CORE 2 STUDY NOTES

LINUX, macOS & WINDOWS FILE SYSTEMS

- File Systems
storage media preparation
1. bring device online
2. initialize disk
3. partition disk
4. format partitions.

- File Allocation Table (FAT32)

used by windows, Linux and macOS.
8 TB maximum partition
4GB maximum file size
windows FAT32 does not support local file system permissions, compression or
encryption.

- New Technology File System (NTFS)

8 PB maximum volume size (depending on OS version).
Default windows file system type for the OS disk volume
Local file system permissions
compression
Encrypting File system (EFS)

- Extensible File Allocation Table (exFAT)

Designed for SD cards and USB flash drives
16 EB maximum file size and not as compatible as FAT32 and NTFS.

- Extended Filesystem (ext)

Common file system used on Linux hosts.
Journaled file system.
Using additional tools, mountable via drive letters on modern Windows OSs
ext3/ext4
ext4 support for larger file systems than ext3 which means more efficient reads and
writes.

Apple File System (APFS)

Default file system for modern versions of macOS
snapshots and disk volume encryptions and quorta size limits.

MBR and GPT disks

- Disk Initialization
bring and initialize disk online
partitioning and formatting disk.

- Master Boot Record (MBR)

Legacy disk partitioning standard prior to 2TB hard disks.
Maximum disk size = 2 TB
maximum of 4 disk partitions.

- GUID Partition Table (GPT)

Disk size limit depends on the OS
Windows support up to 128 partitions on a GPT disk
Stores boot and partitioning data in multiple places on the disk for higher
resiliency than MBR.

- Windows File System Management Commands

diskpart, format, (dir, cd, md, rmdir, D:), copy, xcopy, robocopy, icacls, cipher,
sfc, chkdsk.

OPERATING SYSTEM & NETWORK MANAGEMENT

IPV4

- 32-bit addresses
- Dotted decimal notation
- IP addressing standard since the 1970

OSI Model is a 7 layered conception model

1. Physical
2. Data Link
3. Network
4. Transport
5. Session
6. Presentation
7. Application

IPV4 Addressing
- Four octets seperated by periods (means 8)
- Each octet falls between 0 and 255
- For example 199.126.128.190

Reserved Private IPv4 Address Ranges

- 10.0.0.0 - 10.255.255.255
- 172.16.0.0 - 192.168.255.255
- 192.168.0.0 - 192.168.255.255

Subnet Masks
- Define which part of the Ip address defnes the network versus the hosts address.
- Decimal notation 255.255.255.0
- Classless Interdomain Routing (CIDR) notation: /24

DNS and DHCP

- DNS = Centralized name resolution servive

DNS Zone Record Types

A - Resolve Fully Qualified Domain NAme (FQDN) to IPv4 address
AAAA - Resolve FGDN to IPv6 address.
PTR - Resolve IP address to FQDN
MX - Mail exchanger record: used for SMTP.
TXT - Text record: used to store data in DNS. Verify ownership of DNS domain.

DNS Forward Name Resolution

- DNS client query for www.skillsoft.com. A record over UDP port 53.
- DNS server responds with IP address for www.skillsoft.com

Dynamic Host Configuration Protocol (DHCP)

- Centralized IP configuration deployed in client devices.
- IPv4 and IPv6

DHCP IP configuration Settings

- IP address ranges
- IP address exclusions
- IP address reservations
- Default Gateway
- Domain Name Service (DNS) server
- DHCP lease interval

DHCP Process
1. DHCP Discover
2. DHCP Offer
3. DHCP Request
4. DHCP Acknowledgement

- Ipconfig /all
Command to see all the IP infomation
identity of the DHCP server
IPv4 & IPv6 information

DHCP lease
- DHCP lease time determines how long clients can keep the same IP configuration
- Clients renew leases before they expire.
- Using a short lease interval allows the reuse of IP addresses in the range for
short-term visiting client devices.

DHCP
- Servers listen on Port 67, clients listen on UDp 68.
- Vendor-class IDs can control address allocations.
- DHCP relay: DHCP relies on Local Area Network (LAN) broadcasts.

Managing Windows Networks Settings

- Netsh /? or netshell command

Firewall
- packet filtering

Linux IP Command
- Ip a

PHYSICAL SECURITY MEASURES

Physical Security Implementions

- Restricted access to IT infrastructure equipment, documents and other assets.
- Important thing is about making sure that only the authorized persons have
access.
- Like routers, switches, servers.

Physical Security
- Fencing
- Bollard posts to protect buildings from vehicle incursion.
- Lighting, locked gates.
- Access cards
- Security guards, guard dogs.
- Motion-sensing security systems

- Data centre camouflage

- Interior and exterior reflective glass windows.
- Clean desk policy and document shredding

Privacy Sreen Filters

- Stops people to look over your shoulder to see your screen.

Access Control Vestibule (Mantrap)

- Inner door opens only when outer door closes completely.
- Prevents tailgating.

Air-gap Critical Networks

- No way for it to communicate with another network directly.

Protection of Data at Rest

- File or disk volume encryption
- Restricted facility and server room access.
- Locked equipment racks.

Physical Security for Staff

- Safety and authentication.

Key Fobs
- Physical token to uthenticate/allow access.
- Similar to a vehicle wireless key fob.
- Also referred to as a "hardware token" often used for VPN authentication.
Smart Cards
- Credit card sized
- Contains an embedded microchip
- Used for authentication:
* Payment
* VPN Access
* Ability to send sensitive email messages (laptop smartcard slot)
* Can contain a PKI certificate (PKI Card)
Keys
- Physical Lock keys for doors, equipment racks.
- Electronic (symmetric and asymmetric encryption keys, proximity cards)
USB Security Key
- USB device that plugs into computer, can also have a security pin.
Biometric Authentication
- Something you are
- Facial Recognition
- Voice Recognition
- Fingerprint Scanners
- Retinal Scanner
Windows 10 Sign in options
_ Hello Face
- Fingerprint
- Hello Pin

Microsoft Active Directory (AD)

- Centralized network directory
- Kerberos
- Users, groups, computer accounts, app settings and group policy.
AD Authentication
- Device, user, software authentication.
- Permissions to access and use resource. Usage auditing.
Active Directory Service
- Supports Lightweight Directory Access Protocol (LDAP)
* TCP Port 389, 636 (TLS)
- Centralized management of users, groups, computer accounts, Group Policy and app
settings
- Devices can be joined to an AD domain.
* Allows AD account logon from any device
* Group Policy settings are applied to users and devices.
AD Forest and Domain Hierachy
- Forest root domain E.G quick24x7.local
- Child root domain E.G eaat.quick24x7.local
AD Organization Units (OUs)
- AD has a solid yellow folder icon.
- Can contain things like users/groups.
- Can add group policy settings.
Domain Controller Replication
- AD replication including Group Policy settings
- Users can log on to any domain joined device using their AD user account.
Cloud-base AD
- Managed sevice in the cloud.
- Create and manage AD objects using standard tools.
- Link cloud AD to on-premises AD.

Mobile Device Management

Mobile Device Management (MDM)

- Tablets
- Smartphones
Mobile Device Authentication
- User ID and password
- PIN Code
- Pattern/swipe
- Facial Recognition
- Fingerprint
- Login restrictions/account lockout
Mobile Device Ownership
- Bring your own device (BYOD)
- Corporate Owned
Mobile Device Locater Tools
- Find my device
- Apple = Find my Iphone
- Android = Find my device
- Locates location of where device is.
Mobile Device Remote Wipe
- Corporate partition
- Personal partition
- Encryption of data-at-rest
- Wipes entire device E.g, too many incorrect password attempts.
Mobile Device Hardening
- Device encryption
- Remote backup
- Restrict app installation including sideloading
- App geolocating
- Antivirus/firewall apps
- Disable uneeded components
* Camera enable airplane mode, location services, NFC and bluetooth.

Logical Security

Logical Security - Authentication

- Proof of identity
- Users, devices and software
- required before resource authorization is granted.
Multi-factor Authentication (MFA)
- Users multiple authentication catergories
* Something you know
* Something you are (biometric)
* Something you have (Smart card, hard or soft token)
* Something you are
* Something you do
Password Policies
- Length
- Complexity/character classes
- Minimum/maximum age, history.
- Account lockout

Logical Security

Password/credential Management
- Central location to store credentials.
- Authenticate
2 Step Verification
- Enter your verification code
Authorization
- Principle of least priviledge
- Network access comtrol lists (ACLs)
- Database/file system
Implementing physical security measures and devices

WIRELESS SECURITY PROTOCOLS & AUTHENTICATION MEASURES

Wi-fi Protected Access 2 (WPA2)

PERSONAL
- Wi-fi network encryption standard
- Uses a pre-shared key (PSK)
- Uses Advanced Encryption Standard (AES) instead of Temporal Key Integrity
Protocol (TKIP)
- Designed for home use: everybody knows the same shared secret.
WPA2 Configuration
- Network Security Key
WPA2-Enterprise
- Corporate or organizational environment
- Uses a centralized authentication server
- User authentication via username/password or PKI certificate.

Wi-fi Proteced Access 3 (WPA3)

- Supercedes WPA2 but nomall requires new WPA3-compliant wireless access
points/routers.
- Client device Wi-Fi cards must support WPA3.
WPA3 Personal
- Encryption is different for each connected user session.
- Uses Simultaneous Authentication of Equals (SAE) instead of pre-shared key (PSK)
- WPA3 has 192-bit encryption
Wi-Fi Easy Connect
- Connect IoT and devices to a wi-fi network
- Secures device using wi-fi connectivity using WPA3.
WPA3-Enterprise
- Similar to WPA2-Enterprise but also requires the use of Protected Management
Frames.
- Uses the Advanced Encryption Standard (AES)
- WPA3-Enterprise with 192-bit mode
* Government security standard modem

Temporal Key Integrity Protocol (TKIP)

- Used by the original WPA standard to provide message integrity and
confidentiality.

TKIP Operation
- Uses the RC4 symmetric stream encryption cipher.
- Ensures a different 128-bit RC4 encryption key is used for each packet.
- Slower performance than its successor AES.
- Vulnerable to attacks since it uses the same underlying methods as WEP standard

TKIP Attack Vectors

- Weak Message Integrity Check (MIC) key implementation.
- The first 3 bytes of each packet's RC4 key are public.