CompTIA A+ 1102 Notes - my writeups, code, etc

#CompTIA #Certifications [Jason Dion Udemy](https://www.udemy.com/course/comptia-a-core-2/learn/lecture/33273724?start=0#overview) [Professor Messer](https://www.youtube.com/playlist?list=PLG49S3nxzAnna96gzhJrzkii4hH_mgW4b) [Official Cert Guide](https://officialcomptiastudyguides.webreader.io/#!/reader/471c5fdf-a27c-4fec-bdac-ee55bf006e2e/page/59a66129-ffa3-41fa-b829-31cddfc1018a) [Objectives](https://partners.comptia.org/docs/default-source/resources/comptia-a-220-1102-exam-objectives-(3-0)) ### CompTIA A+ 1102 Test Breakdown | Domains | Topic | Percentage | | ------- | ------------------------ | ---------- | | 1 | Operating Systems | 31% | | 2 | Security | 25% | | 3 | Software Troubleshooting | 22% | | 4 | Operational Procedures | 22% | - 700 (on a scale of 900) -> 78% - Maximum of 90 questions per exam # Table of Contents: (Jason Dion) --- 1. [[CompTIA A+ 1102 Notes#Section 2 Operating System Types (OBJ 1.8)|Section 2: Operating Systems (OBJ 1.8)]] 2. [[CompTIA A+ 1102 Notes#Section 3 Windows Versions (OBJ 1.1 and 1.7)|Section 3: Windows Versions (OBJ 1.1 and 1.7)]] 3. [[CompTIA A+ 1102 Notes#Section 4 Windows Installation (OBJ 1.9)|Section 4: Windows Installation (OBJ 1.9)]] 4. [[CompTIA A+ 1102 Notes#Section 5 Application Configuration (OBJ 1.7)|Section 5: Application Configuration (OBJ 1.7)]] 5. [[CompTIA A+ 1102 Notes#Section 6 Windows Networking (OBJ 1.6)|Section 6: Windows Networking (OBJ 1.6)]] 6. [[CompTIA A+ 1102 Notes#Section 7 Windows Control Panel (1.4)|Section 7: Windows Control Panel (OBJ 1.4)]] 7. [[CompTIA A+ 1102 Notes#Section 8 Windows Settings (OBJ 1.5)|Section 8: Windows Settings (OBJ 1.5)]] 8. [[CompTIA A+ 1102 Notes#Section 9 Windows Tools (OBJ 1.3)|Section 9: Windows Tools (OB 1.3)]] 9. [[CompTIA A+ 1102 Notes#Section 10 Windows Command Line Tools (OBJ 1.2)|Section 10: Windows Command Line Tools (OBJ 1.2)]] 10. [[CompTIA A+ 1102 Notes#Section 11 Windows Shares (OBJ 1.2, 1.6 and 2.5)|Section 11: Windows Shares (OBJ 1.2, 1.6 & 2.5)]] 11. [[CompTIA A+ 1102 Notes#Section 12 macOS (OBJ 1.10)|Section 12: macOS (OBJ 1.10)]] 12. [[CompTIA A+ 1102 Notes#Section 13 Linux (OBJ 1.11)|Section 13: Linux (OBJ 1.11)]] 13. [[CompTIA A+ 1102 Notes#Section 14 Threats and Vulnerabilities (OBJ 2.4)|Section 14: Threats and Vulnerabilities (OBJ 2.4)]] 14. [[CompTIA A+ 1102 Notes#Section 15 Malware (OBJ 2.3)|Section 15: Malware (OBJ 2.3)]] 15. [[CompTIA A+ 1102 Notes#Section 16 Social Engineering (OBJ 2.3 and 2.4)|Section 16: Social Engineering (OBJ 2.3 and 2.4)]] 16. [[CompTIA A+ 1102 Notes#Section 17 Security Controls (OBJ 2.1)|Section 17: Security Controls (OBJ 2.1)]] 17. [[CompTIA A+ 1102 Notes#Section 18 Wireless Security (OBJ 2.2 and 2.9)|Section 18: Wireless Security (OBJ 2.2 and 2.9)]] 18. [[CompTIA A+ 1102 Notes#Section 19 Mobile Device Security (OBJ 2.7)|Section 19: Mobile Device Security (OBJ 2.7)]] 19. [[CompTIA A+ 1102 Notes#Section 20 Windows Security (OBJ 2.5)|Section 20: Windows Security (OBJ 2.5)]] 20. [[CompTIA A+ 1102 Notes#Section 21 Securing Workstations (OBJ 2.6 and 2.8)|Section 21: Securing Workstations (OBJ 2.6 and 2.8)]] # Table of Contents: (Professor Messer) --- 1. [[CompTIA A+ 1102 Notes#Operating Systems Overview (1.8)|Operating Systems Overview(1.8)]] 2. [[CompTIA A+ 1102 Notes#An Overview of Windows (1.1)|An Overview of Windows(1.1)]] 3. [[CompTIA A+ 1102 Notes#Windows Features (1.1)|Windows Features (1.1)]] 4. [[CompTIA A+ 1102 Notes#Windows Upgrades (1.1)|Windows Upgrades (1.1)]] 5. [[CompTIA A+ 1102 Notes#Installing Operating Systems (1.9)|Installing Operating Systems (1.9)]] 6. [[CompTIA A+ 1102 Notes#Upgrading Widows (1.9)|Upgrading Windows (1.9)]] 7. [[CompTIA A+ 1102 Notes#Installing Applications (1.7)|Installing Applications (1.7)]] 8. [[CompTIA A+ 1102 Notes#Windows Network Technologies (1.6)|Windows Network Technologies (1.6)]] 9. [[CompTIA A+ 1102 Notes#Configuring Windows Firewall (1.6)|Configuring Windows Firewall (1.6)]] 10. [[CompTIA A+ 1102 Notes#Windows IP Address Configuration (1.6)|Windows IP Address Configuration (1.6)]] 11. [[CompTIA A+ 1102 Notes#Windows Network Connections (1.6)|Windows Network Connections (1.6)]] 12. [[CompTIA A+ 1102 Notes#The Windows Control Panel (1.4)|The Windows Control Panel (1.4)]] 13. [[CompTIA A+ 1102 Notes#Windows Settings (1.5)|Windows Settings (1.5)]] 14. [[CompTIA A+ 1102 Notes#Task Manager (1.3)|Task Manager (1.3)]] 15. [[CompTIA A+ 1102 Notes#Microsoft Management Console (1.3)|Microsoft Management Console (1.3)]] 16. [[CompTIA A+ 1102 Notes#Additional Windows Tools (1.3)|Additional Windows Tools (1.3)]] 17. [[CompTIA A+ 1102 Notes#Windows Command Line Tools (1.2)|Windows Command Line Tools (OBJ 1.2)]] 18. [[CompTIA A+ 1102 Notes#The Windows Network Command Line (1.2)|The Windows Network Command Line (OBJ 1.2)]] 19. [[CompTIA A+ 1102 Notes#macOS Overview (1.10)|macOS Overview (1.10)]] 20. [[CompTIA A+ 1102 Notes#macOS System Preferences (1.10)|macOS System Preferences (1.10)]] 21. [[CompTIA A+ 1102 Notes#macOS Features (1.10)|macOS Features (1.10)]] 22. [[CompTIA A+ 1102 Notes#Linux Commands (1.11)|Linux Commands (1.10)]] 23. [[CompTIA A+ 1102 Notes#Linux Features (1.11)|Linux Features (1.11)]] # Table of Contents (Official Cert Guide) --- 1. [[CompTIA A+ 1102 Notes#Lesson 1 Configuring Windows|Configuring Windows]] # Jason Dion: ## Section 2: Operating System Types (OBJ 1.8) --- **4. Operating System Types** - [[Operating System (OS)]] - Can be categorized as [[Open Source]] or [[Proprietary System]] - [[Open Source Operating System]] - [[Proprietary (Closed-Source OS)]] - New version of an OS is usually released as a public beta program - OS support for a designated period of time - When a manufacturer support ends, the system is now considered [[End of Life (EOL)]] **5. Windows** - [[Windows]] - Need to be aware of three versions - Most modern one is Windows 11 - Next is Windows 10 - And the oldest one that we're going to support is Windows 8.1 - Also has a server based version called [[Windows Server]] - [[Server|Servers]] get about 10 years of support - Workstations only get 5 years of support **6. Linux** - [[Linux]] has hundreds of different distributions - Tend to be built around three main types of systems inside of Linux - [[Red Hat]] - [[Debian]] - [[SUSE]] - Two different formats for lifecycle support: - [[Standard Release Model]] - [[Rolling Release Model]] - Commonly used in [[Embedded Devices]]/[[Embedded System]] or small form factor devices - 80% of the servers on the Internet use Linux **7. Android** - [[Android]] - Two main operating systems out there on [[Smartphones]]/[[Tablets]] - Android and [[iOS]] - Android is used on every smartphone that is not an [[Apple]] product - Has about 72% of the market share when it comes to operating devices - First version came out in Sept 2008 - Versions are named after dessert foods - Snow Cone, Red Velvet Cake, etc. - Android 13 will be call Tiramisu - Uses a shorter life cycle than desktop or server environments - [[Mobile Device|Mobile]] [[Operating System (OS)|operating systems]] only last around two to three years before needing updates - Most mobile devices only have 3-5 years of backward support - Each manufacturer can make their own version of Android **8. Chrome OS** - [[ChromeOS]] - [[Proprietary (Closed-Source OS)]] created by [[Google]] - Designed to run on specific hardware - Stripped down [[Operating System (OS)]] - Primarily uses web applications and supports [[Android]] apps **9. macOS** - [[macOS (OSX)]] - Desktop [[Operating System (OS)]] that only operates on [[Apple]] devices - [[iMac]], [[Mac]] desktops and [[MacBook|MacBooks]] - Considered a [[Proprietary (Closed-Source OS)]] **10. iOS and iPadOS** - [[iOS]] - [[iPadOS]] - Both share a lot of the same code underneath them - Both are developed by [[Apple]] - Both are a [[Proprietary (Closed-Source OS)|proprietary]] code base - iPadOS supports multitasking of applications **11. Operating Systems** - Big difference between Windows 10 and 11 are the locations of different pieces and parts on the graphical user interface - Mainly just an overview of different operating systems **12. Filesystem Types** - [[File System]] - Has to be created before you can install an [[Operating System (OS)]] or storage device - When picking a file system, have to think about what operating system you're going to be using to read and write to said device - [[Windows]] uses [[New Technology Filesystem (NTFS)]], [[File Allocation Table 32 (FAT32)]] or [[Extensible File Allocation Table (exFAT)]] - [[Linux]] uses [[Extended File Type System]] ([[ext3]] and [[ext4]]) or [[Extensible File Allocation Table (exFAT)]] - [[macOS (OSX)]] uses the [[Apple File System (APFS)]] - Windows -> NTFS - Linux -> ext4 - macOS -> APFS - External device that's going to be going between all three operating systems, use exFAT **13. Compatibility Concerns** - [[Hardware Compatibility]] - [[Software Compatibility]] - [[Network Compatibility]] - The ability of end users to use different [[Operating System (OS)|operating systems]] - A traditional user may be used to work with just one or two operating systems - Train users to understand how to use your operating system ## Section 3: Windows Versions (OBJ 1.1 and 1.7) --- **15. 64-bit vs 32-bit Versions** - [[Windows]] 11 - [[64-bit]] version - [[Windows]] 10 - [[32-bit]] or 64-bit version - Each piece of hardware will be 32-bit of 64-bit based on the processor type being used - Choose the version of the operating system that will align with your processor (x86 vs x64) - Have a minimum of 4 GB of [[Random Access Memory (RAM)]] to run Windows efficiently - Also determines how much memory you can access - Check if your processor can support 32-bit or 64-bit operations **16. Windows Home** - [[Windows Home]] - Lacks a lot of business features and to get these features, upgrade to [[Windows Pro]] or [[Windows Enterprise]] - Lacked support for these features: - Storage device encryption ([[BitLocker]]) - Support for [[Windows Information Protection (WIP)]] - Business Management Features - [[Mobile Device Management (MDM)]], Support for connecting to domains or support for [[Active Directory (AD)]] - Two variants of licensing Windows - [[OEM]] - [[Retail]] - You can upgrade from Windows 10 to Windows 11 using the same edition **17. Windows Pro** - [[Windows Pro]] - Three different licensing options - [[OEM]] - [[Retail]] - [[Volume]] **18. Windows Enterprise and Education** - [[Windows Enterprise]] - [[Windows Education]] - Was to provide an [[Operating System (OS)]] to schools, colleges, and universities for use in their classroom environments **19. Upgrading Windows** - Lots of different ways to upgrade [[Windows]] - Most common is known as an [[In-Place Upgrade]] - Another way is to perform a [[Full Upgrade]] - [[Data Only Upgrade]] - [[Clean Install]] - [[Edition Upgrade]] - [[Version Upgrade]] - Verify the system meets the minimum requirements for the new [[Operating System (OS)]] - Hard to downgrade to a lower level ## Section 4: Windows Installation (OBJ 1.9) --- #### 21. Windows Installation - In order to install on [[Operating System (OS)]], you need to ensure that your system meets the minimum hardware requirements for that specific version of the operating system - Prepare the storage device by partitioning and formatting - Configure your BIOS or UEFI to boot from the proper installation media source - Perform attended or unattended installation path #### 22. Installation Types - Broken up into four different categories and subcategories: - [[Clean Installation]] - [[In-Place Upgrade]] - OR - [[Attended Installation]] - [[Unattended Installation]] - Either one of the first two and one of the second two #### 23. Upgrade Considerations - Look at the system requirements - Many different things to consider when doing an upgrade: - [[Hardware Compatibility]] - [[Application Support]] - [[Backup files and User Preferences]] - [[Third-Party Drivers]] #### 24. Product Lifecycle - When it comes to Windows, there are two different types of support that are going to be there: - [[Mainstream Support]] - [[Extended Support]] - Once a product reaches [[End of Life (EOL)]], it will no longer be supported - Will now be considered a [[Legacy System]] - Windows 10 and 11 get mainstream support for at least five years - Feature updates usually occur every 6 to 12 months - Not going to change the requirements for that operating system #### 25. Boot Methods - Configure your BIOS or UEFI to have the proper boot order - If booting from a [[Universal Serial Bus (USB)]] drive, you need to place it above the [[Hard Disk Drive (HDD)]] in the boot order - [[Optical Media]] - Many newer computers don't have optical drives, so using optical media is less common - [[USB Drives]] - [[Solid-State Device (SSD)]] - [[Flash Drives]] - [[External Drives]] - [[Network Boot Devices]] - [[Internet Boot]] - [[Internal Partitions]] #### 26. Partitioning Storage Devices - Once you boot up the setup program, ensure the storage devices are properly [[Partition|partitioned]] - Both [[Hard Disk Drive (HDD)]] and [[Solid-State Device (SSD)]] require partitioning and formatting before using them to store an operating system - By default, at least one partition on a fixed disk is needed before you can perform a high level disk format for your [[File System]] - Two styles of partitioning: - [[Master Boot Record (MBR)]] - Not efficient to use these days - [[GUID Partition Table (GPT)]] - Every operating system has to be installed into a partition that is formatted using a compatible [[File System]] for that operating system - [[Windows]] supports [[New Technology Filesystem (NTFS)]] - [[macOS (OSX)]] supports [[Apple File System (APFS)]] - [[Linux]] supports [[Extended File Type System]] ([[ext3]] or [[ext4]]) - Good reason to have two or more partitions is if you are using multiple different operating systems with different file systems - Use [[Extensible File Allocation Table (exFAT)]] as that is cross compatible with all operating systems #### 27. Recovery and Reset - [[Recovery and Reset]] - Most hardware manufacturers have created a recovery [[Partition]] on your primary disk, which will allow you to boot into that internal fixed drives recovery partition and then restore the [[Operating System (OS)]] system environment to its initial factory default state - [[Reset and Repair Mode]] #### 28. Using a Recovery Partition - **Windows Key** and type in Disk Management - ![[Pasted image 20241011002533.png]] - Recovery Partition is 666 MB - Boot into the recovery mode - Pressing **SHIFT** key while clicking on the shutdown button and then pressing on restart - Local Reinstall reinstalls Windows using the copy of Windows that's already existing on your recovery partition - Doesn't have all the security patches or is the latest version - Cloud Download will reinstall the latest version of Windows that's already installed ## Section 5: Application Configuration (OBJ 1.7) --- #### 30. Application Requirements - When installing an application, need to consider the requirements necessary to run said application - Need to consider hardware requirements and storage - Every application is going to have different processing requirements based on the work that's going to be done using that application - 32-bit version of [[Windows]], your applications will be installed inside the Program Files Directory - 64-bit version of [[Windows]], (two different folders to be used) your applications will be installed inside of the Program Files (x86) <- 32 bit programs or Program Files Directory <- 64 bit programs - Need to consider how much [[Random Access Memory (RAM)|memory]] is available on the system to be used by the application - Minimum requirement of memory for some applications is the minimum amount of memory that's going to be used for that one application - Amount of storage space is available for the program as different programs require different amounts of space - Two things to consider when it comes to graphics requirements: - [[Dedicated Graphics Card ]]or [[Integrated Graphics Processing Unit (iGPU)]] -> [[Graphics Card]] - Amount of [[Video Random Access Memory (VRAM)]] available - Need to finally consider whether the application will require an [[External Hardware Token]] #### Distribution Methods - Download for the app store - [[Windows]] machine will use the [[Microsoft Store]] - [[Apple]] machine will use the [[App Store]] - [[Linux]] machine will have to download software using a [[Package Manager]] that connects to your [[Distribution|distribution's]] central repository with all the available applications - These stores take precautions to ensure that the software is of good quality - Not all applications are found inside the app store - Stores take commission from the application - Purchase on physical media - CD or DVD as a distribution method is known as Physical Media - [[USB Drives]] could also hold the application - Not the most convenient way to install software - Download from the Internet - Need to be careful and need to put trust in the site you're downloading the application from - When downloading from the Internet, on [[Windows]] machine a notification will pop up called the [[User Account Control (UAC)]] asking "Do you want to allow this app from an unknown publisher to make changes to your device?" - ![[Pasted image 20241011222707.png]] - [[ISO File]] - to use ISO image, need to mount it as a drive - [[Windows]] -> **RIGHT** click the file, and hit **Mount** - [[Mac]] -> Use Disk Utility #### 32. Business Impacts - Three main things that are going to impact your business anytime you install a new application: - [[Licensing]] - [[Support]] - [[Training]] #### 33. Operational Impacts - [[Single Component]] - [[Larger Network]] - [[Larger Enterprise System]] - Any time you want to deploy a new application, this can be done in one of two ways: - Send a technician to every machine to manually update it - Use automation to push that software over the network to all the clients - Always a good idea to think about: - What clients are on the network - What servers are being used - Application Deployment: - [[Windows]] -> [[Windows Deployment Service]] and [[Microsoft Deployment Toolkit]] - [[macOS (OSX)]] -> [[Apple Business Manager (ABM)]] - [[Linux]] -> Private [[Repository]] #### 34. Device Impacts - If you install an application that's going to be performing actions in the background, will affect the device's overall performance - Some applications are going to slow down the system - Memory intensive and/or going to take a lot of storage space #### 35. Network Impacts - Some applications will rely heavily on the network - What network impacts would there be when installing certain tools - Backup/Syncing tools will steal a lot of the network's performance by overwhelming the connection - Consider the actual installation of the application itself - Break down the deployment into small groups - Use times that are the least impactful for the users ## Section 6: Windows Networking (OBJ 1.6) --- #### 37. Windows Networking - [[Intranet|Intranets]] are used in both large businesses and in SOHO environments #### 38. Wired Connections - [[Wired Connection]] - Go to [[Device Manager]] to get information about your [[Network Interface Card (NIC)]] #### 39. Wireless Connections - **Just a general overview of Wireless connection in Windows** #### 40. WWAN Connections - [[Wireless Wide Area Network (WWAN)]] Connection - [[Meter Connection]] #### 41. VPN Connections - [[Virtual Private Network (VPN)]] #### 42. Network Client Configuration - Anytime you connect to a network, whether wired or wireless, you need to make sure the device has four basic items: - [[Internet Protocol (IP) Address]] - [[Subnet Mask]] - [[Default Gateway]] - [[DNS Server]] #### 43. Network Locations - When connecting to a new network, you're going to have a wizard that pops up called the Network Location Awareness Server Prompt - Will ask if you if you're connecting to either a public or private network - Asking if you want your device to be seen by other devices on that particular network (network discovery) - Private -> Yes - Public -> No - ![[Pasted image 20241012200110.png]] - If you clicked no (public) and went to [[File Explorer]] and hit **Network**, an error will occur - ![[Pasted image 20241012200146.png]] - If you clicked yes (private), your device will be discoverable on the network and you will be able to see all other devices as well. This will give you access to file sharing and access to devices on the network (file and printer sharing over a local network) - We could configure [[Firewall]] settings based on different setting that we need in order to allow or deny different applications - Done in [[Windows Security]] - ![[Pasted image 20241012201047.png]] - We could configure different apps and features to only work on either the private or public network or both - Could click on **Advanced Settings** and open the [[Windows Defender Firewall with Advanced Security]] #### 44. Proxy Settings - [[Proxy Settings]] ## Section 7: Windows Control Panel (1.4) --- #### 45. Windows Control Panel - [[Windows Control Panel]] - Need to remember the purpose of each utility or applet #### 46. Account Settings - ![[Pasted image 20241013172647.png]] - [[User Accounts Applet]] - Software applications can be installed on a per account basis or on an entire system basis - To see the files installed by a particular user on a system, go to [[File Explorer]], **This PC,** drive where [[Windows]] is installed and hit **Users** - ![[Pasted image 20241013174430.png]] - ![[Pasted image 20241013174437.png]] - If I were to go to the ieshu folder, I would see all the default folders that exist for that particular user - ![[Pasted image 20241013174518.png]] #### 47. Programs and Features - [[Programs and Features]] #### 48. Devices and Printers - [[Devices and Printers]] #### 49. Internet Options - [[Internet Options]] - Most places don't use [[Internet Explorer]] any more, and use things like [[Microsoft Edge]] or [[Chrome]], but some places still rely on Internet Explorer #### 50. Network and Sharing Center - [[Network and Sharing Center]] - See the status of any network adapter inside of this computer - Can determine what settings you're going to have on a public or private network basis - Configure media streaming #### 51. Windows Defender Firewall - [[Software Based (Host-Based) Firewall]] - [[Windows Defender Firewall]] #### 52. Mail - [[Mail Applet]] #### 53. Sound - [[Sound Applet]] #### 54. System - Exam objectives list the system as part of the control panel - [[System Applet]] #### 55. Device Manager - [[Device Manager]] #### 56. Administrative Tools - [[Administrative Tools]] #### 57. Indexing Options - [[Indexing Options]] #### 58. File Explorer Options - [[File Explorer]] - [[File Explorer Options]] #### 59. Power Options - [[Power Options]] - Using a [[Laptop]], you will have different options when it comes to whether you want your system to sleep or shutdown - Known as [[Advanced Configuration and Power Interface (ACPI)]] #### 60. Ease of Access - [[Ease of Access]] ## Section 8: Windows Settings (OBJ 1.5) --- #### 61. Windows Settings - [[Windows Settings]] #### 62. Accounts - [[Accounts Applet]] #### 63. System Settings - [[System Applet]] #### 64. Update and Security - [[Update and Security]] #### 65. Network and Internet - [[Network and Internet]] #### 66. Devices - [[Devices Applet]] #### 67. Privacy - [[Privacy Applet]] #### 68. Time and Language - [[Time and Language Applet]] #### 69. Personalization - [[Personalization Applet]] #### 70. Apps - [[Apps Applet]] #### 71. Gaming - [[Gaming Applet]] ## Section 9: Windows Tools (OBJ 1.3) --- #### 72. Windows Tools - [[Windows]] contains a lot of different tools and utilities that will let you configure, monitor, and troubleshoot a local system or network client with - Focus on the purpose and usage of tools #### 73. Task Manager - [[Task Manager]] #### 74. Device Manager - [[Device Manager]] #### 75. Disk Management Console - [[Disk Management Console]] #### 76. Disk Maintenance Tools - When it comes to disk maintenance, there are really three main problems: - [[Disk Fragmentation]] - [[Capacity]] - [[Damage]] - [[Disk Defragmentation Tool]] - [[Disk Cleanup]] #### 77. Task Scheduler - [[Task Scheduler]] #### 78. Event Viewer - [[Event Viewer]] #### 79. Performance Monitor - [[Performance Monitor]] #### 80. Local Users and Groups - [[Local Users and Groups]] #### 81. Group Policy Editor - [[Group Policy Editor]] #### 82. Certificate Manager - [[Certificate Manager]] #### 83. System Information - [[System Information]] #### 84. Resource Monitor - [[Resource Monitor]] #### 85. System Configuration - [[System Configuration Tool]] #### 86. Registry Editor - [[Windows Registry]] #### 87. Microsoft Management Console - [[Microsoft Management Console (MMC)]] ## Section 10: Windows Command Line Tools (OBJ 1.2) --- #### 88. Windows Command Line Tools - [[Windows Command Line Interface (CLI)]] - [[Command Prompt]] - [[Graphical User Interface (GUI)]] ###### Navigation Commands - [[cd]] - [[dir]] - [[md]] - [[rmdir]] ###### Copying Commands - [[copy]] - [[xcopy]] - [[robocopy]] ###### Disk Management Commands - [[diskpart]] - [[format]] - [[chkdsk]] - [[shutdown]] - [[sfc]] ###### Network Troubleshooting Commands - [[ipconfig]] - [[ping]] - [[tracert]] - [[pathping]] ###### Name Resolution Command - [[Hostname]] - [[nslookup]] - [[netstat]] ###### Group Policy Commands - [[gpupdate]] - [[gpresult]] - Both of these commands are mainly used by system administrators that work in a domain based environment #### 89. Using the GUI - Every [[Operating System (OS)]] is made up of some [[User Interface (UI)]] - [[Command Line Interface (CLI)]] - [[Graphical User Interface (GUI)]] #### 90. Using the Command Prompt - [[Command Prompt]] - If you want help about a command's syntax, you could write: - command /? and it will show you the command's syntax #### 91. Navigation Commands - [[cd]] - [[type]] - [[md]] - [[rmdir]] #### 92. Copying Commands - [[copy]] - [[move]] - [[xcopy]] - [[robocopy]] #### 93. Disk Management Commands - [[diskpart]] - [[format]] - [[chkdsk]] #### 94. Shutdown - [[shutdown]] #### 95. System File Checker - [[sfc]] #### 96. Windows Version - [[winver]] - [[systeminfo]] #### 97. Network Troubleshooting Commands - [[ipconfig]] - [[ping]] - [[tracert]] - [[pathping]] #### 98. Name Resolution Commands - [[Hostname]] - [[nslookup]] #### 99. The netstat Command - [[netstat]] #### 100. Group Policy Commands - [[Group Policy]] - [[gpresult]] - [[gpupdate]] ## Section 11: Windows Shares (OBJ 1.2, 1.6 and 2.5) --- #### 101. Windows Shares - [[Windows]] networks are broken down into two different types: - [[Domain-Based]] - [[Workgroup-Based]] #### 102. Workgroups and Domains - [[Workgroups and Domains]] - The main difference between the two is how workstations and resources on the network are going to be managed - [[Workgroup-Based]] -> Decentralized Model - each client could be a server and each server could be a client - [[Domain-Based]] -> Centralized Model - going to have a central domain controller that servers as the heart of that network. Everything gets managed through a [[Active Directory (AD)]] server - To add a computer to a workgroup or domain environment, go to the [[Windows Settings]] and hit [[System Applet]], and hit Advanced System Settings. Hit the Computer Name Tab, and hit Network ID - Not all Windows version can join a Domain Based Environment - [[Windows Home]] can only join a Workgroup-Based environment #### 103. File Sharing - To do file sharing inside of a Windows Work Group, you have to make sure that the network is set to [[Private Network|private]] - Need to change sharing settings for different network profiles - Need to turn ON File and Printer Sharing option in the [[Network and Sharing Center]] - Could turn on of off password protected sharing - Gives us the ability to protect folders by using users and passwords - Also change in [[Network and Sharing Center]] #### 104. NTFS Permissions - When somebody is accessing your computer locally, they're going to have access to whatever folders you have based on the [[NTFS Permissions]] instead of the Share Permissions - When you're configuring permissions for the [[New Technology Filesystem (NTFS)]] file system, you're using the **Security** tab - When you're using share permissions, you're using the **Sharing** tab - When using NTFS permissions, you are settings things based on what's known as an [[Access Control List (ACL)]] - Better to set permissions to groups rather than individual users - [[Inheritance]] - [[Shared Permissions]] #### 105. Mapping Drives - Gives you access to a network resource on a domain controller, [[File Server]], or another workstation - Map a Network Drive in the [[File Explorer]] - Copy and paste link to file/folder you want to map - File/folder has to able to be accessed over the Network to be mapped - Quick shortcut to access things across the network and be able to store things on a centralized file server #### 106. The net command - The [[net]] command is not just one command - Entire suite of commands - ![[Pasted image 20241018120402.png]] #### 107. User Data on Domains - How is user data stored across the domain? - On your domain/file server, you need to setup a [[Home Directory]] - $ at the end of any share name means that it's going to be hidden when you use things like the [[net]] view command - Home$ <- example of a share name with the $ that will be hidden when the net view command is used - [[Roaming Profiles]] - Set up [[Folder Redirection]] in the [[Group Policy Editor]] #### 108. Printer Sharing - Sharing a [[Printer]] over a network is easier in a small office environment - Go to [[Windows Settings]] , Printers and hit manager - Click on **Printer Properties** and go to the **Sharing tab**. Hit **Share this printer** and that will create a printer share between your network and the printer. - Could use net view to see the printer on the network - ![[Pasted image 20241018123559.png]] ## Section 12: macOS (OBJ 1.10) --- #### 109. macOS - [[macOS (OSX)]] generally has same features and functionally like [[Windows]] - [[Finder]] - [[Dock]] - [[Spotlight]] - [[pkg (Package)]] - [[dmg (Disc Image)]] #### 110. Finder, Dock and Spotlight - mac runs on top of the [[Finder]] - Top left corner will show current active application - ![[Pasted image 20241019185933.png]] - Applications are closed, minimized or full screen via three colored dots - ![[Pasted image 20241019190103.png]] - Red will close out of that application - Doesn't close the application, but just closes the window - To close the application, right the application name on the top left or on the dock and hit **Quit** or (**Command Key** + Q) - Yellow will minimize it down into the [[Dock]] - Green will full screen - Dragging app from dock onto the screen will remove it from the dock - ![[Pasted image 20241019190444.png]] - Dock has three main areas: - All the shortcuts that you "pinned" on the dock - Last three applications you used - Shortcuts in a folder - ![[Pasted image 20241019190628.png]] - Could make the dock larger or smaller - Have to click on the | section of the dock separating the three areas and drag - ![[Pasted image 20241019190840.png]] - Could right click on the dock and change the **Dock Preferences** - ![[Pasted image 20241019190920.png]] - To use [[Spotlight]], you have to click magnifying glass in the top right - ![[Pasted image 20241019191003.png]] #### 111. Mission Control - [[Mission Control]] #### 112. Terminal - ![[Pasted image 20241019193007.png]] - Could be found via [[Spotlight]] or in the application folder in the [[Dock]] - Could be configured - ![[Pasted image 20241019192847.png]] - Could choose different profiles via right clicking the terminal name in the top left and hovering over New Window and choosing one of the different profiles - Not all of the commands from [[Windows]] will work - Because [[macOS (OSX)]] is based on [[UNIX]], so many [[Linux]] commands will work - Could use **TAB** for autocomplete - Using zsh shell ([[Z Shell]]) #### 113. Disk Utility - [[Disk Utility]] - Could be found in applications by using [[Spotlight]] #### 114. File Vault - [[FileVault]] #### 115. Remote Disc - [[Remote Disc]] #### 116. Gestures - [[Gestures]] #### 117. Keychain - [[Keychain]] #### 118. iCloud and Apple ID - [[iCloud]] - [[Apple ID]] #### 119. System Preferences - [[System Preferences]] #### 120. Managing macOS Applications - [[Mac App Store]] #### 121. Best Practices for macOS - [[Antivirus]] - [[Backups]] - [[Time Machine]] - [[Updates]] - [[Force quit apps]] - [[Apple Business Manager (ABM)]] ## Section 13: Linux (OBJ 1.11) --- #### 122. Linux - Popular for server use ##### Linux Navigation - [[ls]] - [[pwd]] - [[cd]] ##### File Management Commands - [[mv]] - [[cp]] - [[rm]] - [[Linux]] ##### Disk Usage Commands - [[df]] - [[du]] ##### Text Manipulation - [[nano]] - [[vi]] - [[vim]] - [[pico]] - [[cat]] ##### Search Commands - [[find]] - [[grep]] ##### User Management - [[su]] - [[sudo]] - [[useradd]] - [[usermod]] - [[userdel]] - [[passwd]] - [[groupadd]] - [[groupmod]] - [[groupdel]] ##### File Permission Commands - [[chmod]] - [[chown]] ##### Application Management - [[apt-get]] - [[yum]] - [[dnf]] - [[rpm]] ##### Resource Management Commands - [[ps]] - [[top]] ##### Networking Commands - [[ip]] - [[ping]] - [[traceroute]] - [[dig]] ##### Getting Help in Linux - [[man]] - [[--help]] [[Samba]] should be enabled on [[Linux]] systems #### 123. Shells and Terminals - Return the value of the [[Shell]] variable -> echo $SHELL - ![[Pasted image 20241020175525.png]] - [[Born Again Shell (Bash)]] - [[chsh]] #### 124. Linux Navigation - [[ls]] - [[cd]] - [[dev]] - [[Terminal Emulator (TTY)]] #### 125. File Management Commands - [[mv]] - [[cp]] - [[rm]] - [[rmdir]] #### 126. Disk Usage Commands - [[df]] - [[du]] #### 127. Text Manipulation - [[nano]] - [[vi]] - [[vim]] - [[pico]] - [[cat]] #### 128. Search Commands - [[find]] - [[grep]] #### 129. User Management - [[su]] - [[sudo]] - [[useradd]] - [[usermod]] - [[userdel]] - [[passwd]] - [[groupadd]] - [[groupmod]] - [[groupdel]] #### 130. File Permission Commands - [[chmod]] - [[chown]] #### 131. Application Management - [[Application Management]] - [[apt-get]] - [[rpm]] - [[yum]] - [[dnf]] - [[Package Manager]] #### 132. Resource Management Commands - [[ps]] - [[top]] #### 133. Networking Commands - [[ip]] - [[ping]] - [[traceroute]] - [[dig]] #### 134. Getting Help in Linux - could use --help after a command to get detailed information about how to use that command - [[man]] #### 135. Best Practices for Linux - [[Debian]] -> [[apt-get]] to install updates and patches - [[Red Hat]] -> [[rpm]], [[yum]] and [[dnf]] to install updates and patches - [[Linux]] and [[Windows]] malware do not affect each other's systems - Linux is more secure, but not secure free - Use a [[Task Scheduler]] to run a backup on a Linux system - Install [[Samba]] on a Linux device to communicate with a [[Windows]] host or server ## Section 14: Threats and Vulnerabilities (OBJ 2.4) --- #### 136. Threats and Vulnerabilities - [[Threat]] - [[Vulnerability]] - [[Risk]] - [[Information Security]] - [[Information System Security (ISS)]] - [[Internal Threat]] - [[External Threat]] - [[Common Vulnerabilities and Exposure (CVE)]] - [[Zero Day Vulnerability]] - [[Exploit]] - Ensure the system is up to date and patched #### 137. CIA Triad - [[Confidentiality]] - [[Integrity]] - [[Hashing]] - [[Checksums]] - [[Availability]] - [[CIA Triad]] - Will be tradeoffs between some parts of the Triad - As security increases, usability often decreases - ![[Pasted image 20241023092925.png]] #### 138. Vulnerabilities - [[Vulnerability]] - [[Threat Actor]] - [[Non Compliant System]] - [[Configuration Baseline]] - [[Unpatched System]] - [[Unprotected System]] - [[End of Life (EOL)]] - [[Bring Your Own Device (BYOD)]] #### 139. Zero Day Attack - [[Zero Day Vulnerability]] - [[Zero Day Exploit]] - Zero day means the system is vulnerable without you knowing it #### 140. DoS and DDoS - [[Denial of Service (DoS)]] - [[Flood Attack]] - [[Ping Flood]] - [[SYN Flood]] - [[Time Outs]] - [[Flood Guards]] - [[Intrusion Prevention System (IPS)]] - [[Permanent Denial of Service (PDoS)]] - [[Fork Bomb]] - [[Worm]] - [[Distributed Denial of Service (DDoS)]] - [[DNS Amplification Attack]] #### 141. Spoofing - [[Spoofing]] - [[IP Spoofing]] - [[MAC Spoofing]] - [[ARP Spoofing]] - [[MAC Filtering]] #### 142. On-Path Attack - [[On Path Attack]] - [[ARP Poisoning]] - [[DNS Poisoning]] - Introducing a [[Rogue WAP]] - Introducing [[Rogue Hub or Switch]] - [[Replay Attack]] - [[Relay Attack]] - [[SSL Stripping]] - [[Downgrade Attack]] #### 143. SQL Injection - [[Structed Query Language (SQL)]] - [[SQL Injection]] - [[Injection Attack]] #### 144. XSS and XSRF - [[Cross Site Scripting (XSS)]] - [[Stored and Persistent]] - [[Reflected]] - [[Document Object Model (DOM) Based]] - [[Cross Site Request Forgery (XSRF)]] #### 145. Password Cracking - [[Password Analysis Tool]] - [[Password Cracker]] - [[Password Guessing]] - [[Dictionary Attack]] - [[Brute Force Attack]] - Increasing complexing exponentially increases the time required to brute-force a password - [[Cryptanalysis Attack]] - [[Rubber Hose Attack]] #### 146. Insider Threat - [[Insider Threat]] - [[Logic Bomb]] ## Section 15: Malware (OBJ 2.3) --- #### 147. Malware - [[Malware]] #### 148. Viruses, Worms, and Trojans - [[Virus]] - Ten different types: - [[Boot Sector Virus]] - [[Macro Virus]] - [[Program Virus]] - [[Multipartite Virus]] - [[Encryption Virus]] - [[Polymorphic Virus]] - [[Metamorphic Virus]] - [[Stealth Virus]] - [[Armored Virus]] - [[Hoax Virus]] - [[Worm]] - [[Trojan]] - [[Remote Access Trojan (RAT)]] #### 149. Viruses and Trojans - JUST A DEMO OF CREATING A VIRUS AND TROJAN #### 150. Ransomware - [[Ransomware]] #### 151. Spyware - [[Spyware]] - [[Keylogger]] - [[Adware]] - [[Grayware]] #### 152. Rootkits - [[Rootkit]] - [[DLL Injection]] - [[Driver Manipulation]] - [[Shim]] #### 153. Botnets and Zombies - [[Botnet]] - Mainly used to conduct a [[Distributed Denial of Service (DDoS)]] attack #### 154. Symptoms of Infection - Your computer might have been infected if it begins to act strangely - Hard drives, files, or applications are not accessible anymore, could be an indication of malware infection - Strange noises - Unusual error messages - Display looks stranger - Jumbled printouts - Double file extensions are being displayed, such as textfile.txt.exe - New files and folders have been created or files and folders are missing/corrupted - System Restore will not function #### 155. Removing Malware - Scan the computer 1. Identify the symptoms of a malware infection 2. Quarantine the infected systems 3. Disable System Restore 4. Remediate the infected system 5. Schedule automatic updates and scans 6. Enable System Restore and create a new restore point 7. Provide end user security awareness training - If boot sector virus is suspected, reboot the computer from an external device and scan it - Remove the hard drive from the victim machine, connect to a clean workstation as a secondary device, and then scan it #### 156. Preventing Malware - Continually apply your service packs and updates for your operating system - Have a good host-based firewall - Worms, trojans, and ransomware are best detected with anti-malware solutions - [[Rootkit]] - Scanners can detect a file containing a rootkit before it is installed - Re-image the machine from a known good baseline - Verify your email servers aren't configured as open mail relays or [[Simple Mail Transfer Protocol (SMTP)]] open relays - Remove email addresses from website - Use allow list and blocklists - Train and educate end users 1. Update your anti-malware software automatically and scan your computer 2. Update and patch the operating system and applications regularly 3. Educate end users on safe Internet surfing practices ## Section 16: Social Engineering (OBJ 2.3 and 2.4) --- #### 157. Social Engineering - [[Social Engineering]] #### 158. Phishing Attacks - End users and employees are the weakest link in an organization's security - [[Phishing]] - [[Spearphishing]] - [[Whaling]] - [[Short Message Service (SMS)]] - [[Multimedia Messaging Service (MMS)]] - [[Smishing]] - [[Vishing]] - [[Business Email Compromise (BEC)]] - [[Pharming]] #### 159. Anti-Phishing Training - JUST AN OVERVIEW OF ANTI-PHISING CAMPAIGN #### 160. Spam - [[Spam]] #### 161. Impersonation - [[Impersonation]] - The goal is to use people's trust on a person in authority and people in uniform - [[Elicitation]] #### 162. Pretexting - Train your employees not to fall for pretext and to not fill in the gaps for people when they're calling you or even in person #### 163. Social Engineering Attacks - [[Social Engineering]] - The weakest link is the end users and employees - [[Tailgating]] - [[Piggybacking]] - [[Shoulder Surfing]] - [[Dumpster Diving]] #### 164. Evil Twin - [[Evil Twin]] - [[Captive Portal]] - [[Karma Attack]] - [[Preferred Network List (PNL)]] #### 165. Software Firewalls - [[Personal Firewall]] - [[Windows]] -> Windows Firewall - [[macOS (OSX)]] - PF and IPFW Firewall - [[Linux]] -> iptables - It is better to run a personal software-based firewall and a network-based firewall to provide you with two layers of protection #### 166. Using Software Firewalls - JUST A DEMONSTRATION ON SOFTWARE FIREWALLS #### 167. User Education - I can install all the technology I want, but if I don't fix the user, it's all gonna be for nothing - Never share you authentication information - [[Clean Desk Policy]] - Train uses how to encrypt emails and data - Follow organizational data handling and disposal policies ## Section 17: Security Controls (OBJ 2.1) --- #### 168. Security Controls - [[Physical Controls]] - [[Logical Controls]] - [[Monitoring]] - [[Auditing]] - [[Change Management]] - [[Managerial Controls]] #### 169. Perimeter Defense - [[Fences]] - [[Bollards]] - Think about the type of aesthetic fence and bollards to install - Must consider Lighting - [[Guards]] #### 170. Surveillance - [[Video Surveillance]] - [[Circuit Based System]] - [[Motion Sensors]] - [[Proximity]] - [[Duress]] - [[Magnetometer]] #### 171. Physical Access Controls - [[Door Locks]] - [[Key Operated]] - [[Mechanical Operated]] - [[Electronic Operated]] - [[Badge Reader]] - [[Biometric Door Lock]] - [[Fingerprint Reader]] - [[Palm Print Reader]] - [[Retina Scan]] - [[Facial Identification]] - [[Equipment Lock]] - [[Lockable Rack Cabinet]] - [[Kensington Lock]] - [[Access Control Vestibule (Mantrap)]] #### 172. Security Principles - [[Least Privilege]] - [[Discretionary Access Control (DAC)]] - [[Mandatory Access Control (MAC)]] - [[Role Based Access Control (RBAC)]] - [[Power User]] - [[Zero Trust]] #### 173. Multifactor Authentication - Identification -> Provides identity - Authentication -> Validates identity - [[Multifactor Authentication (MFA)]] - [[Time Based One Time Password (TOTP)]] - [[HMAC-Based One-Time Password (HOTP)]] - [[In Band Authentication]] - [[Out of Band Authentication]] #### 174. Mobile Device Management - [[Enterprise Mobility Management (EMM)]] - [[Mobile Device Management (MDM)]] - [[Remote Wipe]] - [[Firmware Update]] #### 175. Active Directory Security - Have at least one Windows server as a domain controller - [[Active Directory (AD)]] - Use Active Directory inside Windows-based networks for high levels of security - [[Security Group]] - [[Organizational Unit (OU)]] - [[Group Policy]] - [[Home Folder]] - [[Folder Redirection]] ## Section 18: Wireless Security (OBJ 2.2 and 2.9) --- #### 176. Wireless Security - JUST A GENERAL OVERVIEW OF WHAT TO EXPECT IN THIS SECTION #### 177. Wireless Encryption - Encryption of data in transit is paramount to security - Most wireless encryption schemes rely on a [[Pre Shared Key]] - Scalability becomes difficult as when more devices are on the network, everyone needs to have the shared key and each key needs to be kept a secret - Three main types of encryption that are in use for wireless networks - [[Wired Equivalent Privacy (WEP)]] - WEP's weakness is its 24-bit [[Initialization Vector (IV)]] (could be brute-forced in a couple of minutes) - [[Wi-Fi Protected Access (WPA)]] - uses [[Temporal Key Integrity Protocol (TKIP)]], [[Message Integrity Check (MIC)]] and [[Rivest Cipher 4 (RC4)]] to make sure that all the data sent is secure and ensuring that it's not modified in transit - [[Wi-Fi Protected Access version 2 (WPA2)]] - Uses [[Advanced Encryption Standard (AES)]] with a 128-bit key, [[Counter Mode with Cipher Block Chaining (CCMP)]], and integrity checking - Integrity checking is conducted through CCMP | If you are asked about.... | Look for the answer with | | -------------------------- | ---------------------------------- | | Open | No security or protection provided | | WEP | IV | | WPA | TKIP and RC4 | | WPA2 | CCMP and AES | - [[Wi-Fi Protected Setup (WPS)]] - Easy to use and setup but has flawed security and could easy be brute forced - Should always be disabled - [[Virtual Private Network (VPN)]] should be setup for wireless devices, even when connecting to home network #### 178. Cracking Wireless Networks - Because WEP only uses a 24-bit Initialization Vector, it is extremely insecure - On Kali Linux, we could use aircrack-ng to crack WEP networks - airodump-ng wlan0mon - wlan0mon -> wireless card - ![[Pasted image 20241027180352.png]] - WirelessHacking network is the WEP network with a BSSID of C8:A7:0A:B5:2D:F8 - airodump-ng --channel 1 --bssid C8:A7:0A:B5:2D:F8 --write WirelessHackingDump wlan0mon - channel 1 is the channel WirelessHacking is on #### 179. WPA3 - [[Wi-Fi Protected Access 3 (WPA3)]] - Introduced in 2018 and is part of the Wi-Fi 6 standard to be the default encryption (802.11ax) - Has updated cryptographic protocols - Uses the [[Advanced Encryption Standard (AES)]] uses a 192-bit key inside of corporate networks - Could run in either Enterprise or Personal mode - Uses AES with [[Galois Counter Mode Protocol (GCMP)]] - Has a feature known as [[Enhanced Open]] - can provide [[Opportunistic Wireless Encryption (OWE)]] - Provides Management Protection Frames - prevents eavesdropping on the wireless traffic being sent. These frames are used for both uni and multi cast management frames - Includes [[Simultaneous Authentication of Equals (SAE)]] #### 180. Wireless Authentication - [[Remote Authentication Dial-In User Service (RADIUS)]] - Requires three things in order to be properly configured - [[Supplicant]] - [[Authenticator]] - [[Authentication Server]] - [[Terminal Access Controller Access-Control System Plus (TACACS+)]] - [[Diameter]] - [[Lightweight Directory Address Protocol (LDAP)]] - [[Single Sign On (SSO)]] - [[Kerberos]] - [[802.1x]] - Utilize 802.1x as part of your defense - [[Extensible Authentication Protocol (EAP)]] - [[EAP-MD5]] - [[EAP-TLS]] - [[EAP-TTLS]] - [[EAP Flexible Authentication via Secure Tunneling (EAP-FAST)]] - [[Protected EAP]] - [[Lightweight EAP (LEAP)]] #### 181. Wireless Security - [[Service Set Identifier (SSID)]] - Name the network after something that is easy to recognize - Do not use any personally identifiable information - Random naming scheme - Enable wireless network encryption by configuring your wireless access point - A strong passphrase will serve as the password or symmetric key for this encryption - [[Guest Access]] #### 182. Configuring SOHO Networks - JUST AN OVERVIEW ON CONFIGURING SOHO NETWORKS #### 183. Securing Wireless Networks - JUST AN OVERVIEN ON SECURING WIRELESS NETWORKS #### 184. Configuring SOHO Firewalls - JUST AN OVERVIEW ON CONFIGURING SOHO FIREWALLS ## Section 19: Mobile Device Security (OBJ 2.7) --- #### 185. Mobile Device Security - JUST AN OVERVIEW OF WHAT TO EXPECT FROM THIS SECTION OF THE COURSE - [[Mobile Device]] #### 186. Securing Wireless Devices - We all use wireless devices - laptops, tablets, or smartphones - To think about securing these devices, we need to think about how they communicate - use either [[Wi-Fi (Wireless Network)]] or [[Bluetooth]] - Wi-Fi is used by mobile devices to make a connection to high speed internet - These networks are not secure by default and you need to make sure that the network that you're connecting to encrypts the data being sent over the network - Highest level of encryption available for Wi-Fi is [[Wi-Fi Protected Access 3 (WPA3)]] - WPA3 uses the [[Advanced Encryption Standard (AES)]] for its encryption algorithm - Bluetooth is used by mobile devices to connect peripherals to the device - Requires two devices to make a connection (link) - When the devices are paired with each other, the devices are going to be able to communicate via the shared link which uses a shared link key that is used by both devices and used to encrypt the data being sent - Need to check specifications to see if the device uses at least AES encryption with a strong key - Implementing a [[Firewall]] application to the mobile device is a way to ensure stronger security - [[Software Based (Host-Based) Firewall]] are not common for mobile devices - If you are to use a firewall on the mobile device, it will require the use of [[root]] ([[Administrator]] privileges) on the device in order to successfully protect it - A [[Virtual Private Network (VPN)]] connection between a mobile device and a centralized server is safer - Another way to ensure security for mobile devices in ensuring good backups for data - Remote backups automatically go to places like [[iCloud]], Google Sync or [[OneDrive]] - Always ensure you have secured the wireless connectivity first, then implement a mobile firewall #### 187. Mobile Device Unlocking - Most mobile devices will require the user to enter some password or authentication key to unlock the device - To protect the device when it's not being used by an authenticated user, the device will use a [[Lock Screen]], to make it so that the device cannot be used without being authenticated by the user of the device - If you don't have any sort of authentication required for the mobile device, the device will, by default, use a [[Swipe Gesture]] - Not a good idea - PIN codes and passwords are the simplest forms of authentication to be had - [[Personal Identification Number (PIN)]] - These codes are easy to guess as there are only 10,000 possible codes for a four digit PIN - These PINs are highly susceptible to [[Shoulder Surfing]] attacks - [[Passwords]] are numbers, letters, and symbols (has more variety than PINs) - Can be easily used by others, due to shoulder surfing and other attacks - Most smartphones have added Fail Counters, and entering the wrong passcode 10 times can lock you out and make you wait 30 minutes before you're able to try again - [[Remote Wipe]] of all the data could be used after 10 failed login attempts - [[Pattern]]s are another type of unlock method used - Problem is that most users will choose something too easy to guess - [[Biometrics]] are now being used in mobile devices - [[Touch ID]] was used on [[iPhones]]. Pressing and removing your finger off the touch scanner several times is how you set up Touch ID - [[Facial Identification]] is another form of biometrics used - Smartphones like to use biometrics first and then PIN or passcode, if you have all of that set up #### 188. Mobile Malware - Mobile Malware exists and no device is immune - Ensure that you have an [[Antivirus]] solution on your devices - Ensure your mobile device is patched and updated - [[Apple]] is more secure because the have a more quicker patch and release cycle than [[Android]] - Only install apps from the official [[App Store]] or [[Google Play Store]] - Just because you're getting it from the official store does not mean that it's 100% malware free - Do not jailbreak/root device - Don't use custom firmware/ROM - Only load official store apps - Always update your software #### 189. Mobile Device Theft - Always ensure that your device is backed up - Encrypt your device - Don't try to recover your device alone if it is stolen - [[Remote Lock]] - [[Remote Wipe]] #### 190. Mobile App Security - Only install apps from the official mobile stores - [[Mobile Device Management (MDM)]] - Turn location servers off to ensure privacy - [[Geotagging]] #### 191. Deployment Options - Mobile Device Deployment Model describes the way employees are provided with mobile devices and applications to use as part of their job functions - [[Corporate Owned Business Only (COBO)]] - [[Corporate Owned Personally Enabled (COPE)]] - [[Choose Your Own Device (CYOD)]] - [[Bring Your Own Device (BYOD)]] - Uses [[Storage Segmentation]] - Ensure your organization has a good security policy for mobile devices #### 192. Hardening Mobile Devices - Increasing the security of your mobile devices is known as **Hardening** the device 1. Update your device to the latest software 2. Install Antivirus 3. Train users on proper security and use of their device 4. Only install apps from the official app stores 5. Do not jailbreak or root your devices 6. Only use Version 2 SIM cards for your devices 7. Turn off all unnecessary features on your device 8. Turn on encryption for voice and data 9. Use strong passwords or biometrics 10. Don't allow BYOD - Ensure your agency has a good security policy for mobile devices #### 193. Implementing Mobile Device Security - JUST AN OVERVIEW ON HOW TO IMPLEMENT MOBILE DEVICE SECURITY #### 194. IoT Vulnerabilities - Most IoT devices use an embedded version of Linux or Android as their OS - Many manufacturers use outdated or insecure hardware components - Attackers also monitor Bluetooth frequencies being transmitted and conduct eavesdropping ## Section 20: Windows Security (OBJ 2.5) --- #### 195. Windows Security - JUST AN OVERVIEW OF WHAT TO EXPECT FROM THIS SECTION OF THE COURSE #### 196. Login Options - Three main types of [[Windows]] authentication that you can use to log in - [[Local Sign In]] - [[Local Security Authority (LSA)]] - [[Security Accounts Manager (SAM)]] - [[Network Sign In]] - [[Remote Sign In]] - Have to then decide what type of authentication method you're going to use to logon to the system - [[Usernames and Passwords]] - [[Widows Hello]] - [[Single Sign On (SSO)]] #### 197. Users and Groups - [[Local-only Account]] - [[Microsoft Account]] - Domain-based users can also create an account as part of the domain environment - Different user groups - [[Users]] - When creating a new user on a system, it should be placed into the standard user group - [[Administrator]] - By default, the first user on a system is placed in the Administrator group - Works at a higher level of permissions that can cause a lot of system damage - Runs a program using the user credentials, not the administrative credentials - [[Guest]] - Disabled on Windows 10 and 11 - [[Power User]] - Has the same permission level as the standard user group - [[User Account Control (UAC)]] - Click the **Change Account Type** button within UAC - These settings can be configured from "always notify" to "never notify" - Change the UAC configuration in the [[Windows Control Panel]] and select [[User Accounts Applet]] settings #### 198. Encrypting Windows Devices - [[Encrypting File System (EFS)]] - File or folder - [[BitLocker]] - Internal drive - [[BitLocker To Go]] - Removable drive #### 199. File Permissions - [[New Technology Filesystem (NTFS)]] - NTFS permissions can be assigned to a file or folder by using a user's account or group - Each object has an implicit deny to prevent using a permission - Explicit permissions set an allow or deny action - Permissions are cumulative - [[Shared Permissions]] - Share permissions that are used in NTFS permissions will be applied locally and over the network - Set at the root of the share and its subdirectories - The most restrictive will apply to files and folders that are accessed over the network #### 200. Microsoft Defender Antivirus - [[Windows Defender Antivirus]] #### 201. Windows Defender Firewall - [[Windows Defender Firewall]] - Built-in Windows 10 and 11 ## Section 21: Securing Workstations (OBJ 2.6 and 2.8) --- #### 202. Securing Workstations - JUST AN OVERVIEW OF WHAT TO EXPECT FROM THIS SECTION OF THE COURSE #### 203. Account Management - [[Account Management]] - Give the user the least amount of permissions to be able to do their job - File permission control allows to change whether the user can read, modify, or delete data file or folder [[NTFS Permissions]] - Set a good, long, and strong password for the administrator account - Disable the default admin account and create a new user account for better security - Guest accounts represent a significant security vulnerability - Restrict your login times if you want to have better security - Consider this based on your organization and the needs of your employees - Account disabled means the user cannot login until they contact help desk - With the lockout timer, the user has to wait 15 minutes to be able to re-login - Every Windows user can log into multiple systems using the same account in a domain environment - You can set the number of concurrent logins allowed - Limit of only one concurrent login - When it comes to account management, you need to consider the following: - User permissions - Admin user account - Disable guest accounts - Restrict login times - Failed login attempts - Concurrent logins - Timeouts and screen locks #### 204. AutoRun and AutoPlay - Anytime you install a new CD or DVD, it would read the contents of that disc automatically - This can lead to a huge vulnerability - Disable autoplay or autorun to increase security - ![[Pasted image 20241031114114.png]] - ![[Pasted image 20241031114120.png]] #### 205. Password Best Practices - Complexing Requirements - Expiration Requirements - Use of Passwords - To configure password policies, use [[Group Policy Editor]] #### 206. Encryption Best Practices - [[Unencrypted Data]] - [[Encrypted Data]] - Encryption is a form of risk mitigation - Three different [[Data States]] that your data will be moving between - [[Data at Rest]] - Many different types of encryption used to support the confidentiality of data at rest - Full Disk encryption - Folder encryption - File encryption - Database encryption - [[Data in Transit (Motion)]] - [[Data in Use (Processing)]] #### 207. End User Best Practices - Anytime you're not using a system, you should log off or lock your computer - Enabling a screensaver lock will lock your desktop after a period of inactivity - Secure personally identifiable information - Clean desk policy ensures everything on your desk is put away by end of day - Log off if you will be gone for more than a few minutes - Critical hardware like laptops must be in your possession or properly secured at all times - You want to make sure that data is always protected #### 208. Data Destruction - Asset disposal occurs whenever a system is no longer needed - [[Degaussing]] - [[Purging (Sanitizing)]] - [[Clearing]] - Data remnants are a big security concern - Ensure all data remnants had been removed using overwriting procedures - Possible reuse of the device will influence the disposal method 1. Define which equipment will be disposed of 2. Determine a storage location until disposal 3. Analyze equipment to determine disposal method 4. Sanitize the device and remove all its data 5. Throw away, recycle, or resell the device #### 209. Data Destruction Methods - [[Degaussing]] - [[Purging (Sanitizing)]] - [[Clearing]] - Recycling or repurposing electronics methods: Erasing/Wiping (standard formatting or low level formatting) - Physical destruction methods: drilling, shredding, incinerating, and degaussing - [[Erasing (Wiping)]] - Forensic experts can recover some hidden data overwritten with a series of ones and zeroes - Don't work as well with solid state devices - Use Format from the Windows [[Command Prompt]] to erase the contents of the hard drive - Using a standard formatting procedure, you will have better data destruction than you have with a simple erasing or wiping - [[Low Level Format]] - Two main types to be used: - [[Secure Erase]] - If you don't let this procedure actually finish, you'll have a drive that is no longer functional and no longer usable for anything - [[Crypto Erase]] - [[Self Encrypting Drive]] - [[Degaussing]] - This does not work if you're using optical media or solid state drives 1. Electronic method: will allow you to reuse or recycle those different drives 2. Physical Method: drilling, shredding, incinerating, degaussing ## Section 22: Securing Web Browsers (OBJ 2.10) --- #### 210. Securing Web Browsers - Many web browsers, but there are four that are considered the biggest - [[Chrome]] -> [[Google]] - [[Firefox]] -> [[Mozilla]] - [[Microsoft Edge]] -> [[Microsoft]] - [[Safari]] -> [[Apple]] - JUST AN OVERVIEW OF WHAT TO EXPECT FROM THE SECTION OF THE COURSE #### 211. Web Browser Installation - [[Trusted Sources]] - Things that are downloaded from these sources provide a [[Hash Value]] - Download from the official app stores either on [[Windows]] or [[Mac]] or go to the official websites #### 212. Extensions and Plug-ins - Extensions and plug-ins are often used interchangeably but on different [[Web Browser|web browsers]] they are used differently - [[Extensions]] - Change the browser's features or behavior by giving it additional capability - [[Plug In]] - Work in the background to help you do things like video streaming - [[Themes]] - Change your browser's look - You can change you default search engine - Applications to keep things like document editing in your browser, even for offline use #### 213. Password Managers - [[Password Manager]] - Memorizing a master passcode while the rest are saved for you is a much better method than using the same password everywhere #### 214. Encrypted Browsing - How to check if you have a secure connection over the [[Internet]] to a website - The [[Digital Certificate]] will tell you if your connection to a is secure - Little lock in the address bar will tell you if you have a secure encrypted connection - ![[Pasted image 20241031175040.png]] - If connection is not secure, an error will occur: - ![[Pasted image 20241031175056.png]] #### 215. Private Browsing - [[Private Browsing]] - Even in private browsing, you are still being watched online #### 216. Pop-up and Ad Blockers - Some fake ads will bring you to fake websites to urge you to buy fake products online - Ad blockers aren't for being annoyed with advertising, rather because criminals have been using ads to get to people #### 217. Cache and History Clearing - [[Cache]] allows you to view the same website multiple times without having to redownload images or videos on that site - [[History]] keeps track of all websites you've been to, unless you clear it - All of this is stuff people can use to get an idea of what you do, so it is also a good idea to clear you browser history sometimes #### 218. Profile Synchronization - [[Profile]] - A way to keep your personal and work life separate to avoid problems in the future ## Section 23: Supporting Network Operations (OBJ 4.1 and 4.2) --- #### 219. Supporting Network Operations --- JUST AN OVERVIEW OF WHAT TO EXPECT FROM THIS SECTION #### 220. Ticketing System --- [[Ticketing Systems]]. These systems show user information. User could contact the help desk via phone, email, chat or through a ticket via the ticketing system Newly created tickets show user history. Will have the ability to see a users name and contact details Besides gathering user information, you need to gather device information [[Incident|Incidents]] vs [[Problem|Problems]] Will also have a description of the problem. Gather more details or information about the problem Also have the ability to categorize different tickets (different use cases or different departments) Three type of ticket types: 1. [[Requests]] 2. [[Incident]] 3. [[Problem]] Every organization configures different categories based on their own business needs Each ticket is going to have a [[Severity Level]] assigned to it. Assigning severity levels can be done individually or with modern ticketing systems Escalation procedures is when you escalate a problem to someone with more knowledge. The prioritization of what problems a technician is working on to maximize efficiency [[Shifting Left]] Should add Problem Description, Progress Notes and Problem Resolution in your ticketing notes #### 221. Using a Ticketing System --- JUST AN OVERVIEW OF A TICKETING SYSTEM #### 222. Knowledge Base Articles --- [[Knowledge Based Articles]]. Going to give you a lot of helpful information for your customers and employees to be able to find the answers they need to be able to solve problems by themselves - Will include Solution Articles, FAQs, Product Manuals, Tutorials, Videos, Demonstrations, and Troubleshooting Guides Internal Knowledge base for the support agents - Internal -> Staff - External -> Public Must ensure the knowledge base is properly tagged, categorized, and searchable Reduces the support workload 1. Provides good self-service 2. Lowers the amount of work 3. Lower the product cost 4. Quick onboard and training experience #### 223. Asset Management --- [[Asset Management]] can be applied to tangible assets and intangible assets Need to have a complete inventory list of all the assets in your organization [[Database System]] Allows the [[Ticketing Systems]] to associate the user with the workstation that is having the issue Assets are identified via an [[Asset Tag]] and [[Asset ID]] - Having an asset tag with a unique ID ensures having a good asset governance Establish good change management practices Important to think about the [[Procurement Lifecycle]] when it comes to an asset - [[Procurement]] - [[Deployment]] - [[Maintenance]] - [[Disposal]] Assets will come with some kind of Warranty and Licensing #### 224. Change Management --- [[Change Management]]. The scope of change management is defined by each organization [[Change]] - [[Standard Changes]] - [[Normal Changes]] - [[Emergency Changes]] - Going to work through an Emergency Change Advisory Board (ECAB) Major changes need a higher level of approval [[Change Authority]] When working with large system networks, use normal change [[Change Schedule]]. Informs everybody what's happening. Also ensures we have the resources to implement the changes #### 225. Conducting Change Management --- A change is initiated by submitting a change request using a [[Change Request Form]] A change request is generated whenever there's a fault that needs to be fixed, new businesses need/processor planned improvement to be made to an existing system Process: 1. Write the changes to be made and justify - ![[Pasted image 20241101193957.png]] 2. Assessment of the change request - ![[Pasted image 20241101194042.png]] 3. Approval of change request by the Change Advisory Board - ![[Pasted image 20241101194426.png]] - [[Back Out (Rollback) Plan]] - Should always be had Use sandbox testing [[End User Acceptance]] #### 226. Documentation Types --- [[Acceptable Use Policy (AUP)]] - Each organization sets up rules based on workflow and company values - Enforced by the organization to govern its employees and users - Regulatory Compliance Requirements are sometimes found here - [[Splash Screen]] - Will bring up a small paragraph with text that provides some legalistic language that tells you that you are agreeing to the acceptable use policy every time you log onto that computer - ![[Pasted image 20241101195722.png]] [[Standard Operating Procedure (SOP)]] - New User Set-up Checklist and Procedures - [[End User Termination Checklist and Procedures]] - Software installation procedures - Verify the system requirements - Validate the download source - Verify files - Verify software license - Ensure proper installation - Provide training and support - Will vary depending on the organization - Follow the SOP checklist for new users and end users [[Incident Report (After Action Report) (AAR)]] - Anytime we have a major incident that has caused some kind of outage, we need to know what cause that - Figure out the cause - Writeup about what happened, what caused the incident, and what we can do to prevent it in the future [[Network Topology]] - Going to used to model your physical and logical relationships at different levels of scale and detail across your organization - One diagram for logical connections and another for physical connections - [[Logical Diagram]] - ![[Pasted image 20241101201026.png]] - [[Physical Diagram]] - Layer 1 of the [[OSI Model]] ## Section 24: Backup, Recovery, and Safety (OBJ 4.3) --- #### 227. Backup, Recovery and Safety --- [[Backup]] [[Recovery]] JUST AN OVERVIEW OF WHAT TO EXPECT FROM THIS SECTION #### 228. Backup and Recovery --- Anytime you have a server or workstation that has critical data on it, you always want to ensure that you're doing the proper backups on it [[Backup]] - [[Full Backup]] - takes up a lot of space - take a long time - [[Incremental Backup]] - Only going to copy any files that have changed since the previous backup, which is usually done the day before - [[Differential Backup]] - Only going to copy any files that has changed since the previous full backup. - [[Synthetic Backup]] - You're not tying up the server by doing a lot of read/write operations, and to copy everything off of the server - [[Archive Attribute]] - Will get cleared when you do a full or incremental backup #### 229. Backup Schemes --- Important to think about the frequency of your backups [[Frequency]] - Has to be defined base on operational needs - Depends on how much work you can afford to lose [[On Site]] [[Off Site]] [[Grandfather Father Son (GFS)]] - The son tapes will store your most recent data and they have the shortest retention period - The father is considered the middle generation - The grandfather tapes will have the longest retention period - Can be modified based on your own needs for retention, as well as for frequency of backups [[3-2-1 Backup Rule]] - Can be used in combination with GFS A backup can never be called good until you've tested that it actually works #### 230. Redundant Power --- [[Redundant Power Supply]] - Mitigates a single point of failure [[Surge]] [[Spike]] [[Sag]] [[Brownout]] [[Blackout]] [[Uninterruptible Power Supply (UPS)]] [[Backup Generator]] - Portable Gas Engine - Permanently Installed - Battery Inverter #### 231. Electrical Safety --- Two main areas - [[Equipment Grounding]] - Make sure equipment is properly grounded when installing racks of servers or equipment - Never disconnect the ground wire - [[Proper Power Handling]] - Never work on a power supply unless you are certified and properly trained to do it - Never insert anything into the power supply area of a computer #### 232. Component Handling and Storage --- [[Electrostatic Discharge (ESD)]] - To prevent from happening, you need to ensure you take the proper safety precautions 1. Work in a room that is set up properly to reduce ESD 2. Take out anything that can help create static electricity 3. Always properly handle components by using ESD safe equipment - Another large cause of ESD is anything that has a mechanical motor - Try and reduce static electricity as much as possible #### 233. HVAC Systems --- Make sure HVAC systems are running to protect the servers, workstations, and other equipment Sensitive computer equipment, including servers, computers, and networking gear, release a lot of heat during their operation These systems also helps with the humidity levels in server rooms and communication closets Humidity levers of around 40% to 60% using your HVAC systems Many organizations will connect their HVAC systems to [[Industrial Control System (ICS)]] or [[Supervisory Control and Data Acquisition (SCADA)]]networks Depending on your system's capabilities, you may have to make some choices as to which servers can remain online Place systems and servers in the right location and provide adequate power and cooling #### 234. Proper Handling and Disposal --- Compliance with government regulations - Health and Safety Laws - Ensures we keep our workplace hazard-free and everything is safe and sound - Building Codes - Something that are defined at the local, state and national level - Environmental Regulations - Need to be aware of the [[Material Safety Data Sheet]] - How you can properly dispose of those components - Batteries are made up of chemicals that are dangerous to the environment - Swollen or leaking batteries should be bagged and properly stored in an appropriate container - Needs to be disposed using the proper waste management methods or recycling - Most vendors that you buy your [[Toner]] from will have some sort of recycling program - Whenever you're disposing a [[Toner Cartridge]] or recycling it, you should always wrap it up - Take them to the proper recycling location or waste management area - Make sure you're in compliance with government regulations #### 235. Personal Safety --- All of the different things you should be aware of as a technician that could harm you when you're working in the field One of the most common injuries is caused by lifting things improperly [[PC Vacuum Cleaner]] ![[Pasted image 20241101233931.png]] ## Section 25: Policy and Privacy Concepts (OBJ 4.6) --- #### 236. Policy and Privacy Concepts --- JUST AN OVERVIEW OF WHAT TO EXPECT FROM THIS SECTION OF THE COURSE #### 237. Incident Response Plan --- Our systems will never be 100% secure [[Incident Response]] [[Incident Management Program]] - Preparation - [[Identification]] - [[Containment]] - [[Eradication]] - [[Recovery]] - [[Lessons Learned]] #### 238. Chain of Custody --- [[Chain of Custody]] Specialized evidence bags ensure electronic media cannot be damaged or corrupted by [[Electrostatic Discharge (ESD)]] [[Faraday Bag]] Criminal cases or internal security audits can take months or years to resolve [[Legal Hold]] Have spare hardware and goods backups of your systems #### 239. Order of Volatility --- [[Data Acquisition]] - Do I have the right to search or seize this legally? - Any evidence gathered without proper authority or permission can be inadmissible in court [[Order of Volatility]] - ![[Pasted image 20241102204313.png]] - Registers and [[Cache]] can only be collected when the computer is powered on - Contents of the [[Random Access Memory (RAM)|RAM]] will be lost if the computer is turned off - These temporary files are often overwritten during system operation - Data on physical configuration and network topologies help provide context to an investigation Some key areas (like HKLM/Hardware) are only stored in the memory, so analyze the [[Registry]] using a memory dump #### 240. Data Collection Procedures --- Create a forensic disk image of the data as evidence ![[Pasted image 20241102205010.png]] #### 241. Conduct Disk Imaging --- JUST AN OVERVIEW OF DISK IMAGING #### 242. Licensing, EULA, and DRM --- [[Proprietary Software]] [[Open Source]] - A lot of open source projects that are not free [[Personal License]] [[Corporate License]] Active users are people who are actually logged in at this moment using that piece of software Licenses provide the legal access to use a software, and also the privilege of getting all the updates and security patches Most software licenses are going to be issued out for a certain period of time [[End User License Agreement (EULA)]] Always understand what is covered inside the EULA [[Digital Rights Management]] DVDs were region locked and only allowed to be sold in certain regions based on the licensing You may come across issues where some of your users aren't able to play a certain type of file because there's DRM enabled There are many digital formatted files that are protected by DRM #### 243. Data Classification --- Data classification is based on its value to the organization and the sensitivity of the information if it were to be disclosed - [[Public Data]] - [[Sensitive Data]] - [[Private Data]] - [[Confidential Data]] - [[Unclassified]] - [[Controlled Unclassified Information (CUI)]] - [[Confidential Data]] - [[Secret Data]] - [[Top Secret Data]] #### 244. Data Retention --- [[Data Retention]] [[Data Preservation]] [[Short Term Retention]] [[Long Term Retention]] All of your backups are going to take up valuable storage space - Back up everything you're legally required to based on your retention policies - Back up what you need based on corporate policies or operations [[Recovery Point Objective (RPO)]] - Helps drive the recovery window or the redundancy decisions made in your business #### 245. PII, PHI, and PCI-DSS --- [[Data Type]] [[Health Data]] - Protected by [[Health Insurance Portability and Accountability (HIPAA)]] [[Financial Data]] [[Payment Card Industry Data Security Standard (PCI DSS)]] [[Intellectual Property]] - Protected by a Copyright, Patent, Trademark or Trade Secret [[Personally Identifiable Information (PII)]] - [[Microsoft|Microsoft's]] data loss prevention system (DLP) [[Data Format]] - [[Structured Data]] - [[Unstructured Data]] #### 246. Security Policies --- Privacy policies govern the labeling and handling of data [[Acceptable Use Policy (AUP)]] [[Change Management]] [[Separation of Duties]] [[Job Rotation]] [[Onboarding and Offboarding Policy]] [[Due Diligence]] [[Due Care]] [[Due Process]] - Protects citizens from their government and companies from lawsuits ## Section 26: Scripting (OBJ 4.8) --- #### 247. Scripting --- [[bat (Batch File)]] [[ps1 (Powershell)]] [[vbs (Visual Basic)]] [[sh (Bash Script)]] [[js (JavaScript)]] [[py (Python)]] [[Pseudocode]] #### 248. Script File Types --- [[Shell Script]] - [[bat (Batch File)]] - Can be used on any [[Windows]]-based computer and can be operated from the command line environment [[ps1 (Powershell)]] [[vbs (Visual Basic)]] - Can be run from other applications such as [[Microsoft]] Word, Excel, and other MS office products [[sh (Bash Script)|Linux Shell Script]] [[js (JavaScript)]] - Used on websites and web applications as well as in scripting languages on [[macOS (OSX)]] and servers [[py (Python)]] - cross platform ![[Pasted image 20241102222654.png]] #### 249. Variables --- [[Variable]] - Can change throughout the execution of the program - How do we define the value of variables and constants? - ![[Pasted image 20241102222747.png]] - [[Boolean]] - [[Integer]] - [[Float]] - [[Character]] - [[String]] - [[Constant]] #### 250. Loops --- [[Loop]] - [[For Loop]] - [[While Loop]] - [[Do Loop]] #### 251. Logic Control --- [[Logic Control]] #### 252. Bash Script Example --- Identify the basics of scripting [[echo]] if (condition) -> Logical construct $1 -> variable #### 253. Automation Scripting --- [[Basic Automation]] [[Machine Restart]] [[Network Drive Remapping]] [[Application Installation]] Update and Security Patch Installation Backup Automation - [[copy]], [[xcopy]] or [[robocopy]] using [[Powershell]] or [[bat (Batch File)]] - [[cp]] using [[sh (Bash Script)]] [[Task Scheduler]] -> Windows [[Crontab]] -> Linux Information Gathering Using automation and scripting can make life easier #### 254. Scripting Considerations --- ![[Pasted image 20241102230133.png]] Read the scripts and understand what they do before running them Inadvertently changing system settings disables system protection When running a script, use the least permissions needed Depleting hard drive storage space occurs because log files or temporary files are created as part of the scripting process Faulty loops could lose network resources or memory resources Incorrect API calls can cause the [[Web Browser|web browser's]] file explorer or command interpreter to crash ## Section 27: Remote Access Support (OBJ 4.9) --- #### 255. Remote Access Support --- JUST AN OVERVIEW OF WHAT TO EXPECT FROM THE SECTION OF THE COURSE #### 256. Remote Access Protocols --- These different methods allow a client to access a server or a network device remotely over the network [[Telnet]] - ![[Pasted image 20241103163547.png]] - Sends everything in plain text (unencrypted) - Should never be used to connect to secure devices [[Secure Shell (SSH)]] - Much better security than Telnet - Ensures you have a encrypted connection to a device [[Remote Desktop Protocol (RDP)]] - [[Proprietary Software]] developed by [[Microsoft]] - Provides the user with a [[Graphical User Interface (GUI)]] - By default, not a secure protocol [[Remote Desktop Gateway (RDG)]] - Creates an encrypted tunnel using [[Secure Socket Layer (SSL)]] or [[Transport Layer Security (TLS)]] using RDP - Control access to network resources based on permissions and group roles - Maintain and enforce authorization policies - Monitor the status of the [[Default Gateway]] and any RDP connections [[Virtual Private Network (VPN)]] [[Virtual Network Computing (VNC)]] - Operates a lot like RDP - Cross platform [[Virtual Desktop Infrastructure (VDI)]] - Form of virtualization - Allows a specific desktop image to be run within a [[Virtual Machine]] over the network - [[Desktop as a Service (DaaS)]] [[In Band Management]] [[Out of Band Management]] - Considered a best practice in security - Prevents a regular user's machine from connecting to the management interface of your devices - Provides the separation of data between the production networks and management networks - Add additional costs to the organization [[Authentication]] [[Authorization]] [[Password Authentication Protocol (PAP)]] - Insecure choice for any modern network and should never be used [[Challenge Handshake Authentication Protocol (CHAP)]] - Improvement over PAP [[Extensible Authentication Protocol (EAP)]] - Use EAP/TLS in conjunction with a [[Remote Authentication Dial-In User Service (RADIUS)]] or [[Terminal Access Controller Access-Control System Plus (TACACS+)]] server #### 257. Connecting to a VPN --- JUST AN OVERVIEW OF CONNECTING TO A WORKPLACE USING A VPN #### 258. Remote Monitoring and Management --- [[Remote Monitoring and Management]] - Known as RMMs #### 259. Microsoft Remote Assistance (MSRA) --- [[Microsoft Remote Assistance (MSRA)]] - Passcode is around 12 characters long and written in alpha numeric characters #### 260. Other Remote Access Tools --- [[Screen Sharing Software]] - Doesn't have the ability to control what others are seeing on the screen - You can use a non-persistent web application in order to be able to do the remote screen sharing [[File Transfer Software]] - Nearby sharing is Microsoft's version of [[AirDrop]] and it works by using [[Bluetooth]] and [[Wi-Fi Direct]] connections between devices - For Bluetooth-enabled sharing on [[Android]] devices, you'll use a function knows as Nearby Share - If you're located across the world, you'll have to use a file transfer like [[File Transfer Protocol (FTP)]], [[Secure File Transfer Protocol (SFTP)]] or [[Secure Shell (SSH)]] in order to send those files #### 261. Desktop Management Software --- [[Desktop Management Software]] - Also known as Unified Endpoint Management (UEM) - Similar idea to [[Mobile Device Management (MDM)]] - Essentially the desktop version or laptop version of MDM - Having an agent installed on each and every individual workstation or laptop - Agents are known as [[Endpoint Detection and Response (EDR)]] - Any kinds of viruses or malware or any system configurations that are going outside of baseline will be detected and reported back to the central tool suite - Will also be able to report statuses, gather log data, and conduct inventories of information on the system and then report that back to the centralized database that is managed by the UEM - Has the ability to pus deployment techniques for any upgrades, updates or security definitions - The ability to create access control rules that will prevent different workstations from being able to join the network ## Section 28: Troubleshooting Windows (OBJ 3.1) --- #### 262. Troubleshooting Windows --- JUST AN OVERVIEW OF WHAT TO EXPECT FROM THIS SECTION OF THE COURSE #### 263. Boot Issues --- [[Basic Input Output System (BIOS)]] or [[Unified Extensible Firmware Interface (UEFI)]] will go through and do a [[Power-On Self-Test (POST)]] to verify that all system components are working properly BIOS -> [[Master Boot Record (MBR)]] - The firmware will look through the storage device and identify where MBR is, which is always going to be located in the first sector of that disk - Once identified, it will then be able to identify which [[Operating System (OS)]] is supposed to be booted from that master boot record and then turn over control to it - [[Windows]] -> bootmgr.exe (Boot manager for Windows) - Will read information from the [[Boot Configuration Data (BCD)]] file - Once the BIOS has identified the location of the bootmgr.exe and it has read the BCD file, it will load the Windows [[Boot Loader]] - Windows -> winload.exe (will boot up the window system) - Loads up the [[Kernel]], hardware abstraction layer and boot device drivers UEFI -> [[GUID Partition Table (GPT)]] - Will look for a GPT on the boot device. Once loaded, from the EFI system partition, will load up the EFI boot manager and the BCD - \EFI\Microsoft contains BCD and bootmgfw.efi files Boot issues - Failure to boot - This used to happen because the boot order inside the BIOS or UEFI was set incorrectly - Remove any external devices - Set the boot order to always go to the internal storage drive first - No OS found - The disk drive doesn't have an operating system installed - Need to make sure OS was properly installed - BIOS -> make sure MBR exists on device - UEFI -> make sure GPT exists on device - Use a startup repair tool to open the recovery command prompt, and then use bootrec in order to be able to repair the drive's boot information - bootrec /fixmbr - Repairs the master boot record (DO NOT USE IF YOUR DISK IS USING UEFI) - bootrec /fixboot - System will attempt to repair any of the boot sector that has been corrupted or infected (USE ON UEFI) - bootrec /rebuildbcd - adds missing Windows installations to the boot configuration database - [[diskpart]] - [[Graphical User Interface (GUI)]] failing to load or a black screen - Usually indicates that there's some kind of an issue with the graphics driver or the system has some kind of a misconfiguration or corruption - Reboot the system into safe mode - **START** + **CTR_SHIFT** + **B** - Will test if the system is responsive - Will beep Check Disk Command: [[chkdsk]] System file checker: [[sfc]] #### 264. Boot Recovery Tools --- Advanced Boot Options -> Hit **F11** when restarting - ![[Pasted image 20241103181359.png]] - ![[Pasted image 20241103181419.png]] - ![[Pasted image 20241103181426.png]] - ![[Pasted image 20241103181441.png]] Startup Repair Tool - Accessed in the Recovery environment - ![[Pasted image 20241103181609.png]] - Automated set of scripts and tools that will go through and try to diagnose and fix any issues Recovery Environment - ![[Pasted image 20241103181714.png]] - ![[Pasted image 20241103181720.png]] - Also known as WinRE - Gives you a lot of different areas and tools that could be used to troubleshoot problems You have a few different options for boot recovery tools, including advanced boot options, startup repair and the WinRE #### 265. Update or Driver Rollback --- Sometimes system updates may cause problems for your device, and to fix that, we roll back the updates Go into the [[Programs and Features]] and then view installed updates - ![[Pasted image 20241103181951.png]] [[Device Driver]] - If you're having any issues with a device, you may have to rollback it's driver - [[Device Manager]] - ![[Pasted image 20241103182230.png]] #### 266. System Restore --- [[System Restore]] - Built in function in [[Windows]] - ![[Pasted image 20241103182428.png]] - ![[Pasted image 20241103182436.png]] - ![[Pasted image 20241103182455.png]] - ![[Pasted image 20241103182531.png]] - ![[Pasted image 20241103182541.png]] #### 267. System Reinstall or Reimage --- When you're doing a system restore, you're only restoring the configurations and the files for the system itself In a [[System Reinstall]], you're reinstalling a brand new version of [[Windows]], and then you'd have to bring in your files afterwards from a known good backup [[System Image]] - ![[Pasted image 20241103183151.png]] - ![[Pasted image 20241103183203.png]] - ![[Pasted image 20241103183213.png]] - ![[Pasted image 20241103183301.png]] - ![[Pasted image 20241103183318.png]] - ![[Pasted image 20241103183452.png]] System Reinstall - ![[Pasted image 20241103183650.png]] - ![[Pasted image 20241103183655.png]] - ![[Pasted image 20241103183719.png]] #### 268. Performance Issues --- Your profiles are gonna contain all the information for a particular user on a Windows system Enabling [[Verbose Mode]], the system will display status messages that reflect every step of the process of starting up, shutting down, logging on, or logging off the system Open up the [[Task Manager]] whenever someone complains about sluggish performance to get detailed information about it's performance If an application is using more [[Random Access Memory (RAM)|memory]] than before, it could mean that it needs an update - Updates give you better memory and CPU utilization and performance Run [[Disk Fragmentation]] tool if you are having issues with your [[Hard Disk Drive (HDD)]] Could also disable applications from automatically run on start up Could also check your system for viruses by using scanning your computer with an [[Antivirus]] #### 269. System Fault Issues --- System Fault Issues occur anytime there is some kind of an issue inside of Windows that stops the system from functioning Could be caused because of memory, [[Processor]] or application issues ![[Pasted image 20241103185623.png]] [[Blue Screen of Death (BSOD)]] #### 270. System Instability Issues --- [[System Instability]] - Can be caused by a hardware or a software issue - Hardware -> Overheating, power, processor - Software -> Corrupted [[Kernel]] files - [[Windows Memory Diagnostic Tool]] - ![[Pasted image 20241103190046.png]] - If there are any issues found, shut down the computer, take out the memory, and put it back - [[sfc]] - sfc /scannow - Scans all of your protected system files and repair any that it finds that are corrupted - sfc /verifyonly - Scans files for problems but not fix them automatically - sfc /scanfile (path) - Will scan and repair a specific file - sfc /verifyfile (path) - Will scan and verify file integrity without repair - [[Universal Serial Bus (USB)]] devices could have problems as well - Could be a problem with the actual USB bus or the driver for the device - Use the Windows Update Tool or the vendor's website for the latest chipset or system drivers - Go to [[Device Manager]] and uninstall the USB host controller device - Disable the USB selective suspend power management - Powered hub gets its power from the USB, as well as when plugged into a wall outlet #### 271. Application and Service Issues --- Application Crashes - Priority should be to preserve as much data as possible - Uninstall the program, reboot, and re-install - Means that the application or its underlying files have become corrupted Services Startup Failures - Check [[Event Viewer]] to see why they failed to start - Manually start the service from the [[Services Tool]] - If it doesn't start, bigger issue at play - Some services are interlinked and work together - Sometimes, two services conflict with each other - If you have conflicting services, you need to disable one service in order to be able to turn on the other one - Service may be trying to run with the wrong level of permissions - Core functions inside Windows run as services - Use the [[Registry]] Server (regsvr32) to register the [[Dynamic Link Library (DLL)]] Time drift within the [[Operating System (OS)]] - Operations inside a computer require timing - Computers either have a [[Complementary Metal-Oxide-Semiconductor (CMOS)]] batter or a [[Real-Time Clock (RTC)]] - RTC is powered by a batter on the motherboard - Is an indication that the battery on the [[Motherboard]] has died ## Section 29: Troubleshooting Workstation Security (OBJ 3.2) --- #### 272. Troubleshooting Workstation Security --- Malware Removal Process 1. Investigate and identify [[Malware]] symptoms 2. Quarantine the infected systems 3. Disable [[System Restore]] in [[Windows]] 4. Remediate the infected system 5. Schedule scans and run updates 6. Enable system restore and create a restore point in Windows 7. Educate the end-user #### 273. Malware Removal Process --- CompTIA's 7 step Malware removal process: 1. Investigate and identify [[Malware]] symptoms - use an [[Antivirus]] to identify malware - Having a [[Rootkit]] means it has already infected the [[Operating System (OS)]] where the anti malware solution runs, and the anti malware solution won't be able to detect the rootkit 2. Quarantine the infected systems - system is now considered to be under suspicion and want to get it away from other machines, preventing them from being able to send data to other machines - Move the system into a logically or physically isolated secure segment of the network - or into a [[Sandbox]]. Protects the rest of the systems from getting infected - if you think the malware came from a [[Universal Serial Bus (USB)]] or CD, scan the computer on a trusted system in a sandbox environment 3. Disable [[System Restore]] in [[Windows]] - Want to make sure that you are not creating snapshots of Windows in the infected state (stop making backups of the system) - Turn off automated backup systems, such as could and external disk backups 4. Remediate the infected system 1. Update anti malware software (4A) 2. Scanning and removal techniques (4B) - Reboot in safe mode and run the scanning and removal tools - Run [[Task Manager]], [[Windows Registry|regedit]], and msconfig to turn off different services and background tasks - Boot the computer using a Windows recovery media disc or a Windows installation disc - Re-image or re-install the system from a good backup or installation disc 5. Schedule scans and run updates - Want to make sure the system is protected from now on - Schedule scans on a daily basis - Configuring scanning on access allows to scan download files 6. Enable system restore and create a restore point in Windows - Re-enable system restore and create a restore point - Name it: Restore Point after Malware Removal - Turn on automated backups again and validate critical services 7. Educate the end-user - Educate the user to prevent this from happening again - How to verify if a website is actually a website - How to set up and configure a [[Password Manager]] - How to identify [[Phishing]] attempts in an email - Provide anti-phishing training - Proper user of social networking and how to tell if something is a scam or trustworthy - Educate on the proper use of [[Virtual Private Network (VPN)]] [[Windows Defender Antivirus]] used to find malware on Window's systems - Call Malware a Potentially Unwanted Application (PUA) #### 274. Infected Browser Symptoms --- If a piece of malware is able to infect a [[Web Browser]], the threat actor could conduct an [[On Path Attack]] Signs of an infected browser: - Frequent and random pop-ups - Installation of additional toolbars - Change in homepage or search provider - Different search results - Slow performance - [[Browser Redirection]] - Happens in conjunction with [[Phishing]] and [[Pharming]] 1. Typed in the wrong address <- manual redirection 2. Automatic redirection 3. [[Host File]] infection - ![[Pasted image 20241104154959.png]] - Certificate warnings - Scan the system, uninstall, and reinstall the browser - If you are in Washington DC, use google, and the results come back in a different language, could mean there is a problem. Indicates that you have been infected with some kind of malware that has installed a proxy - Check [[Proxy Settings]] and verify that no proxy is being used Troubleshoot When you're completely cut off from the network: 1. Check physical connections 2. Check network settings 3. Reboot the device 4. Run an anti-virus scan (if you suspect malware has infected the network) 5. Observe network traffic #### 275. Alerts and Notifications --- If you see a lot of alerts and notifications, could indicate that you have been infected with some kind of malware - Malware will be downloaded and then try to reinstall itself or spread across the system by installing additional programs - [[Stage 1 Dropper]] - [[Stage 2 Payload]] - Dropper is installed, and will reach out to download a larger program (the [[Payload]]) that will be executed - Will cause many alerts to occur - If you didn't try opening a program, good indication that malware is on the system - [[Rogue Antivirus]] #### 276. OS Update Failures --- Another sign that your system is infected with malware is the inability to update your [[Operating System (OS)]] - Reverting to a known good [[Backup]] - Running [[sfc]] - If services have failed to start because of malware, turn off the services and run the system file checker to fix it - Go through the seven step malware removal process to remove malware #### 277. File System Issues --- Another sign that your system is infected with malware is when you start seeing [[File System]] errors - Missing Files [[Dynamic Link Library (DLL)]] - Renamed files - Files that have names to other files already on the system - Files with different endings - Files with date/times that aren't matching ## Section 30: Troubleshooting Mobile Issues (OBJ 3.4) --- #### 278. Troubleshooting Mobile Issues --- JUST AN OVERVIEW OF WHAT TO EXPECT FROM THIS SECTION OF THE COURSE #### 279. Resetting or Rebooting --- When you're troubleshooting a mobile device, a lot of issues could be solved by just simply rebooting the device - Clears out caches and memory - On [[Android]] devices, reboot into safe mode - [[Reset]] - After the factory reset is complete, the devices will reboot and bring you into a setup menu for you to be able to do an initial configuration #### 280. Mobile OS Update Failures --- Always important to update your mobile device's [[Operating System (OS)]] - Adding new features - Fixing vulnerabilities and bugs 1. You may be trying to install an update that isn't available - check what are the minimum requirements for that version of the OS - Always verify the update you're trying to install is compatible with the device model 2. Check if you have enough power to install that update 3. Check your network connectivity 4. The server you're trying to download from can just be really busy 5. You don't have enough storage space available - Remove some of your files in order to free up some storage space - Make sure you troubleshoot and solve the issue quickly #### 281. Mobile Performance Issues --- The device can either randomly reboot or be slow to respond - Randomly rebooting: - Overheating - If the phone gets too hot, the device will actually try to reboot itself or just shut itself off and not turn itself back on until the device cools down - Low Battery - Faulty hardware component - This can cause the [[Kernel]] inside of the operating system to panic - Use a third-party diagnostic application that can run a report on the hardware to determine if there's any kind of issue - Storage Space - Failed Update - Faulty app - Slow to Respond: - Device that is operating slowly can be caused by different things; including [[Processor]] throttling - The device will slow down first, and then if you don't solve the problem, it will escalate into the device randomly rebooting - See how many applications are open, and then close out the ones that are not needed - If a code was written in a less efficient way, this can cause applications and programs to run much more slowly - Find a different application that does the same function or uninstall that application The device starts to operate slowly, and if it progresses, it can turn into random reboots #### 282. Mobile App Issues --- Applications that fail to launch - When apps don't launch or operate properly, clear out the [[Cache]] for those applications Applications that fail to close Applications that crash Applications that fail to update - Verify the application works on your version of the OS - Running out of storage space on your device - An application will fail to update if you don't have a valid network connection Delete the application and then re-install it Application issues could sometimes be caused by your company - [[Mobile Device Management (MDM)]] prevents certain applications from being installed - Some mobile device management software can also turn off certain functions or features #### 283. Mobile Connectivity Issues --- [[Cellular]] - Smartphones have an imbedded cellular modem, and if you have issues with that modem, you're not gonna be able to make and receive phone calls, send and receive text messages, or be able to receive mobile data - Verify that you have the correct settings for your cellular device - Check your network selection - Verify that you're not in [[Airplane Mode]] [[Wi-Fi (Wireless Network)]] - Provided by an 802.11 wireless card embedded inside your mobile device - Important to check that your Wi-Fi is still enabled - If your Wi-Fi antennas are damaged, you will be unable to connect to the network - You'll often get a weaker signal strength when communicating over Wi-Fi on a mobile device - Using a thick type of protective case on a smartphone will also reduce the amount of distance that a signal can travel [[Bluetooth]] - Smartphones have a Bluetooth transceiver that will allow you to send and receive data using Bluetooth - Provides a shorter coverage area -> between 10-30ft of distance - Remove the Bluetooth pairing by forgetting that Bluetooth device and then reconnecting to in and re-pairing with it [[Near-Field Communication (NFC)]] - Used for contactless payments or the contactless transfer of data between mobile devices - Short distance -> inches - Verify that your airplane mode is not activated Wireless File Transfers - [[AirDrop]] - Either the receiver is in the contact list, or enabled to receive files from everybody Check if airplane mode is enabled Forget that connection and then repair with the [[Wireless Access Point]] or device that you're trying to communicate with #### 284. Mobile Battery Issues --- Battery drainage: - Configuration of an application was done incorrectly - Too many applications in the background - Display is set too high - The lower in brightness, the longer the battery lasts - Phone doesn't have signal and continually tries to find a tower - Phone has an application or malware that's continually running - Battery becomes weaker overtime because of extreme temperature - Keep batteries and other electronic devices to 10-38 degrees Celsius - Battery is at the end of it's life cycle - Last from 3-5 years Proper charging and discharging of the battery will increase the lifespan of it Let the battery drain to about 20% before recharging to increase the battery's lifespan Smart change initiates a slow trickle charge #### 285. Screen Autorotation Issues --- Portrait Mode - Longer up and down Landscape Mode - Longer going side to side Rule out that Rotation lock is enabled Check that the user is not touching any other part of the screen Some applications only work in one mode Could also be that the [[Accelerometer]] or motion sensor has a problem - If the sensor stops working, the device will no longer be allowed to autorotate 1. Rotation Lock is disabled 2. Check the applications 3. Defective accelerometer or motion sensor ## Section 31: Troubleshooting Mobile Security (OBJ 3.5) --- #### 286. Troubleshooting Mobile Security --- JUST AN OVERVIEW OF WHAT TO EXPECT FROM THIS SECTION OF THE COURSE #### 287. Rooting and Jailbreaking --- [[Rooting]] -> [[Android]] devices - Gaining [[root]] access - Super user is known as the root user - Being able to load custom firmware which gives you a new version of the Android [[Operating System (OS)]] - Custom firmware, or rooting, introduces lots of [[Vulnerability|vulnerabilities]] - Rooting can lead to significant security vulnerabilities [[Jailbreaking]] -> [[Apple]] devices - Apple ecosystem is considered a "walled garden" - Jailbreaking loads a patch [[Kernel]] when you boot up the device - Can also lead to significant security vulnerabilities Rooting or jailbreaking gains administrative or superuser rights Possible to put a phone into [[Developer Mode]] - Gives a developer information about how your application is operating on the device #### 288. Sideloading Apps --- Android phones have the ability to install applications outside of the [[Google Play Store]] - Known as [[APK Sideloading]] - Downloading the app in APK format - Device does not have to be rooted If you want to sideload on an Apple device, you can either jailbreak it or use Developer Tools Sideloading is considered a dangerous practice because the application is not checked for any [[Malware]] or [[Virus|viruses]], unlike when an application is downloaded from the official app store [[Application Spoofing]] [[Managed Google Play]] - Allows the release of an application only to a set of users [[Apple Business Manager (ABM)]] - Private application distribution that gives the developer to distribute and sideload applications onto devices for a certain set of users Third party app stores have spoofed applications that contain malware Enterprise organizations use sideloading to install applications to access private applications Bootleg application stores have pirated versions of legitimate apps - Applications from bootleg apps stores usually have malware embedded in them #### 289. Mobile Malware Symptoms --- Common symptoms that occur when your mobile device is infected with malware: - High number of ads - Check phone settings and verify that privacy settings are enabled - Fake security warnings - Caused by [[Scareware]] - Slow performance - Processes are running in the background (malware) and sending data back to the attacker - Limited network connectivity - Malware has corrupted [[Domain Name System (DNS)]] - Redirection attack - [[Proxy Server]] installed - An [[On Path Attack]] tries to collect information and see what you see #### 290. Unexpected Application Behavior --- If application does not work as expected, you might have a bootleg or spoofed application - Spoofed Application could have a [[Trojan]] inside of them - Could also ask for permissions that don't apply for the function of the app - High amount of network traffic - Trying to grab files from your device or your device is apart of a [[Botnet]] #### 291. Leaked Mobile Data --- [[Leaked Mobile Data]] - Data breach on your device - To prevent this from happening: - The device is well protected and has an updated OS - Use long and strong passwords - Enable [[Multifactor Authentication (MFA)]] - Quarantine and investigate as part of an [[Incident Response]] for that data breach - Check the cloud service and mobile service ## Section 32: Professionalism (OBJ 4.7) --- #### 292. Professionalism --- Learn the best practices when dealing with end-users Show up and dress up accordingly #### 293. Professional Appearance --- [[Formal]] - Dressing to impress [[Business Casual]] Business Professional - Dressing up but not wearing a full suit Small business casual - Basic uniform for a tech startup - Allows people to be comfortable as long as it is presentable #### 294. Respect Others' Time --- Always be on time - Be on time or early to ensure customer is not waiting on you Don't waste other people's time - Give customer a timeline and expectation Don't get easily distracted - Give customer your full attention - Always keep your cellphone in your pocket and do not use it at work unless necessary Do not interrupt people - When dealing with high-level leaders, work on their schedule Set expectations and meet those expectations - Set expectations upfront with the customer and give status updates #### 295. Proper Communication --- Maintain positive attitude and project confidence - Maintain a positive attitude and make the customer see that you're there to help them Actively listen and take notes - Active listening is a skill - Open ended question - questions that need a valid response - Close ended question - Questions that are answered with a yes or no, or a simple answer - Start with open ended questions then follow up with close ended questions to get final details Use proper language - Use proper language and avoid jargon, acronyms, and slang Be culturally sensitive - People from the same country can have different cultural differences - Use people's professional titles and treat people with respect and dignity Communicate the status - Offer repair or replacement - Offer the user the cost and timeframe it would to fix the device - Provide proper documentation - Follow up with the customer - [[Customer Satisfaction (CSAT)]] #### 296. Dealing with Private Data --- [[Private Data]] - Ask if there's anything they don't want you to see - Do not open anything that stores confidential or private information - Do not use a customer's device for your own personal use - Keep the working area clean and tidy #### 297. Difficult Situations --- Do not personalize the support issues 1. Don't argue with customers 2. Avoid dismissing the customer's problems 3. Avoid being judgmental 4. Clarify customer's statements - Ask open ended questions - Actively listen 5. Do not disclose experiences in social media outlets # Professor Messer: ## Operating Systems Overview (1.8) --- Why do you need an [[Operating System (OS)]]? - Control interaction between components - [[Random Access Memory (RAM)]], [[Hard Disk Drive (HDD)]], keyboard, CPU - A common platform for applications - You're going to do some work, right? - Standard platform that applications developers can write their applications to - Humans need a way to interact with the machine - The "user interface" - Hardware can't do everything! Standard [[Operating System (OS)]] features - [[File]] management - Add, delete, rename - Application support - Memory management, [[Swap File]] management - Input and Output support - [[Printer|Printers]], keyboards, storage drives, [[Universal Serial Bus (USB)]] drives - Operating System configuration and management tools [[Microsoft]] [[Windows]] - Major market presence - Many different versions - Windows 10, 11, Windows Server - Advantages - Large industry support - Broad selection of [[Operating System (OS)]] options - Wide variety of software support - Disadvantages - Large install based provides a big target for security exploitation - Large hardware support can create challenging integration exercises [[Linux]] - Free [[UNIX]]-compatible software system - UNIX like, but not UNIX - Many different [[Distribution|distributions]] - [[Ubuntu]], [[Debian]], [[Red Hat]]/[[Fedora]] - Advantages - Cost -> Free - Works on wide variety of hardware - Passionate and active user community - Disadvantages - Limited driver support, especially with [[Laptop]] - Limited support options [[Apple]] [[macOS (OSX)]] - [[macOS (OSX)]] - Desktop [[Operating System (OS)]] running on [[Apple]] hardware - Advantages - Easy to use - Extremely compatible - Relatively fewer security concerns - Disadvantages - Requires Apple hardware - Less industry support than the [[Personal Computer (PC)]] platform - Higher initial hardware cost [[ChromeOS]] - [[Google|Google's]] [[Operating System (OS)]] - Based on the [[Linux]] [[Kernel]] - Centers around [[Chrome]] web browser - Most apps are web-based - Many different manufacturers - Relatively less expensive - Relies on the cloud - Connect to the [[Internet]] [[Apple]] [[iPadOS]] - [[Operating System (OS)]] for [[Apple|Apple's]] [[iPads|iPad]] [[Tablets]] - A variant of Apple's phone [[iOS]] - Tablet features - Desktop Browser ([[Safari]]) - Second monitor ([[Sidecar]]) - Keyboard support - Multitasking [[Apple]] [[iOS]] - Apple iOS - Apple [[iPhones]] - Based on [[UNIX]] - [[Closed Source]] - no access to source code - Exclusive to Apple products - iOS Apps - Apps are developed with iOS [[Software Developer Kit (SDK)]] on [[macOS (OSX)]] - Apps must be approved by Apple before release - Apps are available to users in the [[App Store]] [[Google]] [[Android]] - Google Android - Open Handset Alliance - [[Open Source]] [[Operating System (OS)]], based on [[Linux]] - Supported on many different manufacturer's devices - Android Apps - Apps are developed on [[Windows]], [[macOS (OSX)]], and [[Linux]] with Android [[Software Developer Kit (SDK)]] - Apps are available from [[Google Play Store]] - Apps are available from third-party sites Vendor-Specific limitations - [[End of Life (EOL)]] - Different companies set their own EOL policies - Updating - [[iOS]], [[Android]], and [[Windows]] check and prompt for updates - [[ChromeOS]] will update automatically - Compatibility between [[Operating System (OS)|operating systems]] - Some movies and music can be shared - Almost no direct application compatibility - Fortunately, many apps have been built to run on different OSes - Some data files can be moved across systems - Web based apps have potential ## An Overview of Windows (1.1) --- [[Windows]] on the Core 2 exam - 220-1102 exam - Two Windows Versions - Windows 10 and Windows 11 - CompTIA considers all in-support Windows versions to be in scope for the exam - Mainstream support is 5 years after release - Windows versions are listed in the objectives - Everything else includes both Windows 10 and 11 - Fortunately, these are remarkably similar - Once you know one, you effectively know the other [[Windows]] 10 - Release on July 29, 2015 - We skipped Windows 9 - A single platform - [[Desktop]], [[Laptop]], tablets, phones, all in one devices - Ongoing updates - More than twelve different released versions - November 2021 (Version 21H2) [[Windows Home]] - Home user - Retail sales - Integration with [[Microsoft]] account - Microsoft OneDrive backup - Windows Defender - Anti virus and anti-malware - Cortana - Talk to your[[Operating System (OS)]] [[Windows Pro]] - The business version of Windows - Additional management features - [[Remote Desktop Protocol (RDP)]] - Remote control each computer - [[BitLocker]] - Full disk encryption (FDE) - Join a Windows domain - [[Group Policy Editor|Group Policy management]] [[Windows Pro for Workstations]] - An edition for high end desktops - Enhanced performance and storage options - More physical CPUs - Up to four - High Maximum [[Random Access Memory (RAM)]] - Supports up to 6 TB - Support for ReFS - Resilient File System - Same as [[Windows Server]] [[Windows Enterprise]] - Built for large implementations - [[Volume]] licensing - AppLocker - Control what applications can run - BranchCache - Remote site file caching - Granular User Experience (UX) control - Define the user environment - Useful for kiosk and workstation customization Windows 10 Hardware Requirements | | Windows 10 Minimum Requiremets (x86) | Windows 10 Minimum Requirements (x64) | | --------------- | ------------------------------------------------------- | ------------------------------------------------------- | | Processor | 1 GHz processor or faster | 1 GHz processor or faster | | Memory | 1 GB of RAM | 2 GB of RAM | | Free Disk Space | 32 GB or larger | 32 GB or larger | | Video | Microsoft DirectX 9 Graphics with WDDM Driver (800x600) | Microsoft DirectX 9 Graphics with WDDM Driver (800x600) | Windows 10 Editions | Windows 10 Edition | Domain Access | BitLocker | Remote Desktop | Group Policy Management | Max x86 RAM | Max x64 RAM | | -------------------- | ------------- | --------- | --------------- | ----------------------- | ----------- | ----------- | | Home | X | X | Client Only | X | 4 GB | 128 GB | | Pro | Yes | Yes | Client and Host | Yes | 4 GB | 2 TB | | Pro For Workstations | Yes | Yes | Client and Host | Yes | 4 GB | 6 TB | | Enterprise | Yes | Yes | Client and Host | Yes | 4 GB | 6 TB | ## Windows Features (1.1) --- [[Windows]] at work - Large scale support - Thousand of devices - Security Concerns - [[Mobile Device]] with important data - Local file shares - Working on a spreadsheet - Watching a movie - Geographical sprawl - Cache data between sites Domain Services - [[Active Directory (AD)]] Domain Services - Large database of your network - Everything documented in one place - User accounts, [[Server|servers]], volumes, [[Printer|printers]] - Distributed architecture - Many servers - Not suitable for home use - Many different uses - [[Authentication]] - Centralized management Organizing Network Devices - Windows Workgroups - Logical Groups of network devices - Each device is a standalone system, everyone is a peer - Windows Domain - Business network - Centralized authentication and device access - Supports thousands of devices across many networks Desktop Styles - Your computer has many different uses - Those change depending on where you are - Work - Standard desktop - Common user interface - Customization very limited - You can work at any computer - Home - Complete flexibility - Background photos, colors, UI sizing Availability of RDP - [[Remote Desktop Protocol (RDP)]] - View and control the desktop of a remote device - RDP client - Connects to a Remote Desktop Service - Clients available for almost any [[Operating System (OS)]] - Remote Desktop Service - Provides access for the RDP client - Available in [[Windows Pro]] and [[Windows Enterprise]] - Not available in [[Windows Home]] RAM Support Limitations - RAM supports varies between editions - More advanced editions allows additional RAM | Windows 10 Edition | Domain Access | BitLocker | Remote Desktop | Group Policy Management | Max x86 RAM | Max x64 RAM | | -------------------- | ------------- | --------- | --------------- | ----------------------- | ----------- | ----------- | | Home | X | X | Client Only | X | 4 GB | 128 GB | | Pro | Yes | Yes | Client and Host | Yes | 4 GB | 2 TB | | Pro For Workstations | Yes | Yes | Client and Host | Yes | 4 GB | 6 TB | | Enterprise | Yes | Yes | Client and Host | Yes | 4 GB | 6 TB | [[BitLocker]] and [[Encrypting File System (EFS)]] - Data confidentiality - Encrypt important information - [[Encrypting File System (EFS)]] - [[BitLocker]] - Full Disk Encryption (FDE) - Everything on the drive is encrypted - Even the [[Operating System (OS)]] - Home and business use - Especially on mobile devices [[Group Policy Editor]] - Centrally manage users and systems - Policies can be part of [[Active Directory (AD)]] or a local system - Local Group Policy - Manages the local device - gpedit.msc - Group Policy Management Console - Integrated with [[Active Directory (AD)]] - Powerful System Management - gpmc.msc ## Windows Upgrades (1.1) --- Why upgrade? - Upgrade vs Install - Upgrade - Keeps file in place - Install - Start over completely fresh - Maintain consistency - Customized configurations - Multiple local user accounts - Upgrades save hours of time - Avoid application reinstall - Keep user data intact - Get up and running quickly Upgrade Methods - [[In-Place Upgrade]] - Upgrade the existing [[Operating System (OS)]] - Keeps all applications, documents, and settings - Start the setup from inside the existing OS - [[Clean Install]] - Wipe everything and reload - Backup your files - Start the setup by booting from the installation media Upgrading Windows - Upgrade from the Windows installation media - Downloadable versions are available from [[Microsoft]] - Includes a media creation tool - You cannot upgrade x86 to x64 - Or x64 to x86 - Applies to all Windows versions - You'll have to migrate instead Upgrade Paths - Many upgrades are between similar editions - Or higher level Windows editions - In place upgrade paths to Windows 10 - Windows 7 - Windows 8.1 (not 8.0) - In place upgrade paths to Windows 11 - Windows 10 Post Installation - Does it work? - If it doesn't boot, there are bigger problems - Some testing is useful for unknown hardware configurations - Start > Settings > System > Recovery > Go Back - Additional Installations - Service packs - Security patches - Security applications - Driver updates - Application updates ## Installing Operating Systems (1.9) --- Boot Methods - USB Storage - USB must be bootable - Computer must support booting from USB - Optical Media - CD-ROM and DVD-ROM - Used to boot on older systems - PXE - Preboot eXecution Environment - Perform a remote network installation - Computer must support booting with PXE - Configure a centralized server on your network that has all the operating system installation files - Computer will look across the network to find that server and begin the installation process - Solid State Drives / Hard Drives - Store many OS installation files - Internet Based - Linux Distribution, macOS recovery installation, Windows updates - External / hot swappable drive - Some external drives can mount an ISO image (optical drive image) - Boot from USB - Internal hard drive - install and boot from separate drive - Create and boot from new partition Types of installations - In-Place Upgrade - Maintain existing applications and data - Recovery partition - Hidden partition with installation files - Clean install - Wipe the slate clean and reinstall - Migration tool can help - Image deployment - Deploy a clone on every computer - Relatively quick - Can be completely automated - Repair installation - Fix problems with Windows OS - Does not modify user files - Remote network installation - Local server or shared drive - Install across the Internet - Load alternate third party drivers when necessary - Disk controller drivers, etc The disk partition - Separates the physical drive into logical pieces - Useful to keep data separated - Multiple partitions are not always necessary - Useful for maintaining separate operating systems - Windows, Linux, etc - Formatted partitions are called volumes - Microsoft's nomenclature GPT partition style - GPT (GUID Partition Table) - Globally Unique Identifier - Partition has an identifier that no one else has - The latest partition format standard - Requires a UEFI BIOS - Can have up to 128 partitions - Maximum partition size is 9 billion TB - Windows max partition is currently 256 TB - No need for extended partitions or logical drives MBR Partition Style - MBR (Master Boot Record) - The old standby, with all of the old limitations - Maximum partition size of 2 TB - Primary - Bootable partitions - Maximum of four primary partitions per hard disk - One of the primary partitions can be marked as Active - Extended - Used for extending the maximum number of partitions - One extended partition per hard disk (optional) - Contains additional logical partitions - Logical partitions inside an extended partition are not bootable Disk partitioning - The first step when preparing disks - May already be partitioned - Existing partitions may not always be compatible with your new operating system [[Partition]] - An MBR-Style hard disk can have up to four partitions - GUID partition tables support up to 128 partitions - Requires UEFI BIOS or BIOS-compatibility mode - BIOS-compatibility mode disables UEFI Secure Boot - **BE CAREFUL** - Serious potential for data loss - This is not an everyday occurrence Quick format vs full format - Quick format - Creates a new file table - Looks like data is erased, but its' not - No additional checks - Quick format is the default format process during installation in Windows 10 and 11 - Use diskpart for a full format - Full Format - Writes zeroes to the whole disk - Your data is unrecoverable - Checks the disk for bad sectors (time consuming) ## Upgrading Widows (1.9) --- #### Why Upgrade? - Upgrade vs. Install - Upgrade -> keeps files in place - Install -> Start over completely fresh - Maintain consistency - Customized configurations - Multiple local user accounts - Upgrades save hours of time - Avoid application reinstall - Keep user data intact - Keep user settings - Get up and running quickly #### Upgrade Methods - In-Place Upgrade - Upgrade the existing OS - Keeps all applications, documents, and settings - Start the setup from inside the existing OS - Clean install - Wipe everything and reload - Backup your files - Start the setup by booting from the installation media #### Prepare the boot drive - Know you drive - Is data on the drive? - Has the drive been formatted? - What partitions are on the drive? - Backup any old data - You may need that data again someday - Save user preferences - Most partitioning and formatting can be completed during the installation - Clear the drive and start fresh #### Before the installation - Check minimum OS requirements - Memory, disk space, etc - And the recommended requirements - Run a hardware compatibility check - Runs when you perform an upgrade - Runs manually from the Windows setup screen - Windows 10 Upgrade Checker, PC Health Check for Windows 11 - Plan for installation questions - Drive/partition configuration, license keys, etc - Application and drive compatibility - Check with the app developer and hardware manufacturer #### Windows Product Life Cycle - Quality updates - Monthly security updates and bug fixes - Feature updates - Annual update with new features - Used to occur every three to five years - Support is provided after the release - 18 to 36 months - Dependent on the Windows version and edition - Also called the Modern Lifecycle Policy - For continuously supported products ## Installing Applications (1.7) --- #### Installing Applications - Extend the functionality of your [[Operating System (OS)]] - Specialized applications\ - Available everywhere - Find the application you need - Install on your operating system - Not every computer can run every application - Some simple checks can help manage your desktop #### Operating System Platform - [[32-bit]] vs [[64-bit]] - [[Processor]] specific - 32-bit processor can store 4 billion values - 64-bit processors can store 18 quintillion values - 4 GB vs 18 billion GB - The OS has a maximum supported value - Hardware drivers are specific to the OS - 32-bit (x84), 64-bit (x64) - 32-bit OS cannot run 64-bit apps - But 64-bit OS can run 32-bit apps - Apps in 64-bit Windows OS - 32-bit apps: \Program Files (x86) - 64-bit apps: \Program Files #### Graphics Requirements - [[Integrated Graphics Processing Unit (iGPU)]] - [[Central Processing Unit (CPU)]] and [[Graphics Processing Unit (GPU)]] are the same chip - Uses [[Random Access Memory (RAM)]] for graphics - Common in laptops - [[Dedicated Graphics Card]] - Also called a discrete graphics card - Uses its own [[Video Random Access Memory (VRAM)]] (Video RAM) - High end graphics requirements - Check the application - Integrated or dedicated - VRAM requirements #### RAM requirements - [[Random Access Memory (RAM)]] - Memory modules - A critical specification - Application may perform poorly - Or not at all - This would be above and beyond the [[Operating System (OS)]] requirements - Dependent on the application - Consider all of the other running applications #### CPU Requirements - [[Central Processing Unit (CPU)]] - Processing Speed - Usually measured in gigahertz (GHz) - A broad measurement - Higher numbers are faster CPUs - Application requirements vary - Word processing vs video editing #### External Hardware Tokens - Manage application usage -> [[External Hardware Token]] - Limit access to authorized users - Application will only operate with the hardware token connected - Commonly a USB device - Can be a challenge to manage - Often used with high-end software - High per-seat licensing costs #### Storage Requirements - Drive space concerns - Initial installation space requirement - Application use requirement - Some applications use a LOT of storage space after installation - The initial install requirements may not be the most important specification #### Distribution Methods - Downloadable - Direct from the manufacturer - Centralized App Store - Avoid 3rd-Party Downloads - Physical Media - Optical Media, [[USB Drives]], etc - Increasingly rare #### ISO Files - Optical disk image - A single [[ISO File]] / ISO Image - Files and folders - Sector by sector copy of the data on an optical disk - ISO 9660 [[File System]] - International Organization for Standardization - Mount in the [[Operating System (OS)]] - Appears as a separate drive #### Installation Considerations - There's a reason we are careful when installing applications - Applications have the same right and permissions as the user - An unknown application can cause significant issues - Impact to device - Application upgrades stops working - Slowdowns - Deleted files - Impact to the network - Access to internal services - Rights and permissions to file shares - Impact to operation - Many jobs are time-sensitive - An updated application may require a change to the workflow - Or may not work at all - Impact to the business - Critical processes are sensitive to downtime and outages - A change to an application can create significant issues - Other parts of the business rely on your results ## Windows Network Technologies (1.6) --- #### Shared Resources - Make a folder or [[Printer]] available on the network - "Share" with others, view in [[File Explorer]] - Assign (map) a drive letter to a share - Access a [[File Server]] - Reconnect automatically - Shares ending with a dollar sign ($) are "hidden" - Not a security feature - Administrative Tools / Computer Management - ![[Pasted image 20241014155213.png]] #### Mapping Drives - Access a share - This PC / Map network drive - Local drive letter and share name - May require additional [[Authentication]] - ![[Pasted image 20241014155337.png]] - ![[Pasted image 20241014155350.png]] - Or use the command line: ```bash net use h: "\\Daedalus\Gate Room" ``` #### Sharing Printers - Similar to sharing a folder - But it's a printer instead - ![[Pasted image 20241014155538.png]] - Printer Properties - Access through File Explorer, the [[Windows Settings]] app, or any other Printer Properties - Share an existing [[Printer]] - ![[Pasted image 20241014155634.png]] - ![[Pasted image 20241014155647.png]] - ![[Pasted image 20241014155703.png]] #### Using a shared printer - Add a printer - File Explorer - Settings App - ![[Pasted image 20241014155809.png]] - ![[Pasted image 20241014155821.png]] #### Proxy Settings - Change the traffic flow - An [[Internet]] go-between - Settings -> Network and Internet - Or use [[Windows Control Panel]] > Internet Options -> Connections -> [[Local Area Network (LAN)]] -> Settings - ![[Pasted image 20241014155935.png]] - Define address and exceptions - Proxies don't work for everything #### Network Locations - Private - Share and connect to devices - Home or work network - Public - No sharing or connectivity - Public [[Wi-Fi (Wireless Network)]] - Customize security settigs - Profile is determined automatically - Change the settings at any time - ![[Pasted image 20241014160154.png]] #### Network Paths - View network paths in [[File Explorer]] - [[Server]] and share name - Map network drive - Add a drive letter - Disconnect - Toolbar - Right-click the drive #### Metered Connections - Reduce data usage - Slow network links - Limited bandwidth - Usage-based billing - ![[Pasted image 20241014160340.png]] - ![[Pasted image 20241014160416.png]] - ![[Pasted image 20241014160425.png]] - Can modify application communication - [[Windows]] Updates - [[OneDrive]] sync - ![[Pasted image 20241014160513.png]] ## Configuring Windows Firewall (1.6) --- #### Windows Defender Firewall - Your [[Firewall]] should always be enabled - Sometimes you need to troubleshoot - ![[Pasted image 20241014160650.png]] - Temporarily disabled from the main screen - Turn [[Windows Defender Firewall]] on or off - Requires elevated permissions -> [[Administrator]] - Different settings for each network type - [[Public Network]] / [[Private Network]] #### Windows Firewall Configuration - Block all incoming connections - Ignores your exception list - Useful when you need the most security - ![[Pasted image 20241014160920.png]] - Modify notification - App blocking #### Creating a firewall exception - Allow an app or feature through [[Windows Defender Firewall]] - The more secure exception - ![[Pasted image 20241014161011.png]] - [[Port]] number - Block or allow - Predefined exceptions - List of common exceptions - Custom rule - Every firewall option ## Windows IP Address Configuration (1.6) --- #### How Windows gets an IP address - [[Dynamic Host Configuration Protocol (DHCP)]] - Automatic IP addressing - This is the default - [[Automatic IP Addressing (APIPA)]] - There's no [[Static (Manually) Assignment|static]] address or DHCP server - Communicate locally (link-local address) - Assigns 169.254.1.0 to 169.254.254.255 - No [[Internet]] connectivity - Static address - Assign all [[Internet Protocol (IP) Address]] parameters manually - You need to know very specific details #### TCP/IP host addresses - IP Address -> Unique identifier for the system (host) - [[Subnet Mask]] -> Identifies the subnet - [[Default Gateway|Gateway]] -> The route off the subnet to the rest of the world ([[Router|router's]] IP address) - [[Domain Name System (DNS)]] - Converts [[Domain Name|domain names]] to IP addresses - ![[Pasted image 20241014162148.png]] - [[Dynamic Host Configuration Protocol (DHCP)]] - Automates the IP address configuration process - Address can by [[Dynamic Assignment]] or [[Static (Manually) Assignment]] - [[Loopback Address]] - 127.0.0.1 -> It's always there! - Used to troubleshoot a system to see if your IP stack is working properly, you could ping your loopback address #### A backup for the DHCP server - Multiple DHCP servers should be installed for redundancy - There will always be one available - ![[Pasted image 20241014162405.png]] - If a DHCP server isn't available, Windows uses the Alternate Configuration - The default is [[Automatic IP Addressing (APIPA)|APIPA]] configuration - You can also configure a static IP address - Keep working normally - ![[Pasted image 20241014163709.png]] - ![[Pasted image 20241014163722.png]] - ![[Pasted image 20241014163732.png]] - ![[Pasted image 20241014163751.png]] ## Windows Network Connections (1.6) --- #### Network Setup - [[Windows Control Panel]] - [[Network and Sharing Center]] - Setup a new connection or network - Step-by-step wizard - Confirmation during the process - ![[Pasted image 20241014164005.png]] - ![[Pasted image 20241014164012.png]] - ![[Pasted image 20241014164024.png]] - Many different connections - [[Virtual Private Network (VPN)]], Direct, Dial up, etc #### VPN Concentrators - ![[Pasted image 20241014164124.png]] - [[Virtual Private Network (VPN)]] #### VPN Connections - Built-in VPN client - Included with [[Windows]] - Connect to a workplace - ![[Pasted image 20241014164240.png]] - ![[Pasted image 20241014164251.png]] - ![[Pasted image 20241014164300.png]] - Integrate a smart card - [[Multifactor Authentication (MFA)]] - Something you know - Something you have - Something you are - Connect from the network status icon - Click and provide credentials #### Wireless connections - Network name - [[Service Set Identifier (SSID)]] - Security type - Encryption method - Encryption type - [[Advanced Encryption Standard (AES)]], [[Temporal Key Integrity Protocol (TKIP)]] - Security key - WPA2 - Personal - Pre shared key - WPA2 - Enterprise - [[802.1x]] authentication - ![[Pasted image 20241014164740.png]] #### Wired Connections - [[Ethernet]] cable - Direct connection - Fastest connection is the default - Ethernet, [[Wireless]], [[Wireless Wide Area Network (WWAN)]] - Alternative configurations - When DHCP isn't available #### WWAN Connections - [[Wireless Wide Area Network (WWAN)]] - Built-in mobile technology - Hardware adapter - Antenna connections - [[Universal Serial Bus (USB)]] connection or 802.11 wireless - [[Tether]] - [[Hotspot]] - Requires third-party software - Each provide is different ## The Windows Control Panel (1.4) --- - [[Windows Control Panel]] contains a number of utilities that are useful for end users and for [[Administrator|administrators]] - ![[Pasted image 20241014165610.png]] #### Internet Options - [[Internet Options]] - General - basic display - ![[Pasted image 20241014165743.png]] - Security - Different access based on site location - ![[Pasted image 20241014165751.png]] - Privacy -> Cookies, pop-up blocker, InPrivate Browsing - ![[Pasted image 20241014165941.png]] - Content -> Certificates and auto complete - ![[Pasted image 20241014170009.png]] - Connection -> [[Virtual Private Network (VPN)]] and [[Proxy Settings]] - ![[Pasted image 20241014170049.png]] - Programs -> Default browser, plugins, etc - ![[Pasted image 20241014170136.png]] - Advanced -> Detailed Configuration options (and reset!) #### Devices and Printers - [[Devices and Printers]] - Everything on the network - [[Desktop|Desktops]], [[Laptop|Laptops]], [[Printer|Printers]], multimedia devices, storage - ![[Pasted image 20241014170255.png]] - Quick and easy access - Much less complex than [[Device Manager]] - Properties, devices configurations #### Programs and Features - [[Programs and Features]] - Installed applications - Uninstall, size, version - ![[Pasted image 20241014170425.png]] - Windows features - Enable and disable - ![[Pasted image 20241014170624.png]] #### Network and Sharing Center - [[Network and Sharing Center]] - All network adapters - Wired, wireless, etc - ![[Pasted image 20241014170706.png]] - All network configs - Adapter settings - Network addressing #### System - [[System Applet]] - Computer information - Including version and edition - ![[Pasted image 20241014170830.png]] - Advanced System Settings - ![[Pasted image 20241014170857.png]] #### Windows Defender Firewall - [[Windows Defender Firewall]], [[Windows Defender Firewall with Advanced Security]] - Protect from attacks - Scans, malicious software - Integrated into the [[Operating System (OS)]] - [[Windows Control Panel|Control Panel]] -> Windows Firewall - ![[Pasted image 20241014171030.png]] #### Mail - [[Mail Applet]] - Icon does not appear unless a mail client (e.g. Outlook) is installed - Otherwise not an option - ![[Pasted image 20241014171103.png]] - Access to local mail configuration - Account information - Data files - ![[Pasted image 20241014171153.png]] #### Sound - [[Sound Applet]] - Output options - Multiple sound devices may be available - Set levels for output and input - Speakers and microphone - ![[Pasted image 20241014171258.png]] #### User Accounts - [[User Accounts Applet]] - Local user accounts - Domains accounts are stored elsewhere - Account name and type - ![[Pasted image 20241014171351.png]] - Change password - Change picture - Certificate information #### Device Manager - [[Device Manager]] - The [[Operating System (OS)]] doesn't how to talk directly to most hardware - You need [[Third-Party Drivers]] - ![[Pasted image 20241014171506.png]] - Manage devices - Add, remove, disable - First place to go when hardware isn't working - Instant feedback - ![[Pasted image 20241014171537.png]] #### Indexing Options - [[Indexing Options]] - Speed up the search process - Constantly updates an index - ![[Pasted image 20241014171627.png]] - Searches browser history and user folders - Good default options - Add other locations - Modify to include other folders - ![[Pasted image 20241014171709.png]] #### File Explorer Options - [[File Explorer Options]] - Manage [[File Explorer]] - Many options - General - [[Windows]], expand folders - ![[Pasted image 20241014171807.png]] - View - View hidden files, hide extensions - ![[Pasted image 20241014171833.png]] - Search - Disable index searches, search non-indexed areas - ![[Pasted image 20241014171856.png]] #### Administrative Tools - [[Administrative Tools]] - Not commonly used utilities - Used for system administration - ![[Pasted image 20241014171937.png]] - Useful system tools - Often used options for system administrators and technicians #### Power Options - [[Power Options]] - Hibernate - Open docs and apps are saved to disk - Commonly on laptops - Used by Fast Startup - ![[Pasted image 20241014172057.png]] - Sleep (standby) - Open apps are stored in [[Random Access Memory (RAM)]] - Save power, startup quickly - Switches to hibernate if power is low - Power plans - Customize power usage - Choose what closing the lid does - Useful for [[Docking Station|docking stations]] - ![[Pasted image 20241014172241.png]] - [[Universal Serial Bus (USB)]] selective suspend - Disable individual USB devices - Save power - Fingerprint readers, [[Biometrics]] - Fast startup - Enable or disable - Useful for troubleshooting #### Ease of Access Center - [[Ease of Access]] - Usability enhancements - Useful for everyone - Change display, keyboard, mouse, and other input/output optionts - Use [[Windows]] without a display - Change the mouse pointers ## Windows Settings (1.5) --- #### Settings - [[Windows Settings]] - An update interface - A migration from the Control Panel - One place for most configuration settings - A common UI - Search for "Settings" - The [[Windows]] menu - ![[Pasted image 20241014173017.png]] #### Time and Language - [[Time and Language Applet]] - Windows can automatically set the time - Active Domain is very sensitive to synchronized clocks - Five minutes of tolerance by default - ![[Pasted image 20241014173139.png]] - Windows can speak many different languages - Change or add a language - ![[Pasted image 20241014173228.png]] #### Update and Security - [[Update and Security]] - Keep your [[Operating System (OS)]] up to date - Security patches, bug fixes - Automatic installation - Updates are always installed - ![[Pasted image 20241014173321.png]] - Active hours - You control the update time #### Personalization - [[Personalization Applet]] - Change the way Windows looks and feels - Colors, wallpaper, lock screen - ![[Pasted image 20241014173435.png]] - Extensive customization - Make Windows your own #### Apps - [[Apps Applet]] - Manage installed applications - Uninstall or modify an existing app - ![[Pasted image 20241014173547.png]] - Add Windows features - Fonts for other languages - OpenSSH Server - [[Simple Network Management Protocol (SNMP)]] support #### Privacy - [[Privacy Applet]] - Share app activity - Customized advertising - Share your language - Website content - Speech recognition - Sends audio to an online service - ![[Pasted image 20241014173822.png]] #### System - [[System Applet]] - Change display settings - Night Light, scaling, resolution - Audio settings - Input and output - Notifications - Enable/disable - Show on lock screen - ![[Pasted image 20241014174020.png]] #### Devices - [[Devices Applet]] - Manage devices - [[Bluetooth]], [[Printer]], etc - ![[Pasted image 20241014174034.png]] - Mouse settings - Button and wheel options - Typing and writing - Keyboard and pen #### Network and Internet - [[Network and Internet]] - Network settings - Internet Connectivity - ![[Pasted image 20241014174122.png]] - View [[Internet]] status - Up or Down? - Change [[Internet Protocol (IP) Address]] settings - Modify address information #### Gaming - [[Gaming Applet]] - Xbox Game Bar - Xbox gaming network - Chat, join games - Look for friends - ![[Pasted image 20241014174318.png]] #### Accounts - [[Accounts Applet]] - Manage login account information - [[Microsoft]] account or [[Local-only Account]] - ![[Pasted image 20241014174401.png]] - Email configuration - Specify an email app - Sign in options - PIN, password, security key, etc ## Task Manager (1.3) --- #### Task Manager - Real time system statistics about the performance of your operating system - CPU, Memory, Disk Access, etc - ![[Pasted image 20241015184135.png]] - Starting the Task Manager - CTRL + DEL + ALT - Select Task Manger - Right Mouse Click the taskbar and select task Manager - CTRL + SHIFT + ESC #### Services - Non-interactive applications - Hundreds of background processes - ![[Pasted image 20241015184256.png]] - Manage from one screen - Start, stop, restart #### Startup - Manage which programs start with a Windows login - Easily toggle on and off - ![[Pasted image 20241015184400.png]] - Multiple reboots - Enable and disable - You'll find it #### Processes - View al running processes - Interactive and system tray apps - View processes from other accounts - ![[Pasted image 20241015184511.png]] - Manage the view - Move columns, add metrics - Combine all apps, processes, and services into a single tab - Easy to view and sort #### Performance - What's happening? - CPU, Memory, etc - ![[Pasted image 20241015184643.png]] - Statical views - Historical, real-time - Current versions include CPU, memory, disk, Bluetooth, and network in the Performance tab #### Networking - Network Performance - Integrated into the Performance tab - ![[Pasted image 20241015184753.png]] - View utilization, link speeds, and interface connection state #### Users - Who is connected? - What are they doing? - ![[Pasted image 20241015184841.png]] - Other options - Disconnect a user - Manage user accounts ## Microsoft Management Console (1.3) --- #### Microsoft Management Console - Build your own console - -mmc.exe - ![[Pasted image 20241015185012.png]] - A handy starting point - Event Viewer - Local User and Groups - Disk Management - Task Scheduler - And More! - ![[Pasted image 20241015185111.png]] #### Event Viewer - Central Event consolidation - What happened? - ![[Pasted image 20241015185236.png]] - Application, Security, Setup, System - Information, Warning, Error, Critical, Successful Audit, Failure Audit - eventvwr.msc #### Disk Management - Manage Disk operations - Individual computers and file servers - ![[Pasted image 20241015185420.png]] - diskmgmt.msc - WARNING - YOU CAN ERASE DATA - ALWAYS HAVE A BACKUP #### Task Scheduler - Schedule an application or script - Plan your future - ![[Pasted image 20241015185524.png]] - Includes predefined schedules - Click and go - Organize - Manage with folders - taskschd.msc #### Device Manager - The OS doesn't know how to talk directly to most hardware - ![[Pasted image 20241015185648.png]] - Device drivers are hardware specific and operating system specific - Older device drivers may no necessarily work in Windows 10 or 11 - devmgmt.msc #### Certificate Manager - View user and trusted cers - Add and remove - certmgr.msc - ![[Pasted image 20241015185829.png]] #### Local Users and Groups - Users - Administrator - The Windows super-user - Guest - Limited Access - Regular Users - ![[Pasted image 20241015185923.png]] - Groups - Administrators, Users, Backup Operators, Power Users, etc. - lusrmgr.msc #### Performance Monitor - Gather long-term statistics - perfmon.msc - ![[Pasted image 20241015190118.png]] - OS metrics - Disk, memory, CPU, etc - Set alerts and automated actions - Monitor and act - Store statistics - Analyze long term trends - Built-in reports - View the data #### Group Policy Editor - Centrally manage users and systems - Policies can be part of Active Directory or a local system - ![[Pasted image 20241015190316.png]] - Local Group Policy Editor - Manages the local device - gpedit.msc - Group Policy Management Console - Integrated with Active Directory - Powerful system management - gpmc.msc ## Additional Windows Tools (1.3) --- #### System Information - System overview - msinfo32.exe - ![[Pasted image 20241015190517.png]] - Hardware resources - Memory, DMA, IRQs, conflicts - Components - Multimedia, display, input, network - Software Environment - Drivers, print jobs, running tasks #### Resource Monitor - Detailed real-time view of performance - Separated by category - ![[Pasted image 20241015190650.png]] - Categories - Overview, CPU, memory, Disk, and Network - resmon.exe #### System Configuration - Manage boot processes, startup, services, etc - One-stop shop - ![[Pasted image 20241015190756.png]] - msconfig.exe #### Disk Cleanup - Find unused or unneeded files - A quick way to free up space - ![[Pasted image 20241015190846.png]] - Select the categories - Click the button - cleanmgr.exe #### defrag - Disk defragmentation - Moves file fragments so they are contiguous - Improves read and write time - ![[Pasted image 20241015191003.png]] - Not necessary for solid state devices - Windows won't defrag an SSD - Graphical version in the drive properties - Requires elevated permissions - Command line: - defrag < volume> - defrag C: - ![[Pasted image 20241015191220.png]] #### regedit.exe - The Windows Registry Editor - The big huge master database - Hierarchical structure - Used by almost everything - Kernel, Device Drivers - Services - Security Account Manager (SAM) - User Interface, Applications - Backup your registry! - Built into regedit ## Windows Command Line Tools (1.2) --- #### Privileges - Not all users can run commands - Some information and tasks are for the administrator only - Standard privileges - Run applications as normal user - This works fine for many commands - Administrative/Elevated Privileges - You must be a member of the Administrators groups - Right click Command Prompt, choose *Run as Administrator* - cmd, **CTRL + SHIFT + ENTER** #### Command Line Troubleshooting - Use "help" if you're not sure - help dir - help chkdsk - Also use: - [command] /? - Close the prompt with exit #### File Management - dir - List files and directories - cd or chdir - Change working directory - Use backslash \\ to specify volume or folder name - .. - Two dots/periods - The folder above the current folder #### MD / CD / RD - Make / Change / Remove Directory - mkdir / chdir / rmdir #### Drive letters - Each partitions is assigned a letter - Primary storage drive is usually C - Reference the drive with the letter and a colon -> C: - Combine with the folder - Folder names are separated with backslashes - C:\\Users\\Professor #### hostname - View the name of the device - This is very useful when there are 10 different terminal screen tabs in use - This is the Windows Device name - Name can be changed in System settings #### format - Formats a disk for use with Windows - BE CAREFUL - YOU CAN LOSE DATA #### copy (/v, /y) - /v - verifies that new files are written correctly - /y - suppresses prompting to confirm you want to overwrite an existing destination file #### xcopy - Copies files and directory trees #### Robust Copy - robocopy - A better xcopy - Included with Windows 10 and 11 #### shutdown - Shutdown a computer - And optionally restart - shutdown /s /t nn - Wait nn seconds, then shutdown - shutdown /r /t nn - Shutdown and restart after nn seconds #### DiskPart - Manage disk configurations - BE CAREFUL - YOU CAN LOSE DATA #### winver - View the About Windows dialog - A quick check - Useful when troubleshooting - Are you running the latest version? #### Managing Group Policy - Group Policy - Manage computers in an Active Directory Domain - Group Policy is usually updated at login - gpupdate - Force a Group Policy update - gpupdate /target:{computer|user} /force - gpupdate /target:user /force - gpresult - Verify policy settings for a computer or user - gpresult /r - gpresult /user sgc/professor /v ## The Windows Network Command Line (1.2) --- #### ipconfig - Most of your troubleshooting starts with your IP addresses - Ping your local router/gateway - Determine TCP/IP and network adapter information - And some additional IP details - View additional configuration details - DNS servers, DHCP server, etc. #### ping - Test reachability - Determine round trip time - Uses Internet Control Message Protocol (ICMP) - One of your primary troubleshooting tools - Can you ping the host? #### netstat - Network statistics - Works on many different operating systems - netstat -a - Shows all active connections - netstat -b - Show binaries (Windows) - Requires elevation - netstat -n - Do not resolve names #### nslookup - Name Server Lookup - Lookup information from DNS servers - Canonical names, IP addresses, cache timers, etc - Lookup names and IP addresses - Many different options #### net - Windows network commands #### Common net commands - View Network resources - net view \\\\< servername > - net view /workgroup:< workgroupname > - Map a network share to a drive letter - net use drive: \\\\< servername > \\< share name > - View user account information and reset passwords - net user < username > - net user < username > * /domain #### tracert - Determine the route a packet takes to a destination - Map the entire path - Takes advantange of ICMP Time to Live Exceeded error message - The time in TTL refers to hops, not seconds or minutes - TTL=1 is the first router, TTL=2 is the second router, etc - Not all devices will reply with ICMP Time Exceeded messages - Some firewalls filter ICMP - ICMP is low priority for many devices #### pathping - Combine ping and traceroute - Included with Windows NT and later - First phase runs a traceroute - Builds a map - Second phase - Measure round trip time and packet loss at each hop ## macOS Overview (1.10) --- #### File types - .dmg - Apple Disk Image - Mountable as a drive in Finder - .pkg - Installer package - Used to distribute software - Runs through an installer script - .app - Application bundle - Contains the necessary files to use the application - "View Package Contents" from the Finder #### App store - Centralized updates and patches - For both OS and apps - App store application - The "Updates" option - Automatic updates - Or manual install - Patch management - Install and view previous updates #### Uninstallation process - Move the .app file to the Trash - The .app package contains all of the application files - Quick and easy - Some applications include a separate uninstall program - Usually included in the Application folder #### Apple ID and corporate restrictions - Personal Apple products use a personal Apple ID - Associated with personal data and digital purchases - Companies use Managed Apple IDs using Apple Business Manager - Integrate with Active Directory - Connect with an existing MDM (Mobile Device Manager) - Assign and move apps and digital content to selected users #### Backups - Time Machine - Included with macOS - Hourly backups - The past 24 hours - Daily backups - The past month - Weekly backups - All previous months - Starts deleting oldest information when disk is full #### Anti-virus - macOS does not include anti virus - Or anti malware - Many 3rd party options - From the usual companies - An emerging threat - Still doesn't approach Windows - It's all about the numbers of desktops - Automate your signature updates - New updates every hour / day ## macOS System Preferences (1.10) --- #### System Preferences - The macOS version of the Windows Control Panel - A close comparison - Access to most customization and personalization options - Includes important configuration utilities - A good place to start - It's probably in here #### Displays - Configure the location of multiple displays - Side to side, top to bottom - Menu can be moved to any display - Doesn't have to be the primary - Modify individual display settings - Resolution, brightness, colors #### Network - Configure network interfaces - Wired, wireless - IPv4 and IPv6 - Manual and automatic (DHCP) - Detailed network settings - IP, DNS, 802.1x, etc #### Printers and Scanners - Add and remove printers and scanners - Configure individual settings - Share printer and scanners - Configure rights and permissions - View status - Ink and toner levers - Scanner status #### Privacy - Limit application access to private data - Location services, photos, calendars - Control access to cameras and microphones - Enable on a per app basis - Unauthorized apps can't view your private data - Malware, other apps #### Accessibility - Allows apps to use system input - Keyboard, mouse, audio, video - Scripting and automation - Requires access for input - Limits third-party applications - Can't take over the keyboard #### Time Machine - Automated backups - Included with macOS - Hourly backups - The past 24 hours - Daily backups - The past month - Weekly backups - All previous months - Starts deleting oldest information when disk is full ## macOS Features (1.10) --- #### Mission Control and Spaces - Quickly view everything that's running - Spread out the desktop into a viewable area - Swipe upwards with three fingers or Control-Up arrow #### Keychain - Password management - Passwords, notes, certificates, etc - Integrated into the OS - Keychain Access - Passwords and Secure Notes are encrypted - Login password is the key #### Spotlight - Find files, apps, images, etc - Similar to Windows search - Magnifying glass in upper right - Or press Command-Space - Type anything in - See what you find - Define search categories in System Preferences / Spotlight - Enable or disable categories #### iCloud - Integrates Apple technologies - macOS, iOS, iPadOS - Share across systems - Calendars, photos, documents, contacts, etc - Backup iOS devices - Never lose data again - Store files in an iCloud drive - Similar to Google Drive, Dropbox - Integrated into the operating systems #### Gestures - You can do more than just point and click - Extend the capabilities of your trackpad - Use one, two, three fingers - Swipe, pinch, click - Customization - Enable / disable - System preferences / Trackpad #### Finder - The central OS file manager - Compare with File Explorer - File management - Launch, delete, rename, etc. - Integrated access to other devices - File servers - Remote storage - Screen sharing #### Remote Disc - Use an optical drive from another computer - Has become more important over time - Designed for copying files - Will not work with audio CDs or video DVDs - Set up sharing in System Preferences - Sharing options - Appears in the Finder #### Dock - Fast access to apps - Quickly launch programs - View running applications - Dot underneath the icon - Keep folders in the dock - Easy access to files - Move to different sides of the screen - Auto hide or always display #### Disk Utility - Manage disks and images - Resolve issues - File system utilities - Verify and repair file systems - Modify partition details - Erase disk - Create, convert, and restore images - Manage disk images #### FileVault - Full Disk Encryption (FDE) for macOS - Decryption uses a local key or iCloud authentication - Proper authentication is required before macOS can start - Data is unavailable to others - Available in System Preferences - Security & Privacy > FileVault #### Terminal - Command line access to the operating system - Manage the OS without a graphical interface - OS access - Run scripts, manage files - Configure OS and application settings #### Force Quit - Stop an application from executing - Some applications are badly written - Command option Escape - List application to quit - Hold the option key when right clicking the app icon in the dock - Choose force quit ## Linux Commands (1.11) --- #### Linux Commands - The command line - Terminal, XTerm, or similar - Commands are similar in both Linux and macOS - Mac OS derived from BSD (Berkeley Software Distribution) Unix - Use the man command for help - An online manual - man grep #### ls - List directory contents - Similar to dir command in Windows - Lists files, directories - May support color coding; Blue is a directory, red is an archive file, etc - ![[Pasted image 20241022181429.png]] - For long output, pipe through more: - ls -l | more - use q or CTRL-C to exit #### pwd - Print Working Directory - Displays the current working directory path - Useful when changing directories often - ![[Pasted image 20241022181605.png]] #### mv - Move a file - Rename a file - ![[Pasted image 20241022181650.png]] - mv SOURCE DEST - mv first.txt second.txt #### cp - Copy a file - Duplicate files or directories - cp SOURCE DEST - cp second.txt third.txt #### rm - Remove files or directories - Deletes the files - Does not remove directories by default - Directories must be empty to be removed or must be removed with -r #### chmod - Change mode of a file system object - r=read, w=write, x=execute - Can also use octal notation - Set for the file owner (u), the group (g), others (o), or all (a) - chmod mode FILE - chmod 744 script.sh - ![[Pasted image 20241022182222.png]] - User; read, write, execute - Group; read only - Other; read only - chmod a-w first.txt - All users, no writing to first.txt - a= all users - -w disable any write functionality - chmod u+x script.sh - The owner of script.sh can execute the file - u = file owner - +x = enables execution rights to the file script.sh #### chown - Change file owner and group - Modify file settings - sudo chown [OWNER:GROUP] file - sudo chown professor script.sh - ![[Pasted image 20241022183750.png]] #### su / sudo - Some commands require elevated rights - There are some things normal users can't do - sudo - Execute a command as the superuser - Or as a different user ID - The specified command executes as the super user - su - Become super user - Or change to a different user - You can continue to be that user until you exit #### apt-get - Advanced Packaging Tool - Handles the management of application packages - Applications and utilities - Install, update, remove - sudo apt-get install wireshark #### yum - Yellow]dog Updater, Modified (yum) - Install, delete, update - Manages RPM packages - Red Hat Package Manager - RPM Package Manager - A Linux distribution will commonly use either yum or apt-get #### ip - Manage the network interfaces - Enable, disable, configure addresses, manage routes, APR cache, etc. - ip address - View the interface addresses - ip route - View the IP routing table - sudo ip address add 192.168.121.241/24 dev eth0 - Configure the IP address of an interface #### df - Disk Free - View file systems and free space - df - View number of blocks - df -h - View human-readable sizes #### grep - Find text in a file - Search through many files at a time - grep PATTERN [FILE] - grep failed auth.log #### ps - View the current processes - And the process ID (PID) - Similar to the Windows Task Manager - View user processes - ps - View all processes - ps -e #### top - View CPU, RAM, and resource utilization - The "Task Manager" for Linux - Process information - Easy to find the highly utilized applications - Summary of overall load - One, five, and fifteen minutes - Many different options - Check the man page for startup options and keys #### find - Find a file by name or extension - Search through any or all directories - Find files with a specific extension - find . -name "*.txt"* #### dig - Lookup information form DNS servers - Canonical names, IP addresses, cache timers, etc. - dig (Domain Information Groper) - Detailed domain information - Add dig to Windows: http://www.isc.org/downloads/bind/ #### cat - Concatenate - Link together in a series - Copy a file/files to the screen - cat file1.txt file2.txt - Copy a file/files to another file - cat file1.txt file2.txt > both.txt [[cat]] #### nano - Full screen text editor - Easy to edit - Included with many Linux distributions - Easy to install - Select, mark, copy/cut, and paste text - Similar features to graphical-based editors ## Linux Features (1.11) --- #### Backups - Many options - Command line and graphical - May be included with the distribution - tar - Tape archive - Easy to script into a backup schedule - rsync - Sync files between storage devices - Instant synchronization or scheduled - Command line tools - apt-get, yum - Graphical update managers - Software updater - Patch management - Updates can be scheduled - Software center - The Linux "App Store" #### Anti-virus/Anti-malware - Relatively few viruses and malware for Linux - Still important to keep updated - Clam Antivirus - Open source antivirus engine - Same best practices as any other OS - Always update signature database - Always use real-time scanning #### Shell/Terminal - Command line access to the operating system - Common to manage in Linux - OS maintenance - Run scripts, manage files - Configure OS and application settings #### Samba - Add SMB (Server Message Block) to Linux - File and print sharing - Active Directory integration - Integrate Linux into a Windows environment - Linux becomes a Windows file server ## Anti-Malware Tools --- #### Windows Recovery Environment - Very powerful - Very dangerous - Last resort ## An Overview of Windows (1.1) --- ##### Windows on the Core 2 exam - 2201-1102 exam - Two Widows versions - Windows 10 and Windows 11 - CompTIA considers all in-support Windows versions to be in scope for the exam - Mainstream support is 5 years after release - Windows versions are listed in the objectives - Everything else includes both Windows 10 and 11 - Fortunately, these are remarkably similar - Once you know one, you effectively know the other ##### Windows 10 - Released on July 29, 2016 - We skipped Windows 9 - A single platform - Desktops, laptops, tablets, phones, all-in-one devices - Ongoing updates - More than twelve different released versions - November 2021 (version 21H2) ##### Windows 10 Home - Home user - Retail sales - Integration with Microsoft account - Microsoft OneDrive backup - Windows Defender - Anti-virus and anti-malware - Cortana - Talk to your operating system ##### Windows 10 Pro - The business version of Windows - Additional management features - Remote Desktop host - Remote control each computer - BitLocker - Full disk encryption (FDE) - Join a Windows domain - Group policy management ##### Windows 10 Pro for Workstations - An edition for high-end desktops - Enhanced performance and storage options - More physical CPUs - Up to four - High maximum RAM - Supports up to 6 TB - Support for ReFS - Resilient File System - Same as Windows Server ##### Windows 10 Enterprise - Built for large implementations - Volume licensing - AppLocker - Control what applications can run - BrandCache - Remote file site caching - Granular User Experience (UX) control - Define the user environment - Useful for kiosk and workstation customization ##### Windows 10 hardware requirements | | Windows 10 Minimum Requirements (x86) | Windows 10 Minimum Requirements (x64) | | --------------- | ------------------------------------------------------------------------ | ------------------------------------------------------------------------ | | Processor/CPU | 1 GHz processor or faster | 1 GHz processor or faster | | Memory | 1 GB of RAM | 2 GB of RAM | | Free disk space | 32 GB or larger | 32 GB or larger | | Video | Microsoft DirectX 9 graphics device with WDDM driver, minimum of 800x600 | Microsoft DirectX 9 graphics device with WDDM driver, minimum of 800x600 | ##### Windows 10 Editions | Windows 10 Edition | Domain Access | BitLocker | Remote Desktop | Group Policy Management | Max x86 RAM | Max x64 RAM | | -------------------- | ------------- | --------- | --------------- | ----------------------- | ----------- | ----------- | | Home | X | X | Client Only | X | 4 GB | 128 GB | | Pro | Yes | Yes | Client and Host | Yes | 4 GB | 2 TB | | Pro for Workstations | Yes | Yes | Client and Host | Yes | 4 GB | 6 TB | | Enterprise | Yes | Yes | Client and Host | Yes | 4 GB | 6 TB | ## Windows Features (1.1) --- ##### Windows at Work - Large-scale support - Thousands of devices - Security concerns - Mobile devices with important data - Local file shares - Working on a spreadsheet - Watching a movie - Geographical sprawl - Cache data between sites ##### Domain Services - Active Directory Domain Services - Large database of your network - Everything documented in one place - User accounts, servers, volumes, printers - Distributed architecture - Many servers - Not suitable for home use - Many different uses - Authentication - Centralized management ##### Organizing Network Devices - Windows Workgroups - Logical groups of network devices - Each device is a standalone system, everyone is a peer - Windows Domain - Business network - Centralized authentication and device access - Supports thousand of devices across many networks ##### Desktop Styles - Your computer has many different uses - Those change depending on where you are - Work - Standard desktop - Common user interface - Customization very limited - You can work at any computer - Home - Complete flexibility - Background photos, colors, UI sizing ##### Availability of RDP - Remote Desktop Protocol - View and control the desktop of a remote device - RDP client - Connects to a Remote Desktop Service - Clients available for almost any operating system - Remote Desktop Service - Provides access for the RDP client - Available in Windows 10 Pro and Enterprise - Not available in Windows 10 Home ##### RAM support limitations - RAM support varies between editions - More advanced editions allow additional RAM - Max x86 RAM - Home -> 4 GB - Pro -> 4 GB - Pro for Workstations -> 4 GB - Enterprise -> 4 GB - Max x64 RAM - Home -> 128 GB - Pro -> 2 TB - Pro for Workstations -> 6 TB - Enterprise -> 6 TB ##### BitLocker and EFS - Data confidentiality - Encrypt important information - Encrypting File System (EFS) - Protect individual files and folders - Built in to the NTFS file system - BitLocker - Full Disk Encryption - Everything on the drive is encrypted - Even the Operating system - Home and business use - Especially on mobile devices ##### Group Policy Editor - Centrally manage users and systems - Policies can be part of Active Directory or a local system - Local Group Policy - Manages the local device - gpedit.msc - Group Policy Management Console - Integrated with Active Directory - Powerful system management - gpmc.msc ## Windows Upgrades (1.1) --- ##### Why upgrade? - Upgrade vs Install - Upgrade - Keep files in place - Install - start over completely fresh - Maintain consistency - Customized configurations - Multiple local user accounts - Upgrades save hours of time - Avoid application reinstall - Keep user data intact - Get up and running quickly ##### Upgrade methods - In place - Upgrade the existing OS - Keeps all applications, documents, and settings - Start the setup from inside the existing OS - Clean install - Wipe everything and reload - Backup your files - Start the setup by booting from the installation media ##### Upgrading Windows - Upgrade from the Windows installation media - Downloadable versions are available from Microsoft - Includes a media creation tool - You cannot upgrade x86 to x64 - Or x64 to x86 - Applies to all Windows versions - You'll have to migrate instead ##### Upgrade Paths - Many upgrades are between similar editions - Or higher-level Windows editions - In-place upgrade paths to Windows 10 - Windows 7 - Windows 8.1 (not Windows 8.0) - In-place upgrade paths to Windows 11 - Windows 10 ##### Post installation - Does it work? - If it doesn't boot, there are bigger problems - Some testing is useful for unknown hardware configurations - Start > Settings > System > Recovery > Go back - Additional installations - Service packs - Security patches - Security applications - Drive updates - Application updates ##### Windows Command Line Tools (1.2) --- ##### Privileges - Not all users can run all commands - Some information and tasks are for the administrator only - Standard privileges - Run applications as normal user - This works fine for many commands - Administrative/elevated privileges - You must be a member of the Administrators group - Right-click Command Prompt, choose Run as Administrator - cmd, CTRL+SHIFT+ENTER ##### Command line troubleshooting - Use "help" if you're not sure - help dir - help chkdsk - Also use: - *command* /? - Close the prompt with exit ##### File management - dir - List files and directories - cd or chdir - Change working directory - Use backslash \ to specify volume or folder name - .. - Two dots/periods - The folder above the current folder ##### MD / CD / RD - Make (mkdir or md) / Change (chdir or cd) / Remove Directory (rmdir or rd) ##### Drive letters - Each partitions is assigned a letter - Primary storage drive is usually C - Reference the drive with the letter and a colon - C: - Combine with the folder - Folder names are separated with backslashes - C:\Users\ieshua ##### hostname - View the name of the device - This is very useful when there are 10 different terminal screen tab in use - This is the Windows Device name - Name can be changed in the System settings ##### format - Formats a disk for use with Windows - BE CAREFUL - YOU CAN LOSE DATA ##### copy (/v, /y) - /v - Verifies that new files are written correctly - /y - Suppresses prompting to confirm you want to overwrite an existing destination file ##### xcopy - Copies files and directory trees - /s - specifies subdirectories ##### Robust copy - robocopy - A better xcopy - Included with Windows 10 and 11 ##### shutdown - Shutdown a computer - And optionally restart - shutdown /s /t nn - Wait nn seconds, then shutdown - /s - specifies to perform a shutdown - /t - specifies an amount of time in seconds to wait before the system is shutdown - shtudown /r /t nn - Shutdown and restart after nn seconds - shutdown /a - Abort the countdown ##### DiskPart - Creates partitions from an available disk - Manage disk configurations - BE CAREFUL - YOU CAN LOSE DATA ##### winver - View the About Windows dialog - A quick check - Useful when troubleshooting - Are you running the latest version? ##### Managing Group Policy - Group policy - Manage computers in an Active Directory Domain - Group Policy is usually updated at login - gpupdate - Force a Group Policy update - gpresult - Verify policy settings for a computer or user ## Windows Network Command Line (1.2) --- ##### ipconfig - Most of your troubleshooting starts with you IP address - Ping your local router/gateway - Determine TCP/IP and network adapter information - And some additional IP details - View additional configuration details - DNS servers, DHCP servers, etc. ##### ping - Test reachability - Determine round-trip time - Uses Internet Control Message Protocol (ICMP) - One of your primary troubleshooting tools - Can you ping the host? ##### netstat - Network Statistics - Many different operating systems - netstat -a - Show all active connections - netstat -b - Show binaries (Windows) - Requires elevation - netstat -n - Do not resolve names ##### nslookup - Name server lookup - Lookup information from DNS servers - Canonical names, IP addresses, cache timers, etc. - Lookup names and IP address - Many different options ##### net - Windows network commands ##### Common net commands - net view - View network resources - net use drive: - Map a network share to a drive letter - net user - View user account information and reset passwords ##### tracert - Determine the route a packet takes to a destination - Map the entire path - Takes advantage of ICMP Time to Live Exceeded error message - The time in TTL refers to hops, not seconds or minutes - TTL=1 is the first router, TTL=2 is the second router - Not all devices will reply with ICMP Time Exceeded messages - Some firewalls filter ICMP - ICMP is low priority for many devices #### pathping - Combine ping and traceroute - Included with Windows NT and later - First phase runs a traceroute - Build a map - Second phase - Measure round trip time and packet loss at each hop ## Task Manager (1.3) --- ##### Task Manager - Real Time system statistics - CPU, memory, disk access, etc. - Starting Task Manager - CTRL-ALT-DEL, select Task Manager - Right mouse click the taskbar and select Task Manager - CTRL-SHIFT-ESC ##### Services - Non-interactive applications - Hundreds of background processes - Manage from one screen - Start, stop, restart ##### Startup - Manager which programs start with a Windows login - Easily toggle on and off - Multiple reboots - Enable and disable - You'll find it ##### Processes - View all running processes - Interactive and system tray apps - View processes from other accounts - Manage the view - Move columns, add metrics - Combine all apps, processes, and services into a single tab - Easy to view and sort ##### Performance - What's happening? - CPU, memory, etc. - Statistical views - Historical, real-time - Current versions include CPU, memory, disk, Bluetooth, and network in the Performance tab ##### Networking - Network performance - Integrated into the Performance tab - View utilization, link speeds, and interface connection state ##### Users - Who is connected? - What are they doing? - Other options - Disconnect a user - Manage user accounts ## Microsoft Management Console (1.3) --- ##### Microsoft Management Console - Build your own console - mmc.exe ##### Event Viewer - Central event consolidation - What happened? - Application, Security. Setup. System - Information, Warning, Error, Critical, Successful Audit, Failure, Audit - eventvwr.msc ##### Disk Management - Manage disk operations - Individual computers and file servers - diskmgmt.msc - WARNING - YOU CAN ERASE DATA - ALWAYS HAVE A BACKUP ##### Task Scheduler - Schedule an application or script - Plan your future - Includes predefined schedules - Click and go - Organize - Manage with folders - taskchd.msc ##### Device Manager - The OS doesn't know how to talk directly to most hardware - Device drivers are hardware specific and operating system specific - Older device drivers may not necessary work in Windows 10 or 11 - devmgmt.msc ##### Certificate Manager - View user and trusted certs - Add and remove - certmgr.msc ##### Local Users and Groups - Users - Administrator - The Windows super user - Guest - Limited access - Regular Users - Groups - Administrators, Users, Backup Operators, Power Users, etc. - lusrmgr.msc ##### Performance Monitor - Gather long-term statistics - perfmon.msc - OS metrics - Disk, memory, CPU, etc - Set alerts and automated actions - Monitor and act - Store statistics - Analyze long term trends - Built-in reports - View the data ##### Group Policy Editor - Centrally manage users and systems - Policies can be part of Active Directory or a local system - Local Group Policy Editor - Manages the local device - gpedit.msc - Group Policy Management Console - Integrated with Active Directory - Powerful system management - gpmc.msc ## Additional Windows Tools (1.3) --- ##### System Information - System overview - msinfo32.exe - Hardware Resources - Memory, DMA, IRQs, conflicts - Components - Multimedia, display, input, network - Software environment - Drivers, print jobs, running tasks ##### Resource Monitor - Detailed real-time view of performance - Separated by category - Categories - Overview, CPU, memory, disk, and network - resmon.exe ##### System Configuration - Manage boot processes, startup, services, etc - One-stop shop - msconfig ## Troubleshooting Windows (3.1) --- #### Bluescreens and frequent shutdowns --- Startup and shutdown Blue Screen of Death (BSOD) - Bad hardware, bad drives, bad application Use Last Known Good, System Restore, or Rollback Driver - Try safe mode Reseat or remove the hardware - If possible Run hardware diagnostics - Provided by the manufacturer - BIOS may have hardware diagnostics #### Sluggish Performance --- Task Manager - Check for high CPU and I/O Windows Update - Latest patches and drivers Disk space - Check for available space and defrag Laptops may be using power-saving mode - Throttles the CPU Anti-virus and anti-malware - Scan for attackers #### Boot errors --- Can't find the operating system - "Operating System not found", "Missing operating system" Boot loader replace or changed - Multiple operating systems installed Check boot drives - Remove any media Startup Repair Modify the Windows Boot Configuration Database (BCD) - Formerly boot.ini - Recovery Console: bootrec /rebuildbcd #### Startup Repair --- Missing NTLDR - The main Windows Boot loader is missing - Run Startup Repair or replace manually and reboot - Disconnect removable media Missing operating system - Boot configuration data may be incorrect - Run startup repair or manually configured BCD store Boots to Safe Mode - Windows not starting normally - Run Startup Repair #### Starting the system --- Device not starting - Check device manager and Event Viewer - Often a bad driver - Remove or replace driver One or more services failed to start - Bad/incorrect driver, bad hardware - Try starting manually - Check account permissions - Confirm service dependencies - Windows service; check system files - Application Service; reinstall application #### Application Crashing --- Application stops working - May provide an error message - May just disappear Check the Event Log - Often includes useful reconnaissance Check the Reliability Monitor - A history of application problems - Checks for resolutions Reinstall the application - Contact application support #### Low Memory Warnings --- Your computer is low on memory - Applications need RAM to run - More applications need more RAM Close large memory processes - Check Task Manager Increase virtual memory - More room for swapping applications - System > About > Advanced System Settings > Performance > Settings > Virtual Memory #### USB Controller Resource Warnings --- USD devices contain buffers called "endpoints" - Different USB controllers support a different number of endpoints (96, 254, etc) Different devices require a different number of endpoints - Exceed the number of endpoints and you run out of resources - It's difficult to determine the number of endpoints used by a device The controller does not have enough resources for this device - The endpoints are these resources Move the device to a different USB interface - USB 2.0 interfaces might support a large number of endpoints Match the USB interface to the device capabilities - USB 2.X devices - USB 3.x devices - More endpoints for all devices #### System Instability --- General system failures - Software errors, system hangs, application failures Time for a full diagnostic - This could be almost anything Hardware diagnostic - Most systems include manufacturer diagnostics - Also run storage and memory checks Check the operating system - Run SFC (system file checker) - Perform an anti-malware scan #### Slow Profile Load --- Roaming user profile - Your desktop follows you to any computer - Changes are synchronized Network latency to the domain controller - Slows login script transfers - Slow to apply computer and user policies - May require many hundreds (or thousands) of LDAP queries Client workstation picks a remote domain controller instead of a local Domain controller - Problems with local infrastructure #### Time Drift --- A computer's internal clock will drift over time - Computers aren't great timekeepers The solution is to fix the symptom - Fixing the problem would require changing the design of every computer Enable automatic time setting - Settings > Time & language > Date & time - Time zone may need to be configured manually if privacy settings are enabled ## Troubleshooting Solutions (3.1) --- #### Reboot --- Have you tried turning it off and on again? - There's a reason it works Bug in your router software - Reboot the router Application is using too many resources - Stops the app Memory leak slowly consumes all available RAM - Clears the RAM and starts again #### Restart Services --- Services - Applications that run in the background - No user interaction Similar issues as a normal process - Resource utilization - Memory leaks - Crashes View status in Task Manager - Services tab - Right-click to start, stop, or restart #### Uninstall/Reinstall/Update Applications --- Application issues - Problems with the application files or configurations Settings > Apps > Apps & Features - Repair, reset, or uninstall Some options in the Control Panel - Programs and Features Run the application setup again - Other options may be available from the setup program Repair - Install Missing files - Replace corrupted files - Fix application shortcuts - Repair registry entries - Update or reconfigure drivers Reset - Remove all application data - A factory reset / original install Uninstall - Remove the application #### Verify requirements --- Every operating system and application publishes a set of requirements - These are commonly the bare minimums Check with the manufacturer - Get the official requirements Hardware and software resources - CPU speed, total RAM, video options, device drivers, runtime libraries Use System Information - View the current configuration #### Add Resources --- Check resource utilization - Task manager Consider a long term analysis - Performance Monitor Compare existing resources with manufacturer requirements - Add or replace hardware (CPU, SSD, RAM) Free drive space - Disk cleanup #### System File Checker --- Verify the integrity of the operating system - Check every important system file with sfc #### Startup Repair --- Start from settings - Settings > System > Recovery Also available from the Advanced Boot Options - Repair Windows #### Windows Restore --- Start the System Restore Application - System > About > System Protection - This assumes you've not disabled restore points Pick a restore point and let the system reboot - The operating system configuration will revert to the previous date and time - User Data will not be modified #### Reimage or Reload OS --- Windows is big - And complex Spend time trying to find the needle - Or simply build a new haystack Many organizations will have prebuilt images - Don't waste time researching issues Windows includes a reset option - 10: Settings > Update and Security > Recovery - 11: Settings > System > Recovery #### Update and Patch --- Windows update - Centralized OS and driver updates Lots of flexibility - Change active hours - Managed metered connections Applications must be patched - Security issues don't stop at the OS - Download from the publisher #### Roll back updates --- Updates are installed automatically by default - Important security patches View the history - 10: Settings > Update & Security > Windows Update - 11: Settings > Windows Update #### Rebuild Windows profiles ---- Profiles can become corrupted - The User Profile Service failed the logon. User profile cannot be loaded - User documents may be "missing" If a profile doesn't exist, it's recreated - We're going to dele the profile and force the rebuilding process #### Deleting Windows Profiles --- - Login to the computer with Domain Administrator Rights - Rename the \Users\name folder - This will save important files - Backup the user's registry - Delete the registry entry - You have a backup - Restart the computer #### Reconstructing Windows Profiles --- - Login to the computer with the user account - The profile will be rebuilt - This will recreate the \Users\name folder - Login as Domain Administrator - Copy over any important files from the old profile - Do not copy the entire profile - Corrupted files might exist in the old profile ## Troubleshooting Security Issues (3.2) --- #### Unable to access the network - Slow performance, lockup - Malware isn't the best written code - Internet connectivity issues - Malware likes to control everything - You go where it want you to go - You can't protect yourself if you can't download - OS updates failures - Malware keeps you vulnerable - Some malware uses multiple communication paths - Reload or clean - Malware cleaner or recover from known good backup #### Desktop alerts - Browser push notification messages - Pretends to be a malware infection - Actual notifications come from your antivirus utility - Disable browser notifications - Create an allow list of legit sites - Scan for malware - Consider a cleaning - Rebuild from scratch or known good backup to guarantee removal #### False antivirus alerts - False antivirus messages - May include recognizable logos and language - May require money to "unlock" your PC - Or to "subscribe" to their service - Often requires a specific anti-malware removal utility or technique - The attackers are very, very good #### Altered system or personal files - Renamed system files - Won't need that anymore - Files disappearing - Or encrypted - File permission changes - Protections are modified - Access denied - Malware locks itself away - It doesn't leave easily` - Use a malware cleaner or restore from know good backup #### Browser Security Alerts - Security alerts and invalid certificates - Something isn't quite right - Should raise your interest - Look at certificate details - Click the lock icon - May be expired or the wrong domain name - The certificate may not be properly signed (untrusted certificate authority) - Correct time and date is important #### Browser Redirection - Instead of your Google result, your browser goes somewhere else - This shouldn't ever happen - Malware is the most common cause - Makes money for the bad guys - Use an anti-malware/anti-virus cleaner - This is not the best option - Restore from a good known backup - The only way to guarantee removal ## Removing Malware (3.3) --- ###### Malware Removal - This is almost never the best practice - It's impossible to know if all of the malware has been removed - Ideally, you should delete everything and start over - Restore from a known-good backup - Install from the original media - There are reasons to remediate - Important user documents may need to be recovered - Get the system running well enough to backup certain files ###### 1. Verify Malware Symptoms - Odd error messages - Application failures, security alerts - System performance issues - Slow boot, slow applications - Research the malware - Know what you're dealing with ###### 2. Quarantine infected - Disconnect from the network - Keep it contained - Isolate all removable media - Everything should be contained - Prevent the spread - Don't transfer files, don't try to backup - That ship sailed ###### 3. Disable System Restore - Restore points make it easy to rewind - Malware infects restore points - Disable System Protection - No reason to save an infected config - Delete all restore points - Remove all infection locations ###### 4a. Remediate: Update anti-virus - Signature and engine updates - The active anti-virus engine - Signature updates - A very, very tiny shelf life - Automatic vs manual - Manual updates are almost pointless - Your malware may prevent the update process - Copy from another computer ###### 4b. Remediate: Scan and remove - Microsoft and other - The big anti-virus app - Malware specific - Scan and remove difficult malware - Stand alone removal apps - Check with your antivirus company - There's really no way to know if it's really gone - Delete and rebuild - Safe mode - Load the bare minimum operating system - Just enough to get the OS running - Can also prevent the bad stuff from running - Pre-installation environment (WinPE) - Recovery Console, bootable CD/DVDs/USBs - Build your own from the Windows Assessment and Deployment Kit (ADK) - May require the repair of boot records and sectors ###### 5. Schedule Scans and run Updates - Built into the antivirus software - Automated signature updates and scans - Task Scheduler - Run any task - Operating system updates - Make sure its enabled and working ###### 6. Enable System Protection - Now you're clean - Put things as they were - Creating a restore point - Start populating again ###### 7. Educate the end user - One on one - Personal training - Posters and signs - High visibility - Message board posting - The real kind - Login message - These become invisible - Intranet page - Always available ## Troubleshooting Mobile Devices (3.4) --- ###### App issues - Problematic apps - Apps not loading - Slow app performance - Restart the phone - Hold power button, power off - Stop the app and restart - iPhone: Double tap home | slide up, slide app up - Android: Settings/Apps, select app, Force stop - Update the app - Get the latest version ###### App fails to close or crashes - App hangs - But other apps are still working - App crashes - May provide an error message, or just disappear - Restart the device - Clear the state, try the app again - Update the app - A bug fix might resolve the issue - Delete and reinstall the app - Be careful not to remove important app data ###### App fails to update - App does not update to a new version - But other apps are still working - Check the Store to manually upgrade - Fore the upgrade process - Some stores require a valid method of payment on file - Restart the device - Try the update process again ###### OS fails to update - Device operating system will not update - New features, bug fixes, security updates - Check available storage - Remove unused documents and apps - Check download bandwidth - Connect to Wi-Fi - Try a different network connection - Update server may not be accessible - Reboot - Always a good idea ###### Battery life issues - Bad reception - Always searching for signal - Airplane mode on the ground - Aging battery - There's only so many recharges - Disable unnecessary features - 802.11 wireless, Bluetooth, GPS - Check application battery usage ###### Random reboots - A device reboots during normal operating - May occur randomly - Check the OS and app versions - Keep everything up to date - Perform a hardware check - Check the battery health - Not many diagnostic options - Contact Tech Support for options - Crash logs should be on the device ###### Connectivity issues - Intermittent connectivity - Move closer to access point - Try a different access point - No Wi-Fi connectivity - Check/Enable WiFi - Check security key configuration - Hard reset can restart wireless subsystem - No Bluetooth Connectivity - Check/Enable Bluetooth - Check/Pair Bluetooth component - Hard reset to restart Bluetooth subsystem - NFC not working - Limited troubleshooting options - Device may allow disable/enable of NFC - Reset the device - If payment related, remove and add the card again - AirDrop not working - Distance between devices < 30 feet - Turn on Wi-Fi and Bluetooth - Check AirDrop discovery options - "Allow me to be discovered by" ###### Screen does not autorotate - Turning the device doesn't rotate the view - It should know which way is up - Disable rotation lock - Prevent autorotation when enabled - Restart the app - The device might be working properly - Restart the device - Perhaps the device isn't working properly - Contact device support - If nothing rotates, you could have a sensor issue ## Troubleshooting Mobile Device Security (3.5) --- ###### Android package source - Once malware is on a phone, it has a huge amount of access - Don't install APK (Android Package Kit) files from an untrusted source - iOS - all apps are curated by Apple - Android - Apps can be downloaded from Google Play or a trusted app store - Sideloading is where problems can occur ###### Developer Mode - Enables developer-specific settings - USB debugging - Memory statistics - Demo mode settings - iOS and iPadOS - Enable using Xcode - Must use macOS - Android - Enabled from Settings > About Phone - Tap the build number seven times ###### Root access/jailbreaking - Most devices are purpose built systems - You don't need direct access to the operating system - Gaining access - Android -> Rooting - Apple iOS -> Jailbreaking - Install custom firmware - Replaces the existing operating system - Uncontrolled access - Circumvent security features, sideload apps without using an app store - The MDM becomes relatively useless ###### Application spoofing - Install what appears to be a legitimate app - Actually a bootleg or malicious application - Google removed 150 apps from the store in 2021 - Infect the application used to build the apps - Always check the source of a download - And the legitimacy of the app - You are giving this app permissions and control ###### High network traffic - Higher than normal network use - May indicate installed malware - Command & control - Proxy network use - Check built it data use reports - Some of these are quite detailed - Use a third party reporting app - Use a trusted source - Run a malware scan - Always a good precaution ###### Data-usage limit notification - Built in Android feature - Not native in iOS - Set a warning and limit - Get notification when traffic is excessive - Can indicate a malware infection - Drill down on individual app usage - Run a malware scan - Find the problem app ###### Sluggish response time - Running slowly - Screen lags, poor input response time - Restart - Clear the state - Check for OS and app updates - Fix the buggy code - Close apps that are not in use - Less resources to manage - Factor reset - A last chance to resolve the problem ###### Limited or no Internet connectivity - Malware doesn't want to be removed - it will prevent access to network resources - Disable and enable Wi-Fi - Or enable/disable airplane mode - Restart the device - Clear memory and reload drivers - Perform a malware scan - Find and remove ###### High number of ads - Malware wants to show you advertising - Revenue for each view and click - May be difficult to find - Run anti-malware utility - Remove the adware ###### Fake security warnings - The easiest way to get on a phone - Have the user install their own malware - The warning seems legitimate - They are not actual security issues - Do not install any software - Malware can directly access user data - Steals credit card details, stored passwords, browsing history, text messages - Don't click - If you click, run a malware removal tool ###### Unexpected application behavior - Apps unexpectedly close - Or have excessive delays - App doesn't seem to have all of the normal features - Or include features are not working - High battery utilization - Only when this application is running - Update the app - Get the latest version ###### Leaked personal files - Unauthorized account access - Unauthorized root access - Leaked personal files and data - Determine cause of data breach - Performa an app scan, run anti-malware scan - Factory reset and clean install - This is obviously a huge issue - Check online data sources - Change passwords ## Ticketing Systems (4.1) --- ###### Ticketing Systems - The best way to manage support requests - Document, assign, resolve, report - Usually a responsibility of the help desk - Take the calls - Triage - Determine the best next step - Assign the ticket and monitor - There are many different ticketing systems - They're all very similar in function ###### Managing a support ticket - Information gathering - User and device information - Problem description - Applying Context - Categorization of the problem - Assign severity - Determine if escalation is required - Clear and concise communication - Problem description - Progress notes - Resolution details ###### User Information - You can't address a person's problem unless you know who has the issue - Add the name of the person reporting the problem - Usually integrated into a name service - Active Directory or similar - May be added automatically - Many issues arrive from a portal or email gateway - Always confirm the contact information - The database may not be up to date ###### Device and description - Device information - Laptop, printer, conference room projector, etc. - Description - One of the most important fields in the ticket - Make the description clear and concise - The description determines the next step - Call back for more information - Associate with another event - Assign to another person ###### Categorization and escalation - Categories - Broad description - Change request, hardware request, problem investigation, hardware failure, onboarding/offboarding, etc. - Severity - Often established set of standards - Low, medium, high, critical - Escalation levels - Difficult or unique problems can be handled by a specialist - Escalate to a new tier or to a specific group ###### Resolving the issue - Progress notes - Many people may read and/or work on a single ticket - Keep the progress information concise - Document any changes or additional information - Problem resolution - Document the solution - May be referenced later by others with the same problem - A "live" knowledgebase of issues and resolutions ## Asset Management (4.1) --- ###### Asset management - A record of every asset - Laptops, desktops, servers, routers, switches, cables, fiber modules, tablets, etc - Associate a support ticket with a device make and model - Can be more detailed than a user's description - Financial records, audits, deprecation - Make/model, configuration, purchase date, location, etc - Add an asset tag - Barcode, RFID, visible tracking number, organization name ###### Asset database - A central asset tracking system - Used by different parts of the organization - Assigned users - Associate a person with an asset - Useful for tracking a system - Warranty - A different process if out of warranty - Licensing - Software costs - Ongoing renewal deadlines ###### Procurement life cycle - The purchasing process - Multi-step process for requesting and obtaining goods and services - Start with a request from the user - Usually includes budgeting information and formal approvals - Negotiate with suppliers - Terms and conditions - Purchase, invoice, and payment - The money part ## Document Types (4.1) --- ###### Acceptable use policies (AUP) - What is acceptable use of company assets? - Detailed information - May be documented in the Rules of Behavior - Covers many topics - Internet use, telephones, computers, mobile devices, etc. - Used by an organization to limit legal liability - If someone is dismissed, these are the well-documented reasons why ###### Network topology diagram - Describes the network layout - May be a logical diagram - Can include physical rack locations ###### Compliance - Compliance - Meeting the standards of laws, policies, and regulations - A healthy catalog of rules - Across many aspects of business and life - Many are industry-specific or situational - Penalties - Fines, loss of employment, incarceration - Scope - Domestic and international requirements ###### Splash Screens - A message, logo, or graphic shown during startup or login - Can be used for branding or to require compliance - Can be informational - Maintenance notifications or system changes - May be required for legal or administrative puproses - Warnings about system misuse - Information about relying on application data ###### Incident Reports - Security policy - An ongoing challenge - Documentation must be available - No questions - Incidents are ongoing - Organizations have formal incident plans - Reports and documentation - Detail of any security incident - Create a reference for future incidents ###### Standard Operating Procedures - Organizations have different business objectives - Process and procedures - Operational procedures - Downtime notifications - Facilities issues - Software installation and upgrades - Custom installation of software package - Testing, change control - Documentation is the key - Everyone can review and understand the policies ###### On-boarding - Bring a new person into the organization - New user setup checklist - IT agreements needs to be signed - May be part of the employee handbook or a separate AUP - Create accounts - Associate the user with the proper groups and departments - Provide required IT hardware - Laptops, tablets, etc. - Preconfigured and ready to go ###### Off-boarding - All good things... - End user termination checklist - This process should be predefined - You don't want to decide how to do things at this point - What happens to the hardware? - What happens to the data? - Account information is usually deactivated - But not always deleted ###### Knowledge base and articles - External sources - Manufacturer knowledge base - Internet communities - Internal documentation - Institutional knowledge - Usually part of the help desk software - Find the solution quickly - Searchable archive - Automatic searches with helpdesk ticket keywords ## Change Management (4.2) --- ###### Change management - How to make a change - Upgrade software, patch an application, change firewall configuration, modify switch ports - One of the most common risks in the enterprise - Occurs very frequently - Often overlooked or ignored - Did you feel that bite? - Have clear policies - Frequency, duration, installation process, rollback procedures - Sometimes extremely difficult to implement - It's hard to change corporate culture ###### Rollback plan - The change will work perfectly and nothing will ever go bad - Of course it will - You should always have a way to revert your changes - Prepare for the worst, hope for the best - This isn't as easy as it sounds - Some changes are difficult to revert - Always have backups - Always have backups ###### Sandbox testing - Isolated testing environment - No connection to the real world or production systems - A technological safe space - Use before making a change to production - Try the upgrade, apply the patch - Test and confirm before deployment - Confirm the rollback plan - Move everything back to the original - A sandbox can't consider every possibility ###### Responsible staff members - A team effort - Many different parts of the organization - IT team - Implements the change - Business customer - The user of the technology or software - Organization sponsor - Someone's budget is responsible for the process - Or responsible for the profit ###### Change management process - A formal process for managing change - Avoid downtime, confusion, and mistakes - Nothing changes without the process - Complete the request forms - Determine the purpose of the change - Identify the scope of the change - Schedule a date and time of the change - Analyze the risk associated with the change - Get approval from the change control board - Get end-user acceptance after the change is complete ###### Change request forms - A formal process always seems to include a bit of paperwork - This is usually an online system - Nothing gets missed - Easy to managed - Create detailed reports and statistics - Usually a transparent process - Many different groups and people are usually involved ###### Purpose of the change - Why are we doing this? - There needs to be a compelling reason - Application upgrades - New features - Bug fixes - Performance enhancements - Security fixes - Monthly patches and vulnerability fixes - There needs to be a good reason - Changes are costly ###### Scope of the change - Determined the effect of the change - May be limited to a single server - Or an entire site - A single change can be far reaching - Multiple applications, Internet connectivity, remote site access, external customer access - How long will this take? - Specific date and time for the change - May have no impact - Could have hours of downtime ###### Risk analysis - Determine a risk value - high, medium, low - The risks can be minor or far-reaching - The "fix" doesn't actually fix anything - The fix breaks something else - Operating system failures - Data corruption - What's the risk with NOT making the change? - Security vulnerability - Application vulnerability - Unexpected downtime to other services ###### Change board and approvals - Go or no go - Lots of discussion - All important parts of the organization are represented - Potential changes can affect the entire company - Some changes have priority - The change board makes the schedule - Some changes happen quickly, some take time - This is the last step - The actual work comes next ###### End-user acceptance - Nothing happens without a sign-off - The end users of the application/network - One of your jobs is to make them successful - They ultimately decide if a change is worth it to them - Ideally, this is a formality - Of course, they have been involved throughout the entire process - There's constant communication before and after ## Managing Backups (4.3) --- ###### Backups - Incredibly important - Recover important and valuable data - Plan for disaster - Many different implementations - Total amount of data - Type of backup - Backup media - Storage location - Backup and recovery software - Day of the week ###### Full backup - Backup everything - All operating system and user files - This is usually the longest backup process - Is everything in one backup - Might be impractical everyday - Long backup times - Lots of storage space ###### Differential Backup - A full backup is taken first - Subsequent backups contain data changed since the last full backup - These usually grow larger as data is changed - A restoration requires the full backup and the last differential backup ###### Incremental Backup - A full backup is taken first - Subsequent backups contain data changed since the last full backup and last incremental backup - These are usually smaller than the full backup - A restoration requires the full backup and all of the incremental backups ###### Synthetic backup - Create a full backup - Without actually performing a full backup - Synesthetic backup - The first full backup copies every file - Subsequent full backups are created from previous backups - Can be faster and less bandwidth intensive - The advantage of a full backup - The efficiency of an incremental backup ###### Backup types | Type | Data Selection | Backup/Restore Time | | ------------ | -------------------------------------------------- | ---------------------------------------------- | | Full | All selected data | High/low (one backup set) | | Differential | All data modified since the last full backup | Moderate/Moderate (No more than 2 backup sets) | | Incremential | New files and files modified since the last backup | Low/High (Multiple backup sets) | | Synthetic | All selected data | Low/Low (one backup set) | ###### Backup testing - It's not enough to perform the backup - You have to be able to restore - Disaster recovery testing - Simulate a disaster situation - Restore from backup - Confirm the restoration - Test the restored application and data - Perform periodic audits - Always have a good backup - Weekly, monthly, quarterly checks ###### On site vs off site backups - On site backups - No internet link required - Data is immediately available - Generally less expensive than off site - Off site backups - Transfer data over Internet or WAN link - Data is available after a disaster - Restoration can be performed from anywhere - Organization often use both - More copes of data - More options when restoring ###### Grandfather-Father-Son (GFS) - Three separate backup rotations - Monthly, weekly, daily - Twelve monthly full backups (grandfather) - A good choice for offsite storage - Four (or five) weekly full backups (father) - Depends on which day of the month is selected - Thirty-one daily incremental or differential backups (son) - Backup any daily changes ###### GFS backup schedule - Choose a rotation - Every organization is different - Grandfather - Last day of every month - Father - Every Monday - Son - Monday through Friday ###### 3-2-1 backup rule - A popular and effective backup strategy - For business or home use - 3 copies of data should always be available - One primary copy and two backups - 2 different types of media should be used - Local drive, tape backup, NAS - 1 copy of the backup should be offsite - Offsite storage, cloud backup ## Managing Electrostatic Discharge (4.4) --- ###### What is electrostatic discharge - Static electricity - Electricity that doesn't move - Static electricity isn't harmful to computers - It's the discharge that gets them - ESD can be very damaging to computer components - Silicon is very sensitive to high voltages - Feel static discharge: ~3,500 volts - Damage an electronic component: 100 volts or less ###### Controlling ESD - Humidity over 60% helps control ESD - Won't prevent all possible ESD - Keeping an air conditioned room at 60% humidity isn't very practical - Use your hand to "self ground" - Touch the exposed metal chassis before touching a component - You'll want to unplug the power connection - DO NOT CONNECT YOURSELF TO THE GROUND OF AN ELECTRICAL SYSTEM ###### Preventing static discharge - Anti-static strap - Connect your wrist to a metal part of the computer - Anti-static pad - A workspace for the computer - Anti-static mat - A mat for standing or sitting - Anti-static bag - Safely move or ship components ###### Components handling and storage - Try not to touch components directly - Card edges only - Store in an HVAC regulated environment - Between 50 and 80 degrees Fahrenheit, or 10 to 27 degrees Celsius - Avoid high humidity - Silica gel packets can help control humidity - Store in the original padded box - Bubble wrap can be a good alternative ## Safety Procedures (4.4) --- ###### WARNING - Power is dangerous - REMOVE ALL POWER SOURCES BEFORE WORKING - Don't touch ANYTHING if you aren't sure - Replace entire power supply units - Don't repair internal components - High voltage - Power supplies, displays, laser printers ###### Equipment grounding - Most computer products connect to ground - Divert any electrical faults away from people - Also applies to equipment racks - Large ground wire - Don't remove the ground connection - It's there to protect you - NEVER CONNECT YOURSELF TO THE GROUND OF AN ELECTRICAL SYSTEM - This is not a way to prevent ESD ###### Personal Safety - Lifting technique - Lift with your legs, keep your back straight - Don't carry overweight items - You can get equipment to lift - Electrical fire safety - Don't use water or foam - Use carbon dioxide, FM-200 or other dry chemicals - Remove the power source - Safety googles - Useful when working with chemicals - Printer repair, toner, batteries - Air filter mask - Dusty computers - Printer toner ###### Local government regulations - Health and safety laws - Vary widely depending on your location - Keep the workplace hazard free - Building codes - Fire prevention, electrical codes - Environmental regulation - High tech waste disposal ## Environmental Impacts (4.5) --- ###### Disposal Procedures - Read your Material Safety Data Sheets (MSDS) - Provides information for all hazardous chemicals - Batteries, display devices / CRTs, chemical solvents and cans, toner and ink cartridges ###### MSDS info - Product and company information - Composition / ingredients - Hazard information - First aid measures - Fire-fighting measures - Accidental release / leaking - Handling and Storage - Much more ###### Handling toxic waste - Batteries - Uninterruptible Power Supplies - Dispose at your local hazardous waste facility - Toner - Recycle and reuse - Many printer manufacturers provide a return box - Some office supply companies will provide a discount for each cartridge - Other devices and assets - Refer to the MSDS - Don't throw out without clear directions ###### Room control - Temperature - Devices need constant cooling - Humidity level - High humidity promotes condensation - Low humidity promotes static discharges - 50% is a good number - Proper ventilation - Computers generate heat - Don't put everything in a closet ###### Battery backup - Uninterruptible Power Supply - Backup power - Power failures, under-voltage events, surges - UPS types - Standby UPS - Line-interactive UPS - On-line UPS - Features - Auto shutdown, battery capacity, outlets, phone line suppression ###### Surge Suppressor - Not all power is "clean" - Self inflicted power spikes and noise - Storms, power grid changes - Spikes are diverted to ground - Noise filters remove line noise - Decibel levels at a specified frequency - Higher DB is better ###### Surge Suppressor Specs - Joule ratings - Surge absorption - 200=good, 400=better - Look for over 600 joules of protection - Surge amp ratings - Higher is better - UL 1449 voltages let-through ratings - Ratings at 500, 400, and 330 volts - Lower is better ## Privacy, Licensing, and Policies (4.6) --- ###### Incident Response: Chain of custody - Control evidence - Maintain integrity - Everyone who contacts the evidence - Avoid tampering - Uses hashes - Label and catalog everything - Seal, store, and protect - Digital signatures ###### Incident Response: First response - Identify the issues - Logs, in person, monitoring data - Report to proper channels - Don't delay - This may include internal management and law enforcement - Collect and protect information relating to an event - Many different data sources and protection mechanisms ###### Incident Response: Copy of drive - Copy the contents of a disk - Bit-for-bit, byte-for-byte - Remove the physical hardware - Use a hardware write-blocker - Preserve the data - Software imaging tools - Use a bootable device - Use hashes or data integrity - Drive image is hashed to ensure that data has not been modified ###### Incident Response: Documentation - Document the findings - For internal use, legal proceedings, etc. - Summary information - Overview of the security event - Detailed explanation of data acquisition - Step-by-step method of the process - The findings - An analysis of the data - Conclusion - Professional results, given the analysis ###### Software licenses - Most software includes a license - Terms and conditions - Overall use, number of copies, and backup options - Valid licenses - Per seat - Concurrent - Non-expired licenses - Ongoing Subscriptions - Annual, three year, etc - Use the software until the expiration date ###### Licenses - Personal license - Designed for the home user - usually associated with a single device - or a small group of devices owned by the same person - Perpetual (one time) purchase - Corporate use license - Per seat purchase / Site license - The software may be installed everywhere - Annual renewals ###### Open source license - Free and Open Source (FOSS) - Source code is freely available - End user can compile their own executable - Closed source / Commercial - Source code is private - End user gets compiled executable - End User Licensing Agreement (EULA) - Determines how the software can be used ###### Regulating credit card data - Payment Card Industry Data Security Standard (PCI DSS) - A standard for protecting credit cards - Six control objectives - Build and Maintain a Secure Network and Systems - Protect cardholder data - Maintain a vulnerability management program - Implement strong access control measures - Regularly monitor and test networks - Maintain an information security policy ###### Personal government issued information - Used for government services and documentation - Social security number, driver license - There may be restrictions on collecting or storing government information - Check your local regulations ###### PII - Personally identifiable information - Any data that can identify an individual - Part of your privacy policy - How will you handle PII - Not everyone realizes the importance of this data - It becomes normal part of the day - It can be easy to forget its importance - Attackers use PII to gain access or impersonate - Bank account information - Answer badly-written password reset questions ###### GDPR - General Data Protection Regulation - European Union Regulation - Data protection and privacy for individuals in the EU - Name, address, photo, email address, bank details, posts on social networking websites, medical information, a computer's IP address, etc. - Controls export of personal data - Users can decide where their data goes - Gives individual control of their personal data - A right to be forgotten, right of erasure - Site privacy policy - Details all of the privacy right for a user ###### PHI - Protected Health Information - Health information associated with an individual - Health status, health care records, payments for health care, and much more - Data between providers - Must maintain similar security requirements - HIPPA regulations ###### Data retention requirements - Keep files that change frequently for version control - Files change often - Keep at least a week, perhaps more - Recover from virus infection - Infection may not be identified immediately - May need to retain 30 days of backups - Often legal requirements for data retention - Email storage may be required over years - Some industries must legally store certain data types - Different data types have different storage requirements - Corporate tax information, customer PII, tape backups, etc. ## Communication (4.7) --- ###### Communication skills - One of the most useful skills for the troubleshooter - One of the most difficult skills to master - A skilled communicator is incredibly marketable ###### Avoid jargon - Abbreviations and TLAs - Three letter Acronyms - Avoid acronyms and slang - Be the translator - Communicate in terms that everyone can understand - Normal conversations puts everyone at ease - Decisions are based on what you say - These are the easiest problems to avoid ###### Maintain a positive attitude - Positive tone of voice - Partner with your customer - Project confidence - Problems can't always be fixed - Do your best - Provide helpful options - Your attitude has a direct impact on the overall customer experience ###### Avoid interrupting - But I know the answer! - Why do we interrupt? - We want to solve problems quickly - We want to show how smart we are - Actively listen, take notes - Build a relationship with the customer - They'll need help again someday - Don't miss a key piece of information - Especially useful on the phone ###### Clarify customer statements - Ask pertinent questions - Drill down into the details - Avoid an argument - Avoid being judgmental - Repeat your understanding of the problem back to the customer - Did I understand you correctly? - Keep an open mind - Ask clarifying questions, even if the issue seems obvious - Never make assumptions ###### Setting expectations - Offer different options - Repair - Replace - Document everything - No room for questions - Keep everyone informed - Even if the status is unchanged - Follow up afterwards - Verify satisfaction ## Professionalism (4.7) --- ###### Professional Appearance - Match the attire of the current environment - Everyone should feel comfortable about their dress - Formal - Some organizations have specific requirements - Business casual - A more relaxed style ###### Avoid being judgmental - Cultural sensitivity - Use appropriate professional titles - You're going to make some BIG mistakes - Remember them ###### Be on time and avoid distractions - Don't allow interruptions - No personal calls, no texting, no Twitter - Don't talk to coworkers - Apologize for delays and unintended distractions ###### Difficult situations - Technical problems can be stressful - Don't argue or be defensive - Diffuse a difficult situation with listening and questions - Never take the situation to social media ###### Maintain confidentiality - Privacy concerts - Sensitive information - On the computer or printer - Professional responsibilities - IT professionals have access to a lot of corporate data ## Scripting Languages (4.8) --- ###### Scripting Languages - Automate with the right tools - The script should match the requirement - May be specific to a task or operating system - Your choices may already be limited - You will probably learn more than one of these - An important skill for any technician ###### Batch files - .bat file extension - Scripting for Windows at the command line - Legacy goes back to DOS and OS/2 ###### Windows PowerShell - Command line for system administrators - .ps1 file extension - Included with Windows 10 and 11 - Extend command line functions - Use cmdlets (command lets) - PowerShell scripts and functions - Standalone executables - Automate and integrate - System administration - Active Domain administration ###### Microsoft Visual Basic Scripting Edition - VBScript - .vbs file extension - General purpose scripting in Windows - Back-end web server scripting - Scripting on the Windows desktop - Scripting inside of Microsoft Office Applications ###### Shell script - Scripting the Unix/Linux shell - Automate and extend the command line - Starts with a shebang or hash-bang (#!) - Often has a .sh file extension ###### JavaScript - Scripting inside of your browser - .js file extension - Adds interactivity to HTML and CSS - Used on almost every web site - JavaScript is not Java - Different developers and origins - Very different use and implementation ###### Python - General purpose scripting language - .py file extension - Popular in many technologies - Broad appeal and support ## Scripting Use Cases (4.8) --- ###### Basic automation - Automate tasks - You don't have to be there - Solve problems in your sleep - Monitor and resolve problems before they happen - The need for speed - The script is as fast as the computer - No typing of delays - No human error - Automate mundane tasks ###### Restarting machines - Turning it off and back on again - An important task - Application updates - Some apps require a system restart - Security patches - Deploy overnight and reboot the system - Troubleshooting - The once a day restart - You may not have physical access ###### Remapping network drives - Shared network drives - The link between the user and their data - A common task during startup - Login scripts provide the connection - Automate software changes - Map a drive to the repository - Add or move user data - Automate the process ###### Application installations - Install applications automatically - Don't walk a flash drive to every computer - Many applications have an automated installation process - Scripting can turn this into a hands off process - on demand or automatic installation scripts ###### Automated backups - Usually performed at night or during off hours - Get a copy of all important data - Time consuming - Script an automated backup process ###### Information gathering - Get specific information from a remote device - Performance monitoring - Inventory management - Security and vulnerability checks ###### Initiating updates - Nothing ever stays the same - Constant changes and updates - Operating systems - New features - Security patches - Device drivers - Bug fixes - New hardware or OS support - Applications - New version rollouts ###### Other scripting considerations - Unintentionally introducing malware - Make sure you know what you're installing - Inadvertently changing system settings - Browser or system crashes ## Remote Access (4.9) --- ###### Remote desktop connections - Share a desktop from a remote location - RDP (Microsoft Remote Desktop Protocol) - Clients for Mac and Linux - VNC (Virtual Network Comuputing) - Remote Frame Buffer (RFB) protocol - Clients for many operating systems - Many are open source - Commonly used for technical support ###### Remote Desktop security - Microsoft Remote Desktop - An open port of tcp/3389 is a big tell - Brute force attack is common - Third party remote desktops - Often secured with just a username and password - There's lots of username/password re-use ###### VPNs - Virtual private networks - Encrypted (private) data traversing a public network - Concentrator - Encryption/decryption access device - Often integrated into a firewall - Many deployment options - Specialized cryptographic hardware - Software-based options available - Used with client software - Sometimes built into the OS ###### Client to site VPN - On demand access from a remote device - Software connects to a VPN concentrator - Some software can be configured as always on ###### VPN security - VPN data on the network is very secure - The best encryption technologies - Authentication is critical - An attacker with the right credentials can gain access - Almost always includes multi-factor authentication (MFA) - Require more than just a username and password ###### SSH (Secure Shell) - Encrypted console communication - tcp/22 - Looks and acts the same as telnet - tcp/23 ###### SSH Security - The network traffic is encrypted - Nothing to see in the packets - Authentication is a concern - SSH supports public/private key pair authentication - Certain accounts should be disabled in SSH - For example, root - Consider removing all password-based authentication - Limit access to SSH by IP address - Configure a local firewall or network filter ###### RMM - Managed Service Providers (MSP) - Many customers and systems to monitor - Many different service levels - Remote Monitoring and Management (RMM) - Manage a system from a remote location - Many features - Patch operating systems - Remote login - Anomaly monitoring - Hardware/software inventory ###### RMM security - A popular attack point - The RM has a great deal of information and control - Access should be limited - Don't allow everyone to connect to the RMM service - Auditing is important - Know who's connecting to which devices and what they're doing ###### Microsoft Remote Assistance (MSRA) - Get access to a remote user's desktop - No firewall configuration or port forwarding required - User makes a request - Sends an invitation with the details - Technician connects - Uses the password in the request - Replaced by Quick Assist in Windows 10 and 11 - The latest version of MSRA ###### MSRA/Quick Assist Security - No ongoing Remote Desktop service required - Avoids unintended access - No port forwarding - Email with invitation details is always a concert - Consider using voice communication - Perhaps a bit too easy to use - Social engineering can be an issue ###### Third-party tools - Screen sharing - See and control a remote device - GoToMyPC, TeamViewer - Video conferencing - Multi-user meetings with video and audio - Zoom, WebEx - File transfer - Store and share documents in the cloud - Desktop managament - Manage end user devices and operating systems # Official Cert Guide: ## Lesson 1: Configuring Windows --- ### Topic 1A: Configure Windows User Settings: - A computer requires an [[Operating System (OS)]] to function. OS handles many of the basic system functions, such as interaction with the system hardware and input/output - Operating System is made up of [[Kernel]] file and device drivers to interface with the hardware plus programs to provide a user interface and configuration tools - Earliest Operating System for [[Personal Computer (PC)]] was [[Microsoft|Microsoft's]] [[Disk Operating System (DOS)]] - Use of the [[Graphical User Interface (GUI)]] made computers easier to use by non-technical staff and home users ###### Windows 10 Desktop - [[Windows]] has several interface components designed for both general use and for more technical configuration and troubleshooting - Top level of the user interface is the [[Desktop]]. Contains the Start menu, taskbar, and shortcut icons - Start menu is activated by selecting the **Start** button or by pressing **Start** or Windows logo key on the keyboard - Taskbar also contains the [[Instant Search]] box, Task View button, and notification area - Notification area contains icons for background processes - Middle part of the taskbar contains icon for apps that have an open window, and some app icons can also be pinned to the taskbar ###### Windows 11 Desktop - Refreshes the desktop style by introducing a center-aligned taskbar, better spacing for touch control, and rounded corners. - Makes the multiple desktop feature more accessible - Allows the user to set up different workspaces #### Windows Settings and Control Panel - [[Windows Settings]] app and [[Windows Control Panel]] are the two main interfaces for administering [[Windows]] - Configuring options, setting up user accounts, and adding and removing devices and software - All Windows configuration data is ultimately held in a database called the [[Registry]] ###### Windows Settings - [[Windows Settings]] is a touch enable interface for managing Windows - Settings app is the preferred administrative interface - In Windows 11, the Settings app has no "home" page ###### Control Panel - [[Windows Control Panel]] has some options for configurations settings not found in Windows Settings - Each icon in the Control Panel represents an applet used for some configuration tasks - Some software applications can add their own applets #### Account Settings - [[User Account]] controls access to the computer. - Each account can be assigned rights or privileges to make [[Operating System (OS)]] configuration changes - Accounts can also be assigned permissions on [[File|files]], folders and [[Printer|printers]] - Protected by [[Authentication|authenticating]] the account owner - Each user account is associated with a profile - Contains default folders for personal documents, pictures, videos, and music - Software applications might also write configuration information to the profile - First user of the computer is configured as the default [[Administrator]] account - Has privileges to change any aspect of the system configuration - Any additional accounts are usually configured as standard users - Have privileges on their profile only, rather than the whole computer - Windows account can either be configured as a [[Local-only Account]] or linked to a [[Microsoft Account]] - Microsoft account gives access to Microsoft's cloud services and allows sign-in and syncs desktops settings and user profile data across multiple devices - [[Account Settings]] app is used for the following configuration tasks: - Your Info - Email and Account - Configure Sign-in options - Access Work or school - Family and other users - Sync settings ###### User Accounts Control Panel Applet - [[User Accounts Applet]] in the [[Windows Control Panel]] is the legacy interface - Cannot be used to add new accounts - Provides options for adjusting the account name and changing the account privilege level between [[Administrator]] and standard user - Change the [[User Account Control (UAC)]] settings - By default, changing an administrative setting requires the user to confirm a prompt or input the credentials for an administrator account #### Privacy Settings - [[Privacy Settings]] govern what usage data [[Windows]] is permitted to collect and what device functions are enabled and for which apps - Multiple setting toggles to determine what data collection and app permissions are allowed: - [[Data Collection]] - [[App Permissions]] #### Desktop Settings - The desktop can be configured to use locale settings and personalized to adjust its appearance ###### Time and Language Settings - [[Time and Language Applet]] pages are used for two main purposes: - Set the correct date/time and time zone - Set region options for appropriate spelling and localization, keyboard input method, and speech recognition. - Multiple languages can be enabled - Active language is toggled using an icon in the notification area or (**START + SPACE**) ###### Personalization Settings - [[Personalization Applet]] allows you to select and customize themes, which set the appearance of the desktop environment - Desktop Wallpaper - Screen Saver - Color Scheme - Fonts - Properties for the **Start** menu and taskbar #### Ease of Access Settings - [[Ease of Access]] configure input and output options to best suit each other. Three main setting groups: - Vision configures options for cursor indicators, high contrast and color-filter modes, and the Magnifier zoom tool - Hearing configures options for volume, mono sound mixing, visual notifications, and closed-captioning - Interaction configures options for keyboard and mouse usability #### File Explorer - File management is a critical part of using a computer - In [[Windows]], file management is performed using the [[File Explorer]] app ###### System Objects - Access to data files is mediated by system objects. - Shown in the left-hand navigation panel in [[File Explorer]] - Some of the main ones are: - [[User Account]] - Contains personal data folders belonging to the signed in account profile - [[OneDrive]] - The file and folders saved to your cloud storage service on the Internet will show up here - [[This PC]] - Also contains personal folders from the profile but alto the fixed disks and removable storage drives attached to the PC - Network - Contains computers, shared folders, and shared [[Printer|printers]] available over the network - [[Recycle Bin]] - Provides an option for recovering files and folders that have been marked for deletion ###### Drives and Folders - Drives are referred to by letters and optional labels - A "drive" can be a single physical disk or a partition on a disk, a shared network folder mapped to a drive letter, or a removable disk - A: drive -> floppy disk - C: drive -> primary fixed disk holding the [[Windows]] installation - Each drive contains a directory called the [[Root Directory]] - Root directory of the C: drive is C:\ - Below the root is a hierarchy of subdirectories referred to in Windows as folders - Each directory can contain subfolders and files - ![[Pasted image 20241010140907.png]] ###### System Files - [[System Files]] - [[Root Directory]] of a typical [[Windows]] installation normally contains the following folders to separate system files from user data files - [[Windows]] - System root, containing drivers, logs, add-in applications, system and configuration files ([[System32]] subdirectory), fonts and so on. - Program Files/Program Files (x86) - Subdirectories for installed applications software - In 64-bit version of Windows, a Program Files (x86) folder is created to store [[32-bit]] applications - Users - Storage for users' profile settings and data. Each user has a folder named after their user account. Also contains NTUSER.DAT ([[Registry]] data) plus subfolders for personal data files. This profile folder also contains hidden subfolders used to store application settings and customizations, favorite links, shortcuts, and temporary files #### File Explorer Options and Indexing Options - File Explorer has configurable options for view settings and file search ###### File Explorer Options - [[File Explorer Options]] applet in [[Windows Control Panel]] governs how Explorer shows folders and files. - On the **General** tab, you can set options for the layout of Explorer windows and switch between the single click and double click styles of opening shortcuts - On the **View** tab, you can configure the following settings: - **Hide Extensions** for known file types - [[Windows]] [[File|Files]] are identified by a three or four character extension following the final period of the file name - File extension can be used to associate a file type with a software application - **Hidden Files and Folders** - A file or folder can be marked as "Hidden" through its file attributes. Files marked as hidden are not shown by default but can be revealed by setting the "Show hidden files, folders, and drives" option - **Hide Protected Operating System Files** - Configures files marked with the System attribute as hidden - File/Resource Protection prevents users (even [[Administrator]] users) from deleting these files anyway ###### Indexing Options - You can configure file search behavior on the **Search** tab of the [[File Explorer]] Options dialog - Search is also governed by settings configured in the [[Indexing Options]] applet - Allows you to define indexed locations and rebuild the index - Indexed locations can include both folders and email data stores - A corrupted index is a common cause of search problems ### Topic 1B: Configure Windows System Settings #### System Settings - [[Windows Settings]] presents options for configuring input and output devices, power, remote desktop, notifications, and clipboard (data) copying. - There is also an About page listing key hardware and OS version information - ![[Pasted image 20241015181206.png]] - Advanced Settings allow configuration of: - Performance options to configure desktop visual effects for best appearance or best performance, manually configure virtual memory (paging), and operation mode - The computer can be set to favor performance of either foreground or background processes. A PC should always be left optimized for foreground processes - Startup and recovery options, environmental variables, and user profiles - These options were able to be managed via the [[System Applet]] in the [[Windows Control Panel]] but that was removed #### Update and Security Settings - The [[Update and Security]] provides a single interface to manage a secure and reliable computing environment - Patch management is an important maintenance task to ensure that PCs operate reliably and securely - Security apps detect and block threats to the computer system and data, such as viruses and other malware in files and unauthorized network traffic ###### Window Update - Windows Update hosts critical updates and security patches plus option software and hardware device driver updates - ![[Pasted image 20241015181841.png]] ###### Windows Security - [[Windows Security]] page contains shortcuts to the management pages for the built-in Windows Defender/threat protection and firewall product ###### Activation - [[Microsoft]] Product Activation is an antipiracy technology that verifies that software products are legitimately purchased - Must activate [[Windows]] within a given number of days after installation #### Device Settings - Device drivers are supplied via Windows update - Most Windows-compatible hardware devices use Plug and Play - Windows automatically detects when a new device is connected, locates drivers for it, and installs and configures it with minimal user input - System Settings pages contain options for configuring Display and Sound Devices - [[Devices Applet]] page contains options for input devices (mice, keyboards, and touch), print/scan devices, and adding and managing other peripherals attached over [[Bluetooth]] and [[Universal Serial Bus (USB)]] - ![[Pasted image 20241015182551.png]] - [[Phone Settings]] allows a smartphone to be linked to the computer - [[Devices and Printers]] applet in [[Windows Control Panel]] provides an interface for adding devices manually and shortcuts to the configuration pages for connected devices - ![[Pasted image 20241015182725.png]] - [[Device Manager]] provides an advanced management console interface for managing both system and peripheral devices #### Display and Sound Settings - Principal Display configuration settings are: - Scale - Makes the system user proportionally larger fonts - Color - Display must be calibrated to ensure that colors match what the designer intends - Multiple Displays - Relative positions of the displays should be set correctly - Resolution and Refresh Rate - Use the [[Sound Applet]] #### Power Options - Power management allows Windows to selectively reduce or turn off the power supplied to hardware components - [[Advanced Configuration and Power Interface (ACPI)]] - Standby/Suspend To RAM - Cuts power to most devices but maintains power to memory. (referred to as ACPI modes S1-S3) - Hibernate/Suspend to Disk - Saves any open but unsaved file data in memory to disk (hiberfil.sys in the root of the boot volume) and then turns the computer off. (referred to as ACPI mode S4) - Both of these modes are implemented as sleep, hybrid sleep and modern standby modes - Can set sleep timers for an individual component, so that it enters a power saving state if it goes unused for a defined period - Power & Sleep settings provide an interface for configuring timers for turning off the screen and putting the computer to sleep when no user activity is detected - Control Panel [[Power Options]] exposes additional configuration options - Could use Power Options to enable or disable [[Fast Startup]] #### Apps, Programs, And Features - Windows features are components of the operating system that can be enabled or disabled - Store apps are installed via the [[Microsoft Store]] - Desktop apps are installed by running a setup program or MSI installer. Apps will require [[Administrator]] privileges to install - Windows Subsystem for Linux (WSL) allows the installation of a [[Linux]] distribution and the use of Linux applications #### Apps Settings - [[Apps Applet]] is used to view and remove installed apps and Windows Features - [[Programs and Features]] Control Panel applet is the legacy software management interface. Used to install and modify desktop applications and Windows Features - [[Mail Applet]] is added if the Microsoft Outlook client email application is installed to the computer - [[Gaming Applet]] page is used to toggle game mod on and off #### Network Settings - [[Network and Internet]] is the modern settings app used to view network status, change the IP address properties of each adapter, and access other tools - Network Connections (ncpa.cpl) is a Control Panel Applet for managing adapter devices, including IP address information - [[Network and Sharing Center]] is a Control Panel apple that shows status information - Advanced Sharing Settings is a Control Panel applet that configures network discovery (allows detection of other hosts on the network) and enables or disables file and printer sharing ## Lesson 2: Managing Windows --- ## Lesson 3: Identifying OS Types and Features --- ## Lesson 4: Supporting Windows --- ## Lesson 5: Managing Windows Networking --- ## Lesson 6: Managing Linux and macOS --- ## Lesson 7: Configuring SOHO Network Security --- ## Lesson 8: Managing Security Settings --- ## Lesson 9: Supporting Mobile Software --- ## Lesson 10: Using Support and Scripting Tools --- ## Lesson 11: Implementing Operational Procedures --- # Andrew Ramdayal ## Section 2: 1.0 Operating Systems --- ##### 8. 1.1 Operating Systems Basics - [[Operating System (OS)]] - There are many types of OSes, each with their own features and functions, but they all provide these basic: - Interface to interact with the system - Drivers to communicate to the hardware - Driver tells the operating system how to use that hardware - Applications to provide additional functionality - File Management features to copy, move, and delete files - Network connectivity to connect to local resources and the Internet - System Security to prevent access from unauthorized users - Operating System Types - Closed source operating systems are only available from a single organization - Open-source operating systems can be distributed by many different organizations and the code can be freely modified - ![[Pasted image 20241106190030.png]] - User Interfaces - Command Line Interface (CLI): This kind of OS is controlled by typing commands into a prompt. The most commonly known Command Line OS is DOS and Cisco's IOS - Graphical User Interface (GUI): This OS uses graphics. Provides the icons we click on and the mouse pointer that lets us click on them. Every version of Windows has a GUI that we use to interact with it ##### 9. 1.1 Windows Upgrades - Upgrade Installation - In Place Upgrade - Replace Windows but keep all your data and compatible applications in place - Requirements - A previous bootable version of Windows already installed - Installation media on removable media or stored locally - In place Upgrade to Windows 10 - Windows 7 - Windows 8.1 (upgrade 8.0 to 8.1) - In place upgrade to Windows 11 - Windows 10 - Upgrade Considerations - Backup files and user preferences - Application and driver support/backward compatibility - Hardware compatibility - Downgrade from a Pro 7 to a home 10 will result in losing certain setting ##### 10. 1.1 Different Versions of Windows 10 - Windows 10 - Released in 2015 and will supported till 2035 - Hardware requirements - ![[Pasted image 20241106191052.png]] - Windows 10 Editions - it is essential to pick an edition of Windows that is appropriate for the user not just one with the most features - This minimizes the waste or system resources and money - Home - ![[Pasted image 20241106191313.png]] - Does not support [[Domain]] - Pro - ![[Pasted image 20241106191606.png]] - Pro For workstations/Enteprise - ![[Pasted image 20241106191701.png]] ##### 11. 1.2 Administrative Controls - Administration Commands - sfc is the system file checker and is used to repair system files - sfc /scannow -> Scans the integrity of all protected system files and repairs files - sfc /verifyonly -> Scans system files but does not repair them - shutdown will send a signal to turn off the system - shutdown /p -> Turn off the local computer with no time-out or warning - shutdown /r -> Full shutdown and restart the computer - gpupdate -> Updates the latest group policy setting - gpresult -> shows what group policy is applied to the computer ##### 12. 1.2 Copy Commands - copy: used to copy files from one folder to another - xcopy: it can copy folders, subfolders, and all the files with them - robocopy: more advanced copy task than xcopy ##### 13. 1.2 Disk Management commands - chkdsk: scans a disk in hopes of recovering corrupted files - chkdsk /f: Fixes errors on the disk - chkdsk /r: Fixers errors and locates bad sectors - Format: erase a disk file applying a file syttem - format /fs: Specifies the type of file system (FAT, FAT32, exFAT, NTFS) - format d: /fs:ntfs: will format the D drive as ntfs - format /q: Performs a quick format - format d: /fs:fat32 /q: will quick format the D drive as fat32 - Convert: change FAT/FAT32 filesystem to NTFS without erasing files - convert /fs: specifies that the volume will be converted to NTFS - Cannot convert NFTS to any other file system - Diskpart: is a command line partition management tool ##### 14. 1.2 Navigating Commands - help: used to list commands - dir: list files and folders - /?: give help on the command - cd (chdir): used to move from one folder to another - md (mkdir): used to make new folders - rd (rmdir): is used to delete empty folders - del: used to delete files - tree: list files and folders within the current folder and all sub folders - Drive navigation inputs: C: or D: - winver: shows what version of windows you are on - cls: clear screen ##### 15. 1.2 Other Network Commands - net use: Used to connect to a network share - net use x: \\\\servername\sharename - netstat: Displays active network connections - netstat -a: displays all connections, including listening ports - tracert: Uses ICMP to return to a hop count - net user: used to manage user accounts - pathping: Performs a ping and a traceroute at the same time - nslookup: identifies the current DNS server and displays IP addresses for a provided name - hostname: displays a computer's hostname ##### 16. 1.2 Ping and Ipconfig - ping: Uses ICMP to return the status of a unicast - ping -n: change the number of pings sent - ping -l: change the size of the ping packets - ping -t: pings continuously - ping -4: force an IPv4 ping - ping -6: force an IPv6 ping - ipconfig: Displays interface configurations - ipconfig /all: displays more detailed information - ipconfig /renew: request configurations from a DHCP server - ipconfig /release: removes configurations obtained through DHCP - ipconfig /displaydns: displays the local DNS cache - ipconfig /flushdns: clears the local DNS cache ##### 17. 1.3 Disk tools and the registry - Disk Cleanup (cleanmgr.exe) - Files in the recycle bin - temporary internet files - download program files - temporary files - Disk Defragment (dfrgui.exe) - Optimize and Defragment Drives (Windows 10) - Defragmenting (HDD) - Bits on a hard disk drive are rearranged so files can be loaded faster - Defragging a drive too frequently can decrease its lifespan - Trimming (SSD) - Makes sure that the NAND memory chips on an SSD are worn evenly to maximize the lifespan of the drive - Registry Editor (regedit.exe) - a database that stores all the settings and configurations for Windows and its applications - the regedit command can be used to launch the registry editor - Registry Keys - ![[Pasted image 20241106201826.png]] ##### 18. 1.3 Event Viewer - Event View (eventvwr.msc) - displays logs of timestapmed events which can be used to assist with troubleshooting - Windows logs - System: list operating system events - Security: list security events - Application: list application events - Icons - Red = error - Yellow = warning - White = informational ##### 19. 1.3 Microsoft Management Console - Create a custom toolbox of useful utilities referred to as "Snap ins" - Snap ins are other consoles that are available elsewhere like the Device Manager or Disk Management - mmc command can be used to launch the Microsoft Management console ##### 20. 1.3 System Info and configuration - System Information - View detailed information on system hardware and software - msinfo32 command can be used to launch the System Information utility - Sections: - Hardware Resources: identify hardware conflicts and addresses - Components: Identify driver details and hardware capabilities - Software environment: identify software details - System Configuration (msconfig.exe) - General: change startup type between normal, selective, or diagnostic types - Boot: change multiboot boot order - Services: Enable or disable services - Startup: links to the startup tab in the task manager - Tools: collection of useful tools ##### 21. 1.3 Task Manager - Processes - Displays all running processes including background processes - Non-responsive processes can be closed here - Performance - Displays performance graphs - Users - Displays currently logged in users - It is possible to log out users in this tab - Startup - Disable or enable auto starting applications - taskmgr can be used to launch the task manager via a run box ##### 22. 1.3 Useful Snap-ins - Disk management (diskmgmt.msc) - Manage disk partitions - Task Schedule (taskschd.msc) - Create and schedule tasks to run - Device manager (devmgmt.msc) - Check, update and install device drivers - Certificate Manager (certmgr.msc) - Check and manage certificates installed on a computer - Local Users and Groups (lusrmgr.msc) - Create, change and delete users on local computer - Performance Monitor (perfmon.msc) - Monitor computer performance - Group Policy Editor (gpedit.msc) - Edit local group policy ##### 23. 1.4 Opening Control Panel - JUST AN OVERVIEW OF OPENING THE CONTROL PANEL ##### 24. 1.4 Control Panel Options - Internet Options - Configure default internet browsing options (only internet explorer) - Devices and printers - Add, remove and administer printers, scanners, cameras, and other devices - Programs and features - Reinstall, uninstall programs and windows features - Network and sharing center - Check and administer network interface cards (NIC) - System - Check computer specification, rename computer, join domain or workgroup - Windows Defender Firewall - Check and change firewall setting. Can open ports - Mail - Add, remove, or repair mailboxes. Mostly used by Microsoft Outlook - Sound - Use to setup speaker or mic's on a computer - User Accounts - Use to change, add, or remove local user accounts - Device Manager - Check if devices are functioning correctly. Update or rollback drivers - Indexing Options - Check what is being index on a system - Administrative tools - Set of commonly used utilities to manage the system - Ease of Access - Make the system easier to use for persons with disabilities - File Explorer Options - Show hidden files - Hide extensions - General options - View options - Power options - Hibernate - Copies everything in the computer's RAM and stores it in the hard drive - Power plans - Sleep/suspend - Keeps the RAM/machine running on a very low power saving mode. Machine will start back very quickly - Standby - Choose what closing the lid does - Turn on fast startup - Universal Serial Bus (USB) selective suspend ##### 25. 1.5 Settings App - Time and Language - Configure time and date, and language used on the computer - Update and Security - Set when updates will be applied to the computer - Personalization - Personalization of the system for to the user likening such as background - Apps - Uninstall applications, change windows defaults, and enable or disable windows features - Privacy - Set what can be tracked on the system - System - Allows you to change display information, sound, and notification settings - Devices - Manages Bluetooth, printers, and a mouse - Network and Internet - Manage and connect new network interface cards - Gaming - Connect Xbox gaming accounts - Accounts - Create and link new accounts to the system ##### 26 1.6 Configure Firewall Rule - Firewalls - Block all incoming traffic - Allows all outgoing traffic - Configure and manage with rules - Will need to make an exception to allow certain traffic such as ftp through the firewall ##### 27. 1.6 Network Connections - Internet Protocol (IP) addressing scheme - Assign by the network administrator - 192.168.10.10 - Domain Name System (DNS) settings - Assign by the network administrator - E.g. 1.1.1.1 (cloudflare DNS server) - Subnet mask - Assign by the network administrator - E.g. 255.255.255.0 - Gateway - Assign by the network administrator - E.g. 192.168.10.1 - Static vs dynamic - Assign by the network administrator - Static is manually typed in by a technician vs Dynamic is assigned by the DHCCP server - If no DHCP is available when selecting dynamic, the computer will assign APIPA address of 169.254.x.x - Virtual Private Network (VPN) - Allows you to access a remote network over the Internet - Wireless - Connects to a local network using a wireless connection - Wired - Connects to a local network using an ethernet cable - Wireless Wide Area Network (WWAN) - Internet access using a wireless connection. Done by using an adapter from a mobile cellular network using technologies such as 4G or 5G - Proxy settings - A server used to control and monitor internet access - Configuration is given by the administrator - Public vs private network - When connecting to a network, you will select either setting - Public will offer more protection, while private will allow shares and discovery of the computer - Metered connections and limitations - Limits the amount of data that can be sent and received on an interface ##### 28. 1.6 Shared Resources - Shared Resources - Folders or devices shared on a network - Printers - Printers shared on a network - File Servers - Shares a folder for other computer to access - Mapped drives - Allows a shared folder on another computer to act as a drive on a system ##### 29. 1.6 Workgroup vs domains - Workgroup - Decentralized setup used in SOHO - Uses local user accounts - No central server for computer or user management - Similar to setup with no additional server software needed - Domain - Centralized setup used in small-large businesses - User accounts are managed on a central server called domain controllers - Computer configuration and security setting are set on a central server - Need to setup a server (Windows Server), more expensive ##### 30. 1.7 Installing Applications - 32-bit vs 64-bit requirements - 32 bit processors can handle large amounts of RAM vs 32-bit - 32-bit can use only about 4 GB of RAM - 64-bit can use 16 exabytes of RAM - 64-bit will require a 64-bit processor and operating system - Check Windows to check if you are running a 64-bit OS - 64 bit operating system can run 32-bit application - 32-bit operating systems cannot run a 64-bit application - Requirements when installing Applications - Dedicated graphics card vs intergrated - Some applications will require more higher end graphics to run such as games - Video random access memory (VRAM) requirements - Memory build into the graphics cards - Requirements when installing Applications - RAM requirements - Check the RAM requirements before purchasing the application - Central Processing (CPU) requirements - Check the CPU requirements before purchasing the application - External hardware tokens - USB stick used to access the application - Distribution methods - physical media vs downloadable - Physical media uses DVD or USB's - Downloadable are EXE files downloaded from a site - ISO mountable - An image of a disk - Single file that stores all the necessary files for the application - Considerations for applications - Impact to device, network, operation and business ##### 31. 1.8 Different Operating Systems - Windows 10 - World's most used desktop operating system - Used in both business and homes - Linux - Used by many power users and servers - Open source, mostly can be downloaded for free - macOS - Mostly used by home or small business users - Chrome OS - A Linux based operating system that uses Chrome as its main interface - iPadOS - Used on Apple's IPad devices - iOS - Used on Apple's Iphone's - Android - Used on other manufacturer mobile devices such as Samsung, Sony, or Google ##### 32. 1.8 EOL and concerns - Vendor life cycle limitations - All operating systems have an End of Life (EOL) - When the manufacture stop supporting the operating system - Windows 7 EOL was 1/14/202 - Windows 10 EOL will be 10/14/2025 - Once it reaches it's EOL, their will be no updates to the OS - Compatibility concerns between OS's - Applications are developed to run on a specific OS - Some applications have different versions for Windows or Mac, and some don't ##### 33. 1.8 File System Types - Table that is on the storage media that tells the device how to manage storage | File System | Advantages | Disadvantages | | --------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------ | | FAT 32 (File Allocation Table 32) | Most Compatible File system | Partitions are limited to 32 GB Files are limited to 4 GB No security features | | NTFS (New Technology File System) | Supports partitions bigger than 32 GB Supports files bigger than 4 GB Disk Quotas File and folder compression File system security File and folder permission EFS (Encrypting File System) | Only officially compatible with Windows | | exFAT (Extensible File AllocationTable) | More compatible than NTFS Supports Partitions bigger than 32 GB Supports files bigger than 4GB | No security features | - macOS File systems - HFS+ (Hierarchical File System Plus) - APFS (Apple File System) - macOS does support read and write access to FAT32 and exFAT partitions, but only support read-only access to NTFS partitions - Linux File Systems - ext3 (Third Extended File System) - ext4 (Fourth Extended File System) - Linux can read and write to NTFS, FAT32, exFAT, and HFS+ - Optical Disc File Systems - CDFS (Compact Disc File System) - UDF (Universal Disc Format) - ![[Pasted image 20241107002116.png]] ##### 34. 1.9 Making a bootable USB Stick - JUST AN OVERVIEW OF HOW TO MAKE A BOOTABLE USB STICK ##### 35. 1.9 Installing Windows on a Physical computer - JUST AN OVERVIEW ON HOW TO INSTALL WINDOWS ON A PHYSICAL COMPUTER ##### 36. 1.9 Installing Windows on Virtual box - JUST AN OVERVIEW ON HOW TO INSTALL WINDOWS INSIDE OF VIRTUAL BOX ##### 37. 1.9 Installation Types - Installing on OS - Check the following before attempting to install Windows - CPU - RAM - Storage Requirement - Boot methods - USB - OS files stored on a USB stick - Optical media - OS files store on a DVD or Blue ray - Network - Files are stored on a network server and download to the computer when installing. Used on large deployments - WDS (Windows Deployment Services) running on a Windows server - The target computer must support network booting often noted as PXE (Preboot Execution Environment) - Solid state / flash drives - OS files stored on a USB stick - Internet based - Files are downloaded from the internet when installing - mostly used on linux - External/hot-swappable drive - OS files stored on an external hard drive - Internal hard drive (partition) - OS files are stored on an internal drive - Types of installations - Clean Installation - This is the most common way to install Windows onto a single PC - Requires an empty hard drive and bootable installation media - Upgrade Installation (In Place Upgrade) - This is the easiest option if you just want to replace Windows but keep all your data and compatible applications in place - Requires a previous bootable version of Windows already installed - Installation media on removable media or stored locally - Upgrade Considerations - Backup files and user preferences - Application and driver support / backward compatibility - Hardware compatibility - Network install / Deployment (OS Deployment) - This is the fastest way to install Windows on many computers since you're doing over the the network - requires WDS (Windows Deployment Service) running on a Windows server - The target computer must support network booting often noted as PXE - cloning / imaging (Ghosting) - Duplicates the entire software installation system. This includes the operatig system, drivers, applications, and configurations - This can be done by directly connecting a hard drive or over the network - Before you clone the drive, you must run "SysPrep" to remove security IDs that are generated for activation purposes - Recovery Partition Installation - pre-built systems sold with an operating system installed will either include a recovery partition with the operating system, drivers, and other bundled software - Repair installation - Use to reinstall Windows files if the OS is giving issues - third party drivers - Installs third party drivers ##### 38. 1.9 Creating and managing partitions - Partition Table Formats - Logical segments of a physical hard drive - Created for data separation - MBR (Master Boot Record) - This is the first section of a MBR partitioned drive and contains code that informs the system about installed OS - Allows for 4 primary partitions - Limited to 2.2 TB partitions - GPT (GUID Partition Table) - Theoretically allows for unlimited primary partitions - Windows is limited to 128 primary partitions by design - Not limited to 2.2 TB partitions - Partition - Primary partitions - These partitions are used to boot an operating system. If you have multiple operating systems on one disk they each will require their own primary partition - Extended Partitions - These partitions are used to overcome the four primary partition limit - A single extended partition can contain many logical drive, each logical drive appears as a partition but can not be used to store the OS - Hidden partition - often used by OEMs to store system recovery data (recovery partitions) - Swap partition - Used as virtual memory by some operating systems - Drive format - Full format - Runs an additional step that checks the hard drive for any bad sectors - Quick format - Drive is not checked for bad sectors ##### 39. 1.10 Unboxing a Mac - JUST AN OVERVIEW OF UNBOXING A MAC ##### 40. 1.10 MacOS Features - macOS includes an App store, which includes free and paid applications - Applications can be downloaded and installed from the vendor's website, but it is NOT enabled by default. Must be enabled in system preferences - .pkg files are compressed files used to install a macOS application - .dmg files are Apple Disk Image files often used to store compressed software installers - .app files are installed applications - Must have an apple ID to setup and download apps - Backups - As often as data is changing or as you must as you are willing to lose - Antivirus - Should have 3rd party antivirus installed - Updates/patches - Install updates as apple releases them - Displays - Configure display settings such as resolution or multiple monitors - Networks - Set network configuration - Printers - Add, manager, or remove printers - Scanners - Add, manager or remove Scanners - Privacy - Manage privacy settings - Accessibility - Configure the system for people with disabilities - Time Machine - Backup mechanism for macOS - Multiple Desktops - Use Mission Control to create additional desktops, called spaces, to organize the windows - Mission Control - View and manage all open application windows - Keychain - Stores your passwords and account information, and reduces the number of passwords you have to remember and manage - Spotlight - Finds items on your Mac, like apps, files, and emails - iCloud - Backup and synchronize your photos, files, backups, and more across all your devices - Gestures - Apple trackpad or a Magic mouse with your Mac, you can use gestures - Click, tap, pinch, and swipe - Finder - Default file manager and graphical user interface shell used on all - Remote disc - Allows the Mac user access to a CD or DVD disc loaded into a separate computer - Dock - Convent place to access apps and features that you're likely to use everyday - Disk Utility - can be used to partition and initialize storage devices - It also is used to access First Aid which can repair permissions and recover corrupted files - FileVault - disk encryption program - Terminal - Unix command line for MacOS - ForceQuit - Press these three keys together: option, command, and esc or choose force quit from the apple menu in the corner of your screen ##### 41. 1.10 MacOS review - JUST AN OVERVIEW OF MacOS ##### 42. 1.11 Installing Linux - JUST AN OVERVIEW OF INSTALLING LINUX ##### 43. 1.11 Linux Interface - JUST AN OVERVIEW OF THE LINUX INTERFACE ##### 44. 1.11 Linux Setups - Tools - Shell/terminal - Configure the OS from a command line - Samba - free software implementation of the CIFS/SMB networking protocols that supports Microsoft Windows Server Domain, Active Directory and Microsoft Windows NT domains - With Samba, Unix-like OS's can interoperate with Windows and provide file and print services to Windows clients - Linux commands - man: display help for commands - ls: list files in a directory - mv: move or rename a file - cp: copy a file - rm: remove a file - mkdir: create a new folder - df: display free storage space - ps: display a list of running processes - top: displays running processes and resource usage - find: search for text in files in a directory - grep: search with regular expression - dig: troubleshoot DNS - cat: displays the contents of a file - nano: text editor - pwd: set or change a password - ip: displays and configure a NIC - Ownership in Linux and macOS - Linux and macOS both share origins with another OS known as Unix, because of this they have many similarities when it comes to controlling file access - chown: used to change the owner and group of a file - syntax: chown user:group file - chown juan:instructors class_presentation - This command changes the owner to Juan and the group to instructors - chown andrew class_presentation - This command just changes the owner to Andrew - chmod is used to change the permissions of a file or folder - Owner/Group/Everyone - Owner permissions apply to the original file creator - Group permissions apply to the group of accounts that have been given access - Everyone permissions apply to all accounts - Read/Write/Execute are the different permissions that can be granted to a user or a group of users - Read (r) +4 - permission allows someone to view the contents of a file - write (w) +2 - permission allows someone to save change to a file - execute (x) + 1 - permission allows someone to executer programs or scripts - to assign full permissions, you assign : read + write + executed + 4 + 2 + 1 = 7 - to assign just read and write, you use 4 + 2 = 6 - chmod 764 class_presentation - Sets owner to have full permission, the group to have read and write, and everyone to have just read ##### 45. 1.11 Basic Linux Commands - JUST AN OVERVIEW OF BASIC LINUX COMMANDS ##### 46. 1.11 More Linux Commands - JUST AN OVERVIEW OF SOME MORE LINUX COMMANDS ##### 47. 1.11 Managing Linux Permissions - JUST AN OVERVIEW OF MANAGING LINUX PERMISSIONS ##### 48. 1.11 Other Linux Commands - dd: command used to copy and convert files - syntax: dd if=hello.txt of=world.txt - if (input file) of (output file) ##### 49. 1.11 Update Linux Commands - Installing Software in Linux via Command Line - Advanced Packing Tool (APT) is a command line utility used to install, uninstall, and upgrade applications in Debian-based distributions like Ubuntu - apt-get update: used to update the version list of installed applications - apt-get upgrade: used to install the latest version of installed applications - apt-get install used to install a new application - apt-get remove: used to uninstall an application - The Yellowdog Updater, modified (YUM) is a free and open source command line package management utility for computers running Red-hat based distributions like Cent OS ## Section 3: 2.0 Security --- ##### 50. 2.1 Physical Security Controls - Administrator Controls (Operational Controls) - User training, policies, procedures, guidelines - Logical Control (Technical Control) - Firewalls, intrusion detection systems, intrusion prevention systems, antivirus, encryption, access control lists - Physical Controls - Things that prevent intrusions onto your network - Physical security - Access control vestibule - Controls access so only one person can enter at a time - Prevents tailgating and piggybacking - Badge Reader - Used to read the data from authentication cards - RFID cards are commonly used - Video surveillance - IP cameras have replaced the older analog video surveillance systems - NVR (Network Video Recorder) is used to aggregate all the IP camera feeds into a single interface - CCTVs are older analog video surveillance systems - Alarm systems - Uses sensors to check if door or windows are open - Checks for motion - Motion sensors - Detects physical movements - types of motion sensors that are used frequently - Passive Infrared (PIR) - Microwave - Dual tech/hybrid - Door locks - Used to lock doors - Equipment locks - Construction equipment, trailer, and cargo theft prevention - Guards - Human security guards - Bollards - A bollard is a sturdy, short, vertical post - Prevent automotive vehicles from colliding or crashing into pedestrians and structures - Fences - A barrier, railing, or other upright structure made of any material enclosing an area of ground to control or prevent unauthorized access to the front of the qualified residence - Key fobs - Used to enter doors - Smart cards - Use cards to enter spaces - Keys - Biometrics - Retina scanner - Fingerprint Scanner - Palmprint Scanner - Lighting - Must have adequate lighting to ensure people are visible to cameras and guards - Magnetometers - Metal detector is the most used form of airport security ##### 51. 2.1 Logical Access Controls - Logical Security - Principle of least privilege - Users should only be given access to the level required for their work - Access Control Lists (ACLs) - List of rules on a device that defines who can access that device - Multifactor Authentication (MFA/2FA) requires users to provide 2 or more types of authentication factors to gain access - ![[Pasted image 20241107113539.png]] - Hard token - Hardware device used to generate a number used to login - Soft token - Same as a physical token, but just an app on a mobile phone - Email - Short Message Service - Voice call - Authenticator Application ##### 52. 2.1 Mobile Device Management - ![[Pasted image 20241107114319.png]] - Mobile Device Management - Application management features are important to allow enterprise control of applications - Content management (sometimes called MCM) or mobile content management ensures secure access and control of organizational files including documents and media on mobile devices - Remote wipe capabilities are used when a device is lost, stolen, or when the owner is no longer employed by the organization ##### 53. 2.1 Active Directory - Active Directory is the domain that is used by organizations to manage their computers, users, applications. Allows them to have full control over their machines - Domain refers to the entire network under the control of the domain controller - The network is identified by its domain name - Login scripts are used to automate actions when users login in - Group policies can be applied to all users and devices from the server - Organizational units are used to group users and devices to simplify management - Users are grouped by role - Home folders are private folders users can use to store personal files - Roaming profiles are downloaded to any system the users logins to and then any changes are uploaded back to the server when a user logs out - Folder redirection allows a user's profile data to be accessible when they login to a system without the need to download files. This can speed up the process of logging in and out for large profiles ##### 54. 2.2 Wireless networks - Authentication - Centralized authentication protocols used in businesses to authenticate users to WIFI, VPN and other network resources - Remote Authentication Dial-Is User Service (RADIUS) - Terminal Access Controller Access Control System (TACACS+) (Cisco) - Kerberos - Used on Windows to authenticate users in Active Directory - Multifactor - Combine multiple methods to increase security of login ##### 55. 2.2Wireless Encryption Protocols - WPA (Wi-Fi Protected Access) is more secure than WEP but still vulnerable - Users authenticate using a alphanumeric passphrase (PSK) via TKIP (Temporal Key Integrity Protocol) - Encrypts with RC4 (Rivest Cipher 4) - takes about 15 minutes to crack WPA - WPA2 (Wi-Fi Protected Access 2) is more secure than WEP and WPA - Users authenticate using an alphanumeric passphrase (PSK) via CCMP (Counter mode Cypher Block chaining Message authentication code protocol) - Encrypts with AES (Advanced Encryption Standard) - WPA3 (Wi-Fi protected access 3) is the most secure - Users authenticate using Simultaneous Authentication of Equals which combines PSK with a client's MAC address - Encrypts with AES ##### 56. 2.3 Types of Malware - Viruses - Malware that can self-copy and self-replicate but requires human interaction to spread - Types: - memory resident viruses remain in the memory while running - Boot sector viruses, reside in the first sector of storage media ,which stores boot data - Macro Viruses take advantage of automation features in productivity software and spread through files associated with them - Email viruses spread either as attachments or scripts that are part of the email - Worms - Malware that can spread without human interaction - Can spread from one device in a network to another - Ransomware - A kind of malware that encrypts a victim's data and holds the decryption key for ransom - An effective backup system that stores data offline - Air gapped data is data that is not connected (offline) - Cryptominers - Uses a victim's system to mine for cryptocurrency without their permissions - Doesn't get aggressive to avoid detection - Trojans - A type of malware that is typically disguised as legitimate software. Software should only be installed from trusted sources - Rootkits - Allows an attacker to execute commands at an elevate privilege - the best ways to prevent rootkits are normal security practices, including patching, using secure configurations, and ensure that privilege management is used - Tools like secure boot and techniques that can validate the integrity of live systems and files can help prevent rootkits from being successfully installed or remaining resident - Spyware - Obtains information about an individual, organization, or system and then sends it to a malicious actor - Spyware is most frequently combated using anti-malware tools - User awareness training can help prevent the installation of spyware that is included in trojans - Keyloggers - Programs that capture keystrokes usually to steal personal data like passwords and financial information - Antimalware tools should be able to detect known keylogger malware ##### 57. 2.3 Preventing Malware - Recovery Mode - Microsoft Windows Recovery Environment is a simplified scaled back version of the Windows Operating system - Use software to detect, clean and prevent malware - Anti-virus - Anti-malware - Must be kept updated with new signature - Software firewalls - Windows defender firewalls can prevent worms or virus from entering open ports on a computer - Use training - Anti-phishing training - User education regarding common threats - Can be done to large groups or one-on-one - Can use video or live training - OS reinstallation - Reinstalls the OS completely - This will remove all malware but you will lose all files and settings ##### 58. 2.4 Social Engineering - uses social tactics to trick users into giving up information or performing actions they wouldn't usually take - Social engineering attacks can occur in person, over the phone, while browsing the net, or via email - Social engineers take advantage of normal social behaviors and trust - Phishing is the practice of sending emails to users with the purpose of tricking them into revealing personal information or performing a comprising action - Does not target a specific group or user which can make it easier to detect - Spear Phishing targets specific groups of users - More dangerous than standard phishing as the attack can be highly customized - Whaling targets high level executives - The individuals being targeted generally have access to very sensitive data - Vishing is a form of phishing that uses voice - Always verify the identity and contact information of any caller - Caller-ID is NOT reliable as it can be spoofed - Smishing uses SMS (text) messages - Includes instant messaging and social messages - In Person Techniques - Dumpster Diving is when a threat actor searches through trash looking for information. Shredding or burning documents mitigates this threat - Shoulder surfing is looking over someone's shoulder either in person or with a camera in hopes of viewing sensitive information - Tailgating is the practice of one person following closely behind another to enter a secure area without showing credentials - Impersonation - Pretends to be someone else - Usually they impersonate tech support personal or company executives - Evil Twin - Fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications ##### 59. 2.4 Threats - DoS (Denial of Service) is an attack that sends a large number of packets in hopes of overwhelming a system so it can no longer provide its service. A DoS is one to one attack - Ping of Death when large fragmented ICMP is used to overwhelm a host - DDoS (Distributed Denial of Service) is just like a DoS except there are many attackers and one victim. A traffic spike is usually the sign that a network is undergoing a DDoS attack - Botnet: network of victim computers under the control of the attacker - This network is usually made of malware victims (Trojans) that are unaware that their systems are part of an attack - Coordinated attack: a command and control server is used to command a botnet to coordinate the ddos attack - Friendly/unintentional DoS: sometimes users may bring down services just by sharing ga link on social media. If the link goes viral and the serve can't handle the load, it will come down - Zero-day attack - A zero-day is a vulnerability being exploited out in the wild but there is no known fix for - Spoofing - technique an attacker uses to hide their identity - ARP Spoofing - Attacker spoofs the IP to MAC mapping usually to perform a man-in-the-middle attack - IP spoofing - Attackers impersonate a device by IP address - Email spoofing - Attackers send email messages using email address that a target might trust - On path attack (man in the middle attack) - Network traffic is intercepted - DNS poisoning - False DNS information - ARP Spoofing - Attacker spoofs the IP to MAC mapping usually to perform a man-in-the-middle attack - Brute force attacks attempt to defeat a password using automated random guessing - Long and complex passwords will increase the amount of time it will take the attacker to guess the password - Can be prevented by limiting the number of consecutive attempts - Can always succeed given enough time - Dictionary Attacks use a list of known passwords - Not using common words and phrases will make this attack more difficult - Avoid reusing passwords to limit the effectiveness of this attack - Insider Threat - Trusted person (employee, contractor, partner) who commits a malicious act - Cross Site Scripting (XSS) - An attacker injects malicious code into a website through an insecure form - SQL Injection Attacks - An attacker compromises a SQL database usually through cross-site-scripting - Structed Query Language (SQL) is used to create, store, and retrieve information from a database ##### 60. 2.4 Common Vulnerabilities - Non-compliant systems - Unpatched systems - Unprotected systems - Missing antivirus/firewall - EOL OOs - Bring your own device (BYOD) ##### 61. 2.5 Windows Security Setting - Defender Antivirus - Activate/deactivate - Updated definitions - Firewall - Activate/deactivate - Port security - Application security - Users and groups - Local vs Microsoft Account - Standard account - Administrator - Guest user - Power user - Login OS options - Username and password - Personal Identification Number (PIN) - Fingerprint - Facial Recognition - Single sign on (SSO) ##### 62. 2.5 Encrypting in Windows - NTFS vs Share Permissions - Permissions can be set on a folder using both NTFS and sharing option - The most restrictive will apply - Inheritance - Files and folders will inherit it's permissions from a parent folder - Opening Apps - Run as administrator vs standard user - Certain applications will require an admin login - User Account Control (UAC) - Encrypting setting - BitLocker - Full volume encryption feature included with Microsoft Windows - Protect Data by providing encryption for entire volumes - BitLocker to Go - Drive Encryption on removable data drives - Encrypting File System (EFS) - Provides filesystem level encryption - Enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer ##### 63. 2.6 User Security Setting - Workstation Security - Account management - Restrict user permissions - Give min permissions to do the job - No one should have an admin account - Restrict login times - Should only be able to login during work hours - Disable guest account - use failed attempts lockout - Use timeout/screen lock - Change default administrator's user account/password ##### 64. 2.6 Workstation Security Best Practice - Workstation Security - Data-at-rest encryption - Use bitlocker or EFS to encrypt data stored on the computer - Password best practices - Complexity requirements - Length: 8-10 Min - Character types - mix of all characters on keyboard - Expiration requirements - Should expire every 60-90 days - Should set a BIOS or UEFI password - This must be entered before windows boot - End user best practices - Use screensaver locks - Log off when not in use - Secure/protect critical hardware - Secure personally identifiable information (PII) and passwords - Disable AutoRun and AutoPlay ##### 65. 2.7 Mobile Device Security - Screen locks - Facial recognition - PIN codes - Fingerprint - pattern - swipe - Remote wipes - If lost, can remotely wipe the device - Locator applications - Able to find the device if lost - OS updates - Keep the device updated with the latest updates from the manufacturer - Device encryption - Full disk encryption - Most never phones has this on by default - Remote backup applications - Ability to remotely backup data on the device - Failed login attempts restrictions - If the passcode is entered too many times incorrectly, the device will lock or be wiped - Antivirus/Antimalware - Generally 3rd party software to prevent or clean malware - Firewalls - Helps to protect worms or virus from entering the device - Policies and procedures - BYOD vs Corporate owned - Profile security requirements - Internet of Things (IoT) - All device connected to the Internet - Change default passwords - keep updated ##### 66. 2.8 Data Destruction - Physical destruction - Drilling - Using a drill to break the platter in the drive - Shredding - Uses a device to physically shred the device into smaller pieces - Degaussing - Using a large magnet to remove data from the disk - Incinerating - Melts the drive - Recycling or repurposing best practices - Erasing/wiping - Low-level formatting - Standard formatting - Outsourcing concepts - third party vendor - Certification of destruction/recycling ##### 67. 2.9 SOHO router - Home router settings - Change default passwords - IP filtering and content filtering - Filter unwanted content from IP address or sites - Firmware updates - Should be kept updated since newer firmware will include security updates - Physical placement / secure locations - Should be stored in a secured location to ensure no unauthorized physical access to the device - Dynamic Host Configuration Protocol (DHCP) reservations - to ensure a certain device such as a printer always receive a set IP address - Static wide area network (WAN) IP - If your ISP gives you a static IP address it will have to be configured on the router - Universal Plug and Play (UPnP) - Enables apps and devices to automatically open and close ports to connect with the LAN network - Screened subnet - a demilitarized zone where companies store publicly accessible servers such as a web server - Wireless specific - Changing the service set identifier (SSID) - Disabling SSID broadcast - Encryption settings - Disabling guest access - Changing channels - Firewall settings - Disabling unused ports - port forwarding/mapping - Enable remote access to applications or server from outside the network ##### 68. 2.10 Browser Security - Browser download/installation - Trusted Sources - Hashing - Untrusted sources - Extensions and plug ins - Trusted sources - Untrusted sources - Password manager - Secure connections/sites valid certificates - Settings - Pop-up blocker - Clearing browsing data - clearing cache - Private browsing mode - Sign-in / browser data synchronization - Ad blockers ## Section 4: 3.0 Troubleshooting --- ##### 69. 3.1 Common OS issues - Blue screen of Death (BSOD) - Windows Issues - Corrupts OS files or drivers - Hardware failure such as RAM - Application error - Sluggish performance - Computer running slow - Check you have minimum amount of resources - Check task manager for how much resources is being used by applications - Reinstall applications or add more RAM, SSD, or faster processor - Reinstall OS as last option - Frequent shutdowns - Windows issues - Corrupt OS files or drivers - Hardware failure - RAM failure - Cooling issues (fans not working) - Services not starting - Issues with the service itself - Best to reinstall the application that installed the service - Use system restore and restore to point when it was working - Applications crashing - Check if any application setting has recently changed - Backup the application data and reinstall the application - Use system restore and restore to point when it was working - Low memory warnings - Not enough RAM to run the application - Check task manager to see what application is using how much memory - Add more RAM that way you use less page memory - USB controller resource warning - May happen if too many devices are connected to a USB bus - Plug some devices into USB 2.0 ports - Reinstall the USB host controller driver - System Instability - System crashing, slow, or error - Could be caused by corruption in Windows OS files - Use sfc /scannow -> Will scan all files and fix any issues - No OS found - Boot Loader for Windows is corrupt or cannot be found - Check if your booting to correct drive - Check if there is something plug into a boot drive that is set in the BIOS - Use startup repair - Use the command below to rebuild the Windows Boot Configuration Database - Bootrec /rebuildbcd - Slow profile load - When using logs in, it can take very long for desktop to load - Check what applications are starting up - If it is a roaming profile - Check to ensure you have enough bandwidth to load the profile - Time drift - Date and time maybe off - Set the computer to update time and date automatically ##### 70. 3.1 Fixing Windows - Common Troubleshooting Steps - Reboot - Easiest and faster way to fix simple issue - May work for frozen OS or applications - Restart services - Will refresh the entire service - May work for a service that is not functioning or has failed - Can be done from the services.msc - Uninstall/reinstall/update applications - Best uninstall the application completely then reinstall - This will fix most issues with an application - Application data files might not be lost - Might lose application settings - Can be done from the control panel or apps from setting - Verify requirements - Before installing any OS or application, ensure the system meets the minimum requirements - Many applications and OS has a minimum amount of RAM, Disk space and CPU requirements - System File Checker - Allows users to scan for and restore corrupted Windows system files - Use the sfc command - sfc /scannow - Scans all system files and replaces corrupted or incorrect files - Reimage - Uses an imaging software to create an image - When issues occur, the system will be reimage - Roll back updates - If updates causes errors, then you can remove the update if needed - Rebuild Windows profiles - builds a new window profile for the users - This can resolve any issues with the user application or configuration ##### 71. 3.1 Utilities for fixing Windows - Tools to Fix Windows - Window Repair - Windows Recovery Environment - Windows Reset - Reinstalls Windows but allows you to keep your files - System Restore - Allows the system to restore back to a date - Safe Mode - Boot's the system with minimum drivers, and software to check the operating system ##### 72. 3.2 Common Security Issues - Computer Security Issues - Unable to access the network - Can be malware is slowing down the system - False alerts regarding antivirus protection - Says no antivirus is installed or expired - Says your computer is infected and needs to download a false antivirus - Altered system or personal files - Missing/renamed files - Typical for malware to rename files or alter them - Unwanted notifications within the OS - might get notifications the OS is not functioning correctly - OS update failures - Computer cannot be updated - Random/frequent pop-ups - Pop-ups from websites or from malware on your computer - Browser Related Issue - Certificate warnings - Certificate from site is expired or not trusted - Don't visit site that gives this error - Redirection - Going to bad website it will redirect you to another site that has malware ##### 73. 3.3 Malware Removal Steps - Procedures for Malware Removal 1. Investigate and verify malware symptoms - pop-up - Messaging asking for money - Not booting - Slow - Applications not working 2. Quarantine infected systems - Remove the system off the network - Disconnect the NIC or disable the wifi card 3. Disable System Restore in Windows 4. Remediate infected systems - Update anti-malware software - Scanning and removal techniques (e.g. safe mode, preinstallation environment) 5. Schedule Scans and Run updates 6. Enable System Restore and Create a restore point in Windows 7. Educate the end user ##### 74. 3.4 mobile Device Issues - Mobile OS and Application Issues - Application fails to launch - Uninstall and reinstall App - Application fails to close/crashes - Uninstall and reinstall App - Application fails to update - Uninstall and reinstall app - Slow to respond - Update device - Remove apps that could be consuming the resources - OS fails to update - Check OS setting - Factory reset - Battery life issues - Applications running in the background - Stop them from running - Running the phone in high performance mode - Randomly reboots - Corruption of the OS or getting too hot - Connectivity issues (ensure it is enable) - Bluetooth - Disconnect and reconnect device - Ensure within range - WiFi - Disconnect and reconnect device - Ensure within range - Near-field communication (NFC) - Ensure within range - AirDrop - Ensure within range - Screen does not autorotate - Ensure phone is set to rotate - Accelerometer is faulty ##### 75. 3.5 Mobile Security Issues - Security concerns - Android Package (APK) source - Developer mode - Root access/jailbreak - Bootleg/malicious application - Application spoofing - Common symptoms - High network traffic - Sluggish response time - Data-usage limit notification - Limited Internet connectivity - No Internet connectivity - High number of ads - Fake security warnings - Unexpected application behavior - Leaked personal files/data ## Section 5: 4.0 Operational Procedures --- ##### 76. 4.1 Common Network Documentation - Types of documents - Acceptable use policies (AUP) define how the employees are allowed to use the services they have access to - Regulatory compliance requirements - Will influence how an organization has to operate which means IT must also follow the rules of the regulatory bodies - Splash screen - Incident Documentation helps create documentation of what kind of issues are occurring and how they were handled - Standard operating procedures (SOP) provide a series of steps to accomplish a certain task - Procedures for custom installation of software package - New-user setup checklist - End user termination checklist - Network Topology Diagram - Diagrams are used to build the network and it becomes a reference for troubleshooting network issues ##### 77. 4.1 Ticket and Asset Tracking - Documentation and Support Systems - Ticketing Systems - User information - Device information - Description of problems - Categories - Severity - Escalation Levels - Clear, concise written communication - Problem description - Progress Notes - Problem resolution - Asset Management - Inventory lists - Database system - Asset tags and IDs - Procurement life cycle - Warranty and licensing - Assigned users - Barcodes can make it easier to track items, like how retailers maintain their inventory - Asset tags can be used to track misplaced devices by using RDIF (radio frequency identification) ##### 78. 4.2 Change Management - Documented business processes - Rollback plan - Sandbox testing - Responsible staff member - Change management - Request forms - Purpose of the change - Scope of the change - Date and time of the change - Affected systems/impact - Risk analysis - Risk level - Change board approvals - End user acceptance ##### 79. 4.3 Backups - Backup and Recovery - Creating a backup is the standard operating procedure when working with valuable data - Archive bit - show if the file has change - Backup testing - Frequency - Backup rotation schemes - On site vs off site - 3-2-1 backup rule - There should be 3 copies of data; on 2 different media; with 1 copy being off site - Grandfather-father-son (GFS) - Monthly, weekly, and daily backup - Full - All files are backup - Incremental - Only files that has changed since the last backup, clears the archive bit - Differential - Only files that has change since the last differential backup, doesn't clear the archive bit - Synthetic - A combo backup that takes a full backup and incremental or differential backup to make another full backup ##### 80. 4.4 Safety Procedures - Electrostatic Discharge (ESD) is when you discharge the static electricity that naturally builds up into body onto an electronic component. This can be very harmful to the component and can damage it beyond repair - Anti static protection methods - Anti static wrists/ankle strap - Anti-static table mat - Anti-static floor mat - Metallized film antistatic bag - Personal Safety - Disconnect power before repairing PC - lifting techniques - Electrical fire safety - Safety goggles - Air filtration mask ##### 81. 4.5 Environmental Controls - Material Safety Data Sheet (MSDS)/documentation for handling and disposal - Proper Battery disposal - Proper toner disposal - Proper disposal of other devices and assets - Temperature, humidity level awareness, and proper ventilation - Location/equipment placement - Dust cleanup - Compressed air/vacuums - Environmental Controls - Power surges, under-voltage events, and power failures - Battery backup - Surge suppressor ##### 82. 4.6 Incidents and Regulations - Chain of custody - Is the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of materials, including physical or electronic evidence - Inform management/law enforcement as necessary - Copy of drive (data integrity and preservation) - Bit by bit copy - Documentation of incident - Information about the incident - Licensing - Licensing/digital rights management (DRM)/end-user license agreement (EULA)= - Valid licenses - Non-expired licenses - Personal use license vs corporate use license - Open source license - Regulations - Regulated Data - Credit card transactions - Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes - Personal government issued information - PII (Personally Identifiable Information) - Personal Information about you - Address, credit number, social security numbers - General Data Protection Regulation (GDPR) is a regulation is EU law on data protection and privacy in the European Union and the European Economic Area - Healthcare Data - Medicine you take and/or disease - Health Insurance Portability and Accountability Act (HIPAA) - Healthcare information, stipulates how personally identifiable information maintained by the healthcare and healthcare insurance industries should be protected - Data Retention Requirements - How long to hold the data, usually defined by law ##### 83. 4.7 Professionalism - Professional appearance and attire - Match the required attire of the given environment - Formal - Business casual - Use the proper language and avoid jargon, acronyms, and slang, when applicable - Maintain a positive attitude/project confidence - Actively listen, take notes, and avoid interrupting the customer - Be culturally sensitive - Use appropriate professional titles, when applicable - Be on time (if late, contact the customer) - Avoid distractions - Personal calls - Texting/social media sites - Personal interruptions - Dealing with difficult customers or situations - Do not argue with customers or be defensive - Avoid dismissing customer problems - Avoid being judgmental - Clarify customer statements (ask open ended questions to narrow the scope of the problem, restate the issues, or question to verify understanding) - Do not disclose experience via social media outlets - Set and meet expectations/timeline and communicate status with the customer - Offer repair/replacement options, as needed - Provide proper documentation on the services provided - Follow up with customer/user at a later date to verify satisfaction - Deal appropriately with customers' confidential and private materials - Located on a computer, desktop, printer, etc ##### 84. 4.8 Scripting - Cases for Scripting - Basic automation - Restarting machines - Remapping network drives - Installation of applications - automated backups - Gathering of information/data - Initiating updates - Other considerations when using scripts - Unintentionally introducing malware - Inadvertently changing system settings - Brower or system crashes due to mishandling of resources | Language | File Extensions | Description | | -------------------- | --------------- | --------------------------------- | | Batch File | .bat | Windows commands saved to a file | | Powershell | .ps1 | Replacement for batch files | | Visual Basic Scripti | .vbs | Windows application scripting | | UNIX Shell Script | .sh | UNIX/Linux/macOS script | | Python | .py | Multiplatform flexible language | | Javascript | .js | Commonly used for web programming | ##### 85. 4.9 Remote Access - Remote Access Technologies - VPN (Virtual Private Network) - Creates a secure tunnel to a private network over the internet - Required to access resources in a LAN over the Internet - Various protocols can be use; PPTP, L2TP, IPSec, OpenVPN, SSL-VPN - RDP (Remote Desktop Protocol) - Used to connect to a Windows Desktop over the Internet - A VPN connection should always be used - Never expose port 3389 to the public Internet - Virtual Network Computer - Like RDP, but multiplatform - Local screen will still be visible - Useful to demonstrate something to a user - Can potentially reveal confidential data - Available on Windows, Linux, or macOS - Secure Shell (SSH) - Provides a secure command line to a remote system - Remote Monitoring and Management (RMM) - Locally installed agents that can be accessed by a management service provider - Microsoft Remote Assistance (MSRA) - A feature that allows a user to view or control a remote Windows computer over a network or the Internet to resolve issues without directly touching the unit - Third party tools - Screen sharing software - Video conferencing software - File transfer software - Desktop management software - Security considerations of each access method # Quiz Scores: --- # Jason Dion #### Quiz 1: 75% #### Quiz 2: 75% #### Quiz 3: 81% # Professor Messer #### Quiz 1: 78% #### Quiz 2: 86% #### Quiz 3: 83 % # Andrew Ramdayal #### Quiz 1: 91%