Professor Messer’s CompTIA 220-1002 Core 2 A+ Course Notes
James “Professor” Messer
http://www.ProfessorMesser.com Professor Messer’s CompTIA 220-1002 Core 2 A+ Course Notes Written by James “Professor” Messer Copyright © 2018 by Messer Studios, LLC http://www.ProfessorMesser.com All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher.
First Edition: September 2018
Trademark Acknowledgments All product names and trademarks are the property of their respective owners, and are in no way associated or affiliated with Messer Studios LLC.
“Professor Messer” is a registered trademark of Messer Studios LLC.
“CompTIA” and “A+” are registered trademarks of CompTIA, Inc.
Warning and Disclaimer This book is designed to provide information about the CompTIA 220-1002 A+ certification exam. However, there may be typographical and/or content errors. Therefore, this book should serve only as a general guide and not as the ultimate source of subject information. The author shall have no liability or responsibility to any person or entity regarding any loss or damage incurred, or alleged to have incurred, directly or indirectly, by the information contained in this book. Contents
1.0 - Operating Systems 1 1.1 - Operating Systems Overview 1 1.2 - An Overview of Windows 7 2 1.2 - An Overview of Windows 8 and 8.1 3 1.2 - An Overview of Windows 10 4 1.2 - Windows in the Enterprise 4 1.3 - Installing Operating Systems 5 1.3 - Installing and Upgrading Windows 7 1.4 - Microsoft Command Line Tools 8 1.4 - Network Command Line Tools 9 1.5 - Windows Administrative Tools 9 1.5 - Windows Firewall with Advanced Security 10 1.5 - System Configuration 11 1.5 - Task Manager 11 1.5 - Disk Management 12 1.5 - System Utilities 12 1.6 - The Windows Control Panel 13 1.7 - Installing Applications 15 1.8 - HomeGroups, Workgroups, and Domains 15 1.8 - Windows Network Technologies 16 1.8 - Establishing Windows Network Connections 16 1.8 - Configuring Windows Firewall 17 1.8 - Windows IP Address Configuration 17 1.8 - Network Adapter Properties 17 1.9 - Best Practices for macOS 18 1.9 - macOS Tools 18 1.9 - macOS Features 19 1.9 - Best Practices for Linux 19 1.9 - Linux Tools 20 1.9 - Basic Linux Commands 20 2.0 - Security 22 2.1 - Physical Security 22 2.2 - Logical Security 23 2.3 - Wireless Security 25 2.4 - Types of Malware 26 2.4 - Anti-Malware Tools 27 2.5 - Social Engineering Attacks 28 2.5 - Denial of Service 29 2.5 - Zero-day Attacks 29 2.5 - Man-in-the-Middle 30 2.5 - Brute Force Attacks 30 2.5 - Spoofing 30 2.5 - Non-compliant Systems 31 2.6 - Windows Security Settings 31 2.6 - Windows Security Settings 32 2.7 - Workstation Security Best Practices 32 2.8 - Securing Mobile Devices 33 2.9 - Data Destruction and Disposal 34 2.10 - Securing a SOHO Network 35 3.0 - Software Troubleshooting 36 3.1 - Troubleshooting Windows 36 3.1 - Troubleshooting Solutions 37 3.2 - Troubleshooting Security Issues 39 3.3 - Removing Malware 40 3.4 - Troubleshooting Mobile Apps 41 3.5 - Troubleshooting Mobile Device Security 42 4.0 - Operational Procedures 42 4.1 - Documentation Best Practices 42 4.2 - Change Management 43 4.3 - Disaster Recovery 44 4.4 - Safety Procedures 45 4.4 - Managing Electrostatic Discharge 46 4.5 - Environmental Impacts 46 4.6 - Privacy, Licensing, and Policies 47 4.7 - Communication 48 4.7 - Professionalism 49 4.8 - Scripting 49 4.9 - Remote Access Technologies 50 Introduction The CompTIA A+ certification requires a broad set of knowledge, and it covers more topics than many industry certifications. It’s no surprise that the A+ certification has become one of the most sought-after industry certifications by both aspiring technologists and employers.
I hope this book helps you with your “last mile” of studies before taking your exam. There’s a lot to remember, and perhaps some of the information in this book will help jog your memory while you’re sitting in the exam room. Best of luck with your studies!
- Professor Messer The CompTIA A+ Certification CompTIA’s A+ certification is considered to be the starting point for information technology professionals. Earning the A+ certification requires the completion of two exams and covers a broad range of technology topics. After completing the CompTIA A+ certification, an A+ certified professional will have an understanding of computer hardware, mobile devices, networking, operating systems, security techniques, and much more.
The current series of the A+ certification is based on the successful completion of the 220-1001 and the 220-1002 exams. You must pass both exams to earn your CompTIA A+ certification. This book provides a set of notes for the 220-1002 Core 2 exam.
The 220-1002 Core 2 exam The 220-1002 exam objectives are focused on operating systems, with over half of the exam detailing operating systems and the troubleshooting of software.
Here’s the breakdown of the four 220-1002 exam domains:
Domain 1.0 - Operating Systems - 27% Domain 2.0 - Security - 24% Domain 3.0 - Software Troubleshooting - 26% Domain 4.0 - Operational Procedures - 23%
Study Tips Exam Preparation Taking the Exam • Download the exam objectives, • Use your time wisely. You've got 90 minutes and use them as a master checklist: to get through everything. http://www.ProfessorMesser.com/objectives • Choose your exam location carefully. • Use as many training materials as possible. Some sites are better than others. Books, videos, and Q&A guides can all provide a • Get there early. Don't stress the journey. different perspective of the same information. • Manage your time wisely. • It's useful to have as much hands-on as possible, You've got 90 minutes to get through everything. especially with network troubleshooting and • Wrong answers aren't counted against you. operating system command prompts. Don't leave any blanks! • Mark difficult questions and come back later. You can answer the questions in any order.
Professor Messer’s CompTIA A+ 220-1002 Course Notes http://www.ProfessorMesser.com 1.1 - Operating Systems Overview Why do you need an OS? Linux • Control interaction between components • Free Unix-compatible software system • Memory, hard drives, keyboard, CPU • Unix-like, but not Unix • A common platform for applications • Many (many) different distributions • You’re going to do some work, right? • Ubuntu, Debian, Red Hat / Fedora • Humans need a way to interact with the machine • Advantages • The “user interface” • Cost. Free! • Hardware can’t do everything! • Works on wide variety of hardware Standard OS features • Passionate and active user community • File management • Disadvantages • Add, delete, rename • Limited driver support, especially with laptops • Application support • Limited support options • Memory management, swap file management Operating system technologies • Input and Output support • 32-bit vs. 64-bit • Printers, keyboards, hard drives, USB drives • Processor specific • Operating system configuration and management tools • 32-bit processors can store 232 = 4,294,967,296 values Microsoft Windows • 64-bit processors can store • Major market presence 264 = 18,446,744,073,709,551,616 values • Many different versions • 4 GB vs. 17 billion GB • Windows 10, Windows Server 2016 • The OS has a maximum supported value • Advantages • Hardware drivers are specific to the OS version • Large industry support • 32-bit (x86), 64-bit (x64) • Broad selection of OS options • 32-bit OS cannot run 64-bit apps • Wide variety of software support • But 64-bit OS can run 32-bit apps • Disadvantages • Apps in a 64-bit Windows OS • Large install base provides a big target • 32-bit apps: \Program Files (x86) for security exploitation • 64-bit apps: \Program Files • Large hardware support can create Windows on a mobile device challenging integration exercises • Microsoft Windows 10 Apple macOS • Fully-featured tablets • macOS • Many different manufacturers • Desktop OS running on Apple hardware • Touchscreen computer • Advantages • Keyboards • Easy to use • Pen stylus • Extremely compatible • Windows Mobile • Relatively fewer security concerns • No longer in active development • Disadvantages • No support after December 2019 • Requires Apple hardware Google Android • Less industry support than the PC platform • Open Handset Alliance • Higher initial hardware cost • Open-source OS, based on Linux • Supported on many different manufacturer’s devices • Android Apps • Apps are developed on Windows, Mac OS X, and Linux with the Android SDK • Apps available from Google Play • Apps also available from third-party sites
Version 0x01 © 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 1 http://www.ProfessorMesser.com 1.1 - Operating Systems Overview (continued) Apple iOS Vendor-specific limitations • Apple iPhone and Apple iPad OS • End-of-life • Based on Unix • Different companies set their own EOL policies • Closed-source - No access to source code • Updating • Exclusive to Apple products • iOS, Android, and Windows 10 check and prompt for updates • iOS Apps • Chrome OS will update automatically • Apps are developed with iOS SDK on Mac OS X • Apps must be approved by Apple before release • Compatibility between operating systems • Apps are available to users in the Apple App Store • Some movies and music can be shared Chrome OS • Almost no direct application compatibility • Google’s operating system • Fortunately, many apps have been built • Based on the Linux kernel to run on different OSes • Some data files can be moved across systems • Centers around Chrome web browser • Web-based apps have potential • Most apps are web-based • Many different manufacturers - Relatively less expensive • Relies on the cloud - connect to the Internet 1.2 - An Overview of Windows 7 Windows 7 Windows 7 Ultimate • Released October 22, 2009 • Complete functionality • Mainstream support ended January 13, 2005 • Domain support, Remote Desktop, EFS • Extended support until January 14, 2020 • All enterprise technologies, including BitLocker • Very similar to Windows Vista • x64 version supports 192 GB of RAM • Maintained the look and feel • Same features as Windows 7 Enterprise • Used the same hardware and software • But for the home user • Increased performance • Updated features • Libraries, HomeGroup, pinned taskbar Windows 7 Starter • Built for netbooks • No DVD playback or Windows Media Center, no Windows Aero, no Internet Connection Sharing (ICS), no IIS Web Server • No enterprise technologies • No Domain connection, BitLocker, EFS, etc. • Only a 32-bit version, maximum of 2 GB of RAM Windows 7 Home Premium • The consumer edition • DVD playback, Windows Aero, Internet Connection Sharing, IIS Web Server • No enterprise technologies Windows 7 Professional • No domain connection, BitLocker, EFS, etc. • Same features as Home Premium • x64 version supports 16 GB of RAM • Can connect to a Windows Domain and 2 processors • Supports Remote Desktop Host and EFS • Missing enterprise technologies - no BitLocker • x64 version supports 192 GB of RAM Windows 7 Enterprise • Sold only with volume licenses • Designed for very large organizations • Multilingual User • Interface packages © 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 2 http://www.ProfessorMesser.com Windows 7 Windows 7 DVD Domain Windows 7 Windows 7 Aero ICS EFS BitLocker x86 RAM x64 RAM Playback Member Minimum Requirements (x86) Minimum Requirements (x64) Edi+on Starter ✖ ✖ ✖ ✖ ✖ ✖ 2 GB N/A Processor / CPU 1 GHz processor ✖ ✖ ✖ Memory 1 GB RAM 2 GB RAM Home Premium ✓ ✓ ✓ 4 GB 16 GB Free disk space 16 GB 20 GB Professional ✓ ✓ ✓ ✓ ✓ ✖ 4 GB 192 GB Video DirectX 9 graphics device with WDDM 1.0 or higher driver Enterprise ✓ ✓ ✓ ✓ ✓ ✓ 4 GB 192 GB Ul>mate ✓ ✓ ✓ ✓ ✓ ✓ 4 GB 192 GB Windows 8 and 8.1
Windows Max Max Windows 8/8.1 Windows 8/8.1 Windows 8/8.1 Domain Media EFS BitLocker AppLocker BranchCache x86 x64 Minimum Requirements (x86) Minimum Requirements (x64) Edi.on Member Player RAM RAM Processor / CPU 1 GHz processor with support for PAE, NX, and SSE2 Memory 1 GB RAM 2 GB RAM Core ✓ ✖ ✖ ✖ ✖ ✖ 4 GB 128 GB Free disk space 16 GB 20 GB ✖ ✖ Video MicrosoB DirectX 9 graphics device with WDDM driver Pro ✓ ✓ ✓ ✓ 4 GB 512 GB Enterprise ✓ ✓ ✓ ✓ ✓ ✓ 4 GB 512 GB Windows 10
Max Windows 10 Windows 10 Windows 10 Domain Max Hyper-V BitLocker AppLocker BranchCache x86 Minimum Requirements (x86) Minimum Requirements (x64) Edi,on Member x64 RAM RAM Processor / CPU 1 GHz processor with support for PAE, NX, and SSE2 Home ✖ ✖ ✖ ✖ ✖ 4 GB 128 GB Memory 1 GB RAM 2 GB RAM Free disk space 16 GB 20 GB Pro ✓ ✓ ✓ ✖ ✖ 4 GB 2048 GB Video MicrosoB DirectX 9 graphics device with WDDM driver Educa,on/ 4 GB 2048 GB Enterprise ✓ ✓ ✓ ✓ ✓ 1.2 - An Overview of Windows 8 and 8.1 Windows 8 and 8.1 Windows 8/8.1 Enterprise • Windows 8 • Available to “Software Assurance” customers • Available October 26, 2012 • Large volume licenses • New user interface - no traditional “Start” button • Adds enterprise features • Windows 8.1 • AppLocker • Released October 17, 2013 • Windows To Go • A free update to Windows 8 - not an upgrade • DirectAccess • Mainstream support ended January 9, 2018 • BranchCache • Extended support ends January 10, 2023 Windows 8/8.1 processor requirements Windows 8/8.1 Core • PAE (Physical Address Extension) • A basic version for the home - x86 and x64 versions • 32-bit processors can use more than • Microsoft account integration • 4 GB of physical memory • Login to your computer and all of your services • NX (NX Processor Bit) • Windows Defender • Protect against malicious software • Integrated anti-virus and anti-malware • SSE2 (Streaming SIMD Extensions 2) • Windows Media Player • A standard processor instruction set • Play audio CD and DVDs • Used by third-party applications and drivers Windows 8/8.1 Pro • The professional version • Similar to Windows 7 Professional / Ultimate • Full support for BitLocker and EFS • Full-disk and file-level encryption • Join a Windows Domain • Support for IT management • Group Policy support • Centralized management of Windows devices © 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 3 http://www.ProfessorMesser.com 1.2 - An Overview of Windows 10 Windows 10 Windows 10 Education and Enterprise • Released on July 29, 2015 • Very similar features in both • We skipped Windows 9 • Minor features differences • A single platform • Volume licensing • Desktops, laptops, tablets, phones, all-in-one devices • AppLocker • Upgrades were free for the first year • Control what applications can run • From Windows 7 and Windows 8.1 • BranchCache • Microsoft calls Windows 10 a “service” • Remote site file caching • Periodic updates to the OS • Granular User Experience (UX) control • Instead of completely new versions • Define the user environment Windows 10 Home • Useful for kiosk and workstation customization • Home user, retail sales Windows 10 processor requirements • Integration with Microsoft account • Same requirements as Windows 8/8.1 • Microsoft OneDrive backup • PAE (Physical Address Extension) • Windows Defender • 32-bit processors can use more than • Anti-virus and anti-malware • 4 GB of physical memory • Cortana • NX (NX Processor Bit) • Talk to your operating system • Protect against malicious software Windows 10 Pro • SSE2 (Streaming SIMD Extensions 2) • The business version of Windows • A standard processor instruction set • Additional management features • Used by third-party applications and drivers • Remote Desktop host • Remote control each computer • BitLocker • Full disk encryption (FDE) • Join a Windows domain • Group Policy management 1.2 - Windows in the Enterprise Windows at work BitLocker and EFS • Large-scale support • Data confidentiality • Thousands of devices • Encrypt important information • Security concerns • Encrypting File System • Mobile devices with important data • Protect individual files and folders • Local file shares • Built-in to the NTFS file system • Working on a spreadsheet • BitLocker • Watching a movie • Full Disk Encryption (FDE) • Geographical sprawl • Everything on the drive is encrypted • Cache data between sites • Even the operating system Domain Services • Home and business use • Active Directory Domain Services • Especially on mobile devices • Large database of your network Media Center • Distributed architecture • Video, music, and television portal • Many servers • Perfect for watching at home • Not suitable for home use • Record shows from a TV tuner • Everything documented in one place • Play music • User accounts, servers, volumes, printers • Watch DVDs • Many different uses • The center of your home entertainment center • Authentication • Cable companies and other technologies • Centralized management were strong competition • Discontinued by Microsoft • Not officially available in Windows 10
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 4 http://www.ProfessorMesser.com 1.2 - Windows in the Enterprise (continued) BranchCache Desktop styles • Caching for branch offices • Your computer has many different uses • Without additional hardware or external services • Those change depending on where you are • Conserve bandwidth over slower links • Work • Seamless to the end-user • Standard desktop • Same protocols • Common user interface • Same network connection • Customization very limited • Same authentication methods • You can work at any computer • Activates when round-trip latency • Home exceeds 80 milliseconds • Complete flexibility • Background photos, colors, UI sizing
1.3 - Installing Operating Systems Boot methods • Multiboot • USB storage • Run two or more operating systems • USB must be bootable from a single computer • Computer must support booting from USB • Recovery partition • CD-ROM and DVD-ROM • Hidden partition with installation files • A common media • Refresh / restore • PXE (“Pixie”) - Preboot eXecution Environment • Windows 8/10 feature to clean things up • Perform a remote network installation • Requires a recovery partition • Computer must support booting with PXE The disk partition • NetBoot • Separates the physical drive into logical pieces • Apple technology to boot Macs from the network • Useful to keep data separated • Similar concept to PXE • Multiple partitions are not always necessary • Boot methods • Useful for maintaining separate operating systems • Solid state drives / hard drives • Windows, Linux, etc. • Store many OS installation files • Formatted partitions are called volumes • External / hot swappable drive • Microsoft’s nomenclature • Some external drives can mount MBR partition style an ISO (DVD-ROM image) • MBR (Master Boot Record) • Boot from USB • The old standby, with all of the old limitations • Internal hard drive • Primary • Install and boot from separate drive • Bootable partitions • Create and boot from new partition • Maximum of four primary partitions per hard disk Types of installations • One of the primary partitions can be marked as Active • Unattended installation • Extended • Answer Windows questions in a file (unattend.xml) • Used for extending the maximum number of partitions • No installation interruptions • One extended partition per hard disk (optional) • In-place upgrade • Contains additional logical partitions • Maintain existing applications and data • Logical partitions inside an extended partition • Clean install are not bootable • Wipe the slate clean and reinstall GPT partition style • Migration tool can help • GPT (GUID Partition Table) • Image • Globally Unique Identifier • Deploy an clone on every computer • The latest partition format standard • Types of installations • Requires a UEFI BIOS • Repair installation • Can have up to • Fix problems with the Windows OS • 128 primary partitions • Does not modify user files • No need for extended partitions or logical drives
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 5 http://www.ProfessorMesser.com 1.3 - Installing Operating Systems (continued) Disk partitioning Other file systems • The first step when preparing disks • ext3 • May already be partitioned • Third extended file system • Existing partitions may not always be compatible • Commonly used by the Linux OS with your new operating system • ext4 • An MBR-style hard disk can have up to four partitions • Fourth extended file system • GUID partition tables support up to 128 partitions • An update to ext3 • Requires UEFI BIOS or BIOS-compatibility mode • Commonly seen in Linux and Android OS • BIOS-compatibility mode disables UEFI SecureBoot • NFS • You’ll probably have one partition • Network File System • BE CAREFUL! • Access files across the network as if they were local • Serious potential for data loss • NFS clients available across many operating systems • This is not an everyday occurrence • HFS+ / HFS Plus Storage types • Hierarchical File System • Layered on top of the partition and file system • Also called Mac OS Extended • A Windows thing • Replaced by Apple File System (AFPS) in • Basic disk storage macOS High Sierra (10.13) • Available in DOS and Windows versions • Swap partition • Primary/extended partitions, logical drives • Memory management • Basic disk partitions can’t span separate physical disks • Frees memory by moving unused pages onto disk • Dynamic disk storage • Copies back to RAM when needed • Available in all modern Windows versions • Usually a fast drive or SSD • Span multiple disks to create a large volume Quick format vs. full format • Split data across physical disks (striping) • Quick format • Duplicate data across physical disks (mirroring) • Creates a new file table • Not all Windows versions support all capabilities • Looks like data is erased, but it’s not File systems • No additional checks • Before data can be written to the partition, • Quick format in Windows 7, 8/8.1, and 10 it must be formatted • Use diskpart for a full format • Operating systems expect data to be written • Full format in a particular format • Writes zeros to the whole disk • FAT32 and NTFS is popular • Your data is unrecoverable • Many operating systems can read (and perhaps write) • Checks the disk for bad sectors - Time consuming multiple file system types Other considerations • FAT, FAT32, NTFS, exFAT, etc. • Load alternate third party drivers when necessary FAT • Disk controller drivers, etc. • FAT - File Allocation Table • Workgroup vs. Domain setup • One of the first PC-based file systems (circa 1980) • Home vs. business • FAT32 - File Allocation Table • Time/date/region/language settings • Larger (2 terabyte) volume sizes • Where are you? • Maximum file size of 4 gigabytes • Driver installation, software and windows updates • exFAT - Extended File Allocation Table • Load video drivers, install apps, update the OS • Microsoft flash drive file system • Factory recovery partition • Files can be larger than 4 gigabytes • This can help you later NTFS and CDFS • NTFS – NT File System • Extensive improvements over FAT32 • Quotas, file compression, encryption, symbolic links, large file support, security, recoverability • CDFS - Compact Disk File System • ISO 9660 standard • All operating systems can read the CD
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 6 http://www.ProfessorMesser.com 1.3 - Installing and Upgrading Windows Prepare the boot drive Upgrade methods • Know your drive • In-place • Is there data on the drive? • Upgrade the existing OS • Has the drive been formatted? • Keeps all applications, documentations, and settings • What partitions are on the drive? • Start the setup from inside the existing OS • Backup any old data - You may need that back someday • Clean install • Most partitioning and formatting can be • Wipe everything and reload completed during the installation • Backup your files • Clear the drive and start fresh • Start the setup by booting from the installation media Before the installation Upgrading to Windows 10 • Check minimum OS requirements • Upgrade from the Windows 10 installation media • Memory, disk space, etc. • Downloadable versions are available from Microsoft • And the recommended requirements • Includes a media creation tool • Run a hardware compatibility check • You cannot upgrade x86 to x64 • Runs when you perform an upgrade • Or x64 to x86 • Run manually from the Windows setup screen • Applies to all Windows versions • Windows 10 Upgrade Checker • You’ll have to migrate instead • Plan for installation questions Post-installation • Drive/partition configuration, license keys, etc. • Does it work? • Application compatibility - Check with the app developer • If it doesn’t boot, there are bigger problems • Some testing is useful for unknown hardware Why upgrade? configurations • Upgrade vs. Install • Upgrade - Keep files in place • Additional installations • Install - Start over completely fresh • Service packs • Security patches • Maintain consistency • Security applications • Customized configurations, multiple local user accounts • Driver updates • Upgrades save hours of time • Application updates • Avoid application reinstall • Keep user data intact • Get up and running quickly • Seamless and fast • Run from the DVD-ROM Windows 10 Windows 10 Windows 10 or USB flash Home Pro Enterprise
Upgrading from Windows 8.1 Windows 8.1 Core Upgrade Upgrade Install • Keep Windows settings, personal files, and applications Windows 8.1 Professional Install Upgrade Upgrade • Must upgrade to a similar Edition • You cannot upgrade directly from Windows 8.1 Enterprise Install Install Upgrade Windows 8 to Windows 10
Windows 10 Windows 10 Windows 10 Home Pro Enterprise Windows 7 Starter Upgrade Upgrade Install Upgrading from Windows 7 • Keep Windows settings, Windows 7 Home Basic Upgrade Upgrade Install personal files, Windows 7 Home Premium Upgrade Upgrade Install and applications • Must upgrade Windows 7 Professional Install Upgrade Upgrade to a similar Edition Windows 7 Ul>mate Install Upgrade Install Windows 7 Enterprise Install Install Upgrade
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 7 http://www.ProfessorMesser.com 1.4 - Microsoft Command Line Tools Privileges Check Disk • Not all users can run all commands • chkdsk /f • Some tasks are for the administrator only • Fixes logical file system errors on the disk • Standard privileges • chkdsk /r • Run applications as normal user • Locates bad sectors and recovers readable information • This works fine for many commands • Implies /f • Administrative/elevated privileges • If volume is locked, run during startup • You must be a member of the Administrators group DiskPart • Right-click Command Prompt, • Manage disk configurations choose Run as Administrator • diskpart - start the DiskPart command interpreter • cmd, Ctrl+Shift+Enter TaskList and TaskKill Command line troubleshooting • Manage tasks from the command line • Use “help” if you’re not sure • No Task Manager required! • > help dir • tasklist • > help chkdsk • Displays a list of currently running processes • Also use: • Local or remote machine • [command] /? • taskkill • Close the prompt with exit • Terminate tasks by process id (PID) or image name File management • TASKKILL /IM notepad.exe • dir • TASKKILL /PID 1234 /T • List files and directories Managing Group Policy • cd • Group Policy • Change working directory • Manage computers in an Active Directory Domain • Use backslash \ to specify volume or folder name • Group Policy is usually updated at login • .. • gpupdate • Two dots/periods • Force a Group Policy update • The folder above the current folder • gpupdate /target:{computer|user} /force shutdown • gpupdate /target:professor /force • Shutdown a computer • gpresult • And optionally restart • Verify policy settings for a computer or user • shutdown /s /t nn • gpresult /r • Wait nn seconds, then shutdown • gpresult /user sgc/professor /v • shutdown /r /t nn Format • Shutdown and restart after nn seconds • Formats a disk for use with Windows • shutdown /a • format c: • Abort the countdown! Copy dism • Copy files from one location to another • Deployment Image Servicing and Management tool • copy (/a, /v, /y) • Manage Windows Imaging Format (WIM) files • /v - Verifies that new files are written correctly • Make changes to your image with DISM • /y - Suppresses prompting to confirm you want to • Get information about an image overwrite an existing destination file • Update applications Xcopy • Manage drivers • Copies files and directory trees • Manage updates • xcopy /s Documents m:\backups • Mount an image Robust Copy • All command-line based • Many different options • robocopy • A better Xcopy • Easy to automate • Included with Windows 7, 8.1, and 10 sfc • Scan integrity of all protected system files • sfc /scannow
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 8 http://www.ProfessorMesser.com 1.4 - Network Command Line Tools ipconfig netstat • Most of your troubleshooting starts with your IP address • Network statistics • Ping your local router/gateway • Many different operating systems • Determine TCP/IP and network adapter information • netstat -a • And some additional IP details • Show all active connections • View additional configuration details • netstat -b • DNS servers, DHCP server, etc. • Show binaries (Windows) ping • netstat -n • Test reachability • Do not resolve names • Determine round-trip time nslookup • Uses Internet Control Message Protocol (ICMP) • Lookup information from DNS servers • One of your primary troubleshooting tools • Canonical names, IP addresses, cache timers, etc. • Can you ping the host? • Lookup names and IP addresses • Written by Mike Muuss in 1983 • Many different options • The sound made by sonar net • Not an acronym for Packet INternet Groper • Windows network commands tracert • View network resources • Determine the route a packet takes to a destination • net view \\
1.5 - Windows Administrative Tools Computer Management Device Manager • A pre-built Microsoft Management Console • The OS doesn’t know how to talk directly to most • A predefined mix of plugins hardware • Control Panel / Administrative Tools • Device drivers are hardware specific and operating • mmc.exe system specific • A handy starting point • Windows 7 device drivers may not necessarily work in • Events Windows 10 • User accounts • Technical Support FAQ • Storage management • “Have you updated the drivers?” • Services • Computer Management or devmgmt.msc • And more!
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 9 http://www.ProfessorMesser.com 1.5 - Windows Administrative Tools (continued) Local users and groups Component Services • Users • Microsoft COM+ • Administrator - the Windows super-user • Component Object Model • Guest -Limited access • Distributed applications • “Regular” Users • Designed for the enterprise • Groups • Manage COM+ apps • Administrators, Users, Backup Operators, • Device COM+ Management Power Users, etc. • Event Viewer Local Security Policy • Services • Big companies have big security policies ODBC Data Sources • Managed through Active Directory Group Policies • ODBC - Open Database Connectivity • Stand-alone computers aren’t managed through AD • Application independence • You need local policies • Database and OS doesn’t matter • Not available in Home editions • Configure in Control Panel / Administrative Tools • Available in Professional / Pro, Ultimate, Enterprise • Users probably won’t need this Performance Monitor Print Management • Gather long-term statistics • Control Panel / Administrative Tools / Print Management • Control Panel / Administrative Tools • Manage printers • OS metrics - Disk, memory, CPU, etc. • Share printers from one central console • Set alerts and automated actions -Monitor and act • Add and manage printer drivers • Store statistics - Analyze long-term trends • Central management of • Built-in reports - View the data • 32-bit and 64-bit drivers Services Memory diagnostics • Background process • Is your memory working? • No user interaction • I don’t remember • File indexing, anti-virus, network browsing, etc. • May be notified automatically • Useful when troubleshooting the startup process • Or launched manually • Many services startup automatically • Multiple passes • Command-line control • Try to find the bad chip/module • net start, net stop • Control Panel / Administrative Tools • Control Panel / Administrative Tools / Services Event Viewer • services.msc • Central event consolidation Task Scheduler • What happened? • Schedule an application or batch file • Application, Security, Setup, System • Plan your future • Information, Warning, Error, Critical, • Includes predefined schedules - Click and go Successful Audit, Failure Audit • Organize - Manage with folders • Control Panel / Administrative Tools / Task Scheduler 1.5 - Windows Firewall with Advanced Security Windows Firewall Windows Firewall with Advanced Security • Integrated into the operating system • Inbound rules • Control Panel / Windows Firewall • Outbound rules • Windows Firewall with Advanced Security • Connection security rules • Click “Advanced settings” • Granular • Fundamental firewall rules • Program, port, predefined services, custom • Based on applications • Custom • No detailed control • Program, protocol/port, scope, action, profile • No scope • All traffic applies • No connection security rules © 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 10 http://www.ProfessorMesser.com 1.5 - System Configuration System Configurationmsconfig ( ) Services tab • Manage boot processes, startup, services, etc. • Enable and disable Windows services • One-stop shop • Determine what starts during boot • Control Panel / Administrative Tools • Easier to manage than the Services applet • msconfig.exe • Click/unclick General tab • Useful for trial and error • Control the startup process • It may take many reboots to find your problem • Normal, Diagnostic, Selective Startup tab • Normal startup • Manage which programs start with a Windows login • Nothing to see here, go about your business • Easily toggle on and off • Diagnostic startup • Multiple reboots • Similar to Safe Mode, but not quite the same • You’ll find it • Selective startup • A popular feature • You decide what to load • Has moved to the Task Manager in Boot tab Windows 8/8.1/10 • Control the boot location Tools tab • Multiple locations and operating systems • Easy access to popular administrative tools • Advanced options • UAC settings, System Information, • Number of processors, maximum memory, etc. Computer Management, etc. • Boot options • Faster than searching through menus or typing • Safe boot, remove the GUI, create a log file, base • A static (but comprehensive) list video, OS boot information (shows drivers as they load), set timeout for booting 1.5 - Task Manager Task Manager Performance • Real-time system statistics • What’s happening? • CPU, memory, disk access, etc. • CPU, memory, etc. • Starting the Task Manager • Statistical views • Ctrl-Alt-Del, select Task manager • Historical, real-time • Right mouse click the taskbar and • Newer versions include CPU, memory, disk, select Task Manager Bluetooth, and network in the Performance tab • Ctrl-Shift-Esc Networking • Enhancements since Windows 7 • Network performance • More information and features • Separate tab in Windows 7 Applications • Integrated into the Performance tab • Lists user-interactive applications in use in Windows 8/8.1/10 • Apps on the desktop • View utilization, link speeds, and • Administratively control apps interface connection state • End task, start new task Users • Combined with the Processes tab in Windows 8/8.1/10 • Who is connected? What are they doing? Processes • Windows 7 • View all running processes • User list, disconnect, logoff, send message • Interactive and system tray apps • Windows 8/8.1/10 • View services and processes from other accounts • Separate processes • Manage the view • Performance statistics • Move columns, add metrics • Later versions combine all apps, processes, and services into a single tab • Easy to view and sort
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 11 http://www.ProfessorMesser.com 1.5 - Disk Management Disk Management Mounting drives • Manage disk operations • Extend available storage space • Individual computers and file servers • Mount a separate storage device as a folder • Computer Management • Mount in an empty folder • Storage / Disk Management • Instant storage space Disk status • Seamless to the user • Healthy Volume sizes • The volume is working normally • Resize a volume • Healthy (At Risk) • Shrink, extend • The volume has experienced I/O errors • Right-click the volume • Drive may be failing • Splitting • Initializing • Shrink a volume • Normal startup message • Format unallocated space • Failed Storage spaces • Cannot be started automatically • Storage for data centers, cloud infrastructures • The disk is damaged, or the file system is corrupted • Multiple tiers, administrative control • Failed redundancy • Storage pool • A drive has failed in a • A group of storage drives • RAID 1 or RAID 5 array • Combine different storage devices into a single pool • Resynching • Easy to add or remove space in the pool • Mirrored (RAID 1) volume is synching • Storage space data between the drives • Allocate virtual disks from available space in the pool • Regenerating • Includes options for mirroring and parity • RAID 5 volume is recreating the data • Hot spare availability based on the parity data 1.5 - System Utilities The Run line mmc • Start an application as a command • Build your own management framework • Instead of the graphical interface • Choose from list of “snap-ins” • Use the run/search or command prompt • Framework used for many built-in management tools • Specify options as part of the command mstsc The Windows command line • Microsoft Terminal Services Client • cmd • Remote Desktop Connection • The “other” Windows • Access a desktop on another computer • Many options - The power under the hood • Or connect to a Terminal Server regedit • Common for management • The Windows Registry • “Headless” servers • The big huge master database Notepad • Hierarchical structure • View and edit text files • Used by almost everything • You’ll use a lot of text files • Kernel, Device drivers • Included with Windows • Services • Almost any version • Security Account Manager (SAM) Explorer • User Interface, Applications • Windows Explorer / File Explorer (Windows 10) • Backup your registry! • File management • Built into regedit • View, copy, launch files services.msc • Granular control • Control Panel / Administrative Tools / Services • Easy access to network resources • Useful when troubleshooting the startup process • Browse and view • Control background applications • Services can reveal dependencies between applications © 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 12 http://www.ProfessorMesser.com 1.5 - System Utilities (continued) msinfo32 System Restore • Windows System Information • Creates frequent restore points • A wealth of knowledge • Go back-in-time to correct problems • Hardware Resources - Memory, DMA, IRQs, conflicts • F8 - Advanced Boot Options - Repair • Components - Multimedia, display, input, network • Windows 7/8/8.1/10: Control Panel / Recovery • Software Environment - Drivers, print jobs, running tasks • Doesn’t guarantee recovery from viruses and spyware dxdiag Windows Update • DirectX Diagnostic Tool • Keep your OS up to date - Security patches, bug fixes • Manage your DirectX installation • Automatic installation - Updates are always installed • Multimedia API - 3D graphics, audio, and input options • Download but wait for install - You control the time • Also makes a very nice generic diagnostic tool • Check but don’t download - Save bandwidth • Not just for testing DirectX • Never check - Don’t do this defrag • Disk defragmentation • Moves file fragments so they are contiguous • Improves read and write time • Not necessary for solid state drives • Windows won’t defrag an SSD • Graphical version in the drive properties • Requires elevated permissions • Command line: • defrag
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 13 http://www.ProfessorMesser.com 1.6 - The Windows Control Panel (continued) Windows Firewall Network and Sharing Center • Protect from attacks - Scans, malicious software • All network adapters • Integrated into the operating system • Wired, wireless, etc. • Control Panel / Windows Firewall • All network configs Power options • HomeGroup • Power plans - Customize power usage • Adapter settings • Network addressing • Sleep (standby) • Open apps are stored in memory Device Manager • Save power, startup quickly • The OS doesn’t know how to talk directly to most • Switches to hibernate if power is low hardware • You need drivers • Hibernate • Open docs and apps are saved to disk • Manage devices • Common on laptops • Add, remove, disable Credential Manager • First place to go when hardware isn’t working • Centralized management of web • Instant feedback and Windows credentials BitLocker • Each site can have a different username and password • Full disk encryption • Add additional Windows credentials • The operating system and all files • Certificates • A TPM is recommended Programs and features • Trusted Platform Module • Installed applications • Use a flash drive or password if there’s no TPM • Uninstall, size, version • Seamless • Windows features • Works in the background • Enable and disable • You never know it’s there HomeGroup Sync Center • Easily share information • Make files available, even when you’re not online • Windows 7 / Windows 8 • Automatically sync when back online • No HomeGroup options on Windows 10 • Built-in sync conflict management • Documents, pictures, music, video • Not available in Home editions • A network for the home • Needs offline file functionality • Must be set to “Home” in Windows • Only available in Pro and higher • Enable HomeGroup • Mark files “Always available offline” • A single password for everyone Devices and Printers • Everything on the network • Desktops, laptops, printers, multimedia devices, storage • Quick and easy access • Much less complex than Device Manager • Properties, device configurations Sound • Output options • Multiple sound devices may be available • Set levels for output and input • Speakers and microphone Troubleshooting • Some problems can be easily fixed • Have you tried turning it off and on again? • Automate some of the most common fixes • Categorized • May require elevated account access • Enabling / disabling hardware and features
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 14 http://www.ProfessorMesser.com 1.7 - Installing Applications Installing applications Local user permissions • Extend the functionality of your operating system • Folder/file access • Specialized applications • Installation programs will be copying a lot of files • Available everywhere • The user needs permission to write application files • Find the application you need to the storage drive • Install on your operating system • This may not be the default in an office • Not every computer can run every application • May need to run as Administrator • Some simple checks can help manage your desktop • Some applications will install additional drivers System requirements or services • Drive space • Be careful when allowing this level of access! • Initial installation space requirement Security considerations • Application use requirement • There’s a reason we are careful when • Some applications use a LOT of installing applications drive space after installation • Applications have the same rights and permissions • RAM as the user • This would be above and beyond the OS requirements • An unknown application can cause significant issues • Very dependent on the application • Impact to device • Consider all of the other running applications • Application upgrade stops working • OS compatibility • Slowdowns • Operating system (Windows, macOS, Linux) • Deleted files • Version of the OS • Impact to network Installation methods • Access to internal services • Local installation • Rights and permissions to file shares • CD-ROM / DVD-ROM, Optical media, USB • Very compatible with most devices • Supports large installation programs • Network-based • The default in most organizations • Applications are staged and deployed from a central server • Can be centrally managed 1.8 - HomeGroups, Workgroups, and Domains Organizing network devices Workgroups • Windows HomeGroup • Small departments • Share files, photos, video, etc. between all devices • Each computer maintains its own user information • Works on a single private network only • Non-centralized • Windows Workgroups • Manage in Control Panel / System • Logical groups of network devices Domains • Each device is a standalone system, everyone is a peer • Central database • Single subnet • Active Directory Domain Services • Windows Domain • Designed for the enterprise • Business network • User accounts are managed centrally • Centralized authentication and device access • Devices are added to the domain • Supports thousands of devices across many networks • Manage all devices and users HomeGroup • Deploy software • Easily share information • Manage the operating system • Windows 7 / Windows 8/8.1 • Manage in Control Panel / System • HomeGroup support was removed from Windows 10 Join a domain • Documents, pictures, music, video • Cannot be a Windows Home edition • A network for the home • Needs to be Pro or better • Must be set to “Home” in Windows • Control Panel / System • Enable HomeGroup - A single password for everyone • Need proper rights to add a computer © 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 15 http://www.ProfessorMesser.com 1.8 - Windows Network Technologies Network locations in Windows 7 Proxy settings • Automatically set security levels • Change the traffic flow • You don’t even have to remember • An Internet go-between • Home • Control Panel / Internet Properties • The network is trusted • Define address and exceptions • Work • Proxies don’t work for everything • You can see other devices, but can’t join a HomeGroup Network shares • Public • Make a folder available across the network • Airport, coffee shop • “Share” with others, view in Windows Explorer • You are invisible • Assign (map) a drive letter to a share Network locations in Windows 8/8.1/10 • Reconnect automatically • Private • Shares ending with a dollar sign ($) are “hidden” • Sharing and connect to devices • Not a security feature • Public • Control Panel / Administrative Tools / Computer • No sharing or connectivity Management • Network and Internet Status Mapping drives • Change connection properties • Access a share Remote access • This PC / Map network drive • Remote Assistance • Local drive letter and share name • Home editions • May require additional authentication • One-time remote access • Or use the command line: • Single-use password • net use x: \\sg-server\mission-reports • Chat, diagnostics, NAT traversal Printer shares • Remote Desktop Connection • Similar to sharing a folder • Non-Home editions • But it’s a printer instead • Ongoing access • Windows Explorer • Local authentication options • Add a printer • May require port forwarding 1.8 - Establishing Windows Network Connections Network setup Wireless connections • Control Panel • Network name - SSID (Service Set Identification) • Network and Sharing Center • Security type - Encryption method • Set up a new connection or network • Encryption type - TKIP, AES, Security key • Step-by-step wizard - Confirmation during the process • WPA2-Personal • Many different connections • Pre-shared key, • Direct, VPN, dial-up, etc. • WPA2-Enterprise • VPN concentrators • 802.1X authentication VPN connections Wired connections • Built-in VPN client - Included with Windows • Ethernet cable - Direct connection • Integrate a smart card • Fastest connection is the default • Multi-factor authentication • Ethernet, Wireless, WWAN • Something you know • Alternate configurations - When DHCP isn’t available • Something you have WWAN connections • Something you are • Wireless Wide Area Network • Connect from the network status icon • Built-in mobile technology • Click and provide credentials • Hardware adapter Dialup connections • Antenna connections • Modem connection - Standard phone lines • USB connected or 802.11 wireless • Configuration • Tether, Hotspot • Authentication, Phone number • Requires third-party software • Connect / Disconnect from network status icon • Each provider is different
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 16 http://www.ProfessorMesser.com 1.8 - Configuring Windows Firewall Enabling and disabling Windows Firewall Creating a firewall exception • Your firewall should always be enabled • Allow an app or feature through Windows Firewall • Sometimes you need to troubleshoot • The more secure exception • Temporarily disable from the main screen • Port number • Turn Windows Firewall on or off • Block or allow - Very broad • Requires elevated permissions • Predefined exceptions • Different settings for each network type • List of common exceptions • Public / Private • Custom rule Windows Firewall configuration • Every firewall option • Block all incoming connections • Ignores your exception list • Useful when you need security • Modify notification - App blocking 1.8 - Windows IP Address Configuration How Windows gets an IP address A backup for the DHCP server • DHCP (Dynamic Host Configuration Protocol) • Multiple DHCP servers should be • Automatic IP addressing - This is the default configured for redundancy • APIPA (Automatic Private IP Addressing) • There will always be one available • There’s no static address or DHCP server • If a DHCP server isn’t available, Windows • Communicate locally (link-local address) uses the Alternate Configuration • Assigns 169.254.1.0 to 169.254.254.255 • The default is APIPA addressing • No Internet connectivity • You can also configure a static IP address • Static address • Keep working normally • Assign all IP address parameters manually • You need to know very specific details TCP/IP host addresses • IP Address – Unique identifier • Subnet mask – Identifies the subnet • Gateway – The route off the subnet to the rest of the world • DNS – Domain Name Services • Converts domain names to IP addresses • DHCP – Dynamic Host Configuration Protocol • Automates the IP address configuration • Addresses can be dynamic or static • Loopback address - 127.0.0.1 - It’s always there! 1.8 - Network Adapter Properties Network adapter properties • IPv4 - Type of Service (ToS) field • Link speed and duplex • IPv6 - Traffic Class octet • Auto negotiation doesn’t always negotiate • Manage through Local Computer Policy or Group Policy • Both sides must match • Computer Configuration / Windows Settings / Policy-based QoS • Wake on LAN BIOS settings • Computer sleeps until needed • Enable/disable network adapters • Useful for late-night software updates • On and off - Not much nuance Quality of Service (QoS) • Prioritize network traffic • Applications, VoIP, and Video • Infrastructure must support QoS • Differentiated Services Code Points (DSCP) field in the IP header
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 17 http://www.ProfessorMesser.com 1.9 - Best Practices for macOS Scheduled backups Driver/firmware updates • Time Machine - Included with Mac OS X • Almost invisible in Mac OS X • Hourly backups - The past 24 hours • Designed to be that way • Daily backups - The past month • System Information - Detailed hardware list • Weekly backups - All previous months • View only • Starts deleting oldest information when disk is full • No changes to settings • By design Scheduled disk maintenance • Disk Utility - Disk maintenance Anti-virus/Anti-malware updates • OS X does not include anti-virus • Rarely needed - No ongoing maintenance • Or anti-malware • Verify disk • Many 3rd-party options • Every few months • From the usual companies • Similar to Windows Check Disk • An emerging threat System updates / App store • Still doesn’t approach Windows • Centralized updates - For both OS and apps • It’s all about install base • App Store application - The “Updates” option • Automate your signature updates • Automatic updates - Or manual install • New updates every hour / day • Patch management - Install and view previous updates 1.9 - macOS Tools Time Machine backups Terminal • Automatic and easy to use • Command line access to the operating system • Familiar Finder UI • Manage the OS without a graphical interface • Dates along the right side • OS access • Files in the middle • Run scripts, manage files • Mac OS takes snapshots if the • Configure OS and application settings Time Machine storage isn’t available Screen sharing • You can restore from the snapshot • Integrated into the operating system Image recovery • Can also be viewed with VNC • Build a disk image in Disk Utility (Virtual Network Computing) • Creates an Apple Disk Image (.dmg) file • Available devices appear in the Finder • Mount on any Mac OS X system • Or access by IP address or name • Appears as a normal file system Force Quit • Copy files from the image • Stop an application from executing • Use the restore feature in Disk utility • Some applications are badly written • Restore a disk image to a volume • Command-Option-Esc Disk Utility • List application to quit • Manage disks and images • Hold the option key when right-clicking • Resolve issues the app icon in the dock • File system utilities • Choose Force Quit • Verify and repair file systems • Erase disks • Modify partition details • Manage RAID arrays • Restore a disk image to a volume • Create, convert, and resize images • Manage the image structure
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 18 http://www.ProfessorMesser.com 1.9 - macOS Features Mission Control and Spaces Finder • Quickly view everything that’s running • The central OS file manager • Spread out the desktop into a viewable area • Compare with Windows Explorer • Spaces • File management • Multiple desktops • Launch, delete, rename, etc. • Add Spaces inside of Mission Control • Integrated access to other devices Keychain • File servers, Remote storage, Screen sharing • Password management Remote Disk • Passwords, notes, certificates, etc. • Use an optical drive from another computer • Integrated into the OS - Keychain Access • Becomes more important as time goes on • Passwords and Secure Notes are encrypted with 3DES • Designed for copying files • Login password is the key • Will not work with audio CDs or video DVDs Spotlight • Set up sharing in System Preferences • Find files, apps, images, etc. • Sharing options • Similar to Windows search • Appears in the Finder • Magnifying glass in upper right • Utility available for Windows • Or press Command-Space • Share a Windows CD or DVD drive • Type anything in - See what you find Dock • Define search categories in • Fast access to apps System Preferences / Spotlight • Quickly launch programs • Enable/disable categories • View running applications • Change the order of categories • Dot underneath the icon iCloud • Keep folders in the dock • Integrates Apple technologies - Mac OS, iOS • Easy access to files • Share across systems • Move to different sides of the screen • Calendars, photos, documents, contacts, etc. • Auto-hide or always display • Backup iOS devices Boot Camp • Never lose data again • Dual-boot into Windows on Mac hardware • Store files in an iCloud drive • Not virtualization • Similar to Google Drive, Dropbox • Requires Apple device drivers • Integrated into the operating systems • Running Windows natively on Gestures • Apple’s Intel CPU architecture • You can do more than just point and click • Everything is managed through the Boot Camp Assistant • Extend the capabilities of your trackpad • Builds a Boot Camp partition • Use one, two, three fingers - Swipe, pinch, click • Installs Windows OS and drivers • Customization - Enable/disable
1.9 - Best Practices for Linux Scheduled backups Scheduled disk maintenance • Many options • Very little disk maintenance required • Command line and graphical • Space and resources • May be included with the distribution • Check file system • tar • File systems can’t be mounted • Tape Archive • Done automatically every X number of reboots • Easy to script into • Force after reboot by adding a file to the root • a backup schedule • sudo touch /forcefsck • rsync • Clean up log space • Sync files between storage devices • /var/log • Instant synchronization or scheduled
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 19 http://www.ProfessorMesser.com 1.9 - Best Practices for Linux (continued) System updates Anti-virus/Anti-malware updates • Command line tools • Relatively few viruses and malware for Linux • apt-get, yum • Still important to keep updated • Graphical update managers • ClamAV • Software updater • Open source antivirus engine • Patch management • Same best practice as any other OS • Updates can be scheduled • Always update signature database • Software center • Always provide on-demand scanning • The Linux “App Store” Driver/firmware updates • Many drivers are in the kernel • Updated when the kernel updates • Additional drivers are managed with software updates or at the command line • Update those yourself 1.9 - Linux Tools Backups Terminal • May be built-in to the Linux distribution • Command line access to the operating system • Check with the documentation • Common to manage in Linux • Graphical interface - Backup and restore, Scheduling • OS maintenance - Run scripts, manage files • Command-line options - rsync • Configure OS and application settings • There are many different options • That’s the beauty (and challenge) of Linux Image recovery • Not as many options as Windows • But still some good ones • dd is built-in to Linux - And very powerful • Other 3rd-party utilities can image drives • GNU Parted, Clonezilla Disk maintenance • Linux doesn’t require a lot of maintenance • You probably already know this Screen sharing • Screen access to remote devices • Clean up log space - All logs are stored in /var/log • Manage from your desk • File system check • Many options - Like most of Linux • Done automatically every X number of reboots • Force after reboot by adding a file to the root • May be included with your distribution • sudo touch /forcefsck • UltraVNC, Remmina 1.9 - Basic Linux Commands Linux commands ls • The command line - Terminal, XTerm, or similar • List directory contents • Commands are similar in both Linux and Mac OS • Similar to the dir command in Windows • Mac OS derived from • Lists files, directories BSD (Berkeley Software Distribution) Unix • May support color coding; • This section is specific to Linux • Blue is a directory, • Download a Live CD or install a virtual machine red is an archive file, etc. • Many pre-made Linux distributions are available • For long output, pipe through more: • I’m using Ubuntu in a virtual machine • > ls -l | more • Use the man command for help • (use q or Ctrl-c to exit) • An online manual • > man grep © 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 20 http://www.ProfessorMesser.com 1.9 - Basic Linux Commands (continued) grep chmod • Find text in a file • Change mode of a file system object • Search through many files at a time • r=read, w=write, x=execute • grep PATTERN [FILE] • Can also use octal notation • > grep failed auth.log • Set for the file owner (u), the group(g), cd others(o), or all(a) • Change current directory • chmod mode FILE • Nearly identical to Windows command line • > chmod 744 script.sh • Forward slashes instead of backward • chmod 744 first.txt • cd
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 21 http://www.ProfessorMesser.com 1.9 - Basic Linux Commands (continued) su / sudo dd • Some command require elevated rights • Convert and copy a file • There are some things normal users can’t do • Backup and restore an entire partition • su • > dd if=
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 24 http://www.ProfessorMesser.com 2.2 - Logical Security (continued) VPN concentrator Email filtering • Virtual Private Network • Unsolicited email • Encrypt (private) data traversing a public network • Stop it at the gateway before it reaches the user • Concentrator • On-site or cloud-based • Encryption/decryption access device • Scan and block malicious software • Many deployment options • Executables, known vulnerabilities • Specialized cryptographic hardware • Phishing attempts • Software-based options available • Other unwanted content • Used with client software - Sometimes built into the OS Trust/untrusted software sources Data Loss Prevention (DLP) • Consider the source • Where’s your data? • May not have access to the code • Social Security numbers, credit card numbers, • Even then, may not have the time to audit medical records • Trusted sources • Stop the data before the bad guys get it • Internal applications • Data “leakage” • Well-known publishers • Digitally-signed applications • So many sources, so many destinations • Often requires multiple solutions in different places • Untrusted sources • Applications from third-party sites Access Control Lists (ACLs) • Links from an email • Used to allow or deny traffic • Pop-up/drive-by downloads • Also used for NAT, QoS, etc. Least privilege • Defined on the ingress or egress of an interface • Rights and permissions should be set • Often on a router or switch to the bare minimum • Incoming or outgoing • You only get exactly what’s needed to • ACLs evaluate on certain criteria complete your objective • Source IP, Destination IP, • All user accounts must be limited • TCP port numbers, UDP port numbers, ICMP • Applications should run with minimal privileges • Deny or permit • Don’t allow users to run with administrative privileges • What happens when an ACL matches the traffic? • Limits the scope of malicious behavior • Following the traffic flow 2.3 - Wireless Security Wireless encryption Temporal Key Integrity Protocol • All wireless computers are radio transmitters • Mixed the keys and receivers • Combines the secret root key with the IV • Anyone can listen in • Adds a sequence counter • Solution: Encrypt the data • Prevents replay attacks • Everyone gets the password • Implements a 64-bit Message Integrity Check • Or their own password • Protects against tampering • Only people with the password can transmit and listen • TKIP has it’s own set of vulnerabilities • WPA and WPA2 • Deprecated in the 802.11-2012 standard WPA (Wi-Fi Protected Access) WPA2 and CCMP • 2002: WPA was the replacement for serious • WPA2 certification began in 2004 cryptographic weaknesses in WEP • AES (Advanced Encryption Standard) replaced RC4 • (Wired Equivalent Privacy) • CCMP (Counter Mode with Cipher Block Chaining • Don’t use WEP Message Authentication Code Protocol) replaced TKIP • Needed a short-term bridge between WEP and • CCMP block cipher mode whatever would be the successor • Uses AES for data confidentiality • Run on existing hardware • 128-bit key and a 128-bit block size • WPA: RC4 with TKIP (Temporal Key Integrity Protocol) • Requires additional computing resources • Initialization Vector (IV) is larger and • CCMP security services an encrypted hash • Data confidentiality (AES), authentication, • Every packet gets a unique 128-bit encryption key and access control
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 25 http://www.ProfessorMesser.com 2.3 - Wireless Security (continued) Wireless security modes TACACS • Configure the authentication on your wireless • Terminal Access Controller access point / wireless router • Access-Control System • Open System • Remote authentication protocol • No authentication password is required • Created to control access to dial-up lines to ARPANET • WPA2-Personal / WPA2-PSK • TACACS+ • WPA2 with a pre-shared key • The latest version of TACACS • Everyone uses the same 256-bit key • More authentication requests and response codes • WPA2-Enterprise / WPA2-802.1X • Released as an open standard in 1993 • Authenticates users individually with an Gaining access authentication server (i.e., RADIUS, TACACS+) • Add additional factors RADIUS (Remote Authentication Dial-in User Service) • One of the more common AAA protocols • Supported on a wide variety of platforms and devices • Not just for dial-in • Centralize authentication for users • Routers, switches, firewalls • Server authentication • Remote VPN access • 802.1X network access • RADIUS services available on almost any server operating system 2.4 - Types of Malware Ransomware • Spyware • The bad guys want your money • Malware that spies on you • They’ll take your computer in the meantime • Advertising, identity theft, affiliate fraud • May be a fake ransom • Can trick you into installing • Locks your computer “by the police” • Peer to peer, fake security software • The ransom may be avoided • Browser monitoring • A security professional may be able to • Capture surfing habits remove these kinds of malware • Keyloggers Crypto-malware • Capture every keystroke • New generation of ransomware • Send it back to the mother ship • Your data is unavailable until you provide cash Keyloggers • Malware encrypts your data files • Your keystrokes contain valuable information • Pictures, documents, music, movies, etc. • Web site login URLs, passwords, email messages • Your OS remains available • Save all of your input • They want you running, but not working • Send it to the bad guys • You must pay the bad guys to obtain the decryption key • Circumvents encryption protections • Untraceable payment system • Your keystrokes are in the clear • An unfortunate use of public-key cryptography • Other data logging Trojan horse • Clipboard logging, screen logging, • Used by the Greeks to capture instant messaging, search engine queries • Troy from the Trojans - A digital wooden horse Rootkits • Software that pretends to be something else • Originally a Unix technique • So it can conquer your computer • The “root” in rootkit • Doesn’t really care much about replicating • Modifies core system files - Part of the kernel • Circumvents your existing security • Can be invisible to the operating system • Anti-virus may catch it when it runs • Won’t see it in Task Manager • The better trojans are built to avoid and disable AV • Also invisible to traditional anti-virus utilities • Once it’s inside it has free reign • If you can’t see it, you can’t stop it • And it may open the gates for other programs © 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 26 http://www.ProfessorMesser.com 2.4 - Types of Malware (continued) Virus Worms • Malware that can reproduce itself • Malware that self-replicates • It doesn’t need you to click anything • Doesn’t need you to do anything • It needs you to execute a program • Uses the network as a transmission medium • Reproduces through file systems or the network • Self-propagates and spreads quickly • Just running a program can spread a virus • Worms are pretty bad things • May or may not cause problems • Can take over many systems very quickly • Some viruses are invisible, some are annoying • Firewalls and IDS/IPS can mitigate many worm infestations • Anti-virus is very common • Doesn’t help much once the worm gets inside • Thousands of new viruses every week Botnets • Is your signature file updated? • Robot networks Virus types • Skynet is self-aware • Program viruses • Once your machine is infected, it becomes a bot • It’s part of the application • You may not even know • Boot sector viruses • How does it get on your computer? • Who needs an OS? • Trojan Horse (I just saw a funny video of you! Click here.) • Script viruses or you run a program or click an ad you THOUGHT was • Operating system and browser-based legit, but... • Macro viruses • OS or application vulnerability • Common in Microsoft Office • A day in the life of a bot • Sit around. Check in with the mother ship. Worm infection and transmission Wait for instructions. Vulnerable Infected computer 2 computer 1 searches for is exploited vulnerable system
Backdoor is installed and 3 downloads worm
2.4 - Anti-Malware Tools Anti-virus and anti-malware • Requires additional information • You need both • Use, copy, rename, or replace operating system files • Real-time options and folders • Not just an on-demand scan • Enable or disable service or device startup • Modern anti-malware recognizes malicious activity • Repair the file system boot sector or the master boot • Doesn’t require a specific set of signatures record (MBR) Windows Recovery Environment Starting the console • Very powerful • Windows 7 - System Recovery Options / Command Prompt • Very dangerous • Boot from installation media • Last resort • Or select from F8 Advanced Boot Menu • Complete control • Windows 8/8.1/10 • Fix your problems before the system starts • Troubleshoot / Advanced Options / Command Prompt • Remove malicious software • Boot from installation media © 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 27 http://www.ProfessorMesser.com 2.4 - Anti-Malware Tools (continued) Backup / restore Software firewalls • Always have a backup • Monitor the local computer • This is the best insurance policy ever • Alert on unknown or unauthorized network • Image backup built into Windows communication • In Windows 8/10 it’s called • Prevent malware communication • Backup and Restore (Windows 7) • Downloads after infection • This is the only way to be 100% sure • Botnet communication that malware has been removed • Use Windows Firewall • Seriously. Cleaning isn’t 100%. • At a minimum End user education • Runs by default • One on one • Constantly monitoring • Personal training • Any network connection • Posters and signs Secure DNS services • High visibility • External/Hosted DNS service • Message board posting • Provides additional security services • The real kind • Real-time domain blocking • Login message • Sites containing malware are not resolvable • These become invisible • Block harmful websites • Intranet page • Phishing sites, parked domains • Always available • Secure platforms - Avoid DNS cache poisoning attacks 2.5 - Social Engineering Attacks Effective social engineering Phishing • Constantly changing • Social engineering with a touch of spoofing • You never know what they’ll use next • Often delivered by spam, IM, etc. • May involve multiple people • Very remarkable when well done • And multiple organizations • Don’t be fooled - Check the URL • There are ties connecting many organizations • Usually there’s something not quite right • May be in person or electronic • Spelling, fonts, graphics • Phone calls from aggressive “customers” • Vishing is done over the phone • Emailed funeral notifications of a friend or associate • Fake security checks or bank updates Social engineering principles Spear phishing • Authority • Phishing with inside information • The social engineer is in charge • Makes the attack more believable • I’m calling from the help desk/office of the CEO/police • Spear phishing the CEO is “whaling” • Intimidation • April 2011 - Epsilon • There will be bad things if you don’t help • Less than 3,000 email addresses attacked • If you don’t help me, the payroll checks won’t be • 100% of email operations staff processed • Downloaded anti-virus disabler, keylogger, • Consensus / Social proof and remote admin tool • Convince based on what’s normally expected • April 2011 - Oak Ridge National Laboratory • Your co-worker Jill did this for me last week • Email from the “Human Resources Department” • Scarcity • 530 employees targeted, 57 people clicked, • The situation will not be this way for long 2 were infected • Must make the change before time expires • Data downloaded, servers infected with malware • Urgency Impersonation • Works alongside scarcity • Pretend to be someone you aren’t • Act quickly, don’t think • Use some of those details you got from the dumpster • Familiarity / Liking • You can trust me, I’m with your help desk • Someone you know, we have common friends • Attack the victim as someone higher in rank • Trust • Throw tons of technical details around • Someone who is safe • Be a buddy - How about those Cubs? • I’m from IT, and I’m here to help © 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 28 http://www.ProfessorMesser.com 2.5 - Social Engineering Attacks (continued) Shoulder surfing Dumpster diving • You have access to important information • Mobile garbage bin • Many people want to see • United States brand name “Dumpster” • Curiosity, industrial espionage, competitive advantage • Similar to a rubbish skip • This is surprisingly easy • Important information thrown out with the trash • Airports / Flights • Thanks for bagging your garbage for me! • Hallway-facing monitors • Gather details that can be used for a different attack • Coffee shops • Impersonate names, use phone numbers • Surf from afar • Timing is important • Binoculars / Telescopes • Just after end of month, end of quarter • Easy in the big city • Based on pickup schedule • Webcam monitoring Is it legal to dive in a dumpster? Tailgating • I am not a lawyer. • Use someone else to gain access to a building • In the United States, it’s legal • Not an accident • Unless there’s a local restriction • Johnny Long / No Tech Hacking • If it’s in the trash, it’s open season • Blend in with clothing • Nobody owns it • 3rd-party with a legitimate reason • Dumpsters on private property or • Temporarily take up smoking “No Trespassing” signs may be restricted • I still prefer bringing doughnuts • You can’t break the law to get to the rubbish • Once inside, there’s little to stop you • Questions? Talk to a legal professional. • Most security stops at the border 2.5 - Denial of Service Denial of service Distributed Denial of Service (DDoS) • Force a service to fail - Overload the service • Launch an army of computers to bring down a service • Take advantage of a design failure or vulnerability • Use all the bandwidth or resources - traffic spike • Keep your systems patched! • This is why the bad guys have botnets • Cause a system to be unavailable • Thousands or millions of computers at your command • Competitive advantage • At its peak, Zeus botnet infected over 3.6 million PCs • Create a smokescreen for some other exploit • Coordinated attack • Precursor to a DNS spoofing attack • The attackers are zombies • Doesn’t have to be complicated - Turn off the power • Many people have no idea they are participating in a botnet A “friendly” DoS • Unintentional DoSing Mitigating DDoS attacks • It’s not always a ne’er-do-well • May be able to filter out traffic patterns • Stop the traffic at your firewall • Network DoS - Layer 2 loop without STP • Internet service provider may have anti-DDoS systems • Bandwidth DoS • These can help “turn down” the DDoS volume • Downloading multi-gigabyte Linux distributions over a DSL line • Third-party technologies • CloudFlare, etc. • The water line breaks - Get a good shop vacuum 2.5 - Zero-day Attacks Zero-day attacks • Zero-day • Many applications have vulnerabilities • The vulnerability has not been detected or published • We’ve just not found them yet • Zero-day exploits are increasingly common • Someone is working hard to find • Common Vulnerabilities and Exposures (CVE) the next big vulnerability • http://cve.mitre.org/ • The good guys share these with the developer • Bad guys keep these yet-to-be-discovered holes to themselves • They want to use these vulnerabilities for personal gain
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 29 http://www.ProfessorMesser.com 2.5 - Zero-day Attacks (continued) Zero-day vulnerabilities • June 2017 • March 2017 • CVE-2017-8543 | Windows Search • CVE-2017-0199 - Microsoft Office/WordPad • Remote Code Execution Vulnerability Remote Code • Send a specially crafted SMB message to • Execution Vulnerability w/Windows API the Search service • Open a Microsoft Office or WordPad file • Install programs, view/change/delete data, • SophosLabs documented attacks in the wild create new user accounts since November 2016 2.5 - Man-in-the-Middle Man -in- the-middle Mitigating man-in-the-middle • How can a bad guy watch • Use encrypted protocols without you knowing? • HTTPS, SSH • Man-in-the-middle • Communicate over a secure channel • Redirects your traffic • Client-based VPN • Then passes it on to the destination • Use encrypted wireless networks • You never know your traffic was redirected • Avoid insecure networks • ARP poisoning - ARP has no security • Public WiFi, Hotels 2.5 - Brute Force Attacks The password file Dictionary attacks • Different across operating systems • People use common words as passwords • Different hash methods • You can find them in the dictionary Brute force • If you’re using brute force, you should start with the easy ones • The password is the key • 123456, password, ninja, football • Secret phrase • Many common wordlists available on the ‘net • Stored hash • Some are customized by language or line of work • Brute force attacks - Online • This will catch the low-hanging fruit • Keep trying the login process • You’ll need some smarter attacks for the smarter people • Very slow Rainbow tables • Most accounts will lockout after a • An optimized, pre-built set of hashes number of failed attempts • Doesn’t need to contain every hash • Brute force the hash - Offline • The calculations have already been done • Obtain the list of users and hashes • Remarkable speed increase • Calculate a password hash, • Especially with longer password lengths compare it to a stored hash • Need different tables for different hashing methods • Large computational resource requirement • Windows is different than MySQL • Rainbow tables won’t work with salted hashes • Additional random value added to the original hash 2.5 - Spoofing Spoofing MAC spoofing • Pretend to be something you aren’t • Your Ethernet device has a MAC address • Fake web server, fake DNS server, etc. • A unique burned-in address • Email address spoofing • Most drivers allow you to change this • The sending address of an email isn’t really the sender • Changing the MAC address can be legitimate • Caller ID spoofing • Internet provider expects a certain MAC address • The incoming call information is completely fake • Certain applications require a particular MAC address • Man-in-the-middle attacks • It might not be legitimate • The person in the middle of the conversation • Circumvent MAC-based ACLs pretends to be both endpoints • Fake-out a wireless address filter • Very difficult to detect • How do you know it’s not the original device?
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 30 http://www.ProfessorMesser.com 2.5 - Spoofing (continued) IP address spoofing • May not be legitimate • Take someone else’s IP address • ARP poisoning • Actual device • DNS amplification / DDoS • Pretend to be somewhere you are not • Easier to identify than MAC address spoofing • Can be legitimate • Apply rules to prevent invalid traffic, • Load balancing enable switch security • Load testing
A legitimate response to ARP Response: I am 192.168.1.1 an ARP request is received My MAC address is 11:22:33:44:55:66 from the default gateway.
1 The ARP response is 192.168.1.9 c8:bc:c8:a7:38:d5 192.168.1.1 cached on the local device. 11:22:33:44:55:66 ARP Cache 192.168.1.1 = 11:22:33:44:55:66
An attacker sends an ARP response that spoofs the IP address of the router and ARP Response: I am 192.168.1.1 includes the attacker’s MAC My MAC address is aa:bb:cc:dd:ee:ff address. 192.168.1.9 2 192.168.1.1 c8:bc:c8:a7:38:d5 11:22:33:44:55:66 The malicious ARP information ARP Cache replaces the cached record, 192.168.1.1 = 11:22:33:44:55:66 completing the ARP poisoning. 192.168.1.1 = aa:bb:cc:dd:ee:ff 192.168.1.4 aa:bb:cc:dd:ee:ff 2.5 - Non-compliant Systems Non-compliant systems Protecting against non-compliant systems • A constant challenge • Operating system control • There are always changes and updates • Apply policies that will prevent • Standard operating environments (SOE) non-compliant software • A set of tested and approved systems • Monitor the network for application traffic • Often a standard operating system image • Next-generation firewalls with application visibility • Operating system and application updates • Perform periodic scans • Must have patches to be in compliance • Login systems can scan for non-compliance • OS updates, anti-virus signatures • Require correction before the system is given access • Can be checked and verified before access is given 2.6 - Windows Security Settings Users and groups NTFS vs. Share permissions • Users • NTFS permissions apply from local and network connections • Administrator • Share permissions only apply to connections • The Windows super-user over the network • Guest • A “network share” • Limited access • The most restrictive setting wins • Standard Users • Deny beats allow • Groups • NTFS permissions are inherited from the parent object • Power Users • Unless you move to a different folder • Not much more control than a regular user on the same volume
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 31 http://www.ProfessorMesser.com 2.6 - Windows Security Settings Shared files and folders Run as administrator • Administrative shares • Administrators have special rights and permissions • Hidden shares (i.e., C$) created during installation • Editing system files, installing services • Local shares are created by users • Use rights and permissions of the administrator • System files and folders • You don’t get these by default, even if you’re in the • C$ - \ Administrators group • ADMIN$ - \Windows • Right-click the application • PRINT$ - Printers folder • Run as administrator (Or Ctrl-Shift-Enter) • Computer Management / Shared Folders BitLocker • net share • Encrypt an entire volume Explicit and inherited permissions • Not just a single file • Explicit permissions • Protects all of your data, including the OS • Set default permissions for a share • Lose your laptop? • Inherited permissions • Doesn’t matter without the password • Propagated from the parent object to the child object • Data is always protected • Set a permission once, it applies • Even if the physical drive is moved to everything underneath to another computer • Explicit permissions take precedence • BitLocker To Go - Encrypt removable USB flash drives over inherited permissions EFS • Even inherited deny permissions • Encrypting File System User authentication • Encrypt at the filesystem level • Authentication • On NTFS • Prove you are the valid account holder • OS support • Username / Password • 7 Professional, Enterprise and Ultimate • Perhaps additional credentials • 8 and 8.1 Pro and Enterprise • Single sign-on (SSO) • 10 Pro, Enterprise, and Education • Windows Domain • Uses password and username to encrypt the key • Provide credentials one time • Administrative resets will cause EFS files to be • No additional pop-ups or interruptions inaccessible • Managed through Kerberos 2.7 - Workstation Security Best Practices Password complexity and length Desktop security • Make your password strong • Require a screensaver password • No single words • Integrate with login credentials • No obvious passwords • Can be administratively enforced • What’s the name of your dog? • Automatically lock after a timeout • Mix upper and lower case • Disable autorun • Use special characters • autorun.inf in Vista • Don’t replace a o with a 0, t with a 7 • No Autorun in Windows 7, 8/8.1, or 10 • A strong password is at least 8 characters • Disabled through the registry • Consider a phrase or set of words • Consider changing AutoPlay • Set password expiration, require change • Get the latest security patches • System remembers password history, • Updates to autorun.inf and AutoPlay requires unique passwords Password best practices Password expiration and recovery • Changing default usernames/passwords • All passwords should expire • All devices have defaults • Change every 30 days, 60 days, 90 days • There are many web sites that document these • Critical systems might change more frequently • BIOS/UEFI passwords • Every 15 days or every week • Supervisor/Administrator password: Prevent BIOS changes • The recovery process should not be trivial! • User password: Prevent booting • Some organizations have a very formal process • Requiring passwords - Always require passwords • No blank passwords or automated logins
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 32 http://www.ProfessorMesser.com 2.7 - Workstation Security Best Practices (continued) Restricting user permissions Active Directory • User permissions • Windows networks can be centrally managed • Everyone isn’t an Administrator • Active Directory Domain Services (AD DS) • Assign proper rights and permissions • Create and delete accounts • This may be an involved audit • Add users to the domain • Assign rights based on groups • Remove user accounts • More difficult to manage per-user rights • Reset passwords and unlock accounts • Becomes more useful as you grow • I forgot it. Again. • Login time restrictions • Disable accounts • Only login during working hours • Off-boarding or security processes • Restrict after-hours activities Data encryption Disabling unnecessary accounts • Full-disk encryption • All operating systems include other accounts • Encrypt the entire drive • guest, root, mail, etc. • Filesystem encryption • Not all accounts are necessary • Individual files and folders • Disable/remove the unnecessary • Removable media • Disable the guest account • Protect those USB flash drives • Disable interactive logins • Key backups are critical • Not all accounts need to login • You always need to have a copy • Change the default usernames • This may be integrated into Active Directory • User:admin Password:admin • You’ll want to keep the key handy • Helps with brute-force attacks Patch and update management Account lockout and disablement • Keep OS and applications updated • Too many bad passwords will cause a lockout • Security and stability improvements • This should be normal for most users • Built-in to the operating system • This can cause big issues for service accounts • Updates are deployed as available • You might want this • Deployment may be managed internally • Disable user accounts • Many applications include their own updater • Part of the normal change process • Check for updates when starting • You don’t want to delete accounts • Always stay up to date • At least not initially • Security vulnerabilities are exploited quickly 2.8 - Securing Mobile Devices Screen locks Remote backup • Restrict access to the device • Difficult to backup something that’s always moving • You’re going to leave it somewhere • Backup to the cloud • Fingerprint - Built-in fingerprint reader • Constant backup - No manual process • Face Unlock - Face recognition • Backup without wires - Use the existing network • Swipe - Choose a pattern • Restore with one click • Passcode - Choose a PIN or add complexity • Restores everything • Failed attempts • Authenticate and wait • iOS: Erase everything after 10 failed attempts Anti-virus and Anti-malware • Android: Lock the device and require a Google login • Apple iOS Locator applications and remote wipe • Closed environment, tightly regulated • Built-in GPS • Malware has to find a vulnerability • And location “helpers” • Android • Find your phone on a map • More open, apps can be installed from anywhere • Easier for malware to find its way in • Control from afar • Make a sound • Windows Phone • Display a message • Closed environment • Wipe everything • Apps run in a “sandbox” • At least your data is safe • You control what data an app can view © 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 33 http://www.ProfessorMesser.com 2.8 - Securing Mobile Devices (continued) Patching/OS updates Trusted vs. untrusted sources • All devices need updates - Even mobile devices • Once malware is on a phone, it has a huge amount of access • Device patches - Security updates • Don’t install APK files from an untrusted source • Operating system updates - New features, bug fixes • iOS • Don’t get behind! - Avoid security problems • All apps are curated by Apple Biometric authentication • Android • Multi-factor authentication • Apps can be downloaded from • More than one factor • Google Play or sideloaded • Passcode, password, swipe pattern • This is where problems can occur • Fingerprint, face, iris Firewalls • A phone is always with you • Mobile phones don’t include a firewall • And you’re a good source of data • Most activity is outbound, not inbound • We’re just figuring this out • Some mobile firewall apps are available • Biometrics have a long way to go • Most for Android • Use as many factors as necessary • None seem to be widely used Authenticator apps • Enterprise environments can control mobile apps • Pseudo-random token generators • Firewalls can allow or disallow access • A useful authentication factor Policies and procedures • Carry around physical token devices • Manage company-owned and user-owned mobile devices • Where are my keys again? • BYOD - Bring Your Own Device • You’re carrying your phone around • Centralized management of the mobile devices • And it’s pretty powerful • Specialized functionality Full device encryption • Set policies on apps, data, camera, etc. • Encrypt all device data • Control the remote device • Phone keeps the key • The entire device or a “partition” • iOS 8 and later • Manage access control • Personal data is encrypted with your passcode • Force screen locks and PINs on these single user devices • Android - Full device encryption can be turned on 2.9 - Data Destruction and Disposal Physical destruction Disk formatting • Shredder • Low-level formatting • Heavy machinery • Provided at the factory - Not possible by the user • Complete destruction • Standard formatting / Quick format • Drill / Hammer • Sets up the file system, installs a boot sector • Quick and easy • Clears the master file table but not the data • Platters, all the way through • Can be recovered with the right software • Electromagnetic (degaussing) • Standard formatting / Regular format • Remove the magnetic field • Overwrites every sector with zeros • Destroys the drive data and the electronics • Windows Vista and later • Incineration • Can’t recover the data • Fire hot. Hard drive security Certificate of destruction • 2009 UK university study of 300 hard drives • Destruction is often done by a 3rd party from eBay and computer fairs • How many drills and degaussers do you have? • 34% had personal data, corporate information, • Need confirmation that your data is destroyed sensitive information • Service should include a certificate • Launch procedures for a ground-to-air missile system • A paper trail of broken data • File level overwriting - Sdelete – Windows Sysinternals • You know exactly what happened • Whole drive wipe secure data removal • DBAN - Darik’s Boot and Nuke • Physical drive destruction • One-off or industrial removal and destroy
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 34 http://www.ProfessorMesser.com 2.10 - Securing a SOHO Network SSID management Default usernames and passwords • Service Set Identifier • All access points have default • Name of the wireless network usernames and passwords • LINKSYS, DEFAULT, NETGEAR • Change yours! • Change the SSID to something not-so obvious • The right credentials provide full control • Disable SSID broadcasting? • Administrator access • SSID is easily determined through • Very easy to find the defaults for your WAP or router wireless network analysis • http://www.routerpasswords.com • Security through obscurity MAC address filtering Wireless encryption • Media Access Control • All wireless computers are radio • The “hardware” address transmitters and receivers • Limit access through the physical hardware address • Anyone can listen in • Keeps the neighbors out • Solution: Encrypt the data • Additional administration with visitors • Everyone gets the password • Easy to find working MAC addresses • Only people with the password can through wireless LAN analysis transmit and listen • MAC addresses can be spoofed • WPA2 encryption • Free open-source software Power level controls • Security through obscurity • Usually a wireless configuration IP addressing • Set it as low as you can • DHCP (automatic) IP addressing vs. • How low is low? manual IP addressing • This might require some additional study • IP addresses are easy to see in an • Consider the receiver unencrypted network • High-gain antennas can hear a lot • If the encryption is broken, the IP addresses • Location, location, location will be obvious Using WPS • Configuring a static IP address is not a • Wi-Fi Protected Setup security technique • Originally called Wi-Fi Simple Config • Security through obscurity • Allows “easy” setup of a mobile device SOHO firewalls • A passphrase can be complicated to a novice • Small office / home office appliances • Different ways to connect • Generally has reduced throughput requirements • PIN configured on access point must be • Usually includes multiple functions entered on the mobile device • Wireless access point, router, firewall, content filter • Push a button on the access point • May not provide advanced capabilities • Near-field communication - Bring the • Dynamic routing mobile device close to the access point • Remote support • USB method - no longer used • Install the latest software The WPS hack • Update and upgrade the firmware • December 2011 - WPS has a design flaw • Firewalls, routers, switches, etc. • It was built wrong from the beginning Firewall settings • PIN is an eight-digit number • Inbound traffic • Really seven digits and a checksum • Extensive filtering and firewall rules • Seven digits, 10,000,000 possible combinations • Allow only required traffic • The WPS process validates each half of the PIN • Configure port forwarding to map TCP/UDP ports • First half, 4 digits. Second half, 3 digits. to a device • First half, 10,000 possibilities. • Consider building a DMZ • Second half, 1,000 possibilities • Outbound traffic • It takes about four hours to go through all of them • Blacklist - Allow all, stop only unwanted traffic • Most devices now include a lockout function • Whitelist - Block all, only allow certain traffic types
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 35 http://www.ProfessorMesser.com 2.10 - Securing a SOHO Network (continued) Disabling ports Physical security • Enabled physical ports • Physical access • Conference rooms, break rooms • A relatively easy hack • Administratively disable unused ports • Highly secure data centers • More to maintain, but more secure • Door access • Network Access Control (NAC) • Lock and key • 802.1X controls • Electronic keyless • You can’t communicate unless you are authenticated • Biometric Content filtering • Eyeballs and fingers • Control traffic based on data within the content • The process • Data in the packets • Documented • Corporate control of outbound and inbound data • Well established • Sensitive materials • Control of inappropriate content • Not safe for work, parental controls • Protection against evil • Anti-virus, anti-malware 3.1 - Troubleshooting Windows Slow system performance Startup Repair • Task Manager • Missing NTLDR • Check for high CPU utilization and I/O • The main Windows boot loader is missing • Windows Update • Run Startup Repair or replace manually and reboot • Latest patches and drivers • Missing operating system • Disk space • Boot Configuration Data (BCD) may be incorrect • Check for available space and defrag • Run Startup Repair or manually configure BCD store • Laptops may be using power-saving mode • Boots to Safe Mode • Throttles the CPU • Windows is not starting normally • Anti-virus and anti-malware • Run Startup Repair • Scan for bad guys Application crashes Limited connectivity • Application stops working • Limited or no connectivity: The connection has limited • May provide an error message or no connectivity. You might be unable to access the • May just disappear Internet or some network resources. The connection is • Check the Event Log limited • Often includes useful reconnaissance • Local issues • Check the Reliability Monitor • Wireless signal, disconnected cable • A history of application problems • Check IP address configuration • Checks for resolutions • Reboot • Reinstall the application • External issues • Contact application support • Wireless router rebooted/turned off Bluescreens and spontaneous shutdowns • Ping your default gateway and external IP • Startup and shutdown BSOD Boot errors • Bad hardware, bad drivers, bad application • Can’t find operating system • Use Last Known Good, System Restore, • OS missing or Rollback Driver • Boot loader replaced or changed • Try Safe mode • Multiple OSes installed • Reseat or remove the hardware • Check boot drives • If possible • Remove any media • Startup Repair • Run hardware diagnostics • Modify the Windows Boot Configuration Database (BCD) • Provided by the manufacturer • Formerly boot.ini • BIOS may have hardware diagnostics • Recovery Console: bootrec /rebuildbcd © 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 36 http://www.ProfessorMesser.com 3.1 - Troubleshooting Windows (continued) Black screen Slow boot • No login dialog, no desktop • Boot process hangs or takes longer than normal • Driver corruption, OS file corruption • No activity, no drive lights • Start in VGA mode • Manage the startup apps • F8 for startup options • Control what loads during the boot process • Run SFC - System File Checker • Task Manager • Run from recovery console • Startup tab • Update driver in Safe Mode • Startup impact, Right-click / Disable • Download from known good source • Disable everything • Repair/Refresh or recover from backup • Load them back one at a time Testing the printer • Print or scan a test page • Built into Windows • Not the application • Use diagnostic tools • Web-based utilities • Built into the printer • Vendor specific • Download from the web site • Generic Slow profile load • Available in LiveCD form • Roaming user profile Starting the system • Your desktop follows you to any computer • Device not starting • Changes are synchronized • Check Device Manager and Event Viewer • Network latency to the domain controller • Often a bad driver • Slows login script transfers • Remove or replace driver • Slow to apply computer and user policies • “One or more services failed to start” • May require many hundreds (or thousands) of LDAP queries • Bad/incorrect driver, bad hardware • Client workstation picks a remote domain controller • Try starting manually instead of local DC • Check account permissions • Problems with local infrastructure • Confirm service dependencies • Windows service; check system files 3.1 - Troubleshooting Solutions Defragmentation Kill tasks • Moves file fragments so they are contiguous • Instead of rebooting, find the problem • Sharing a common border • And kill it • Improves read and write time • Task Manager - Processes tab • Only applicable to spinning hard drives • Sort by resource - CPU, memory, disk, network • Graphical version in the drive properties • Right-click to end task • Command line: defrag • Trial and error • Weekly schedule with Control Panel / Restart services Administrative Tools / Task Scheduler • Services Reboot • Applications that run in the background • Have you tried turning it off and on again? • No user interaction • There’s a reason it works • Similar issues as a normal process • Bug in your router software • Resource utilization • Reboot the router • Memory leaks • Application is using too many resources • Crashes • Stops the app • View status in Task Manager • Memory leak slowly consumes all available RAM • Services tab • Clears the RAM and starts again • Right-click to start, stop, or restart © 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 37 http://www.ProfessorMesser.com 3.1 - Troubleshooting Solutions (continued) Update network settings • The BIOS determines which physical device will be used • One configuration mismatch can cause significant during boot network slowdowns • And in which order • Speed • Each BIOS is a bit different • Duplex • The configuration is in there somewhere • Most auto negotiations work fine • It’s an easy one to miss • Until they don’t • Usually the first thing to check • Driver may not show the negotiated value Disable startup services / apps • Filter through the Event Viewer • It’s difficult to tell what application might be a problem • Device should match the switch child • Both sides should be identical • Much of the underlying OS operations are hidden from Reimage or reload OS view • Windows is big • Trial and error • And complex • Disable all startup apps and services • Spend time trying to find the needle • Or disable one at a time • Or simply build a new haystack • This might take quite a few restarts • Many organizations have prebuilt images • Manage startup processes • Don’t waste time researching issues • Task Manager, Control Panel / • Windows includes a reset option Administrative Tools / Services • Settings / Update & Security / Recovery Safe Mode - Windows 7 and 8/8.1 Roll back • Press F8 on boot • Restore points • Advanced Boot Options • Rewind to an earlier point in time • Safe Mode • Time travel without erasing your work • Only the necessary drivers to get started • Application updates • Safe Mode with Networking • Restore point created automatically during application • Includes drivers for network connectivity installations • Safe Mode with Command Prompt • Device Drivers • No Windows Explorer – quick and dirty • These can break Windows • Enable low-resolution (VGA Mode) • Roll back from the • Recover from bad video driver installations • Windows start menu (F8) Safe Mode - Windows 10 Update and patch • F8 probably won’t work • Windows Update • Windows Fast Startup prevents a complete shutdown • Centralized OS and driver updates • From the Windows desktop • Lots of flexibility • Hold down shift when clicking Restart • Change active hours • Settings / Update & Security / Recovery / • Manage metered connections Advanced startup / Restart now • Applications must be patched • System Configuration (msconfig) • Security issues don’t stop at the OS Rebuild Windows profiles • Download from the publisher • Profiles can become corrupted Repair application • The User Profile Service failed the logon. • Application issues User Profile cannot be loaded. • Problems with the application files or configurations • If a profile doesn’t exist, it’s recreated • Each application has its own repair process • We’re going to delete the profile and force the • Fix missing files rebuilding process • Replace corrupted files • It’s not as easy as copying a file • Fix application shortcuts • Backups, registry modifications • Repair registry entries • Login with domain admin • Update or reconfigure drivers • Rename the \Users\name folder Update boot order • Export the user’s registry • Try to boot from a USB drive • Delete the registry entry • Doesn’t even try • Restart the computer © 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 38 http://www.ProfessorMesser.com 3.1 - Troubleshooting Solutions (continued) Deleting Windows profiles Reconstructing Windows profiles • Login to the computer with Domain Administrator rights • Login to the computer with the user account • Rename the \Users\name folder • The profile will be rebuilt • This will save important files • This will recreate the \Users\name folder • Backup the user’s registry • Login as Domain Administrator • HKLM\SOFTWARE\Microsoft\Windows NT\ • Copy over any important files from the old profile CurrentVersion\ProfileList • Do not copy the entire profile • Right-click / Export • Corrupted files might exist in the old profile • Delete the registry entry - You have a backup • Restart the computer 3.2 - Troubleshooting Security Issues Pop-ups Malware OS symptoms • Pop-ups in your browser • Renamed system files • May look like a legitimate application • Won’t need that anymore • May be a malware infection • Files disappearing • Update your browser • Or encrypted • Use the latest version and check pop-up block feature • File permission changes • Scan for malware • Protections are modified • Consider a cleaning • Access denied • Rebuild from scratch or known good backup to • Malware locks itself away guarantee removal • It doesn’t leave easily Browser redirection • Use a malware cleaner or restore from • Instead of your Google result, known good backup your browser goes somewhere else • Some malware is exceptionally difficult to remove • This shouldn’t ever happen System lock up • Malware is the most common cause • Completely stops • Makes money for the bad guys • Check Caps Lock and Num Lock status lights • Use an anti-malware/anti-virus cleaner • May still be able to terminate bad apps • This is not the best option • Windows and Linux Task Manager • Restore from a good known backup (Ctrl-Alt-Del / Task Manager) • The only way to guarantee removal • Mac OS X Force Quit (Command-Option-Esc) Browser security alerts • Check logs when restarting • Security alerts and invalid certificates • May have some clues about what’s happening • Something isn’t quite right - Should raise your interest • May be a security issue • Look at the certificate details • Perform a virus/malware scan • Click the lock icon • Perform a hardware diagnostic • May be expired or the wrong domain name • System issues can be a factor • The certificate may not be properly signed Application crashes (untrusted certificate authority) • Application stops working Malware network symptoms • May provide an error message • Slow performance, lock-up • May just disappear • Malware isn’t the best written code • Check the Event Log • Internet connectivity issues • Often includes useful reconnaissance • Malware likes to control everything • You go where it wants you to go • Check the Reliability Monitor • You can’t protect yourself if you can’t download • A history of application problems • OS updates failures • Checks for resolutions • Malware keeps you vulnerable • Reinstall the application • Some malware uses multiple communication paths • Contact application support • Reload or clean • Malware cleaner or recover from known good backup
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 39 http://www.ProfessorMesser.com 3.2 - Troubleshooting Security Issues (continued) Virus alerts and hoaxes System / application log errors • Rogue antivirus • Many errors go undetected • May include recognizable logos and language • The details are in the log • May require money to “unlock” your PC • It may take some work to find them • Or to “subscribe” to their service • Filter and research • Often requires a specific anti-malware • Find security issues removal utility or technique • Improper logins Email security • Unexpected application use • Spam - Unsolicited email messages, advertisements, • Failed login attempts phishing attacks, spread viruses • Spam filters can be helpful • Hijacked email • Infected computers can become email spammers • You receive odd replies from other users • You receive bounce messages from unknown email addresses 3.3 - Removing Malware 1. Identify malware symptoms 4b. Remediate: Scan and remove • Odd error messages • Microsoft, Symantec, McAfee • Application failures, security alerts • The big anti-virus apps • System performance issues • Malwarebytes Anti-Malware - Malware-specific • Slow boot, slow applications • Stand-alone removal apps • Research the malware • Check with your anti-virus company • Know what you’re dealing with • There’s really no way to know if it’s really gone 2. Quarantine infected systems • Delete and rebuild • Disconnect from the network 4b. Remediate: Scan and remove • Keep it contained • Safe mode • Isolate all removable media • Load the bare minimum operating system • Everything should be contained • Just enough to get the OS running • Prevent the spread • Can also prevent the bad stuff from running • Don’t transfer files, don’t try to backup • Pre-installation environment (WinPE) • That ship sailed • Recovery Console, bootable CD/DVDs/USBs 3. Disable System Restore • Build your own from the Windows • Restore points make it easy to rewind • Assessment and Deployment Kit (ADK) • Malware infects restore points • May require the repair of boot records and sectors • Disable System Protection 5. Schedule scans and run updates • No reason to save an infected config • Built into the antivirus software • Delete all restore points • Automated signature updates and scans • Remove all infection locations • Task scheduler 4a. Remediate: Update anti-virus • Run any task • Signature and engine updates • Operating system updates • The engine • Make sure its enabled and working • The guts of the machine 6. Enable System Protection • Signature updates • Now you’re clean - Put things as they were • A very, very tiny shelf life • Create a restore point - Start populating again • Automatic vs. manual 7. Educate the end user • Manual updates are almost pointless • One on one - Personal training • Your malware may prevent the update process • Posters and signs - High visibility • Copy from another computer • Message board posting - The real kind • Login message - These become invisible • Intranet page - Always available
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 40 http://www.ProfessorMesser.com 3.4 - Troubleshooting Mobile Apps Dim display Short battery life • Difficult to see the details, even in low light • Bad reception - Always searching for signal • Check the brightness setting • Disable unnecessary features • iOS: Settings / Display and brightness • 802.11 wireless, Bluetooth, GPS • Android: Settings / Display / Brightness level • Check application battery usage • Replace the bad display - backlight issue • iPhone: Settings/General/Usage Wireless connectivity • Android: Settings/Battery • Intermittent connectivity • Aging battery - There’s only so many recharges • Move closer to access point Overheating • Try a different access point • Phone will automatically shut down to avoid damage • No wireless connectivity • Charging/discharging the battery, CPU usage, display light • Check/Enable WiFi, check security key configuration • Check app usage - Some apps can use a lot of CPU • Hard reset can restart wireless subsystem • Avoid direct sunlight - Quickly overheats • No Bluetooth connectivity Frozen system • Check/Enable Bluetooth • Nothing works - No screen or button response • Check/Pair Bluetooth component • Hard reset to restart Bluetooth subsystem • Soft reset - Hold power down and turn off Cannot broadcast to monitor • Hard reset • Broadcast to a TV • iOS: Hold power and home button for 10 seconds • Apple TV, Xbox, Playstation, Chromecast, etc. • Android: Combinations of power, home, and volume • Check app requirements • Ongoing problems may require a factory reset • Every broadcast device is different No sound from speakers • All devices must be on the same wireless network • No sound from a particular app • Can’t mix your private and guest network • Check volume settings - Both app and phone settings • Bad software / delete and reload • Signal strength is important • Try headphones • Between phone and television • Between television and the Internet • Sound starts but then stops • Dueling apps / keep app in foreground Non-responsive touchscreen • Touchscreen completely black or • No speaker sound from any app (no alarm, no music, no touchscreen not responding to input audio) • Load latest software • Apple iOS restart • Factory reset • Hold power button, slide to power off, press power button Inaccurate touch screen response • Hold down power button and Home button • Screen responds incorrectly or is unresponsive for 10 seconds • Close apps - Low memory can cause resource contention • Android device restart • Perform a soft reset, unless a hard reset is required • Remove battery, put back in, power on • May require a hardware fix • Hold down power and volume down until restart • Replace the digitizer / reseat cables • Some phones have different key combinations System lockout App issues • Too many incorrect unlock attempts • Apps not loading, slow app performance • iOS: Erases the phone after 10 failed attempts • Restart the phone - Hold power button, power off • Android: Locks or wipes the phone after failed attempts • Stop the app and restart App log errors • iPhone: Double-tap home button, slide app up • Most log information is hidden • Android: Settings/Apps, select app, Force stop • You’ll need developer tools to view it • Update the app - Get the latest version • A wealth of information Unable to decrypt email • If you can decipher it • Built-in to corporate email systems - Outlook • This might take a bit of research • Each user has a private key • Viewing logs • You can’t decrypt without the key • iOS - Xcode • Install individual private keys on every mobile device • Android - Logcat • Use a Mobile Device Manager (MDM) © 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 41 http://www.ProfessorMesser.com 3.5 - Troubleshooting Mobile Device Security Signal drop / weak signal Leaked information • Drops and weak signals prevent traffic flows • Unauthorized account access • Make sure you’re connecting to a trusted WiFi network • Unauthorized root access • Use a VPN if you’re not • Leaked personal files and data • Never trust a public WiFi Hotspot • Determine cause of data breach • Tether with your own device • Perform an app scan, run anti-malware scan • Run a speed test • Factory reset and clean install • Cell tower analyzer and test • This is obviously a huge issue Power drain • Check online data sources • Power drains faster than normal • Apple iTunes/iCloud/Apple Configurator, • Heavy application use Google Sync, Microsoft OneDrive • Increased network activity Unauthorized location tracking • High resource utilization • Real-time tracking information and • Check application before install historical tracking details • Use an App scanner • This should be as protected as your other data • Force stop running apps • Run an anti-malware scan • Run anti-malware • Malicious apps can capture many data points • Check for malicious activity • Check apps with an offline app scanner • Perform a clean install • Get some insight into what’s running • Factory reset, reinstall apps • Perform a factory reset Slow data speeds • Restore from a known-good backup • Unusual network activity • Unintended WiFi connections • Data transmission over limit • Check your network connection • Run a WiFi analyzer • Are you on a trusted WiFi network? • Check network speed • Run speed check / cell tower analyzer • Examine running apps for unusual activity • Large file transfers, constant activity Unintended Bluetooth pairing Unauthorized camera / microphone use • Connect with a device that isn’t yours • Third-party app captures intimate information • This isn’t a good idea • Ethical and legal issues • Remove the Bluetooth device • Run an anti-malware scan • You would have to re-pair to access again • Try to identify the source of the breach • Disable Bluetooth radio • Confirm that loaded apps are legitimate • No Bluetooth communication at all • Check with a third-party scanner • Run an anti-malware scan • Factory refresh • Make sure there are no malicious apps • Completely reset and start from the beginning 4.1 - Documentation Best Practices Internal operating procedures Knowledge base and articles • Organizations have different business objectives • External sources • Processes and procedures • Manufacturer knowledge base • Operational procedures • Internet communities • Downtime notifications • Internal documentation • Facilities issues • Institutional knowledge • Software upgrades • Usually part of help desk software • Testing, change control • Find the solution quickly • Documentation is the key • Searchable archive • Everyone can review and understand the policies • Automatic searches with helpdesk ticket keywords
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 42 http://www.ProfessorMesser.com 4.1 - Documentation Best Practices (continued) Network topology diagrams Acceptable use policies (AUP) • Describes the network layout • What is acceptable use of company assets? • May be a logical diagram • Detailed documentation • Can include physical rack locations • May be documented in the Rules of Behavior Incident response: Documentation • Covers many topics • Security policy • Internet use, telephones, computers, • An ongoing challenge mobile devices, etc. • Documentation must be available • Used by an organization to limit legal liability • No questions • If someone is dismissed, these are • Documentation always changes the well-documented reasons why • Constant updating Password policy • Have a process in place • Passwords should be complex, and • Use the wiki model all passwords should expire Compliance • Change every 30 days, 60 days, 90 days • Meeting the standards of laws, policies, and regulations • Critical systems might change more frequently • A healthy catalog of rules • Every 15 days or every week • Across many aspects of business and life • The recovery process should not be trivial! • Many are industry-specific or situational • Some organizations have a very formal process • Penalties Account lockout and disablement • Fines • Too many bad passwords will cause a lockout • Loss of employment • This should be normal for most users • Incarceration • This can cause big issues for service accounts • Scope • You might want this • Domestic and international requirements • Disable accounts Regulatory • Part of the normal change process • Sarbanes-Oxley Act (SOX) • You don’t want to delete accounts • The Public Company Accounting Reform and • At least not initially Investor Protection Act of 2002 Inventory management • The Health Insurance Portability and • A record of every asset Accountability Act (HIPAA) • Routers, switches, cables, fiber modules, etc. • Extensive healthcare standards for storage, use, and • Financial records, audits, depreciation transmission of health care information • Make/model, configuration, purchase date, etc. • The Gramm-Leach-Bliley Act of 1999 (GLBA) • Tag the asset • Disclosure of privacy information from • Barcode, RFID, visible tracking number financial institutions 4.2 - Change Management Change management • A single change can be far reaching • Change control • Multiple applications, Internet connectivity, • A formal process for managing change remote site access, external customer access • Avoid downtime, confusion, and mistakes • How long will this take? • Nothing changes without the process • No impact, or hours of downtime • Determine the scope of the change Risk analysis • Analyze the risk associated with the change • Determine a risk value • Create a plan • i.e., high, medium, low • Get end-user approval • The risks can be minor or far-reaching • Present the proposal to the change control board • The “fix” doesn’t actually fix anything • Have a backout plan if the change doesn’t work • The fix breaks something else • Document the changes • Operating system failures Scope the change • Data corruption • Determine the effect of the change • What’s the risk with NOT making the change? • May be limited to a single server • Security vulnerability, application unavailability, or • Or an entire site unexpected downtime to other services © 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 43 http://www.ProfessorMesser.com 4.2 - Change Management (continued) Plan for change Backout plan • What’s it take to make the change? • The change will work perfectly and • Detailed information nothing will ever go bad • Describe a technical process to other technical people • Of course it will • Others can help identify unforeseen risk • You should always have a way to revert your changes • A complete picture • Prepare for the worst, hope for the best • Scheduling • This isn’t as easy as it sounds • Time of day, day of week • Some changes are difficult to revert • Include completion timeframes • Always have backups End-user acceptance • Always have backups • Nothing happens without a sign-off Document changes • The end users of the application / network • Something changed • One of your jobs is to make them successful • Everyone needs to know • They ultimately decide if a change is worth it to them • Help desk documentation • Ideally, this is a formality • Version numbers, network diagram, new server names • Of course, they have been involved • Track changes over time throughout this entire process • Cross-reference against help desk tickets • There’s constant communication before and after • Track before and after statistics Change board and approvals • Better or worse? • Go or no go • Lots of discussion • All important parts of the organization are represented • Potential changes can affect the entire company • Some changes have priority • The change board makes the schedule • Some changes happen quickly, some take time • This is the last step • The actual work comes next 4.3 - Disaster Recovery Backup strategies Backup testing • Image level • It’s not enough to perform the backup • Bare metal backup using images • You have to be able to restore • Operating system volume snapshots • Disaster recovery testing or hypervisor snapshots • Simulate a disaster situation • Recover the entire system at once • Restore from backup • Make an exact copy somewhere else • Confirm the restoration • File level • Test the restored application and data • Copy individual files to a backup • Perform periodic audits • May not necessarily store all system files • Always have a good backup • May need to rebuild the OS and then UPS perform a file restore • Uninterruptible Power Supply Critical application backups • Short-term backup power • Application software • Blackouts, brownouts, surges • Often distributed across multiple servers • UPS types • Application data • Offline/Standby UPS • Databases, other data storage • Line-interactive UPS • Location of data • On-line/Double-conversion UPS • Local and cloud-based • Features • All of these are needed when restoring • Auto shutdown, battery capacity, outlets, • They all work together phone line suppression
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 44 http://www.ProfessorMesser.com 4.3 - Disaster Recovery (continued) Surge suppressor • Disadvantages over local backups • Not all power is “clean” • Data is not under your direct control • Self-inflicted power spikes and noise • Strong encryption mechanisms are critical • Storms, power grid changes Account recovery options • Spikes are diverted to ground • Apps won’t work if users can’t login • Noise filters remove line noise • Your Windows Domain will most likely be • Decibel (Db) levels at a specified frequency the foundation of your recovery efforts • Higher Db is better • Consider other authentication requirements Cloud storage • Multi-factor authentication validation • Data is available anywhere, anytime, on any device • Additional authentication databases • If you have a network, you have your data • RADIUS, TACACS • Advantages over local backups • Another good reason for centralized administration • No tape drives to manage • No local accounts • No offsite storage processing 4.4 - Safety Procedures WARNING Personal safety • Power is dangerous • Remove jewelry • Remove all power sources before working • And name badge neck straps • Don’t touch ANYTHING if you aren’t sure • Or use breakaway straps • Replace entire power supply units • Lifting technique • Don’t repair internal components • Lift with your legs, keep your back straight • Don’t carry overweight items • High voltage - Power supplies, displays, laser printers • You can get equipment to lift Equipment grounding • Electrical fire safety • Most computer products connect to ground • Don’t use water or foam • Divert any electrical faults away from people • Use carbon dioxide, FM-200, or other dry chemicals • Also applies to equipment racks • Remove the power source • Large ground wire • Cable management • Don’t remove the ground connection • Avoid trip hazards • It’s there to protect you • Use cable ties or velcro • Never connect yourself to an electrical ground • Safety goggles • This is not a way to prevent ESD • Useful when working with chemicals Handling toxic waste • Printer repair, toner, batteries • Batteries • Air filter mask • Uninterruptible Power Supplies • Dusty computers • Dispose at your local hazardous waste facility • Printer toner • CRTs Local government regulations • Cathode ray tubes - there’s a few of those left • Health and safety laws • Glass contains lead • Vary widely depending on your location • Dispose at your local hazardous waste facility • Keep the workplace hazard-free • Toner • Building codes • Recycle and reuse • Fire prevention, electrical codes • Many printer manufacturers provide a return box • Environmental regulation • Some office supply companies will provide • High-tech waste disposal a discount for each cartridge Mobile device disposal • Wipe your data, if possible • This isn’t always an option • Manufacturer or phone service provider may have a recycling program or an upgrade program • Dispose at a local hazardous waste facility • Do not throw in the trash © 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 45 http://www.ProfessorMesser.com 4.4 - Managing Electrostatic Discharge What is electrostatic discharge? Preventing static discharge • Static electricity • Anti-static strap • Electricity that doesn’t move • Connect your wrist to a metal part of the computer • Static electricity isn’t harmful to computers • Anti-static pad • It’s the discharge that gets them • A workspace for the computer • ESD can be very damaging to computer components • Anti-static mat • Silicon is very sensitive to high voltages • A grounded mat for standing or sitting • Feel static discharge: ~3,500 volts • Anti-static bag • Damage an electronic component: 100 volts or less • Safely move or ship components Controlling ESD • Humidity over 60% helps control ESD Anti-static strap • Won’t prevent all possible ESD • Keeping an air conditioned room at 60% humidity isn’t very practical • Use your hand to self-ground • Touch the exposed metal chassis before touching a component • You’ll want to unplug the power connection • Always a good idea. Really. • Do not connect yourself to an electrical ground! • Try not to touch components directly • Card edges only 4.5 - Environmental Impacts Disposal procedures UPS • Read your Material Safety Data Sheets (MSDS) • Uninterruptible Power Supply • United States Department of Labor, • Backup power • Occupational Safety and Health Administration (OSHA) • Blackouts, brownouts, surges • http://www.osha.gov, Index page • UPS types • Provides information for all hazardous chemicals • Standby UPS, Line-interactive UPS, On-line UPS • Batteries, display devices / CRTs, chemical solvents and • Features cans, toner and ink cartridges • Auto shutdown, battery capacity, outlets, • Sometimes abbreviated as Safety Data Sheet (SDS) phone line suppression • Different names in each country Surge suppressor MSDS info • Not all power is “clean” • Product and company information • Self-inflicted power spikes and noise • Composition / ingredients • Storms, power grid changes • Hazard information • Spikes are diverted to ground • First aid measures • Noise filters remove line noise • Fire-fighting measures • Decibel (Db) levels at a specified frequency • Accidental release / leaking • Higher Db is better • Handling and Storage Surge suppressor specs • Much more • Joule ratings Room control • Surge absorption • Temperature • 200=good, 400=better • Devices need constant cooling (So do humans) • Look for over 600 joules of protection • Humidity level • Surge amp ratings • High humidity promotes condensation • Higher is better • Low humidity promotes static discharges • UL 1449 voltage let-through ratings • 50% is a good number • Ratings at 500, 400, and 330 volts • Proper ventilation • Lower is better • Computers generate heat • Don’t put everything in a closet © 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 46 http://www.ProfessorMesser.com 4.5 - Environmental Impacts (continued) Protection from airborne particles Local government regulations • Enclosures • Environmental regulations • Protect computers on a manufacturing floor • May have very specific controls • Protect from dust, oil, smoke • The obvious • Air filters and masks • Hazardous waste • Protect against airborne particles • Batteries • Dust in computer cases, laser printer toner • Computer components Dust and debris • The not-as-obvious • Cleaning • Paper disposal • Neutral detergents • No ammonia-based cleaning liquids • Avoid isopropyl alcohol • Vacuum • Use a “computer” vacuum - Maintain ventilation • Compressed air pump • Try not to use compressed air in a can 4.6 - Privacy, Licensing, and Policies Incident response: First response Licenses • Identify the issue - Logs, in person, monitoring data • Personal license • Report to proper channels - Don’t delay • Designed for the home user • Collect and protect information relating to an event • Usually associated with a single device • Many different data sources • Or small group of devices owned by the same person and protection mechanisms • Perpetual (one time) purchase Incident response: Documentation • Enterprise license • Security policy • Per-seat purchase / Site license • An ongoing challenge • The software may be installed everywhere • Annual renewals • Documentation must be available • No questions PII - Personally identifiable information • Part of your privacy policy • Documentation always changes • How will you handle PII? • Constant updating • Have a process in place • Not everyone realizes the importance of this data • Use the wiki model • It becomes a “normal” part of the day • It can be easy to forget its importance Incident response: Chain of custody • Control evidence • July 2015 - U.S. Office of Personnel Management (OPM) • Maintain integrity • Compromised personal identifiable information • Personnel file information; name, SSN, • Everyone who contacts the evidence date of birth, job assignments, etc. • Avoid tampering • Approximately 21.5 million people affected • Use hashes PCI DSS • Label and catalog everything • Payment Card Industry • Seal, store, and protect • Data Security Standard (PCI DSS) • Digital signatures • A standard for protecting credit cards Licensing / EULA • Six control objectives • Closed source / Commercial • Build and Maintain a Secure Network and Systems • Source code is private • End user gets compiled executable • Protect Cardholder Data • Maintain a Vulnerability Management Program • Free and Open Source (FOSS) • Source code is freely available • Implement Strong Access Control Measures • End user can compile their own executable • Regularly Monitor and Test Networks • End User Licensing Agreement • Maintain an Information Security Policy • Determines how the software can be used • Digital Rights Management (DRM) • Used to manage the use of software © 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 47 http://www.ProfessorMesser.com 4.6 - Privacy, Licensing, and Policies (continued) GDPR - General Data Protection Regulation Policies and best practices • European Union regulation • Policies • Data protection and privacy for individuals in the EU • General IT guidelines • Name, address, photo, email address, bank details, posts • Determines how technology should be used on social networking websites, medical information, a • Provides processes for handling important computer’s IP address, etc. technology decisions • Controls export of personal data • Security best practices • Users can decide where their data goes • Some security techniques are accepted standards • Gives individuals control of their personal data • Covers both processes and technologies • A right to be forgotten • You need a firewall • Site privacy policy • What happens if there’s a breach? • Details all of the privacy rights for a user PHI - Protected Health Information • Health information associated with an individual • Health status, health care records, payments for health care, and much more • United States legal team • Data between providers • Must maintain similar security requirements • HIPAA regulations • Health Insurance Portability and Accountability Act of 1996
4.7 - Communication Communication skills Clarify customer statements • One of the most useful skills for the troubleshooter • Ask pertinent questions • One of the most difficult skills to master • Drill-down into the details • A skilled communicator is incredibly marketable • Avoid an argument • Avoid being judgmental Avoid jargon • Abbreviations and TLAs • Repeat your understanding of the • Three Letter Acronyms problem back to the customer • Avoid acronyms and slang • Did I understand you correctly? • Be the translator • Keep an open mind • Communicate in terms that everyone can understand • Ask clarifying questions, even if • Normal conversation puts everyone at ease the issue seems obvious • Decisions are based on what you say • Never make assumptions • These are the easiest problems to avoid Setting expectations • Offer different options - Repair or replace Avoid interrupting • But I know the answer! • Document everything - No room for questions • Why do we interrupt? • Keep everyone informed • We want to solve problems quickly • Even if the status is unchanged • We want to show how smart we are • Follow up afterwards - Verify satisfaction • Actively listen, take notes • Build a relationship with the customer • They’ll need help again someday • Don’t miss a key piece of information • Especially useful on the phone • This skill takes time to perfect • The better you are, the more time you’ll save later
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 48 http://www.ProfessorMesser.com 4.7 - Professionalism Maintain positive attitude Difficult situations • Positive tone of voice • Technical problems can be stressful • Partner with your customer • Don’t argue or be defensive • Project confidence • Don’t dismiss • Problems can’t always be fixed • Don’t contradict • Do your best • Diffuse a difficult situation with listening and questions • Provide helpful options • Relationship-building • Your attitude has a direct impact on the overall • Communicate customer experience • Even if there’s no update Avoid being judgmental • Never take the situation to social media • Cultural sensitivity Don’t minimize problems • Use appropriate professional titles • Technical issues can be traumatic • You’re the teacher • Often money and/or jobs on the line • Not the warden • Even the smallest problems can seem huge • Leave insults on the playground • Especially when things aren’t working • Make people smarter • Part technician, part counselor • They’ll be better technologists • Computers don’t have problems • You’re going to make some BIG mistakes • People have problems • Remember them. Maintain confidentiality Be on time and avoid distractions • Privacy concerns • Don’t allow interruptions • Sensitive information • No personal calls, no texting, no Twitter • Both professional and private • Don’t talk to co-workers • On the computer, desktop, or printer • Apologize for delays and unintended distractions • Professional responsibilities • Create an environment for conversation • IT professionals have access to a lot of corporate data • In person • Personal respect • Open and inviting • Treat people as you would want to be treated • Candy bowl can be magical • On the phone • Quiet background, clear audio • Stay off the speakerphone 4.8 - Scripting Scripting and automation • Extend command-line functions • Automate tasks • Uses cmdlets (command-lets) • You don’t have to be there • PowerShell scripts and functions • Solve problems in your sleep • Standalone executables • Monitor and resolve problems before they happen • Automate and integrate • The need for speed • System administration • The script is as fast as the computer • Active Domain administration • No typing or delays Microsoft Visual Basic Scripting Edition • No human error • VBScript • Automate mundane tasks • .vbs file extension • You can do something more creative • General purpose scripting in Windows Batch files • Back-end web server scripting • .bat file extension • Scripting on the Windows desktop • Scripting for Windows at the command line • Scripting inside of • Legacy goes back to DOS and OS/2 • Microsoft Office applications Windows PowerShell • Command line for system administrators • .ps1 file extension • Included with Windows 8/8.1 and 10
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 49 http://www.ProfessorMesser.com 4.8 - Scripting (continued) Shell script • Loops • Scripting the Unix/Linux shell • Perform a process over and over • Automate and extend the command line • Loop one time • .sh file extension • Loop until something happens Python • Comments • General-purpose scripting language • Annotate the code • .py file extension • There never seems to be enough of this • Popular in many technologies Environment variables • Broad appeal and support • Describes the operating system environment JavaScript • Scripts use these to make decisions • Scripting inside of your browser • Common environment variables • .js file extension • Location of the Windows installation • Adds interactivity to HTML and CSS • The search path • Used on almost every web site • The name of the computer • JavaScript is not Java • The drive letter and path of the user’s home directory • Different developers and origins • Very different use and implementation #!/bin/sh Scripting basics // Add the first input string • Variables INPUT_STRING=hello • Associate a name with an area of memory // Keep looping if the string isn’t equal to bye • x=1. y=x+7. Therefore, y=8. • pi=3.14 while [ “$INPUT_STRING” != “bye” ] • greeting=“Hello and welcome.” do • String data types echo “Please type something in (bye to quit)” • Some text read INPUT_STRING • Integer data types echo “You typed: $INPUT_STRING” • Perform numerical calculations done
4.9 - Remote Access Technologies RDP (Remote Desktop Protocol) • Commercial solutions • Share a desktop from a remote location over tcp/3389 • TeamViewer, LogMeIn, etc. • Remote Desktop Services on many Windows versions • Screen sharing • Can connect to an entire desktop or just an application • Control the desktop • Clients for Windows, MacOS, Linux, Unix, • File sharing iPhone, and others • Transfer files between devices Telnet Security considerations • Telnet – Telecommunication Network - tcp/23 • Microsoft Remote Desktop • Login to devices remotely • An open port tcp/3389 is a big tell • Console access • Brute force attack is common • Unencrypted communication • Third-party remote desktops • Not the best choice for production systems • Often secured with just a username and password SSH (Secure Shell) • There’s a LOT of username/password re-use • Encrypted console communication - tcp/22 • Once you’re in, you’re in • Looks and acts the same as Telnet - tcp/23 • The desktop is all yours Third-party tools • Easy to jump to other systems • VNC (Virtual Network Computing) • Obtain personal information, bank details • Remote Frame Buffer (RFB) protocol • Make purchases from the user’s browser • Clients for many operating systems • Many are open source
© 2018 Messer Studios, LLC Professor Messer’s CompTIA 220-1002 A+ Course Notes - Page 50 http://www.ProfessorMesser.com