Professional Documents
Culture Documents
Free Download Principles of Computer Security Comptia Security and Beyond Lab Manual Exam Sy0 601 Jonathan S Weissman Full Chapter PDF
Free Download Principles of Computer Security Comptia Security and Beyond Lab Manual Exam Sy0 601 Jonathan S Weissman Full Chapter PDF
ISBN: 978-1-26-047012-3
MHID: 1-26-047012-1
The material in this eBook also appears in the print version of this title:
ISBN: 978-1-26-047011-6, MHID: 1-26-047011-3.
All trademarks are trademarks of their respective owners. Rather than put a
trademark symbol after every occurrence of a trademarked name, we use
names in an editorial fashion only, and to the benefit of the trademark owner,
with no intention of infringement of the trademark. Where such designations
appear in this book, they have been printed with initial caps.
TERMS OF USE
This is a copyrighted work and McGraw-Hill Education and its licensors
reserve all rights in and to the work. Use of this work is subject to these
terms. Except as permitted under the Copyright Act of 1976 and the right to
store and retrieve one copy of the work, you may not decompile, disassemble,
reverse engineer, reproduce, modify, create derivative works based upon,
transmit, distribute, disseminate, sell, publish or sublicense the work or any
part of it without McGraw-Hill Education’s prior consent. You may use the
work for your own noncommercial and personal use; any other use of the
work is strictly prohibited. Your right to use the work may be terminated if
you fail to comply with these terms.
Acknowledgments
Introduction
Lab Analysis
Lab Analysis
Lab Analysis
Lab Analysis
Key Term Quiz
Chapter 6 Applied Cryptography
Lab Analysis
Lab Analysis
Lab Analysis
Lab Analysis
Lab Analysis
Lab Analysis
Lab Analysis
Lab Analysis
Lab Analysis
Lab Analysis
Lab Analysis
Lab Analysis
Lab Analysis
Lab Analysis
Lab Analysis
Lab Analysis
Lab Analysis
Key Term Quiz
Chapter 24 Legal Issues and Ethics
Lab Analysis
Lab Analysis
Index
Acknowledgments
Mainstream media and pop culture use the term hacker to describe
someone trying to undermine computer security by breaching defenses and
exploiting vulnerabilities for malicious purposes. Traditionally, though, the
term has referred to computer experts pushing boundaries to achieve goals
and overcome obstacles.
The Jargon File from 1975, a glossary and usage dictionary of slang for
computer programmers (part of The Hacker’s Dictionary and The New
Hacker’s Dictionary), presents eight definitions of the term hacker, which
can be found at http://www.catb.org/~esr/jargon/html/H/hacker.html.
The first definition is “A person who enjoys exploring the details of
programmable systems and how to stretch their capabilities, as opposed to
most users, who prefer to learn only the minimum necessary.” The next six
follow similar themes. The last definition is “[deprecated] A malicious
meddler who tries to discover sensitive information by poking around. Hence
password hacker, network hacker. The correct term for this sense is cracker.”
Hackers are also often described by colored hats. A black hat hacker is
that evil, malicious cybercriminal or attacker, now simply referred to as a
hacker. A white hat hacker is an ethical hacker, a penetration tester who does
the same things that a black hat hacker does, with one important difference:
the white hat hacker has permission. White hat hackers are security
specialists hired by companies to both find and exploit vulnerabilities, so the
vulnerabilities can be identified and fixed before they are discovered by black
hat hackers. A gray hat hacker is a mixture of the other two types (as the
color gray is a mixture of the colors black and white). A gray hat hacker finds
and exploits vulnerabilities, without permission, and reports them to the
responsible individuals. Often, a gray hat hacker will request a fee for their
“services” to fix vulnerabilities that were found. If the fee isn’t paid, the gray
hat hacker may just drop it and move on to another target or may post the
vulnerabilities online to raise public awareness. Although this public
awareness is meant for users to learn about vulnerabilities and take security
precautions of their own, it may also make it easier for black hat hackers to
exploit the vulnerabilities. However, just as white hat hackers have no
malicious intentions, gray hat hackers have no malicious intentions, either.
Gray hat hackers want to raise public awareness to vulnerabilities while
perhaps making a quick buck. Some even just do it for fun, enjoying the
challenge of finding and exploiting vulnerabilities, with no intentions of
doing anything with what they discover. Unlike black hat hackers, gray hat
hackers are not looking to cause damage to a company. However, accessing
systems and networks without permission and exploiting their vulnerabilities
are illegal activities, which is where gray hat hackers get their black hat
component.
The lab exercises in this book can be performed imagining the perspective
of a white hat hacker or black hat hacker, or both. Cybersecurity is not just
defense. It’s offense as well. You can’t protect against cybercriminals unless
you know exactly what they’re doing and how they’re doing it. You also
have to think and act like an attacker to perform comprehensive penetration
testing.
The lessons and lab exercises map to the CompTIA Security+ exam
objectives, which will greatly help your chances of passing the exam.
Furthermore, they also will give you the knowledge and hands-on skills to
secure systems and networks. You’ll become more marketable in your job
search for one of the millions of unfilled cybersecurity jobs worldwide (3.12
million according to the study explained here:
https://blog.isc2.org/isc2_blog/2020/11/2020-isc2-cybersecurity-workforce-
study-skills-gap-narrows-in-an-unusual-year.html).
The chapters have been designed to correspond in name and content to the
chapters of the companion Principles of Computer Security: CompTIA
Security+™ and Beyond, Sixth Edition (Exam SY0-601) textbook (available
separately), but can be done without the textbook and in any order.
This lab manual can be used for individual study for the CompTIA
Security+ exam or as part of a college course. In fact, I’ll be using selected
chapters of this book for various courses of mine at my multiple colleges.
The chapters are varied in concepts, topics, and lab exercises, and that
enables certain chapters to map well to certain courses.
This book includes two icons designed specifically for the use of this book
in a college course with assigned lab exercises.
First, a screenshot icon appears very often in the book. Some steps require
you to take a screenshot to prove that the step was done correctly, and this is
a cue that you need to submit a screenshot for the specified steps. In most
cases, one screenshot will suffice, but some steps might require more than
one screenshot. Include only relevant parts of your screen in the screenshot.
Crop the screenshot, if necessary, to remove unnecessary items like the
desktop.
In Windows 10, you can use the Snip & Sketch utility to capture
screenshots and even. obfuscate personal information that you don’t want
shown. I recommend that you use Snip & Sketch on your Windows 10 host
machine to make screenshots of activities done in your VMs.
To learn how to use Snip & Sketch, check out the following resources:
• “Use Snip & Sketch to take a screenshot in Windows 10” (Windows
Community video): https://youtu.be/T1p2kgd-Rsc
• “How to take and annotate screenshots on Windows 10” with Snip &
Sketch: https://support.microsoft.com/en-us/windows/how-to-take-
and-annotate-screenshots-on-windows-10-ca08e124-cc30-2579-3e55-
6db63e36fbb9
Second, a keyboard icon appears throughout the book. Some steps require
you to type responses, and this is a cue that you need to submit typed answers
for the specified steps.
For each assignment, submit a single document that contains your
screenshots and typed answers. Your submission document should start with
a header page that contains your name; course prefix, number, and title; and
section number at the top. Include the chapter number and title and then the
specific Lab Exercise number (Lab Exercise 14.02, for example). For the
screenshots and typed answers, clearly label them with the associated step
(Step 1a, for example).
Keep in mind that links, websites, programs, interfaces, and tools change.
If you’re seeing something different than what’s described or shown in the
book, welcome to the world of technology—a constant moving target. In fact,
during the course of writing this book, various instances of the
aforementioned items changed, ranging from minor to major issues, and I did
my best to update the book before publication. By the time you’re reading
this, other things could have changed, too. Use Google searches and your
own common sense to adapt. Feel free to contact me as well!
Many lessons and lab exercises are unique to this book, and they simply
can’t be found anywhere else. Some were part of my courses already and
some are brand new. I’m excited to extend my classroom globally with this
book. All chapters and lab exercises have thorough introductions, and they
were written the way I lecture my students face-to-face.
Teaching is my absolute passion! Besides my passion for teaching, I am
extremely passionate about the subjects I teach. I am fortunate to live by the
famous proverb, “Choose a job you love, and you will never have to work a
day in your life.”
My classes, like this book, consist of a mix of lecture and lab. In my
opinion, you can’t attempt any lab without having fundamental knowledge
learned through the lecture. Furthermore, knowledge by itself is not enough.
Being able to apply knowledge to hands-on lab scenarios, simulating real-
world environments, is success at its finest!
As I say at the end of all my courses, “Once a student of mine, always a
student of mine.” Please get in touch and stay in touch with me. I’d love to
hear how this book helped you!
—Jonathan S. Weissman
Additional Resources for Teachers
The answer keys to the lab manual activities in this book are provided along
with resources for teachers using the Principles of Computer Security:
CompTIA Security+™ and Beyond, Sixth Edition (Exam SY0-601) textbook
(available separately). Instructors who have adopted these books for a course
can access the materials identified next. Contact your McGraw Hill sales
representative for details on how to access the materials.
Instructor Materials
The Principles of Computer Security companion web site provides many
resources for instructors:
• Answer keys to this lab manual
• Engaging PowerPoint slides on the lecture topics (including full-color
artwork from the book)
• An instructor’s manual that includes learning objectives, classroom
preparation notes, instructor tips, and a lecture outline for each
chapter
• Access to test bank files that allow you to generate a wide array of
paper- or network-based tests. The test bank includes:
• Hundreds of practice questions and a wide variety of question types
and difficulty levels, enabling you to customize each test to
maximize student progress
• Blackboard cartridges and other formats may also be available upon
request; contact your McGraw Hill sales representative
• Answer keys to the end-of-chapter activities in the companion
textbook
Chapter 1
Introduction and Security Trends
Lab Exercises
1.01 Staying Current with Industry
1.02 Cyber Threat Maps
1.03 Cybersecurity Survey
1.04 Building the Virtual Lab
Lab Analysis
Key Term Quiz
60 MINUTES
LinkedIn https://linkedin.com/in/jonathan-s-weissman-058b649b
Twitter https://twitter.com/CSCPROF
Instagram https://instagram.com/cscprof/
Learning Objectives
In this lab exercise, you’ll explore reasons for creating a LinkedIn profile and
becoming an active member on that platform. At the end of this lab exercise,
you’ll be able to
• Understand why LinkedIn is important for all professionals, especially
cybersecurity professionals
• Publish your own professional profile on LinkedIn
• Actively use LinkedIn both to give and to get professional benefits
Let’s Do This!
On LinkedIn, you can
• Meet and network with professionals in any industry, sector, or field.
• Find a mentor and become a mentor.
• Get discovered by hiring managers and recruiters.
• Stay in contact with other professionals and share career milestones.
• Brand and promote yourself with a profile for professionals to see.
• Get validated by professionals, in terms of your knowledge and
expertise.
• Share and view creative content and as a way to connect with others.
• Learn about companies, track companies for future job opportunities,
and engage with companies.
And the biggest reason, in my opinion, for joining LinkedIn is to…
• Stay current with events and happenings in your industry, sector, or
field.
1b, 1c
Note
Certifications are another way that I stay current. I stress the importance of
industry certifications to my students. In that same vein, I model myself for
my students. Having achieved 44 high-level industry certifications, I am
never not studying for a certification exam. The first thing I do upon earning
a new cert is to pick my next target. This shows my students that the learning
process never ends, and, especially in this industry, if you stand still in terms
of your knowledge or skills for even a short amount of time, you could be
obsolete and undesirable rather quickly. By studying for the CompTIA
Security+ certification, you’re following me on that path as well!
Note