Professor Messer’s CompTIA 220-1002 Core 2 A+ Course Notes James “Professor” Messer hƩp://www.ProfessorMesser.com content errors. Therefore, this book should serve only as a general guide and not as the ulƟmate source of subject informaƟon. The author shall have no liability or responsibility to any person or enƟty regarding any loss or damage incurred, or alleged to have incurred, directly or indirectly, by the informaƟon contained in this book. 2.5 - Denial of Service 2.5 - Zero-day AƩacks 2.5 - Man-in-the-Middle 2.5 - Brute Force AƩacks Ʃacks 28 29 29 30 30 es 4.2 - Change Management 4.3 - Disaster Recovery 4.4 - Safety Procedures 4.4 - Managing ElectrostaƟc Discharge 4.5 - Environmental Impacts 4.6 - Privacy, Licensing, and Policies 4.7 - CommunicaƟon 4.7 - Professionalism 4.8 - ScripƟng 4.9 - Remote Access Technologies 42 43 44 45 46 46 47 48 49 49 50 ing of computer hardware, mobile devices, networking, operaƟng systems, security techniques, and much more. The current series of the A+ cerƟĮcaƟon is based on the successful compleƟon of the 220-1001 and the 220-1002 exams. You must pass both exams to earn your CompTIA A+ cerƟĮcaƟon. This book provides a set of notes for the 220-1002 Core 2 exam. The 220-1002 Core 2 exam The 220-1002 exam objecƟves are focused on operaƟng systems, with over half of the exam detailing operaƟng systems and the troubleshooƟng of soŌware. Here’s the breakdown of the four 220-1002 exam domains: Domain 1.0 - OperaƟng Systems - 27% Domain 2.0 - Security - 24% Domain 3.0 - SoŌware TroubleshooƟng - 26% Domain 4.0 - OperaƟonal Procedures - 23% But 64-bit OS can run 32-bit apps • Apps in a 64-bit Windows OS • 32-bit apps: \Program Files (x86) • 64-bit apps: \Program Files Windows on a mobile device • MicrosoŌ Windows 10 • Fully-featured tablets • Many diīerent manufacturers • Touchscreen computer • Keyboards • Pen stylus • Windows Mobile • No longer in acƟve development • No support aŌer December 2019 Google Android • Open Handset Alliance • Open-source OS, based on Linux • Supported on many diīerent manufacturer’s devices • Android Apps • Apps are developed on Windows, Mac OS X, and Linux with the Android SDK • Apps available from Google Play • Apps also available from third-party sites • But for the home user 7 Enterprise Windows 7 Professional • Same features as Home Premium • Can connect to a Windows Domain • Supports Remote Desktop Host and EFS • Missing enterprise technologies - no BitLocker • x64 version supports 192 GB of RAM Windows 7 Enterprise • Sold only with volume licenses • Designed for very large organizaƟons • MulƟlingual User • Interface packages se features • AppLocker • Windows To Go • DirectAccess • BranchCache Windows 8/8.1 processor requirements • PAE (Physical Address Extension) • 32-bit processors can use more than • 4 GB of physical memory • NX (NX Processor Bit) • Protect against malicious soŌware • SSE2 (Streaming SIMD Extensions 2) • A standard processor instrucƟon set • Used by third-party applicaƟons and drivers henƟcaƟon • Centralized management BitLocker and EFS • Data conĮdenƟality • Encrypt important informaƟon • EncrypƟng File System • Protect individual Įles and folders • Built-in to the NTFS Įle system • BitLocker • Full Disk EncrypƟon (FDE) • Everything on the drive is encrypted • Even the operaƟng system • Home and business use • Especially on mobile devices Media Center • Video, music, and television portal • Perfect for watching at home • Record shows from a TV tuner • Play music • Watch DVDs • The center of your home entertainment center • Cable companies and other technologies were strong compeƟƟon • DisconƟnued by MicrosoŌ • Not oĸcially available in Windows 10 Globally Unique IdenƟĮer • The latest parƟƟon format standard • Requires a UEFI BIOS • Can have up to • 128 primary parƟƟons • No need for extended parƟƟons or logical drives Checks the disk for bad sectors - Time consuming Other consideraƟons • Load alternate third party drivers when necessary • Disk controller drivers, etc. • Workgroup vs. Domain setup • Home vs. business • Time/date/region/language seƫngs • Where are you? • Driver installaƟon, soŌware and windows updates • Load video drivers, install apps, update the OS • Factory recovery parƟƟon • This can help you later p Windows seƫngs, personal Įles, and applicaƟons • Must upgrade to a similar EdiƟon robocopy • A beƩer Xcopy • Included with Windows 7, 8.1, and 10 1.5 - Windows AdministraƟve Tools Computer Management • A pre-built MicrosoŌ Management Console • A predeĮned mix of plugins • Control Panel / AdministraƟve Tools • mmc.exe • A handy starƟng point • Events • User accounts • Storage management • Services • And more! Device Manager • The OS doesn’t know how to talk directly to most hardware • Device drivers are hardware speciĮc and operaƟng system speciĮc • Windows 7 device drivers may not necessarily work in Windows 10 • Technical Support FAQ • “Have you updated the drivers?” • Computer Management or devmgmt.msc Program, port, predeĮned services, custom • Custom • Program, protocol/port, scope, acƟon, proĮle Performance • What’s happening? • CPU, memory, etc. • StaƟsƟcal views • Historical, real-Ɵme • Newer versions include CPU, memory, disk, Bluetooth, and network in the Performance tab Networking • Network performance • Separate tab in Windows 7 • Integrated into the Performance tab in Windows 8/8.1/10 • View uƟlizaƟon, link speeds, and interface connecƟon state Users • Who is connected? What are they doing? • Windows 7 • User list, disconnect, logoī, send message • Windows 8/8.1/10 • Separate processes • Performance staƟsƟcs services into a single tab • Easy to view and sort esses, and y access to network resources • Browse and view Search • Indexing, search opƟons, searching non-indexed areas System • Computer informaƟon • Including version and ediƟon • Performance • Virtual memory • Remote seƫngs • System protecƟon System ProperƟes • Computer informaƟon • Including version and ediƟon • Performance • Virtual memory • Remote seƫngs • Remote Assistance and Remote Desktop • System protecƟon • System Restore, select drives 1.6 - The Windows Control Panel (conƟnued) here’s no TPM • Seamless • Works in the background • You never know it’s there Sync Center • Make Įles available, even when you’re not online • AutomaƟcally sync when back online • Built-in sync conŇict management • Not available in Home ediƟons • Needs oŋine Įle funcƟonality • Only available in Pro and higher • Mark Įles “Always available oŋine” devices and users • Deploy soŌware • Manage the operaƟng system • Manage in Control Panel / System Join a domain • Cannot be a Windows Home ediƟon • Needs to be Pro or beƩer • Control Panel / System • Need proper rights to add a computer Antenna connecƟons • USB connected or 802.11 wireless • Tether, Hotspot • Requires third-party soŌware • Each provider is diīerent pdates Quality of Service (QoS) • PrioriƟze network traĸc • ApplicaƟons, VoIP, and Video • Infrastructure must support QoS • DiīerenƟated Services Code Points (DSCP) Įeld in the IP header • IPv4 - Type of Service (ToS) Įeld • IPv6 - Traĸc Class octet • Manage through Local Computer Policy or Group Policy • Computer ConĮguraƟon / Windows Seƫngs / Policy-based QoS BIOS seƫngs • Enable/disable network adapters • On and oī - Not much nuance • ConĮgure OS and applicaƟon seƫngs Screen sharing • Integrated into the operaƟng system • Can also be viewed with VNC (Virtual Network CompuƟng) • Available devices appear in the Finder • Or access by IP address or name Force Quit • Stop an applicaƟon from execuƟng • Some applicaƟons are badly wriƩen • Command-OpƟon-Esc • List applicaƟon to quit • Hold the opƟon key when right-clicking the app icon in the dock • Choose Force Quit • Clean up log space • /var/log forcefsck Many pre-made Linux distribuƟons are available • I’m using Ubuntu in a virtual machine • Use the man command for help • An online manual • > man grep ls • List directory contents • Similar to the dir command in Windows • Lists Įles, directories • May support color coding; • Blue is a directory, red is an archive Įle, etc. • For long output, pipe through more: • > ls -l | more • (use q or Ctrl-c to exit) ps -e | more Your phone • SMS a code to your phone Guards and access lists • Security guard • Physical protecƟon • Validates idenƟĮcaƟon of exisƟng employees • Provides guest access • ID badge • Picture, name, other details • Must be worn at all Ɵmes • Access list • Physical list of names • Enforced by security guard • The switch monitors the number of unique MAC addresses • Maintains a list of every source MAC address • Once you exceed the maximum, port security acƟvates • Default is to disable the interface MAC Įltering • Media Access Control - The “hardware” address • Limit access through the physical hardware address • Keeps the neighbors out • AddiƟonal administraƟon with visitors • Easy to Įnd MAC addresses through wireless LAN analysis • MAC addresses can be spoofed • Security through obscurity • No separate device to lose Directory permissions • NTFS permissions • Much more granular than FAT • Lock down access • Prevent accidental modiĮcaƟon or deleƟon • Some informaƟon shouldn’t be seen • User permissions • Everyone isn’t an Administrator • Assign proper rights and permissions • This may be an involved audit cts against tampering • TKIP has it’s own set of vulnerabiliƟes • Deprecated in the 802.11-2012 standard WPA2 and CCMP • WPA2 cerƟĮcaƟon began in 2004 • AES (Advanced EncrypƟon Standard) replaced RC4 • CCMP (Counter Mode with Cipher Block Chaining Message AuthenƟcaƟon Code Protocol) replaced TKIP • CCMP block cipher mode • Uses AES for data conĮdenƟality • 128-bit key and a 128-bit block size • Requires addiƟonal compuƟng resources • CCMP security services • Data conĮdenƟality (AES), authenƟcaƟon, and access control inally a Unix technique • The “root” in rootkit • ModiĮes core system Įles - Part of the kernel • Can be invisible to the operaƟng system • Won’t see it in Task Manager • Also invisible to tradiƟonal anƟ-virus uƟliƟes • If you can’t see it, you can’t stop it ndows 7 - System Recovery OpƟons / Command Prompt • Boot from installaƟon media • Or select from F8 Advanced Boot Menu • Windows 8/8.1/10 • Troubleshoot / Advanced OpƟons / Command Prompt • Boot from installaƟon media • April 2011 - Oak Ridge NaƟonal Laboratory • Email from the “Human Resources Department” • 530 employees targeted, 57 people clicked, 2 were infected • Data downloaded, servers infected with malware ImpersonaƟon • Pretend to be someone you aren’t • Use some of those details you got from the dumpster • You can trust me, I’m with your help desk • AƩack the vicƟm as someone higher in rank • Throw tons of technical details around • Be a buddy - How about those Cubs? e next big vulnerability • The good guys share these with the developer • Bad guys keep these yet-to-be-discovered holes to themselves • They want to use these vulnerabiliƟes for personal gain • Zero-day • The vulnerability has not been detected or published • Zero-day exploits are increasingly common • Common VulnerabiliƟes and Exposures (CVE) • hƩp://cve.mitre.org/ caƟons require a parƟcular MAC address • It might not be legiƟmate • Circumvent MAC-based ACLs • Fake-out a wireless address Įlter • Very diĸcult to detect • How do you know it’s not the original device? local and network connecƟons • Share permissions only apply to connecƟons over the network • A “network share” • The most restricƟve seƫng wins • Deny beats allow • NTFS permissions are inherited from the parent object • Unless you move to a diīerent folder on the same volume No Autorun in Windows 7, 8/8.1, or 10 • Disabled through the registry • Consider changing AutoPlay • Get the latest security patches • Updates to autorun.inf and AutoPlay Password best pracƟces • Changing default usernames/passwords • All devices have defaults • There are many web sites that document these • BIOS/UEFI passwords • Supervisor/Administrator password: Prevent BIOS changes • User password: Prevent booƟng • Requiring passwords - Always require passwords • No blank passwords or automated logins Backup without wires - Use the exisƟng network • Restore with one click • Restores everything • AuthenƟcate and wait AnƟ-virus and AnƟ-malware • Apple iOS • Closed environment, Ɵghtly regulated • Malware has to Įnd a vulnerability • Android • More open, apps can be installed from anywhere • Easier for malware to Įnd its way in • Windows Phone • Closed environment • Apps run in a “sandbox” • You control what data an app can view ndows Vista and later • Can’t recover the data Hard drive security • 2009 UK university study of 300 hard drives from eBay and computer fairs • 34% had personal data, corporate informaƟon, sensiƟve informaƟon • Launch procedures for a ground-to-air missile system • File level overwriƟng - Sdelete – Windows Sysinternals • Whole drive wipe secure data removal • DBAN - Darik’s Boot and Nuke • Physical drive destrucƟon • One-oī or industrial removal and destroy Remote support • Install the latest soŌware • Update and upgrade the Įrmware • Firewalls, routers, switches, etc. Firewall seƫngs • Inbound traĸc • Extensive Įltering and Įrewall rules • Allow only required traĸc • ConĮgure port forwarding to map TCP/UDP ports to a device • Consider building a DMZ • Outbound traĸc • Blacklist - Allow all, stop only unwanted traĸc • Whitelist - Block all, only allow certain traĸc types e diagnosƟcs • Provided by the manufacturer • BIOS may have hardware diagnosƟcs ProĮles can become corrupted • The User ProĮle Service failed the logon. User ProĮle cannot be loaded. • If a proĮle doesn’t exist, it’s recreated • We’re going to delete the proĮle and force the rebuilding process • It’s not as easy as copying a Įle • Backups, registry modiĮcaƟons • Login with domain admin • Rename the \Users\name folder • Export the user’s registry • Delete the registry entry • Restart the computer System issues can be a factor ApplicaƟon crashes • ApplicaƟon stops working • May provide an error message • May just disappear • Check the Event Log • OŌen includes useful reconnaissance • Check the Reliability Monitor • A history of applicaƟon problems • Checks for resoluƟons • Reinstall the applicaƟon • Contact applicaƟon support One on one - Personal training • Posters and signs - High visibility • Message board posƟng - The real kind • Login message - These become invisible • Intranet page - Always available m any app (no alarm, no music, no audio) • Load latest soŌware • Factory reset Inaccurate touch screen response • Screen responds incorrectly or is unresponsive • Close apps - Low memory can cause resource contenƟon • Perform a soŌ reset, unless a hard reset is required • May require a hardware Įx • Replace the digiƟzer / reseat cables System lockout • Too many incorrect unlock aƩempts • iOS: Erases the phone aŌer 10 failed aƩempts • Android: Locks or wipes the phone aŌer failed aƩempts App log errors • Most log informaƟon is hidden • You’ll need developer tools to view it • A wealth of informaƟon • If you can decipher it • This might take a bit of research • Viewing logs • iOS - Xcode • Android - Logcat A single change can be far reaching • MulƟple applicaƟons, Internet connecƟvity, remote site access, external customer access • How long will this take? • No impact, or hours of downƟme Risk analysis • Determine a risk value • i.e., high, medium, low • The risks can be minor or far-reaching • The “Įx” doesn’t actually Įx anything • The Įx breaks something else • OperaƟng system failures • Data corrupƟon • What’s the risk with NOT making the change? • Security vulnerability, applicaƟon unavailability, or unexpected downƟme to other services ssion • Health and safety laws • Vary widely depending on your locaƟon • Keep the workplace hazard-free • Building codes • Fire prevenƟon, electrical codes • Environmental regulaƟon • High-tech waste disposal ower • Blackouts, brownouts, surges • UPS types • Standby UPS, Line-interacƟve UPS, On-line UPS • Features • Auto shutdown, baƩery capacity, outlets, phone line suppression Surge suppressor • Not all power is “clean” • Self-inŇicted power spikes and noise • Storms, power grid changes • Spikes are diverted to ground • Noise Įlters remove line noise • Decibel (Db) levels at a speciĮed frequency • Higher Db is beƩer Surge suppressor specs • Joule raƟngs • Surge absorpƟon • 200=good, 400=beƩer • Look for over 600 joules of protecƟon • Surge amp raƟngs • Higher is beƩer • UL 1449 voltage let-through raƟngs • RaƟngs at 500, 400, and 330 volts • Lower is beƩer lder Data • Maintain a Vulnerability Management Program • Implement Strong Access Control Measures • Regularly Monitor and Test Networks • Maintain an InformaƟon Security Policy e of • MicrosoŌ Oĸce applicaƟons • Commercial soluƟons • TeamViewer, LogMeIn, etc. • Screen sharing • Control the desktop • File sharing • Transfer Įles between devices Security consideraƟons • MicrosoŌ Remote Desktop • An open port tcp/3389 is a big tell • Brute force aƩack is common • Third-party remote desktops • OŌen secured with just a username and password • There’s a LOT of username/password re-use • Once you’re in, you’re in • The desktop is all yours • Easy to jump to other systems • Obtain personal informaƟon, bank details • Make purchases from the user’s browser ents for many operaƟng systems • Many are open source
