SlideShare a Scribd company logo

501 ch 1 mastering security basics

Download as PPTX, PDF
G
gocybersec

The document discusses key topics in cybersecurity basics including the CIA triad of confidentiality, integrity and availability. It covers security controls like encryption that help achieve these goals. Risk concepts such as threats, vulnerabilities and risk mitigation are explained. The document also discusses virtualization, associated risks and benefits, as well as basic command line tools used in Windows and Linux systems.

Education
1 of 27
Downloaded 15 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
Proprietary & Confidential @GoCyberSec | January 2020 Chapter 1 Mastering Security Basics CompTIA Security +
Proprietary & Confidential @GoCyberSec | January 2020 Introduction • Understanding core security goals • Introducing basic risk concepts • Understanding control types • Implementing virtualization • Using command-line tools
Proprietary & Confidential @GoCyberSec | January 2020 CIA Triad • Confidentiality – Access to information, assets, etc. should be granted only on a need to know basis • Integrity – Integrity makes sure that the information is not tampered whenever it travels from source to destination or at rest (storage) • Availability – Availability concept is to make sure that the services of an organization are available at all times
Proprietary & Confidential @GoCyberSec | January 2020 Understanding Core Security Goals • Confidentiality –Encryption –Access Controls –Steganography
Proprietary & Confidential @GoCyberSec | January 2020 Understanding Core Security Goals • Integrity –Hashing –Digital Signatures –Certificates –Non-repudiation
Proprietary & Confidential @GoCyberSec | January 2020 Understanding Core Security Goals • Availability –Redundancy –Fault tolerance –Patching
Proprietary & Confidential @GoCyberSec | January 2020 Introducing Risk Concepts • Threats • Vulnerabilities –Any weakness • Risk is –The likelihood that a threat will exploit a vulnerability • Risk mitigation –Reduces the chances that a threat will exploit a vulnerability by implementing controls
Proprietary & Confidential @GoCyberSec | January 2020 Understanding Control Types Overview • Technical controls use technology. • Administrative controls use administrative or management methods. • Physical controls refer to controls you can physically touch.
Proprietary & Confidential @GoCyberSec | January 2020 Understanding Control Types Technical Controls • Use technology to reduce vulnerabilities • Examples – Encryption – Antivirus Software – Intrusion Detection Systems – Firewalls – Least Privilege.
Proprietary & Confidential @GoCyberSec | January 2020 Understanding Control Types Administrative Controls • Use administrative or management methods • Examples – Risk Assessment – Information Security Policies, Procedures and Standards – Awareness & Training – Configuration & Change Management – Contingency Planning
Proprietary & Confidential @GoCyberSec | January 2020 Understanding Control Types Physical Controls • Any controls that you can physically touch. • Examples – Light – Signs – Fences – Security Guards
Proprietary & Confidential @GoCyberSec | January 2020 Understanding Sub-Control Types • Preventive attempt to prevent an incident from occurring. • Detective controls attempt to detect incidents after they have occurred. • Corrective controls attempt to reverse the impact of an incident. • Deterrent controls attempt to discourage individuals from causing an incident. • Compensating controls are alternative controls used when a primary control is not feasible.
Proprietary & Confidential @GoCyberSec | January 2020 Preventive and Detective Controls Detective controls • Attempt to detect incidents after they have occurred • Log monitoring, trend analysis, security audit, video surveillance, motion detection • Cannot predict when an incident will occur • Cannot Prevent an incident • Used after an incident
Proprietary & Confidential @GoCyberSec | January 2020 Preventive and Detective Controls Preventive controls • Attempt to prevent an incident from occurring • Hardening, training, guards, change management, disabling accounts • Stops the incident before it occurs.
Proprietary & Confidential @GoCyberSec | January 2020 Corrective and Compensating Controls Corrective controls –Attempt to reverse the impact of an incident –Active IDS, backups, system recovery Compensating –Alternative controls used when a primary control is not feasible –TOTP instead of smart card
Proprietary & Confidential @GoCyberSec | January 2020 Deterrent Controls Deterrent controls –Attempt to discourage individuals from causing an Incident –Cable locks, hardware locks, fences Compare to prevention – Deterrent encourages people to decide not to take an undesirable action –Prevention stops them from taking an undesirable action –Security guard can be both
Proprietary & Confidential @GoCyberSec | January 2020 Implementing Virtualization • Terminology –Hypervisor –Host –Guest –Host elasticity –Host scalability One host appears as five systems on a network
Proprietary & Confidential @GoCyberSec | January 2020 Comparing Hypervisors • Type I (bare-metal) – Runs directly on hardware – No host operating system required • Type II – Runs as software within an operating system
Proprietary & Confidential @GoCyberSec | January 2020 Application Cell Virtualization • Runs services or applications within isolated application cells (or containers) • Also called container virtualization
Proprietary & Confidential @GoCyberSec | January 2020 Application Cell Virtualization • Runs services or applications within isolated application cells (or containers) • Also called container virtualization
Proprietary & Confidential @GoCyberSec | January 2020 Using Virtualization • Snapshots – Copy of a VM at a moment in time – Can revert to a snapshot if necessary • VDI/VDE – A user’s desktop – Persistent VDE – keeps user changes – Non-persistent VDE – doesn’t keep user changes
Proprietary & Confidential @GoCyberSec | January 2020 Risks Associated with Virtualization • VMs are files – Can be copied • VM escape – Allows attacker to access host from guest • VM sprawl – Uncontrolled VM creation (not managed) • Loss of confidentiality
Proprietary & Confidential @GoCyberSec | January 2020 Command- Line Tools • Windows – Launch Command Prompt – Launch Command Prompt (Admin)
Proprietary & Confidential @GoCyberSec | January 2020 Command- Line Tools • Linux – Launch terminal in Kali
Proprietary & Confidential @GoCyberSec | January 2020 Understanding Switches & Case • Windows switches typically use slash / – ipconfig /? • Linux systems typically use dash – – ifconfig -? • Windows commands rarely case sensitive • Linux commands are case sensitive
Proprietary & Confidential @GoCyberSec | January 2020 Command Demo • Windows – Ipconfig – ping – Netstat – Tracert – ARP – Systeminfo • Linux – ifconfig – cd – ls – grep – mkdir – mv
Proprietary & Confidential @GoCyberSec | January 2020 Chapter 1 Summary • Understanding core security goals • Introducing basic risk concepts • Understanding control types • Implementing virtualization • Using command-line tools

More Related Content

PPTX
501 ch 5 securing hosts and data
gocybersec
 
PPTX
501 ch 6 threats vulnerabilities and common attacks
gocybersec
 
PPTX
501 ch 2 understanding iam
gocybersec
 
PPTX
501 ch 7 protecting against advanced attacks
gocybersec
 
PPTX
501 ch 8 risk managment tool
gocybersec
 
PPTX
501 ch 4 securing your network
gocybersec
 
PPTX
501 ch 10 understanding cryptography and pki
gocybersec
 
PPTX
501 ch 9 implementing controls to protect assets
gocybersec
 
501 ch 5 securing hosts and data
gocybersec
 
501 ch 6 threats vulnerabilities and common attacks
gocybersec
 
501 ch 2 understanding iam
gocybersec
 
501 ch 7 protecting against advanced attacks
gocybersec
 
501 ch 8 risk managment tool
gocybersec
 
501 ch 4 securing your network
gocybersec
 
501 ch 10 understanding cryptography and pki
gocybersec
 
501 ch 9 implementing controls to protect assets
gocybersec
 

What's hot (20)

PPT
Ending the Tyranny of Expensive Security Tools: A New Hope
Michele Chubirka
 
PPTX
CSA Presentation - Software Defined Perimeter
Vishwas Manral
 
PPTX
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
Perimeter 81
 
PDF
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
SecureAuth
 
PDF
CSA SV Threat detection and prediction
Vishwas Manral
 
PPTX
Secure Your Web Applications and Achieve Compliance
Avi Networks
 
PPTX
Plain talk about security public - ms1
Mike Stone
 
PPTX
Threat Hunting at Scale
Panther Labs
 
PPTX
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Jason Trost
 
PDF
PIE - BSides Vancouver 2018
Greg Foss
 
PDF
Data Security for Project Managers
Joseph Wojowski
 
PDF
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
AlgoSec
 
PDF
(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception sacon
Priyanka Aash
 
PDF
Microservices security CSA meetup ppt 10_21_2015_v2-2
Vishwas Manral
 
PDF
Phishing Intelligence Engine - BlueHat v17
Greg Foss
 
PPTX
application security basics
Aravindan A
 
PPTX
The Key to Strong Cloud Security
Akeyless
 
PPTX
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
AlgoSec
 
PPTX
Anomali Detect 2016 - Borderless Threat Intelligence
Jason Trost
 
PPTX
IBM Secret Key management protoco
gori4
 
Ending the Tyranny of Expensive Security Tools: A New Hope
Michele Chubirka
 
CSA Presentation - Software Defined Perimeter
Vishwas Manral
 
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
Perimeter 81
 
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
SecureAuth
 
CSA SV Threat detection and prediction
Vishwas Manral
 
Secure Your Web Applications and Achieve Compliance
Avi Networks
 
Plain talk about security public - ms1
Mike Stone
 
Threat Hunting at Scale
Panther Labs
 
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Jason Trost
 
PIE - BSides Vancouver 2018
Greg Foss
 
Data Security for Project Managers
Joseph Wojowski
 
A Pragmatic Approach to Network Security Across Your Hybrid Cloud Environment
AlgoSec
 
(SACON) Sudarshan Pisupati & Sahir Hidayatullah - active deception sacon
Priyanka Aash
 
Microservices security CSA meetup ppt 10_21_2015_v2-2
Vishwas Manral
 
Phishing Intelligence Engine - BlueHat v17
Greg Foss
 
application security basics
Aravindan A
 
The Key to Strong Cloud Security
Akeyless
 
Reaching PCI Nirvana: Ensure a Successful Audit & Maintain Continuous Compliance
AlgoSec
 
Anomali Detect 2016 - Borderless Threat Intelligence
Jason Trost
 
IBM Secret Key management protoco
gori4
 
Ad

Similar to 501 ch 1 mastering security basics (20)

PPTX
501 ch-1-mastering-security-basics
gocybersec
 
PPTX
Disruptionware-TRustedCISO103020v0.7.pptx
Debra Baker, CISSP CSSP
 
PPTX
Assessment and Threats: Protecting Your Company from Cyber Attacks
Cimation
 
PDF
CompTIA Security+ All in One Exam Guide, Fifth Edition (Exam SY0 501) 5th Edi...
hadorngamid60
 
PDF
Computer Security 3rd Edition Dieter Gollmann
mlxqtaoc385
 
PDF
SSCP Systems Security Certified Practitioner All in One Exam Guide Third Edit...
saksahudaiud
 
PDF
SSCP Systems Security Certified Practitioner All in One Exam Guide Third Edit...
wgyunjq580
 
PDF
Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...
David Etue
 
PPT
Ch10
Ali Khawaja
 
PDF
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Matthew Rosenquist
 
PDF
Network and System Security John R. Vacca
kawetefavita
 
DOCX
Security architecture principles isys 0575general att
SHIVA101531
 
PDF
Network Defense and Countermeasures: Principles and Practices, 4th Edition Wi...
kitaranoyem
 
DOCX
Comparing Security Roles and Security Controls Lesson 1
LynellBull52
 
PPTX
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
mike parks
 
DOCX
Security and Ethical Challenges Contributors Kim Wanders.docx
edgar6wallace88877
 
DOCX
Security and Ethical Challenges Contributors Kim Wanders.docx
fathwaitewalter
 
PDF
Risk Mitigation Plan Based On Inputs Provided
Tiffany Graham
 
PDF
Sscp Systems Security Certified Practitioner Allinone Exam Guide Third Editio...
qhjmirl9960
 
PPT
Control system including PLC cybersecurity
Dr.Maged Mikhail
 
501 ch-1-mastering-security-basics
gocybersec
 
Disruptionware-TRustedCISO103020v0.7.pptx
Debra Baker, CISSP CSSP
 
Assessment and Threats: Protecting Your Company from Cyber Attacks
Cimation
 
CompTIA Security+ All in One Exam Guide, Fifth Edition (Exam SY0 501) 5th Edi...
hadorngamid60
 
Computer Security 3rd Edition Dieter Gollmann
mlxqtaoc385
 
SSCP Systems Security Certified Practitioner All in One Exam Guide Third Edit...
saksahudaiud
 
SSCP Systems Security Certified Practitioner All in One Exam Guide Third Edit...
wgyunjq580
 
Control Quotient: Adaptive Strategies For Gracefully Losing Control (RSAC US ...
David Etue
 
Ch10
Ali Khawaja
 
Intel Cyber Security Briefing at the Cyberstrat14 Security Conference in Hels...
Matthew Rosenquist
 
Network and System Security John R. Vacca
kawetefavita
 
Security architecture principles isys 0575general att
SHIVA101531
 
Network Defense and Countermeasures: Principles and Practices, 4th Edition Wi...
kitaranoyem
 
Comparing Security Roles and Security Controls Lesson 1
LynellBull52
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
mike parks
 
Security and Ethical Challenges Contributors Kim Wanders.docx
edgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
fathwaitewalter
 
Risk Mitigation Plan Based On Inputs Provided
Tiffany Graham
 
Sscp Systems Security Certified Practitioner Allinone Exam Guide Third Editio...
qhjmirl9960
 
Control system including PLC cybersecurity
Dr.Maged Mikhail
 
Ad

More from gocybersec (12)

PPTX
501 ch 3 network technologies and tools
gocybersec
 
PPTX
501 ch 3 network technologies tools
gocybersec
 
PPTX
501 ch 7 advanced attacks
gocybersec
 
PPTX
501 ch 11 operational security
gocybersec
 
PPTX
501 ch 9 implementing controls
gocybersec
 
PPTX
501 ch 8 risk management tools
gocybersec
 
PPTX
501 ch 6 threats vulnerabilities attacks
gocybersec
 
PPTX
501 ch 7 advanced attacks
gocybersec
 
PPTX
501 ch 5 securing hosts and data
gocybersec
 
PPTX
501 ch 4 securing your network
gocybersec
 
PPTX
501 ch 3 network technologies tools
gocybersec
 
PPTX
501 ch 2 understanding iam
gocybersec
 
501 ch 3 network technologies and tools
gocybersec
 
501 ch 3 network technologies tools
gocybersec
 
501 ch 7 advanced attacks
gocybersec
 
501 ch 11 operational security
gocybersec
 
501 ch 9 implementing controls
gocybersec
 
501 ch 8 risk management tools
gocybersec
 
501 ch 6 threats vulnerabilities attacks
gocybersec
 
501 ch 7 advanced attacks
gocybersec
 
501 ch 5 securing hosts and data
gocybersec
 
501 ch 4 securing your network
gocybersec
 
501 ch 3 network technologies tools
gocybersec
 
501 ch 2 understanding iam
gocybersec
 

Recently uploaded (20)

PDF
Paper A Mock Exam 9_ Attempt review.pdf.
SameeraNaveed2
 
PDF
Practical Manual AGRO-233 Principles and Practices of Natural Farming
MilindKhedekar2
 
PPTX
UV-Visible spectroscopy..pptx UV-Visible Spectroscopy – Electronic Transition...
Samruddhi Khonde
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
DOC
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PDF
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PPTX
Lesson notes of climatology university.
sgladness67
 
PPTX
UNIT III MENTAL HEALTH NURSING ASSESSMENT
Sonali Gupta
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PPTX
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
PDF
Trump Administration's workforce development strategy
Mebane Rash
 
PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PPTX
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
PDF
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 
Paper A Mock Exam 9_ Attempt review.pdf.
SameeraNaveed2
 
Practical Manual AGRO-233 Principles and Practices of Natural Farming
MilindKhedekar2
 
UV-Visible spectroscopy..pptx UV-Visible Spectroscopy – Electronic Transition...
Samruddhi Khonde
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
Soft-furnishing-By-Architect-A.F.M.Mohiuddin-Akhand.doc
ArchitectAFMMohiuddi
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
grade 11-chemistry_fetena_net_5883.pdf teacher guide for all student
banteamlakmebratu738
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
Lesson notes of climatology university.
sgladness67
 
UNIT III MENTAL HEALTH NURSING ASSESSMENT
Sonali Gupta
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
Trump Administration's workforce development strategy
Mebane Rash
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
Cell Structure & Organelles in detailed.
DHANASHREESIVAKUMAR
 
Weekly quiz Compilation Jan -July 25.pdf
Nitin Suresh
 

501 ch 1 mastering security basics

  • 1. Proprietary & Confidential @GoCyberSec | January 2020 Chapter 1 Mastering Security Basics CompTIA Security +
  • 2. Proprietary & Confidential @GoCyberSec | January 2020 Introduction • Understanding core security goals • Introducing basic risk concepts • Understanding control types • Implementing virtualization • Using command-line tools
  • 3. Proprietary & Confidential @GoCyberSec | January 2020 CIA Triad • Confidentiality – Access to information, assets, etc. should be granted only on a need to know basis • Integrity – Integrity makes sure that the information is not tampered whenever it travels from source to destination or at rest (storage) • Availability – Availability concept is to make sure that the services of an organization are available at all times
  • 4. Proprietary & Confidential @GoCyberSec | January 2020 Understanding Core Security Goals • Confidentiality –Encryption –Access Controls –Steganography
  • 5. Proprietary & Confidential @GoCyberSec | January 2020 Understanding Core Security Goals • Integrity –Hashing –Digital Signatures –Certificates –Non-repudiation
  • 6. Proprietary & Confidential @GoCyberSec | January 2020 Understanding Core Security Goals • Availability –Redundancy –Fault tolerance –Patching
  • 7. Proprietary & Confidential @GoCyberSec | January 2020 Introducing Risk Concepts • Threats • Vulnerabilities –Any weakness • Risk is –The likelihood that a threat will exploit a vulnerability • Risk mitigation –Reduces the chances that a threat will exploit a vulnerability by implementing controls
  • 8. Proprietary & Confidential @GoCyberSec | January 2020 Understanding Control Types Overview • Technical controls use technology. • Administrative controls use administrative or management methods. • Physical controls refer to controls you can physically touch.
  • 9. Proprietary & Confidential @GoCyberSec | January 2020 Understanding Control Types Technical Controls • Use technology to reduce vulnerabilities • Examples – Encryption – Antivirus Software – Intrusion Detection Systems – Firewalls – Least Privilege.
  • 10. Proprietary & Confidential @GoCyberSec | January 2020 Understanding Control Types Administrative Controls • Use administrative or management methods • Examples – Risk Assessment – Information Security Policies, Procedures and Standards – Awareness & Training – Configuration & Change Management – Contingency Planning
  • 11. Proprietary & Confidential @GoCyberSec | January 2020 Understanding Control Types Physical Controls • Any controls that you can physically touch. • Examples – Light – Signs – Fences – Security Guards
  • 12. Proprietary & Confidential @GoCyberSec | January 2020 Understanding Sub-Control Types • Preventive attempt to prevent an incident from occurring. • Detective controls attempt to detect incidents after they have occurred. • Corrective controls attempt to reverse the impact of an incident. • Deterrent controls attempt to discourage individuals from causing an incident. • Compensating controls are alternative controls used when a primary control is not feasible.
  • 13. Proprietary & Confidential @GoCyberSec | January 2020 Preventive and Detective Controls Detective controls • Attempt to detect incidents after they have occurred • Log monitoring, trend analysis, security audit, video surveillance, motion detection • Cannot predict when an incident will occur • Cannot Prevent an incident • Used after an incident
  • 14. Proprietary & Confidential @GoCyberSec | January 2020 Preventive and Detective Controls Preventive controls • Attempt to prevent an incident from occurring • Hardening, training, guards, change management, disabling accounts • Stops the incident before it occurs.
  • 15. Proprietary & Confidential @GoCyberSec | January 2020 Corrective and Compensating Controls Corrective controls –Attempt to reverse the impact of an incident –Active IDS, backups, system recovery Compensating –Alternative controls used when a primary control is not feasible –TOTP instead of smart card
  • 16. Proprietary & Confidential @GoCyberSec | January 2020 Deterrent Controls Deterrent controls –Attempt to discourage individuals from causing an Incident –Cable locks, hardware locks, fences Compare to prevention – Deterrent encourages people to decide not to take an undesirable action –Prevention stops them from taking an undesirable action –Security guard can be both
  • 17. Proprietary & Confidential @GoCyberSec | January 2020 Implementing Virtualization • Terminology –Hypervisor –Host –Guest –Host elasticity –Host scalability One host appears as five systems on a network
  • 18. Proprietary & Confidential @GoCyberSec | January 2020 Comparing Hypervisors • Type I (bare-metal) – Runs directly on hardware – No host operating system required • Type II – Runs as software within an operating system
  • 19. Proprietary & Confidential @GoCyberSec | January 2020 Application Cell Virtualization • Runs services or applications within isolated application cells (or containers) • Also called container virtualization
  • 20. Proprietary & Confidential @GoCyberSec | January 2020 Application Cell Virtualization • Runs services or applications within isolated application cells (or containers) • Also called container virtualization
  • 21. Proprietary & Confidential @GoCyberSec | January 2020 Using Virtualization • Snapshots – Copy of a VM at a moment in time – Can revert to a snapshot if necessary • VDI/VDE – A user’s desktop – Persistent VDE – keeps user changes – Non-persistent VDE – doesn’t keep user changes
  • 22. Proprietary & Confidential @GoCyberSec | January 2020 Risks Associated with Virtualization • VMs are files – Can be copied • VM escape – Allows attacker to access host from guest • VM sprawl – Uncontrolled VM creation (not managed) • Loss of confidentiality
  • 23. Proprietary & Confidential @GoCyberSec | January 2020 Command- Line Tools • Windows – Launch Command Prompt – Launch Command Prompt (Admin)
  • 24. Proprietary & Confidential @GoCyberSec | January 2020 Command- Line Tools • Linux – Launch terminal in Kali
  • 25. Proprietary & Confidential @GoCyberSec | January 2020 Understanding Switches & Case • Windows switches typically use slash / – ipconfig /? • Linux systems typically use dash – – ifconfig -? • Windows commands rarely case sensitive • Linux commands are case sensitive
  • 26. Proprietary & Confidential @GoCyberSec | January 2020 Command Demo • Windows – Ipconfig – ping – Netstat – Tracert – ARP – Systeminfo • Linux – ifconfig – cd – ls – grep – mkdir – mv
  • 27. Proprietary & Confidential @GoCyberSec | January 2020 Chapter 1 Summary • Understanding core security goals • Introducing basic risk concepts • Understanding control types • Implementing virtualization • Using command-line tools