Course 4 - Tools of the Trade: Linux and SQL Flashcards
When you press the power button, you’re interacting with the hardware. This boots the computer and brings up the operating system. Booting the computer means that a special microchip called a BIOS is activated. On many computers built after 2007, the chip was replaced by the UEFI. Both BIOS and UEFI contain booting instructions that are responsible for loading a special program called the bootloader. Then, the bootloader is responsible for starting the operating system. Just like that, your computer is on.
A virtual machine (VM) is a virtual version of a physical computer. Virtual machines are one example of virtualization. Virtualization is the process of using software to create virtual representations of various physical machines. The term “virtual” refers to machines that don’t exist physically, but operate like they do because their software simulates physical hardware. Virtual systems don’t use dedicated physical hardware. Instead, they use software-defined versions of the physical hardware. This means that a single virtual machine has a virtual CPU, virtual storage, and other virtual hardware. Virtual systems are just code.
One benefit is that virtualization can provide an isolated environment, or a sandbox, on the physical host machine. When a computer has multiple virtual machines, these virtual machines are “guests” of the computer. Specifically, they are isolated from the host computer and other guest virtual machines. This provides a layer of security, because virtual machines can be kept separate from the other systems. For example, if an individual virtual machine becomes infected with malware, it can be dealt with more securely because it’s isolated from the other machines. A security professional could also intentionally place malware on a virtual machine to examine it in a more secure environment.
Note: Although using virtual machines is useful when investigating potentially infected machines or running malware in a constrained environment, there are still some risks. For example, a malicious program can escape virtualization and access the host machine. This is why you should never completely trust virtualized systems.
Virtual machines can be managed with a software called a hypervisor. Hypervisors help users manage multiple virtual machines and connect the virtual and physical hardware. Hypervisors also help with allocating the shared resources of the physical host machine to one or more virtual machines.
One hypervisor that is useful for you to be familiar with is the Kernel-based Virtual Machine (KVM). KVM is an open-source hypervisor that is supported by most major Linux distributions. It is built into the Linux kernel, which means it can be used to create virtual machines on any machine running a Linux operating system without the need for additional software.
A GUI is a user interface that uses icons on the screen to manage different tasks on the computer. Most operating systems can be used with a graphical user interface. If you’ve used a personal computer or a cell phone, you have experienced operating a GUI. Most GUIs include these components: a start menu with program groups, a task bar for launching programs, and a desktop with icons and shortcuts. All these components help you communicate with the OS to execute tasks. In addition to clicking on icons, when you use a GUI, you can also search for files or applications from the start menu. You just have to remember the icon or name of the program to activate an application.
Now let’s discuss the command-line interface. In comparison, the command-line interface, or CLI, is a text-based user interface that uses commands to interact with the computer. These commands communicate with the operating system and execute tasks like opening programs. The command-line interface is a much different structure than the graphical user interface. When you use the CLI, you’ll immediately notice a difference. There are no icons or graphics on the screen. The command-line interface looks similar to lines of code using certain text languages. A CLI is more flexible and more powerful than a GUI. Think about using a CLI like creating whatever meal you’d like from ingredients bought at a grocery store. This gives you a lot of control and customization about what you’re going to eat.
Because a CLI can accept multiple requests at one time, it’s more powerful when you need to perform multiple tasks efficiently. For example, if you had to create multiple new files in your system, you could quickly perform this task in a CLI. If you were using a GUI, this could take much longer, because you have to repeat the same steps for each new file.
For security analysts, using the Linux CLI is helpful because it records a history file of all the commands and actions in the CLI. If you were using a GUI, your actions are not necessarily saved in a history file.
For example, you might be in a situation where you’re responding to an incident using a playbook. The playbook’s instructions require you to run a series of different commands. If you used a CLI, you’d be able to go back to the history and ensure all of the commands were correctly used. This could be helpful if there were issues using the playbook and you had to review the steps you performed in the command line.
Additionally, if you suspect an attacker has compromised your system, you might be able to trace their actions using the history file.
A microchip that contains loading instructions for the computer and is prevalent in older systems
Basic Input/Output System (BIOS):
A software program that boots the operating system
Bootloader:
A text-based user interface that uses commands to interact with the computer
Command-line interface (CLI):
A hardware component used for short-term memory
Random Access Memory (RAM):
A user interface that uses icons on the screen to manage different tasks on the computer
Graphical user interface (GUI):
A microchip that contains loading instructions for the computer and replaces BIOS on more modern systems
Unified Extensible Firmware Interface (UEFI):
A virtual version of a physical computer
Virtual machine (VM):
A program that allows the user to control the functions of the operating system
User interface:
The components of Linux include…
the user, applications, the shell, the Filesystem Hierarchy Standard, the kernel, and the hardware.
The shell is a…
command line interpreter. It processes commands and outputs the results.
Another element of the architecture of Linux is the ________________. It’s the component of the Linux OS that organizes data. An easy way for you to think about the ____ is to think about it as a filing cabinet of data. The ____ is how data is stored in a system. It’s a way to organize data so that it can be found when the data is accessed by the system.
Filesystem Hierarchy Standard, or FHS
The ________ is a component of the Linux OS that manages processes and memory. The _______ communicates with the hardware to execute the commands sent by the shell. The ________ uses drivers to enable applications to execute tasks. The Linux kernel helps ensure that the system allocates resources more efficiently and makes the system work faster.
kernel
Finally, the last component of the architecture is the hardware. Hardware refers to the physical components of a computer. You can compare this to software applications which can be downloaded into a system. The hardware in your computer are things like the CPU, mouse, and keyboard.
A directory is a file that organizes where other files are stored. Directories are sometimes called “folders,” and they can contain files or other directories. The FHS defines how directories, directory contents, and other storage is organized so the operating system knows where to find specific data.
Internal hardware
Internal hardware are the components required to run the computer. Internal hardware includes a main circuit board and all components attached to it. This main circuit board is also called the motherboard. Internal hardware includes the following:
The Central Processing Unit (CPU) is a computer’s main processor, which is used to perform general computing tasks on a computer. The CPU executes the instructions provided by programs, which enables these programs to run.
Random Access Memory (RAM) is a hardware component used for short-term memory. It’s where data is stored temporarily as you perform tasks on your computer. For example, if you’re writing a report on your computer, the data needed for this is stored in RAM. After you’ve finished writing the report and closed down that program, this data is deleted from RAM. Information in RAM cannot be accessed once the computer has been turned off. The CPU takes the data from RAM to run programs.
The hard drive is a hardware component used for long-term memory. It’s where programs and files are stored for the computer to access later. Information on the hard drive can be accessed even after a computer has been turned off and on again. A computer can have multiple hard drives.
KALI LINUX ™ is a Debian-derived distribution, it contains many pre-installed tools for cybersecurity tasks, and it should be used on a virtual machine. It is an open-source distribution.
Metasploit can be used to look for and exploit vulnerabilities on machines.
Burp Suite is another tool that helps to test for weaknesses in web applications
John the Ripper is a tool used to guess passwords.
tcpdump is a command-line packet analyzer. It’s used to capture network traffic.
Wireshark. It has a graphical user interface that can be used to analyze live and captured network traffic.
Autopsy is a forensic tool used to analyze hard drives and smartphones.
Ubuntu is an open-source, user-friendly distribution that is widely used in security and other industries. It has both a command-line interface (CLI) and a graphical user interface (GUI). Ubuntu is also Debian-derived and includes common applications by default. Users can also download many more applications from a package manager, including security-focused tools. Because of its wide use, Ubuntu has an especially large number of community resources to support users.
Ubuntu is also widely used for cloud computing. As organizations migrate to cloud servers, cybersecurity work may more regularly involve Ubuntu derivatives.
Parrot is an open-source distribution that is commonly used for security. Similar to KALI LINUX ™, Parrot comes with pre-installed tools related to penetration testing and digital forensics. Like both KALI LINUX ™ and Ubuntu, it is based on Debian.
Parrot is also considered to be a user-friendly Linux distribution. This is because it has a GUI that many find easy to navigate. This is in addition to Parrot’s CLI.
Red Hat Enterprise Linux is a subscription-based distribution of Linux built for enterprise use. Red Hat is not free, which is a major difference from the previously mentioned distributions. Because it’s built and supported for enterprise use, Red Hat also offers a dedicated support team for customers to call about issues.