CompTIA A+ 220-902 Notes

Module 1: Introduction To Operating Systems

OS is SW that controls the PCs hardware that allows other appls to run

Provide a number of functions while complex represent sw at the most basic level

 Interact with HW on behalf of users

 Stores retrieves and manipulates files
 Allows appl sw to run and access hw

PC quite useless without OS

OS Types

Command line (CLI) OS that responds to text commands: DOS or Linux

Graphical User Interface (GUI) – user interacts using a GUI with ability to point and click to send input to OS:
Windows or Mac OS. GUI contains CLI

Older OS’s:

 DOS (Disk Operating System), Windows 3.x & Win for Workgroups
 Win 9x/ME
 Win NT Family – started 32 & 64 bit ver. Had server and client ver too
 Win XP – Home & Pro
 Win Server 2003 – Standard, Enterprise & Datacentre
 Win Vista – Home Basic and Home Premium, Pro & Enterprise, Ultimate
 Win Server 2008 – Std, Ent, Datacentre, Core versions

Current OS

 Win 7 – Starter & Home Premium, Pro & Ent, Ultimate

 Win Server 2008 R2 – Std, Ent, Datacenter, Core Versions
 Win 8 & 8.1 – Pro & Ent
 Win Server 2012 – Std, Datacenter, Core versions
 Win 10 – Not in Exam

Non-Windows OS

 UNIX – popular OS to control network and support internet based applications

 Linux – variation of UNIX available in variety of distributions with free source code
o Red Hat, Debian, Suse, Ubuntu
 Mac OS X strictly on Apple Mac computers
o 10.0 Cheetah – 10.11 El Capitan

OS Functions

OS responsible for
  Managing files and folders
 Accessing and managing appls
 Interacting with HW
 Detecting user input and responding to it

OS allows users to permanently store data to secondary devices like CD, DVD, HDD, flash drives

A File system is required to store info on physical media and determines capabilities

 FAT (File Allocation Table), FAT32, NTFS (NT File System), CDFS (Compact Disc FS), UDF (Universal Disk Format)
 NTFS more efficient file system, uses Master File Tables. UDF used when Blu-ray access as a disk drive

HDD Terms

 Sector – smallest physical area of space on a drive (512 bytes)

 Tracks – concentric circles on disk surface broken into sectors
 Cluster – smallest logical unit for storing data usually made up of multiple sectors

File System

 Tracks cluster use for data stored on disk

 Manages HDD using root directories and sub dirs.
 Retains info regarding data in a file table

OS’s also ensure appls can run correctly

 Appl software used for a specific purpose must be compatible with the OS
 Appls installed via media or downloaded files then launched by
o Desktop shortcut, Start Menu shortcut, Run command or Win Explorer

Multi-tasking – OS allows multiple appls to run simultaneously while keeping required resources separate

 Co-operative in older versions

 Pre-emptive multi-tasking in modern Oss and OS in control of which appl gets resources

Virtual mem – used by the OS to support multiple appls that require mem. It is a file on HDD. Swapping/Paging – process
of moving appl data between RAM and Virtual mem

The OS must manage mem for appls

Appls fall into 4 categories

 DOS 16-bit programs

 Win 16-bit programs
 Win 32-bit programs given their own separate mem space and support multithreading and supported through
WOW64 on a 64-bit OS
 Win 64-bit programs given their own separate mem space and only used on a 64 bit OS

OS controls hardware on behalf of SW or users but does not directly interact with HW

HW access is gained through use of

 Device Drivers – small programs stored on HDD that instruct OS on how to comm with specific HW
  BIOS – used to comm with simple devices like floppy drives, mice, kb

Device Drivers

 Many drivers are included with installations of Win

 Other drives available through Win update
 Some only available from hardware manuf
 Use drivers designed for OS

HW Management Utils

 Device Manager & Devices and Printers – Win

 System Info or System Profiler – Mac

Win OS Versions

Win most used OS, each version builds on previous adding new features and support techs must understand

 How to implement new features

 Troubleshoot features not working correctly
 Ensure system remains up-to-date
 Ensure system remains secure

Primary vers of Win

 XP not supported anymore

 Vista – not so widely used due to architectural changes badly implemented
 7
 8 & 8.1

Vista

Released in 07. Completely redesigned Start Menu, Taskbar and Control Panel with new enhancements

Several versions – Home Basic & Premium, Biz and Enterprise, Ultimate

New and Improved Features

 Aero graphical interface

 Redesigned search functionality
 Redesigned audio, print & networking subsystems
 Includes the .NET framework 3.0
 Windows Mail, Meeting Space, Contacts, etc.
 Bitlocker drive encryption
 User account control
 Windows sidebar
 Gadgets
 Windows Powershell

Win 7

 Most pop on market

  7 fixed all Vista issues
 Has numerous benefits over XP & Vista
 Home, Biz versions with Ultimate providing all features

New and enhanced features

 Enhanced User Account Control (UAC)

 Action Centre
 Redesigned taskbar
 Location Aware Printing
 Deployment options
 Enhanced manageability using Group Policy and PowerShell 2.0
 Bitlocker to go
 Shadow copy
 Ready Boost
 Mobile broadband enhancements
 Win XP mode

Win 7 Starter only in 32-bit for entry level PCs

Win 7 Home Premium – standard consumer edition with Aero but lacking biz related features

Win 7 Pro – biz focused for small to medium biz

Win 7 Enterprise has advanced data protection and info access for highly managed environments

BitLocker, AppLocker, BranchCache, DirectAccess

Win 7 Ultimate – Everything without volume agreement

All vers of 7 besides Start come in 64-bit

Improved performance, improved devices support, improved security

Win 8 & 8.1

MS wanted to fuse mobile and desktop into a single “Metro” interface

Features

 Start screen
 One Drive
 Windows to Go
 Windows Store
 Charms
 Client Hyper V
 Multiple Monitor Taskbar
 Live Sign in

Windows PowerShell

 CLI tool with admin in mind

  Powerful scripting tool can perform virtually any task
 4.0 ships with Win 8.1
 Familiar syntax to all cmdlets: Verb Noun -Parameter Value
o Get, Set, New verbs

Win 8.1 Editions

 8.1, 8.1 Pro, Enterprise, RT (ARM processors) & all available in 32 & 64-bit
 Benefits of 64-bit x64
o Improved performance
o Larger mem support
o Improved device support
o Support for client Hyper-V

Basic Nav and Management

GUI Nav - Primary nav components: Start Menu, Task Bar, Win Explorer or File Explorer

Start Menu

 Provides area for Programs and utilities

 Has been redesigned with each ver of Win
 XP had 2-paned start menu with a collapsed All Programs Menu. Starting from Vista everything expanded and
collapsed in single-pane

Win Explorer/ My Computer are primary file management tools in Win

Common directories: My Docs, My Pics, Downloads, Custom Directories

Win Vista intro’d Bread Crumb nav change – step back at any point, jump anywhere

Win 7 intro’d libraries which are virtual folders that can include multiple physical folders which are indexed

Vista & 7 include built-in indexing service and embedded Search box in both Start Menu and Win Explorer

CLI

File Naming Conventions: 8.3 similar to DOS, long file names supported in newer Oss

New files can be created by downloading or saving to disk or directly through Win Explorer or CLI

File Attributes – help assist with system activities and determine purpose

Archive, Read-only, System, Hidden

Some attributes can be set using properties of the file while some must be set using attrib CLI program

Win includes CLI: CMD and PowerShell

CLI commands for file management

 DIR – directory list

 COPY
  ERASE
 MD – make dir
 ATTRIB – modify attributes
 New -item

Various Admin tools for Management

 Control Panel
 Group Policy
 PowerShell
 Computer Management
 Regedit
 Loads more

Module 2: Installing Win OSs

Decisions to make beforehand:

 Type of installation
 Version of Win
 Verify system requirements
 Verify Compatibility

Installation Type

 Clean Install – installing an OS on a PC that has no OS or one not upgradeable to your choice of Win
 Upgrade install – upgrading current system, data and programs to new version

Clean install will wipe previous installations of Windows and data migration must be performed beforehand

2 broad categories are Attended or Unattended

Additional types:

Repair, multiboot, remote network installation, recovery partition, Refresh/Restore/Reset

HW requirements are key and must meet min require

Vista: 800MHz CPU, 512 MB RAM, 15GB HDD, SVGA graphics, DVD

Win Vista & 7 Premium: Vista Ready or Aero Ready

1GHz CPU, 1GB 32-bit or 2GB for 64-bit, 40GB GDD with 16GB free for x86 and 20GB free for x64, 128MB GPU
with DirectX9, DVD

Win 8: 1 GHz CPU with support for PAE and NX & SSE, 1GB RAM, 40GB HDD with 16GB and 20GB free, DVD, DirectX9

Verifying compatibility

 Upgrade Advisor is supplied with all Win and runs automatically when upgrade install is chosen
 Run UA separately for both clean and upgrade installations
 If items are included in the list of incompatible programs, ensure manufacturer supported upgrades and device
drivers are available
Best Practices

 Always check for compatibility of programs and devices

 Ensure devices that are unsupported have been tested in the new OS
 Pay attention printer drivers
 Double the min requirements

Starting with Win 2000 installation media includes ability to create and delete partitions and format with FAT32 or NTFS

Often 1st step in clean install

Choosing correct file system

 Small partitions are more efficient with FAT32

 exFAT – propriety and used for flash media above 32GB
 Partitions larger than 16GB should use NTFS
 Much of Win security is based on NTFS
 Dual boot systems must have a system drive formatted with a file system that all operating systems recognize

Multiple installation types for providing automated and manual methods of installation

 Manual CD/DVD,
o Boot to the installation media, create partition, format with file system and complete install
o Clean installations require product key, regional options, etc.
 Manual network
 Automated CD/DVD
o Win System Image Manager to create answer file
o For CD installation the answer file unattended.xml and will be placed on a floppy disk/flash drive that’s
inserted during the installation process
o Only applies to clean install
o Usually for larger numbers of clients
 Disk imaging
o Imaging is process of creating reference PC complete with OS, update, applications in order to clone
config and install on multiple network PCs
o Historically Ghost or Altiris could copy images from networks onto PCs
o Win Deployment Services is a new Win Server program that makes it possible to perform disk imaging
without 3rd party software
 Disk Imaging Process
o Client is booted with a PXE boot (network card)
o Client connects to WDS server and downloads Win PE boot image
o Win PE is used to prepare the HDD for imaging
o Full custom image is downloaded
o System reboots and goes through final config which can also be automated with answer file

Best Practices

 Decide carefully on install type

 Back up prior to install
 Installing over a previous OS is not the same as an upgrade
  Use disk imaging for larger scale deployments
 Disk imaging installations are much more complex than others
 Read documentation carefully and test

Choosing a boot method

 USB, CD-ROM, DVD, PXE, Solid State/Flash drives, External/hot swappable drives, Internal HDD (partition)

Once installation is complete, additional tasks should be performed

 Verify all devices working properly and update device drivers

 Add additional Win components that are not part of default install
 Install latest service packs and hotfixes
 Restore user data files if backed up

Upgrade Installation

Retains all programs and data

Backup data just in case

UA will run and identifies known compatibility issues

Not all OS can be upgraded to latest ver

Specific upgrade paths

HW may be incompatible if jumping versions

Upgrade Paths

Win Vista supports upgrades from XP

Win 7 supports upgrades from Vista SP1 & SP2

Win 8 supports upgrades from Win 7

Win 8.1 supports upgrades from Win 8

Ver considerations

 32-bit cannot upgrade to 64-bit or vice versa

 Cannot downgrade versions
o Home Premium to Home Basic
o Ultimate to Biz
 Cannot upgrade from Biz to Home versions
 Cannot upgrade to Ent ver
 Use Ultimate ver to get biz features

Important Pre-Upgrade tasks

 Disable A/V
 Disable 3rd party compression software
  Uninstall unused applications
 Delete temp files
 Defrag HDD

Migrating User Data

To retain user data after clean install there are options

 Win XP had File and Settings Transfer Wizard to easily copy user profiles
 Win Vista & 7 have Easy Transfer Wiz
 Both programs are available on the installation media and designed for non-IT people

For network admins that need to migrate data for larger numbers there is User State Migration Tool

USMT is a CLI program consisting of

 ScanState – scans users system using default settings or custom .xml files and copies user profile info to network
location
 LoadState – accesses the net location and copies user profile info onto the fresh Win installation

Module 3: Win Config and Mgmt

Control Panel and Settings

OS Tools

 Admin Tools
o Control panel
o PC Mgmt
o Lot others
 Monitoring Tools
o Event Viewer
o Task Manager
 CLI tools
 Networking Tools

Control Panel – Primary admin utilities on Win OS’s. Most changes made here make registry changes!

 Add/uninstall programs
 Change display settings
 Access admin tools
 Access device manager
 Modify settings for all HW devices
 Adjust regional settings
 Access security options

Control Panel has undergone 2 revisions in XP then Vista – category view

Vista & 7 added search facility and further redesign to category view

Common applets in Control Panel

 Internet options, Display, User Accounts, Folder options, System, Windows Firewall, Power options

Control Panel – Vista

 Tablet PC settings
 Pen and input devices
 Offline files
 Problem reports and solutions
 Printers
 Network and sharing centre

Control Panel – 7
 Homegroup
 Action center replaced Security centre
 Remote appl and desktop connections
 Network and sharing center
 Troubleshooting

PC Settings - Win 8/8.1

 A new admin utility intended to replace basic mgmt. from Control Panel
 Additions are made to PC Settings through Win Update
 Accessible through Charms menu

Be familiar with most parts of Control Panel & PC Settings

Exam Objectives give a scenario and expect us to know how to config various aspects of the OS using these tools

Control Panel applets mentioned in objectives

CP applet Scenario
Internet options Any changes to browser
display/display settings Bg, font, window colour
user accounts Change pw, add user, maintain users
folder options Hidden files and folders, single click, file extensions
system settings Rename pc, join domain, remote desktop settings
Troubleshooting
homegroup Local network
windows firewall Allow/disallow certain traffic
power options Hibernation options,
programs and features Mostly uninstall progs, repair, turn win features on or off, default programs
devices and printers Config peripherals
sound Adjust sound settings and playback or recording options, config mic
network and sharing Any network changes, making new connection, domain, network map, network
center location (home, work, public), network troubleshooting,
Clock lang and region Date, time, location, keyboard layouts

System & Security

Action Center is mostly a display area with a few options to change like Turn on Problem Reporting

Win Firewall is on by default – primarily use it to allow comms to and from the PC
System applet used to change name, join to domain, config remote settings – remote desktop, shadow copy

Power options – more relevant for laptops/tablets or energy conscious on desktop, password on wake up, hdd behavior
after time, etc

Networking and sharing –

Internet settings – cookies, history, privacy, cache, internet security settings, popup blocker, proxy settings

Hardware and sound – devices and printers

Sound – default playback, recording devices

Display – resolution, bg, multiple monitors

Other Admin Tools

MS Management Console (MMC) introed in Win 2000 as a std framework for all admin tools to be built in

Default admin tools on Win OS like PC Mgmt, Services, Local Sec Policy, etc come with preconfig’d MMC consoles

Customized MMC consoles can be created and saved as .msc files

Useful when admin tools on server OS added to client PC and can provide simple remote admin

One primary tool is PC Mgmt – preconfig’d MMC console

 Local Users and groups

 Event Viewer
 Services
 Disk Mgmt
 Perf Monitor
 Shared Folders
 Device Manager
 Defrag

Also possible to connect to remote PCs from Comp Mgmt

Other Tools: Perf Montor, Mem diagnostics, Print Mgmt, Component Services, Data Sources, Task Manager

Task Manager – End unresponsive tasks

Event Viewer

 Primary location for error msgs related to SW and system problems

 Appl & System logs have 3 types: Info, Warning & Error
 Views can be searched and filtered
 Vista and beyond allow collection of remote logs

Services

 Used to examine all services installed

 Check automatic services required and started
  Check service dependencies
 Change startup mode of services not required or uninstall associated programs

Disk Mgmt – primary admin tool for HDDs and partitions

 Disk types: Basic, Dynamic (Dynamic disk DB stored on HDD) and allows >4 partitions or volumes
 Partition types: Primary, extended, logical drive, volumes (vols for dynamic disks only)
 Partition styles: Master Boot Record (MBR), GUID Partition Table (GPT); gpt if part >2TB
 Partition Mgmt: Extending, Shrinking, Multi-disk volumes
 Config drives: Drive letters, Mount points (Drive paths), Importing foreign disks
 Working with virtual HDDs

Storage Spaces are new feature in Win 8.1 & Server 2012 that give flexibility in disk mgmt that was only possible when
using SANS

 Storage pools are created using 1 or more physical or virtual drives

 Once storage pool is created, virtual drives or LUNs (Logical Unit Numbers) are created across physical disks
 These virtual drives support a variety of arrangements and types
o Simple
o 2 or 3-way mirrors
o Parity

System Admin Tool – MSConfig

 Gives different types of advanced config

 General
 Boot
 Services
 Startup
 Tools

Other useful system utils

 Services.msc
 MMC
 MSTSC (Remote Desktop Connection - RDC)
 Notepad
 Explorer
 MSInfo32
 DXDiag
 Defrag
 System Restore
 Win Update

The Registry is a hierarchical DB created during Win installation and holds all config options

 Physically stored in 5 files (called hives) in %systemroot%\system32\config

 Logical registry is hierarchical and consists of sections called keys
 Each key contains subkeys which contain other subkeys and specific values which define specific Win settings
 Reg keys
 o HKEY_CLASSES_ROOT – file association data used to start correct program
o HKEY_current _user – user specific data for current login
o HKEY_local_machine – all non-user-specific config
o HKEY_users – user specific config for all users on the system
o HKEY_current_config – maintains HW profile data
 Win registry can be edited directly using regedit or regedit32

CLI Tools

Command line is another place where utils exist

2 options are cmd.exe or Win PowerShell

All CLI commands function within PowerShell

Help by typing commandname /?

Some commands require you to start command prompt or PowerShell with admin rights

Tool Scenario
Taskkill Shut down process
Bootrec Boot recovery util, need to be booted into Win RE
/fixmbr – resolve mbr corruption
/fixboot – rewrites new boot sector if virus corruption
/scanOS – reports OS details
/rebuildBCD – reconfig Boot Configuration Store
Shutdown Shut down system
Tasklist List services
Md, rd, cd Directory nav
Del Delete file
Format Format a drive
Copy,xcopy,robocop Copy files
y
Diskpart Partition disks
Sfc System file checker – check integrity of drivers & signatures
Chkdsk Disk maintenance
Gpupdate Update group policy
Gpresult Show policies that apply as result of all policies
Dir List files and folders
Exit Exit CLI
Help More info on command
Expand Decompress a zip file

Config Network

3 components required to connect to network: NIC, Net protocol, net client

Win systems will locate and install a device driver for connected NIC upon installation and install TCP/IP and Win
networking clients by default. Additional properties may need config
QoS – prioritize traffic of certain type

TCP/IP is primary protocol suite in use by internet and industry standard for all major OS’s

 Defines IP addresses using v4 or v6

 Auto assigns IP addys using DHCP
 Network config (check details in 901 course – now just revision)
o IP addy
o Subnet mask
o Default gateway
o DNS server

Win will obtain IP addy automatically by default which works in most cases

If DHCP not available APIPA will be used

169.254.x.x and is NOT routable to internet

If desired, alternate config can be set for when DHCP unavailable

Various network types

 Home networks
 Small biz networks
 Large biz networks
 Remote access connections
o VPN
o Remote desktop
o Remote assistance

Each is slightly different and requires a different config

Home and small biz net (no centralized security)

 Usually do not contain dedicated servers

 Individual workstations that share resources
o Folders, drives, printers
 Config’d as a workgroup or homegroup (Win 7 & 8)
o Workgroup chars
 User accounts are local to each PC
 Account credentials are duplicated or shared
 Impractical for large numbers of PCs
 Broadcast name resolution is often used
 Drives can be mapped with persistent credentials to facilitate easier resource sharing

HomeGroup

 Win 7 and later provide this functionality and makes this type of networking much easier
 HomeGroup is created on one system and others detect the HomeGroup
 HomeGroup sharing options are config’d on each PC
  User account security is handled automatically without need to duplicate accounts or share account passwords

Larger Biz networks will use client/server model also know as a domain

Domains use dedicated servers known as Domain Controllers which run Active Directory Domain Services on Win Server
2008/2012

 Provide LDAP searching of dir

 Provide Kerberos authentication protocol for auth and SSO
 Provide access to resources throughout domain using single user account
 Scale to hundreds of thousands of systems
 Key is centralization
 Domain must be joined by client using System in Control Panel which requires
o Username and pw combo
o Local admin rights
o DNS name resolution
 Once domain is config’d persistent drive mappings can be created using
o Win Explorer
o CLI
o Logon scripts

Network and Sharing Center provides single location in Vista and 7 to config net connections and associated properties

 Access network card props

o Duplex settings
o Speed
o Wake on LAN config
o QoS
 Create new connections
o Wireless
o VPN
o Dial up
o WWAN (cellular and mobile broadband)

Remote Desktop available on biz and ultimate versions of Vista and 7 and XP pro

Remote Desktop uses

 Remote Desktop Protocol (RDP) on TCP port 3389

 MSTSC.exe
 Must be enabled in System in Control Panel
 Requires admin rights or membership in Remote Desktop users group

Win Firewall is on by default and prevents some network comm

Provides 3 profiles: Private, Public and Domain

Firewall rules can be config’d to allow/disallow both in/outbound traffic based on programs, port numbers or
preconfig’d rules
OS Security

Starting with NT OS users are required to have a username/pw combo to login

 Local accounts are stored in SAM DB on the PC and used to gain access to local PC resources
 Domain user accounts stored in AD DB on Domain Controller and can be used to access resources on all domain
PCs

Process referred to as authentication which is validation of an individual attempting to use the system

Authentication Process

 When user in workgroup attempts to gain access to another PC then NTLM (LAN Manager) protocol is used to
pass credentials
o If identical creds exist on SAM of destination PC and user is authorized then access is granted
o User will be prompted to authenticate when an account in the SAM of destination PC before
authorization is determined
o Authentication must precede authorization
 In Domain
o User logs into domain and Kerberos authentication protocol is used
o Kerb authentication involves validation of the account against the domain DB stored on DC
o Access token generated in a domain scenario will allow for authorization against any resource in domain
o Authorization is determining what a user can do on the system or what resources can be accessed
o Authorization is determined by comparing access token to the Access Control List to determine if access
should be granted or denied

Groups – exist in local SAM DB and within AD

 Local Groups
o Users – regular users cannot perform admin tasks
o Power users – upgraded group who can share folders, install printers perform some admin
o Admins – full control
o Guests – temp access to PC
 Domain Groups – similar to above but whose admin rights and permissions extend across multiple systems

Credentials

 Standard user creds stored as hash values in the domain and SAM DBs
 User inputs creds which are encrypted and sent to DC
 Encrypted creds compared with encrypted one stored in the domain DB
 Alternatively digital certificates can be used to authenticate
 Digital certificate is usually stored on a smart card or electronic chip embedded in a credit card type device
 PCs are equipped with external smart card readers
 Smart card readers can be part of kb or external device
 Other authentication methods use biometrics and additional SW to validate user
o Fingerprint and retina scanners, facial recog SW

In order for resources can be made available they must be shared

 Client responsible for making shared resource is File and Print Sharing of MS Networks
  Folders can be shared using Win Explorer or PC Mgmt
 When sharing users must assign shared folder and NTFS permissions to control level of access given to remote
users

Permissions

 Shared permissions – only applied when accessed over the network: Read, Change, Full Control
 NTFS permissions apply locally and over the network and allow for more specific access to be granted

Every file and folder on an NTFS partition has am Access Control List (ACL) which defines who has access and the level of
that access

NTFS permissions

 Read
 Read and Execute
 List Folder contents
 Write
 Modify
 Full control

Permissions can be allowed/denied to a resource

Shared folder permissions apply to resource accessed over the network and to the folders and all the files within

 Limited number of permissions: Read, change, full control

 Basic vs Advanced sharing
 Admin shares

Combining NTFS and shared folder permissions results in the effective permissions for a file or folder

Certain rules apply

 Individually shared and NTFS permissions are cumulative

 Collectively the effective permission is the most restrictive
 Deny permissions always override Allow
 Permissions can be granted to users or groups
 File permissions override folder permissions
 File permissions are inherited from folder permissions
 When files are copied or moved inherited permissions are affected

Encrypting File System (EFS) provides data confidentiality beyond typical access controls by using cryptographic methods
in both public and private key encryption

Technologies

 Cryptography
 Ciphers
 Hashing algorithms
 Public key encryption
 Private key encryption (symmetric key)
EFS built in to the NTFS file system and Win OS

 Transparent file encryption and decryption

 Appropriate cryptographic keys are required to decrypt files
 Certificates generated automatically
o Self signed certificates
o Or from Certificate Authority
 Files can be shared with other users

Encrypting Process

 User encrypts a file of folder

o Win Explorer
o Cipher.exe
 Certificate generated or obtained from CA
o Contains a public/private key pair
o Private key stored with the user profile
 File Encryption Key (FEK) protects data
 Public key protects the FEK in the filer header
 Decryption happens automatically
o Authorized users
o Recovery agent

Win BitLocker encrypts entire volume instead of individual files

 Provides complete volume protection

 Provides offline data protection
 Protects all appls
 Verification of system integrity
 Verification of boot config data
 Ensures integrity of the startup process

Trusted Protection Modules (TPM)

 Cryptographic chip embedded on the M/B

 Protects startup process from offline tampering
 Used by default

BitLocker To Go

 Extends protection to removable drives

 Configable in Win Explorer
o Password protection
o Smart card unlock
o Auto decryption on host system
o Access from other systems with a password

Standard BitLocker Requirements

 PC with TPM 1.2 or later

  Removable USB drive
 2 partitions for OS volume protection

Modes

 TPM Mode
o Locks normal boot process
 Optional startup PIN
 Optional USB unlock
 Non-TPM Mode
o Uses Group Policy
o Startup key stored on USB

User Account Control (UAC) is a feature that provides protection against unwanted SW

 Prompts user for admin credentials or consent

o Running installation programs
o Modify Win settings
 Protects against unknown background installations
 Provides limited prompts in comparison with previous versions
o Without prompt
 Updates
 Driver installations
 Viewing Win settings
 Resetting network adaptors
 Notification settings
o Never
o Notify only when apps try to make changes
o Always
 Is configable
o Control panel – basic config
o GPOs – advanced config

Preventative Maintenance

Continued efficiency and stability of OS through this technique

Issues that can affect efficiency and stability

 Fragmentation of HDD
 Neglecting to install updates
 Disorganization of file system
 Malware infection

Win provides various programs that can help

 Scheduled disk maintenance

 Win updates and patch mgmt (Win Server Update Service - WSUS)
 Driver/firmware upgrades
  AV and anti-malware updates
 Scheduled backups

Module 4: Alternate OS’s

Macs primarily personal use and scenario involving design, graphics, video, web, etc

Linux systems used in enterprise on switches, routers, firewalls

Exam objectives: Tools, features, basic linux commands, best practices

Important to know way around both OS

Mac OS called OS X since 2001 only on Mac HW, but Win can be installed as a virtual system on Mac HW

Linux kernel is freely available for download – open source and can be installed on any HW. Additional programs,
graphical interfaces, admin utils, etc. can be added. Individual distributions may require a purchase

OS Features and Tools

Multiple Desktops/Mission Control

 Mac OS provides quick way to see everything open on system

 Accessible by
o Swipe up with ¾ fingers
o Double-tap surface of the Magic Mouse with 2 fingers
o Click Mission Control icon in the Dock or Launchpad
o Press Mission Control key on Apple kb
 All open windows and spaces are then grouped by app
 Can create additional desktops called spaces and users can then place certain apps into them
 Can switch between spaces in the same session
 All spaces will appear at top of screen once you enter Mission Control and apps can easily be dragged from one
space to another
o Shortcuts can be used
 Ctrl-left/right
 Swipe ¾ fingers left or right across trackpad
 Same feature available on Linux distributions called Workspace Switchers

Key Chain

 Password mgmt. system in OS X: can contain

o Private keys
o Certificates
o Secure notes
 Files are stored in /Library/Keychains and /Network/Library/Keychains
 Accessible via Keychain Access

Spot Light

 Search tool built into OS X

  Easily accessible
o Magnifying glass icon in menu bar
o Command + spacebar in any app
 Results include
o Web searches
o Local files
o Dictionary definitions
o Currency conversions
o Quick calculations

iCloud

 Apples cloud storage solution

 Provides auto sync across all a user’s devices
 Can be used to locate an iPhone or iPad
 Can be used as storage location for backups
 All users receive 5GB free and may upgrade to paid storage solution

Gestures

 Used in Mac to interact with a touchscreen

 Based on multi-touch allowing users to touch the screen in more than 1 place to initiate special sub routines
called gestures

Finder

 Also used on Mac to search for files

 Main function is like that on Win Explorer

Remote Disk

 Appears under Devices and PCs in Finder

 Can see PCs on the same network have shared drives
 Can enable sharing HDDs and optical drives in System preferences

Dock

 A series of icons that appear on the bottom of the screen

 Quick access to included appls
 Additional apps may be added to Dock
 Functions like the taskbar in Win although items are organized differently
 Apps are kept on the left side while folders, doc and minimized windows are kept on right

Boot Camp

 Util that provides a multiboot environment config

 Only supported to install a version of Win but it has also been used to create a bootable version of Linux
 Bootcamp assistant guides user through process

Many more tools available for config and maintenance

All Linux versions have free backup tools and other backup tools available for free

 TAR and CPIO commands can be used to construct full or partial backups
 Each creates a large file that contains or archives other files

TAR parameters are case sensitive

 -r (Append)appends files to an archive

 -A (Catenate) – adds archives to the end of an existing archive
 -c (Create) – new archive
 -delete – deletes files in an archive
 -d (Diff) – compares files in an archive with files on the disk
 -x (Extract) – extracts files from an archive
 -help
 -t (List) – lists files in an archive

Time Machine on Mac

 Used in OS X to backup entire system

o System files
o Apps
o Music
o Videos
o Photos
o E-mails
o Docs
 When enabled provides an automatic backup of the Mac on a config basis

Both Mac and Linux have restore tools

Linux has a snapshot feature providing ability to create a volume image of a device

 Use lvcreate command

 To restore, locate snapshot directory which contains hidden folders for each snapshot taken

Mac uses Time Machine to restore files and systems

Image Recovery

 Recovering an entire system image

 Linux uses the rsync util to restore a snapshot
 OS X uses Disk util in conjunction with backup of the system and OS media

Disk Maintenance utils to maintain file integrity and as part of preventative maintenance

 Rsync in Linux backs up and restores files

 Time Machine on OS X backs up and restores files and images
 Fsck in Linux is the Filesystem checker
 Disk utils in OS X verifies disk health and restores images
 Tar in Linux backs up files
 Lvcreate in Linux creates a snapshot volume
Shell/Terminal

 In Linux a shell is a CLI

 In Linux a terminal is a window that appears when you press Ctrl-Alt-T
 Both accept commands but they are 2 separate programs with differences
o Terminal windows can run different shells based on config
o Certain interactive appls can be run in the terminal emulator and will turn in the same window
o Remote logins can be run from a terminal window, like when using SSH
 OS X calls the shell Terminal and it is in Applications>Utils>Terminal

Screen Sharing

 Linux - Procedure with a root user

o Change permissions to allow users to get added to the session
 Type chmod u+s /usr/bin/screen
 Allows user to run executable file of the specific owner launching the screen
o Change access permission of the screen mode
 Type chmod 755 /var/run/screen
o Log out of SSH as a root user
o Type Screen to start a new screen
o Change screen mode from single use to multiuser
 Ctrl+A and type ‘:multiuser on’ //
o Add the user to the screen
 Ctrl+A and type ‘:acl name’ // E.g. acladd jack
o User joins the screen so that both can work in the terminal
 Type screen –x name_of_screen_session
 OS X procedure
o Appl Menu – System Pref – Sharing
o Select Screen Sharing box
o Specify who can share your screen
 All uses
 Only these users, add who you want
o Click Computer Settings and select 1 or both (allow users without an account to share screen)
 Anyone may request permission to control screen
 VNC viewers may control screen with password

Force Quit used on OS X to stop unresponsive appls

 Choose Force Quit from Apple Menu

 Press Command-Option-Esc
 Select unresponsive app in the Window and select Force Quit

In Linux use xkill

 Press Alt+F2
 Type gnome-terminal to open terminal session
 Inside terminal type sudo xkill
 Select applicable window to kill it
Best Practices

Scheduled backups, disk maintenance, system and app updates, driver and firmware update, AV and anti-malware
updates

Linux scheduled backups using rsync command

Additional util known as cp can be used but rsync is better

 Prevents unneeded copying when the destination file has not been changed
 Operates both locally and remotely
 Encrypts the transfer

In OS X you can use rsync from a terminal as well as the built-in GUI util called Time Machine

Rsync –a [source dir] [destination dir]

Scheduled Disk Maintenance

 Linux does not require defrag cos of different file system handling
 1 disk maintenance task is logical check of filesystem using fsch
 OS X needs defrag sometimes
o Users created large number of multimedia files and the drive has been filling for some tine

System/App Updates

 Linux versions are easier to update now

 Ubuntu and Fedora use GUI tool
o System – Admin – Update Manager
o Check for updates
 CLI can also do it
o Open terminal window
o Type sudo apt-get upgrade
o Enter users password
o Select updates an install
 On OS X
o Updates from Appl or App Store
o Access Software pref in order to make updates automatic

Driver/Firmware Updates

 Updating drivers and firmware in Linux can be done during installation

 Some distributions recommend installing first then upgrade
 Upgrade process will vary
 Some use a personal package archive (PPA)
o Repositories containing drivers
o Made easily available through Update Manager
 On OS X, firmware and drivers obtained from Apple support site
o Following download, system will restart
o While grey screen is present the update is being installed
AV/antimalware updates

 All major vendors produce products for OS X and major Linux distributions
 Updates to these engines and definitions occur like in Win
 Checks can be scheduled too

Basic Command Line Admin in Linux

Recognize and be familiar with commands

 The ls command lists info about files in current directory like dir in Win
o Ls [option]… [file]…
 -a –all
 -author
 d – list directories
 --format
 -G – do not group
 grep command used to search for text in a file or a given file for lies containing a match to the given string or
words
o grep [options] pattern [file]
o There are options that govern the matching process and output
 cd command is used to change directory
o syntax – cd [option] [directory]
o –L forces symbolic links to be followed
o –P uses physical directory structure ignoring symbolic links
 diff - compares files
 sort – sorts files
 pwd – (print working directory)
 gzip – create gzip compressed files
 shutdown – shuts down system
 service – runs scripts
 ps – display process info
 top – display processes with most cpu usage
 kill - terminate process
 cp – copy command
 mv – rename files
 cat – view multiple files at same time
 chmod – change permissions
 passwd – change password
 md – make directory
 ifconfig – view config ip addresses

Network OS’s

Server Roles – PCs running a server OS like Win 2012 that provide a type of shared service to clients over the network

Web servers, file servers, print servers, DHCP servers, DNS servers, Proxy servers, Mail servers, Authentication servers

Web servers
  Provide access to info using HTTP
 Browsers comm using HTTP with the web service running on the web server
 Eg: IIS for Win and Apache for Linux
 Servers available only internally are called intranet servers
 Servers can securely transmit data with HTTPS which uses SSL in order to encrypt traffic

File server

 Used to store files and make the m available to clients over the network
 Ideally users store data on file server in order to centralize backup and take advantage of high speed access
 Additional capabilities
o Security
o File classification
o File mgmt.
o Quotas
o File screens – prevent certain file types from being stored on server

Print server

 Used to manage printers on network

 Often manage all printers on network providing centralized mgmt.
 Some print devices have their own internal print server negating this role in some scenarios

DHCP server

 Used to automate process of assigning network addresses to clients

 Hosts a DB of available addresses (scope) and assigns the IP addresses to clients on a temp basis (lease)
 Listens and responds to broadcast REQUESTS from clients and offer the 1st available addy in the scope
 Provide additional options
o Default gateway
o DNS server addys and domain names
o TFTP servers (Trivial File Transfer Protocol)
o Boot servers (imaging processes)

DNS server

 Used to resolve user friendly names for network devices to numeric IP addys
 Clients forward queries to their preferred DNS server based on config
 DNS serve are responsible for particular domain names and will query Internet name servers for names outside
of their control

Proxy server

 Makes Internet connections on behalf of users on the network

 Prevents users from making direct connections to the internet providing numerous benefits
o Caching of web content
o Access control to the web
o Safe browsing
o URL filtering
 o Time constraints
 Requires the client browser to be configured to use the proxy server

Mail server

 Run e-mail software and use SMTP in order to send and receive mail for users that have mailboxes on a server
 Users connect mail clients directly to the server using various protocols
o HTTPS
o POP
o IMAP
 Most popular mail server is MS Exchange

Authentication server (aka Directory server, domain controller)

 Handles authentication requests from clients in a domain

 Host a security DB containing users, groups and PCs
 Provides SSO (single sign on) in domains
 E.g. MS Active Directory

Beyond those server roles there are also network appliances that are dedicated to providing a particular set of
functionality

In many cases the can perform better than a server using SW roles

Collectively referred to as Internet appliances – know purpose of these devices

Unified Threat Mgmt (UTM)

 An approach to providing multiple security functions within the same device or appliance
 Functions include
o Firewall
o Intrusion prevention
o Gateway antivirus and antispam
o VPN
o Content filtering
o Load balancing
o Data loss prevention
o On appliance reporting

Intrusion Detection System (IDS)

 System responsible for detecting unauthorized access or attacks

 Verifies, itemizes and characterizes threats internally and externally
 Provides event notifications and alerts
 Network based (NIDS) are most common monitoring traffic on the network segment and requiring a NIC
operating in promiscuous mode (silently monitors traffic between clients)

Intrusion Prevention Systems (IPS)

 Scans traffic on a network for signs of malicious activity

  Distinguished from IDS in its ability to RESPOND to a network threat as opposed to reporting only
 Must be carefully configured to prevent
o False positives
o False negatives

Legacy / Embedded Systems

 Embedded
o PC system with a specific function within a larger computing system
o Present on many internet-connected devices such as VOIP phones and routers
o Increasingly found in devices such as home appliances and automobiles
 Legacy systems are those that have essentially been handed down from one version of a system to another
without any major revisions

Module 5: Virtualization and Cloud Computing

Virtualization

A set of techs that have numerous advantages in comparison to std server infrastructures

It works differently than physical systems

 Single physical host server runs multiple machines

 Machines run simultaneously but operate independently
 Can run different OS and different roles
 Access to HW resources on the host

Benefits

 Transparent to users
 Machines can run different OS providing different roles
 Efficient utilization of HW resources
 Conservation of energy – less power consumption
 Simplifies server deployment
 Provides server consolidation not possible without virtualization

2 types of virtualization hosts or hypervisors: Type 1 & type 2

Type 1 – provides equal access to HW for host and guest OS

 MS Hyper-V
 VMWare ESX Server
 Citrix XEN Server

Type 2 – access to HW goes through host system

 MS Virtual PC & Virtual Server

 VMWare Workstation
 Sun/Oracle VirtualBox

Virtualization Components
  Host system
 Virtual machines
o SW – functions like regular PC or server
o HW – provides virtual equivalents to physical HW
 CPU
 Mem
 NIC
 HDD
 VHD or VHDX or VMDK files (individual files on host)
 Fixed – creation takes time
 Dynamic – grows as storage does and is quick to setup
 Pass though

VMs store entire config and data in group of virtual HDD contained in physical files. Provides additional capabilities

 Mobility
 Scalability
 Backups using snapshots or checkpoints

Cloud Computing

Cloud model represents the ongoing evolution of the datacenter using virtualization techs and providing numerous
advantages over traditional server based models.

It is described by NIST as “a model for enabling ubiquitous, convenient and on-demand network access to a shared pool
of configurable computing resources like networks, servers, storage, application and service that you can rapidly
provision and release with minimal management effort or service provider interaction”

Problems with server based infrastructures

 Physical HW required
 Interoperability issues requiring individual applications or roles
 Underused servers
 Data stored locally

Advantages to cloud computing

 Virtualized datacenter
 Reduction in operational costs
 More energy conscious
 Rapid elasticity
 On demand
 Resource pooling
 Measured service

Cloud Models

 Private
o Local fabric resources
o Increased customization
 o Increased admin requirements
 Public
o Provider hosts fabric
o Varying customization levels based on cloud services model
o Varying admin requirements based on cloud services model
 Hybrid

Cloud Services Models

 SaaS – OSvC, dropbox, office 365. Everything from appl in cloud – everything managed by provider
 PaaS – appl and data locally managed with all other things managed by provider
 IaaS – appl to OS managed by user, and virtualization to networking managed by provider

Module 6: Managing Mobile Devices

Overview

Mobile devices: Pocket PC, smartphones, phablets, tablets, e-readers, ultra mobile internet devices

Personal Digital Assistant (PDA) – handheld organisers that contain address books, calculators and calendars

 Input provided through touch screen or stylus

 Sync capabilities use IR Bluetooth or USB
 PDAs contain their own OS such as Palm, Win CE

Smartphones and PocketPCs – have cellphone, internet browsing capabilities with ability to transcribe docs using a
mobile ver of MS Office

All devices have batteries used in notebook PC but smaller with ability to operate at long periods

Tablets are a cross between portable computer and a handheld PDA

 Originally tablets we a type of specialized laptop

o Contain a special ver of Win which allows input via stylus or keyboard
o Win XP came in Tablet PC version while Vista and 7 contain tablet input capabilities
 Modern tablets vary in size (7” – 11”) and capability
o Android
o iOS
o Win 7/8.1

Laptops

 Smaller or full size kb

 Similar components of a std desktop
 New models have touch screen but no stylus

Convertibles

 Laptops with screens that can flip to transform into a touchscreen writing surface

Netbooks
  No touchscreen
 No removable drives and a much smaller form factor

Tablet

 7,8,10 “ screens
 No physical kb
 Usually use different OS than desk/laptops

Smartphones

 4 – 5.5” screens
 Sometimes feature retractable mini kb
 Usually use different OS to desk/laptops

Primary HW differences between tablets and laptops

 No field serviceable parts

 Typically not upgradeable
o OS SW upgrade
 Always use SSDs

Mobile OS’s

BYOD – Bring your own device and support required

Mobile OS – iOS, Android, Win

OS’s very similar but differ in many ways

Open source vs closed source/vendor specific

 Android is an OS from Google based on Linux kernel and written with core set of libraries that are written in Java
 Being open source means all devs have access to the same framework APIs used by the core appls
 Apple iOS is vendor specific system so devs must use SDK and register as developers
 Whether desktop of mobile OS, it appears Win OS will always be closed course

Mobile OS designed to run programs called apps.

 Android apps primarily from Google Play Store but available from other sites
 Apple apps ONLY available from App Store
 Win apps available from MS Store only

Mobile devices contain accelerometer and or gyroscopes used to determine movement and tilt of device

 Means device can adjust based on orientation of screen

 Either can be used but since they exhibit slightly different chars they often work better together
 In iOS both are used to sense movement and tilt
 Newer Android models also have both

Since all mobile devices have touchscreens they must be calibrated

Screen calibration is required for correct interpretation

Most devices will have a built in calibration tool – can be a long process but usually fixes issues that might have arisen

GPS and geotracking

 These techs provide all mobile devices precision location tracking and directions making other navigational aids
almost obsolete
 Some devices will use cell towers to get GPS info while others, like Android, connect directly to satellites
eliminating the towers
o GPS can cause battery drainage
o Location tracking can be turned off when not in use to conserve battery
 Geotracking is a bit different and controversial as both iPhone and Android devices record the location of the
device and periodically send this info to a central location

wiFi calling

 Refers to extending mobile voice, data and multimedia appl of IP networks

 Generic Access Networks (GAN) is an earlier term that refers to the same concept
 Allows use of wifi to all comms when possible conserving data plan

Launcher/GUI (docked apps)

 Program used to locate and start other programs

 Launcher developed by manufacturer of mobile device to provide shortcuts to other apps
 Additional android launchers are available

Virtual Assistants

 Program built into mobile devices that assist user in looking up info on web, email, on device
 iPhone VA called Siri
 Android also provides voice recognition with voice actions
o Dictation of text and emails
o Play music or get directions
o Google Now acts as VA
o More VA’s available for download

SDK/APK

 SW dev kit or appl dev kits are sets of utilities provided to 3rd party devs to help them develop appls
 In vendors best interest to assist devs which has been 1 reason lack of success with Win products

Emergency Notifications

 Wireless Emergency Alerts (WEA) are now commonplace in mobile devices

 Governmental alerting agencies work in conjunction with mobile operators such as
o Extreme weather
o Local emergencies requiring immediate action or evacuation
o AMBER alerts
o Presidential alerts during national emergency
 Most devices have been enabled by default but some config of desired msgs is possible
Mobile Payment Service

 Allows use of mobile device as a wireless payment system

 In some cases requires special SW or HW such as card reader
o Paypal
o Amazon
o Square
 Some cases NFC is used to allow appls like Google Wallet or Apple Pay to perform contactless payments

Android – is a mobile device OS founded on Linux

Versions are named after candy

 Major number and then revision nums

 Devices are updateable to a limit
 2.3 – Gingerbread
 8.0 – Nougat

Features

 Interface
 Direct manipulation
 Virtual kb
 Haptic feedback
 Homescreen made up of apps and widgets

Apps

 Google play
 Freeware or Shareware

HW – Main CPU platform is ARMx7

Android devices

 Require a google user account

 Uses google search by default
 Use Play store

Settings app varies between devices but is primary location for all config

 Connectivity
 Screen orientation
 GPS settings
 Screen calibration
 Etc.

iOS – mobile OS from Apple exclusively for their devices

Features

 Interface
 o Direct manipulation
o Multi-touch gestures
o Swipe, tap, pinch, reverse pinch
 Included apps
o Mail
o Safari
o Music
o Videos
 Apps available through App Store

iOS is proprietary OS so more restrictive

Limits

 Screen customization
 Settings
 Default appls

Network Connectivity and Email

3 types: Cellular, Wi-Fi, Bluetooth

Each can be enabled/disabled in device settings

 Cellular functions are disabled using Airplane mode or roaming configs

 Wi-Fi and Bluetooth enabled individually

Bluetooth – short range wireless used for connecting portable devices to

 Wireless headsets
 Kbs
 Car stereo systems
 Computers

Bluetooth must be enabled on device to connect

Due to open nature additional config is required to ensure security

 Disabled by default
 Requires pairing with a device
 Requires PIN for pairing
 Rejects unknown connections by default

Wi-Fi connections on mobile are same as laptop and require

 Wireless to be enabled
o Called wifi in iOS
o Wireless on Android
 SSID to be known
 Click to connect and type password
 Save wireless profiles to auto connect to hidden networks
Hotspots

 Publicly provided wireless networks that are connected to the net

 Once always desirable over cellular, but with LTE tech may not be required as much
 Typically do not require security
 Some mobile devices support ability to become hotspot themselves

Tethering

 Another mechanism to share internet connection from one device to others

o Bluetooth
o Wi-Fi
o USB

Email – must be config’d on mobile device

 Exchange
 Gmail
 Other providers
o POP
o IMAP
o SSL and port settings

Basic parts of email config on mobile

 Server addy
o FQDN on incoming server which is POP3, IMAP4 or HTTP
o FQDN of outgoing server – SMTP
o Port numbers used for both
o Security required
 Sync options

Product Release Info (PRI) is connection between mobile device and radio which may need updating from time to time

Preferred Roaming List (PRL) is a list of roaming frequencies

Baseband is the chip that controls all the GSM and 3G phone RF waves

Location of PRL update option will differ between devices but generally in settings

The PRI update is a flash process which happens OTA

Baseband updates are radio firmware updates and require manual download, extract and update

International Mobile Equipment ID (IMEI) – unique phone ID

Int Mobile Subscriber ID – Identify SIM card (Subscriber ID Module)

Connections to corporate networks should occur using built in VPN capabilities in Android and iOS

Mobile Device Sync

Sync can occur through

 Direct sync with PC

o USB
o Bluetooth
o IR
o Wi-Fi
 Upload to Internet services and appls (sync to cloud)
o Dropbox
o Google Drive
o Email providers

Data to sync

 Contacts
o Mail programs
 Online
 Outlook
o Social networks
 Twitter
 Facebook
 Instagram
 Programs
o App Store
o Google Play Store
o Windows Store
 Email
o Config options
 # days to download
 How to handle deleted items
 Email server and other config settings
 Pictures
o Online services provide sync
o Auto uploads can be config’d when wifi connection present
 Music and Video
o Sync’d with program
 iTunes
 Google Music
 Win Media player
o Selectively store songs on mobile device
 Calendar
o May require small appl such as using gmail on iPhone
 Bookmarks
o Sites can be bookmarked and available across devices
o Can sync history too
 Docs
 o Sync’d using cloud providers so data is accessible on any device at any time
 Location data
o Can config and allow apps to track location
o Helps tailor search to be location specific
 Social media data
 eBooks

Mutual Authentication for multiple services (SSO)

 mutual authentication is a process by which both sides of a connection are authenticated prior to data tf
 Not only does server verify client creds but vice versa which adds security to the process
 Both Android and iOS devices will support mutual authentication commonly done in conjunction with SSL to
keep creds secure

Software and specific connectivity types might be required on the PC for sync

 iTunes required on iOS devices to a desktop

o USB lightning cable
o Wi-Fi and cellular connections to sync iCloud, etc
 Android devices have built in sync functionality for Google services
o Additional apps required to sync to other cloud services
o Additional apps required to sync with other platforms
o USB or wireless to sync with desktop

Module 7: Understanding System Security

Understanding Threats to Security

Threats come in various forms

 User
 Network
 Malicious
 Physical

User Threats – weakest point of any security system and there are a few ways to alleviate risk

 Restrict physical access to sensitive systems and data

 Manage data destruction
 Create corporate security policies
 Manage social engineering attacks
 Violation of security best practice is a common threat to organizations

Social Engineering – a very common way to gain access to the network by preying on employees human nature and
attempting to trick them into divulging seemingly harmless info

 Dumpster diving
 Shoulder surfing
 Creating friendship or inspiring pity
 Trojan horse attachments
  Posing as an employee

Phishing

 A form of social engineering

 Involves asking someone for a piece of info required for the attack but making it look like a legitimate request
 Often uses email
o Requests from banks and cc companies
o Promises of money or awards
 Direct users to fake links that harvest info
 Only way to prevent is user education

Spear Phishing

 Uses different kinds of msgs to further the idea that it’s a legit msg
 Instead of requests from banks or cc companies they appear to come from family or friends prompting the user
to click a link to watch a video
 Term comes from the request cutting through defenses like a spear and has a higher likelihood of being clicked

Whaling – Phishing for high profile users

Vishing – Phishing that uses the phone systems and takes advantage of the lack of call tracing when using VoIP

Network Threats – attacks that would target network technologies, protocols or devices

 Denial of Service (DoS) – Web server hammered with too many requests, of malformed packet headers to cause
buffer overrun
 Distributed Denial of Server (DDoS) – using multiple PCs to attack a web server using a Trojan horse for eg
 Man-in-the-middle attack – attacker places themselves in the middle of comms, TCP hijacking
 IP Spoofing – Plays with source IP addresses in packet headers
 DNS cache poisoning – Changing the local DNS IP addresses to redirect users to bad sites

Zero-Day Attacks

 Occurs when a security vulnerability in an application is discovered on the same day the application is released
 Very difficult to defend against as patches are not yet released

Zombie / Botnet – A PC infected with malware that takes part in a DDoS attack

Password Attacks

 Brute Force attack

o Operates by attempting every possible combination of characters that could be used as a password
o Can occur both on or offline
o Can be thwarted by account lockout policies so online attacks are unlikely to be successful
 Dictionary attacks
o Rely of large files that are lists of dictionary words
o Always performed offline
o Thwarted by the use of password complexity policies

Noncompliant Systems
  Systems that do not have the appropriate antimalware updates and OS patches installed
 Enterprise networks use software to prevent noncompliant systems from connecting and to ensure that systems
remain in compliance

Malicious Code Attacks – a specific type of software attack that uses programming code with malicious intent often
referred to as malware

 The general purpose is to disrupt systems by deleting or corrupting data or taking control of the system through
malicious code
 Malicious code attacks can go undetected for long periods of time and be used later for DDoS attacks or to
remotely access the system or for the purpose of identity theft

Several types exist

 Virus – attach themselves to other programs or data files

 Worms – replicate themselves without user intervention
 Trojan horse – delivery vehicles for destructive code
 Logic bombs – program with hidden code designed to run when a specific condition is met
 Rootkits – SW that grants full system control to an attacker – copied in MBR, bootsector
 Spyware – SW running without knowledge of user that’s spying on activity
 Adware – SW running without knowledge of user that’s causing PC issues then alerting them to possible fix
 Ransomware – Encrypts drive then gives msg to user demanding they pay $x to get system back

Types of Viruses

Physical Threats

 Theft
 Physical damage
 Loss of systems and access
 Unauthorized network access
 Tailgating – people getting access to areas by following someone else after their clearance allowed them in

Understanding Common Prevention Methods

Physical Access Restrictions - though the access may not be malicious in nature direct access to server hardware is never
a good idea

 Lock server rooms with key or key card locks

 Lock server cases
 Use cameras or motion sensors to monitor during off hours
 Security guards for extremely sensitive systems
There are many physical security controls which can be implemented based on factors such as importance of resource
being protected, impact of its compromise and money available to spend on security

 Mantraps to prevent tailgating

 Locked doors
 Video surveillance
 Door access controls
o ID badges and key fobs
o Biometrics
o RFID badges

Additional Physical controls

 Cable locks – locks on laptops

 Securing physical docs/passwords/shredding
 Smart cards
 Tokens
 Privacy filters
 Entry control roster

In order to protect corporate networks and their systems most biz employ a layered approach or “Defense in Depth”
model that employs security tactics at various levels

 Physical security systems

 Firewall protection in internet and LAN connections
 Intrusion detection SW
 Antivirus and antimalware protection
 Auditing for security breaches
 Access control lists and encryption

CompTIA specifies both physical and digital prevention methods on the exam

Various means are used to provide digital forms of security

Depending on the type of attack various types of SW and user education will be needed in order to prevent them from
happening

 Social eng is best prevented through edu and corp policy

 Corp policy should also inform users how to handle file attachments from unknown sources
 Most networks will also implement centralized AV and antimalware SW in addition to corp and personal
firewalls

Antivirus and antimalware – used to prevent, detect and remove malicious SW from PC systems

 Centralized SW is available for networks

 Use virus signatures to detect malicious code trying to execute
 Signatures or definitions must be kept current
 Options for dealing with infected files
o Fix
o Quarantine
 o Delete
rd
 3 party tools available or Win Defender for Win 7 or later

Anti-spyware SW – can be separate SW dedicated to detecting and removing spyware and adware products similar to
antivirus software or bundled together with it

 Looks for files stored in key locations based on file names and signature files
 Needs to be kept up to date in order to continue protection
 Most major AV vendors bundle antispyware with products
 Look out for bogus antispyware products that ae themselves spyware

Best practice for Antimalware products

 Schedule scans
 Auto update
 Quarantine or delete infected files

Firewalls – SW or HW used to control info that is sent or received which resides typically on the network’s gateway or its
connection point to the public network

Firewalls have various functions and capabilities depending on specific implementation

 Filter data packets based on port number, source or destination IP

 Filter anonymous requests
 Filter appls to control outgoing access to internet services
 Filter inappropriate materials from the web
 Log activities to produce reports on access

HW Firewall – physical devices that protect the network and also functions as a router

 SOHO routers can function as a variety of devices in one and include many capabilities including firewall and
proxy functions
 Corporate firewalls
o Cisco PIX and ASA
o Sonicwall
o Barricuda
 Typically implemented at perimeter of network

General Firewall functions

 Packet filter
o Passing or blocking packets based on source and destination ip or ports
o Does not analyze data in the packet
o Rules define allow or disallow traffic
o Rules form what is sometimes called an ACL (Access Control List)
o ACL contains an implicit deny statement
 Proxy firewall
o Considered an intermediary between 2 networks
o Uses dual NICs to be connected to both outside networks and intranet
 o Examines all incoming data and makes rule based decisions as to whether request should be allowed or
refused
o All packets are reprocessed for use internally and sent to internal systems using the firewalls intranet ip
address thus masking the network from the internet
o Provides higher security
o Appl-level proxy vs circuit level proxy
 Stateful packet inspection – aka stateful packet filtering
o Tracks comms channel or where the packet is going
o Occurs at all levels of the network to provide additional security for connectionless protocols like UDP
and ICMP
o Adds complexity to the process and can make the device susceptible to DoS attacks
 SW Firewall (host based) – installed on the PC itself protecting it from network threats
o 3rd party firewalls
 ZoneAlarm
 Symantec Security Center
 BlackTie
o Win Vista and later provide Windows Firewall
 Basic config possible in Control Panel
 Host based that is on by default
 Can block incoming and outgoing traffic
 Win Firewall with Advanced Security for advanced config
 Win Firewall
o Incoming and outgoing rules
 Programs
 Ports
 Preconfig’d rules
o Network location aware using profiles
o IPSec integration
o Group Policy config in domain environments

User Authentication / Strong Passwords

 Imperative that the system be able to uniquely identify users

 Policies should be put in place to control password assignment and prevent password sharing
 Policies must balance security and usability
 Education on the creation of complex passwords is key
o Apples1 – not complex
o @pPLes! – complex
o P@ssw0rd – somewhat complex
o 8t!2oRu(e – very complex
 Password creation rules
o Don’t use personal info
o Don’t use dictionary words
o Don’t use more than 3 consecutive alphabetic characters
o Use symbols: @ ! 8 _
o No less than 8 characters and changed regularly
  Multifactor Authentication
o Adding additional elements to authentication
o 3 factors
 What you know
 What you have
 What you are
o In Win done by adding smart card or biometrics to the process
o Google use out-of-band authentication
 Text msg with an access code
 Phone call with an access code
 VPN (Virtual Private Networks
o Remote access connections that provide secure comms to a corporate office
o VPN endpoint can be a server or network appliance
o Tunneling and encryption protocols are used to secure transmission
 Data Loss Prevention (DLP)
o Systems and policies designed to prevent sensitive info from leaving the org either purposefully or by
mistake
o Provide ability to specify actions that uses are allowed to on a doc
o Go by many names
 Info rights mgmt.
 Digital rights mgmt.
 Data leakage protection
 Data loss prevention
 System Hardening
o Process of increasing security on systems to lessen likelihood of an attack
o Disabling ports
o Access control lists
 Used by firewalls and in file system
 Email filtering
o Allows for recognition and blocking of msgs that contain content not suited for biz processes
o Dealing with SPAM as well as preventing malware and social eng attacks
 Trusted/Untrusted SW sources
o Users downloading and installing SW is a danger
o Some orgs implement controls via proxy servers
o Revocation of admin rights for users
o Group policy restrictions
 Most effective method is education
o Social eng
o Malware
o Data
 Users must be informed about the role they play in security and dangers
o Using Acceptable Use Policies (ALP) could help with ensuring they account for bad behavior

Securing Workstations

Users are the weakest link and this is why education and policies that are enforced are the key to network security
Security checklist for workstations – CompTIA’s 5 best practices

 Passwords
 Account management
 Disable autorun
 Data encryption
 Patch/update mgmt.

Security Best Practices

 Always enforce the concept of “least privilege”

o Group membership
o Directory permissions
o Local rights

Password Best Practices

 Ensure people are aware of proper password handling techniques

o Don’t write it down
o Never share it
 Users should be required to use complex passwords that change frequently
o At least 8 chars, alpha, numeric, special chars, mix of upper and lowercase
o Change every 60 days
 Changing default user names and passwords
 Disabling default accounts – like the guest account
 Requiring a screen saver password
 BIOS/UEFI passwords
 Always require passwords

Account Mgmt Best Practices

 Restricting user permissions

o Least privilege
o No admin rights on their own machines
 Login time restriction
 Disabling guest account
 Failed attempt lockout
 Timeout / screen lock

Disable Autorun

 Some malware can infect files on removable media and be placed in the autorun.inf file on that media
 1st rule is never insert media to install software from an unknown source
 2nd rule is to ensure autorun remains disabled

Data Encryption

 Possible at both file and volume level

o Bitlocker
o EFS
  Should not be over utilized
 Strike balance between usability and security

Patch / Update Mgmt

 Many address vulnerabilities and are nearly as important as AV and antimalware updates
 Automated systems on network to ensure compliance
o Win Server Update Services - WSUS
o System Center Config Manager
 Win Auto Update client for workstations

Securing Mobile Devices

Highly portable and susceptible to loss and theft and could contain corporate info

Securing options

 Screen locks
o Basic mechanism – easy to setup
o Several types
 Fingerprint lock
 Users fingerprint to authenticate and unlock
 Relies on biometrics so more secure
 Face lock
 Facial scan of user to authenticate
 Secure cos of biometrics
 Swipe lock
 Single gesture or series of gestures
 Sometimes movement of an icon in a certain pattern
 Passcode lock
 Remote wipes
o iOS5 and later provide remote wipe capabilities through iCloud
o LostAndroid app is not installed by default but freely available
o Many email appls and MDM programs will support the ability to remotely wipe a device
 Locator and remote backup appls
o FindMe programs use GPS to locate lost or stolen devices
o Must be turned on prior to losing
o Backing can be performed by appls online
o Dropbox, google drive, box.net, icloud,
 Failed login attempts restrictions
o Similar to account lockout restrictions
o Available on mobile
 Lock the device for a period of time
 Perform remote wipe after a certain number of failed attempts
o iOS has Erase Data function which can be set after a number of failed attempts
o Android has appls that can do similar function
 Antimalware / Antivirus
o Mobiles can be infected too
 o Major vendors provide products for mobile devices
o Same rules and best practices apply
 Patching / OS updates
o Auto updates available for both OS’s
o Manually download OS updates when they notified by device
 Biometric authentication
o Most mobile devices offer this option
 Fingerprint or facial recognition
o Multifactor authentication is available
 Full device encryption
o 3rd party apps and Mobile Device Management SW like InTune

Authenticator Apps

 Make it possible for mobile devices to use a time-based OTP algorithm with a site that requires it
 Shared secret key is provided to user over a secure channel and stored in the authenticator app
 Key is used for all future logins to site
 User will provide username and password and an OTP

Trusted vs Untrusted sources

 Apps can be obtained from dangerous places

 Trusted sources: Google Play or App Store
 Users can be trained about dangers of untrusted sources
 Devices can be configured to disallow installations from untrusted sources

Firewalls

 Firewall apps
 In addition IPS or IDS can be placed on mobiles
 Realize these apps always run and can impact severely on battery life

Policies and Procedures

 Influx of mobile devices on networks impact security policies for organizations

 BYOD vs Corporate owned
o BYOD bring in a separate set of security concerns mitigated through MDM
o Corp owned devices controlled in same way but at a higher success rate due to standardization
 Profile Security Requirements
o Implement baseline security levels for all mobile devices connected to the network

Security Best Practices

 Invest in MDM
 Enforce passcodes and lockout screens
 Use complex PINs and passwords
 Encourage biometrics where possible
 Always leave Bluetooth disabled and only enable visibility to know devices
 Config passwords for purchases
  Use device encryption when available

Data Destruction and Disposal Methods

Due to all sensitive materials stored on HDDs its important for Orgs to have in place an appropriate plan

There are 3 key concepts in relation to sensitive data on HDDs

 Formatting
o Prepares the drive to hold data
o Can overwrite data that is already there
 Sanitation
o Thoroughly wiping data off drive – not through OS
 Destruction
o Renders drive no longer usable

Physical destruction

 Physically destroy drive makes it completely useless

o HDD
o Optical, Flash
 Shredders
o Used for paper
o Commercial shredders can destroy optical media
o HDD shredders are available but pricey
 Drill /Hammer
o Remove outer drive cover and platter covers, smash with hammer or drill through media
 Electromagnetic / Degaussing
o Applies strong magnetic field to initialize the media
o Wand model degausser go for $500
 Incineration
 Certificate of Destruction
o Docs that attest to physical destruction of media or approved method of media removal

Recycling/Repurposing

 If media needs to be reused

 Low-level format vs standard format
o Std marks space used by current files in the OS as being available for storage. Does NOT really erase data
o Low-level formats are performed by disk utils which actually wiped the disk clean
 Formatting options in OS are always std format
 Overwrite
o Entails copying over the data with new data
o Common practice is to replace all data with 0s
o Most SW do this multiple times
 Drive Wipe

Security for SOHO and Wireless Networks

SOHO networks

 Usually little security but still have private data that should be secured
 Security requires some planning and implementation
 Determine type of network

Wireless

 Most common
 Wireless comms use RF which opens additional network threats
 WAPs come with multiple security controls that need to be understood and implemented

Wireless security options

 Wired Equivalent Privacy (WEP)

 WiFi Protected Access (WPA)
 WPA2
 Always choose highest security option and ensure that encryption is enabled


Wireless Security Config

 Change default data: SSID name, admin username and password, default device password
 Disable SSID broadcast
 For higher security
o Use guest access feature
o Enable MAC filtering
o Assign static IPs and change default address scheme
 Radio power levels and antenna placement can restrict coverage areas
 Avoid the use of WiFi Protected Setup (WPS)

Wired SOHO Networks

 Std policies and procedures apply

o Physical security
o Static IPs
o Disabling switch ports

Changing Default Usernames an passwords

 If not required, delete or disable them

 Follow strong password policies as with all systems

Enable MAC Filtering

 Most APs and network switches provide this function

 A list of MAC addresses are config’d as approved
 If a connecting device isn’t on the list, it can’t connect
 Sometimes called network lock

Config’ing static IPs can increase security

Firewall settings

 All devices both wired and wireless should have this enabled by default
 Device and personal firewalls are important

Port Forwarding / Mapping

 Ports on the device are set aside for an internal host

 External hosts must use a specific port to comm with the internal system

Content Filtering

 SW to examine web connections, social media, searches and emails

 Looking for objectionable material or sites configured as restricted by admin

Update firmware

Physical security

Module 8: Troubleshooting And Operational Procedures

Troubleshooting Theories

Effective Tshooting

 Choose a model
 Methodical approach to problem solving
 Learn as much as possible about systems and tech
 Keep calm
 Be professional

Basic Stages of Tshooting Theory

 Identify the problem

 Establish theory or probable cause
 Establish a plan of action
 Implement solution
 Verify system functionality
 Document

Tshooting model is NB to consistently resolve issues in an efficient manner

Actual model used not as NB as methodical approach

Models

 CompTIA A+
 CompTIA N+
 Novell
 ASID

CompTIA A+ Model
Professional Comms

 Consider total msg

 Focus and actively listen
 Consider customer’s competence
 Speak professionally
 Respect the customer
 Be culturally sensitive
 Match delivery channel to customer
 Deal with difficult customers/situations appropriately

Consider Total Msg

 Msg is more than just words

 Facial expressions and body posture
 Tone of voice
 Maintain positive attitude
 Project confidence not arrogance

Focus and actively listen

 Don’t waste time with idle chit chat

 Most customers are paying for time
 Fix problem and move on
 Can be friendly and engaging
 Avoid distractions like personal calls, texting, social media, etc
 Avoid topics such as politics and religion

 Actively listen and avoid interrupting the customer

Consider customer’s competence

 Match comm level with customer’s ability

  Keep in mind many people will overstate their understanding
 Avoid using jargon where plain language would suffice
 Consider customer’s sense of pride at having to defer to tech with a problem

Sometimes users trying to hide an embarrassment

 May claim to have already performed tshooting tasks

 Mention calmly that there is method to isolate problems
 Try ensure the problem does not reoccur

Respect the customer

 Be on time
 Don’t minimize the problem
 Avoid distractions
 Don’t eat or drink in their spec
 Don’t’ use office devices unless for tshooting
 Try to avoid adjusting monitor, chair, keyboard
 Respect customers privacy
 Never interrupt customer or argue with them
 Never discuss or dispute info heard at a customers location

Be culturally sensitive

 Have knowledge of different cultures

 Helps to identify differences without passing judgement
 Request training if dealing with different cultures

Match your delivery to the customer

 Ensure comms channel is the one the customer is most comfortable with

Deal with difficult customers/situations appropriately

 Avoid
o Arguing
o Getting defensive
o Dismissing their problem
o Being judgmental
 Always clarify statements with open ended questions to narrow the scope, restate the issue or question to verify
understanding
 Don’t use social media to disclose experiences

Set and meet expectations

 Set reasonable timelines

 Comm status as appropriate
 Offer and explain options and potential consequences
 Provide proper docs on service provides
 Always follow up to verify satisfaction
Guidelines for Effective Comm

 Speak clearly
 Avoid jargon
 Keep msgs concise and specific
 Ensure msg understood
 Listen actively
 Paraphrase to ensure understanding

Operational and Safety Procedures

Safety is key: self, others and equipment

Electrical safety basics

 Current not voltage that is dangerous

 We can feel a single mA, 10mA contract muscles and 100mA can stop heart
 Human body has a natural resistance to current but can decreased
 Never insert anything into a wall outlet
 Remove jewelry and other metal
 Keep hands dry
 Avoid moisture and water

Electro Static Discharge (ESD)

Static Electricity – occurs when charges on separate objects are unequal, 1 positive and the other negative

 When charged objects are brought near each other current can flow to balance the charges
 Current flow is characterized by high voltage but low current
 Static discharge isn’t dangerous to humans but is to PC components

Prevent static buildup

 Increase humidity
 Anti-static bags
 Wear cotton clothing
 Remove carpeting

Prevent discharge or safely discharge

 Wear ESD straps

 Use ESD mats
 Stay grounded somehow

Personal safety

 Always disconnect power before repairing PCs

 Remove jewelry
 Lifting techniques
 Understand weight limitations
 Electrical fire safety
 Safety goggle
  Air filter mask

Disposal guidelines

 Batteries
 Toner
 CRTs
 Compliance with regulations

Toxic materials

 Comply with Material Safety Data Sheet MSDS

 Identify important facts, handling , disposal, first aid, storage

Other considerations

 Temp and humidity levels

 Proper ventilation
 Protection from airborne particles
o Enclosures
o Air filters/ mask
 Dust and debris
o Compressed air
o Vacuums
 Compliance to regulations

Power issues

 Power surge – sudden spike in power that can damage electrical equipment if not connected to surge protector
 Brownout – decrease in power but not complete outage which could still cause reboot
 Blackout – complete and prolonged power loss
 Battery backup
o UPS
 Surge protectors

OS Tshooting

Key is recognize symptoms and also understand which tools to use

 Common symptoms
o BSOD – read error msgs and research from there. Usually HW issue MB, RAM or device driver, check
event logs. Try reboot and if fails, use safe mode. In Mac mostly unresponsive app, try use Force Quit util
o Failure to boot
 Missing file: NTLDR
 Missing boot.ini – corrupted files, potentially malware. Boot up to OS recovery media
 Missing OS
 Invalid boot disk
 GUI fails to load – try safe mode with CLI
 Missing GRUB / LILO – maybe malware
o Kernel panic - Linux recovery media
 o Improper shutdown
o Spontaneous shutdown/restart – check HW first, otherwise malware maybe
o Device fails to start or detected – check drivers
o Missing DLL msg – potential driver issue, appl corruption
o Services failed to start – check services console and dependencies, try change auto restart behavior
o Compatibility error – app for old ver of Win stalled on newer version, rightclick and check compatibility
tab
o Slow system performance – check running apps and maybe performance monitor, maybe malware
o Boots to safe mode –
o File fails to open – maybe corruption, maybe malware, maybe incorrect file assoc
o Multiple Monitor misalignment / orientation – identify monitor, switch connection

Security and Privacy Guidelines for Troubleshooting

Sometimes IT personnel have to prove users were engaged in prohibited activity

 Company policy infringement

 Data leakage
 Violation of laws

It is responsibility of IT pro to respond appropriately in a professional and legal manner

Extent of harm caused depends on speed and quality of the initial response of event

Structured incident response policy

 Minimizes chance of extensive damage

 Increases chance of bringing criminal to prosecution

Incidence Response Guidelines

 1st Response – clearly defines activities related to initial point when incident is realized
o ID problem
 What policy or law prohibits action
 Categories
 Exploiting people
 Containing adult content
 Violating privacy rights
 Impersonation
 Pyramid schemes
 Etc
o Report though proper channels
 Violation of company policy – HR
 Violations of law – law enforcement
o Preserve data
 Content must be preserved until it can be turned over to authority
 Commandeering drives, devices or equipment
 Data must be preserved in the state it was discovered
 Follow procedures outlined in incident response plan
  Documentation / Change of Doc
o During process identify, detect, report problem
o Info may be NB if incident escalates to judicial system
 Chain of Custody
o NB
o When you begin to collect evidence, keep track of it all times
 Who has it
 Who has seen it
 Where has it been
o Occasionally chain of custody forms are required
 Licensing / DRM / EULA
o Use of items without purchase is illegal
o Digital media is protected by DRM
o Not all SW requires a license
 Open Source vs Commercial Licensing
o FOSS
o Commercial SW require purchase
 Personal License cannot be shared single use, Enterprise licenses allow multiple installations
 Personally Identifiable Information (PII)
o Any info about user that could uniquely identify them
o Always danger of companies leaking PII
 Follow corporate policies and security best practice policies

OS Troubleshooting Tools

Tools

 BIOS / UEFI – if issue is prior to OS

 SFC – maybe improper shutdown corrupted files
 Logs
o Event logs in Win
o Various logs in Linux /var/log/ directory
 Recovery console
 Repair discs
 Pre-Installation Environments (Win PE)
 REGSVR32 – registering dll files
 REGEDIT
 Event Viewer
 CLI
 Startup and Recovery Tools
o Advanced startup options – F8
o MSCONFIG
o Emergency Repair Disc (ERD)
o Auto System Recovery (ASR)
o Setup media
 Start up recovery
  Win PE
o 3rd party boot discs
o Uninstall/reinstall/repair

Tshoot Mobile Devices

Common Symptoms

 No display – is it powered on or charged? Perhaps “bricked” through power failure during update
 Dim display – check display settings
 Flickering display – could be calibration, faulty screen, malware
 Sticking keys – probable spill on laptop kb
 Intermittent wireless – distance from WAP, connected to correct network? Wifi analyzer as tool
 Battery not charging – perhaps near end of life
 Ghost cursor - calibration
 Unable to decrypt email – is appropriate certificate installed? Can device support DRM?
 Extremely short battery life – end of life?
 Overheating – apps using radios constantly in background
 System lockout – incorrect passcodes
 No power – dead battery or faulty charger
 Num lock indicator lights on laptop – enable/disable Fn Numlock
 No wireless connectivity – in range? Required config info?
 No Bluetooth connectivity – same as above are devices paired
 Cannot broadcast to external monitor – maybe faulty app, needs activation, setup on tv or monitor
 Touchscreen unresponsive – calibration issue,
 Apps not loading – could be low on mem, app may have to be forcefully stopped and restarted, clear all cached
data
 Slow performance – malware, too many apps running, some apps a memory hungry
 Frozen system – reboot or soft reset device using button combos
 No sound from speakers – are speakers plugged in or powered, Bluetooth settings correct, volume up?

Tshooting Tools

 Hard Reset – can be done by manufacturer

 Soft Reset – forcefully restarts device
 Close running apps
 Rest to factory default – reactivate device
 Adjust config or settings -
 Uninstall / reinstall apps
 Force stop

Mobile OS’s

 Common symptoms
o Signal drop / weak signal – coverage of SP bad?
o Power drain – greedy apps or malware
o Slow data speeds – coverage
o Unintended wifi connection – device remembering connection
 o Unintended Bluetooth pairing – could be attack, disconnect asap
o Leaked personal files /data – security issue more than troubleshooting
o Data transmission overlimit – sending/receiving large files
o Unauthorized account access – set pin
o Unauthorized root access –
o Unauthorized location tracking – could be malware or setting turned on
o Unauthorized camera / mic – malware
 Tools
o Anti-malware
o App scanner
o Factory reset / clean install
o App reinstallation
o Wifi analyzer
o Force stop
o Cell tower analyzer
o Backup / restore
o iTunes / iCloud / Apple Config
o Google Sync
o OneDrive

Tshooting Common Security Issues

NB to understand and occasionally issues are related to a security problem or misconfig’d security settings

 Common Symptoms
o Popups – spyware/adware – browser addons, reboot to AV recovery disc
o Browser redirection – malware or installed SW that came with unseen options
o Security alerts – certificates – installed, expired?
o Slow performance – malware?
o Internet connectivity issues – lots of questions – could be lots of things
o App crashes – malware? Scan, remove, repair app, uninstall reinstall app
o OS Update failures
o Spam – avenue for malware/phishing
o Renamed system files – malware –scan and address
o Security alerts – malware?
o PC lock ups – check antivirus
o Rogue antivirus - bogus AV software
o Files disappearing – malware/virus
o File permissions change – someone has control of pc and is messing with system. Check audit logs
o Hijacked email
o Access denied – could be config, permissions
 Tools
o AV SW
o Antimalware
o Anti-spyware
o Recovery console
 o System restore / snapshot
o Windows PE
o AV boot disks
o Event Viewer
o Refresh / restore
o MSconfig / safe boot
 Best Practices for Malware Removal
o Clearly ID when symptoms indicate malware
o Quarantine infected system
o Disable system restore
o 3rd party boot disks and Win PE are invaluable to scan and remove viruses
o Remediate infected systems
 Update AV
 Schedule scans and updates
 Educate user
 Create new restore point with cleaned system