User:Epsilonbeta
901 Studies Section 1 - Hardware
- BIOS and UEFI**
BIOS- Basic Input / Output System
-The software (firmware) used to start your computer
-BIOS chip is on motherboard -Initial hardware check (ram, cpu,) POST -After BIOS, computer looks for boot devices -Settings are saved in nonvolatile memory (ROM chip)
Legacy BIOS - Limited hardware support, over 25 years old
UEFI BIOS -Unified Extensible Firmware Interface
-Implemented by manufacturers -Boot from large GPT disks (<2.2TB) -Pre-boot has it’s own OS -Able to connect remotely
BIOS Configuration
RAM - View and configure memory settings
Hard drive/ SSD - view and enable/disable
Optical drive - view and enable/disable
CPU- Adjust settings
Hardware diagnostics - Build in BIOS
Firmware - Do not upgrade unless current firmware is having issues
BIOS Security
BIOS password / User password - System/OS will not start w/o password
Supervisor Password - Restricts BIOS changes w/o password
Full Disk encryption- Encrypts everything, even the OS. (bitlocker)
TPM ( Trusted Platform Module) -Build in or added to mobo
-used by Full disk encryption
LOJACK for laptops - Built into the BIOS
-Automatically installs to hdd
-phone home function sends location info
Secure Boot -Compares digital signatures to OS you are running
Installing BIOS Upgrades
Upgrading Firmware - Upgrade done to nonvolatile memory
- Reliable power source for no interruptions
- Improves performance/ fixes bugs
-Only upgrade if necessary (having problems)
- Modern upgrades run from .exe files Identifying BIOS Version -start up screen
-msinfo32 (windows)
- Motherboards**
Form factors
ATX - Advanced technology Extended
-20 or 24 pin power connector
-May see an addition 4 or 8 pin connector
Micro ATX - Smaller ATX motherboard
-backwards compatible
-similar power connectors to ATX
-Will mount in an ATX case
ITX -Series of smaller motherboards
-screws compatible with atx and micro atx
Computer Power
Pc power connectors - 20 and 24 pin main power
-provides 3.3V, 5V, and 12V
-20 pin for original ATX, 24 pin added for PCIe
-24 pin will fit 20 pin mobo
SATA Power - 15 pin power connector, 3.3V (rare), 5V and 12V
Molex - provides 12V and 5V…….4 pins
4 pin ATX - 12V (ATXV12, P4, or cpu label)
8 pin EPS - 12V connector, provides 12V to multiple CPUs
PCIe 8 pin & 12 pin- additional power for PCIe adapters
Expansion Slots and Bus Speeds
Bus width - How much traffic can pass (throughput)
Clock Speed -measures in Hertz (1 MHz = megahertz = 1 million cycles/second……...1Ghz= 1000MHz)
PCI - Peripheral Component Interconnect
-32 and 64 bit bus length
-32 bit= 32 lines of communication 64 bit = 64 lines of communication
-parallel bus = all bit are transferred at once
-32 bit slots are shorter
PCI-x -PCI extended
-more throughput, designed for servers
-parallel communication
PCIe -PCI express
-replaced PCI, PCIx, and AGP
-communicates serially, faster than parallel
-x1, x2, x4, x8,x16, and x32….full duplex
Mini PCI and PCIe mini -made for laptops
-wifi cards
RAM Slots
DIMM -Dual Inline Memory Module
-one single chip set
-electrical contacts different on each side
-64 bit dad width
-Double Data Rate(DDR) SDRAM- 184 pins
-DDR3 and DDR3 SDRAM- 240 pins
SO-DIMM - Small outline Dual Inline Memory Module
-used in laptops
-DDR & DDR2 -200 pins
- DDR3 204 pins
Micro DIMM - very small, used in small laptops
-DDR -172 pins
-DDR2 & DDR3 - 214 pins
CPU Sockets LGA Socket- Land grid array- pins on mobo instead of chip
Chipsets
Northbridge - Connects the CPU to the memory and high speed graphics
Card (PCIe or AGP)
Southbridge - Connects the PIC interface slots, USB, ethernet, IDE, BIOS,
Onboard graphics
-Serial I/O- serial port, parallel port, floppy disk, keyboard,
Mouse
Modern CPU’s - Most have multiple cores, memory controllers, and GPUs
Integrated
Motherboard jumpers and connectors
Jumpers - Enable or disable certain mobo features
-could be used to reset BIOS
- Interfaces**
USB 1.1 - 1.5 Mb/s - 12 Mb/s
-5 meters max
USB 2.0 - 480 Mb/s
-5 meters max
USB 3.0 - 5Gb/s
-3 meters max
Firewire - apple trademark, IEEE 1394
-daisy chain up to 63 devices
-4.5 meters (15 ft) distance limit per link
-Firewire 400 - 100, 200, & 400 Mb/s, half duplex
-Firewire 800 - 800 Mb/s full duplex, support up to 100M
Sata - power - 15 pins, data - 7 pins
1.0 - 1.5 Gb/s, 1 meter
2.0 - 3Gb/s - 1 meter
3.0 - 6Gb/s - 1 meter
eSata- matches sata version, 2 meters
VGA - Video Graphics Array
-Blue DB-15 connector, 5-10 meters max, analog signal only
HDMI- High Definition Multimedia Interface
-all digital, 20 meters before signal loss
-19 pin type A connector
-Type C connector for mini hdmi (cameras)
BNC - Bayonet Neill, Concelman, high end video Mini-DIN - S video, 2 channel analog DVI - Digital Video Interface
-DVI-A: analog
-DVI-D: Digital
-DVI-I: integrated (digital and analog)
Audio Ports - Analog TRS plugs (Tip, Ring, Sleeve)
-¼” = 6.5mm ⅛” = 3.5mm
-Digital optical fiber, 10m max
RJ11- Registered Jack #11 (telephone)
-6P2C (6 positions, 2 wires used)
RJ45 - Registered Jack #45 (ethernet)
- 8P8C
Thunderbolt - Data and power on same cable, daisy chain up to 6 devices
-V1: 10Gb/s per channel, 20Gb/s total
-v2: 20Gb/s
-v3: 40Gb/s
-Copper max: 3 meters
-Optical Max: 60 meters
MIDI - Musical Instrument Digital Interface
- Wireless Interfaces & Speeds**
Infrared - 4Mb/s Line of sight, 1 Meter max -laptops, phone, camera NFC - Near field communication
-106 kb/s, 212 kb/s, 424 kb/s, range of 10 cm or less
-mobile devices, payment devices
Bluetooth - Class 1 - industrial, 100m range
- Class 2 - mobile devices, 10m range
- Class 3 - Short range use, 1 m range
- Version 1.2 - 1Mb/s
-Version 2.0 + EDR (Enhanced Data Rate) - 3 Mb/s
-Version 3.0 + High speed - 24 Mb/s
-Version 4.0 - low power spec- 24 Mb/s
802.11 Networking
802.11a
5 Ghz
54Mb/s
120 meters
802.11b
2.4 Ghz
11 Mb/s
140 meters
802.11g
2.4 Ghz
54 Mb/s
140 meters
802.11n
2.4 Ghz or 5Ghz
600 Mb/s
(4 channels 150Mb/s)
250 meters
802.11ac
5 Ghz
693 Gb/s (8 channels 866.7 Mb/s)
250 meters
Frequency = number of cycles/ second (hertz)
- RAM**
RAM - Random Access memory ROM - Read only memory, does not change (BIOS) PROM - Programmable read only memory , written once EPROM - Erasable PROM, write/erase/write again EEPROM - Electrically Erasable PROM (Flash memory, SSD) SRAM - Static RAM
-very fast and expensive, very large
-used often in CPU caches (L1, L2, L3)
DRAM - Dynamic RAM
-needs constant refreshing or memory disappears
- can be stored anywhere and accessed directly
SDR SDRAM -Single data rate Synchronous DRAM
-synchronized with clock cycles (very slow)
-168 pins
DDR - Double data rate, twice as fast as SDR
-184 pins
DDR2 - Twice as fast as DDR
-240 pins
DDR3 - Twice as fast as DDR2
-240 pins
All 3 DDRs not backwards compatible, notches are off
Understanding PC Memory
Parity Memory - Adds additional parity bit, will not always detect error
-Will not fix error
ECC Memory - Error correcting code memory
-Detects and fixes errors, not used by all systems
-Even parity, parity bit makes an even number
Registered Memory -Used on servers, buffer zone Multi-channel Memory -installed in pairs or trios for max throughput
-combinations should match
Buffered Memory - Used to place less electrical load on the memory
Controller
- Storage Devices**
Optical storage - Small bumps are written to disc with laser
CR-ROM - 700 MB capacity
DVD-ROM - Single layer- 4.7 GB
-Dual layer - 8.5 gb
Blu-ray -Single layer -25GB
-Dual layer - 50GB
HDD - slower speeds, mechanical, can break, moving parts
SSD - no moving parts, very quick SSHD - Has spinning drive and SSD flash memory. Faster but less $$
Hot swappable - Remove or add without powering off machine
- USB, firewire, SATA, eSATA
USB Flash Drives - EEPROM - electrically erasable programmable ROM
Nonvolatile- loss of power does not erase data
Limited number of writes, easy to damage
Tape drives - magnetic tape, sequential storage, cheaper, long term storage
RAID
RAID 0 - Striping- data files split between 2 or more drives
High performance, no redundancy,one bad drive= data loss
RAID 1 - Mirroring - exact duplicate of data across 2 or more drives
redundancy , not speed
RAID 5 - Striping w/ parity - files are striped, requires at least 3 drives
High redundancy, efficient use of disk space
Parity calculation may affect performance
RAID 1+0 - stripe of mirrors,speed of striping but redundancy of mirroring, Need at least 4 drives
- Display Devices**
LCD displays- Liquid Crystal Display
-Light shines through liquid crystals
TN- Twisted Nematic- Most common/ low power, fast response (gaming) IPS - In plate switching , excellent resolution, more expensive that TN CCFL - Cold cathode fluorescent Lamp- high V, thicker, converts power Plasma - tiny cells with noble gas and mercury Digital Projectors - LCD common, metal-halide lamp OLED - Organic LEDs, thinner and lighter, no backlight, short life
Display specs - Refresh rates- number of times a screen is redrawn
-measures in hertz (Hz)
Resolution- number of pixels (W x H)
-standard 4:3 (1600 x 1200)
-wide screen 16:10
-hd 16:9
- Printers**
Laser Printers- uses lasers, high voltage, high quality, very fast
Imaging drum- painted with a laser
-picks up toner and transfers to paper
Fuser Assembly - melts plastic toner permanently to paper
Colors - cyan, yellow, magenta, black
Four separate toner cartridges
Pickup rollers - one page at a time, periodically needs cleaned
Separation pads - pulls just top sheet of paper
Duplexing Assembly - prints to both sides of paper
PROCESS: 1.) Processing, ready to print full page at one time 2.) Charging, wire set negative charge to photosensitive drum
3.)Exposing, laser writes image to photosensitive drum
4.)Developing, toner applied to drum
5.) Transferring, toner placed on paper from drum
6.) Fusing, heat and pressure to make toner permanent
7.) cleaning, toner off of drum
INKJET PRINTERS - Inexpensive, quiet, high resolution, expensive ink
-Ink cartridges places drops of ink on pages - Colors CYMK, cyan, magenta, yellow, key (black) Printhead- integrated into the cartridges, some not Feed rollers - feeds paper, some duplex Cartridge and belt- moves cartridges over paper Calibration- aligns nozzles to paper
Thermal Printers- receipt printers
-white paper turns black when heated, very quiet
-paper sensitive to light and heat
-heating element heats up parts of paper form characters
-paper covered with chemicals that changes color w/ heat
Impact Printers - Dot Matrix- printhead has pins that press against paper & mark
-good for carbon copies, multiple copies
-low cost, noisy, poor graphics, mostly for numbers & letters
-paper is pulled through with holes on each side of it
Print head - moves back and forth, ribbon in between head & paper Ribbon - made of fabric, easy to replace
Virtual Printers -no physical output, sending info to a digital file
Print to file - basically saving to file
-can only be read by certain program
Print PDF -portable document format,cross platform compatibility
Print to XPS - XML paper specification,
- similar to PDF, but included in windows
Print to image - letter imaging or sharing, not integrated in OS
PRINTER MAINTENANCE
LASER PRINTERS- kits that include new rollers, fuser units, etc.
-check page count to determine maintenance need
-do calibration
-clean dust from toner
Thermal Printers- clean heating element with alcohol
-remove tiny bits of paper
-print head pops out with lever
Inkjet Printers - print heads need cleaned, can be done automatically or manual
Section 2 - Networking
CABLES AND CONNECTORS
ST connectors - straight tip connector
SC connectors - subscriber, square, standard connector
LC connector - Lucent, local, little connector
RJ 11 - 6 position, 2 conductor (6P2C)
-telephone connector
RJ45 - 8P8C, modular
T568A and T568B need to be the same termination on both sides
RJ48C - 8P4C, T1, WAN, data lines
BNC connectors - coaxial cable connector, rigid and hard to work with
-DS3 WAN links
F connector - used on coax
NETWORK CABLING
Fiber optic - uses light instead of RF
-hard to monitor or tap, no interference
Multimode Fiber - short range, up to 2Km
-inexpensive light source (LED)
Singlemode Fiber- long range, up to 100Km w/o processing
-expensive light source (laser beam)
Twisted Pair copper cabling - two wires with equal and opposite signals
-pairs w/ different twist rates
-twists help with interference
UTP- unshielded twisted pair, most common
STP- shielded twisted pair, protects from interference, needs grounding
Plenum rated cable - special cable jacket to minimize smoke during fire
Coax- two or more forms share a common axis
RG6 - used for tv
RG59 - used as a patch cable (not for long distance)
Calculating Signal Loss
-distance = signal loss
-attenuation = loss of intensity of signal
-decibel (1/10 of a bell) - signal strength ratio measurement
CABLE CATEGORY
ETHERNET STANDARD
MAX DISTANCE
CAT3
10BASE-T
100 METERS
CAT5
100BASE-TX
1000BASE-T
100 METERS
CAT5e
100BASE-TX
1000BASE-T
100 METERS
CAT6
10GBASE-T
37-55 METERS
CAT6A
10GBASE-T
100 METERS
CAT7 SHIELDED
10GBASE-T
100 METERS
- TCP/IP**
IPv4 and IPv6
IPv4 -32 bit address, 4 octets, with 8 bits each, max decimal value is 255
IPv6 -128 bit address, first 64 network prefix, last 64 host address, hexadecimal
IPv6 Link local address - required on every IPv6 interface
IPv6 Compression - remove leading 0’s and 2 or more groups of 0’s
2000:0bb0:0000:0000:0000:0000:00a0:0002
2000:bb0::a0:2
RFC1918 addresses - private addresses
10.0.0.0 - 10.255.255.255 255.0.0.0 Host Size = 24 bits 172.16.0.0 - 172.31.255.255 255.240.0.0 Host size = 20 bits 192.168.0.0 - 192.168.255.255 255.255.0.0 Host size = 16 bits
Automatic Private IP Addressing (APIPA)- used if DHCP not working
-assigned by a workstation server
-Range: 169.254.0.1 - 169.254.255.254
-first and last 256 addresses reserved
-usable range: 169.254.1.0 - 169.254.254.255
-auto assigned: ARP to confirm address not in use
TCP/IP addressing
IP address- every device needs a unique IP
Subnet mask - used by local workstation to determine what subnet it is on
Default Gateway - allows you to communicate outside local network
DNS - translates domain names to ip addresses
- many DNS servers
-13 root server clusters
-hundreds of generic top level domains (.com, .net, .org, .edu)
-over 275 country code top level domains (.us, .ca, .uk)
-IPs of DNS servers provided by admins
- two addresses for redundancy
DHCP - auto assigns IPs, configures IP, subnet mask, default gateway
-separate from DNS
-IPs used to be static
Classless Subnetting -
CIDR - Classless Inter-Domain Routing (slash as end of IP)
Decimal
CIDR
255.0.0.0
/8
255.255.0.0
/16
255.255.255.0
/24
PORTS AND PROTOCOLS
Common TCP/UDP Ports
Protocol
Port
Name
Description
FTP
TCP/20, TCP/21
File Transfer Protocol
send/receive files between systems
SSH
TCP/22
Secure Shell
Encrypted console access
Telnet
TCP/23
Telecommunications network
Insecure console access
SMTP
TCP/25
Simple mail transfer protocol
Transfer email between mail servers
DNS
UDP/53 TCP/53
Domain Name Service
Convert domain names and IP addresses
HTTP
TCP/80
Hypertext Transfer Protocol
Web server communication
POP3
TCP/110
Post office protocol V3
Receive email into an email client
IMAP4
TCP/143
Internet message access protocol V4
A newer email client protocol
HTTPS
TCP/443
Hypertext transfer protocol secure
Web server communication with encryption
RDP
TCP/3389
Remote desktop protocol
Graphical display of remote access
NETBIOS
UDP/137
NetBIOS name service
Register, remove, and find windows services by name
NETBIOS
UDP/138
NetBIOS datagram service
Windows connectionless data transfer
NETBIOS
UDP/139
NetBIOS session service
Windows connection oriented data transfer
SLP
UDP/427 TCP/427
Service Location Protocol
Find MAC OS services by name
SMB
TCP/445
Server message block
Windows file transfers and printer sharing
AFP
TCP/548
Apple filing protocol
MAC OS File transfer
LDAP
TCP/389 UDP/389
Directory service protocol
Windows active directory
TCP - Transmission Control Protocol- connection oriented, reliable delivery, station
Responds back acknowledging receipt of data
-can manage out of order messages
UDP - User Datagram Protocol - connectionless, no formal setup, data just sent
-unreliable, no acknowledgement of receipt
-no reorder of data, received ad is
4 things needed to communicate: server IP and port number
Client ip and port number
Example: 192.168.1.1/ 62315 ------> 182.168.1.2/ 22
Non-ephemeral ports - permanent port numbers, usually on a server
Ephemeral port - temporary port numbers, client side
Port numbers tcp/udp - range from 0 - 65,536 0-1024 are well known ports (servers)
- Wireless Networking**
Wireless Standards
Wireless networks - IEEE 802.11
Popular standards- a,b,g,n,ac
STANDARD FREQUENCY
(GHz)
STREAMS
MAX THROUGHPUT PER STREAM
TOTAL MAX THROUGHPUT
NOTES
802.11a
5
1
54MB/s
54MB/s
Smaller range than b because high frequency (5GHz) is absorbed rather than bouncing like 2.4 GHz
802.11b
2.4
1
11MB/s
11MB/s
Better ranger than a, more frequency conflicts (microwaves)
802.11g
2.4
1
54MB/s
54MB/s
Backwards compatible with b, same frequency conflicts as b
802.11n
5 &2.4
4
150MB/s
600MB/s
Multiple inputs, multiple outputs (MIMO)
802.11ac
5
8
866.7MB/s
6934 MB/s
WIRELESS ENCRYPTION
WEP - Wired equivalent privacy,64 bit or 128 bit key size
-very vulnerable, capture enough packets and you can get key
WPA - Wifi protected access, larger encryption hash
-RC4 with TKIP (temporary key integrity protocol)
-every packets gets a unique encrypted key
WPA2- uses AES (advanced encryption standard)
-CCMP replaces TKIP
WPA2 Enterprise - everyone has their own key
CONFIGURING SOHO WIRELESS ROUTER
Wireless channels and encryption - WPA2 over WPA, never use WEP
-not all devices compatible with WPA2, may need upgrade
-use an open frequency, some APs do automatically (interference)
Configuring NAT - Automatic on SOHO routers, internal IPs translate to ext. IP
Port forwarding - 24/7 access to an internal hosted service (plex, web servers) -external ip/ port maps to internal ip/port, - also called destination NAT or static NAT, does not expire Port Triggering - like port forwarding, but only under certain circumstances
-opens for game, closes when game is turned off -only one person can trigger at a time
IP addressing - most use DHCP, IPs are easy to see on open network
Firewall and DMZ ports - every SOHO router is a firewall
-no external devices can directly access network
-DMZ ports can allow unrestricted access ( bad idea)
Managing QOS - change priority of traffic (VOIP high, gaming low)
-prioritize apps, could slow down apps
Firmware updates - doesn't happen often, do not do unless router is not
Working right, have backup of old firmware
UPnP - devices find other devices automatically, auto port forwarding
- no approval needed, security risk, can make changes to firewall
INTERNET CONNECTION TYPES
Cable Modem - data over cable, multiple services
DOCSIS- data over cable service interface specification, DOCSIS- international telecommunications standard that permits the addition of high-bandwidth data transfer to an existing cable TV (CATV) system.
DSL- ADSL- Asymmetric Digital Subscriber Line 1.5 mb/s
-uses phone lines, download faster than upload (asymmetric)
VDSL- Very-high-bit-rate DSL, faster than ADSL 7 mb/s
Dial up - voice telephone lines, 56k modems, slow throughput, analog lines
Fiber- high speed, voice and data over line
-hundreds of HD channels
-1Gb/s internet, 1TB cloud, 2TB DVR
Satellite - 2GHz range, high cost, 15mb/s download, 2mb/s upload
-sensitive to weather, high latency
ISDN - Integrated Services Digital Network
- Used on legacy telephone systems
Cellular Networks - separates land into cells, antenna covers cell with certain
Frequencies
-Tethering turns your phone into a router
LOS - line of sight, visual path between 2 antennas, high frequencies Common in metropolitan areas WI-MAX- Worldwide interoperability for microwave access
NETWORK TYPES
LAN - Local area network, could be one building or a group of buildings
Usually high speed, ethernet or 802.11 (wireless)
WAN - wide area network, larger than LAN
Communicating across country or world, usually slower than LAN
Different types of connections (point to point, satellite)
MAN- Metropolitan Area Network, larger than LAN, smaller than WAN
Usually in city, common to see owned by government
PAN - Personal area network, bluetooth, IR, NFC
NETWORKING DEVICES
HUB - called a multiport repeater, traffic repeated from one port to all ports
10 megabit, 100 megabit, hard to find today
Switches- Bridging done in application specific integrated circuits (ASIC)
-forwards traffic based on destination address
-core of enterprise networks
-multi-layer switches- switching and routing capabilities(layer 2&3)
Routers - Routes traffic between IP subnets
-forwarding decisions based on IP addresses
-Routers inside of switches sometimes called “layer 3 switch”
-can connect different types of networks (LAN, WAN, copper, fiber
WAP- wireless access point, acts as a bridge, extends the wired network onto
The wireless network. Forwards based on mac address
Modem - modulator/demodulator, converts analog to digital, uses phone lines
Firewalls - integrated into wireless routers or on a standalone device
-can proxy traffic
-can filter traffic based on TCP/UDP port number
-can be a router
-can filter based on data in packets
-some have VPN capabilities
Patch Panels - combo of punch down blocks and RJ45 connectors, permanent
Copper Line Drivers or extender - extends range of copper or copper ethernet
PLC - power line communication, ethernet over powerline 500MB/s
PoE- with switch - endspan, injector - midspan
Modes - Mode A- power on data pairs Mode B- power on spare pins
Networking Tools
Cable Crimpers - pinches connector to wire, metal prongs pushed in insulation
-exact modular connector for type of wire
Multimeters- read voltage, ohms, current
Toner probe - finds other end of wire
-tone generator- puts an analog sound on the wire
- Inductive probe- does not need to touch wire
-hear sound through a small speaker Cable testers - continuity checks, identifies missing pins or crossed wires -not used to test frequencies Lookback Plugs - used for testing physical ports -serial, RS232, network connections -not used for crossover cables
Punchdown Tools - punch a wire into a wiring block
-tedious, trims wire during punch
Wireless Analysis - easy to monitor, identifies errors and interference
-purpose built hardware or mobile device add on
Section 3 Mobile Devices
Laptop Hardware
Expansion Options- Express cards - 34mm and 54mm
-USB2: 48-Mb/s
-USB3: 5 Gb/s
-PCIe: 2.5 Gb/s
SO-DIMM - small outline dual inline memory module
64mm x 32mm
DDR & DDR2 - 200 pin DDR3 - 204 pin
USB Flash Drive - EEPROM - Electrically erasable programmable ROM
-limited number of writes
-non volatile
Thunderbolt - same as mini display port, provides high speed data
Replacing a desktop with a laptop
Laptop keyboard have less keys than desktop keyboards
Storage - SSD - 2.5” and 1.8”
SSHD - flash memory and spinning disks
Laptop and mobile memory - SO-DIMM and Micro DIMM
Smartcard readers - integrated or USB
Optical Disks - becoming rarer
Wifi Cards - PCIe and mini PCI
Screens - LCD - fixed resolution, very fragile
-power adapter converts AC to DC
Batteries - Lithium ION or Li-ion, charging diminishes battery
Laptop frames - heavy duty plastic or metal
Motherboards - built to fit certain model, not easy to replace
CPU - designed for mobility
-integrated features (memory controller, video)
-not very upgradeable
Laptop Displays
LCD - liquid crystal display, light shines through liquid crystals
-requires backlight, inverter converts DC to AC
-image but no light may be bad inverter
TN - Twisted Nematic LCD, fast response for gaming, low power
IPS - excellent resolution, more expensive
Fluorescent backlight - higher voltage, added thickness
LED backlight - LEDs around edge of screen
OLED - organic LED, no backlight, degrades overtime , expensive
WIFI antennas - wires wrap around outside of LED display
-main and auxiliary wire
Webcam - audio and video,
LAPTOP Features
Function Key - Fn + key, some toggle
-Examples: volume, screen brightness, airplane mode, enable or
Disable touchpad, screen orientation, gps, media options
Docking Stations - slide in and connect to mouse and keyboard
Mobile Devices
Tablets - 7” or longer
Smartphones - 3.5” - 5.5”
Phablet - 5.5” to 7”
E-readers - books plus music and other media
Smart Camera - face recognition and other features
Mobile Device Communication
NFC - Near field communication - send small amounts of data over
limited area, built into phone, payment systems, transportation
Access tokens, identity cards, short range w/ encryption
Proprietary Mobile Interfaces - early phones have power cable and a
separate cable for data
-EU set a standard on USB
- micro USB standard, common worldwide
-other devices use micro usb
-Apple has lightning cable -higher power output
-inserted either way
-more durable
Bluetooth - Personal Area Network (PAN)
IR - used to control other IR devices (phone for tv remote)
Hotspot/tethering - phone acts as 802.11 WAP
Mobile Device Accessories
Headsets - wired used TRRS connector
(Tip Ring Ring Sleeve)
-Wireless used bluetooth
TRRC - allows to have a microphone
Speakers - wires or bluetooth
External Game Pads - game controllers for mobile
Docking Stations - no wires, charge and sync
CC readers - phone becomes Point of Sale terminal
-uses internet link for approvals
-email receipt, sign w/ finger
SD/MicroSD
SECTION 4: HARDWARE & NETWORK TROUBLESHOOTING
Troubleshooting Common Hardware Problems
Unexpected Shutdowns - could be heat related
-check temps, heatsink, fans
Overheating - heat from CPUs, video cards, dust
- clean dust, check fans, airflow, heatsink,
Failing Hardware - run hardware diagnostics
Lockups - computer freezes up
-check for activity ( HDD light, status light)
-ctrl + alt + del
-update drivers
-low resources such as ram or storage
Hardware Diagnostics
POST - power on self test
-tests major components, beep codes for failures
-every manufacturer has unique beep codes
Blank screen - bad video, listen for beeps, BIOS issue
Continuous Reboots - how far is the boot going
Bad driver configuration - Boot, F8, last known good configuration
No power - check power source
-no POST could be bad motherboard
-check power supply output
Loud noises - Rattling: Loose components
Scrapping: HDD issue
Clicking: Check fans
Popping or smoke : check capacitors
Intermittent Device Failure - ban install, reseat, could be bad hardware
Indicator lights - POST codes on mobo, power, link light, speed light, HDD
Smoke and burning smell - electrical issue, remove power
BSOD - windows crash, windows stop error, check event log
Spinning Ball of death - apple issue, bug or hardware issue
Hardware Troubleshooting Tools
DMM - check voltage, continuity
Power supply tester - plugs in power supply, LCD shows voltage
Loopback Plugs - useful for testing physical plug, serial/RS232 ( 9 or 25 pin)
Port card/USB - detailed diagnostics during POST, LED numbers and letters
External PCI/ PCIe/ parallel
Storage Device Troubleshooting
Read/write failures Slow performance - constant LED activity Loud clicking noise - mechanical issue Troubleshooting - backup, check cables, check for heat, check PSU, diagnostic Boot failure - drive not recognized, beeps, error messages NO OS - HDD seen but windows not seen, check boot order RAID not found - missing or faulty raid connector, check raid software Crash screens - may indicate bad HDD S.M.A.R.T. - Self monitoring, Analysis & Reporting Technology
Monitors how drive is operating
Uses 3rd party utilities, finds warning signs
HDD Troubleshooting Tools
Physical Tools - screw drivers and external disc enclosures
CHKDSK / f - finds errors and repairs them
CHKDSK / r - locates bad sectors and recovers, also does /f
If volume is in use, run at startup (/r and /f)
Format - windows command, adds a file system a partition
-also removes all file entries
File recovery software - recovers files if not overwritten Defragmentation - moves files fragments so they are contiguous
-not necessary for SSD, DEFRAG on cmd
Troubleshooting Boot Process
PC only knows the basics: keyboard, mouse, RAM, etc.
Bootstrap Loader - In BIOS, loads program that loads the OS
2nd stage Boot loader - winload, GRUB, legacy...gets the OS Started
Master Boot Record (MBR) - first sector of the HDD
-usually only 512 bytes
-contains table of primary partitions
-contains disk signature and directions to starting OS
-UEFI does not use MBR, EFI System Partition (ESP)
Windows Command Prompt - boot from install disc to access CLI
- very powerful, last resort
-complete control, modify OS files
-enable/ disable service or device startup
-repair system boot sector or MBR
BOOTREC command
BootREC / scanOS - identifies windows OS
BootREC / fixboot - writes a new boot sector
BootREC / rebuildBCD - creates new boot config
Data store
DISKPART - manage partitions
Troubleshooting Display Issues
No video connection - first check everything is connected
-no video after windows boot, use VGA mode (F8)
Image Quality Issue - check cables and pins, and interfaces
Distorted - check OS refresh rate and resolution
-disable hardware acceleration
Oversized Images - resolution too low, lower = larger Image Sticking - problem with LCDs, white screen to refresh Pixel Issues - stuck pixels= always bright
-dead pixels = always black
Artifacts -unusual graphics, check adapters and drivers Motion trails - disable advanced video features BSOD and overheating - video drivers
-monitor internal temp.
Troubleshooting Networks
No network connection - check lights on physical connection
-ping loopback 127.0.0.1
-ping local IP address
-ping default gateway
-ping devices outside local network
Automatic Private IP addressing (APIPA) -link local address
-communicates inside local subnet
-169.254.1.0 - 169.254.254.255
-169.254.0.0/24 & 129.254.25.0/24 are reserved
-automatically assigned, when DHCP unavailable
-uses ARP to confirm address not in use
Limited or no connectivity - check local IP, make sure APIPA not used
-if DHCP is in use, do PING tests
Intermittent Connectivity - check system tray, check cables and NIC
-check switch or WAP
IP conflicts - two devices cannot used same IP
-DHCP helps, statics can cause issues
-windows will identify duplicates and prevent issues
-reboot or reset NIC to restart DHCP process
Slow transfer Speeds - overloaded network or devices
-speed and duplex must match
-hardware issue or cabling, also could be malware infection
Low RF wireless signal - interference with devices on same frequency
-incorrect channel, usually automatic
-bounce and latency
-WAP location
Wireless interference - fluorescent lights, microwaves, cordless phones,
High power sources, multi tenant buildings
SSID not found - could be too far away, closer networks could be louder
-SSID could be hidden, must enter manually
Network Troubleshooting Tools
Cable tester - continuity checks, crossed wires
Loopback plug - tests physical ports, serial/RS232, RJ35, T1
-only used for diagnostics
Punchdown Tools - punches wire into block, 60 & 110 blocks
-trims wires, makes neat, must maintain twist
Toner Probe - finds where cable goes
-generator puts analog sound signal on wire
-probe does not need to touch, sound through speaker
-used on punchdown blocks
Crimpers - pinches connector onto wire
-metal prongs pushed through insulation
Wireless Locators - software or hardware
-shows network frequencies, channels, etc.
Command Line Troubleshooting
PING - tests reachability & round trip time
-used ICMP, is a primary troubleshooting tool
IPCONFIG - used in windows
-IP info, DNS, default gateway, etc.
IPCONFIG/all - much more info
IFCONFIG - used in linux
TRACERT - Determine route packet takes to destination
Tracert - windows traceroute - linux
-used ICMP TTL
TTL= time to live = number of hops -decreased by 1 everytime packet goes through router -not all devices will reply with ICMP -some firewalls block ICMP NETSTAT - network statistics Netstat - a = shows all active connections in & out PC Netstat - b = shows binaries Netstat - n = do not resolve names, only show IPs NBTSTAT - netbios over TCP/IP -windows utility for querying netbios over TCP/IP info Nbtstat -n = list local netbios names Nbtstat - A 192.168.1.1 = list remote netbios names And IPs
NET - windows network commands
NET stop: stop a service (net stop spooler)
NET start :start a service (net start spooler)
NET use : map a network share to drive letter
(net use h:\\<servername> / <sharename?
Net view : view network resources
(net view \\<servername>
NETDOM - manage AD, windows 8 and higher
-join PC to domain, remove account, view domain info
NSLookup - lookup info from DNS servers, windows,mac and linux
Troubleshooting Laptops
No display or dim - verify backlight, no light= replace inverters
External Display - video good but bad LCD, replace LCD
Flickering Video - check cables and connectors
Input issues - laptop keyboards more fragile
Ghost Cursor - modify configuration, update drivers
Wireless troubleshooting - check antenna cables, multiple cables
Power issues - battery not charging, batteries lose capacity over time
No power = check outlet
Master laptop reset - hold power button for 10 seconds
External Monitor Issues - Fn keys to toggle LCD, CRT, both
-external monitor bypassed LCD (uses hardware)
Troubleshooting Mobile Devices Unresponsive Screen - could be software issue, do a reset Apple IOS - power, slide, power button -hold power and home for 10 seconds Android - remove battery APP issues - not loading or slow, reset app IOS- double tap home, slide app up Android - settings, apps, select app, force stop Unable to decrypt Email - encryption built into email system -each user has a private key -Mobile device manager for private keys Short battery life - bad reception, always searching for signal
-airplane mode to fix that
-disable unnecessary features, check app usage
-replace aging batteries
Overheating - phone will shut down automatically to prevent damage -causes include charging, cpu useage -avoid direct sunlight Frozen Systems - nothing works, do a soft or hard reset -ongoing issue may require factory reset No sound from speakers - check volume settings (also in app) -reinstall software, try headphones -intermittent could be conflicting with other app -no sound = factory reset GPS not working - enable GPS and location services,need good sky view Swollen Battery - buildup of gas, designed to self contain -stop using immediately
Device Disassembly - much harder than desktops, hard to reassemble
-fragile
-document where parts go, cable locations
-use organizer for screws and other parts
-step by step take picture
-anti static important, tinier tools than desktop
Troubleshooting Printers
Test printer - print or scan a test page
-build into windows, not printer app
-Diagnostic tools
Bad output - Inkjet- clean print heads
-Laser - check for scratched drum
Faded or blank - low toner or ink
Ghost images - drum not cleaned properly, shadow of previous rotation
Wrong color - low ink in one cartridge
Smudges - toner now fused to paper, fuser may not be hot
Paper Jam - do not rip paper out, could damage components
Not feeding - check rollers
Creased paper - paper loading incorrectly, wrong type of paper
Printer Network Issues
No connectivity - check power, wired cabling or wireless settings
Access denied - security tab, print, manage printer, manage docs
Bad output -garbled characters
-bad drivers/wrong model
-wrong page description language (PCL or postscript)
-bad app, check test page OS issue - unable to install printer, check 32 bit or 64 bit
-user must have proper rights to install
Backed up print queue - print server not working
-spooler crash
-restart spooler (in windows)
Error message - On printer LCD screen Low memory - laser printer builds entire page in memory
-complex images use more memory
No output - check power, run test page (button on printer)
-check connectivity, print with attached device (USB)
-check network and apps
Printer Troubleshooting Tools
Laser printer maintenance kits - laser printers do wear out
-new feed rollers and fuser unit
-check page counter to determine if needed
-reset page counter when finished
Toner Vacuum - specially made, anti static
Outside of printer - use water or IPA
Inside of printer - wipe dust away, clean rollers with IPA
Printer Spooler - manages printing in the background of windows
-runs as a windows service
-is not always perfect
902 Studies Section 1: Windows Operating Systems
Overview of windows Vista
Released 1-30-2007, 5 years after XP
Features-upgraded GUI, has Aero and integrated search functions
-Emphasis on security, UAC added
Home Use - Home basic: No AD or aero
Home Premium: DVD burning, more games
Ultimate: bitlocker included, language packs, video background
(dreamscene)
Work Use - Vista Business: AD, encrypting files, RDP, supports 2 CPUs
Enterprise - bitlocker, multilingual
Overview of Windows 7
Released 10-22-2009
Same HW and SW as vista, increased performance
New Features: libraries, homegroup, pinned taskbar
Starter- made for netbooks, no dvd drive, no aero, no WMC, only
32 bit, 2gb RAM max
Home Premium - aero, dvd, 64 bit, 16gb ram max
Ultimate - domain support, RDP, encryption, bitlocker, 64 bit
192gb ram max, same features as enterprise
Professional - same features as home premium
Domain support, RDP, EFS, no bitlocker 64bit 192gb ram
Enterprise- sold only in volume license
Overview of Windows 8
New UI, new start menu. 8.1 was an update, but same OS
Core- very basic, 32&64 bit, account integration, windows defender
Pro- similar to 7 pro/ultimate, bitlocker, EFS(full disk and file)
Domain support and group policy
Enterprise - large volume license, applocker, windows to go, direct access
Physical Access Extension (PAE)
PAE- allows 32 bit OS to use more than 4gb of ram
Nx processor bit - protects against malicious software
Streaming SIMB Extension 2 (SSE2) - instructions used by 3rd party SW
And drivers
Windows Features
-64 bit can run 64 and 32 bit programs
-Drivers must match OS bit
-64 bit installs 32 bit apps in one folder (program files/x86) and 64 bit in another(program files)
Windows Aero- Only in Vista and 7, enhanced UI, allows switching between apps
UAC- user account control, limits software access, asks for admin password
Bitlocker- protects entire drive, including the OS, stays on HDD in case it’s stolen
Volume shadow copy - backup entire volumes while OS is running, even open file
System Restore- go back in time on OS to fix issues, not good for virus/malware
accessories/system tools/system restore
Sidebar/gadgets- vista had sidebar, 7 has gadgets that can go anywhere
Gadgets were discontinued for vulnerabilities
Windows 8 started using Apps instead of gadgets Ready Boost- cache to RAM instead of HDD Can be stored on flash memory Plug in compatibility Compatibility Mode - Run app as an old OS, OS pretends it’s an older version Windows XP mode (XPM) - VM on windows 7, not supported on any OSs anymore Windows Easy Transfer - migrates files and settings, xp/vista/7/8
8.1- only files, no settings
Admin tools- in the CP- computer management, services, memory tools Windows Defender- anti malware in vista/7, antivirus also in 8/8.1 Windows Firewall - allows or disallow certain traffic, prevents malware Security Center - vista (called action center in 7/8/8.1) - security overview of AV,
Updates, etc.
Event Viewer - shows everything going on, info, warnings, critical events Control Panel - category view and classing view (everything in alphabetical order)
Windows 8/8.1 Features:
Pinning : Put apps on task bar: right click then pin to taskbar
Onedrive: cloud service in OS, stores files and settings
Windows Store: central point for modern UI apps
Multimonitor taskbar: multiple monitors with different taskbars
Charms: shortcuts available at anytime
Powershell: command line for sysadmins
Centralized account login: syncs account with email
Windows File Structures and Paths
Storage Device Naming- letter followed by a colon (C:)
Files & Folders - just like physical folders
Folders can contain other folders
Folder names separated by backslash
C:\users\admin\documents\file.text
Windows Folders - \users: user doucments, important,make sure to backup
\program files: all applications
\windows : OS files
Windows Upgrade Paths
Upgrade- keeps files in place, much quicker, no install needed
Options: in place upgrading and clean install
Cannot upgrade 32>64 or 64>32, must do clean install
XP cannot install to 7, clean install
Install - start over completely fresh
Windows anytime upgrade- upgrade within the current OS
Very easy, not available in Vista
Preparing For Windows Install
Make sure updates are current, make room on HDD, backup important data
Installation sources- cd/dvd/usb/ pxe network boot/ netboot (MAC)
Type of installs- In place upgrade- saves apps and settings
-clean install
-image- deploy a clone on every computer
-unattended- answers questions asked during install
-repair install- fixes OS problems, no file changes
Dual Boot - 2 OS’s on one computer
Recovery Partition- hidden partition with install files
Refresh/Restore - Windows 8 feature, built into OS, no install media needed
Disk Partitions - separates physical drive into logical pieces
Volumes- formatted partitions with file systems (NTFS, fat 32)
MBR partition - Masterboot Record
-Primary - contains OS bootable file
-marked as active when booted from
-max of 4 primaries per disk
-Extended - extends max number of partitions
-one extended per disk
-partitions inside extended not bootable
GPT partition- GUID partition table- latest, requires UEFI
-up to 128 primary partitions
First step when preparing disk- partition needs to be compatible with
Windows (MBR or GUID)
File Systems- FAT: File allocation table, one of the first PC file systems
FAT32: Larger (2 TB) volume sizes, max file size of 4gb
exFAT: microsoft flash drive system, files can be >4gb
NTFS: NT file system, started in windows NT, improvements
Included quotas, file compression, encryption, large
File support, recoverability
CDFS- CD file system, all OS’s can read the CD
Ext3 - 3rd extended file system, use in linux
Ext4 - update from Ext3, used in Linux and Android
NFS- network file system, access drives as if they were local
Storage Types - layered on top of partition and file system
Basic Disk Storage- in DOS and windows, partitions cannot
Span across separate physical disks
Dynamic Disk Storage - span across multiple disks to make
One volume (RAID)
Quick Format - new file table, overwrites existing file table
Full Format - overwrites and writes zeros to all data
Checks disks for bad sectors
The Windows Command Line
OS command line tools - Not all users can run all commands, need permissions
Type “help” + command or [command]/? to get info
Close cmd with “exit”
Diskpart- change existing volumes
Format - erases everything in a partition
Example - “format C:”
CHKDSK - CHKDSK /f - fix errors found on disk
CHKDSK /r - finds bad sectors and recovers readable info
If volume is locked, run during startup
DIR - lists files and directories
DEL - removes file example - del [filename]
MD - make directory
CD- change directory
RD- remove directory
COPY /V - verifies files are written correctly
COPY /y - suppresses overwrite prompt, example - copy [filename][drive]/v
XCOPY - copies files and entire directory trees
Example - xcopy /s Documents E: (E being destination)
ROBOCOPY - a better Xcopy, can resume copy if errors occur
TASKLIST - manage tasks from cmd, show current processes
TASKKILL - terminate process
SFC- scan integrity of all protected file systems
/scannow - repairs files
SHUTDOWN - shut down pc
/s or /r = shutdown or restart
EXPAND - expands folders
Managing Group Policy- manage PCs in an AD domain, GP updated at login
GPUPDATE - force a GP update
GPRESULT - view policy settings for a computer or user
Windows Recovery Environment Command Prompt
Preboot Command Prompt-
Can be very dangerous, make it a last resort
Can fix issues before the OS starts
Able to modify system files, enable/disable services
Able to create/modify partitions
Start by booting from install media (choose troubleshoot on windows 8)
Master Boot Record (MBR) - not located in a partition
-knows all other partitions, master list
-knows location of active bootable partition
Problems with MBR - error loading OS, missing OS, invalid partition table
Fixing MBR - cmd bootrec /fixmbr,fixes MBR on physical drive
Partition Boot Record - also called volume boot record
Problems- “invalid partition table”
Fix - bootrec/fixboot
Rebuilding Boot Config Data - Bootrec/rebuildbcd
Creates a new boot configuration data store
Windows Operating System Features
Windows Administrative Tools
Computer Management: pre built microsoft management console
Shows events, users, accounts, storage management
Device Drivers - OS does not know how to talk to hardware
Drivers are found in device manager
Local users and groups - admin is the super user, has all permissions
Regular users and guest accounts
Users can be put into groupd
Local Security Policy- large companies manage this through AD
Standalone computers need local policies
(password length, complexity, expire time length)
Performance Monitor- gathers long term statistics, creates reports
-OS metrics such as disk usage, memory, cpu usage
Services - running in background, no user interaction (AV,file indexing,etc)
Useful when troubleshooting startup
Many services start up automatically
Cmd control - net start, net stop
Task Scheduler- schedule and app or batch file
Includes pre defined schedules
Print Management - manage and configure printers and drivers
Memory Diagnostics - check memory modules for read/write errors
Windows Firewall & Advanced Security
Stateful firewalls - remembers the state of traffic going through it
Windows Firewalls - integrated into the OS
Has fundamental firewall rules
Based on apps, no detailed control
No scope or IP range, all traffic applies
No connection security or rules
Advanced Security - inbound/ outbound rules
Connection security rules
Set rules by program/ port, predefined, custom
Using Windows System Configuration
Msconfig - manage boot process, startup apps, services
General tab- normal startup - loads all normal programs
Diagnostic startup - loads basic services,
Step up from safe mode
Selective startup - you choose what starts
Boot Tab - set different configurations
Advanced options - set number of CPUs, max memory
Boot options - safe boot, remove GUI, create boot log
Services Tab- enable/ disable services, easier to manage, check/uncheck
Startup tab - manage which programs start automatically at log in
Moved to task manager in 8/8.1
Tools Tab- easy to access popular admin tools
Using Task Manager
Task manager contains real time statistics (CPU usage, memory, disk)
Windows 7 - Applications tab - apps running on desktop
Processes-interactive & system tray apps,other user processes
Performance- shows historical usage
Networking - see performance of each network adapter
Users- see what they are doing, send messages, log off
Windows 8/8.1 - apps, processes, and services are all on one tab
Users- shows separate processes, performance stats
Using Windows Disk Management
Used to manage disk operations
Disk status - Healthy, healthy & at risk, initializing, failed
Failed Redundancy - failed RAID 1 or 5
ReSyncing- RAID 1 is syncing data between drives
Regenerating- RAID 5 is recreating itself based on parity bit
Mounting Drives- extend the available storage space, can be a folder
Makes it so you do not need another drive letter
Can set up a RAID 1 mirrored volume
Storage Spaces - storage for data centers or clouds
Multiple tiers, administrator controlled
Windows Migration Tools
Migrate- moving all files and settings
Upgrade advisor (windows 7) - checks s/w and h/w is compatibility with OS
Upgrade Assistant (windows 8)- check s/w and h/w compatibility with OS
Migration Methods - side by side- 2 pcs, transfer from one to the other
Wipe & load - export data, wipe pc, install OS, move data
To new OS
Windows 8/8.1 - use one cloud to save files and settings
Windows easy transfer - transfers all user info,docs,app
Settings, videos pics, not the actual apps
Supports side by side & wipe and load
User State Migration Tool- can be used on any upgrade
Included with automatic install kit (AIK)
Used at command line, in large enterprises
Can migrate a large quantity of machines
2 step process:
1: scan state- compiles and stores data
2: load state - loads on destination PC
Windows System Utilities
Run Line- start an app as a command
CMD- very powerful, can do anything with right permissions
Regedit- windows registry editor, huge master database
Drives, services, security account manager, backup
Services.msc - shows background apps running
Useful for troubleshooting startup
Services can reveal dependencies on others
MMC- microsoft management console
Build your own management framework
Decide what utilities or “snap ins” you want
MSTSC- Microsoft Terminal Services Client
Remote Desktop connection utility
Common for “headless” machines
Notepad - view & edit text files
Explorer- file management, copy, view, or launch files
MSinfo32- windows system info
DXDIAG- direct x diagnostic tool, manage direct x installation
DEFRAG - disk defragmentation
Moves file fragments so they are contiguous
Not needed with SSD’s
System Restore - go back in time to an earlier working configuration
Does not resolve virus or malware issues
Windows update - keeps OS up to date, can be automatic
Can download and not install
Windows Control Panel
Internet Options- make changes to IE
General - homepage, history settings
Security-
Privacy- cookies, popup blocker, anonymous browsing
Connections- VPN or proxy settings
Programs- default browser, plug ins
Advanced- detailed settings and reset
Display- resolution, color, depth, refresh rate
User Accounts- all local user accounts, change account settings
Folder Options- manage windows explorer
General- expand folders
View- hide files, hide extensions
Search- search options, searching non-indexed
System- PC info, OS version and edition
performance - virtual memory
Remote settings- remote assistance and RDP
System Protection- system restore
Windows Firewall- integrated into the OS, protects from attacks
Power Options- customize power usage
Sleep- saves power, quick startup
Switches to hibernate if power is low
Stores open apps in memory
Hibernate- open apps and docs are saved to disk
Common on laptops
No power is used during hibernation
Programs and features- install/uninstall apps
Can also enable/disable on windows
Homegroup(7&8) - easily share files and devices
Network settings must be set to home network
Single password for everyone
Devices & Printers- see everything on network
Quicker and easier than device manager
Sounds - configure output levels
Troubleshooting - automates most common issues
May require elevated access
Network & Sharing Center - all network adapters (wired & wireless)
Device Manager- list devices and drivers, add/remove hardware
Windows Networking
Workgroups - logical group of network devices, non centralized
Every device is standalone and everyone is a peer
All on a single subnet
Homegroups- share files with everyone else on the homegroup
Works only on a private network
Network settings must be set to home or private
Domain- business networks, centralized authentication
Manage all devices from one central point
Supports thousands of devices on multiple networks
No homegroups on Vista, 7 has home network, 8 has private network
Windows Network Technologies
Network locations in Windows 7
Home - everything is trusted
Work - Can see other computer but cannot join homegroup
Public- You are invisible
Network Locations in Windows 8
Private - similar to home, everything is trusted
Public- No sharing or connectivity
Remote Access - Remote Assistance - one time remote access
Single use password
Can be used through a firewall
Remote Desktop Connection - on going access, may have to open ports
Proxy Settings - can change the traffic flow, is an internet go between
Defines an address and exceptions
Network Shares - A folder accessible by anyone on the network
Assign a drive letter to the network share
Shares ending in “$” are hidden
Printer Shares - similar to sharing folder, add a printer in windows explorer
Establishing Windows Network Connections
Network and sharing center found in the Control Panel
VPN Concentrator- decrypts the encrypted data to the destination
Windows has a built in VPN
Multifactor Authentication - something you know, have, or are
Dial Up Connections- uses a modem connection, standard phone line
Wifi - 802.11 is the wifi standard
SSID = Service Set Identification which is the network name
WWAN - Wireless Wide Area Network - connects to cellular data
Configuring Windows Firewall
Windows firewall should always be on, only turn off for troubleshooting
Settings - public and private
Block all incoming connections- ignores exception list
Modify Notification - notifies if app is blocked
Traffic can be allowed/blocked by program name or port number
Windows firewall has pre defined exception
Windows IP Address Configuration
Windows gets IP address automatically through DHCP
DHCP- Dynamic Host configuration Protocol
Used to automatically assign private IP addresses
APIPA - Automatic Private IP addressing (169.254.1.0 - 169.254.254.255)
Only used if DHCP is unavailable
Does not have any internet connectivity, non routing
Static Address- addressed you assign manually
IP Address- Unique identifier
Subnet Mask - Identifies what the subnet is
Gateway- The route from the subnet to the rest of the internet
DNS - Translates names to IP addresses
Loopback Address - 127.0.0.1
Configuring Network Adapter Properties
Properties- Link speed and Duplex need to match (autonegotiation)
Wake on LAN- computer will sleep until needed Good for late night software updates QOS - Quality of service, used to prioritise network traffic Apps, VOIP, video, all devices must support QOS DSCP Classification - Differentiated Service Code Points Classification Allows windows to change packets Managed through policy or group policy Network adapters can be enabled/disabled in BIOS
Windows Preventative Maintenance Best Practice
Scheduled Backups - can be hourly, daily, weekly
Must specify what you want backed up onsite and offsite
SMART- used to avoid hardware failures and look for warning signs
Logical and physical disk checks - in windows used CHKDSK
Scheduled Defrag - setup a weekly schedule, not needed for SSDs
Windows Updates - security patches, drivers, features
Patch Management - allows you to manage updates, many patches
Drivers/ Firmware - some updated more than others, some automatic
AV- keep it up to date
Windows Backup - backup/restore individual files
Can also do images and recovery discs
Cloud took over in windows 8
Section 2: Other OS’s & Technologies
Best Practices for MAC OS
Scheduled Backups - “Time Machine” Included in MAC
Hourly backups, daily, or weekly
Starts deleting oldest data when disk is full
Scheduled Disk Maintenance- Disk Utility- rarely needed
Other utilities can run during
Used to verify disk, run as needed
System Updates- updates can be found in the app store
Can be automatic or manual
Both OS and app updates
Driver/Firmware Updates- done in background, almost invisible
System information is detailed hardware list
Antivirus/Antimalware- not included in MAC os, 3rd party app
MAC is not as vulnerable as windows
Best Practices For Linux
Scheduled Backups - can use a CLI or GUI
TAR- tape archive, easy to script schedule
RSYNC- sync files between storage devices,
Instant or scheduled
Disk Maintenance- file systems require little maintenance
Check file system
Clean up disk space from log files
System Updates - CLI tools, “apt-get” and “yum”
GUI updates also
Used of patch management, can be scheduled
Driver/Software updates- many drivers are in the kernel
Updated whenever the kernel updates
Additional software updates can be done yourself
Antivirus/Antimalware - not as vulnerable as windows
Clam AV - open source, same update practices
MAC OS TOOLS
Time Machine - used for backups, auto and easy to use
MAC takes local snapshots if time machine is unavailable
Image Recovery - build a disk image in disk utility
Creates an apple disk image file (.dmg)
Mount on any MAC os system
Appears as a normal system file
Restore in disk utility
Disk Utility - manage disks and images
Verify and fix file systems
Erase disks, modify partitions
Manage RAID, restore image to volumes
Create, convert, and manage images
Terminal - CLI, used to run scripts
Screen Sharing - intgerated into the OS
Can be used with virtual networking computing
Available devices in Finder or access them by IP
Force Quit - stop an app from executing
Command + option + escape or hold option key + right click
Linux Tools
Backups - May be built into OS
GUI- backup/restore, scheduling
CLI - TAR & RSYNC
Image Recovery - not as many options as windows
“DD”- Date Description- built into Linux and very powerful
Creates an image of the entire drive
3rd party- GNU parted, clonezilla
Disk Maintenance - Linux file systems do not require much maintenance
Clean up logs, logs are stored in /var/log
File System check- sudo touch /forcefsck
Terminal - CLI for OS
Screen Sharing - Can have screen access from remote device
Closing Programs - use terminal, “sudo” gives admin privileges
- “Killall” can be used to stop program
Example: sudo killall firefox xKill- graphical kill<processID> - kill individual program
MAC OS Features
Mission Control - Quickly view everything that is running
Spaces- multiple desktops running
Keychain- password management: passwords, notes, certs, etc.
Integrated into the OS
Encrypts password with “3DES”
Spotlight - finds files, images, apps, or searches the web
Similar to windows search
iCloud- integrates all MAC OS’s and files
Shares across system (calender, photos, contacts)
Backs up your iOS device, integrated into OS
Gestures - customize what happens on trackpad
Swipe, pinch, click one finger, two fingers, three
Finder - OS file manager, similar to windows explorer
Remote Disk - use an optical drive from another computer
Designed for copying files
Made for data cds, not music or video
Setup in system preferences
Can set up to share with windows
Dock- fast and easy access to apps
Dot underneath icon indicates the app is running
Folders can be added to Dock
Boot Camp - dual boot into windows or MAC
Not the same as virtualization
Managed in boot camp, install partitions, drivers, etc.
Basic Linux Commands
Man- manual, help
“Man grep”
SU/SUDO - gives elevated rights, stands for superuser do
SU- become super user instead of typing SUDO everytime
“Exit” to go back to regular user
SUDO - used to run a single command as a super user
LS- list directory contents, similar to “dir” in windows
Lists files and directories, may suppost color coding
blue= directory red = archived file
Ls-l= long output
Grep- find text in a file, search through many files at once
Grep Text File
“Grep banana document.log
Cd- change directory, use forward slashes instead of backslashes in windows
cd/var/log
Shutdown - similar to windows shutdown command Run as SU, time is in minutes “Sudo shutdown 2” Restart - “sudo shutdown -r 2” Ctrl-c to cancel PWD- print working directory, displays current working directory path Passwd- change a user account password “Passwd username” Can change other use password if SU MV - move a file or rename a file Move - Mv source destination Rename - “Mv first.txt second.txt” CP - copy a file Cp source destination Rm- removes a file or directory “Rm file.txt” Mkdir- make a directory or create a folder for file storage “Mkdir notes” Chmod - changes mode of a file system object Chown- change a file owner or group, modify file settings Sudo chown owner:group file “Sudo chown user banana.txt Iwconfig- view or change wireless network configuration
Change the essid, frequencies, channel, mode, rate
Ifconfig- view or configure networking info
Ip,subnet, similar to ipconfig on windows
PS- view all current processes and process IDS (PID) Apt-get - advanced packaging tool, install update or remove
“Sudo apt-get install wireshark”
Vi- visual mode editor, full screen editing with copy,paste, and more
Vi filename
“Vi text.txt”
Dd- convert and copy files, backup and restore an entire partition
Virtualization
Ability to run multiple OS’s on a single desktop
Host based Virtualization- virtual box, running on one main OS
Enterprise Level- standalone machine that hosts the VMs
Hypervisor - software that is able to create the VMs
Manages the physical hardware
Emmulation - trying to run the app as if it is the required OS
Virtualization is the actual OS
Resource Requirements - CPU must support virtualization
Intel :Virtualization Technology (VT)
AMD: AMD-V
Memory must go above host requirements
Network Requirements - VMs share IP with physical host
Uses NAT to convert to the host IP
Uses a private IP inside the VM
Bridged Network - VM is its own device on network
Private address- Can only communicate with other VMs
Cloud Computing
4 Characteristics-
Rapid Elasticity - scale up and down as needed
Seamless to everyone
On Demand Self Service- adding resources in easy, virtualized
Resource Pooling - all computer power located in one place
One large instead of several small resources
Measured Service- cost and use are closely tracked
Software as a service (SaaS) - on demand software, no local installation
Program is managed by someone else (email,payroll)
Your data is stored elsewhere (gmail)
Infrastructure as a service (Iaas) -using someone elses hardware
You are responsible for management and security
Your data is elsewhere but you control it
Example - web hosting providers
Platform as a service (PaaS) - no server, no software, so HVAC
Someone else handles the platform, you handle the product
You do not have direct control of data, people, infrastructure Example- salesforce.com
Cloud Deployment Models: Private- your own virtualized local data center
Public- available to everyone on the internet
Hybrid- mix of public and private
Community- several organizations sharing resources
Network Services
Web server- responds to browser requests, uses standard protocols
HTML, HTML5
Web pages are stored on a server
Web pages are downloaded to the browser
Pages can be static or built dynamically
File Server- stores all types of files Standard system of file management Windows uses SMB apple used AFP Print Server - connect a printer to a network Uses standard printing protocols (SMB, LDP) DHCP server - assigns IPs automatically
Enterprise DHCP servers are redundant
DNS Server - converts names in IP addresses Distributed- load balanced on many servers Managed by ISP or enterprise IP department Proxy Server - intermediate server, client makes requests to proxy Proxy performs the actual request from there Proxy provides result back to the client Features- caching, access control, content/url filtering Mail Server- incoming/outgoing mail, managed by ISP or IT dept. Authentication Server - login authentication to resources
Centralized management
Always on enterprise networks, not usually home Usually set of redundant servers so it’s always available
IDS/IPS- Intrusion detection system\ Intrusion Prevention System
Intrusions - exploits in OS, apps, etc
Buffer overflows, cross-site scripting, and others
Detection - alarm or an alert for intrusion, does not stop
Prevention- stops it before it gets into the network
All-in-one security appliance - can be called next generation firewall
Unified Threat Management (UTM)
Web security gateway
Examples - Firewall IDP/IPS, router, switch, spam filter
Legacy Systems - really old systems
Be aware if important service is running on legacy comp
Embedded Systems - Purpose built device, usually no access to OS
Example- alarm system
Mobile Operating Systems
iOS- based off of Unix, closed source
Apps developed with software developer kits (SDK)
Apps must be approved by apple
Google Android- open source, based off of Linux
Apps are on google play or 3rd party sites
Windows Mobile -Microsoft OS,closed source,based on Windows NT kernel
Device Displays & Technologies-
Calibration- older resistive touchscreens require calibration
Periodically, modern touchscreens do not
Accelerometer - motion sensor and detects orientation
Gyroscope - detects pitch, roll, and yaw
GPS - created by DOD, over 30 satellites in orbit
Precise navigation requires at least 4 satellites
Determines location based on timing differences
Location services use GPS, WIFI, and cell towers WIFI Calling - uses VOIP technologies, Virtual Assistant- talk to phone to get assistance (siri) Production and Development Models- IOS developed on MAC
OSx, Linux
Android- apps developed on windows, MAC osx, Linux
Apps distributed in Android app package (APK) format
Windows- apps developed in windows 8.1 visual studio Wireless Emergency Alert- similar to SMS, no cost
Works on all mobile OS’s
Mobile Device Payments - can be used with SMS
Charge to mobile account (apps)
Mobile web payments from browser
NFC
Mobile Device Connectivity
Baseband Radio Processor- communicates to the mobile provider
Has it’s own firmware and memory
Firmware updated over the air
PRL updates (preferred roaming list)
Used on CDMA networks (verizon & sprint)
Allows phone to be connected to correct tower
PRI updates (product release instructions)
Radio settings (ID numbers) network & country codes
IMEI - International Mobile Station Equipment Identity
Identifies the physical mobile device
Every phone has a different IMEI
Can be used to allow/disallow access
IMSI - International Mobile Subscriber Identity
Identifies the user of a mobile network
In the SIM card
Wireless networks - Enable/disable data,wifi,bluetooth independently
iOS- settings/cellular
Android - settings / wireless & network settings
Windows - settings / wifi
Bluetooth - is a Personal Area Network (PAN)
Range of 10 meters
Tethering - phone is a wifi hotspot, uses carriers internet Airplane Mode - turns off all radios VPN - turn phone into a VPN endpoint, integrated into OS
May support mulitfactor authentication
Configuring Email on Mobile Devices
Retrieving Email- POP3 & IMAP
Sending Email - SMTP
POP3- downloads email to local client
May delete email from mail server (TCP/110)
IMAP- Access mail on a central mail server
Mail is stored on the server (TCP/143)
Network ports - defined by the mail provider
May not be 110 or 143
SSL settings - POP3S - TCP/995 IMAPS- TCP/993
SMTP - sends email from device to server
Must send mail from a local or trusted server
Microsoft exchange - enterprise email, contacts, calendar, and reminders
Able to sync with a mobile device
S/MIME - secure/multipurpose Internet mail extensions
Encrypts and digitally signs emails
GMAIL- IMAP and POP3
Yahoo - IMAP and POP3
Outlook - IMAP and POP3
iCloudmail- IMAP only
Mobile Device Synchronization
Syncing is used for many types of data (contacts, programs, emails, pics)
Syncing to desktop - needs minimal memory but lots of storage space
iOS- Itunes syncs everything from phone so it can transfer to another
Android - syncs online with google or can use 3rd party to sync locally
Windows phone - windows app with sync media but not email or contacts
Cloud syncing - all wirelessly, may be integrated with email
iOS- syncs all data to cloud, good for backup and recovery
Android- syncs to google
Windows- syncs to your microsoft account
Synchronization Connections- iOS- usb to 30 pic (older) or 8 pin lightning cable
802.11 wireless, or mobile network
Android - usb micro or wireless
Section 3: Security
Threats- Malware- Malicious software, can gather info, such as keystrokes
Can be a bot and run in a group, called a Botnet
Used for extortion-money
Viruses and worms can be malware
Spyware- Malware that watches you, tricks you into installing
Captures web browsing habits, can be a keylogger
Viruses- malware that can reproduce itself through network file systems
May or may not cause issues, can be invisible or annoying
AV must be updated regularly, there are new viruses everyday
Worms- malware that self replicates, can take over many PC’s quickly
Worms can also be good, can fix issues by spreading
Trojan Horse- software that pretends to be good, but is actually a virus
Better trojans can avoid and disable your AV
Rootkits- can be invisible to the OS, won't see in task manager or services
Modifies your core system files, part of the kernel
Can be named something similar to a common windows file
Ransomware- data is held hostage, OS will work but data is encrypted
Must pay the bad guys for encryption key, untraceable
Phishing - social engineering, fake web pages to get your login, password
Always check the URL when logging in
Spear Phishing- Targeted and sophisticated phishing
Spoofing- pretending to be someone you are not
Mac spoofing- changing mac to look like one on network
IP spoofing- changing IP to look like one on network
Spoofing is used in many DDOS attacks
Social Engineering- suspicious phone calls, unattended persons
Tricking you into giving info
Shoulder Surfing - watching what someone is doing, easy to do in public
Can be done from afar with binoculars
Zero Day Attacks- many vulnerabilities in apps not found yet
Bad guys try to find before good guys patch them
DDOS- launch an army of computers to bring down a service
Uses all the bandwidth or resources, traffic spike
Bad guys use botnets-thousands or millions of pcs at your command
Attackers are zombies, most have no idea their computer is a bot
Brute Force - keep trying to log in until password is guessed
Online- very slow, most accounts will lock out after so many
Offline- obtain the list of users and hashes, calculate
Dictionary Attack - only using well known words to brute force
Non-Compliant Systems - constant challenge, always changes and updates
Standard Operating Environment (SOE) - set of tested and approved
hardware/software systems
OS & App updates- must have patches to be in compliance, OS & AV
Tailgating- use someone else to gain access to a building, follow them in
Man-in-the-middle attack- traffic goes to man in middle, he forwards to
Destination
You never know the traffic was redirected
Example - ARP poisoning
Avoid by encrypting your data
Security Prevention Methods
Door Access Control- conventional key and lock
Deadbolt- physical bolt
Electronic- keyless, RFID badge
Token based- magnetic swipe card, key fob
Biometric- hand, finger, retina
Mantraps- one door on each side of the room
All doors unlocked, but opening one locks the other
Securing Physical Items- safes- heavy, difficult to steal, environmental
Cable Locks- temporary security, connects hardware to something solid
Privacy Filters- screen looks black when walking by
Badges & Entry Roster - security guard- physical protection
Validates identity
ID Badge- picture, name, other details
Many include RFID chip
Digital Security Prevention Methods
Antivirus/Antimalware - software the runs on the PC, must keep updated
Host Based Firewall- also called a personal firewall
Included in many OS’s, can be 3rd party
Windows Firewall filters by port,app, etc.
Stops people from accessing pc from outside
Only allows communication if you have started it
Network Based Firewall- filters traffic by port number tcp/udp layer 4
Can encrypt traffic in/out of network
Can proxy traffic as well
Most firewalls can be a layer 3 device (router)
User Authentication - user name and password to gain access
Identifier- every windows account has security identifier
Credentials- password, pin, smartcard
Profile- info stored about the user (name,contact,group)
Strong Passwords - weak passwords can be easy to brute force
Hashed passwords can be brute forced online
Complexity and constant refresh
Multi Factor Authentication - more than one factor
Something you are,have,know, or do
Can be expensive, separate hardware tokens
Can be cheap - free smartphone apps
Directory permissions - NTFS permissions- much for granular that FAT
Lock down access, prevent accidental mods or deletes
VPN Concentrator- VPN- encrypts private data traversing on public network
Concentrator- encrypt/decrypt access drive
Can be hardware or software
Data Loss Prevention (DLP) - stops unencrypted data from leaking
Can be built into the firewall
Access Control Lists (ACL)-permissions associated with an object
Used in file systems, network devices, OS etc
List Permissions- “Bob can read files”
“Fred can access network”
“Jim can access network 192.168.1.0/24 using 80,443,8088”
Disabling Unused Ports - stop anyone from plugging into your network
Does not just rely on 802.1x
Required periodic audits
Smart Cards- contains a digital certificate
Multiple factors- card + pin or fingerprint
Email Filtering - unsolicited email/spam- stopped at gateway before it
Gets to users
Scan & Block malware - executables
Trusted/Untrusted Software Sources- consider the source
Must not have access to the code
Trusted Source - Internal apps, well known publishers
Digitally signed
Untrusted Source - apps from 3rd party, links from emails
Drive by downloads
Security Awareness
All policies on intranet so everyone can see
In person training sessions
Company policy for visitors
How to deal with viruses procedure
Network Policies- govern network use, AUP, all rules signed Principle Of Least Privileged- only have rights required for job
Applies to physical & digital
Windows Security Settings
Accounts - Admin- super user
Guests- Limited Access
Standard User- Regular access
Power user- not much more control than standard
Groups - assign group of users with certain permission
NTFS Permissions- apply to local and network connections
Share Permissions- apply only over the network
Most restrictive settings win deny > allow
Explicit Permissions - set default permissions for a share or object
Inherited Permissions - set a permission & applies to everything under
Explicit permissions take priority over inherited
Administrative Shares - Hidden Shares created during installation
Local Shares are created by user
View Shares - computer management/shares
-net shares
Authentication - user name & password + others
Single Sign On (SSO) - windows domain, provide credentials once
Managed through kerberos
Run as Administrator- additional rights and permissions
Can edit system files & install services
Right click + run as administrator
Bitlocker - encrypts entire volume of data including the OS
Bitlocker to go - encrypts USB flash drives
Encrypting Files Systems (EFS) on NTFS- password and username to
Encrypt key
Workstation Security
Password Complexity- no single works or obvious passwords
Strong password, atleast 8 characters
Set password expiration and require change
Password Expiration - all passwords should expire
Critical systems could expire more often
Recovery should have a formal process
Desktop Security- require a screensaver password
Disable auto run, disabled in the registry
No autorun in 7/8/8.1
Consider changing autoplay (Flash drive)
Have all security patches
Passwords- change all default usernames/passwords
BIOS- supervisor/admin password- prevent changes
User password - prevents booting
User Permissions - Not everyone should be an admin
Groups - assign rights to group, add users to group
Login Time restrictions - only able to log in during work hours
Disabling Unnecessary accounts- disable guest account if not needed
Only some accounts run services, disable interactive logins
Change default names and passwords to prevent brute forcing
Account Lockout- too many wrong passwords, can prevent brute forcing
Data Encryption - full disk or file system, removable media
Backup keys, may be integrated into AD
Patch & Update Management - built into the OS, update utility
Many apps include updater
Securing Mobile Devices
Screen Lock- fingerprint,face recognition,swipe pattern,passcode/pin
Too many fails- iOS- erase all data after 10 attempts
Android- locks device and requires a google login
Windows - delays next attempt or factory reset
Locators - built in GPS, able to find phone on a map
Control from afar, or wipe everything
Remote Backup- backup to cloud, restore with one click
Antivirus/Antimalware- iOS- equipment less vulnerable
Malware must find a vulnerability
Android- more open, apps can be installed from anywhere
Easier for malware to find a way in
WIndows phone - closed environment
Apps run in “sandbox”
Patching/OS Update- security updates, don’t want to get behind
Biometric Authentication - multifactor authentication
Something you are, know, have….etc.
Authenticator Apps - random token generator
Full Device Encryption - phone keeps the key
iOS8 & later- data encrypted with passcode
Android- encryption can be turned on
Windws phone 8/8.1 - available with exchange active sync
-also available with mobile device manager
Trusted vs Untrusted Source - Do not install APK from untrusted source
iOS- all apps are checked by the app store
Andorid - google play is good, 3rd party bad
Windows- apps are created by microsoft
Firewalls- mobile phones do not include a firewall
Most activity is outbound, not inbound
Mobile firewall apps are available
Policies & Procedures - BYOD- bring your own device
MDM- mobile device manager
Centralized management of mobile devices
Set policies, data stored, camera, control device
Manage Access Control- require pins or passcodes
Data Destruction and Disposal
Physical Destruction - never to be used again
Shredder, tools, electromagnet, fire
Certificate of Destruction - done by 3rd party
Gives confirmation it was destroyed
Paper trail of when it was destroyed
Disk Formatting - Low Level Format- provided by factory
Not possible by user
Standard/Quick Format- sets up a file system
Clears master file table
Creates a boot sector
Can still be recovered
Standard Formatting - overwrites every sector with 0’s
Available in windows vista and later
Cannot recover data
Hardware Security - always audit 3rd party destruction
File Level overwrite-Sdelete- windows sysinternals
Whole drive wipe - DBAN, Dariks Boot & Nuke
Secure data removal
Securing a SOHO Network
SSID Management - Service Set Identifier
Change default name to something unique
Disable your SSID broadcast
Wireless Encryption - only people with password can transmit and listen
WEP- outdated and insecure
Use WPA or WPA2
Antenna Placement - AP’s close to each other should not be on same channel
Same channel will cause frequency overlap
Power Level Controls- set as low as possible so people in house can access
Make it so no one outside can access
MAC Address Filtering - Limit access through phyical address
Not foolproof, MAC cloning
Set up in WAP
WPS- wifi protected setup
Easier to connect to wifi, uses a pin configured on the AP
Push button on the AP , NFC is used
Very easily hacked, not used on modern APs
Default username and password- must change to something unique IP Addressing - DHCP or static
IPs are easy to see on unencrypted network
Firewall Settings - Inbound- allow only required traffic
Port forwarding to map ports to device
Consider a DMZ
Outbound- blacklist- allow all, block some
Whitelist- block all, allow some
Disabling Physical Ports- disable unused ports to prevent access
Network access control- 802.1x controls
Cannot communicate unless authorized
Content Filtering- control traffic based on data within content
Can filter data for sensitive data
Can control inappropriate content
Scan against malware and viruses
Physical Access- doorlocks, biometrics
Section4: Software Troubleshooting
BSOD- startup and shutdown BSOD- bad hardware, drivers, app
Apple- pinwheel/beachball- hang or constant retries by app
Fix- use last known good configuration or safemode
Restore or remove hardware
Boot errors- cant find OS, OS could be missing
Boot loader chaged or replaced, multiple OS’s installed
FIX- check boot drive, remove any media
Start up repair, command “bootrec/rebuildbcd
Improper Shutdown- should recover normally
If not, “launch startup repair” should fix most issues
Missing GUI- no login or desktop, start in VGA mode and run SFC
Update the drivers in safe mode
8/8.1- repair/refresh
Startup Repair
Missing NTLDR- main windows bootloader issue
Run startup repair, check boot device
Missing OS- boot configuration may be wrong
Run startup repair or manually configure BCD
Auto safe mode boot- run startup repair
Linux- Missing GRUB- Grand Unified Bootloader, most common
LILO- Linux Loader, least common
Missing bootloader- could be overwitten by other OS
Starting the System
Device not starting- check device manager and event viewer
remove/replace driver
“One or more services failed to start”- bad driver/hardware
Try manual start, check permission
Check file systems, reinstall app
DLL- Dynamic Link Library- code installed that many apps use
A shared library
DLL versions are very specific
Apps are written to a library version
Windows File Protection/Windows Resource Protection
Protects DLL versions to avoid conflicts
Files & Compatibility Errors- files associated with apps
Configure file types to specific apps
Control panel / default programs applet Compatibility Tab- run app as an older windows app
Slow System Performance
Task Manager- check for CPU usage and input/output
Windows Update- Keep patches and drivers updated
Disk Space- check for available disk space or run defrag
Laptops- confirm the laptop is not in power saving mode
AV/AM- scan for any infection
Kernel Panic- unix, linux, MAC OSx, similar to windows BSOD
Stops all activity
Multiple Monitor Misalignment- monitors not “aligned”
Mouse will not move easily between screens
Just drag the monitors into alignment
Can be fixed in control panel/display/screen resolution
OS Troubleshooting Tools
BIOS/UEFI Tools- Built in diagnostics, check for temps and current stats
SFC- system file checker, integrity scan os OS files, find & corrects errors
Logs- found in windows event viewer & Boot logs
C:\windows\nbtlog.txt
Linux- individual app logs
/var/log
MAC- utilities/console
CMD- can accessed pre boot, gives you complete control
System Repair Disc- boots & provides you with recovery options
Pre-Installation Environment (PE)- minimal windows operating environment
Used for troubleshooting and recovery
Can built your own PE
MSconfig- enable/disable startup apps and services
Defragmentation- modifies file fragments so they are contiguous
Cmd-defrag
Regedit- registry editor, used to modify settings
add/modify/delete keys
Regsvr32- register/unregister DLLs
Event Viewer- see what is going on with apps, setup, security, settings
Options at Boot time- F8 to get to advanced boot options
Most recovery options are found here
Safe Mode- in advanced boot options
VGA mode- low resolution, used for video driver issues
Uninstall/reinstall/repair- 8 & 8.1 includes a refresh option
Refresh option cleans out windows without losing files
Troubleshooting Security Issues
Popups- Could be legitimate or malicious
Have an updated browser and a pop up blocker If pop ups are not related to your browsing, scan for malware Browser Redirection- instead of a google result, you end up elsewhere Caused by malware, run a malware scan
Browser Security Alert- security alerts and invalid certificates
Means something is not right
Check out details by clicking the lock icon
Could be an expired or wrong domain
Malware Network Symptoms-slow performance, lockups, connectivity
Issues, OS update failures
Malware OS Symptoms- Renamed system files, files disappear or become
Encrypted, can change file permissions
System Lockup - completely stops, toggle caps lock to see if OS responds
May be able to terminate bad apps with task manager
Check logs after restarting to see the cause
App Crashes- apps stop working or just disappear
Check out the event log and the reliability monitor
Reliability monitor has history of app issues
Virus Alerts & Hoaxes- Rogue Antivirus- fake, may include real logs
Wants to bill you
Ransomware- asks for money or subscription for
Access to your PC
Email Security- Spam- unsolicited email, phishing, ads, spreads viruses
Hijacked email- infected PCs can become email spammers
Tools for Security Troubleshooting
AV&AM- stops malware from running, must keep signatures updated daily
Sometimes they are bundled together
Recovery Console/CMD - very powerful, filesystem access
Terminal- cmd for MAC/Linux, able to modify every aspect of the OS
System Restore- create restore points, go back in time to correct problems
Does not guarantee recovery from virus/malware
LVM Snapshots- local volume manager- just like windows restore
Works very quickly
Pre Installation Environment- minimal windows OS environment
Used for troubleshooting and recovery
Event Viewer- get info about security events and whats going on in your PC
Refresh & Restore- windows 8/8.1
Refresh- reinstalls windows but keeps files and settings in place
Restore- returns to a previous restore point
MSconfig- safeboot minimal- loads GUI but no networking
Safeboot alternate shell- cmd with minimal services, no network
Safeboot active directory repair- safe mode with file explorer & AD
Safeboot:Network- uses networking
Best Practices for Malware Removal
Malware Symptoms - odd error message, unusual icons or apps, very slow
Quarantine Infected systems-disconnect from network to stop spreading
Isolate removable media
Disable System Restore- malware can also infect restore points
Delete all the restore points you have
Disable system protection
Update AV- keep signature and AV version up to date
Automate updates instead of doing it manually
Malware can prevent updates
Scan & Remove- get a well known program, use standalone removal apps
Safe mode- just enough services to get the OS running, bare minimum
May prevent the malware from running
Schedule- AV&AM automatically update signatures
Make sure OS updates are scheduled
Enable System Restore- only do once the system is clean
Educate End User- one on one training, visable posters
Troubleshooting Mobile Device Apps
Dim Display- check brightness settings
Could be a backlight issue
Wireless Connectivity- intermittent, try moving closer to the AP
None- check/enable wifi, confirm correct key
Do a hard reset
Non responsive touchscreen- Apple- iOS restart, hard or regular
Android- remove battery and put back in
Hold the power and volume button
App issues- apps run slow or not loading
Restart the phone or close out of the app
Update the app
Unable to decrypt email- built into corporate email systems
Each user has their own private key
Install individual private keys on each device
Done with the mobile device manager
Short battery life- bad reception, always signal searching
Turn off unnecessary features
Battery could be aging
Overheating- phone will automatically shut down if too hot
Check apps for CPU usage
Avoid direct sunlight
Frozen System- hard or soft reset
If problem is ongoing, do a factory reset
No sound- check volume settings for the app and phone
Bad software, delete and reload
Try headphones or external speakers
Sound starts then stops- could be dueling apps
No sound- factory reset, load the latest software
Inaccurate Touch Screen response- close some apps, low memory
Restart the device
May require new digitizer or reseat cables
System Lockout- too many incorrect password attempts
Mobile Device Security Troubleshooting
Signal drop/weak signal- only use a trusted network
Never use public wifi without a VPN
Speed test- cell tower analyzer and test
Power Drain- heavy app usage, increased network activity
Check app before install, use app scanner Run anti malware, factory reset and clean app install Slow Data Speeds- use a trusted wifi network Run a wifi analyzer Run a speed test Examine apps for unusual activity Unattended Bluetooth Pairing- never pair a device that isn’t yours Remove device and repair Can just disable bluetooth completely also
Locked Information- determine cause of data breach with AV or AM
Do a factory reset
Unauthorized Camera/Mic usage- AM scan, factory reset, app scanner
Section 5 Operational Procedures
Managing Electrostatic Discharge
Static Electricity- electricity that does not move, can be very damaging
Around 3500 volts.100v is only needed to cause damage
Controlling ESD- humidity over 60% helps
Use hand to self ground, metal case of PS works
Unplug PC from a power source
Do not touch components directly, card edges only
Use antistatic pad & wrist strap
Antistatic bags for components
Computer Safety Procedures
Remove all power sources before working on a device
Replace entire power supply versus trying to repair it
Equipment Grounding- diverts electrical faults away from people
Large equipment racks have a large groundwire
Do not use electrical grounding for static grounding
Personal Safety- Remove jewelry, neck/badge straps
Lift with legs, use a cart
Electrical Fire Safety- no water or foam
Carbon dioxide, FM-200, dry chemicals
Cable Management- tie together, avoid trip hazards
Safety glasses & air filter mask
Toxic Waste- dispose of batteries at hazardous waste facilities
CRT glass contains lead
Recycle & reuse toner, ship toner back to company
Local Government & Regulations- health and safety laws
Building & electrical codes
Environmental- proper disposal of electronic components
Managing Your Computing Environment
Disposal Procedures- check your MSDS
MSDS- product and company info
Includes ingredients, hazard info, etc.
Environmental Controls- Temperature- devices need constant cooling
Humidity- 50% is good
Proper ventilation- helps circulate the heat
UPS- uninterruptible power supply- backup battery
Types- Standby- always a primary power, has backup batteries
On-line- always running off of the batteries
Surge Suppressor - spikes are sent to ground
Noise filter removes line noise
Surge Suppressor Specs - higher joules is better, more protection
High amp rating is good
Let through rating- less is better
Protection From Airborne particles- protects from dust,oil,smoke, etc.
Dust & Debris- cleaning with neutral detergents, non ammonia based
Use a computer vacuum, reduces static Compressed air pump instead of canned air
Prohibited Activity & End User Policies
First Response- identify issue- logs, in person, monitoring data
Report to proper channels
Collect and protect info on event
Documentation - outline in security policy
Documentation must be available to employees
Detail as much as possible
Chain Of Custody - control evidence, maintain integrity
Avoid tampering, use hashes
Label and catalog, seal, store, digitally sign
Licensing/EULA - closed source- source code is private
End user only gets the .exe file
FOSS- Free and Open Source Software
End user makes their own .exe
EULA - determines how software is allowed to be used
Digital Rights Management - DRM- electronic limits on use of software
Licenses- Personal- associated with the device owned by one person
Designed for home use, one time purchase
Enterprise - site licenses, can install everywhere, annual renewals
PII- part of privacy policy, determines how to handle PII
Contents Policies - security policies
Block Policies - block by URL, app, username/group
Communication
Communication skills are needed for troubleshooting
Avoid Jargon - no acronyms or slang when helping customer
Translate technical terms for simpler terms
Avoid Interrupting- Listen to customers issue even if you know answer
Clarify Customer Statements - ask questions to clarify customers issue
Repeat your understanding to customer
Setting Expectations - offer options ( repair/replace)
State the cost & time frame
Document everything
Follow up for customer satisfaction
Professionalism
Maintain a positive Attitude- keep a positive tone of voice
Problems cannot always be fixed but do your best
Have a good attitude with the customer
Avoid Being Judgemental- No insults, you are the teacher
You also make mistakes
Goal is to make people smarter
Be on time & Avoid Distractions- no phone, no talking to others
customer and their issue is your number one concern
Create an environment for conversation
Difficult Situations- Do not argue or be defensive
Make easier by listening and asking questions
Communicate even if there is no update on progress
Never vent on social media
Don’t minimize problems - technical issues can be traumatic
Must be a tech and a counselor
Maintain Confidentiality- keep private info private IT people have access to a lot of data Be respectful with other’s personal info
Troubleshooting Theory
Identify the problem- gather information
Get as much info & duplicate issue if possible
Identify symptoms, may be more than one
Question the end user
Determine any recent changes to environment
Establish a Theory - start with the obvious, but consider everything
Make a list of all possible causes
Test The Theory - confirm the theory, determine the next steps
Re-establish theory if it did not work
Call an expert for other ideas
Create A plan of action - once theory is working, correct the issue
Some issues cannot be fixed curing regular hours
All plans can go bad, have a plan A,B, & C
Implement the Solution - fix the issue
Escalate if necessary, may need 3rd party
Verify Full System Functionality- confirm the solution solved the issue
Have the customer test and confirm also
Implement preventative measures
Document Finding- Don’t lose the knowledge
Consider a formal database
