and search for secpol.msc or local security policy • cmd prompt and type in secpol.msc
Biometrics (Physical Security)
-Biometric authentication • Fingerprint, iris, voiceprint -Usually stores a mathematical representation of your biometric • Your actual fingerprint isn't usually saved -Difficult to change • You can change your password • You can't change your fingerprint -Used in very specific situations • Not foolproof
Avoid interrupting (Communication)
-But I know the answer! Why do we interrupt? • We want to solve problems quickly • We want to show how smart we are • Can be considered rude -Actively listen, take notes • Build a relationship with the customer (they'll need help again someday) • Don't miss a key piece of information • Especially useful over the phone when you are not able to physical see the user -This skill takes time to perfect • The better you are, the more time you'll save later
BranchCache
-Caching for branch offices • Without additional hardware or external services -Conserves bandwidth over slower links • Seamless to the end-user • Same protocols • Same network connection • Same authentication methods -Activates when round-trip latency exceeds 80 milliseconds
Folder Options / File Explorer Options Applet
-Can Manage Windows Explorer • Many options -General Tab • Can change how folders open in each Window • How folders expand • Can set privacy settings -View Tab • Advanced settings for files and folders (can view hidden files, can hide extensions, etc..) -Search Tab • Can configure how the search Index is used when searching for files • Search Options when searching for files • Options when searching non-indexed areas
Creating a firewall exception
-Can allow an app or feature through Windows Firewall • The more secure exception -Can allow or disallow via the Port number • Block or allow - Very broad -Can create predefined exceptions • List of common exceptions -Custom rule can be combined to create a detailed rule • Every firewall option -To view/create custom rules, click on "advance settings" under Windows Firewall
Scheduled backups (Linux)
-Can be scheduled by either command line and/or graphical interface • a number of these utilities are built into the distributions -tar (commonly used) • Stands for "Tape Archive" • Easy to script into a backup schedule from cmd line • Can backup or restore from tar utility -rsync • Stands for "Remote Sync" • Sync files between storage devices • Instant synchronization or scheduled
Windows Firewall configuration
-Can block all incoming connections • Ignores your exception list • Useful when you security is needed -Modify notification - App blocking
Full device encryption (Mobile Devices)
-Can encrypt all device data • Phone keeps the key -In iOS 8 and later • Personal data is encrypted with your passcode -In Android - Full device encryption can be turned on
Performance Monitor
-Can gather long-term statistics • Located in the Control Panel under Administrative Tools -Provides OS metrics - Disk, memory, CPU, etc. -Can set an alert and automated actions - can monitor and act •Counters are added to monitor metrics -Can store statistics to analyze any long-term trends -Built-in reports allows you to create detailed reports from the data -To bring up Performance Monitor: • Go to "C:\Windows\system32" and click on perfmon.msc • Click on Start and search for perfmon.msc • cmd prompt and type in perfmon.msc
Terminal (Linux tools)
-Command line access to the operating system • Common to manage in Linux -OS maintenance • Can run scripts and manage files • Can configure OS and application settings
The Run line
-Can start an application as a command • Instead of the graphical interface -Can use the run/search or command prompt • Options can be specified as part of the command
VPN connections
-Can use the built-in VPN client • Included with Windows -Can Integrate a smart card • Multi-factor authentication • Something you know (password) • Something you have (smartcard) • Something you are (fingerprint reader) -Connect from the network status icon once the VPN connection is created • Will need to click and provide credentials
ps (Linux Command)
-Can view the current processes • And the process ID (PID) • Similar to the Windows Task Manager -View current user processes • "ps" command -View all processes • "ps -e | more" command
Event Viewer
-Central event consolidation • What happened? -Broken down into different categories • Application • Security • Setup • System -Then each one is broken down into a different priority such as: • Information • Warning • Error • Critical • Successful Audit • Failure Audit -Can obtain detailed information when troubleshooting an application or OS
Active Directory (Logical Security)
-Centralized management • Windows Domain Services • Limit and control access -Run login scripts • Can map network drives • Can update security software signatures • Can update application software -Run Group Policy/Updates • Set specific pre-define policies • Set the password complexity • Contain login restrictions -Separated Organizational Units (OU's) • Active Directory can be structured to real world departments • Can be based on the company (locations, departments) -Can set a Home Folder • Assign a network share as the user's home • e.g. \\server1\users\professormesser -Can set group policy to assign Folder redirection • Instead of a local folder, redirect to the server • Store the Documents folder on \\server1 • Access files from anywhere
Credential Manager Applet
-Centralized management of web and Windows credentials • Each site can have a different username and password -Can add additional Windows credentials • Such as Certificates
System updates / App store in Mac OS
-Centralized updates - For both OS and apps in one utility -App Store application - The "Updates" option -Automatic updates • Can also be set to manual install -Patch management - Install and view previous updates
Password best practices
-Change any default usernames/passwords • All new devices have defaults • There are many web sites that document these -BIOS/UEFI passwords • Supervisor/Administrator password: Prevent BIOS changes • User password: Prevent booting -Requiring passwords • Always require passwords • No blank passwords or automated logins
Change management
-Change control • A formal process for managing change such as application upgrades, security patches, updates to a switch configuration, etc... • This is to avoid downtime, confusion, and/or mistakes -Nothing changes without the process • Determine the scope of the change • Analyze the risk associated with the change • Create a plan • Get end-user approval • Present the proposal to the change control board • Have a backout plan (plan b) if the change doesn't work • Document the changes
chmod (Linux Command)
-Change mode of a file system object • r=read, w=write, x=execute • Can also use octal notation • Set for the file owner (u), the group(g), others(o), or all(a) -chmod mode FILE • > chmod 744 script.sh • The above chmod gives the following permissions "User:rwx", "Group:r--", "Others:r--" -chmod 744 first.txt • User gets read, write execute • Group gets read only • Other gets read only -chmod a-w first.txt • All users, no writing to first.txt • Sets all users permissions with the no writing to text file "first.txt" -chmod u+x script.sh • The owner of script.sh can execute the file • Sets the owner with execute permission to the "script.sh" file
chown (Linux Command)
-Changes file owner and group • Modifies file settings -sudo chown [OWNER:GROUP] file • "> sudo chown professor script.sh" changes the owner of the file "script.sh" to "professor"
Proxy settings
-Changes the traffic flow • An Internet go-between -Located in Control Panel > Internet Properties • Can define addresses and exceptions • Proxies won't work for everything
Before the installation
-Check minimum OS requirements • Memory, disk space, etc. • And the recommended requirements -Run a hardware compatibility check • Runs when you perform an upgrade • Run manually from the Windows setup screen • Windows 10 Upgrade Checker -Plan for installation questions • Drive/partition configuration, license keys, etc. -Application compatibility - Check with the app developer
Dust and debris (Environmental Impacts)
-Cleaning outside of device (computer/printer) • Use neutral detergents • No ammonia-based cleaning liquids • Avoid isopropyl alcohol -Vacuum • Use a "computer" vacuum (maintain ventilation) -Use a compressed air pump (environmental friendly) • Try not to use compressed air in a can
Licensing / EULA (Privacy, Licensing, and Policies)
-Closed source / Commercial • Source code is private • End user gets compiled executable -Free and Open Source (FOSS) • Source code is freely available • End user can compile their own executable -End User Licensing Agreement • Determines how the software can be used -Digital Rights Management (DRM) • Used to manage the use of software
Trust/untrusted software sources (Logical Security)
-Consider the source • May not have access to the source code • Even then, may not have the time to audit (do you trust the person providing the software?) -Trusted sources • Internal applications (In-House developers) • Well-known publishers • Digitally-signed applications -Untrusted sources • Applications from third-party sites • Links from an email • Pop-up/drive-by downloads when visiting a website
Batch files (Scripting)
-Contains a ".bat" file extension • Scripting for Windows at the command line • Legacy goes back to DOS and OS/2
Locator applications and remote wipe (Mobile Devices)
-Contains built-in GPS • And location "helpers" • 802.11 can be used to triangulate location -Can assist with finding phone on a map -Have control from afar • Can make a sound • Can display a message -Can send command to wipe everything if you are not able to gain access to the phone • This is done to protect your data
Wireless connections
-Contains the Network name • such as the SSID (Service Set Identification) -Security type • Encryption method -Encryption type • TKIP or AES -Security key • WPA2-Personal - a Pre-shared key method (password) • WPA2-Enterprise - a 802.1X authentication method (username and password)
Scope the change (Change Management)
-Determine the effect of the change • May be limited to a single server • Or an entire site -A single change can be far reaching • Changes at the switch which can affect multiple applications • Internet connectivity changes • Changes in remote site access • Changes in external customer access -How long will this change last? • Will it have no impact • Or hours of downtime
Risk analysis (Change Management)
-Determine the risk value of a change • i.e., high, medium, low -The risks can be minor or far-reaching • The "fix" didn't actually fix anything • The fix ends up breaking something else • Operating system failure • Data corruption -What's the risk with NOT making the change? • Are systems are open to security vulnerabilities? • Will applications become unavailable? • Or unexpected downtime to other services
tracert
-Determines the route a packet takes to a destination • Maps the entire path -Takes advantage of ICMP Time to Live Exceeded message • The time in TTL refers to hops, not seconds or minutes • TTL=1 is the first router, TTL=2 is the second router, etc. -Not all devices will reply with ICMP Time Exceeded • Some firewalls filter ICMP • ICMP is low-priority for many devices
The password file
-Different across operating systems • All contain different hash methods • One-way cryptographic process e.g. Jumper Bay: 1001::42e2f19c31c9ff73cb97eb1b26c10f54::: Carter: 1007::cf4eb977a6859c76efd21f5094ecf77d::: Jackson: 1008::e1f757d9cdc06690509e04b5446317d2::: O'Neill: 1009::78a8c423faedd2f002c6aef69a0ac1af::: Teal 'c: 1010::bf84666c81974686e50d300bc36aea01:::
Users and Groups
-Different levels of user accounts are built into the Windows OS -Users • Administrator (The Windows super-user) • Guest (Limited access) (Disabled by default) • Standard Users (majority of users who will be logging into Windows) -Windows OS also contains different groups • Administrator, Power Users, Users, etc... • Adding a Standard User into the Power Users Group will not give that much more control than a regular user
Remote Backup (Mobile Devices)
-Difficult to backup something that's always moving • Do a backup to the cloud -Constant backup - No manual process -You can backup without wires by using the existing network • Either through the service provider or through 802.11 network -Can restore with one click on the new phone • Restores everything • Authenticate and wait
dxdiag.exe
-DirectX Diagnostic Tool • Manage your DirectX installation • It is an application programming interface used by developers to create applications that requires multimedia or graphics within Windows -Multimedia API Overview for: • System • Display (3D graphics) • Audio • Input options -Also makes a very nice generic diagnostic tool when having issues with graphics or sound • Not just for testing DirectX - Located under C:\Windows\System32 • Can also open through the cmd line or Run cmd
2. Quarantine infected systems (Removing Malware)
-Disconnect from the network • Keep it contained -Isolate/remove all removable media • Everything should be contained -Prevent the spread • Don't transfer files, don't try to backup • That ship has sailed
Scheduled disk maintenance in Mac OS
-Disk Utility - Disk maintenance •Rarely needed - No ongoing maintenance • Use as needed -Other Functions: • First Aid • Partition a new drive • Erase a drive • Restore a drive • Unmount a drive -Use the "First Aid" function if having disk problems • Similar to Windows Check Disk • Will examine the drive • Checks all permissions are set properly
defrag.exe
-Disk defragmentation • Moves file fragments so they are contiguous (so that they can be stored next to each other) • Improves read and write time on spinning hard drives -Not necessary for solid state drives • Windows won't defrag an SSD • Option will not be available -Graphical version in the drive properties -Requires elevated permissions at the command line to run • defrag <volume> • defrag C: - Located under C:\Windows\System32 • Can also run through the cmd line or run cmd • Graphical version in the drive properties
Unintended Bluetooth pairing (Troubleshooting Mobile Device Security)
-Do not connect with a device that isn't yours • This isn't a good idea -Remove the Bluetooth device • You will need to re-pair to access again -Disable Bluetooth radio to prevent any data is being sent • No Bluetooth communication at all -Run an anti-malware scan if possible • Make sure there are no malicious apps
Incident response: Documentation (Privacy, Licensing, and Policies)
-Documentation must be available • No questions -Gather as much information as possible • Written notes • Taking pictures • Screenshots -Documentation always changes • Constant updating • Have a process in place • Use the wiki model
Windows post-installation
-Does it work? • If it doesn't boot, there are bigger problems • Some testing is useful for unknown hardware configurations -Additional installations include: • Service packs • Security patches • Security applications • Driver updates • Application updates
Be on time and avoid distractions (Professionalism)
-Don't allow interruptions • No personal calls, no texting, no Twitter • Don't talk to co-workers -Apologize for delays and unintended distractions -Create an environment for conversation -In person • Be open and inviting • Candy bowl can be magical -On the phone • Quiet background, clear audio • Stay off the speakerphone
SSH (Secure Shell) (Remote Access Technologies)
-Encrypted console communication - tcp/22 • Exactly like telnet -Looks and acts the same as Telnet - tcp/23
Signal drop / weak signal (Troubleshooting Mobile Device Security)
-Drops and weak signals prevent traffic flow • Location is everything -Make sure you're connecting to a trusted WiFi network • Use a VPN if you are not • Never trust a public WiFi Hotspot • Tether with your own device (Hotspot) -Run a speed test if you are unsure you have good connection • Run a cell tower analyzer and test
Boot Camp (Mac OS Features)
-Dual-boot into Windows on Mac hardware -Requires Apple device drivers • Run Windows on Apple's Intel CPU architecture -Everything is managed through the Boot Camp Assistant • Builds a Boot Camp partition • Installs Windows OS and drivers
Tools tab
-Easy access to popular administrative tools • UAC settings, System Information, Computer Management, etc. -Faster than searching through menus or typing • A static (but comprehensive) list
Change board and approvals (Change Management)
-Either "Go or no go" • Lots of discussion takes place -All important parts of the organization are represented • Potential changes can affect the entire company -Some changes have priority • The change board makes the schedule • Some changes happen quickly • Some take time -This is the last step • The actual work comes next
Protection from airborne particles (Environmental Impacts)
-Enclosures • Protect computers on a manufacturing floor • Protect from dust, oil, smoke -Air filters and masks to protect yourself • Protect against airborne particles • Dust in computer cases, laser printer toner
Mantraps (Physical Security)
-Entry for one at a time and in controlled groups • Manage control through an area -All doors are normally unlocked • Opening one door causes others to lock -All doors normally locked • Unlocking one door prevents others from being unlocked -One door is open / the other is locked • When one is open, the other cannot be unlocked
Local government regulations (Environmental Impacts)
-Environmental regulations requirements • May have very specific controls -The obvious requirements • Hazardous waste • Batteries • Computer components -The not-as-obvious requirements • Paper disposal
Wired connections
-Ethernet cable • Direct connection -Fastest connection is the default determined by Windows • Ethernet, Wireless, WWAN -Alternate configurations when DHCP isn't available in Windows • Located in "Local Area Connection Properties" window > TCP/IPv4 Properties > Alternate Configuration tab
GDPR - General Data Protection Regulation (Privacy, Licensing, and Policies)
-European Union regulation • Data protection and privacy for individuals in the EU • Protects name, address, photo, email address, bank details, posts on social networking websites, medical information, a computer's IP address, etc. -Controls export of personal data by the user • Users can decide where their data goes -Gives individuals control of their personal data • A right to be forgotten (User can have all information deleted) -Located on the site's privacy policy • Shows all details of the privacy rights for a user
Devices and Printers Applet
-Everything on the network • Desktops, laptops, printers, multimedia devices, storage -Quick and easy access • Much less complex than Device Manager • Can right mouse click and view Properties and make device configurations
Explicit and inherited permissions
-Explicit permissions • Sets default permissions for a share • Setting manual permissions makes it explicit -Inherited permissions • Propagated from the parent object to the child object • Set a permission once so that it applies to everything underneath -Explicit permissions take precedence over inherited permissions • Even inherits deny permissions • Parent object can have deny permissions but can set allow permissions to a child object of the parent object (Explicit permissions)
Mounting drives
-Extend available storage space • Mount a separate storage device as a folder -Mount in an empty folder • Instant storage space • Seamless to the user -Configuration done in Disk Management: • Right click on the new drive • Change drive letter and paths • Select "mount" option and browse to the location
Installing applications
-Extend the functionality of your operating system • Specialized applications extend system functionality such as word processing, spreadsheets, graphics capabilities, etc... -Available everywhere • Find the application you need • Install on your operating system -Not every computer can run every application • Some simple checks can help manage your desktop
Secure DNS services
-External/Hosted DNS service • Provides additional security services -Real-time domain blocking • Sites containing malware are not resolvable -Blocks harmful websites • Phishing sites, parked domains -Runs on a secure platform •Avoids poisoning attacks to the DNS cache
Safe Mode - Windows 10 (Troubleshooting Solutions)
-F8 probably won't work • Windows Fast Startup in Windows 8/8.1 and 10 prevents a complete shutdown -From the Windows desktop • Hold down shift when clicking Restart • Or choose Settings > Update & Security > Recovery > Advanced startup > Restart now • This configuration can also be enabled in System Configuration (msconfig) -If you dont have access to the desktop, Interrupt normal boot three times so the system can present the boot option screen
NTFS vs. Share permissions
-File access is controlled by either NTFS permissions or Share permissions -NTFS permissions apply from local and network connections -Share permissions only apply to connections over the network • A "network share" -The most restrictive setting wins • Deny access beats allow access -NTFS permissions are inherited from the parent object • Will keep the same permissions if the data is moved within the same volume • If data is moved to a different volume, then the permissions will be associated with where its placed in that volume.
Network-based firewalls (Logical Security)
-Filters traffic by port number • HTTP is 80, SSH is 22 • Next-generation firewalls can identify the application -Can encrypt traffic into/out of the network • Protect your traffic between sites using a VPN tunnel -Can proxy traffic • A common security technique -Most firewalls can be configured as layer 3 devices (routers) • Usually sits on the ingress/egress of the network
Spotlight (Mac OS Features)
-Find files, apps, images, etc. • Similar to Windows search -Magnifying glass in upper right • Or press Command-Space -Type anything in - See what you find -Define search categories in System Preferences / Spotlight • Enable/disable categories • Can change the order of categories • Can enable/disable categories
Check Disk (chkdsk) command
-Fixes logical file system errors on the disk • chkdsk /f -Locates bad sectors and recovers readable information • chkdsk /r • Implies /f -If volume is locked, run during startup
Local user permissions for application installs
-Folder/file access will be required • Installation programs will be copying a lot of files -The user needs permission to write application files to the storage drive • This may not be the default in an office -May need to run as Administrator • Some applications will install additional drivers or services • Be careful when allowing this level of access!
Denial of service
-Forces a service to fail • Caused by overloading the service -Takes advantage of a design failure or vulnerability • Keep your systems patched! -Causes a system to be unavailable • An attack to give a competitive advantage -Can create a smokescreen for some other exploit • A precursor to a DNS spoofing attack -Doesn't have to be complicated • Simply turning off the power can be considered a denial of service
Format command
-Formats a disk for use with Windows • format c: • BE CAREFUL - YOU CAN LOSE DATA
Linux History
-Free Unix-compatible software system • Unix-like, but not Unix -Many (many) different distributions • Such as Ubuntu, Debian, Red Hat / Fedora -Advantages • Cost. Free! • Works on wide variety of hardware • Has a Passionate and active user community -Disadvantages • Limited driver support, especially with laptops • Limited support options
BitLocker
-Full Disk Encryption • The operating system and all files -A TPM is recommended on the motherboard • Trusted Platform Module • Use a flash drive or password if there's no TPM -Runs Seamlessly • Works in the background • You never know it's there • Used for laptops or mobile devices
Data encryption
-Full-disk encryption • Encrypts the entire drive -File system encryption (EFS) • Individual files and folders -Encrypt removable media • Protect those USB flash drives -Key backups are critical • You always need to have a copy • This may be integrated into Active Directory • You'll want to keep the key handy
GPT partition style
-GPT (GUID Partition Table) • Globally Unique Identifier • The latest partition format standard -Requires a UEFI BIOS • Can have up to 128 primary partitions • No need for extended partitions or logical drives
Internet Options Applet
-General Tab • Basic display • Shows options for browser such as home page, how the browser starts up, and change the display of the tabs -Security Tab • Contains zones where security levels are set (Internet, Local Intranet, Trusted Sites, Restricted Sites) • Different security levels for each zone (Between High and Low) -Privacy Tab • Can control settings for cookies, pop-up blocker, InPrivate browsing -Content Tab • Can view information on encryption and identification certificates • Can view auto-complete information -Connections Tab • Can configure VPN, proxy settings, and LAN settings -Programs Tab • Can manage how the browser opens links • Can set default browser • Manage add-ons, plugins, etc. -Advanced Tab • Detailed configuration options for the browser • Can reset all settings back to default
Python (Scripting)
-General-purpose scripting language • Contains a ".py" file extension -Popular in many technologies • Broad appeal and support in many operating systems
Google Android history
-Google Android • Open Handset Alliance • Open-source OS, based on Linux • Supported on many different manufacturer's devices -Android Apps • Apps are developed on Windows, Mac OS X, and Linux with the Android SDK • Apps are available from Google Play • Apps are also available from third-party sites (i.e., Amazon Appstore)
Chrome OS history
-Google's operating system • Based on the Linux kernel -Centers around Chrome web browser • Most apps are web-based -Many different manufacturers - Relatively less expensive -Relies on the cloud - requires connectivity to the Internet
Managing Group Policy
-Group Policy • Manage computers in an Active Directory Domain • Group Policy is usually updated at login -gpupdate • Forces a Group Policy update • gpupdate /target:{computer|user} /force • gpupdate /target:professor /force -gpresult • Verify policy settings for a computer or user • gpresult /r -- generic command • gpresult /user sgc/professor /v -- a more specific comand for gpresult
System requirements for application installs
-Hard Drive space • Initial installation space required • Space required for application use • Some applications use a LOT of drive space after installation -RAM • This would be above and beyond the OS requirements • Very dependent on the application • Consider all of the other running applications -OS compatibility • Operating system (Windows, Mac OS, Linux) • Version of the OS
Microsoft Windows history
-Has a major market presence -Has many different versions • Windows 10, Windows Server 2016 -Advantages • Large industry support • Broad selections of OS options • Wide variety of software support -Disadvantages • Large install base provides a big target for security exploitation • Large hardware support can create challenging integration exercises
Reboot (Troubleshooting Solutions)
-Have you tried turning it off and on again? • There's a reason it works -If a bug is in your router software • Reboot the router to return to a known good state -If an application is using too many resources • Stops the app -a memory leak slowly consumes all available RAM • Clears the RAM and starts again
PHI - Protected Health Information (Privacy, Licensing, and Policies)
-Health information associated with an individual • Personal records showing health status, health care records, payments for health care, and much more -Data between healthcare providers must maintain similar security requirements -HIPAA regulations • Health Insurance Portability and Accountability Act of 1996
Disk status
-Healthy • The volume is working normally -Healthy (At Risk) • The volume has experienced I/O errors • Drive may be failing -Initializing • Normal startup message for a new drive -Failed • Cannot be started automatically • The disk is damaged, or the file system is corrupted -Failed redundancy • A drive has failed in a RAID 1 or RAID 5 array -Resynching • Mirrored (RAID 1) volume is synching data between the drives -Regenerating • RAID 5 volume is recreating the data based on the parity data
Man-in-the-middle (MITM) attack
-How can a bad guy watch without you knowing? • This is a Man-in-the-middle attack -This attack is designed to get the attacker between the user and the other device • It redirects your traffic • Then passes it on to the destination • You never know your traffic was redirected -A common way to perform a MITM attack is through ARP poisoning • ARP has no security
TCP/IP host addresses
-IP Address - Unique identifier • Subnet mask - Identifies the subnet • Gateway - The route off the subnet to the rest of the world -DNS - Domain Name Services • Converts domain names to IP addresses -DHCP - Dynamic Host Configuration Protocol • Automates the IP address configuration • Addresses can be dynamic or static -Loopback address - 127.0.0.1 - It's always there!
User authentication (Logical Security)
-Identifier • Something unique • In Windows, every account has a Security Identifier (SID) -Credentials • This information is used to authenticate the user on their system • A password, smart card, PIN code, etc. -A profile is associated to the user once logged in • Stores information about the user • Contains name, contact information, group memberships, etc.
Pop-ups (Troubleshooting Security Issues)
-If Pop-ups appear in your browser • It may look like a legitimate application • Might be a malware infection -Update your browser • Use the latest version • Check pop-up block feature -Scan for malware • Consider a cleaning (Not a guarantee) • Rebuild from scratch or known good backup to guarantee removal
Starting the system (Troubleshooting Windows)
-If a device is not starting • Check Device Manager and Event Viewer • Often a bad driver • Remove or replace driver -If "One or more services failed to start" • Could be a bad/incorrect driver, bad hardware • Try starting the service manually in services.msc • Check account permissions • Confirm/Check service dependencies • Windows service; check system files • Application service; reinstall the application
Firewall settings (Securing SOHO Network)
-Inbound traffic • Extensive filtering and firewall rules • Allow only required traffic • Configure port forwarding to map TCP/UDP ports to a device • Consider building a DMZ -Outbound traffic • Blacklist - Allow all traffic, stop only unwanted traffic • Whitelist - Block all traffic, only allow certain traffic types
Application crashes (Troubleshooting Windows)
-If application stops working • May provide an error message • May just disappear -Check the Event Log • Often includes useful reconnaissance -Check the Reliability Monitor • A history of application problems • Checks for resolutions -Reinstall the application • If reinstalling does not work, contact application support
Application crashes (Troubleshooting Security Issues)
-If application stops working • May provide an error message • May just disappear -Check the Event Log • Often includes useful reconnaissance -Check the Reliability Monitor • Application might have a history of problems • Check for resolutions -Reinstall the application • OR contact application support if problem persists
App issues (Troubleshooting Mobile Apps)
-If apps are not loading or performance is slow -Restart the phone - Hold power button, power off -Stop the app and restart • In iPhone: Double-tap home button, slide app up • In Android: Settings/Apps, select app, Force stop -Also update the app - Get the latest version
Slow boot (Troubleshooting Windows)
-If boot process hangs or takes longer than normal • No activity, no drive lights -Manage the startup apps • Control what loads during the boot process -Check Task Manager • under Startup tab • Startup impact, Right-click / Disable -Or Disable everything • And load them back one at a time
Wireless connectivity (Troubleshooting Mobile Apps)
-If getting Intermittent connectivity • Move closer to access point • Try a different access point -If not getting any wireless connectivity • Check/Enable WiFi on the system • Check security key configuration • Hard reset can restart wireless subsystem -IF no Bluetooth connectivity • Check/Enable Bluetooth • Check/Pair Bluetooth components • Hard reset to restart Bluetooth subsystem
Startup Repair (Troubleshooting Windows)
-If missing NTLDR • The main Windows boot loader is missing • Run Startup Repair or replace manually and reboot • Disconnect removable media -If missing operating system • Boot Configuration Data (BCD) may be incorrect • Run Startup Repair or manually configure BCD store -If booting into Safe Mode • Windows is not starting normally • Run Startup Repair
No sound from speakers (Troubleshooting Mobile Apps)
-If no sound from a particular app • Check volume settings - Both app and phone settings • Possible bad software > delete and reload • Try headphones to test if its the device speakers or there is no audio at all -Sound starts but then stops • Might have dueling apps / keep on app in foreground -No speaker sound from any app (no alarm, no music, no audio) • Load latest software device software • Or perform factory reset
System lock up (Troubleshooting Security Issues)
-If system completely stops • Check Caps Lock and Num Lock indicator lights for a status to verify if the system is responding -May still be able to terminate bad apps once you are logged in • In Windows and Linux Task Manager (Ctrl-Alt-Del / Task Manager) • In Mac OS X Force Quit (Command-Option-Esc) -Check system logs when restarting • May have some clues about what's happening -May be a security issue • Perform a virus/malware scan -Perform a hardware diagnostic • System issues can be a factor
Inaccurate touch screen response (Troubleshooting Mobile Apps)
-If the screen responds incorrectly or is unresponsive -Close some apps - Low memory can cause resource contention -Restart the device • Perform a soft reset, unless a hard reset is required -May require a hardware fix • Replace the digitizer / reseat cables
Non-responsive touchscreen (Troubleshooting Mobile Apps)
-If touchscreen completely black or touchscreen not responding to input • Buttons and screen presses do not register -Restart the Apple iOS device • Hold power button, slide to power off, press power button (soft reset) • Hold down power button and Home button for 10 seconds (hard reset) -Restart the Android device • Remove battery, put back in, power on • Hold down power and volume down until restart • Some phones have different key combinations • Some phones DO NOT HAVE a key-based reset
Leaked information (Troubleshooting Mobile Device Security)
-If unauthorized access was made to your device such as: • Unauthorized account access • Unauthorized root access • Leaked personal files and data -Determine cause of data breach • Find the source of the leak • Perform an app scan, run anti-malware scan -Perform a factory reset and clean install if the breach was done on the actual device • This is obviously a huge issue -Breach might've been done where the device stores it data (cloud). Check online data sources such as: • Apple iTunes/iCloud/Apple Configurator • Google Sync • Microsoft OneDrive -CHANGE PASSWORDS
Incident response: First response (Privacy, Licensing, and Policies)
-If you are the first to Identify the issue • You might have log information • You might've seen the incident in person • You might have monitoring data -Report the incident to the proper channels • Don't delay -Collect and protect information relating to an event • Many different data sources and protection mechanisms
Boot errors (Troubleshooting Windows)
-If you can't find operating system • Bootup shows the OS is missing -Or a Boot loader is replaced or changed • Due to multiple OSes installed -Check your boot drives • BIOS might be configured to boot from a DVD-rom or USB drive • Remove any media such as USB drives or check the DVD-Drive -Startup Repair utility included in Windows • Checks every step along the boot process • Identifies problems and corrects them -May need to perform manual configuration to modify the Windows Boot Configuration Database (BCD) from the command prompt • Formerly boot.ini • Recovery Console: "bootrec /rebuildbcd" will look for installed versions of windows. Gives the option to add to its list if any are found.
Short battery life (Troubleshooting Mobile Apps)
-If you get bad reception tends to decrease battery life • Device is always searching for signal • Acts as airplane mode on the ground -Disable unnecessary features • 802.11 wireless, Bluetooth, GPS -Check application battery usage • iPhone: Settings/General/Usage • Android: Settings/Battery -Might be an aging battery - There's only so many recharges
Black screen (Troubleshooting Windows)
-If you get no login dialog or no desktop • issue might be driver corruption or corruption with OS system files -If changes were recently made to video settings or new video drivers were installed • Start in VGA mode for lower resolution • Press F8 for startup options -If you believe the issue is related to the OS system files • Run SFC - System File Checker • Runs from recovery console • If SFC finds any invalid files, it will replace that file and boot the system with the recovered files -If the problem is related to a video driver • Update driver in Safe Mode or VGA Mode • Download from known good source -Repair/Refresh or recover from good known backup
Backup strategies (Disaster Recovery)
-Image level backup • Incorporates everything in a server or device and creates a single image from all of that data • Can use a bare metal (server with no OS) and apply this image backup • Consists of volume snapshots or hypervisor snapshots (VM) of the operating system • Can recover the entire system at once • Image level backup allows you to make an exact duplicate of the server -File level backup • Only copies important files • Copies individual files to a backup • May not necessarily store all system files • May need to rebuild the OS and then perform a file restore
Is it legal to dive in a dumpster?
-In the United States, it's legal • Unless there's a local restriction -If it's in the trash, it's open season • Nobody owns it -If dumpsters are on private property or show "No Trespassing" signs then it may be restricted • You can't break the law to get to the rubbish -If you have questions? Talk to a legal professional.
Upgrade methods
-In-place upgrade • Upgrades the existing OS • Keeps all applications, documentations, and settings • Start the setup from inside the existing OS -Clean install • Wipes everything and reload • Backup your files • Start the setup by booting from the installation media
Kill tasks (Troubleshooting Solutions)
-Instead of rebooting, find the problem • And kill it -Done in Task Manager under the Processes tab -Sort by resource - CPU, memory, disk, network -Right-click to end task • Trial and error
Browser redirection (Troubleshooting Security Issues)
-Instead of your Google result, your browser goes somewhere else • This should not ever happen -Malware is the most common cause • This makes money for the bad guys -Use an anti-malware/anti-virus cleaner • This is not the best option -OR Restore from a good known backup • The only way to guarantee removal
Windows (Defender) Firewall
-Integrated into the operating system -Located in Control Panel / Windows Firewall In Windows 7 & 8 -Located in Control Panel / Windows Defender Firewall in Windows 10 -Windows Firewall with Advanced Security • Click "Advanced settings" -Fundamental firewall rules (basic functionality) • Allows apps to send/receive traffic • Based on applications • No detailed control -No scope can be set • All traffic applies (inbound/outbound) -No connection security rules • Can't encrypt with IPsec tunnels
Screen sharing (Mac OS Tools)
-Integrated into the operating system • Can also be viewed with VNC (Virtual Network Computing) -Available devices appear in the Finder • Or access by IP address or name
iCloud (Mac OS Features)
-Integrates Apple technologies - Mac OS, iOS -Share across systems • Calendars, photos, documents, contacts, etc. -Can backup iOS devices to never lose data again -Store files in an iCloud drive • Similar to Google Drive, Dropbox • Integrated into the operating systems
Disable startup services / apps (Troubleshooting Solutions)
-It's difficult to tell what application might be a problem child • Since much of the underlying OS operations are hidden from view -Trial and error method • Disable all startup apps and services • Or disable one at a time • This might take quite a few restarts -Manage startup processes in Windows 7, 8 or 10 • Located in Task Manager or in Control Panel > Administrative Tools > Services
Backup testing (Disaster Recovery)
-It's not enough to perform the backup • You have to be able to restore -Disaster recovery testing • Simulate a disaster situation • Restore from a backup -Confirm the restoration • Test the restored application and data by the end-users to make sure the everything is working as expected -Perform periodic audits • To make sure the backups are working properly and the data is stored as expected.
Surge suppressor specs (Environmental Impacts)
-Joule ratings • Surge absorption • 200=good, 400=better • Look for over 600 joules of protection -Surge amp ratings • Higher is better -UL 1449 voltage let-through ratings • Ratings at 500, 400, and 330 volts • Lower is better
4a. Remediate: Update anti-virus (Removing Malware)
-Keep signatures and engine updated • The engine - the guts of the machine • Signature updates - constantly updated -Automatic vs. manual • Manual updates are almost pointless since it updates automatically -Your malware may prevent the update process • Download from another computer and copy onto a removable drive to install into infected pc
Patch and update management
-Keep the OS and applications updated • Security and stability improvements -Built-in to the operating system for standalone systems (home systems) • Updates are deployed as available • Deployment may be managed internally by the organization -Many applications include their own updater • Check for updates when starting -Always stay up to date • Security vulnerabilities are exploited quickly
Controlling ESD (Managing Electrostatic Discharge)
-Keeping humidity over 60% helps control ESD • Won't prevent all possible ESD • Keeping an air conditioned room at 60% humidity isn't very practical and uncomfortable to work in -Use your hand to self-ground • Touch the exposed metal chassis before touching a component • Always unplug the power connection • Do not connect yourself to an electrical ground! -Try not to touch components directly • Card edges only • Do not touch any components of the card
Windows Update
-Keeps your OS up to date - Security patches, bug fixes -Can be configured to be installed automatically - Updates are always installed -Can be configured to download but wait for install - You control the time -Can be configured to check but not to download • Saves bandwidth -Can be configured to never check - Don't do this -Windows 10 has the option to schedule a restart after updates are completed.
Prepare the boot drive
-Know your drive • Is there data on the drive? • Has the drive been formatted? • What partitions are on the drive? -Backup any old data - You may need that back someday -Most partitioning and formatting can be completed during the installation • Clear the drive and start fresh
Windows at work
-Large-scale support • Thousands of devices supported by IT -Security concerns • Mobile devices with important data that needs to stay safe • Local file shares -Wide varieties of purposes such as the Accounting Dept. working on a spreadsheet • Or Marketing Dept. having the need to play videos -Geographical sprawl - Not all systems are in the same building • Need a way to managed cache data between the sites slow WAN connections
Distributed Denial of Service (DDoS)
-Launches an army of computers to bring down a service • Uses all the bandwidth or resources - causes a traffic spike -This is why the bad guys have botnets • Thousands or millions of computers at your command • At its peak, Zeus botnet infected over 3.6 million PCs • Attacks are coordinated -The attackers are zombies • Many people have no idea they are participating in a botnet • Users might not know they are running malware on their computer
Storage types
-Layered on top of the partition and file system • A Windows thing -Basic disk storage • Available in DOS and Windows versions • Primary/extended partitions, logical drives • Basic disk partitions can't span separate physical disks -Dynamic disk storage • Available in all modern Windows versions • Span multiple disks to create a large volume • Split data across physical disks (striping) • Duplicate data across physical disks (mirroring) • Not all Windows versions support all capabilities
Print Management
-Located in Control Panel under Administrative Tools -Can manage printers • Share printers from one central console -Add and manage printer drivers • Central management of 32-bit and 64-bit drivers
Limited connectivity (Troubleshooting Windows)
-Limited or no connectivity: The connection has limited or no connectivity. You might be unable to access the Internet or some network resources. The connection is limited -Check Local issues • Wireless signal might be weak or might be a disconnected cable • Check IP address configuration • Reboot -External issues • Wireless router rebooted/turned off • Ping your default gateway and external IP
Network adapter properties
-Link speed and duplex • Auto negotiation doesn't always negotiate • Both sides must match -Wake on LAN • Computer sleeps until needed • Useful for late-night software updates
Disk maintenance (Linux tools)
-Linux doesn't require a lot of maintenance • You probably already know this -Clean up log space • All logs are stored in /var/log -File system check • Done automatically every X number of reboots • to Force file system check after reboot, add a file to the root : sudo touch /forcefsck
ls (Linux Command)
-Lists directory contents • Similar to the dir command in Windows -Lists files, directories • May support color coding; Blue is a directory, red is an archive file, etc. -For long output, pipe through more: • > ls -l | more (use q or Ctrl-c to exit)
Applications Tab
-Lists user-interactive applications in use • Apps on the desktop -Administratively control apps • End task, start new task -Combined with the Processes tab in Windows 8/8.1/10
Other considerations
-Load alternate third party drivers when necessary • Disk controller drivers, etc. -Workgroup vs. Domain setup • Home vs. business -Time/date/region/language settings • Where are you? -Driver installation, software and windows updates • Load video drivers, install apps, update the OS -Factory recovery partition • This can help you later
User Accounts Applet
-Local user accounts • Located in Control Panel under "User Accounts" • Domains accounts are stored elsewhere -Creating local account requires account name and type • Can change password • Can change picture • Can associate a certificate information for a particular user
Reconstructing Windows profiles (Troubleshooting Solutions)
-Login to the computer with the user account • The profile will be rebuilt with no files • This will recreate the \Users\name folder -Once the account is created, log out of the user account and login as Domain Administrator • Copy over any important files from the old profile such as documents located under "Desktop" or "My Documents" -Do not copy the entire profile • Corrupted files might exist in the old profile -Logout as Domain Administrator, Log back in with the user account
Slow system performance (Troubleshooting Windows)
-Look in Task Manager • Check for high CPU utilization and I/O • Check Processes Tab for memory usage • Check Performance Tab for spikes -If you think issues may be related to applications and software • Run Windows Updates • To get the latest patches and drivers • To update software and applications -Check Disk space • Check for available hard drive space and defrag (if needed) -Laptops may be using power-saving mode • This throttles the CPU which can cause slowness -Perform Anti-virus and anti-malware • Scan for possible bad guys
nslookup
-Lookup information from DNS servers • Canonical names, IP addresses, cache timers, etc. -Lookup names and IP addresses • Many different options
Scripting characteristic (Scripting)
-Loops • Perform a process over and over • Loop a certain number of times • Loop until something happens -Comments • Annotate the code as its being created • Allows for others to understand what it does
Disk formatting
-Low-level formatting • Done at the factory • Not performed by the user -Standard formatting / Quick format • Sets up the file system, installs a boot sector • Clears the master file table but not the data • Can be recovered with the right software -Standard formatting / Regular format • Overwrites every sector with zeros • Available in Windows Vista and later • Can't recover the data
Apple Mac OS history
-Mac OS • Desktop OS running on Apple hardware -Advantages • Easy to use • Extremely compatible • Relatively fewer security concerns -Disadvantages • Requires Apple hardware • Less industry support than the PC platform • Higher initial hardware cost
Anti-virus/Anti-malware updates for Mac OS
-Mac OS does not include anti-virus • Or anti-malware -Many 3rd-party options are available • From the usual companies • Can be installed into Mac OS -An emerging threat • Still doesn't approach Windows • It's all about the number of desktops -Automate your signature updates • Make sure all new updates are installed to be secured from threats every hour/day
Sync Center
-Make files available, even when you're not online • Automatically syncs when back online • Contains built-in sync conflict management -Not available in Home editions • Needs offline file functionality • Only available in Pro and higher -Mark files "Always available offline" to use this capability
Document changes (Change Management)
-Make sure everyone knows a change has been made • Everyone needs to know -Help desk documentation that needs to be updated such as: • Version numbers, network diagram, new server names -Track changes over time • Cross-reference against help desk tickets -Track before and after statistics • Has it been better or worse?
Local government regulations (Safety Procedures)
-Make sure you are compliant with health and safety laws • These vary widely depending on your location • Keep the workplace hazard-free -Building codes is an example • Need to make sure you are compliant with fire prevention • Need to make sure you are compliant with electrical codes -Follow the environmental regulations to dispose of high-tech waste safely
Password complexity and length
-Make your password strong • No single words • No obvious passwords (What's the name of your dog?) • Mix upper and lower case • Use special characters (don't replace a "o" with a "0", a "t" with a "7") -A strong password is at least 8 characters • Consider a phrase or set of words -Set password expiration, requires change • System will remember its password history which will require a unique password(s)
mkdir
-Makes a directory • Create a folder for file storage -mkdir DIRECTORY • To create a directory called "notes", you use the command "> mkdir notes"
Virus
-Malware that can reproduce itself with your assistance • It needs you to execute a program -Reproduces through file systems or the network • Just running a program can spread a virus -May or may not cause problems • Some viruses are invisible, some are annoying -Anti-virus is very common • Thousands of new viruses every week • Make sure your anti-virus software is updated
Worms
-Malware that self-replicates • Doesn't need you to do anything • Uses the network as a transmission medium • Self-propagates and spreads quickly -Worms are pretty bad things • Can take over many systems very quickly -Firewalls and IDS/IPS can mitigate many worm infestations • Doesn't help much once the worm gets inside • Make sure to keep anti-malware updated
Spyware
-Malware that spies on you • Presents you with advertising • Waits for you to log into a bank account (identity theft) • Captures credit card numbers (affiliate fraud) -Can trick you into installing • Peer to peer software, fake security software -Browser monitoring • Captures surfing habits -Keyloggers • Captures every keystroke (such as username and password) and sends it back to the mothership/creator
Policies and procedures (Mobile Devices)
-Manage company-owned and user-owned mobile devices • BYOD - Bring Your Own Device where you can use your personal device for work -Centralized management of the mobile devices • Specialized functionality/Mobile Device Manager (MDM) -MDM can set policies on apps, data, camera, etc. • Control the remote device • The entire device or a "partition" -Can manage access control • Force screen locks and PINs on these single user devices
TaskList and TaskKill command
-Manage tasks from the command line • No Task Manager required! -tasklist • Displays a list of currently running processes • Local or remote machine -taskkill • Terminate tasks by process id (PID) or image name • TASKKILL /IM notepad.exe - kills the notepad.exe process by image name • TASKKILL /PID 1234 /T - kills the process identifier (PID) by number
System Configuration (msconfig)
-Manages boot processes • Windows startup applications • Windows services -There are 5 tabs in system configuration • General • Boot • Services • Startup • Tools • Located in Control Panel under Administrative Tools • OR type "msconfig.exe" in cmd prompt or in search bar
Disk Management
-Manages disk or volumes in windows • Individual computers and file servers -Computer Management is located in Control Panel under Administrative Tools then Storage and Disk Management -WARNING- Data can be erased and unrecoverable
Internal operating procedures (Documentation Best Practices)
-Many Organizations have different business objectives • Different processes and procedures -Different operational procedures • Different requirements for downtime notifications • Different way of handling facilities issues -Software upgrades • Different ways of testing new version of software • Different ways of rolling out software with change control -Documentation is the key • Everyone can review and understand the policies with centralized documentation
Driver/firmware updates (Linux)
-Many drivers are in the kernel • Updated when the kernel updates -Additional drivers are managed with software updates or at the command line • Update those yourself
System / application log errors (Troubleshooting Security Issues)
-Many errors go undetected • The details are in the log (Event Viewer) -It may take some work to find them • Filter and research -Find security issues • Improper logins • Unexpected application use • Failed login attempts
Data Loss Prevention (DLP) (Logical Security)
-Many organizations deal with sensitive information such as Social Security numbers, credit card numbers, medical records • Security admin wants to limit the type of information is transferred across the network. -Stop the data before the bad guys get it • common to use this software and hardware to monitor what traffic is being transferred across the network and why type of info. is attached inside any emails. • Protects against this type of data "leakage" -So many sources, so many destinations • Often requires multiple solutions in different places
Zero-day vulnerabilities
-March 2017 • CVE-2017-0199 - Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API • The vulnerability would take effect by a user opening a Microsoft Office or WordPad file • SophosLabs documented these attacks since November 2016 (patch was released March 2017) -May 2019 • CVE-2019-0863 - Windows Error Reporting Service • Elevation of privilege vulnerability • Windows Error Reporting interacting with files allowed a standard user with administrator rights and permissions • Access was elevated on compromised systems • Regular accounts were able to run with admin access • Vulnerability has been around for at least 10 yrs. (discovered in the wild) • Considered a Zero-Day Attack
Backups (Linux tools)
-May be built-in to the Linux distribution • Check with the documentation to see which options are available -Graphical interface • Can backup and restore • Can schedule a backup -Command-line options - rsync • A common utility used to sync files between devices -There are many different options • That's the beauty (and challenge) of Linux
MAC address filtering (Securing SOHO Network)
-Media Access Control • The "hardware" address -Can limit access through the physical hardware address • Keeps the neighbors out of the network • Additional administration with visitors -Easy to find working MAC addresses through wireless LAN analysis • MAC addresses can be spoofed by free open-source software -An example of Security through obscurity
MAC filtering (Logical Security)
-Media Access Control • The "hardware" address -Limit access through the physical hardware address • Keeps the neighbors out • Additional administration with visitors -Easy to find MAC addresses through wireless LAN analysis • MAC addresses can be spoofed with open-source software -Refer to as Security through Osbcurity • If the security method is known, it can easily be circumvented
Component Services
-Microsoft COM+ • Component Object Model -Distributed applications • Designed for the enterprise -Manage COM+ apps • Device COM+ Management • Event Viewer • Services -Located in Control Panel under Administrative Tools
mmc.exe
-Microsoft Management Console • Can build your own management framework • Choose from list of available "snap-ins" -Framework used for many built-in management tools - Located under C:\Windows\System32 • Can also open through the cmd line or Run cmd
Security considerations (Remote Access Technologies)
-Microsoft Remote Desktop • An open port tcp/3389 is a big tell • Brute force attack is common -Third-party remote desktops • Often secured with just a username and password • There's a LOT of username/password re-use -Once you're in, you're in • The desktop is all yours • Easy to jump to other systems • Personal information, bank details can be obtained • Make purchases from the user's browser
mstsc.exe
-Microsoft Terminal Services Client • Remote Desktop Connection • Can also open through the cmd line or Run cmd -Access a desktop on another computer • Or connect to a Terminal Server -Common for management on servers without a keyboard or monitor connected to them • "Headless" servers - Located under C:\Windows\System32 • Can also open through the cmd line or Run cmd
Windows on a mobile device
-Microsoft Windows 10 • Fully-featured tablets -Many different manufacturers • Touchscreen computer • Keyboards • Pen stylus -Windows Mobile • No longer in active development • No support after December 2019
4b. Remediate: Scan and remove (Removing Malware)
-Microsoft, Symantec, McAfee • The big anti-virus apps -Malwarebytes Anti-Malware • Malware-specific -Stand-alone removal apps • Check with your anti-virus company -There's really no way to know if it's really gone • End result may be to delete and rebuild to guarantee 100% removal
Firewalls (Mobile Devices)
-Mobile phones don't include a firewall • Most activity is outbound, not inbound -Some mobile firewall apps are available • Mostly for Android • None seem to be widely used -Enterprise environments can control mobile apps • Firewalls can allow or disallow access
Dialup connections
-Modem connection • Standard phone lines -Configuration will require: • Authentication • Phone number -Can connect/disconnect from network status icon
Multi-factor authentication (Logical Security)
-More than one factor of authentication • Something you are (biometric = fingerprint) • Something you have (smartcard or mobile phone) • Something you know (password) • Somewhere you are (GPS check) • Something you do (signature) -Can be expensive when implementing • assigning separate hardware tokens that generates a random number -Inexpensive methods include: • Free smartphone applications • Software-based token generator
Equipment grounding (Safety Procedures)
-Most computer products connect to ground • Divert any electrical faults away from people -This also applies to equipment racks in the data center • Large ground wire -Don't remove the ground connection • It's there to protect you -NEVER connect yourself to an electrical ground • This is not a way to prevent ESD • Never connect yourself to any source with voltage on it
App log errors (Troubleshooting Mobile Apps)
-Most log information is hidden • You'll need developer tools to view it -Contains a wealth of information • If you can decipher it • This might take a bit of research -To view these logs • For iOS, you can use Xcode • For Android, you can use Logcat
ipconfig
-Most of your troubleshooting starts with your IP address • Ping your local router/gateway -Determine TCP/IP and network adapter information • And some additional IP details such as IP address, subnet mask, default gateway -View additional configuration details with typing "ipconfig /all" • Shows details for DNS servers, DHCP server, etc
mv (Linux Command)
-Move a file • used to rename a file -mv SOURCE DEST • to rename first.txt to second.txt, you use the command "> mv first.txt second.txt"
Defragmentation (Troubleshooting Solutions)
-Moves file fragments so they are contiguous • So they can share a common border • Improves read and write time • Only applicable to spinning hard drives -Graphical version located in the drive properties • Type "defrag" at the command line to show options -Already added to the weekly schedule • Control Panel / Administrative Tools / Task Scheduler
Biometric authentication (Mobile Devices)
-Multi-factor authentication • Combining different methods of authentication • Can use a passcode, password, or swipe pattern • Also use a fingerprint, face, or iris -A phone is always with you • And you're a good source of data -We're just figuring this out (Its not perfect) • Biometrics have a long way to go for security • Always use as many factors as necessary
A backup for the DHCP server
-Multiple DHCP servers should be configured for redundancy • So that one is always be one available -If a DHCP server isn't available, Windows uses the Alternate Configuration (Only if DHCP is not available) • The default is APIPA addressing -You can also configure a static IP address
Smart cards (Logical Security)
-Must have physical card to provide digital access • A digital certificate -Can contain multiple factors • A card with PIN or fingerprint
Compliance (Documentation Best Practices)
-Must meet the standards of laws, policies, and regulations -A healthy catalog of rules • Across many aspects of business and life • Many are industry-specific or situational -Penalties can be imposed on organizations that dont follow these laws, such as: • Fines • Loss of employment • Incarceration -Scope of regulations • Some regulations can be specific to a region or a country • Some regulations can be worldwide • Understand the exact scope of the regulations and how they apply to your organization
Directory permissions (Logical Security)
-NTFS permissions • Much more granular than FAT • Owner of a file can lock down access • Prevents accidental modification or deletion • Some information shouldn't be seen -User permissions • Everyone isn't an Administrator • Can assign proper rights and permissions • This may be an involved audits ran by security administrators
netstat
-Network statistics • Utility available on many different operating systems -netstat -a • Shows all active connections -netstat -b • Shows binaries (Windows) that may be sending/receiving information • Requires elevation -netstat -n • Does not resolve DNS names
Backout plan (Change Management)
-Never believe the change will work perfectly and nothing will ever go bad • Prepare for the worse -Always have a way to revert your changes • Prepare for the worst, hope for the best -This isn't as easy as it sounds • Some changes are difficult to revert • Always have a backup plan AND always have backups
Surge suppressor (Environmental Impacts)
-Not all power is "clean" • Self-inflicted power spikes and noise • Storms, power grid changes -Spikes are diverted to ground -Noise filters remove line noise • Decibel (Db) levels at a specified frequency • Higher Db is better
Flavors of traceroute
-Not all traceroutes are the same • Minor differences in the transmitted payload -Windows commonly sends ICMP echo requests • Receives ICMP time exceeded messages • And an ICMP echo reply from the final/destination device • Unfortunately, outgoing ICMP is commonly filtered -Some operating systems allow you to specify the protocol used • Linux, Unix, Mac OS, etc. -IOS devices send UDP datagrams over port 33434 • The port number can be changed with extended options
Privileges
-Not all users can run all commands • Some tasks are for the administrator only -Standard privileges • Run applications as normal user • This works fine for many commands -Administrative/elevated privileges • You must be a member of the Administrators group • Right-click Command Prompt, choose "Run as Administrator" • OR by searching for cmd.exe, then pressing "Ctrl+Shift+Enter" to run as Administrator
Image recovery (Linux tools)
-Not as many options as Windows • But still some good ones available -dd is built-in to Linux • Can convert and copy a file • Can backup and restore a partition • Very powerful -Other 3rd-party utilities can image drives • GNU Parted and Clonezilla are two examples
End-user acceptance (Change Management)
-Nothing will happen without a sign-off • The end users of the application / network need to be aware of a change, possible downtime, and timeframe -One of your jobs is to make them successful • They ultimately decide if a change is worth it to them -Ideally, this is a formality • Of course, they have been involved throughout the entire process • There's constant communication before and after
Update network settings (Troubleshooting Solutions)
-One configuration mismatch can cause significant network slowdowns • Know the speed and duplex configuration between the device and the connected switch • make sure they match on both -Most auto negotiations work fine • Device and Switch will choose the best setting for speed and duplex and confirm they match on both sides • Does not work 100% of the time due to certain chipsets or network configurations -Driver properties may not show the negotiated value of auto negotiation • For that info, look in network details at the command line or filter through the Event Viewer -Device should match the switch • Both sides should be identical • Any mismatches will cause errors or slowdowns across the network
FAT (File Allocation Table)
-One of the first PC-based file systems (circa 1980) -FAT32 - File Allocation Table • Larger (2 terabyte) volume sizes • Maximum file size of 4 gigabytes • Most common file type -exFAT - Extended File Allocation Table • Microsoft flash drive file system • Files can be larger than 4 gigabytes
RADIUS (Remote Authentication Dial-in User Service)
-One of the more common AAA (Authenticaion, Authorization, Accounting) protocols • Supported on a wide variety of platforms and devices • Not just for dial-in -Centralizes authentication for users on a single server • Routers, switches, firewalls communicate and authenticate to the AAA server using the Radius protocol • Server authentication • Remote VPN access • Commonly seen on 802.1X network access -RADIUS services available on almost any server operating system
Communication skills (Communication)
-One of the most useful skills for the troubleshooter -One of the most difficult skills to master -A skilled communicator is incredibly marketable
Protecting against non-compliant systems
-Operating system control to make sure they stay in compliance • Apply policies that will prevent non-compliant software -Monitor the network for application traffic • Next-generation firewalls with application visibility -Perform periodic scans and compliance checks • Login systems can scan for non-compliance • Requires correction before the system is given access • If the scan shows the system is not in compliance, a message can be shown to guide the user on bringing them back into compliance
Rootkits
-Originally a Unix technique • The "root" in rootkit -Modifies core system files • Becomes part of the kernel -Can be invisible to the operating system • Won't see it in Task Manager -Also invisible to traditional anti-virus utilities • If you can't see it, you can't stop it
Sound Applet
-Output options • Multiple sound devices may be available -Set input/output levels for speakers and microphone
Keychain (Mac OS Features)
-Password management • Passwords, notes, certificates, etc. -Integrated into the OS - Keychain Access -Passwords and Secure Notes are encrypted with 3DES • Login password is the key
Password policy (Documentation Best Practices)
-Passwords should be complex, and all passwords should expire • Change every 30 days, 60 days, 90 days -Critical systems might change more frequently • Every 15 days or every week -The recovery process should not be trivial! • Some organizations may have a very formal process
PCI DSS (Privacy, Licensing, and Policies)
-Payment Card Industry Data Security Standard (PCI DSS) • A standard for protecting credit cards -This standard consists of six control objectives • Build and Maintain a Secure Network and Systems • Protect Cardholder Data • Maintain a Vulnerability Management Program • Implement Strong Access Control Measures • Regularly Monitor and Test Networks • Maintain an Information Security Policy
Dictionary attacks
-People use common words as passwords • You can find them in the dictionary -If you're using brute force, you should start with the easy ones • common passwords such as 123456, password, ninja, football -Many common word-lists available on the 'net • Some are customized by language or line of work -This will catch the low-hanging fruit • You'll need some smarter attacks for the smarter people
Licenses (Privacy, Licensing, and Policies)
-Personal license • Designed for the home user • Usually associated with a single device • Or small group of devices owned by the same person • Perpetual (one time) purchase -Enterprise license • Per-seat purchase or a site license • The software may be installed everywhere • Requires annual renewal
Spear phishing
-Phishing with inside information • Targets a more specific group (e.g. AP dept.) • Makes the attack more believable • Spear phishing the CEO is "whaling" -April 2011 - Epsilon was targeted • Less than 3,000 email addresses attacked • 100% of emails targeted operations staff • This attack downloaded anti-virus disabler, keylogger, and remote admin tool for those users who clicked on the link -April 2011 - Oak Ridge National Laboratory • Email was received from the "Human Resources Department" • 530 employees were targeted, 57 people clicked, 2 were infected • This attack downloaded data and infected servers with malware from users who clicked on the link
WARNING (Safety Procedures)
-Power is dangerous -Remove all power sources before working -Never touch ANYTHING if you aren't sure -Replace entire power supply units • Never repair internal components -The devices contain a high voltage • Power supplies, displays, laser printers, etc...
Safe Mode -Win 7 and 8/8.1 (Troubleshooting Solutions)
-Press F8 on boot • Advanced Boot Options -Safe Mode • Only the necessary drivers to get started -Safe Mode with Networking • Includes drivers for network connectivity -Safe Mode with Command Prompt • No Windows Explorer - quick and dirty -Enable low-resolution (VGA Mode) • Recover from bad video driver installations
Spoofing
-Pretends to be something you aren't • A Fake web server or a fake DNS server, etc. -Email address spoofing • The sending address of an email isn't really the sender -Caller ID spoofing • The incoming call information is completely fake -Man-in-the-middle attacks • The person in the middle of the conversation pretends to be both endpoints
USB locks (Physical Security)
-Prevent access to a USB port • Physically place a lock inside of the USB interface -A secondary security option is disabling the interface in BIOS and/or operating system • Not truly inaccessible, there's always a way around security controls -Relatively simple locks • Defense in depth
Port security (Logical Security)
-Prevents unauthorized users from connecting to a switch interface • Alert or disable the port -prevents access based on the source MAC address • Even if its forwarded from elsewhere -Each port has its own config • Unique rules for every interface
Quality of Service (QoS)
-Prioritize network traffic • Applications, VoIP, and Video -Infrastructure must support QoS • Differentiated Services Code Points (DSCP) field in the IP header • IPv4 - Type of Service (ToS) field • IPv6 - Traffic Class octet -Manage through Local Computer Policy or Group policy (C:\Windows\System32 > gpedit.msc) OR run > gpedit.msc • Located under Computer Configuration / Windows Settings / Policy-based QoS
Network locations in Windows 8/8.1/10
-Private • Sharing and connect to devices -Public • No sharing or connectivity -Network and Internet Status • can change connection properties
Windows 7 Minimum Hardware Requirements (x64)
-Processor/CPU - 1 GHz processor -Memory - 2 GB RAM -Free disk space - 20 GB -Video - DirectX 9 graphics device with WDDM* 1.0 or higher driver *Windows Display Driver Model -Win7 64-bit
Rebuild Windows profiles (Troubleshooting Solutions)
-Profiles can become corrupted • The User Profile Service failed the logon. User Profile cannot be loaded. • User documents may be "missing" (temp. profile) -If a profile doesn't exist, it's recreated • We're going to delete the profile and force the rebuilding process -It's not as easy as copying a file • Create registry backups in case modifications are made
Virus types
-Program viruses • It's part of the application -Boot sector viruses • Exists in the boot sector • Virus is executed when the OS starts up • No OS is needed -Script viruses • e.g. Java Script • Operating system and browser-based -Macro viruses • Common in Microsoft Office
Windows (Defender) Firewall Applet
-Protect from attacks • Scans for malicious software • Helps prevent access to resources on the local pc -Integrated into the operating system - Located in Control Panel under Windows (Defender) Firewall
Unable to decrypt email (Troubleshooting Mobile Apps)
-Protects your email with encrypted communication channels -This is built-in to corporate email systems • Microsoft Outlook • Each user has a private key on their mobile device • You can't decrypt without the key -System administrators will use Mobile Device Manager (MDM) to install individual private keys on every mobile device
Troubleshooting Applet
-Some problems can be easily fixed • Have you tried turning it off and on again? -Automate some of the most common fixes • Troubleshooting option are categorized -May require elevated account access to enable/disable hardware and features
Authenticator apps (Mobile Devices)
-Pseudo-random token generators • A useful authentication factor -Use to carry around physical token devices -You're carrying your phone around • And it's pretty powerful which can have the app installed • Don't need to carry around physical hardware
Quick format vs. full format
-Quick format • Creates a new file table • Looks like data is erased, but it's not • No additional checks -Quick format in Windows 7, 8/8.1, and 10 • Use diskpart for a full format within windows 7, 8/8.1/10 -Full format • Writes zeros to the whole disk • Your data is unrecoverable • Checks the disk for bad sectors which is time consuming
Disposal procedures (Environmental Impacts)
-Read your Material Safety Data Sheets (MSDS) to know how/where to dispose of computer equipment • Mandated by United States Department of Labor and/or Occupational Safety and Health Administration (OSHA) • http://www.osha.gov, Index page -This provides information for all hazardous chemicals • Batteries, display devices / CRTs, chemical solvents and cans, toner and ink cartridges -Sometimes abbreviated as Safety Data Sheet (SDS) • Might have a different name depending on what country you are in
Unauthorized location tracking (Troubleshooting Mobile Device Security)
-Real-time tracking information and historical tracking details • This should be as protected as your other data -If any suspicion an app is tracking your location, run an anti-malware scan • Malicious apps can capture many data points -Check apps with an offline app scanner • Get some insight into what's running -Perform a factory reset if tracking is occurring • Restore from a known-good backup
Anti-virus/Anti-malware updates (Linux)
-Relatively few viruses and malware for Linux • Still important to keep updated -ClamAV • Open source antivirus engine -Same best practice as any other OS • Always update signature database • Always provide on-demand scanning
Windows 7 history
-Released October 22, 2009 • Mainstream support ended January 13, 2015 • Extended support until January 14, 2020 -Very similar to Windows Vista • Maintained the look and feel of Vista • Used the same hardware and software • Increased performance over Windows Vista -Updated features • Libraries • HomeGroup • Pinned taskbar
Windows 10 history
-Released on July 29, 2015 • Windows 9 was skipped -A single platform that works on desktops, laptops, tablets, phones, all-in-one devices -Upgrades were free for the first year • From Windows 7 and Windows 8.1 -Microsoft calls Windows 10 a "service" • Periodic updates to the OS • Instead of completely new versions
Software tokens (Logical Security)
-Relies on pseudo-random number generator • Can't guess it • Changes constantly -Can save money • Can be a free smartphone app with no cost associated • No separate hardware needed to assign and/or lose
Remote access
-Remote Assistance • Commonly seen in Home editions • One-time remote access • Single-use password • Chat, diagnostics, NAT traversal -Remote Desktop Connection • Non-Home editions • Ongoing access • Local authentication options • May require port forwarding
Personal safety (Safety Procedures)
-Remove any jewelry and/or name badge neck straps that can cause you to get stuck • Or use breakaway straps -Lifting technique • Lift with your legs, keep your back straight • Don't carry overweight items/devices • Equipment can be available that can help you to lift -Electrical fire safety • Don't use water or foam • Use carbon dioxide, FM-200, or other dry chemicals • Always remove from the power source -Cable management • Avoid trip hazards • Use cable ties or velcro -Safety goggles • Useful when working with chemicals • Useful for printer repair, toner, batteries -Air filter mask • Computer could be dusty • Useful when working with printer toner
rm (Linux Command)
-Remove files or directories • Deletes the files -Does not remove directories by default • Directories must be empty to be removed or must be removed with -r option
Desktop security
-Require a screensaver password • Integrated with login credentials • Can be administratively enforced • Automatically locks after a timeout -Disable autorun • autorun.inf in Vista (No Autorun available in Windows 7, 8/8.1, or 10) • Disabled through the registry -Consider changing AutoPlay • Get the latest security patches (updates to autorun.inf and AutoPlay)
Volume sizes
-Resize a volume • Right-click the volume for options • Can shrink or extend -Can split the hard drive space into 2 volumes • e.g. 120GB into 2 60GB volumes • Can Shrink a volume • Can format unallocated space -Can also create mirrored volumes -Configuration done in Disk Management
Display Applet
-Resolution options • Important for LCD monitor native resolutions -Can configure the color depth and refresh rate • Located in Control Panel > Display > Adjust Resolution > Advanced Settings > Adapter "list all modes" -In Windows 10, it is located in Settings > System > then choose the Display option • Different settings available
Certificate-based authentication (Logical Security)
-Smart card • Private key is on the card -PIV (Personal Identity Verification) card • US Federal Government smart card • Picture and identification information -CAC (Common Access Card) • US Department of Defense smart card • Picture and identification -IEEE 802.1X • Gain access to the network using a certificate • Stored on the device or separate physical device (e.g. USB key)
Phishing
-Social engineering with a touch of spoofing • Often delivered by spam, IM, etc. • Very remarkable when well done -Don't be fooled • Check the URL -Usually there's something not quite right • Mistakes with spelling, fonts, or graphics -Vishing (Voice Phishing) which is done over the phone • Callers might say they are from the IRS and they need money • They dont ask for cash, they ask for gift cards • Fake security checks or bank updates
Windows 7 Enterprise
-Sold only with volume licenses • Designed for very large organizations -Multilingual User Interface packages -Supports the following: • DVD playback • Windows Aero • Internet Connection Sharing • IIS Web Server -Supports all enterprise technologies: • Can join a domain • Bitlocker support • EFS (Encrypting File System) -x86 version supports 4gb RAM -x64 version supports 192gb RAM
su / sudo (Linux Command)
-Some command require elevated rights • There are some things normal users can't do -su command • Become super user (similar to administrator account in windows) • Or change to a different user • By not entering a user after the "su" command, it assumes that you want to be in the shell as the root user • You continue to be that user until you exit -sudo command • Execute a single command as the super user • Or as a different user ID • Only that command executes as the super user • Once command is done executing, it returns to the normal user
4c. Remediate: Scan and remove (Removing Malware)
-Some malware may prevent you from booting up into the normal desktop -Boot into Safe mode • Load the bare minimum operating system • Just enough to get the OS running • Can also prevent the bad stuff from running -Another option is Pre-installation environment (WinPE) • Recovery Console, bootable CD/DVDs/USBs • Build your own from the Windows Assessment and Deployment Kit (ADK) -Removing the malware infection may require the repair of boot records and sectors within WinPE
Force Quit (Mac OS Tools)
-Stop an application from executing • Some applications are badly written -Command-Option-Esc • Lists the application to quit • Select the application to "Force Quit" -Another way to "Force Quit" is to hold the option key when right-clicking the app icon in the dock • Continue holding the "Option" key to view the "Force Quit" option. Letting go of the "Option" key changes it to only "Quit"
System Applet
-System properties • Provides Computer information • Including version and edition -Remote settings can be turned on or off for Remote Assistance and Remote Desktop -System protection • Can enable/disable System Restore • Select drives to allocate additional space for system restore -Performance settings located under Advance System Settings can be set for: • Configuring Virtual Memory • Configuring Visual Effects • Configuring Data Execution Prevention (DEP)
IP address spoofing
-Takes someone else's IP address • Takes the IP address from the actual device to make it seem like the data is coming from the legitimate device • Pretends to be somewhere you are not -Can be for a legitimate reason • Load balancing • Load testing -For illegitimate reasons such as: • ARP poisoning • DNS amplification / DDoS -Easier to identify than MAC address spoofing • Apply rules to prevent invalid traffic, enable switch security • IP addresses are known on the network and if inbound traffic is detected from a location where that IP address should not be then you can suspect IP Spoofing is occurring.
Don't minimize problems (Professionalism)
-Technical issues can be traumatic • Often when money and/or jobs on the line -Even the smallest problems can seem huge • Especially when things aren't working -Be part technician, part counselor • Computers don't have problems • People have problems
Difficult situations (Professionalism)
-Technical problems can be stressful -Don't argue or be defensive • Don't dismiss • Don't contradict -Diffuse a difficult situation with listening and questions • Relationship-building • User might just want to vent (just listen) -Communicate • Even if there's no update -Never take the situation to social media
Telnet (Remote Access Technologies)
-Telnet - Telecommunication Network - tcp/23 -Login to devices remotely • Console access -Unencrypted communication • Not the best choice for production systems
Cable locks (Physical Security)
-Temporary security • Connect your hardware to something solid -Cable works almost anywhere • Useful when mobile -Most devices have a standard connector • contains a reinforced notch -Not designed for long-term protection • Those cables are pretty thin and can be cut
TACACS
-Terminal Access Controller Access-Control System • Remote authentication protocol • Created to control access to dial-up lines to ARPANET -TACACS+ • The latest version of TACACS • More authentication requests and response codes • Released as an open standard in 1993
Device Manager
-The OS doesn't know how to talk directly to most hardware -Device drivers are hardware specific and operating system specific • Windows 7 device drivers may not necessarily work in Windows 10 -Technical Support FAQ starting point • "Have you updated the drivers?" -Complete control of the hardware • Can update, uninstall, or disable drivers • Can scan for hardware changes OR dive into the driver properties -Computer Management or devmgmt.msc
Device Manager Applet
-The OS doesn't know how to talk directly to most hardware • You need drivers -Manage devices • Add, remove, disable -This is the first place to go when hardware isn't working • Instant feedback
regedit.exe
-The Windows Registry • The big huge master database • Hierarchical structure • Use to configure different parts in Windows • Use to configure different applications in Windows -Used by almost everything in Windows • Kernel, Device drivers • Services • Security Account Manager (SAM) • User Interface, Applications -Backup your registry! • Also called a hive • Use "export" to backup the registry • Built into regedit - Located under C:\Windows • Can also open through the cmd line or Run cmd
Windows 10 Pro
-The business version of Windows • Contains additional management features -Remote Desktop host • Remote control each computer -Supports: • Hyper-V • Bitlocker (Full Disk Encryption (FDE)) • Can join a Windows domain (Can be managed by group policy) -Does not support: • AppLocker • BranchCache -Max x86 RAM 4 GB -Max x64 RAM 2048 GB (2 TB)
Finder (Mac OS Features)
-The central OS file manager • Compare with Windows Explorer -File management • Launch, delete, rename, etc. -Integrated access to other devices • File servers • Remote storage • Screen sharing
Linux commands
-The command line - Terminal, XTerm, or similar -Commands are similar in both Linux and Mac OS • Mac OS derived from BSD (Berkeley Software Distribution) Unix • This section is specific to Linux -Download a Live CD or install a virtual machine to see its functions • Many pre-made Linux distributions are available to download and install • Ubuntu can be used in a virtual machine • Use the "man" command for help • Stands for an online manual • If you would like to know more about "grep" enter "> man grep" in the cmd line to learn more about grep.
Remote Disk (Mac OS Features)
-Use an optical drive from another computer • Has become more important over time • Designed for copying files or data transfer • Will not work with audio CDs or video DVDs -Set up sharing in System Preferences • Sharing options • Appears in the Finder
Windows 7 Home Premium
-The consumer edition; contains: • DVD playback • Windows Aero • Internet Connection Sharing • IIS Web Server -Does not support enterprise technologies • Cannot join a domain • No BitLocker support • No EFS (Encrypting File System) support -x86 version supports 4gb RAM -x64 version supports 16gb RAM and 2 processors
Disk partitioning
-The first step when preparing disks • May already be partitioned • Existing partitions may not always be compatible with your new operating system -An MBR-style hard disk can have up to four partitions -GUID partition tables support up to 128 partitions • Requires UEFI BIOS or BIOS-compatibility mode • BIOS-compatibility mode disables UEFI SecureBoot • You'll probably have one partition -BE CAREFUL! • Serious potential for data loss • This is not an everyday occurrence
Brute Force attack
-The password is the key • Secret phrase • Stored hash -Brute force attacks - Online method • Keep trying the login process • Very slow process • Most accounts will lockout after a number of failed attempts • Not very successful -Brute force the hash - Offline method • Obtain the list of users and hashes • Calculate a password hash, compare it to a stored hash • Requires large computational resource requirement
Windows 8/8.1 Pro
-The professional version • Similar to Windows 7 Professional / Ultimate -Full support for BitLocker and EFS • Full-disk and file-level encryption -Can join a Windows Domain • Support for IT management • Group Policy support • Centralized management of Windows devices -Does not support AppLocker or Branchcache -x86 version supports 4gb RAM -x64 version supports 512gb RAM
Security considerations
-There's a reason we are careful when installing applications • Applications have the same rights and permissions as the user • An unknown application can cause significant issues -Impact to device with unknown application • Application upgrade stops working • Slowdowns • Deleted files -Impact to network with unknown application • Access to internal services • Rights and permissions to file shares
Impersonation
-They pretend to be someone they are not • Halloween for the fraudsters -They use details that can be obtained from the dumpster • They can say "You can trust me, I'm with your help desk" -They attack the victim as someone with a higher rank than them • Such as "Office of the Vice President for Scamming" -They throw tons of technical details around • Such as "Catastrophic feedback due to the depolarization of the differential magnetometer" -They try to act like your buddy • How about those Cubs?
Unauthorized camera / microphone use (Troubleshooting Mobile Device Security)
-Third-party apps can capture intimate information • Ethical and legal issues -If any suspicion an app is capturing this info, run an anti-malware scan • Try to identify the source of the breach -Confirm that loaded apps are legitimate • Check with a third-party scanner -Factory reset will allow you to remove malicious software • Completely reset and start from the beginning
Dumpster diving
-This is mobile garbage bin • United States term is "Dumpster" • Similar to a rubbish skip -Important information can be thrown out with the trash -Details that are gathered can be used for different attacks • Can be used to Impersonate names or use phone numbers -Timing is important • Just after end of month or end of quarter • Based on a pickup schedule
Physical destruction
-Through an industrial shredder • Heavy machinery • Complete destruction -Drill / Hammer if destroying hardware on your own • Quick and easy • All the way through the platters -Electromagnetic (degaussing) • Remove the magnetic field • Destroys the drive data and the electronics -Incineration • Hot fire
Scheduled backups for Mac OS
-Time Machine - Included with Mac OS X -Hourly backups for the past 24 hours -Daily backups are done for the past month -Weekly backups - All previous months -Starts deleting oldest information when disk is full
Account lockout and disablement
-Too many bad passwords will cause a lockout • This should be normal for most users • This can cause big issues for service accounts (some orgs. will disable the lockout process for service accounts. OR have a different process to change the password and keep the service account from not logging in) -Disable user accounts • Part of the normal change process • You don't want to delete accounts (at least not initially) • Deleting the account can delete important information.
Account lockout and disablement (Documentation Best Practices)
-Too many bad passwords will cause a lockout • This should be normal for most users • This can cause big issues for service accounts (you do not want this) -Disable accounts for users who leave the organization • Part of the normal change process • You don't want to delete accounts • At least not initially
System lockout (Troubleshooting Mobile Apps)
-Too many incorrect unlock attempts -In iOS: Erases the phone after 10 failed attempts • Will need to restore from itunes/icloud backup • Automatic erase can be disabled. With each failed attempt, delays start to add up (timewise) -Android: Locks or wipes the phone after failed attempts • Uses google login to unlock the phone
Update boot order (Troubleshooting Solutions)
-Trying to boot from a USB drive but it doesn't even try • Boots directly to the primary drive -Check BIOS to determine which physical device will be used during boot • And in which order -Each BIOS is a bit different • But the configuration is in there somewhere -It's an easy one to miss • Usually the first thing to check and change to modify the boot order
A "friendly" DoS
-Unintentional DoSing • It's not always a ne'er-do-well -Network DoS • Layer 2 loop without Spanning Tree Protocol -Bandwidth DoS • Downloading multi-gigabyte Linux distributions over a DSL line -The water line breaks on a higher floor which water would leak from the ceiling into the computer room • This prompts all computer equipment to be turned off and stored away as prevention from further damage
Boot methods
-USB storage • USB drive must be bootable • Computer must support booting from USB drive -CD-ROM and DVD-ROM • A common media -PXE ("Pixie") - Preboot eXecution Environment • Performs a remote network installation • Computer must support booting with PXE -NetBoot • Apple technology to boot Mac OS from the network • Similar concept to PXE boot -If you need to install many types of OS's • Considered using external media that connects via USB • Solid state drives / hard drives • Store many OS installation files -External / hot swappable drive • Some external drives can mount an ISO (DVD-ROM image) which the PC will see as a DVD-ROM drive • Can boot from USB -Installing on the Internal hard drive • Install and boot from separate drive • Create and boot from new partition
Types of installations
-Unattended installation • Answers Windows questions in a file (unattend.xml) • No installation interruptions • No user intervention -In-place upgrade • Maintain existing applications and data -Clean install • Data backup required • Wipe the slate clean and reinstall • Migration tool can help -Image • Deploy a clone on every computer • Quick installation on many computers -Repair installation • Fixes problems with the Windows OS • Does not modify user files • Re-installs the OS • Multiboot • Run two or more operating systems from a single computer -Recovery partition • Creates hidden partition with a copy of Windows installation files • Commonly used with repair installation • Installation media not needed -Refresh / restore • Windows 8/10 feature to clean things up • Requires a recovery partition • No installation media needed
UPS (Environmental Impacts)
-Uninterruptible Power Supply • Provides backup power • Protects against blackouts, brownouts, surges -UPS types • Standby UPS (switches to battery when power is out) • Line-interactive UPS (provides battery power when power dips below required levels) • On-line UPS (Always on, no switching between power and batteries) -Also contain additional features • Auto shutdown, battery capacity, outlets, phone line suppression
UPS (Disaster Recovery)
-Uninterruptible Power Supply • Short-term backup power • Protects you from blackouts, brownouts, surges, spikes, etc... -UPS types • Offline/Standby UPS watches the voltage from the main power. If not power, it switch from offline/standby to online. Online provides the power from the UPS • Line-interactive UPS slowly provides more power if the main power experiences a brownout. • On-line/Double-conversion UPS runs in many data centers. UPS is always running from the battery. There is no switching over if main power is lost. The Main power charges the batteries, batteries power the device. No delay with power switching. -UPS features on different models • Auto shutdown • Battery capacity • Outlets • Phone line suppression
Email filtering (Logical Security)
-Unsolicited email • Stop it at the gateway before it reaches the user • Can be On-site or cloud-based -Scan and block malicious software • can identify executables or known vulnerabilities • Phishing attempts • Other unwanted content
Upgrading to Windows 10
-Upgrade from the Windows 10 installation media • Downloadable versions are available from Microsoft • Includes a media creation tool -You cannot upgrade x86 to x64 OR x64 to x86 • Applies to all Windows versions • You'll have to migrate instead
Why upgrade?
-Upgrade vs. Install • Upgrade - Keep files in place • Install - Start over completely fresh -Upgrading allows you to maintain consistency • Upgrades save hours of time • Can keep customized configurations and multiple local user accounts on the PC • Avoids application reinstallations • Keeps user data intact • Get up and running quickly • Seamless and fast • Run from the DVD-ROM or USB flash
Command line troubleshooting
-Use "help" if you're not sure • > help dir • > help chkdsk -Also use: • [command] /? -Close the prompt with exit -Useful when additional information is needed for a certain command
Restricting user permissions
-User permissions • Everyone isn't an Administrator • Assign proper rights and permissions • This may be an involved audit -Assign rights based on groups • More difficult to manage per-user rights • Becomes more useful as you grow -Set login time restrictions • Only login during working hours • Restrict after-hours activities
Local users and groups
-Users • Administrator - the Windows super-user • Guest -Limited access • Most users are "Regular" Users -Groups • Administrators, Users, Backup Operators, Power Users, etc. • Users can be added to groups • Permissions are easier to manager by groups instead of individual user access.
Tailgating
-Uses someone else to gain access to a building • Not by accident -Johnny Long book in "No Tech Hacking" explains how to tailgate in these environments • By blending in with clothing • A 3rd-party with a legitimate reason • Temporarily take up smoking and makes friends with people who then can be followed back into the building • Or be someone who brings boxes of doughnuts where people might help you enter even if you don't have an access card -Once inside, there's little to stop you • Most security stops at the border
Power level controls (Securing SOHO Network)
-Usually a wireless configuration • Set it as low as you can -How low is low? • This might require some additional study -Consider the receiver • High-gain antennas can hear a lot • Location, location, location
Microsoft Visual Basic Scripting Edition (Scripting)
-VBScript • Contains ".vbs" file extension -General purpose scripting in Windows • Can manage back-end web server scripting • Can run scripts on the Windows desktop • Most common types of scripting are found inside of Microsoft Office applications
File management
-dir • Lists files and directories in cmd prompt -cd • Change working directory in cmd prompt • Include the backslash (\) to specify volume or folder name -.. • Two dots/periods in cmd prompt (e.g. cd..) takes you back up one folder level
Scripting data types (Scripting)
-Variables are associated with the data type depending on the information that is being stored -String data types • Variable "name" can store the string/text information "Professor Messer" • name="Professor Messer" -Integer data types • Contains whole numbers (not fractions or decimals) • 42 can be stored as an integer data type with the variable x • x=42 • Can perform mathematical calculations that can be used in the script -Floating point data types • Contains numbers with decimal points • The variable pi is a floating point data type that contains the number 3.14
Scheduled disk maintenance (Linux)
-Very little disk maintenance required • As long as there is space and resources -can perform file system check • File systems can't be mounted • Done automatically every X number of reboots • If system does not reboot often, force after reboot by adding a file to the root : sudo touch /forcefsck -Clean up log space commonly kept in /var/log
Windows Recovery Environment
-Very powerful front-end that gives you access to the OS -Also very dangerous way to start manipulating the OS • Last resort -Does give you complete control of the OS • Fix your problems before the system starts • Can remove malicious software -Requires additional information • Use, copy, rename, or replace operating system files and folders • Enable or disable services or devices at startup • Can repair the file system boot sector or the master boot record (MBR)
Windows 10 Education and Enterprise
-Very similar features in both • Minor features differences • Both are managed by using Windows Volume licensing -Granular User Experience (UX) control • an administrator can define the user environment • Useful for kiosk and workstation customization -Supports: • Hyper-V • Bitlocker • Can join a domain • AppLocker (an administrator can control what applications can run) • BranchCache (remote site file caching) -Max x86 RAM 4 GB -Max x64 RAM 2048 GB (2 TB)
Windows Media Center
-Video, music, and television portal • Perfect for watching at home • Can record shows from a TV tuner • Can Play music and watch DVDs -The center of your home entertainment center • Cable companies and other technologies were strong competition -Discontinued by Microsoft • Not officially available in Windows 10
Notepad
-View and edit text files • You'll use a lot of text files -Included with almost any version of Windows
VPN Concentrator (Logical Security)
-Virtual Private Network • can encrypt (private) data traversing a public network -Concentrator (a hardware device) • designed to Encrypt/decrypt access from any device at a remote location -Many deployment options • Specialized cryptographic hardware • Software-based options available -Used with 3rd party client software or sometimes built into the OS
vi (Linux Command)
-Visual mode editor • Full screen editing with copy, paste, and more -vi FILE • "> vi script.sh" starts the editor for the file script.sh -To insert text • Enter "i" and then <text> • Exit insert mode with Esc -Save (write) the file and quit vi • ":wq" command
WPA2 and CCMP
-WPA2 certification began in 2004 • AES (Advanced Encryption Standard) replaced RC4 • CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) replaced TKIP -CCMP block cipher mode • Uses AES for data confidentiality • 128-bit key and a 128-bit block size • Requires additional computing resources -CCMP security services • Data confidentiality (AES), includes authentication, and access control
Strong passwords (Logical Security)
-Weak passwords can be difficult to protect against • Interactive brute force • Hashed passwords can be brute forced offline -Passwords need to have some complexity and refreshed constantly • This reduces the chance of a brute force • Reduce the scope if a password is found -Annual password analysis from SplashData examines leaked password files. Pretty much what you'd expect on commonly used passwords: • #1: 123456 • #2: password • #3: 12345 • #4: 12345678 • #5: qwerty
Plan for change (Change Management)
-What does it take to make the change? • Provide detailed information • Describes the technical process to other technical people -Others can help identify unforeseen risk • Gives a complete picture -Scheduling the change • Time of day, day of week • Also includes completion timeframes
dd (Linux Command)
-Will convert and copy a file • Also backups and restores an entire partition • > dd if=<source file name> of=<target file name> [Options] -Creating a disk image • > dd if=/dev/sda of=/tmp/sda-image.img -Restoring from an image • > dd if=/tmp/sda-image.img of=/dev/sda
Acceptable use policies (AUP) (Documentation Best Practices)
-What is acceptable use of company assets? • Detailed documentation such as employee handbook • May also be documented in the employee "Rules of Behavior" -This covers many topics such as: • Company Internet usage • How telephones, computers, mobile devices, etc. are used. -Used by an organization to limit legal liability • If someone is dismissed, these are the well-documented reasons why
Performance Tab
-What's happening? • Can view CPU, memory, etc. -Statistical views • Historical, real-time -Newer versions include CPU, memory, disk, Bluetooth, and network in the Performance tab
Power drain (Troubleshooting Mobile Device Security)
-When power drains faster than normal might be a security issue • Heavy application usage • Increased network activity than normal • High resource utilization than normal • Its a Denial of Service (DoS) -Check the application before installation • Use an App scanner to verify if its legitimate (e.g. Zscaler Application Profiler) • Force stop that running app if its acting unusual -Some mobile devices allow you to run anti-malware • This checks for malicious activity -Perform a clean install if you are unsure • Perform a factory reset and reinstall the apps
Ransomware
-Where the bad guys want your money • They'll take (lock) your computer in the meantime -May be a fake ransom such as: • your computer is locked "by the police" -The ransom may be avoided by a security professional who may be able to remove these kinds of malware
Using WPS (Securing SOHO Network)
-Wi-Fi Protected Setup • Originally called Wi-Fi Simple Config -The goal was to allow "easy" setup of a mobile device • A passphrase can be complicated to a novice -Different ways to connect • PIN configured on access point must be entered on the mobile device • Push a button on the access point • Near-field communication - Bring the mobile device close to the access point • USB method - no longer used
msinfo32.exe
-Windows System Information • A wealth of knowledge -Shows information on Hardware Resources • Memory, DMA, IRQs, conflicts -Shows information on Components • Multimedia, display, input, network -Shows information on the Software Environment • Drivers, print jobs, running tasks - Located under C:\Windows\System32 • Can also open through the cmd line or Run cmd
Update and patch (Troubleshooting Solutions)
-Windows Update • A centralized OS and driver updates -Lots of flexibility on updating Windows • Change the active hours • Manage metered connections where it doesnt download over slow connections -Applications must be patched • Security issues don't stop at the OS • Download from the publisher or within the application
System Restore
-Windows creates frequent restore points • Goes back-in-time to correct problems • Creates restore points after a windows update or after installing new software -Start by pressing F8 - Advanced Boot Options - Repair -In Windows 7/8/8.1/10 it is located in Control Panel under Recovery -Doesn't guarantee recovery from viruses and spyware/malware • All restore points might be infected
Reimage or reload OS (Troubleshooting Solutions)
-Windows is big • And complex -You can spend time trying to find the needle • Or simply build a new haystack -Many organizations have pre-built images • Where you don't have to waste time researching issues • Much faster to re-image than trying to find the root cause of an issue • Windows 8/8.1 and 10 includes a reset option if no pre-built images are available (home computers) • Located at Settings > Update & Security > Recovery
net command
-Windows network commands -Views network resources • net view \\<servername> • net view /workgroup:<workgroupname> -Map a network share to a drive letter • net use h: \\<servername>\<sharename> -View user account information and reset passwords • net user <username> • net user <username> * /domain
Active Directory
-Windows networks can be centrally managed • Active Directory Domain Services (AD DS) -Can create and delete accounts • Add users to the domain • Remove user accounts -Can reset passwords and unlock accounts -Can disable accounts • Off-boarding or security processes
Mobile device disposal (Safety Procedures)
-Wipe your data, if possible • This isn't always an option due to a broken screen -Manufacturer or phone service provider may have a recycling program or an upgrade program -Dispose at a local hazardous waste facility • Do not throw in the trash
MSDS info (Environmental Impacts)
-You'll get the product name and company information -Will help you understand the composition / ingredients inside of the product -Provides a breakdown of the hazard information if it comes in contact with a human -First aid measures -Fire-fighting measures -Provides information if accidental release / leaking occurs with the product -Provides information on handling and Storage -And much more
MAC spoofing
-Your Ethernet device has a MAC address • A unique burned-in address • Most drivers allow you to change this address -Changing the MAC address can be legitimate • Internet provider expects a certain MAC address • Certain applications require a particular MAC address -If changing the MAC address for illegitimate reasons • To circumvent MAC-based ACLs • Fake-out a wireless address filter -This is very difficult to detect • How would you know it's not the original device?
Desktop styles
-Your computer has many different uses • Those change depending on where you are -Work styles • Standard desktop • Common user interface • Customization is very limited • You can work at any computer due to Active Directory -Home • Complete flexibility; No restrictions • Can change background photos, colors, UI sizing.
Enabling and disabling Windows Firewall
-Your firewall should always be enabled • Sometimes you need to troubleshoot -Can be temporarily disabled from the main screen • Turn Windows Firewall on or off • Requires elevated permissions -Different settings for each network type • Can customize Public / Private profile
Keyloggers
-Your keystrokes contain valuable information • Web site login URLs, passwords, email messages -Saves all of your input • Sends it to the bad guys -Circumvents encryption protections • Your keystrokes are in the clear -Other data logging • Clipboard logging, screen logging, instant messaging, search engine queries
The Windows command line
-cmd • The "other" Windows • Can start utilities from the cmd line • Many options available under the hood • Faster to do tasks on the cmd line compared to GUI
iwconfig / ifconfig (Linux Command)
-iwconfig • Views or changes wireless network configuration • Shows essid, frequency/channel, mode, rate, etc. • Requires some knowledge of the wireless network • "iwconfig eth0 essid studio-wireless" is an example on how to change the SSID of the WiFi adapter -ifconfig • Shows or configures a network interface and IP configuration, Subnet masking, etc. • "ifconfig eth0" is the command to show network information -Slowly being replaced by ip (ip address)
pwd vs. passwd (Linux Command)
-pwd • Print Working Directory • Displays the current working directory path • Useful when changing directories often -passwd • Change a user account password • Yours or another • "passwd" to change your own password • "passwd [username]" to change password for a specific user
cd (Linux Command)
-used to change current directory • Nearly identical to Windows command line • Uses forward slashes instead of backward -cd <directory> • To change directories to the "/var/log" directory, you enter "> cd /var/log" at the cmd prompt
Loopback address
127.0.0.1
Windows 7 Minimum Hardware Requirements (x86)
Processor/CPU - 1 GHz processor Memory - 1 GB RAM Free disk space - 16 GB Video - DirectX 9 graphics device with WDDM* 1.0 or higher driver *Windows Display Driver Model -Win7 32-bit
Windows 10 Minimum Hardware Requirements (x86)
Processor/CPU - 1 GHz processor with support for PAE, NX, and SSE2 Memory - 1 GB RAM Free disk space - 16 GB Video - Microsoft DirectX 9 graphics device with WDDM* driver *Windows Display Driver Model -Win10 32-bit
Windows 8/8.1 Minimum Hardware Requirements (x86)
Processor/CPU - 1 GHz processor with support for PAE, NX, and SSE2 Memory - 1 GB RAM Free disk space - 16 GB Video - Microsoft DirectX 9 graphics device with WDDM* driver *Windows Display Driver Model -Win8/8.1 32-bit
Windows 10 Minimum Hardware Requirements (x64)
Processor/CPU - 1 GHz processor with support for PAE, NX, and SSE2 Memory - 2 GB RAM Free disk space - 20 GB Video - Microsoft DirectX 9 graphics device with WDDM* driver *Windows Display Driver Model -Win10 64-bit
Windows 8/8.1 Minimum Hardware Requirements (x64)
Processor/CPU - 1 GHz processor with support for PAE, NX, and SSE2 Memory - 2 GB RAM Free disk space - 20 GB Video - Microsoft DirectX 9 graphics device with WDDM* driver *Windows Display Driver Model -Win8/8.1 64-bit
ctrl + shift + enter
To run as admin, search for the application and enter this key command
Regulatory (Documentation Best Practices)
Types of regulating bodies: -Sarbanes-Oxley Act (SOX) • The Public Company Accounting Reform and Investor Protection Act of 2002 -The Health Insurance Portability and Accountability Act (HIPAA) • Extensive healthcare standards for storage, use, and transmission of health care information -The Gramm-Leach-Bliley Act of 1999 (GLBA) • Disclosure of privacy information from financial institutions
Windows 10 Editions
Windows 10 Home Windows 10 Pro Windows 10 Education Windows 10 Enterprise
shutdown /a
cancels the pc shutdown from the cmd prompt
copy /y
copy command that suppresses the prompt to confirm if you want to overwrite an existing destination file
copy /v
copy command that verifies that new files are written correctly
format c:
formats a disk for use with Windows from the cmd prompt; Potentially data loss if it has any
tasklist
displays a list of currently running processes from the cmd prompt
chkdsk /f
fixes logical file system errors on the disk from the cmd prompt
taskkill /PID #### /T
kills the Process ID by number and any child processes which were started by it from the cmd prompt
taskkill /im application
kills the process by image name from the cmd prompt
chkdsk /r
locates bad sectors and recovers readable information from the cmd prompt; also implies /f
shutdown /r
shuts down and restarts a pc from the cmd prompt
taskkill
to terminate a tasks by process id (PID) or image name from the cmd prompt
Joining a domain
• Cannot be a Windows Home edition • Needs to be Pro or better • managed in Control Panel / System • Need proper rights to add the computer to the domain
xcopy command
• Copies files and directory trees • xcopy /s Documents m:\backups -- Copies directories and subdirectories except empty ones in the documents folders to drive "M:\backups" folder
WPA (Wi-Fi Protected Access)
• Created in 2002: WPA was the replacement for serious cryptographic weaknesses in WEP (Wired Equivalent Privacy) • Don't use WEP on any wireless networks -WPA was a short-term bridge between itself and whatever would be the successor • This encryption could run on existing hardware and provide a level of security above the capabilities of WEP • WPA: RC4 with TKIP (Temporal Key Integrity Protocol) • Contained a larger Initialization Vector (IV) than WEP and added an encrypted hash • Every packet would get a unique 128-bit encryption key for security
Upgrading from Windows 8.1
• Keeps Windows settings, personal files, and applications • Must upgrade to a similar Edition • You cannot upgrade directly from Windows 8 to Windows 10
Upgrading from Windows 7
• Keeps Windows settings, personal files, and applications • Must upgrade to a similar Edition
MBR partition style
• MBR (Master Boot Record) • The old standby, with all of the old limitations -Primary partition • Bootable partitions • Maximum of four primary partitions per hard disk • One of the primary partitions can be marked as Active -Extended partition • Used for extending the maximum number of partitions • One extended partition per hard disk (optional) • Contains additional logical partitions • Logical partitions inside an extended partition are not bootable
Power options Applet
• Power plans • Power usage can be customized -Sleep (standby) Option • Open apps are stored in memory • Save power, startup quickly • Switches to hibernate if power is low -Hibernate Option • Open docs and apps are saved to disk, allows system to shutdown completely • Common on laptops
Programs and Features Applet
• Shows Installed applications • Can Uninstall applications, view size and version -Can also enable/dislable Windows features that were/were not installed by default
ping
• Test reachability of a device • Can determine round-trip time • Uses Internet Control Message Protocol (ICMP) -One of your primary troubleshooting tools • Can you reach the host? -Written by Mike Muuss in 1983 • Named similar to the sound made by sonar • Not an acronym for Packet INternet Groper
cp (Linux Command)
• Used to make a copy a file • Duplicate files or directories • cp SOURCE DEST • to create a copy of first.txt and name it second.txt, you use the command "> cp first.txt second.txt"