4.0 Operational Proceedures Flashcards
What are Network topology diagrams?
Network Topology diagrams that illustrate or describe the layout of the topology.
THEY MAY be logical, physical, or both.
What are Knowledge base/articles
External sources for data about known issues
including: Vendor/manufacturer knowledge base and Internet communities
What is Incident documentation?
A support tool kit is a tracking database where incidents that occur can be documented.
Each support incident will be logged as a job or
ticket within the incident management system.
Used to track incidents with different support reporting requirements.
Who are the 3 main Regulatory and Compliance policy makers?
Sarbanes-Oxley (SOX) = Public company accounting reform and investor protection act of 2002 in Finance
- (HIPAA) Health Insurance Portability and Accountability Act (HIPAA) ◦ healthcare standards for storage, use, and transmission of Healthcare info
- (GLBA) Gramm-Leach-Bliley Act of 1999 (GLBA) = Financial disclosure privacy
What is Acceptable use policy/AUP?
Is a set of rules applied by the owner, creator or administrator of a network, website, or service, that restrict the ways in which the network, website or system may be used and sets guidelines as to how it should be used
What is a Password policy?
Password policy ARE in place to ensure that security is maintained.
Passwords should be complex AND expire.
• Expiration ◦ 30 days ◦ 60 days ◦ 90 days
◦ Critical systems might have passwords changed weekly or every two weeks
What is Inventory management?
- A record of every asset
- Routers, switches, cables, fiber modules, etc.
- Financial records, audits, depreciation
- Make/model, configuration, purchase date, etc.
- Tag the asset • Barcode, RFID, visible tracking number
What are Asset tags used for? On what devices/hardware will you place/see them?
IT uses to track of all of the tangible/touchable/ technical assets in the organization.
There’s usually a tracking system that can track all the switches, the routers, the computers, the monitors, and anything else relating to technology. All IT hw.
What are Barcodes?
A Label Sticker w/ Asset tag # and barcode
The Barcode is scanned, used to track When a device is added to the database,
can track that device - wherever it is.
What is a Compliance policy?
Compliance = Meeting the standards of laws, policies, and regulations
• Catalog of rules
◦ Across many aspects of business and life
◦ Many are industry-specific or situational
• Penalties ◦ Fines ◦ Loss of employment
◦ Possible incarceration • Scope
◦ Domestic and international requirements
IF any change occurs, What Documented business processes include?
you MUST Document business processes IF any change occurs, there should be documentation.
Help Desk documentation may(should) contain references and a ticketing system.
WHAT IS THE Purpose of the change?
The Purpose of the change = WHY THE change is occurring
Scope the change
Scope the change To what degree are the changes being made.
• May be limited to a single server • May be global
Risk analysis
Risk analysis Determine a risk value and how impactful it may be.
Plan for change:
What HAS to happen for the change to be a successful change?
A change plan is an explanation of the proposed changes and the steps needed to achieve them. …
A change plan is developed to implement projects that have been specified for change
- Describe a technical process
- Others can help identify unforeseen risk for a complete picture
- May discuss Scheduling
End-user acceptance
End-user acceptance If the end-user does not know how to or is unwilling to change, then there will be a standstill.
This should be more of a formality.
Change board
Change board: A group, committee that filters what is going to be changed or remain the same and determines an importance or priority.
Approvals
Approvals = Without approvals, the process or project does not continue
What is a Backout plan?
Back out plan: A plan for when the original plan fails or has to rollback.
There should always be a way to revert back to a restore point.
Always have backups and backups for those backups.
Document changes
Document changes See Document Business Processes. Always document everything.
Last step in CompTIA is ALWAYS going to be the same document that changes no matter what takes place.
- Image level backup
Image level backup
- Bare-metal backup using images
- OS Volume snapshots / hypervisor snapshots
- Recover entire system at once • Make an exact copy somewhere else
File level
File level • Copy individual files to a backup
- May not store all system files
- May need to rebuild the OS then perform file restore
Critical applications
Critical applications
• Application (level) software
• App data
- Location of data
- May need all different types of data for a restore
Backup testing
Backup testing • This is done for simulation purposes and enables a leadership confidence in disaster situations
- Confirms the restoration is possible
- Perform audits periodically to ensure capabilities and backups
• UPS
UPS • Uninterruptible Power Supply
◦ Brownouts – low power
◦ Blackouts – no power
◦ Surges – too much power
Surge protector
Surge protector Used to clean the power coming in to prevent blowing out systems.
Surge suppressor • Not all power is “clean”
- Self-inflicted power spikes and noise
- Storms, power grid chan.ges • Spikes are diverted to ground
- Noise filters remove line noise
- Decibel (Db) levels at a specified frequency • Higher Db is better
Cloud storage vs. local storage backups
Cloud storage vs. local storage backups
• Cloud Storage
◦ Data is available anywhere and anytime
◦ If you have a network
• Local Storage ◦ Data is more secure ◦ Need to personally backup ◦ Strong encyption mechanism critical ◦ If you mess up, it’s on you
Account recovery options
Account recovery options= Apps can’t function if they can’t authenticate.
This is a good reason for implementing a centralized administration. If the shit hits the fan, local accounts may not be able to authenticate to your server..
BUT, Cloud may still be available.
Equipment grounding
Inside the pc case it’s power supply is grounded to the motherboard, and everything else. The power supply is also grounded to the case.
We can put our ESD band clipped on the metal part of the case and we’re grounded.
- Also applies to equipment racks • Large ground wire • Don’t remove the ground connection • It’s there to protect you
- Never ever connect yourself to an electrical outlet ground, it won’t prevent ESD
• Proper component handling and storage
Hold by edges, never touch the hw. Use and ESD bag. Ground yourself
- Antistatic bags
Protect all replacement PC hardware from ESD , always use. Wait to open until you are installing it.
- ESD straps
Attach to wrist, and then have a metal squeeze connector to connect to case.
- ESD mats
Stand on- to ground self- while Protect all PC hardware from ESD
- Self-grounding
remove jewelry, and touch case to ground self while installing RAM or replacing hardware/updates.
• Toxic waste handling
Always recycle OR dispose of at a hazardous waste facility
Batteries
- Batteries • and (UPS) Uninterruptible Power Supplies
* Dispose at your local hazardous waste facility
- Toner
Recycle /reuse. Send back/return to manufacturer
- CRT
CRTs • Cathode ray tubes - there’s a few of those left • Glass contains lead • Dispose at your local hazardous waste facility
Cell phones
Mobile device disposal • Wipe your data, if possible • This isn’t always an option
- Manufacturer or phone service provider may have a recycling program or an upgrade program
- Dispose at a local hazardous waste facility • Do not throw in the trash
Tablets
Mobile device disposal • Wipe your data, if possible • This isn’t always an option
• Manufacturer or phone service provider may have a recycling program or an upgrade program • Dispose at a local hazardous waste facility • Do not throw in the trash
• Personal safety
• Remove jewelry • And name badge neck straps • Or use breakaway straps
Disconnect power before repairing PC
WARNING • Power is dangerous • Remove all power sources before working • Don’t touch ANYTHING if you aren’t sure
- Replace entire power supply units • Don’t repair internal components
- HIGH voltage - Power supplies, displays, laser printers
- Remove jewelry
Remove jewelry • And name badge neck straps • Or use breakaway straps
- Lifting techniques
bend your knees
- Weight limitations
35 lbs + get a help – two person lift
Electrical fire safety
- Electrical fire safety • Don’t use water or foam
- Use carbon dioxide, FM-200, or other dry chemicals
- Remove the power source
- Cable management
Cable management • Avoid trip hazards • Use cable ties or velcro
- Safety goggles
- Safety goggles • Useful when working with chemicals
* Printer repair, toner, batteries
- Air filter mask
Air filter mask • Dusty computers • Printer toner
• Compliance with government regulations
Local government regulations • Health and safety laws
- Vary widely depending on your location • Keep the workplace hazard-free
- Building codes • Fire prevention, electrical codes
- Follow ALL Environmental regulation • High-tech waste disposal
(MSDS) Material Safety Data Sheet:documentation for handling and disposal
documentation for handling and disposal This is provided by DOL-OSHA. In America, this is a must.
ALWAYS Pay attention to proper safety documentation.
• Temperature, humidity level awareness, and proper ventilation
Temperature, humidity level awareness, and proper ventilation
- Temperature – Don’t want devices overheating • Humidity – 60% and above is hard to maintain but is counter to static electricity
- Humidity < 60% susceptible to electrostatic discharges • Proper ventilation helps prevent ESD and Overheating
• Power surges, brownouts, and blackouts
Power surges, brownouts, and blackouts • Battery backup • Surge suppressor
Battery backup
UPS • Uninterruptible Power Supply • Backup power • Blackouts, brownouts, surges
• UPS types • Standby UPS, Line-interactive UPS, On-line UPS • Features • Auto shutdown, battery capacity, outlets, phone line suppression
- Surge suppressor
- Not all power is “clean” • Self-inflicted power spikes and noise • Storms, power grid changes • Spikes are diverted to ground • Noise filters remove line noise
- Decibel (Db) levels at a specified frequency • Higher Db is better Surge suppressor specs • Joule ratings • Surge absorption • 200=good, 400=better
- Look for over 600 joules of protection • Surge amp ratings • Higher is better • UL 1449 voltage let-through ratings • Ratings at 500, 400, and 330 volts • Lower is better
Enclosures
Protection from airborne particles • Uses Enclosures • ARE used to Protect computers on a manufacturing floor • Protect from dust, oil, smoke
- Air filters/mask
Air filters and masks • Protect against airborne particles • Dust in computer cases, laser printer toner
Dust and debris
• Cleaning • Neutral detergents • No ammonia-based cleaning liquids • Avoid isopropyl alcohol
- Compressed air
• Compressed air pump • Try not to use compressed air in a can
- Vacuums
• Vacuum • Use a “computer” vacuum - Maintain ventilation
• Compliance to government regulations
Local government regulations • Environmental regulations • May have very specific controls
• The obvious • Hazardous waste • Batteries • Computer components • The not-as-obvious • Paper disposal
• Incident response
how we respond when something (bad) happens - a workstation OR your network is compromised
- First response
Incident response - First response Someone needs to be assigned as a first responder.
- Identify
• Identify the issue - Logs, in person, monitoring data
Report through proper channels
- Report to proper channels - Don’t delay • Collect and protect information relating to an event
- Many different data sources and protection mechanisms
Data/device preservation
• Data/device preservation ◦ Don’t turn off computer ◦ Data could be volatile ◦ RAM
◦ Traditional evidence preservation…fingerprints
◦ Photos and Videos
- Use of documentation/documentation changes
Incident response: Documentation • Security policy • An ongoing challenge • Documentation must be available
- No questions
- Documentation always changes • Constant updating • Have a process in place • Use the wiki model
Chain of custody
- Control evidence • Maintain integrity • Everyone who contacts the evidence
- Avoid tampering • Use hashes
- Label and catalog everything
- Seal, store, and protect
- Digital signatures
Tracking of evidence/documenting process
• Tracking of evidence/documenting process ◦ It’s how we manage the control of the data
◦ Anyone who comes into any contact with the evidence must be accounted for
◦ Check out/Check in
• Hash the files to preserve evidence tracking
Licensing/DRM/EULA
• Open-source vs. commercial license (closed-source)
◦ Open-source is where you have access to source code
◦ Closed-source is where you don’t have access to source code
• Personal license vs. enterprise license
◦ Personal license is where you are the only one allowed on that license
◦ Enterprise license is where the enterprise has a number of licenses
• DRM – digital rights management ◦ It’s yours. Your one use. ◦ Access control
- Open-source vs. commercial license
Licensing/DRM/EULA • Open-source vs. commercial license (closed-source) ◦ Open-source is where you have access to source code ◦ Closed-source is where you don’t have access to source code
- Personal license vs. enterprise licenses
• Personal license vs. enterprise license
◦ Personal license is where you are the only one allowed on that license
VS
◦ Enterprise license is where the enterprise has a BUNCH of licenses
DRM – digital rights management
• DRM – digital rights management ◦ It’s yours. Your one use. ◦ Access control
- Regulated data
• PII: Personally Identifiable Information
▪ Full Name ▪ DOB ▪ SSN ▪ Mother’s maiden name
Medical/financial/education/employment information
PCI – DSS
◦ Payment Card Industry
◦ A standard for protecting credit cards
WHAT ARE THE Six Control Objectives ???
- Build and maintain a secure network and systems
- Protect cardholder data
- Maintain a vulnerability management program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
- GDPR
• GDPR ◦ General Data Protection Regulation ▪ European Union regulation – Strictly managed ▪ Data protection and privacy for individuals in EU
▪ Gives individuals control of their information
- PHI
• PHI ◦ Protected Health Information ▪ Must maintain similar security requirements
◦ Part of HIPAA
▪ Health Insurance Portability and Accountability Act of 1996
• Follow all policies and security best practices
Follow all policies and security best practices Just do what you’re supposed to for the best of the customer and not for what’s best for you personally.
• Actively listen (taking notes) and avoid interrupting the customer
Don’t interrupt the customer until they are finished. Just listen.
• Have you installed any programs? or Applications?
◦ After you get everything, do a quick verbal summary to understand their line of thinking.
Dealing with difficult customers or situations
- Do not argue with customers and/or be defensive •
- Avoid being judgmental • Clarify customer statements (ask open-ended questions to narrow the scope of the problem, restate the issue, or question to verify understanding)
Set and meet expectations/timeline and communicate status with the customer
Offer different repair/replacement options, if applicable
• Provide proper documentation on the services provided
• Follow up at a later date to verify resolution.
-respect EU confidential and private materials found on a computer, desktop, printer, etc.
- .bat
Batch files • .bat file extension • Scripting for Windows at the command line
• Legacy goes back to DOS and OS/2* These .bat files were used primarily for MS DOS, while a version of this file format for Unix is called a shell script.
- .ps1
• .ps1 ◦ Powershell script ◦ .ps1 file extension ◦ Included with 8/8.1/10 ◦ Extend command-line functions ▪ Uses cmdlets
- .vbs
• .vbs a VB (Visual Basic) script file ◦ Back-end web server scripting
- .sh
Shell script • Scripting the Unix/Linux shell • Automate and extend the command line • .sh file extension
<p>- .py</p>
<p>.py Python • General-purpose scripting language • .py file extension • Popular in many technologies • Broad appeal and support</p>
- .js
js JavaScript • Scripting inside of your browser • .js file extension • Adds interactivity to HTML and CSS • Used on almost every web site
• Environment variables
Environment variables • Describes the operating system environment • Scripts use these to make decisions
- Common environment variables • Location of the Windows installation • The search path • The name of the computer
- The drive letter and path of the user’s home directory
• Comment syntax
• Comments • Annotate the code • There never seems to be enough of this
• Basic script constructs
!/bin/sh // Add the first input string INPUT_STRING=hello // Keep looping if the string isn’t equal to bye while [ “$INPUT_STRING” != “bye” ] do echo “Please type something in (bye to quit)” read INPUT_STRING echo “You typed: $INPUT_STRING” done
- Basic loops
• Loops • Perform a process over and over • Loop one time • Loop until something happens
- Variables
• Variables • Associate a name with an area of memory • x=1. y=x+7. Therefore, y=8. • pi=3.14 • greeting=“Hello and welcome.”
- Integers
• Integer data types • Perform numerical calculations
- Strings
• String data types • Some text
4.9 Given a scenario, use remote access technologies.
• RDP
RDP (Remote Desktop Protocol) • Share a desktop from a remote location over tcp/3389
- Remote Desktop Services on many Windows versions,AND has Clients for Windows, MacOS, Linux, Unix, iPhone, and others
- Can connect to an entire desktop or just an application •
4.9 Given a scenario, use remote access technologies.
• Telnet
Telnet • Telnet – Telecommunication Network - tcp/23
- Login to devices remotely. Username/password sent in plain text • NOT SECURE communication
- Console access • SSH has replaced Insecure Telnet.
4.9 Given a scenario, use remote access technologies.
• SSH
SSH (Secure Shell) - tcp/22
• Encrypted console communication
• Looks and acts the same as legacy/Telnet – tcp/23
4.9 Given a scenario, use remote access technologies.
• Third-party tools
Third-party tools • VNC (Virtual Network Computing)
- Remote Frame Buffer (RFB) protocol • Clients for many operating systems
- Many are open source • Commercial solutions • TeamViewer, LogMeIn, etc.
- 9 Given a scenario, use remote access technologies.
- Screen share feature
• Screen sharing • Control the desktop •
- 9 Given a scenario, use remote access technologies.
- File sharing
File sharing IS USED TO Transfer files between devices
4.9 Given a scenario, use remote access technologies. •
What are the Security considerations of each access method???
- Microsoft Remote Desktop • An open port tcp/3389 indicates RDP is being used. IT can be exploited a Brute force attack is common
- Third-party remote desktops • Often secured with just a username/password.
- Re-USE of username/password is a security concern
- Hacker can then Make purchases from the user’s browser, Obtain personal information, bank details. • Once in, you’re in • The desktop is all yours • Easy to jump to other systems
