It Professional Security Support Module 1 Glossary: New Terms and Their Definitions: Course 5 Week 1
It Professional Security Support Module 1 Glossary: New Terms and Their Definitions: Course 5 Week 1
It Professional Security Support Module 1 Glossary: New Terms and Their Definitions: Course 5 Week 1
Module 1 Glossary
New terms and their definitions: Course 5 Week 1
Adware: Software that displays advertisements and collects data
Availability: Means that the information we have is readily accessible to those people that
should have it
Backdoor: A way to get into a system if the other methods to get in a system aren't allowed,
it's a secret entryway for attackers
Baiting: An attack that happens through actual physical contact, enticing a victim to do
something
Bots: Machines compromised by malware that are utilized to perform tasks centrally
controlled by an attacker
Brute force attacks: A common password attack which consists of just continuously trying
different combinations of characters and letters until one gets access
CIA Triad: Confidentiality, integrity, and availability. Three key principles of a guiding model
for designing information security policies
Cross-site scripting (XSS): A type of injection attack where the attacker can insert malicious
code and target the user of the service
Denial-of-Service (DoS) attack: An attack that tries to prevent access to a service for
legitimate users by overwhelming the network or server
Dictionary attack: A type of password attack that tries out words that are commonly used in
passwords, like password, monkey, football
Distributed Denial-of-Service (DDoS) attack: A DoS attack using multiple systems
DNS Cache Poisoning Attack: It works by tricking a DNS server into accepting a fake DNS
record that will point you to a compromised DNS server
Evil twin: The premise of an evil twin attack is for you to connect to a network that is
identical to yours but that is controlled by an attacker. Once connected to it, they will be able
to monitor your traffic
Injection attacks: A common security exploit that can occur in software development and
runs rampant on the web, where an attacker injects malicious code
Keylogger: A common type of spyware that's used to record every keystroke you make
Malware: A type of malicious software that can be used to obtain your sensitive information
or delete or modify files
Meddler in the middle (formerly known as Man in the Middle): An attack that places the
attacker in the middle of two hosts that think they're communicating directly with each other
Password attacks: Utilize software like password crackers that try and guess your password
Phishing attack: It usually occurs when a malicious email is sent to a victim disguised as
something legitimate
Ping flood: It sends tons of ping packets to a system. If a computer can't keep up with this,
then it's prone to being overwhelmed and taken down
Ransomware: A type of attack that holds your data or system hostage until you pay some
sort of ransom
Risk: The possibility of suffering a loss in the event of an attack on the system
Rogue Access Point (AP) Attack: An access point that is installed on the network without the
network administrator's knowledge
Rootkit: A collection of software or tools that an admin would use
Screen lock: A security feature that helps prevent unwanted access by creating an action you
have to do to gain entry
Social engineering: An attack method that relies heavily on interactions with humans instead
of computers
Spear phishing: Phishing that targets individual or group - the fake emails may contain some
personal information like your name, or the names of friends or family
SQL Injection Attack: An attack that targets the entire website if the website is using a SQL
database
Tailgating: Gaining access into a restricted area or building by following a real employee in
Trojan: Malware that disguises itself as one thing but does something else
Vulnerability: A flaw in the system that could be exploited to compromise the system
Worms: They are similar to viruses except that instead of having to attach themselves onto
something to spread, worms can live on their own and spread through channels like the
network
0-Day Vulnerability (Zero Day): A vulnerability that is not known to the software developer
or vendor, but is known to an attacker
Creating/inspecting key pair, encrypting/decrypting and
sign/verify using OpenSSL
1 hourFree
Introduction
In this lab, you'll learn how to generate RSA private and public key pairs using the
OpenSSL utility.
OpenSSL is a commercial-grade utility toolkit for Transport Layer Security (TLS) and
Secure Sockets Layer (SSL) protocols. It's also a general-purpose cryptography library.
OpenSSL is licensed under an Apache-style license, which means that you're free to get
it and use it for commercial and non-commercial purposes (subject to some simple
license conditions).
What you'll do
OpenSSL: You'll explore what generating key pairs looks like using OpenSSL.
Encrypt and decrypt: You'll use the key pair to encrypt and decrypt some small amount
of data.
Verify: You'll use the key pair to sign and verify data to ensure its accuracy.
You'll need to start the lab before you can access the materials. To do this, click the
green “Start Lab” button at the top of the screen.
After you click the “Start Lab” button, you will see a shell, where you will be performing
further steps in the lab. You should have a shell that looks like this:
Generating keys
Before you can encrypt or decrypt anything, you need a private and a public key, so let's
generate those first!
Remember, a key pair consists of a public key that you can make publicly available, and
a private key that you need to keep secret. Shhhh. :) When someone wants to send you
data and make sure that no one else can view it, they can encrypt it with your public key.
Data that's encrypted with your public key can only be decrypted with your private key, to
ensure that only you can view the original data. This is why it's important to keep private
keys a secret! If someone else had a copy of your private key, they'd be able to decrypt
data that's meant for you. Not good!
First, let's generate a 2048-bit RSA private key, and take a look at it. To generate the key,
enter this command into the terminal:
content_copy
You should see the following output (or something very similar) :
cat private_key.pem
Copied!
content_copy
The contents of the private key file should look like a large jumble of random characters.
This is actually correct, so don't worry about being able to read it:
Now, let's generate the public key from the private key, and inspect that one, too. Now
that you have a private key, you need to generate a public key that goes along with it.
You can give that to anyone who wants to send you encrypted data. When data is
hashed using your public key, nobody will be able to decrypt it unless they have your
private key. To create a public key based on a private key, enter the command below.
You should see the following output:
content_copy
cat public_key.pem
Copied!
content_copy
Now that both of your keys have been created, and you can start using them to encrypt
and decrypt data. Let's dive in!
You'll simulate someone encrypting a file using your public key and sending it to you,
which allows you (and only you!) to decrypt it using your private key. Similarly, you can
encrypt files using other people's public keys, knowing that only they will be able to
decrypt them.
You'll create a text file that contains some information you want to protect by encrypting
it. Then, you'll encrypt and inspect it. To create the file, enter the command below. It will
create a new text file called "secret.txt" which just contains the text, "This is a secret
message, for authorized parties only". Feel free to change this message to anything
you'd like.
echo 'This is a secret message, for authorized parties only' > secret.txt
Copied!
content_copy
Then, to encrypt the file using your public key, enter this command:
content_copy
This creates the file "secret.enc", which is an encrypted version of "secret.txt". Notice
that if you try to view the contents of the encrypted file, the output is garbled. This is
totally normal for encrypted messages because they're not meant to have their contents
displayed visually.
Here's an example of what displaying the encrypted file "secret.enc" looks like in the
nano editor using the following command below:
nano ~/secret.enc
Copied!
content_copy
Output:
The encrypted file will now be ready to send to whoever holds the matching private key.
Since that's you, you can decrypt it and get the original contents back. Remember that
we must use the private key to decrypt the message, since it was encrypted using the
public key. Go ahead and decrypt the file, using this command:
content_copy
This will print the contents of the decrypted file to the screen, which should match the
contents of "secret.txt":
Now, you'll create a hash digest of the message, then create a digital signature of this
digest. Once that's done, you'll verify the signature of the digest. This allows you to
ensure that your message wasn't modified or forged. If the message was modified, the
hash would be different from the signed one, and the verification would fail.
content_copy
This creates a file called "secret.txt.sha256" using your private key, which contains the
hash digest of your secret text file.
With this file, anyone can use your public key and the hash digest to verify that the file
hasn't been modified since you created and hashed it. To perform this verification, enter
this command:
content_copy
This should show the following output, indicating that the verification was successful
and the file hasn't been modified by a malicious third party:
Verified OK
If any other output was shown, it would indicate that the contents of the file had been
changed, and it's likely no longer safe.
Conclusion
Wohoo! You've successfully used openssl to create both a public and a private key. You
used them to practice file encryption and decryption, and to create and verify digital
hashes.
You will be given an opportunity to rate the lab experience. Select the applicable number
of stars, type a comment, and then click Submit.
Introduction
In this lab, you'll have hands-on practice demonstrating hashing and hash verification
using md5sum and shasum tools.
Md5sum is a hashing program that calculates and verifies 128-bit MD5 hashes. As with
all hashing algorithms, theoretically, there's an unlimited number of files that will have
any given MD5 hash. Md5sum is used to verify the integrity of files.
Similarly, shasum is an encryption program that calculates and verifies SHA hashes. It's
also commonly used to verify the integrity of files.
In this lab, you'll see that almost any change to a file will cause its MD5 hash or SHA
hashes to change.
What you'll do
Compute:You'll create a text file and generate hashes using the md5sum and shasum
tools.
Inspect:After you generate the hash digests, you'll inspect the resulting files.
Verify:You'll verify the hash using the md5sum and shasum tools.
Modify:You'll modify the text file and compare these results to the original hash to
observe how the digest changes and how the hash verification process fails.
You'll need to start the lab before you can access the materials. To do this, click the
green “Start Lab” button at the top of the screen.
After you click the “Start Lab” button, you will see a shell, where you will be performing
further steps in the lab. You should have a shell that looks like this:
MD5
The other category of multi-factor authentication is biometrics, which has gained in popularity in recent
years, especially in mobile devices. Biometric authentication is the process of using unique physiological
characteristics of an individual to identify them. By confirming the biometric signature, the individual is
authenticated. A very common use of this in mobile devices,is fingerprint scanners to unlock phone. This
works by registering your fingerprints first using an optical sensor that captures images of the unique
pattern of your fingerprint. Much like how passwords should never be stored in plain text,
biometric data used for authentication, so it also never be stored directly. This is even more important for
handling biometric data. Unlike passwords, biometrics are an inherent part of who someone is, so
there are privacy implications to theft or leaks of biometric data.
Biometric characteristics can also be super difficult to change in the event that they're compromised,
unlike passwords. So instead of storing the fingerprint data directly, the data is run through a hashing
algorithm, and the resulting unique hash is stored. One advantage of biometric authentication over
knowledge or token-based systems, is that it's more reliable to identifying individual for
authentication since biometric features aren't usually shareable.
For example, you can't give your friend your fingerprints so that they can log in as you, well, you would
hope not, anyway.
But as schools start to introduce fingerprint-based attendance recording systems, students are finding
ways to trick the system.They're creating fake fingerprints using things like glue allowing friends to mark
each other as present if they're late or if they skip school. This is harder to achieve than sharing a password
but it's sort of ingenious of these kids to think up. They really go the extra mile to skip school these days,
not that I'm condoning this behavior. Other biometric systems use features like iris scans,
facial recognition, gate detection and even voice. Microsoft developed the biometric authentication system
for Windows 10 called Windows Hello, which supports fingerprint identification, iris identification and
facial recognition. It uses two cameras, one for color and one for infrared, which allows for depth
detection. This way it's not possible to trick the system using a print out of an authorized user's face.
An evolution of physical tokens, is the U2F or universal second factor, it's a standard developed jointly by
Google, Yubico, and NXP Semiconductors. The finalized standard for U2F are being hosted by the FIDO
Alliance. U2F incorporates a challenge response mechanism along with public key cryptography to
implement a more secure and more convenient second factor authentication solution.
U2F tokens are referred to as security keys and are available from a range of manufacturers.
Security keys are essentially small embedded crypto processors that have secure storage of asymmetric
keys, and additional slots to run embedded code. Let's do a quick rundown on how exactly security keys
work and how their improvement over an OTP solution. The first step is registration, since the security key
must be registered with a site or service. At registration time, the security key generates a private public
key pair unique to that site and submits the public key to the site for registration, it also binds the identity
of the site with the key pair. The reason for unique key pairs for each site is for privacy reason. if a site is
compromised, this prevents cross referencing registered public keys and discovering commonalities
between sites based on registration data. Once registered with the site, the next time you're prompted to
authenticate, you'll be prompted for your user name and password as usual.
But afterwards you'll be prompted to tap your security key. When you physically tap the security key, it's a
small check for user presence to ensure malware can't authenticate on your behalf without your
knowledge.
This tap will unlock the private keys stored in the security key which is used
to authenticate.
The authentication happens as a challenge response process which protects
against replay attacks.
This is because the authentication session can't be used again later
by an eavesdropper, because the challenge and
resulting response will be different with every authentication session.
What happens is the site generates a challenge, essentially some randomized
data, and sends this to the client that's attempting to authenticate.
The client will then select the private key matching this site, and
use this key to sign the challenge, and send the signed data back.
The site can now verify the signature using the public key that was
registered earlier, if the signature checks out, the user is authenticated.
From a security perspective, this is a much more secure design than OTPs.
This is because the authentication flow is protected from phishing attacks given
the interactive nature of the process.
Security keys are also resistant to cloning or forgery because they have
unique embedded secrets on them and are protected from tampering.
From the convenience perspective,
this is a much nicer authentication flow compared to OTPs, since the user doesn't
have to manually transcribe a string of numbers into the authentication dialog.
All they have to do is tap their security key, nice and easy.
As an IT support specialist, you may come across multi-factor authentication setups
that you'd be responsible for supporting,
you might even be tasked with helping to implement one.
So it's important to understand how they provide enhanced account protection along
with the options that are available.
Biometric authentication occurs in two steps: enrollment and authentication. Enrollment happens when
the user provides their biometric data for the first time through a hardware scanner. Specific features of
that biometric data are extracted, encrypted, and stored, often in a database or on a personal mobile
device. Authentication, as the second step, happens when a user presents their biometric data again to the
scanner to gain access to the secured item. This new scan is compared against the original stored
biometric data to authenticate the person’s identity.
Fingerprint scanning
In a previous video, you learned about fingerprint scanners as an authentication method for mobile
devices. Fingerprint scanners use small capacitive cells that are engineered to detect fingerprint ridges.
Dirt and moisture can interfere with the scanner’s ability to do its job. As an IT Support specialist, you may
need to replace damaged fingerprint scanners on customer devices.
Facial recognition
Many smartphone models provide the hardware and software to use facial recognition as a biometric
authentication method. This often requires two cameras. The first camera uses normal color photography.
The second camera uses infrared technology to measure depth and ensure your face is 3-dimensional. This
prevents hackers from using photographs of the authorized users to unlock mobile devices.
The geographical location of a user can serve as one part of a multi-factor authentication policy or to deny
access to users based on their locations. Geolocation services can use GPS, IP ranges, WiFi access points,
cell phone towers, and/or Bluetooth beacons to estimate a mobile user’s location.
Geofencing
Geofencing is used to authenticate users who are physically within a certain radius of a specific location.
For example, if you order food using McDonald’s smartphone app, the restaurant will not process your
order until your smartphone is within a certain radius of the restaurant. You cannot send someone else to
pick up your order either, as that person cannot authenticate without your smartphone being within the
geofencing radius.
NFC transmits on the same frequency as high frequency RFID (13.56 MHz) and has a short distance range of
10 centimeters. The short distance range provides some protection from hackers attempting to intercept
the connection to obtain your credit card information. However, NFC is not fully secure. An innocuous
looking NFC scanner sitting next to an NFC-enabled payment device could record all NFC transactions that
occur within the 10 cm of the device in a “man in the middle” security breach.
You may already be familiar with using gestures like swipe patterns to unlock a smartphone. Another
gesture-based authentication method is the Picture Password, which requires the user to touch specific,
secret points on a photograph to unlock the device.
Patterns of people’s behaviors can be used to authenticate identity. For example, an organization might
keep track of computer system login and logout times of employees. These patterns could be monitored
for any unusual changes in employee behavior, which may indicate that the “employee” is instead an
imposter.
Turing tests are used to determine if an unknown entity is a human or a machine. You have probably
responded to a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart)
to authenticate that you are indeed a human and not a bot. This is accomplished by asking the user to
identify items within a set of photographs. Photos are used for this test because images are more difficult
for bots to identify than text.
Key takeaways
There are a variety of MFA protocols that can be implemented to protect the confidentiality, privacy, and
security of data and networks. The 5 types of authentication can be categorized as:
For more information about methods of authentication to protect data, please visit:
Geolocation—The Risk and Benefits of a Trending Technology - Discusses impacts, benefits, risks,
risk mitigation, security, governance, and privacy concerns of geolocation technologies.
Understanding The 5 Factors Of Multi-Factor Authentication - Overview of the 5 Factors:
Something you know, Something you have, Something you are, Somewhere you are, and
Something you do.
Homeland Security Biometrics - History and use cases of biometrics for maximum security and
identification of criminals in the United States Departments of Homeland Security, Defense,
Justice, and Commerce, as well as the National Institute of Standards and Technology.
A Review on Authentication Methods - Informative peer-reviewed journal article on authentication
methods.
Modern Authentication Methods: A Comprehensive Survey - Peer-reviewed journal article with
expanded coverage of two-factor and multi-factor authentication topics. Provides comprehensive
comparisons of advantages and disadvantages of each authentication method.
What is the Difference Between NFC and RFID? - A comparison of NFC and RFID technologies.
Fingerprint Reader Replacement Guide - Provides photos of internal fingerprint scanner hardware
parts, as well as instructions on how to replace a fingerprint scanner on a laptop.
Many of the security threats associated with mobile devices are the same as those of
traditionally networked devices, such as hacking and malware. However, mobile devices face
additional threats that other devices do not.
1. Phishing: Phishing attacks can use SMS messaging, email accounts, messages via
numerous social media applications, or malicious links in browsers to target your
mobile devices.
2. Malicious applications (malware): Malware can take the form of apps designed to
collect and transmit personal and corporate information to third parties.
3. Insecure Wi-Fi and “meddler in the middle” attacks: An attacker places themself in
the middle of two hosts that think they're communicating directly. The attacker may
monitor the information from these hosts and potentially modify it in transit. Open or
"free" Wi-Fi hotspots are especially susceptible to meddler in the middle and similar
attacks.
4. Poor update habits for devices and apps: An example is failure to install security
patches regularly deployed through software and firmware updates. Unpatched
devices and applications often contain exploits and vulnerabilities that attackers may
use to collect sensitive data.
You can imagine how all these issues could threaten confidentiality, integrity, or access (the
CIA triad)—but confidentiality is of particular concern for mobile security.
There are several security measures in place to protect mobile devices from these security
concerns.
Screen Locks
Screen locks are methods for preventing unauthorized access to a device. They can be
particularly effective for diminishing risks associated with the loss or theft of the device.
These measures include:
Facial recognition: uses a device’s camera to unlock the device once the user’s face is
recognized
PIN codes: uses a sequence of four or more numbers to unlock the device
Fingerprint recognition: matches a user’s fingerprint with a saved image of the
fingerprint to unlock the device
Pattern uses: uses a pattern that users must trace to unlock the device
Remote wipes
Remote wipes are methods to remove data from a device remotely. Remote wiping is another
way to diminish risks associated with the loss or theft of a device and include:
Once IT staff and management collaborate to build a mobile security policy, there is still work
to do. Organizations must find the best way to outline this policy and communicate it to
users. A policy is only effective if users understand and adhere to it.
Key takeaways:
As your organization embraces the advantages of mobile devices and wireless networks, your
IT security strategies must account for the specific risks, vulnerabilities, and threats
associated with mobile computing by:
# Title Link
Top 4 mobile security threats https://www.techtarget.com/searchmobilecomputing/tip/Top-
1
and challenges for businesses mobile-security-threats-and-challenges-for-businesses
The ultimate guide to mobile
https://www.techtarget.com/searchmobilecomputing/The-ultim
2 device security in the
guide-to-mobile-device-security-in-the-workplace
workplace
What Is the CIA Triad?
Understanding the significance
of the three foundational
3 https://www.f5.com/labs/articles/education/what-is-the-cia-tri
information security
principles: confidentiality,
integrity, and availability.
OAuth is an open standard that allows users to grant third party websites and
applications access to their information without sharing account credentials.
This can be thought of as a form of access delegation because access to the user's
account is being delegated to the third party.
This is accomplished by prompting the user to confirm that they agree to permit
the third party access to certain information about their account.
Typically, this prompt will specifically list which pieces of information or
access are being requested.
Once confirmed, the identity provider will supply the third party with a token that
gives them access to the user's information.
This token can then be used by the third party to access data or
services offered by the identity provider directly on behalf of the user.
OAuth is commonly used to grant access to third party applications to APIs
offered by large internet companies like Google, Microsoft and Facebook.
Let's say you want to use a third party meme creation website.
This website lets you create memes using templates and
gives you the option to save your creations and email them to your friends.
Instead of the site sending the emails directly,
which would appear to be coming from an address your friends wouldn't recognize.
The site uses OAuth to get permission to send the memes using your email account
directly.
This is done by making an OAuth request to your email provider.
Once you approve this request, the email provider issues an access token
to the site which grants the site access to your email account.
The access token would have a scope which says that it can only be used to access
email, not other services associated with the account.
So it can access email but not your Cloud storage files or calendar for example,
it's important that users pay attention to what third party is requesting access.
And what exactly they're granting access to.
OAuth permissions can be used in phishing style attacks to gain access to accounts
without requiring credentials to be compromised.
This works by sending phishing emails to potential victims that look like
legitimate OAuth authorization requests.
Which asked the user to grant access to some aspects of their account through
OAuth.
Once the user grants access,
the attacker has access to the account through the OAuth authorization token.
This was used in an OAuth based worm attack in early 2017.
There was a rash of phishing emails that appear to be from a friend or
colleague who wanted to share a Google doc.
When the sharing link was followed, the victim was prompted to log in and
authorized access to email, documents.
And contacts for
some third party service which only identified itself as the name Google Apps.
But it was actually a malicious service that would
then email contacts from their email account perpetuating the attack.
It's important to distinguish between OAuth and open ID.
OAuth is specifically an authorization system and
open ID is an authentication system though they're usually used together.
Open ID connect is an authentication layer built on top of OAuth point designed
to improve upon open ID, and build better integration with OAuth authorizations.
Sense to Tax plus is a full A A system.
It also handles authorization along with authentication.
This is done once a user is authenticated by allowing or disallowing access for
the user account to run certain commands or access certain devices.
This lets you not only allow admin access for users that administer devices while
still allowing less privileged access to other users when necessary.
Here's an example, since your networking teams are responsible for configuring and
maintaining your network switches.
Routers and other infrastructure, you'd give them admin access to your network and
equipment.
Meanwhile, you can have limited read only access to your support team since
they don't need to be able to make changes to switch configurations in their jobs.
Read only access is enough for them to troubleshoot problems.
The rest of the user accounts would have no access at all and
wouldn't be permitted to connect to the networking infrastructure.
So more sophisticated or configurable AAA systems may even allow further
refinement of authorization down to the command level.
This gives you much more flexibility in how your access is granted to specific
users or groups in your organization.
Radius also allows you to authorize network access.
For example, you may want to permit some users to have WiFi and
VPN access while others may not need this.
When they authenticate to the radius server, if the authentication succeeds,
the radius server returns configuration information to the network access server.
This includes authorizations,
which specifies what network services the user is permitted to access.
Last but not least, the final A of the triple AAA's of security is accounting.
This means keeping records of what resources and
services your users access or what they did when they were using your systems.
A critical component of this is auditing which involves reviewing these records to
ensure that nothing is out of the ordinary.
If we're watching and recording usage of our systems but
never actually checking the usage data, that's not super useful.
So what exactly do counting systems keep track of?
Well, that depends on the purpose and intent of the system.
For example,
a TACACS+ server would be more concerned with keeping track of user authentication.
What systems they authenticated to and
what commands they ran during their session.
This is because TACACS+ is a device access AAA system that manages
who has access to your network devices and what they do on them.
Cisco's AAA system supports accounting of individual commands
executed connection to and from network devices.
Commands executed in privileged mode and network services and
system details like configuration reloads or reboots.
Radius would track details like session duration, client location and bandwidth or
other resources used during the session.
This is because radius is a network access AAA system so
it tracks details about network access and usage.
Radius accounting kicks off with the network access server sending
an accounting request packet to the accounting server that contains
an event record to be logged.
This starts the accounting session on the server.
The server replies with an accounting response indicating that the message was
received.
The nass will continue sending periodic accounting messages with statistics
of the session until an accounting stop packet is received.
Radius accounting can be used for billing purposes by ISPs.
Because it records the length of a session and the amount of data sent and
received by the user.
This data can also be used to enforce data or time quotas, limiting the duration of
sessions or restricting the amount of data that can be sent or received.
But this accounting information isn't detailed and
won't contain specifics of what exactly the user did during the session.
Information, like websites visited or what protocols were used aren't recorded.
Module 3 Glossary
New terms and their definitions: Course 5 Week 3
Access Control Entries: The individual access permissions per object that make up the ACL
Access Control List (ACL): It is a way of defining permissions or authorizations for objects
Accounting: Keeping records of what resources and services your users access or what they did when they
were using your systems
Auditing: It involves reviewing records to ensure that nothing is out of the ordinary
Authentication: A crucial application for cryptographic hash functions
Authorization: It pertains to describing what the user account has access to or doesn't have access to
Certificate Revocation List (CRL): A means to distribute a list of certificates that are no longer valid
Client certificates: They operate very similarly to server certificates but are presented by clients and allow
servers to authenticate and verify clients
Counter-based tokens: They use a secret seed value along with the secret counter value that's
incremented every time a one-time password is generated on the device
Data information tree: A structure where objects will have one parent and can have one or more children
that belong to the parent object
Distinguished name (DN): A unique identifier for each entry in the directory
Extensible authentication protocol (EAP over LAN, or EAPOL): A standard authentication protocol
Kerberos: A network authentication protocol that uses tickets to allow entities to prove their identity over
potentially insecure channels to provide mutual authentication
Lightweight Directory Access Protocol (LDAP): An open industry-standard protocol for accessing and
maintaining directory services; the most popular open-source alternative to the DAP
Multifactor authentication (MFA): A system where users are authenticated by presenting multiple pieces
of information or objects
Network time protocol (NTP): A network protocol used to synchronize the time between the
authenticator token and the authentication server
OAuth: An open standard that allows users to grant third-party websites and applications access to their
information without sharing account credentials
One-time password (OTP): A short-lived token, typically a number that's entered along with a username
and password
One-time password (OTP) tokens: Another very common method for handling multifactor
OpenID: An open standard that allows participating sites known as Relying Parties to allow authentication
of users utilizing a third party authentication service
Organizational units (OUs): Folders that let us group related objects into units like people or groups to
distinguish between individual user accounts and groups that accounts can belong to
Physical tokens: They take a few different forms, such as a USB device with a secret token on it, a
standalone device which generates a token, or even a simple key used with a traditional lock
Remote Authentication Dial-in User Service (RADIUS): A protocol that provides AAA services for users
on a network
Risk mitigation: Understanding the risks your systems face, take measures to reduce those risks, and
monitor them
Security keys: Small embedded cryptoprocessors, that have secure storage of asymmetric keys and
additional slots to run embedded code
Single Sign-on (SSO): An authentication concept that allows users to authenticate once to be granted
access to a lot of different services and applications
TACACS+: It is a device access AAA system that manages who has access to your network devices and
what they do on them
Ticket granting service (TGS): It decrypts the Ticket Granting Ticket using the Ticket Granting Service
secret key, which provides the Ticket Granting Service with the client Ticket Granting Service session key
U2F (Universal 2nd Factor): It's a standard developed jointly by Google, Yubico and NXP Semiconductors
that incorporates a challenge-response mechanism, along with public key cryptography to implement a
more secure and more convenient second-factor authentication solution
XTACACS: It stands for Extended TACACS, which was a Cisco proprietary extension on top of TACACS
Advanced Encryption Standard (AES): The first and only public cipher that's approved for use with top
secret information by the United States National Security Agency
Asymmetric encryption: Systems where different keys are used to encrypt and decrypt
Availability: Means that the information we have is readily accessible to those people that should have it
Backdoor: A way to get into a system if the other methods to get in a system aren't allowed, it's a secret
entryway for attackers
Baiting: An attack that happens through actual physical contact, enticing a victim to do something
Block ciphers: The cipher takes data in, places that into a bucket or block of data that's a fixed size, then
encodes that entire block as one unit
Bots: Machines compromised by malware that are utilized to perform tasks centrally controlled by an
attacker
Brute force attacks: A common password attack which consists of just continuously trying different
combinations of characters and letters until one gets access
CA (Certificate authority): It's the entity that's responsible for storing, issuing, and signing certificates. It's
a crucial component of the PKI system
Caesar cipher: A substitution alphabet, where you replace characters in the alphabet with others usually
by shifting or rotating the alphabet, a set of numbers or characters
CBC-MAC (Cipher block chaining message authentication codes): A mechanism for building MACs using
block ciphers
Central repository: It is needed to securely store and index keys and a certificate management system of
some sort makes managing access to storage certificates and issuance of certificates easier
Certificate fingerprints: These are just hash digests of the whole certificate, and aren't actually fields in
the certificate itself, but are computed by clients when validating or inspecting certificates
Certificate Revocation List (CRL): A means to distribute a list of certificates that are no longer valid
Certificate Signature Algorithm: This field indicates what public key algorithm is used for the public key
and what hashing algorithm is used to sign the certificate
Certificate-based authentication: It is the most secure option, but it requires more support and
management overhead since every client must have a certificate
CMACs (Cipher-based Message Authentication Codes): The process is similar to HMAC, but instead of
using a hashing function to produce a digest, a symmetric cipher with a shared keys used to encrypt the
message and the resulting output is used as the MAC
Code signing certificates: It is used for signing executable programs and allows users of these signed
applications to verify the signatures and ensure that the application was not tampered with
Cross-site scripting (XSS): A type of injection attack where the attacker can insert malicious code and
target the user of the service
Cryptography: The overarching discipline that covers the practice of coding and hiding messages from
third parties
Cryptosystem: A collection of algorithms for key generation and encryption and decryption operations
that comprise a cryptographic service
Cryptographic hashing: It is distinctly different from encryption because cryptographic hash functions
should be one directional
Data binding and sealing: It involves using the secret key to derive a unique key that's then used for
encryption of data
Decryption: The reverse process from encryption; taking the garbled output and transforming it back into
the readable plain text
Denial-of-Service (DoS) attack: An attack that tries to prevent access to a service for legitimate users by
overwhelming the network or server
Deterministic: It means that the same input value should always return the same hash value
Dictionary attack: A type of password attack that tries out words that are commonly used in passwords,
like password, monkey, football
DSA (Digital Signature Algorithm): It is another example of an asymmetric encryption system, though its
used for signing and verifying data
ECDH & ECDSA: Elliptic curve variants of Diffie-Hellman and DSA, respectively
Eliptic curve cryptography (ECC): A public key encryption system that uses the algebraic structure of
elliptic curves over finite fields to generate secure keys
Encapsulating security payload: It's a part of the IPsec suite of protocols, which encapsulates IP packets,
providing confidentiality, integrity, and authentication of the packets
Encryption: The act of taking a message (plaintext), and applying an operation to it (cipher), so that you
receive a garbled, unreadable message as the output (ciphertext)
Encryption algorithm: The underlying logic or process that's used to convert the plaintext into ciphertext
Entropy pool: A source of random data to help seed random number generators
Evil twin: The premise of an evil twin attack is for you to connect to a network that is identical to yours but
that is controlled by an attacker. Once connected to it, they will be able to monitor your traffic
FIPS (Federal Information Processing Standard): The DES that was adopted as a federal standard for
encrypting and securing government data
Forward secrecy: This is a property of a cryptographic system so that even in the event that the private key
is compromised, the session keys are still safe
Frequency analysis: The practice of studying the frequency with which letters appear in ciphertext
Full disk encryption (FDE): It is the practice of encrypting the entire drive in the system
HMAC (Keyed-Hash Message Authentication Codes): It uses a cryptographic hash function along with a
secret key to generate a MAC
HTTPS: Hypertext Transfer Protocol Secure is a secure version of HTTP that ensures the communication
your web browser has with the website is secured through encryption
Injection attacks: A common security exploit that can occur in software development and runs rampant on
the web, where an attacker injects malicious code
Intermediary (subordinate) CA: It means that the entity that this certificate was issued to can now sign
other certificates
IPsec (Internet Protocol security): A VPN protocol that was designed in conjunction with IPv6
Issuer Name: This field contains information about the authority that signed the certificate
Kerckhoff's principle: A principle that states that a cryptosystem, or a collection of algorithms for key
generation and encryption and decryption operations that comprise a cryptographic service should remain
secure, even if everything about the system is known except for the key
Key: A crucial component of a cipher, which introduces something unique into your cipher
Key signing parties: Organized by people who are interested in establishing a web of trust, and
participants perform the same verification and signing
Key size: It is the total number of bits or data that comprises the encryption key
Keylogger: A common type of spyware that's used to record every keystroke you make
MACs (Message Authentication Codes): A bit of information that allows authentication of a received
message, ensuring that the message came from the alleged sender and not a third party masquerading as
them
Malware: A type of malicious software that can be used to obtain your sensitive information or delete or
modify files
Meddler in the middle (formerly known as Man in the Middle): An attack that places the attacker in the
middle of two hosts that think they're communicating directly with each other
MD5: A popular and widely used hash function designed in the early 1990s as a cryptographic hashing
function
MIC (Message Integrity Check): It is essentially a hash digest of the message in question
Password attacks: Utilize software like password crackers that try and guess your password
Password salt: Additional randomized data that's added into the hashing function to generate the hash
that's unique to the password and salt combination
PGP (Pretty Good Privacy) encryption: An encryption application that allows authentication of data
along with privacy from third parties relying upon asymmetric encryption to achieve this
Phishing attack: It usually occurs when a malicious email is sent to a victim disguised as something
legitimate
Ping flood: It sends tons of ping packets to a system. If a computer can't keep up with this, then it's prone
to being overwhelmed and taken down
PKI system: A system that defines the creation, storage and distribution of digital certificates
Public key authentication: A key pair is generated by the user who wants to authenticate
Public key signatures: Digital signature generated by composing the message and combining it with the
private key
RA (Registration Authority): It is responsible for verifying the identities of any entities requesting
certificates to be signed and stored with the CA
Rainbow table attacks: To trade computational power for disk space by pre-computing the hashes and
storing them in a table
Rainbow tables: A pre-computed table of all possible password values and their corresponding hashes
Random numbers: A very important concept in encryption because it avoids some kind of pattern that an
adversary can discover through close observation and analysis of encrypted messages over time
Ransomware: A type of attack that holds your data or system hostage until you pay some sort of ransom
RC4 (Rivest Cipher 4): Asymmetric stream cipher that gained widespread adoption because of its
simplicity and speed
Remote attestation: The idea of a system authenticating its software and hardware configuration to a
remote system
Risk: The possibility of suffering a loss in the event of an attack on the system
Rogue Access Point (AP) Attack: An access point that is installed on the network without the network
administrator's knowledge
Root certificate authority: They are self signed because they are the start of the chain of trust, so there's
no higher authority that can sign on their behalf
RSA: One of the first practical asymmetric cryptography systems to be developed, named for the initials of
the three co-inventors: Ron Rivest, Adi Shamir and Leonard Adleman
Screen lock: A security feature that helps prevent unwanted access by creating an action you have to do to
gain entry
Secure channel: It is provided by IPsec, which provides confidentiality, integrity, and authentication of
data being passed
Secure element: It's a tamper resistant chip often embedded in the microprocessor or integrated into the
mainboard of a mobile device
Secure Shell (SSH): A secure network protocol that uses encryption to allow access to a network service
over unsecured networks
Security through obscurity: The principle that if no one knows what algorithm is being used or general
security practices, then one is safe from attackers
Self-signed certificate: This certificate has been signed by the same entity that issued the certificate
Serial number: A unique identifier for their certificate assigned by the CA which allows the CA to manage
and identify individual certificates
Session key: The shared symmetric encryption key using TLS sessions to encrypt data being sent back and
forth
SHA1: It is part of the secure hash algorithm suite of functions, designed by the NSA and published in 1995
Shannon's maxim: It states that the system should remain secure, even if your adversary knows exactly
what kind of encryption systems you're employing, as long as your keys remain secure
Social engineering: An attack method that relies heavily on interactions with humans instead of
computers
Spear phishing: Phishing that targets individual or group - the fake emails may contain some personal
information like your name, or the names of friends or family
SQL Injection Attack: An attack that targets the entire website if the website is using a SQL database
SSL 3.0: The latest revision of SSL that was deprecated in 2015
SSL/TLS Client Certificate: Certificates that are bound to clients and are used to authenticate the client
to the server, allowing access control to a SSL/TLS service
SSL/TLS Server Certificate: A certificate that a web server presents to a client as part of the initial secure
setup of an SSL, TLS connection
Steganography: The practice of hiding information from observers, but not encoding it
Stream ciphers: It takes a stream of input and encrypts the stream one character or one digit at a time,
outputting one encrypted character or digit at a time
Subject: This field contains identifying information about the entity the certificate was issued to
Subject Public Key Info: These two subfields define the algorithm of the public key along with the public
key itself
Substitution cipher: An encryption mechanism that replaces parts of your plaintext with ciphertext
Symmetric key algorithm: Encryption algorithms that use the same key to encrypt and decrypt messages
Tailgating: Gaining access into a restricted area or building by following a real employee in
TLS 1.2 with AES GCM: A specific mode of operation for the AES block cipher that essentially turns it into
a stream cipher
TLS Handshake: A mechanism to initially establish a channel for an application to communicate with a
service
TPM (Trusted Platform Module): This is a hardware device that's typically integrated into the hardware
of a computer, that's a dedicated crypto processor
Transport mode: One of the two modes of operations supported by IPsec. When used, only the payload of
the IP packet is encrypted, leaving the IP headers untouched
Trojan: Malware that disguises itself as one thing but does something else
Trusted execution environment (TEE): It provides a full-blown isolated execution environment that runs
alongside the main OS
Tunnel: It is provided by L2TP, which permits the passing of unmodified packets from one network to
another
Tunnel mode: One of the two modes of operations supported by IPsec. When used, the entire IP packet,
header, payload, and all, is encrypted and encapsulated inside a new IP packet with new headers
Username and password authentication: Can be used in conjunction with certificate authentication,
providing additional layers of security
Validity: This field contains two subfields, Not Before and Not After, which define the dates when the
certificate is valid for
VPN (Virtual Private Network): A secure method of connecting a device to a private network over the
internet
Vulnerability: A flaw in the system that could be exploited to compromise the system
Web of trust: It is where individuals instead of certificate authorities sign other individuals' public keys
Worms: They are similar to viruses except that instead of having to attach themselves onto something to
spread, worms can live on their own and spread through channels like the network
X.509 standard: It is what defines the format of digital certificates, as well as a certificate revocation list or
CRL
Z
0-Day Vulnerability (Zero Day): A vulnerability that is not known to the software developer or vendor, but
is known to
Authentication
The three main components in the authentication process are:
Supplicant is the client making the request to access the LAN or wireless access point.
Authenticator takes the packet from the supplicator and sends it to the authentication server until
the session is authenticated. Any other information sent before authentication occurs is dropped.
Authentication server provides a database of information required for authentication, and
informs the authenticator to deny or permit access to the supplicant.
Authentication occurs when a client first connects to a network. The client sends a packet of information
and the authenticator sends the packet to the authentication server. In some instances, the authenticator
and authentication server may be integrated into a single point. The authentication server then verifies the
identity or key against the information in its database. If the credentials are valid, the authentication
succeeds. Then the server begins processing the connection request. If the credentials are not valid, the
authentication fails. The authentication server sends an Access Reject message and the connection request
is denied.
Authentication methods
When the request is sent to the authentication server there are a couple of methods for authentication.
IEEE defines two different link-level authentication methods:
Shared key system is a shared key or passphrase that is manually set on both the mobile device
and the AP/router.
Open system is when the authentication server has a list of authorized clients to check against
when a client requests access. This list is usually in the form of MAC addresses but it varies by
network.
Shared Key authentication methods
There are several shared key authentication methods that are commonly used:
Wired Equivalent Privacy (WEP) is not recommended for a secure WLAN. The main security risk
is hackers capturing the encrypted form of an authentication response frame, using widely
available software applications, and using the information to crack WEP encryption.
Wi-Fi Protected Access (WPA) complies with the wireless security standard and strongly
increases the level of data protection and access control (authentication) for a wireless network.
WPA enforces IEEE 802.1X authentication and key-exchange and only works with dynamic
encryption keys.
Wi-Fi Protected Access 2 (WPA2) is a security enhancement to WPA. Users must ensure the
mobile device and AP/router are configured using the same WPA version and pre-shared key (PSK).
Association allows the access point or router to record each mobile device so that data is properly
delivered. This occurs after authentication is complete.
These authentication methods are standardized under the IEEE 802.1X protocol.
Key takeaways
IEEE 802.1x is a protocol developed to let clients connect to port based networks using modern
authentication methods.
There are three nodes in the authentication process: supplicant, authenticator, and authentication
server.
The authentication server uses either a shared key system or open access system to control who is
able to connect to the network.
Based on the criteria of the authentication server the supplicator will grant the authentication
request and begin the connection process or it will be sent an Access Reject message and
terminate the connection.
Tcpdump is
a super popular lightweight command line-based utility
that you can use to capture and analyze packets.
Tcpdump uses the open-source libpcap library.
That's a very popular packet capture library that's
used in a lot of packet capture and analysis tools.
Tcpdump also supports writing
packet captures to a file for later analysis,
sharing or replaying traffic.
It also supports reading
packet captures back from a file.
Tcpdump's default operating mode
is to provide a brief packet analysis.
It converts key information from layers
3 and up into human-readable formats.
Then it prints information about
each packet to standard
out or directly into your terminal.
It does things like converting the source
and destination IP addresses into
the dotted quad format we're most used to and
it shows the port numbers
being used by the communications.
Let's quickly walk through
the output of a sample Tcpdump.
The first bit of information is fairly straightforward.
It's a timestamp that represents when the packet on
this line was processed by the kernel in local time.
Next the Layer 3 protocol is identified.
In this case, it's IPV4.
After this, the connection quad is shown.
This is the source address,
source port, destination address, and destination port.
Next the TCP flags and
the TCP sequence number are
set on the packet, if there are any.
This is followed by the act number,
TCP window size, then TCP options if there are any set.
Finally, we have payload size in bytes.
Remember these from a few lessons
ago when we covered networking,
Tcpdump allows us to actually
inspect these values from packets directly.
I want to call out that Tcpdump by
default will attempt to
resolve host addresses to host names.
It will also replace port numbers with
commonly associated services that use these ports.
You can override this behavior with the dash n flag.
It's also possible to view
the actual raw data that makes up the packet.
This is represented as hexadecimal digits by using
the dash X flag or X if
you want the X in ascii interpretation of the data.
Remember that packets are just collections of
data or groupings of ones and zeros.
They represent information depending on the values
of this data and where they appear in the data stream.
Think back to packet headers
and how those are structured and formatted.
The view Tcpdump gives us,
let's see the data that fits into
the various fields that make up
the headers for layers and a packet.
Wireshark is another packet capture
and analysis tool that you can use.
But it's way more powerful when it comes to
application and packet analysis compared to Tcpdump.
It's a graphical utility that also uses
the libpcap library for
capture and interpretation of packets.
But it's way more extensible when it
comes to protocol and application analysis.
While Tcpdump can do basic analysis of
some types of traffic like DNS queries and answers,
Wireshark can do way more.
Wireshark can decode encrypted payloads
if the encryption key is known,
it can identify and extract data payloads from
file transfers through protocols like SMB or HTTP.
Wireshark's understanding of application level protocols
even extends to its filter strings.
This allows filter rules like finding
HTTP requests with specific strings in the URL,
which would look like
http.request.uri matches q=wireshark.
That filter string would
locate packets in our capture and that
contain a URL request
that has the specified string within it.
In this case, it would match
a query perimeter from a URL searching for Wireshark.
While this could be done using Tcpdump,
it's much easier using Wireshark.
Let's take a quick look at the Wireshark interface,
which is divided into thirds.
The list of packets are up top,
followed by the layered representation
of a selected packet from the list.
Lastly, the X and ascii
representation of the selected packet are at the bottom.
The packet list view is color-coded to
distinguish between different types
of traffic in the capture.
The color-coded is user configurable.
The defaults are green for TCP packets,
light blue for UDP traffic,
and dark blue for DNS traffic.
Black also highlights problematic TCP packets,
like out-of-order or repeated packets.
Above the packet list pane is
a display filter box which allows
complex filtration of packets to be shown.
This is different from capture filters which follows
the libpcap standard along with Tcpdump.
Wireshark's deep understanding of protocols allows
filtering by protocols along with their specific fields.
Sensor over 2,000 protocols supported by Wireshark.
We won't cover them in detail.
Not only does Wireshark have
very handy protocol handling and filtration,
it also understands and can
follow TCP stream or sessions.
This lets you quickly reassemble and
view both sides of the TCP session
so you can easily view
the full two-way exchange of information between parties.
Some other neat features of
Wireshark is its ability to decode
WPA and WEP encrypted wireless packets
if the passphrase is known.
It's also able to view
Bluetooth traffic with the right hardware,
along with USB traffic in other protocols like Zigbee.
It also supports file carving
or extracting data payloads from files
transferred over unencrypted protocols
like HTTP file transfers or FTP.
It's able to extract audio streams
from unencrypted VOIP traffic.
So basically, Wireshark is awesome.
You might be wondering how packet capture and
analysis fits into security at this point.
Like logs analysis,
traffic analysis is also
an important part of network security.
Traffic analysis is done using
packet captures and packet analysis.
Traffic on a network is basically a flow of packets.
Now being able to capture and
inspect those packets is important
to understanding what type of traffic is
flowing on our networks that we'd like to protect.
Suricata: https://suricata-ids.org/
The Bro Network Security Monitor has recently been renamed to the Zeek Network Security
Monitor: https://www.zeek.org/
UTM solutions stretch beyond the traditional firewall to include an array of network security tools with a
single management interface. UTM simplifies the configuration and enforcement of security controls and
policies, saving time and resources. Security event logs and reporting are also centralized and simplified to
provide a holistic view of network security events.
UTM solutions are available with a variety of options and configurations to meet the network security
needs of an organization:
UTM hardware and software options:
Single host
Entire network
UTM security service and tool options can include:
Firewall: Can be the first line of defense in catching phishing attacks, spam, viruses, malware, and
other potential threats that attempt to access an organization’s network. Firewalls can be
hardware devices or software applications. Firewalls filter and inspect packets of data attempting
to enter and exit a managed network. Rules can be configured to permit or prevent certain types of
packets from entering the network.
Intrusion detection system (IDS): Passively monitors packets of data and network traffic for
unusual patterns that could indicate an attack. IDS devices can monitor entire networks (NIDS) or
just a single host (HIDS). IDS identifies, logs, and alerts IT Support about suspicious traffic.
However, IDS does not prevent an attack from occurring. This system gives IT Support
professionals the opportunity to inspect flagged events to determine how to handle the threat on a
case by case basis.
Intrusion prevention system (IPS): Actively monitors packets and network traffic for potential
malicious attacks. IPS systems can be configured to automatically block attacks or to allow
manual interventions. IPS devices can monitor entire networks (NIPS) or just a single host (HIPS).
Antivirus software: Uses a signature database to obtain the profiles of malicious files, such as
spyware, Trojans, malware, worms, and more. The antivirus software monitors the organization’s
network and systems for these virus signatures. Once identified, the software will block,
quarantine, or destroy them.
Anti-malware software: Scans information streams for known malicious malware signatures and
blocks threats. Additionally, anti-malware software can use heuristic analysis to detect novel
malware threats by identifying key behaviors and characteristics. The software can also use
sandboxing to isolate suspicious files.
Spam gateway: Filters, identifies, and quarantines spam email. Spam gateways are network
servers that use Domain Name Server (DNS) management tools to protect against spam.
Web and content filters: Block user access to risky and malicious websites. When a user attempts
to access an unauthorized or suspicious website using a browser, the UTM web filter can prevent
the website from loading. The filter can also be customized to block certain types of websites or
specific URLs, like social media or other websites that might be a distraction in the workplace.
Data leak/loss prevention (DLP): Monitors outgoing network traffic for personal, sensitive, and
confidential data. DLP includes a verification system to determine if the external data transfer is
authorized or malicious, and can block unauthorized attempts.
Virtual Private Network (VPN): Encrypts data and creates a private “tunnel” to safely transmit
the data through a public network.
UTM solutions offers two methods for inspecting packets in UTM firewalls, IPS, IDS, and VPNs:
Stream-based inspection, also called flow-based inspection: UTM devices inspects data samples
from packets for malicious content and threats as the packets flow through the device in a stream
of data. This process minimizes the duration of the security inspection, which keeps network data
flowing at a faster rate than a proxy-based inspection.
Proxy-based inspection: A UTM network appliance works as a proxy server for the flow of network
traffic. The UTM appliance intercepts packets and uses them to reconstruct files. Then the UTM
device will analyze the file for threats before allowing the file to continue on to its intended
destination. Although this security screening process is more thorough than the stream-based
inspection technique, proxy-based inspections are slower in the transmission of data.
UTM can be cost-effective: Reduces the time and resources needed to manage multiple stand-
alone security tools. Purchasing a suite of integrated tools may also be less expensive than buying
each tool separately.
UTM is flexible and adaptable: Offers flexible solutions and options for security management.
The security services and tools in a UTM can be implemented in any combination that is
appropriate for each network environment.
UTM offers integrated and centralized management: Consolidates multiple security tools into a
central management console. This simplifies monitoring and addressing security threats, as well
as streamlines the management of updates to the UTM components. The central management
feature also helps IT Support staff identify and stop the full extent of an attack across an entire
network.
UTM can become a single point of failure in a network security attack: If an attack disables an
entire UTM solution, there would be no other backup security services or tools to stop that attack.
One of the core principles of information systems management is to design and implement
redundant, backup, and failover systems. When one element of an IT system is attacked or
experiences a failure, there should always be a backup or parallel system to replace it.
UTM might be a waste of resources for small businesses: Small businesses may not need a robust
security solution like UTM. The time and money needed to purchase, implement, and manage a
complex UTM system may not provide a significant return on security benefits for a smaller
network. Cybercriminals are more likely to attack larger targets.
Key takeaways
Unified Threat Management (UTM) systems offer multiple options in a comprehensive suite of
network security tools. UTM solutions can be implemented as hardware and/or software and can
protect either a single host or an entire network.
UTM security services and tool options include firewalls, IDS, IPS, antivirus and anti-malware
software, spam gateways, web and content filters, data leak/loss prevention, and VPN services.
The benefits of using a UTM solution include having a cost-effective network security system that is
flexible and adaptable with a management console that is integrated and centralized. The risks of
using UTM include creating a single point of failure for a network security system and it might be
an unnecessary use of resources for small businesses.
Meddler in the middle attacks allows a meddler to get between two communication devices or
applications. The meddler then replies as the sender and receiver without either one knowing they
are not communicating with the correct person, device, or application. These attacks allow the
meddler to obtain login credentials and other sensitive information.
Data Theft is when data within the network is stolen, copied, sent, or viewed by someone who
should not have access.
Ransomware uses malware to keep users from accessing important files on their network. Hackers
grant access to the files after receiving a ransom payment.
Change the default name and password using the same password guidelines as your company.
Limit access to the home network by not sharing access credentials outside of trusted
individuals.
Create a guest network that allows guests to connect to the internet but not your other devices.
Turn on WiFi network encryption requiring a password before a device can access the internet.
Turn on the router’s firewall to prevent unwanted traffic from entering or leaving your wireless
network without your knowledge. Regularly update your router firmware.
Update to the newest WiFi standard which is the most secure standard for home WiFi.
Another security measure that a company can take is for employees to work over a virtual private network,
or VPN. Using a VPN creates an encrypted, secure internet connection through which employees can
access company data.
Key takeaways
Home network security is vital to protect a company’s sensitive information when employees work from
home.
Data theft, ransomware, and meddler in the middle are common attacks on home networks.
Employees working from home need to take steps to improve the security of their home networks.
Module 4 Glossary
New terms and their definitions: Course 5 Week 4
Activation threshold: Triggers a pre-configured action when it is reached and will typically
block the identified attack traffic for a specific amount of time
Analyzing logs: The practice of collecting logs from different network and sometimes client
devices on your network, then performing an automated analysis on them
CCMP (counter mode CBC-MAC protocol): A mode of operation for block ciphers that
allows for authenticated encryption
Correlation analysis: The process of taking log data from different systems, and matching
events across the systems
Dynamic ARP inspection (DAI): A feature on enterprise switches that prevents certain types
of attacks
Four-Way Handshake: It is designed to allow an AP to confirm that the client has the correct
pairwise master key in a WPA-PSK setup without disclosing the PMK
GTK (Groupwise Transient Key): A temporal key, which is actually used to encrypt data
Hubs: Devices that serve as a central location through which data travels through; a quick
and dirty way of getting packets mirrored to your capture interface
Implicit deny: A network security concept where anything not explicitly permitted or allowed
should be denied
IP source guard (IPSG): It can be enabled on enterprise switches along with DHCP snooping
Logs analysis systems: They are configured using user-defined rules to match interesting or
atypical log entries
Monitor mode: It allows to scan across channels to see all wireless traffic being sent by APs
and clients
Network software hardening: Includes things like firewalls, proxies, and VPNs
OES (Operating Encounter Mode): It turns a block cipher into a stream cipher by using a
random seed value along with an incrementing counter to create a key stream to encrypt
data with
Packet sniffing (packet capture): the process of intercepting network packets in their
entirety for analysis
Pairwise Transient Key (PTK): It is generated using the PMK, AP nonce, Client nonce, AP
MAC address, and Client MAC address
PBKDF2 (Password Based Key Derivation Function 2): Password Based Key Derivation
Function 2
PIN authentication method: It uses PINs that are eight-digits long, but the last digit is a
checksum that's computed from the first seven digits
Port mirroring: Allows the switch to take all packets from a specified port, port range, or the
entire VLAN and mirror the packets to a specified switch port
Post-fail analysis: Investigating how a compromise happened after the breach is detected
Pre-shared key: It's the Wi-Fi password you share with people when they come over and
want to use your wireless network
Promiscuous mode: A type of computer networking operational mode in which all network
data packets can be accessed and viewed by all network adapters operating in this mode
Proxy: Can be useful to protect client devices and their traffic. They also provide secure
remote access without using a VPN
Rainbow tables: A pre-computed table of all possible password values and their
corresponding hashes
Reverse proxy: A service that might appear to be a single server to external clients, but
actually represents many servers living behind it
Rogue DHCP server attack: An attacker can hand out DHCP leases with whatever
information they want by deploying a rogue DHCP server on your network, setting a gateway
address or DNS server, that's actually a machine within their control
Tcpdump: It's a super popular, lightweight command-line based utility that you can use to
capture and analyze packets
TKIP (Temporal Key Integrity Protocol): To address the shortcomings of WEP security
VPNs: Commonly used to provide secure remote access, and link two networks securely
WEP (Wired Equivalent Privacy): First security protocol introduced for Wi-FI networks
Wireshark: It's another packet capture and analysis tool that you can use, but it's way more
powerful when it comes to application and packet analysis, compared to tcpdump
WPS (Wifi Protected Setup): It's a convenience feature designed to make it easier for clients
to join a WPA-PSK protected network
802.1x: It is the IEEE standard for encapsulating EAP or Extensible Authentication Protocol
traffic over the 802 networks
802.1X with EAP-TLS: Offers arguably the best security available, assuming proper and
secure handling of the PKI aspects of it
Access Control Entries: The individual access permissions per object that make up the ACL
Access Control List (ACL): It is a way of defining permissions or authorizations for objects
Accounting: Keeping records of what resources and services your users access or what they
did when they were using your systems
Advanced Encryption Standard (AES): The first and only public cipher that's approved for
use with top secret information by the United States National Security Agency
Asymmetric encryption: Systems where different keys are used to encrypt and decrypt
Auditing: It involves reviewing records to ensure that nothing is out of the ordinary
Authorization: It pertains to describing what the user account has access to or doesn't have
access to
Availability: Means that the information we have is readily accessible to those people that
should have it
Backdoor: A way to get into a system if the other methods to get in a system aren't allowed,
it's a secret entryway for attackers
Baiting: An attack that happens through actual physical contact, enticing a victim to do
something
Bots: Machines compromised by malware that are utilized to perform tasks centrally
controlled by an attacker
Brute force attacks: A common password attack which consists of just continuously trying
different combinations of characters and letters until one gets access
CA (Certificate authority): It's the entity that's responsible for storing, issuing, and signing
certificates. It's a crucial component of the PKI system
Caesar cipher: A substitution alphabet, where you replace characters in the alphabet with
others usually by shifting or rotating the alphabet, a set of numbers or characters
Central repository: It is needed to securely store and index keys and a certificate
management system of some sort makes managing access to storage certificates and
issuance of certificates easier
Certificate fingerprints: These are just hash digests of the whole certificate, and aren't
actually fields in the certificate itself, but are computed by clients when validating or
inspecting certificates
Certificate Revocation List (CRL): A means to distribute a list of certificates that are no
longer valid
Certificate Revocation List (CRL): A means to distribute a list of certificates that are no
longer valid
Certificate Signature Algorithm: This field indicates what public key algorithm is used for
the public key and what hashing algorithm is used to sign the certificate
Certificate-based authentication: It is the most secure option, but it requires more support
and management overhead since every client must have a certificate
CIA Triad: Confidentiality, integrity, and availability. Three key principles of a guiding model
for designing information security policies
Client certificates: They operate very similarly to server certificates but are presented by
clients and allow servers to authenticate and verify clients
CMACs (Cipher-based Message Authentication Codes): The process is similar to HMAC, but
instead of using a hashing function to produce a digest, a symmetric cipher with a shared
keys used to encrypt the message and the resulting output is used as the MAC
Code signing certificates: It is used for signing executable programs and allows users of these
signed applications to verify the signatures and ensure that the application was not tampered
with
Counter-based tokens: They use a secret seed value along with the secret counter value
that's incremented every time a one-time password is generated on the device
Cross-site scripting (XSS): A type of injection attack where the attacker can insert malicious
code and target the user of the service
Cryptography: The overarching discipline that covers the practice of coding and hiding
messages from third parties
Cryptosystem: A collection of algorithms for key generation and encryption and decryption
operations that comprise a cryptographic service
Data binding and sealing: It involves using the secret key to derive a unique key that's then
used for encryption of data
Data information tree: A structure where objects will have one parent and can have one or
more children that belong to the parent object
Decryption: The reverse process from encryption; taking the garbled output and
transforming it back into the readable plain text
Denial-of-Service (DoS) attack: An attack that tries to prevent access to a service for
legitimate users by overwhelming the network or server
Deterministic: It means that the same input value should always return the same hash value
Dictionary attack: A type of password attack that tries out words that are commonly used in
passwords, like password, monkey, football
Distinguished name (DN): A unique identifier for each entry in the directory
DNS Cache Poisoning Attack: It works by tricking a DNS server into accepting a fake DNS
record that will point you to a compromised DNS server
ECDH & ECDSA: Elliptic curve variants of Diffie-Hellman and DSA, respectively
Eliptic curve cryptography (ECC): A public key encryption system that uses the algebraic
structure of elliptic curves over finite fields to generate secure keys
Encapsulating security payload: It's a part of the IPsec suite of protocols, which
encapsulates IP packets, providing confidentiality, integrity, and authentication of the
packets
Encryption algorithm: The underlying logic or process that's used to convert the plaintext
into ciphertext
Encryption: The act of taking a message (plaintext), and applying an operation to it (cipher),
so that you receive a garbled, unreadable message as the output (ciphertext)
Entropy pool: A source of random data to help seed random number generators
Evil twin: The premise of an evil twin attack is for you to connect to a network that is
identical to yours but that is controlled by an attacker. Once connected to it, they will be able
to monitor your traffic
Exploit: Software that is used to take advantage of a security bug or vulnerability
FIPS (Federal Information Processing Standard): The DES that was adopted as a federal
standard for encrypting and securing government data
Forward secrecy: This is a property of a cryptographic system so that even in the event that
the private key is compromised, the session keys are still safe
Frequency analysis: The practice of studying the frequency with which letters appear in
ciphertext
Full disk encryption (FDE): It is the practice of encrypting the entire drive in the system
Hashing (Hash function): A type of function or operation that takes in an arbitrary data input
and maps it to an output of a fixed size, called a hash or a digest
HTTPS: Hypertext Transfer Protocol Secure is a secure version of HTTP that ensures the
communication your web browser has with the website is secured through encryption
Injection attacks: A common security exploit that can occur in software development and
runs rampant on the web, where an attacker injects malicious code
Intermediary (subordinate) CA: It means that the entity that this certificate was issued to
can now sign other certificates
IPsec (Internet Protocol security): A VPN protocol that was designed in conjunction with
IPv6
Issuer Name: This field contains information about the authority that signed the certificate
Kerberos: A network authentication protocol that uses tickets to allow entities to prove their
identity over potentially insecure channels to provide mutual authentication
Key signing parties: Organized by people who are interested in establishing a web of trust,
and participants perform the same verification and signing
Key size: It is the total number of bits or data that comprises the encryption key
Key: A crucial component of a cipher, which introduces something unique into your cipher
Keylogger: A common type of spyware that's used to record every keystroke you make
Malware: A type of malicious software that can be used to obtain your sensitive information
or delete or modify files
MD5: A popular and widely used hash function designed in the early 1990s as a
cryptographic hashing function
Meddler in the middle (formerly known as Man in the Middle): An attack that places the
attacker in the middle of two hosts that think they're communicating directly with each other
MIC (Message Integrity Check): It is essentially a hash digest of the message in question
Network time protocol (NTP): A network protocol used to synchronize the time between the
authenticator token and the authentication server
OAuth: An open standard that allows users to grant third-party websites and applications
access to their information without sharing account credentials
One-time password (OTP) tokens: Another very common method for handling multifactor
One-time password (OTP): A short-lived token, typically a number that's entered along with
a username and password
OpenID: An open standard that allows participating sites known as Relying Parties to allow
authentication of users utilizing a third party authentication service
Organizational units (OUs): Folders that let us group related objects into units like people or
groups to distinguish between individual user accounts and groups that accounts can belong
to
Password attacks: Utilize software like password crackers that try and guess your password
Password salt: Additional randomized data that's added into the hashing function to
generate the hash that's unique to the password and salt combination
Physical tokens: They take a few different forms, such as a USB device with a secret token on
it, a standalone device which generates a token, or even a simple key used with a traditional
lock
Ping flood: It sends tons of ping packets to a system. If a computer can't keep up with this,
then it's prone to being overwhelmed and taken down
PKI system: A system that defines the creation, storage and distribution of digital certificates
Public key authentication: A key pair is generated by the user who wants to authenticate
Public key signatures: Digital signature generated by composing the message and
combining it with the private key
Rainbow table attacks: To trade computational power for disk space by pre-computing the
hashes and storing them in a table
Rainbow tables: A pre-computed table of all possible password values and their
corresponding hashes
Random numbers: A very important concept in encryption because it avoids some kind of
pattern that an adversary can discover through close observation and analysis of encrypted
messages over time
Ransomware: A type of attack that holds your data or system hostage until you pay some
sort of ransom
RC4 (Rivest Cipher 4): Asymmetric stream cipher that gained widespread adoption because
of its simplicity and speed
Remote attestation: The idea of a system authenticating its software and hardware
configuration to a remote system
Remote Authentication Dial-in User Service (RADIUS): A protocol that provides AAA
services for users on a network
Risk mitigation: Understanding the risks your systems face, take measures to reduce those
risks, and monitor them
Risk: The possibility of suffering a loss in the event of an attack on the system
Rogue Access Point (AP) Attack: An access point that is installed on the network without the
network administrator's knowledge
Root certificate authority: They are self signed because they are the start of the chain of
trust, so there's no higher authority that can sign on their behalf
RSA: One of the first practical asymmetric cryptography systems to be developed, named for
the initials of the three co-inventors: Ron Rivest, Adi Shamir and Leonard Adleman
Screen lock: A security feature that helps prevent unwanted access by creating an action you
have to do to gain entry
Secure element: It's a tamper resistant chip often embedded in the microprocessor or
integrated into the mainboard of a mobile device
Secure Shell (SSH): A secure network protocol that uses encryption to allow access to a
network service over unsecured networks
Security keys: Small embedded cryptoprocessors, that have secure storage of asymmetric
keys and additional slots to run embedded code
Security through obscurity: The principle that if no one knows what algorithm is being used
or general security practices, then one is safe from attackers
Self-signed certificate: This certificate has been signed by the same entity that issued the
certificate
Serial number: A unique identifier for their certificate assigned by the CA which allows the CA
to manage and identify individual certificates
Session key: The shared symmetric encryption key using TLS sessions to encrypt data being
sent back and forth
SHA1: It is part of the secure hash algorithm suite of functions, designed by the NSA and
published in 1995
Shannon's maxim: It states that the system should remain secure, even if your adversary
knows exactly what kind of encryption systems you're employing, as long as your keys remain
secure
Single Sign-on (SSO): An authentication concept that allows users to authenticate once to be
granted access to a lot of different services and applications
Social engineering: An attack method that relies heavily on interactions with humans instead
of computers
Spear phishing: Phishing that targets individual or group - the fake emails may contain some
personal information like your name, or the names of friends or family
SQL Injection Attack: An attack that targets the entire website if the website is using a SQL
database
SSL 3.0: The latest revision of SSL that was deprecated in 2015
SSL/TLS Client Certificate: Certificates that are bound to clients and are used to
authenticate the client to the server, allowing access control to a SSL/TLS service
SSL/TLS Server Certificate: A certificate that a web server presents to a client as part of the
initial secure setup of an SSL, TLS connection
Steganography: The practice of hiding information from observers, but not encoding it
Stream ciphers: It takes a stream of input and encrypts the stream one character or one digit
at a time, outputting one encrypted character or digit at a time
Subject Public Key Info: These two subfields define the algorithm of the public key along
with the public key itself
Subject: This field contains identifying information about the entity the certificate was issued
to
Substitution cipher: An encryption mechanism that replaces parts of your plaintext with
ciphertext
Symmetric key algorithm: Encryption algorithms that use the same key to encrypt and
decrypt messages
TACACS+: It is a device access AAA system that manages who has access to your network
devices and what they do on them
Tailgating: Gaining access into a restricted area or building by following a real employee in
Ticket granting service (TGS): It decrypts the Ticket Granting Ticket using the Ticket
Granting Service secret key, which provides the Ticket Granting Service with the client Ticket
Granting Service session key
TLS 1.2 with AES GCM: A specific mode of operation for the AES block cipher that
essentially turns it into a stream cipher
TPM (Trusted Platform Module): This is a hardware device that's typically integrated into
the hardware of a computer, that's a dedicated crypto processor
Transport mode: One of the two modes of operations supported by IPsec. When used, only
the payload of the IP packet is encrypted, leaving the IP headers untouched
Trojan: Malware that disguises itself as one thing but does something else
Tunnel mode: One of the two modes of operations supported by IPsec. When used, the entire
IP packet, header, payload, and all, is encrypted and encapsulated inside a new IP packet
with new headers
Tunnel: It is provided by L2TP, which permits the passing of unmodified packets from one
network to another
U
U2F (Universal 2nd Factor): It's a standard developed jointly by Google, Yubico and NXP
Semiconductors that incorporates a challenge-response mechanism, along with public key
cryptography to implement a more secure and more convenient second-factor
authentication solution
Validity: This field contains two subfields, Not Before and Not After, which define the dates
when the certificate is valid for
Vulnerability: A flaw in the system that could be exploited to compromise the system
Web of trust: It is where individuals instead of certificate authorities sign other individuals'
public keys
Worms: They are similar to viruses except that instead of having to attach themselves onto
something to spread, worms can live on their own and spread through channels like the
network
X.509 standard: It is what defines the format of digital certificates, as well as a certificate
revocation list or CRL
XTACACS: It stands for Extended TACACS, which was a Cisco proprietary extension on top
of TACACS
Z
0-Day Vulnerability (Zero Day): A vulnerability that is not known to the software developer
or vendor, but is known to an attacker
The potential for these unknown flaws is something you should think about when
looking to secure your company's systems and networks.
Even though it's an unknown risk,
it can still be handled by taking measures to restrict and control access to systems.
Our end goal overall is risk reduction.
Two important terms to know when talking about security risks are attack vectors
and attack surfaces.
An attack vector is a method or mechanism by which an attacker or
malware gains access to a network or system.
Some attack vectors are email attachments, network protocols or
services, network interfaces and user input.
These are different approaches or paths that an attacker could use to compromise
the system, if they're able to exploit it.
And attack surface is the sum of all the different attack vectors in a given
system.
Think of this as the combination of all possible ways
an attacker could interact with our system regardless of known vulnerabilities.
It's not possible to know of all vulnerabilities in the system, so
make sure to think of all avenues that an outside actor could interact with our
systems as a potential attack surface.
The main takeaway here is to keep our attack surfaces as small as possible.
This reduces the chances of an attacker discovering an unknown flaw and
compromising our systems.
There are lots of approaches you can use as an IT support specialist to reduce
attack surfaces, all of them boiled down to simplifying systems and services.
The less complex something is, the less likely there will be undetected flaws.
So make sure to disable any extra services or protocols,
if they're not totally necessary, then get them out of there.
Every additional surface that's operating represents additional attack surfaces that
could have an undiscovered vulnerability.
That vulnerability could be exploited and lead to compromise.
This concept also applies to access in hackles,
only allow access when totally necessary.
So for example, it's probably not necessary for employees to be able to
access printers directly from outside of the local network.
You can just adjust firewall rules to prevent that type of access.
Another way to keep things simple is to reduce your software deployments.
Instead of having five different software solutions to accomplish five separate
tasks, replace them with one unified solution, if you can.
That one solution should require less complex code which
reduces the number of potential vulnerabilities.
You should also make sure to disable unnecessary or
unused components of software and systems deployed.
By disabling features not in use,
you're reducing even more attack surfaces even more.
You're not only reducing the number of ways an attacker can get in, but
you're also minimizing the amount of code that's active.
If you're interested in enterprise solutions, check out Splunk Enterprise Security here
and IBM Security Qradar here.
Preventing threats across an enterprise environment can be challenging for IT Support professionals.
Microsoft 365 Defender can help to simplify this responsibility. Defender provides enterprise-wide security
through an integrated suite of tools. It offers tools to prevent attacks, detect threats, investigate security
breaches, and coordinate effective response strategies. The Defender portal also offers an action center for
monitoring incidents and alerts, as well as for threat hunting and analytics.
Defender for Endpoint: Protects network endpoints including servers, workstations, mobile
devices, and IoT devices. Provides preventative safeguards, breach detections, automated
analyses, and threat response services.
Defender Vulnerability Management: Protects assets including, hardware, software, licenses,
networks, and data. Provides asset inventory, vulnerability discovery, configuration assessment,
risk-based prioritization, and remediation tools.
Defender for Office 365: Protects Microsoft 365 (formerly Office 365), including Exchange,
Outlook, files, and attachments. Guards against malicious threats entering from email messages,
links (URLs), and collaboration tools.
Defender for Identity: Protects user identities and credentials. Detects, identifies, and
investigates advanced threats, compromised identities, and malicious actions performed using
stolen user identities or by internal threats.
Azure Active Directory Identity Protection: Protects cloud-based identities in Azure by
automating detection and resolutions for identity risks.
Defender for Cloud Apps: Protects cloud applications by providing deep visibility searches,
robust data controls, and advanced threat protection.
As an IT Support professional in an organization, you might use Microsoft 365 Defender to monitor your
enterprise’s IT security. You can customize the Defender portal Home page by job roles. Various security
cards can be selected to appear on the Home page for your role. For example, you might see cards for
monitoring:
The following are examples of how a cyberattack might penetrate and infect an enterprise network. For
each type of malicious attack, a potential Microsoft 365 Defender response follows, illustrating how the
security suite could respond:
A phishing attempt enters through email: An employee in an organization receives an email from
a business that appears to be legitimate, like a bank. The email might claim that there is a problem
with the employee’s account and that they must click on a given link to resolve the problem.
However, the phishing email actually contains a link to a malicious website that a cybercriminal
disguised to look like a real bank. If the employee clicks on the link to view the website, the site
requests that the user enter their account credentials or other sensitive information. This
information is then transmitted to the cybercriminal. Microsoft Defender for Office 365 detects
the emailed phishing scam by monitoring Exchange and Outlook. Both the employee and the IT
Support team are alerted about this attempted phishing attack.
Malware enters through social media: An employee clicks on an enticing link posted on their
favorite social media app. The link triggers an automatic download of a malware file to the
employee’s laptop. Microsoft Defender for Endpoint monitors the employee’s laptop for
suspicious malware signatures. Upon detecting the malware, Defender for Endpoint alerts the
employee and the organization’s IT Support team about the malware and discloses its endpoint
location.
A cybercriminal intercepts an employee’s work login credentials: An employee accesses their
work account using their laptop and an open Wi-Fi access point in a busy coffee shop. A
cybercriminal is in the same coffee shop to intercept and collect unprotected information flowing
through the open Wi-Fi access point. The cybercriminal obtains the employee’s user account
credentials and uses them to hijack the employee’s work account. The cybercriminal then begins a
malicious attack on the employer’s network. Microsoft Defender for Identity can detect the
sudden change in activity on the employee’s user account. Defender for Identity alerts the
employee and the IT Support team about the compromised user identity.
A virus enters a cloud drive through a file upload: An employee unknowingly uploads an file that
is infected with a virus to their work cloud storage drive. When the employee opens the file from
the cloud drive, the virus is activated and begins changing the security settings on the other files in
the employees cloud drive. Microsoft Defender for Cloud Apps detects the unusual pattern of
activity and alerts the employee and IT Support team of the suspicious activity in the cloud
account.
User Account Control (UAC) allows IT administrators to create standard user accounts with limited access
rights and privileges for end users. This configuration can prevent users from installing unauthorized
programs, changing system settings, tampering with firewalls, and more. In order to perform these types of
tasks, administrator credentials must be provided. For less restrictive controls, UAC provides the option to
grant end users local administrative privileges for approved activities that require administrative
privileges. For more restrictive controls, UAC can require global administrator credentials be entered for
each and every administrative change the user attempts to make.
To learn more about Microsoft Defender through the Microsoft learning portal, please visit:
Microsoft Learn: Introduction to Microsoft 365 Defender - Microsoft’s self-paced course for
Microsoft 365 Defender
Protect your organization with Microsoft 365 Defender - An interactive guide to Microsoft 365
Defender and how it detects security risks, investigates attacks, and prevents harmful activities.
Microsoft Defender for Endpoint - Gives an overview of product, services, architecture, and training
opportunities.
Microsoft Defender Vulnerability Management - Provides information about the services and tools
available to find and fix vulnerabilities.
Microsoft Defender for Office 365 - Lists included services and tools for various product levels, as
well as the types of threats it protects against.
Microsoft Defender for Identity - Offers product information, how-to guides, tutorials, and
reference information.
Microsoft Defender for Cloud Apps - Provides product overview, quickstart reference guide,
tutorials, best practices, and additional resources.
How User Account Control works - User Account Control (UAC) is a fundamental component of
Microsoft's overall security vision. UAC helps mitigate the impact of malware.
Anti malware defenses are a core part of any company's security model in this
day and age.
So, it's important as an IT support specialist to know what's out there.
Today, the Internet is full of bots, viruses, worms and
other automated attacks.
Lots of unprotected systems would be compromised in a matter of minutes if
directly connected to the Internet without any safeguards or protections in place.
And they need to have critical system updates.
While modern operating systems have reduced this threat vector by having basic
firewalls enabled by default,
there's still a huge amount of attack traffic on the Internet.
Anti malware measures play a super important role in keeping this type of
attack off your systems and helping to protect your users.
Antivirus software has been around for a really long time.
But some security experts question the value it can provide to a company,
especially since more sophisticated malware and
attacks have been spun up in recent years.
Antivirus software is signature-based.
This means that it has a database of signatures that identify known
malware like the unique file hash of a malicious binary or
the file associated with an infection.
Or it could be the network traffic characteristics that malware uses to
communicate with a command and control server.
Antivirus software will monitor and analyze things like new files being
created or being modified on the system in order to watch for
any behavior that matches a known malware signature.
If it detects activity that matches the signature, depending on the signature
type, it will attempt to block the malware from harming the system.
But some signatures might only be able to detect the malware after the infection
has occurred.
In that case, it may attempt to quarantine the infected files.
If that's not possible, it'll just log and alert the detection event at a high level.
This is how all antivirus products work.
There are two issues with antivirus software though.
The first is that they depend on antivirus signatures distributed by
the antivirus software vendor.
The second is that they depend on the antivirus vendor discovering new malware
and writing new signatures for newly discovered threats.
Until the vendor is able to write new signatures and publish and
disseminate them,
your antivirus software can't protect you from these emerging threats boo.
Antivirus which is designed to protect systems,
actually represents an additional attack surface that attackers can exploit.
You might be thinking, wait,
our own antivirus tools can be another threat to our system.
What's the deal with that?
Well, this is because of the very nature of one antivirus engine must do.
It takes arbitrary and potentially malicious binaries as input and
performs various operations on them.
Because of this,
there are a lot of complex code where very serious bugs could exist.
Exactly, this kind of vulnerability was found in
the sofas antivirus engine back in 2012.
So, it sounds like antivirus software is an ideal and
has some pretty large drawbacks.
Then why are we still recommending it as a core piece of security design?
The short answer is this,
it protects against the most common attacks out there on the Internet.
The really obvious stuff that still poses a threat to your systems still needs to be
defended against.
Antivirus is an easy solution to provide that protection.
It doesn't matter how much user education you instill in your employees, there will
still be some folks who will click on an email that has an infected attachment.
A good way to think about antivirus in today's very noisy external threat
environment, is like a filter for the attack noise on the internet today.
It lets you remove the background noise and
focus on the more important targeted or specific threats.
Remember, our defense and depth concept involves multiple layers of protection.
Antivirus software is just one piece of our anti malware defenses.
If antivirus can't protect us from the threats we don't know about,
how do we protect against the unknown that's out there?
Well, anti virus operates on a blacklist model,
checking against a list of known bad things and blocking what gets matched.
There's a class of anti malware software that does the opposite.
Binary whitelisting software operates off a white list.
It's a list of known good and trusted software and
only things that are on the list are permitted to run.
Everything else is blocked.
You can think of this as applying the implicit denial tackle rule to software
execution.
By default, everything is blocked.
Only things explicitly allowed to execute are able to.
I should call out that this typically only applies to executable binaries,
not arbitrary files like pdf documents or text files.
This would naturally defend against any unknown threats but
at the cost of convenience.
Think about how frequently you download and install new software on your machine.
Now, imagine if you had to get approval before you could download and
install any new software, that would be really annoying, don't you think?
Now, imagine that every system update had to be white listed before it could be
applied.
Obviously, not trusting everything wouldn't be very sustainable.
It's for this reason that binary whitelisting software can trust software
using a couple different mechanisms.
The first is using the unique cryptographic hash of binaries
which are used to identify unique binaries.
This is used to whitelist individual executables.
The other trust mechanism is a software signing certificate.
Remember back when we discussed public key cryptography and
signatures using public and private key pairs, software signing or
code signing is the same idea but applied to software.
A software vendor can cryptographically sign binaries they
distribute using a private key.
The signature can be verified at execution time by checking the signature
using the public key embedded in the certificate and
verifying the trust chain of the public key.
If the hash matches and the public key is trusted, then the software can be verified
that it came from someone with the software vendors code signing private key.
Binary whitelisting systems can be configured to trust specific vendors
code signing certificates.
They permit all binary signed with that certificate to run.
This is helpful for automatically trusting content, like system updates along with
software and common use that comes from reputable and trusted vendors.
But can you guess the downside here?
Each new code signing certificate that's trusted represents an increase in attack
surface.
An attacker could compromise the code signing certificate of a software vendor
that your company trusts.
And use that to sign malware that targets your company.
That would bypass any binary whitelisting defenses in place.
Not good.
This exact scenario happened back in 2013, [INAUDIBLE].
A binary whitelisting software company.
Hackers managed to breach their internal network and
found an unsecured virtual machine.
It had a copy of the code signing certificates private key.
They stole that key and used it to sign malware that would have been trusted by
all [INAUDIBLE] software installations by default.
If you're interested in why security experts question the value of antivirus software, check out the link here.
If you want to read about how the Sophos antivirus system was maliciously compromised, see the link
here.
If you want to learn how hackers bypassed the binary whitelisting defenses that were in place for a
software vendor, check out the link here.
We briefly discussed disk encryption earlier when we talked about encryption at
a high level.
Now it's time to dive deeper.
Full disk encryption or
FDE is an important factor in a defense in depth security model.
It provides protection from some physical forms of attack.
As an IT Support specialist,
you likely assist with implementing an FDE solution if one doesn't exist already.
Help with migrating between FDE solutions and troubleshoot issues with
FDE systems like helping with forgotten passwords, so FDE is key.
Systems with their entire hard drive's encrypted are resilient against
data theft.
They'll prevent an attacker from stealing potentially confidential information from
a hard drive that's been stolen or lost.
Without also knowing the encryption password or having access to
the encryption key the data on the hard drive is just meaningless gibberish.
This is a very important security mechanism to deploy for
more mobile devices like laptops, cell phones and tablets.
But it's also recommended for desktops and servers to since disk encryption not
only provides confidentiality but also integrity.
This means that an attacker with physical access to a system
can't replace system files with malicious ones or install malware.
Having the disk fully encrypted protects from data theft and
unauthorized tampering even if an attacker has physical access to the disk.
There are also a bunch of third-party and open-source solutions. On Linux, the dm-crypt package is very
popular.
There are also offerings from PGP, VeraCrypt and a host of others.
[MUSIC]
I think self learning is the key to success in this particular field.
Technology changes all the time and
you have to have a drive to learn about the new things coming out.
And you're only going to get that if you are constantly keeping on top
of what's going on and the more you do that,
the more of an expert you become in lots of different areas.
And by becoming an expert in them it propels you forward because if you can
be the expert in the room you can teach others and you can also be the person
that people rely on and it also builds your confidence over time.
There are people who specialize deeply insecurity and
that's all they do all day long.
But in fact every person who works at Google is a security person.
I think the IT support role is an incredibly pivotal role within Google from a security standpoint and in many
cases is the IT support
people who will see Google being hacked for the first time.
Had I not had an IT support experience early in my career,
I probably wouldn't be able to bring the perspective that I do to the table in
terms of how we make security better for everyone.
[SOUND]
Software updates don't just improve software products by adding new features
and improving performance, and stability.
They also address security vulnerabilities.
There are some software bugs that are present in the core functionality of
the software in question.
This means that the vulnerability can't be mitigated by disabling the vulnerable
service, not good.
An example of this was the heartbleed vulnerability.
A bug in the open source TLS library, open SSL.
This was discovered and widely publicized in April of 2014.
The bug showed up in how the library handled TLS heartbeat messages.
Their special messages that allow one party in the TLS session to signal to
the other party that they like the session to be kept alive.
This works by sending a TLS heartbeat request message,
a packet that has a text string and the length of the string.
The receiving end is supposed to reply with the same text string in response.
So if the heartbeat request message contains the text,
I'm still alive and the length of 15,
the receiving end would reply back with the same text, I am still alive.
But the bug in the open SSL library was that the replying side would allocate
memory space according to the value in the received packet.
This was based on the specified length of the string like it's defined in
the packet, not based on the actual length of the string.
The value was not verified.
This meant that an attacker could send a malformed heartbeat request
message with a much larger length specified than what was allowed.
The reply would contain the original text message, but
would also include bits of memory from the replying system.
So an attacker could send a malformed heartbeat request message
containing the text I'm still alive, but
with a length of 500 because the length value wasn't verified.
This means that the response back would be I'm still alive followed by
the next 485 characters in memory.
So it was possible for an attacker to read up to 64 kilobytes of a target's memory.
This memory was likely used before by open SSL library,
so it might contain sensitive information regarding other TLS sessions.
This bug meant that it was feasible for an attacker to recover the private keys used
to protect TLS sessions, this would allow them to decrypt TLS protected sessions and
recover details like login credentials.
This is a great example of a mistake in the code leading to a very high profile
software vulnerability.
It could only be fixed or a software update or
switching to a different TLS library entirely.
While the heartbeat functionality is enabled by default,
it's possible to disable it in the open SSL library, but
it wasn't a simple argument to pass to an application.
Disabling this functionality required compiling the library with a flag that was
specified to disable heartbeats,
then you had to replace the installed version with the custom compiled one.
That's not something most people will do.
This was also a library wildly used by both server applications and
client applications.
This means that it might not be possible to replace the open SSL library with
a customized version or a different library.
The only way to address the vulnerability and client software that implemented
open SSL was to wait for a patch from the software vendor, what a mess?
Here's the bad news.
With software continuing to grow more complex over time,
these types of bugs are likely to become more commonplace.
Attackers will be looking for exactly this type of vulnerability.
The best protection is to have a good system and policy in place for
your company.
The system should be checking for, distributing and
verifying software updates for software deployment.
This is a complex problem when considering a large organization with many machines to
manage that run a variety of software products.
This is where management tools can help make this task more approachable for you.
Solutions like Microsoft SCCM or Puppet labs, Puppet and
factor tools allow administrators to get an overview of what software is
installed across their fleet of managed systems.
This lets the security team analyze what specific software and versions
are installed to better understand the risk of vulnerable software in the fleet.
When updates are released and pushed to the fleet,
these reporting tools can help make sure that the updates have been applied.
SCCM, even has the ability to force install updates after a specified deadline
has passed.
Patching isn't just necessary for software, but also operating systems and
firmware that run on infrastructure devices.
Every device has code running on it that might have software bugs that could lead
to security vulnerabilities from routers, switches, phones, even printers.
Operating system vendors usually push security related patches pretty quickly
when an issue is discovered.
They'll usually release security fixes out of cycle from typical OS upgrades to
ensure a timely fix, because of the security implications.
But for embedded devices like network and equipment or printers,
this might not be typical.
Critical infrastructure devices should be approached carefully when you apply
updates.
There's always the risk that a software update will introduce a new bug that might
affect the functionality of the device or
if the update process itself would go wrong and cause an outage.
I hope you can see the importance of applying software patches and
firmware updates in a timely fashion.
It would be pretty embarrassing if you wind up being compromised by
a vulnerability that could have been easily fixed with a software update.
Browser Hardening
Browser Hardening
In this reading, you will learn how to harden browsers for enhanced internet security. The methods
presented include evaluating sources for trustworthiness, SSL certificates, password managers, and
browser security best practices. Techniques for browser hardening are important components in
enterprise-level IT security policies. These techniques can also be used to improve internet security for
organizations of any size and for individual users.
Some cybercriminals monitor SEO search terms for popular software downloads. Then they create fake
websites to pose as hosts for these popular downloads. They might even use advertising and stolen logos
of trusted companies to make the sites appear to be legitimate businesses. However, the downloadable
files available on the cybercriminals’ websites are usually malicious software. Unaware of the deception,
users download and install the malware. In some cases, the users don’t even need to download a file.
Savvy cybercriminals can design web pages that have the ability to infect users’ devices simply upon
visiting the sites.
To guard against threats like this, there are checks you can perform to evaluate websites:
Use antivirus and anti-malware software and browser extensions. Run antivirus and anti-
malware scans regularly and scan downloaded files. Ensure antivirus and anti-malware browser
extensions are enabled when surfing the web.
Check for SSL certificates. See the “Secure connections and sites” section below.
Ensure the URL displayed in the address bar shows the correct domain name. For example,
Google websites use the Google.com domain name.
Search for negative reviews of the website from trusted sources. Be wary of websites that have
few to no reviews. They may not have been active long enough to build a bad reputation.
Cybercriminals will create new websites when they get too many negative reviews on their older
sites.
Don’t automatically trust website links provided by people or organizations you trust. They may
not be aware that they are passing along links to malicious websites and files.
Use hashing algorithms for downloaded files. Compare the developer-provided hash value of the
original file to the hash value of the downloaded copy to ensure the two values match.
Secure Socket Layer (SSL) certificates are issued by trusted certificate authorities (CA), such as DigiCert. An
SSL certificate indicates that any data submitted through a website will be encrypted. A website with a
valid SSL certificate has been inspected and verified by the CA. You can find SSL certificates by performing
the following steps:
1. Check the URL in the address bar. The URL should begin with the https:// protocol. If you see
http:// without the “s”, then the website is not secure.
2. Click on the closed padlock icon in the address bar to the left of the URL. An open lock indicates
that the website is not secure.
3. A pop-up menu should open. Websites with SSL certificates will have a menu option labeled
“Connection is secure.” Click on this menu item.
4. A new pop-up menu will appear with a link to check the certificate information. The layout and
wording of this pop-up will vary depending on which browser you are using. When you review the
certificate, look for the following items:4
a. The name of the issuer - Make sure it is a trusted certificate authority.
b. The domain it was issued to - This name should match the website domain name.
c. The expiration date - The certificate should not have passed its expiration date.
Note that cybercriminals can obtain SSL certificates too. So, this is not a guarantee that the site is safe. CAs
also vary in how thorough they are in their inspections.
Password managers
Password managers are software programs that encrypt and retain passwords in secure cloud storage or
locally on users’ personal computing devices. There are a wide variety of activities users perform online
that require unique and complex passwords, such as banking, managing health records, filing taxes, and
more. It can be difficult for users to keep track of so many different logins and passwords. Fortunately,
password managers can help.
Browser settings
Browser settings can be configured for additional safety measures. Some additional options for hardening
browsers include:
Key takeaways
You learned about multiple steps you can take to harden a browser and protect your online security:
To learn more about hardening bowsers for safer web surfing, please visit the following articles:
Dubious downloads: How to check if a website and its files are malicious - Provides information on
evaluating websites and downloads for the presence of malware.
The Best Password Managers to Secure Your Digital Life - Compares and contrasts the top
password managers on the market.
Avoiding Social Engineering and Phishing Attacks - Tips for avoiding an array of internet scams.
Blocking Unnecessary Advertising Web Content - From the United States National Security Agency
Cybersecurity Information, notice about ad-blocking through network functions, at the host level,
and other concerns.
Securing Web Browsers and Defending Against Malvertising for Federal Agencies - From the United
States Cybersecurity and Infrastructure Security Agency, guide for protecting computing systems
from malvertising.
Browser sync—what are the risks of turning it on? - Explains the security threats associated with
having browsers set to synchronize account data across multiple devices.
List of Participants - Microsoft Trusted Root Program - Microsoft’s list of trusted Certificate
Authorities and the common names of the issued certificates.
Module 5 Glossary
New terms and their definitions: Course 5 Week 5
Antivirus software: It monitors and analyze things like new files being created or being
modified on the system in order to watch for any behavior that matches a known malware
signature
Application policies: Defines boundaries of what applications are permitted or not, but they
also help educate folks on how to use software more securely
Attack surface: It's the sum of all the different attack vectors in a given system
Bastion hosts or networks: A server used to provide access to a private network from an
external network
Binary whitelisting software: It's a list of known good and trusted software and only things
that are on the list are permitted to run
Defense in depth: The concept of having multiple overlapping systems of defense to protect
IT systems
File-based encryption: Guarantees confidentiality and integrity of files protected by
encryption
Full disk encryption (FDE): It is the practice of encrypting the entire drive in the system
Host-based firewalls: Protects individual hosts from being compromised when they're used
in untrusted and potentially malicious environments
Key escrow: Allows encryption key to be securely stored for later retrieval by an authorized
party
Normalization: It's the process of taking log data in different formats and converting it into a
standardized format that's consistent with a defined log structure
Platform key: It's the public key corresponding to the private key used to sign the boot files
Secure boot protocol: It uses public key cryptography to secure the encrypted elements of
the boot process
Security information and event management systems (SIEMS): Form of centralized logging
for security administration purposes
Access Control Entries: The individual access permissions per object that make up the ACL
Access Control List (ACL): It is a way of defining permissions or authorizations for objects
Accounting: Keeping records of what resources and services your users access or what they
did when they were using your systems
Activation threshold: Triggers a pre-configured action when it is reached and will typically
block the identified attack traffic for a specific amount of time
Advanced Encryption Standard (AES): The first and only public cipher that's approved for
use with top secret information by the United States National Security Agency
Asymmetric encryption: Systems where different keys are used to encrypt and decrypt
Auditing: It involves reviewing records to ensure that nothing is out of the ordinary
Authorization: It pertains to describing what the user account has access to or doesn't have
access to
Availability: Means that the information we have is readily accessible to those people that
should have it
Backdoor: A way to get into a system if the other methods to get in a system aren't allowed,
it's a secret entryway for attackers
Baiting: An attack that happens through actual physical contact, enticing a victim to do
something
Block ciphers: The cipher takes data in, places that into a bucket or block of data that's a
fixed size, then encodes that entire block as one unit
Bots: Machines compromised by malware that are utilized to perform tasks centrally
controlled by an attacker
Brute force attacks: A common password attack which consists of just continuously trying
different combinations of characters and letters until one gets access
CA (Certificate authority): It's the entity that's responsible for storing, issuing, and signing
certificates. It's a crucial component of the PKI system
Caesar cipher: A substitution alphabet, where you replace characters in the alphabet with
others usually by shifting or rotating the alphabet, a set of numbers or characters
CCMP (counter mode CBC-MAC protocol): A mode of operation for block ciphers that
allows for authenticated encryption
Central repository: It is needed to securely store and index keys and a certificate
management system of some sort makes managing access to storage certificates and
issuance of certificates easier
Certificate fingerprints: These are just hash digests of the whole certificate, and aren't
actually fields in the certificate itself, but are computed by clients when validating or
inspecting certificates
Certificate Revocation List (CRL): A means to distribute a list of certificates that are no
longer valid
Certificate Revocation List (CRL): A means to distribute a list of certificates that are no
longer valid
Certificate Signature Algorithm: This field indicates what public key algorithm is used for
the public key and what hashing algorithm is used to sign the certificate
Certificate-based authentication: It is the most secure option, but it requires more support
and management overhead since every client must have a certificate
CIA Triad: Confidentiality, integrity, and availability. Three key principles of a guiding model
for designing information security policies
Client certificates: They operate very similarly to server certificates but are presented by
clients and allow servers to authenticate and verify clients
CMACs (Cipher-based Message Authentication Codes): The process is similar to HMAC, but
instead of using a hashing function to produce a digest, a symmetric cipher with a shared
keys used to encrypt the message and the resulting output is used as the MAC
Code signing certificates: It is used for signing executable programs and allows users of these
signed applications to verify the signatures and ensure that the application was not tampered
with
Confidentiality: Keeping things hidden
Correlation analysis: The process of taking log data from different systems, and matching
events across the systems
Counter-based tokens: They use a secret seed value along with the secret counter value
that's incremented every time a one-time password is generated on the device
Cross-site scripting (XSS): A type of injection attack where the attacker can insert malicious
code and target the user of the service
Cryptography: The overarching discipline that covers the practice of coding and hiding
messages from third parties
Cryptosystem: A collection of algorithms for key generation and encryption and decryption
operations that comprise a cryptographic service
Data binding and sealing: It involves using the secret key to derive a unique key that's then
used for encryption of data
Data information tree: A structure where objects will have one parent and can have one or
more children that belong to the parent object
Decryption: The reverse process from encryption; taking the garbled output and
transforming it back into the readable plain text
Denial-of-Service (DoS) attack: An attack that tries to prevent access to a service for
legitimate users by overwhelming the network or server
Deterministic: It means that the same input value should always return the same hash value
Dictionary attack: A type of password attack that tries out words that are commonly used in
passwords, like password, monkey, football
Distinguished name (DN): A unique identifier for each entry in the directory
DNS Cache Poisoning Attack: It works by tricking a DNS server into accepting a fake DNS
record that will point you to a compromised DNS server
Dynamic ARP inspection (DAI): A feature on enterprise switches that prevents certain types
of attacks
ECDH & ECDSA: Elliptic curve variants of Diffie-Hellman and DSA, respectively
Eliptic curve cryptography (ECC): A public key encryption system that uses the algebraic
structure of elliptic curves over finite fields to generate secure keys
Encapsulating security payload: It's a part of the IPsec suite of protocols, which
encapsulates IP packets, providing confidentiality, integrity, and authentication of the
packets
Encryption algorithm: The underlying logic or process that's used to convert the plaintext
into ciphertext
Encryption: The act of taking a message (plaintext), and applying an operation to it (cipher),
so that you receive a garbled, unreadable message as the output (ciphertext)
Entropy pool: A source of random data to help seed random number generators
Evil twin: The premise of an evil twin attack is for you to connect to a network that is
identical to yours but that is controlled by an attacker. Once connected to it, they will be able
to monitor your traffic
FIPS (Federal Information Processing Standard): The DES that was adopted as a federal
standard for encrypting and securing government data
Forward secrecy: This is a property of a cryptographic system so that even in the event that
the private key is compromised, the session keys are still safe
Four-Way Handshake: It is designed to allow an AP to confirm that the client has the correct
pairwise master key in a WPA-PSK setup without disclosing the PMK
Frequency analysis: The practice of studying the frequency with which letters appear in
ciphertext
Full disk encryption (FDE): It is the practice of encrypting the entire drive in the system
GTK (Groupwise Transient Key): A temporal key, which is actually used to encrypt data
Hashing (Hash function): A type of function or operation that takes in an arbitrary data input
and maps it to an output of a fixed size, called a hash or a digest
HTTPS: Hypertext Transfer Protocol Secure is a secure version of HTTP that ensures the
communication your web browser has with the website is secured through encryption
Hubs: Devices that serve as a central location through which data travels through; a quick
and dirty way of getting packets mirrored to your capture interface
I
Implicit deny: A network security concept where anything not explicitly permitted or allowed
should be denied
Injection attacks: A common security exploit that can occur in software development and
runs rampant on the web, where an attacker injects malicious code
Intermediary (subordinate) CA: It means that the entity that this certificate was issued to
can now sign other certificates
IP source guard (IPSG): It can be enabled on enterprise switches along with DHCP snooping
IPsec (Internet Protocol security): A VPN protocol that was designed in conjunction with
IPv6
Issuer Name: This field contains information about the authority that signed the certificate
Kerberos: A network authentication protocol that uses tickets to allow entities to prove their
identity over potentially insecure channels to provide mutual authentication
Key signing parties: Organized by people who are interested in establishing a web of trust,
and participants perform the same verification and signing
Key size: It is the total number of bits or data that comprises the encryption key
Key: A crucial component of a cipher, which introduces something unique into your cipher
Keylogger: A common type of spyware that's used to record every keystroke you make
L
Logs analysis systems: They are configured using user-defined rules to match interesting or
atypical log entries
Malware: A type of malicious software that can be used to obtain your sensitive information
or delete or modify files
MD5: A popular and widely used hash function designed in the early 1990s as a cryptographic
hashing function
Meddler in the middle (formerly known as Man in the Middle): An attack that places the
attacker in the middle of two hosts that think they're communicating directly with each other
MIC (Message Integrity Check): It is essentially a hash digest of the message in question
Monitor mode: It allows to scan across channels to see all wireless traffic being sent by APs
and clients
Network time protocol (NTP): A network protocol used to synchronize the time between the
authenticator token and the authentication server
OAuth: An open standard that allows users to grant third-party websites and applications
access to their information without sharing account credentials
OES (Operating Encounter Mode): It turns a block cipher into a stream cipher by using a
random seed value along with an incrementing counter to create a key stream to encrypt
data with
One-time password (OTP) tokens: Another very common method for handling multifactor
One-time password (OTP): A short-lived token, typically a number that's entered along with
a username and password
OpenID: An open standard that allows participating sites known as Relying Parties to allow
authentication of users utilizing a third party authentication service
Organizational units (OUs): Folders that let us group related objects into units like people or
groups to distinguish between individual user accounts and groups that accounts can belong
to
Packet sniffing (packet capture): the process of intercepting network packets in their
entirety for analysis
Pairwise Transient Key (PTK): It is generated using the PMK, AP nonce, Client nonce, AP
MAC address, and Client MAC address
Password attacks: Utilize software like password crackers that try and guess your password
Password salt: Additional randomized data that's added into the hashing function to
generate the hash that's unique to the password and salt combination
PBKDF2 (Password Based Key Derivation Function 2): Password Based Key Derivation
Function 2
PGP (Pretty Good Privacy) encryption: An encryption application that allows
authentication of data along with privacy from third parties relying upon asymmetric
encryption to achieve this
Phishing attack: It usually occurs when a malicious email is sent to a victim disguised as
something legitimate
Physical tokens: They take a few different forms, such as a USB device with a secret token on
it, a standalone device which generates a token, or even a simple key used with a traditional
lock
PIN authentication method: It uses PINs that are eight-digits long, but the last digit is a
checksum that's computed from the first seven digits
Ping flood: It sends tons of ping packets to a system. If a computer can't keep up with this,
then it's prone to being overwhelmed and taken down
PKI system: A system that defines the creation, storage and distribution of digital certificates
Port mirroring: Allows the switch to take all packets from a specified port, port range, or the
entire VLAN and mirror the packets to a specified switch port
Post-fail analysis: Investigating how a compromise happened after the breach is detected
Pre-shared key: It's the Wi-Fi password you share with people when they come over and
want to use your wireless network
Promiscuous mode: A type of computer networking operational mode in which all network
data packets can be accessed and viewed by all network adapters operating in this mode
Proxy: Can be useful to protect client devices and their traffic. They also provide secure
remote access without using a VPN
Public key authentication: A key pair is generated by the user who wants to authenticate
Public key signatures: Digital signature generated by composing the message and combining
it with the private key
Rainbow tables: A pre-computed table of all possible password values and their
corresponding hashes
Random numbers: A very important concept in encryption because it avoids some kind of
pattern that an adversary can discover through close observation and analysis of encrypted
messages over time
Ransomware: A type of attack that holds your data or system hostage until you pay some
sort of ransom
RC4 (Rivest Cipher 4): Asymmetric stream cipher that gained widespread adoption because
of its simplicity and speed
Remote attestation: The idea of a system authenticating its software and hardware
configuration to a remote system
Remote Authentication Dial-in User Service (RADIUS): A protocol that provides AAA
services for users on a network
Reverse proxy: A service that might appear to be a single server to external clients, but
actually represents many servers living behind it
Risk mitigation: Understanding the risks your systems face, take measures to reduce those
risks, and monitor them
Risk: The possibility of suffering a loss in the event of an attack on the system
Rogue Access Point (AP) Attack: An access point that is installed on the network without the
network administrator's knowledge
Rogue DHCP server attack: An attacker can hand out DHCP leases with whatever
information they want by deploying a rogue DHCP server on your network, setting a gateway
address or DNS server, that's actually a machine within their control
Root certificate authority: They are self signed because they are the start of the chain of
trust, so there's no higher authority that can sign on their behalf
RSA: One of the first practical asymmetric cryptography systems to be developed, named for
the initials of the three co-inventors: Ron Rivest, Adi Shamir and Leonard Adleman
S
Screen lock: A security feature that helps prevent unwanted access by creating an action you
have to do to gain entry
Secure element: It's a tamper resistant chip often embedded in the microprocessor or
integrated into the mainboard of a mobile device
Secure Shell (SSH): A secure network protocol that uses encryption to allow access to a
network service over unsecured networks
Security keys: Small embedded cryptoprocessors, that have secure storage of asymmetric
keys and additional slots to run embedded code
Security through obscurity: The principle that if no one knows what algorithm is being used
or general security practices, then one is safe from attackers
Self-signed certificate: This certificate has been signed by the same entity that issued the
certificate
Serial number: A unique identifier for their certificate assigned by the CA which allows the CA
to manage and identify individual certificates
Session key: The shared symmetric encryption key using TLS sessions to encrypt data being
sent back and forth
SHA1: It is part of the secure hash algorithm suite of functions, designed by the NSA and
published in 1995
Shannon's maxim: It states that the system should remain secure, even if your adversary
knows exactly what kind of encryption systems you're employing, as long as your keys remain
secure
Single Sign-on (SSO): An authentication concept that allows users to authenticate once to
be granted access to a lot of different services and applications
Social engineering: An attack method that relies heavily on interactions with humans instead
of computers
Spear phishing: Phishing that targets individual or group - the fake emails may contain some
personal information like your name, or the names of friends or family
SQL Injection Attack: An attack that targets the entire website if the website is using a SQL
database
SSL 3.0: The latest revision of SSL that was deprecated in 2015
SSL/TLS Client Certificate: Certificates that are bound to clients and are used to
authenticate the client to the server, allowing access control to a SSL/TLS service
SSL/TLS Server Certificate: A certificate that a web server presents to a client as part of the
initial secure setup of an SSL, TLS connection
Steganography: The practice of hiding information from observers, but not encoding it
Stream ciphers: It takes a stream of input and encrypts the stream one character or one digit
at a time, outputting one encrypted character or digit at a time
Subject Public Key Info: These two subfields define the algorithm of the public key along
with the public key itself
Subject: This field contains identifying information about the entity the certificate was issued
to
Substitution cipher: An encryption mechanism that replaces parts of your plaintext with
ciphertext
Symmetric key algorithm: Encryption algorithms that use the same key to encrypt and
decrypt messages
TACACS+: It is a device access AAA system that manages who has access to your network
devices and what they do on them
Tailgating: Gaining access into a restricted area or building by following a real employee in
Tcpdump: It's a super popular, lightweight command-line based utility that you can use to
capture and analyze packets
Ticket granting service (TGS): It decrypts the Ticket Granting Ticket using the Ticket
Granting Service secret key, which provides the Ticket Granting Service with the client Ticket
Granting Service session key
TKIP (Temporal Key Integrity Protocol): To address the shortcomings of WEP security
TLS 1.2 with AES GCM: A specific mode of operation for the AES block cipher that
essentially turns it into a stream cipher
TPM (Trusted Platform Module): This is a hardware device that's typically integrated into
the hardware of a computer, that's a dedicated crypto processor
Transport mode: One of the two modes of operations supported by IPsec. When used, only
the payload of the IP packet is encrypted, leaving the IP headers untouched
Trojan: Malware that disguises itself as one thing but does something else
Tunnel mode: One of the two modes of operations supported by IPsec. When used, the entire
IP packet, header, payload, and all, is encrypted and encapsulated inside a new IP packet
with new headers
Tunnel: It is provided by L2TP, which permits the passing of unmodified packets from one
network to another
U2F (Universal 2nd Factor): It's a standard developed jointly by Google, Yubico and NXP
Semiconductors that incorporates a challenge-response mechanism, along with public key
cryptography to implement a more secure and more convenient second-factor
authentication solution
Unbind: It closes the connection to the LDAP server
Validity: This field contains two subfields, Not Before and Not After, which define the dates
when the certificate is valid for
VPNs: Commonly used to provide secure remote access, and link two networks securely
Vulnerability: A flaw in the system that could be exploited to compromise the system
Web of trust: It is where individuals instead of certificate authorities sign other individuals'
public keys
WEP (Wired Equivalent Privacy): First security protocol introduced for Wi-FI networks
Wireshark: It's another packet capture and analysis tool that you can use, but it's way more
powerful when it comes to application and packet analysis, compared to tcpdump
Worms: They are similar to viruses except that instead of having to attach themselves onto
something to spread, worms can live on their own and spread through channels like the
network
WPS (Wifi Protected Setup): It's a convenience feature designed to make it easier for clients
to join a WPA-PSK protected network
X
X.509 standard: It is what defines the format of digital certificates, as well as a certificate
revocation list or CRL
XTACACS: It stands for Extended TACACS, which was a Cisco proprietary extension on top
of TACACS
802.1X with EAP-TLS: Offers arguably the best security available, assuming proper and
secure handling of the PKI aspects of it
802.1x: It is the IEEE standard for encapsulating EAP or Extensible Authentication Protocol
traffic over the 802 networks
0-Day Vulnerability (Zero Day): A vulnerability that is not known to the software developer
or vendor, but is known to an attacker
PRIVATE POLICIES
Data Destruction
Data destruction is removing or destroying data stored on electronic devices so that an
operating system or application cannot read it. Data destruction is required when a company
no longer needs a device, when there are unused or multiple copies of data, or you are
required to destroy specific data.
There are three categories of data destruction methods: recycling, physical destruction, and
third-party destruction. This reading will introduce the data destruction methods and how to
decide which method to use.
Recycling
Recycling includes methods that allow for device reuse after data destruction. This option is
recommended if you hope to reuse devices internally, sell surplus equipment, or your devices
are on loan and are due to be returned. Standard recycling methods include the following:
Erasing/wiping: cleans all data off a device’s hard drive by overwriting it. Erasing or
wiping data can be done manually or with data-destruction software. This method is
practical when you only have a few devices that need data destroyed, as it takes a long
time. Note that it may take multiple passes to wipe highly sensitive data completely.
Low-level formatting: erases all data written on the hard drive by replacing it with
zeros. Low-level reformatting can be done using a tool such as HDDGURU on a PC or
the Disk Utility function on a Mac.
Standard formatting: erases the path to the data and not the data itself. Both PCs and
Macs have internal tools that can perform a standard format, Disk Management on a
PC or Disk Utility on a Mac. Note that standard formatting does not remove the data
from the device, enabling data rediscovery using software.
Physical destruction
Physical destruction includes any method that physically destroys a device to make it difficult
to retrieve data from it. You should only use physical destruction if you do not need to reuse
the device. However, only completely destroying the device ensures the destruction of all
data with physical methods. Physical destruction methods include the following:
Drilling holes directly into the device wipes data out on the sections where there are
holes. However, individuals can recover data from the areas that are still intact.
Shredding includes the physical shredding of hard drives, memory cards, CDs, DVDs,
and other electronic storage devices. Shredding reduces the potential for recovery.
Shredding requires special equipment or outsourcing to another facility.
Degaussing uses a high-powered magnet which destroys the data on the device. This
method effectively destroys large data storage devices and renders the hard drive
unusable. As electronic technology changes, this method may become obsolete
Incinerating destroys data by burning the device. Most companies do not have an
incinerator on-site. Devices need to be transported to a facility for incineration. Due to
this, devices can be lost or stolen in transit.
In addition to effectively destroying data on electronic devices, it is essential to follow best
practices for electronic device disposal.
Outsourcing
Key Takeaways
Data destruction makes data unreadable to an operating system or application. You should
destroy data on devices no longer used by a company, unused or duplicated copies of data,
or data that’s required to destroy. Data destruction methods include:
USER HABITS
Select the options that describe your project. These settings configure the questionnaire to fit
different scenarios.
Sensitive data: This project involves processing Personally Identifiable Information (PII), Sensitive
PII, or other information your customers may consider sensitive.
Remote access only: All information processing occurs on your customers' systems, and this project
accesses those systems remotely.
Network🔗
Why this section matters: Your network is the foundation of your IT infrastructure and the first line of
defense against external attackers. If the devices that make up your network are not adequately
maintained and secured, an attacker might gain access to confidential information.
It's essential to have a written set of guidelines for the configuration, maintenance, and use of your
network. Written guidelines and rules help preserve the availability, integrity, and confidentiality of
the network itself, and well as the information transmitted over it.
We have clearly defined network guidelines. They are regularly reviewed and applied to all
appropriate networking devices.
Firewalls are a basic network security control. Does your company use firewalls to restrict traffic into
and out of your network at strategic points?
Yes, we have firewalls for filtering all inbound and outbound traffic.
Is encryption and integrity protection in place for all internal network traffic that potentially carries
sensitive information (including passwords, emails, files, source code, management traffic, etc.)?
Yes
Yes
No
Do you operate wireless networks that allow access to private aspects of your infrastructure (i.e., Wi-
Fi networks, excluding networks that only allow guests access to the Internet)?
Yes.
No, we only have Wi-Fi networks that allow guests to access the Internet; they don't have access to
any private aspects of our infrastructure.
Yes
No
Yes
No
Do you have any other comments about the security of your network? If yes, please provide them
below:
Servers🔗
Why this section is relevant: Servers are an important piece of the overall attack surface of any IT
infrastructure. Even seemingly less-sensitive systems should be carefully evaluated, because a single
poorly configured system can help an attacker get a foot in the door. From there, they might gain
access to more sensitive systems nearby (other servers, clients, etc.).
Do you have operating system hardening in place, or build standards for server systems?
We do not have these standards, or we don't apply them uniformly across the fleet.
Do you have a process for installing operating system and application updates and security patches on
servers?
Yes, we are very diligent about applying security updates to operating systems and applications.
No, we don't have a process for patching. Some updates might fall through the cracks.
Are your systems configured to log security-relevant events, such as authentication, data access, etc.?
Yes, we have comprehensive logging, including security events, for all relevant services.
Administrative Access🔗
Select the operating systems that are currently in use on your servers:
Microsoft Windows
Backups🔗
Yes.
No.
Do you have procedures in place for working with customers to determine an appropriate backup
frequency?
Yes, we talk to our customers to gather requirements for backup frequency, and we implement
backup intervals accordingly.
Yes, we test the entire process of recovery, including restoring entire systems from backup.
Yes
No
Is there anything else you want us to know about the security of your servers?
Why this section matters: In most companies, almost all IT-related work is performed from client
computers. Even if certain data is stored in the cloud or on highly secure servers, it's the laptops and
desktops that are used to access this information. An attacker who manages to compromise a client
computer will in most cases be able to completely impersonate the user of the machine, gaining the
same access rights. If an administrator's client machine is affected by an attack, the attacker will likely
be able to escalate their foothold to many other important systems in your company. It's therefore
critical to ensure the security of the client machines used by your employees.
Do you have operating system hardening and/or build standards for client systems?
Yes, all of our client systems are configured according to these standards, and/or they are built from
standard images that comply with our hardening guidelines.
We do not have hardening or build standards, or we don't apply them uniformly across the fleet.
Do you have a process for installing operating system and application updates and security patches on
client systems?
No, we don't have a process for patching. Some updates might fall through the cracks.
Yes, we regularly scan our client systems for known malware, or we limit client systems to
whitelisted software identified by cryptographic hashes.
Are your client systems configured to log security-relevant events, such as authentication, data access,
etc.?
Yes, we have comprehensive logging enabled on client systems, including security events.
Regular users have (unprivileged) user access on their machines. We have a process in place for
granting local administrative access to users who demonstrate a clear need.
Yes, the local root or administrator password is the same for all (or many) client systems.
No, local Administrator/root accounts are disabled, or a different password is set for all machines.
One major risk factor in many corporate environments is the use of older versions of Windows. Does
your company still have systems running Windows Vista or earlier versions?
Yes, some or all of our client machines still run Windows Vista or earlier versions.
No, our client machines do not run Windows Vista or earlier versions. Legacy installations have
been completely separated from our main infrastructure and cannot access any of your information.
Encryption🔗
Do you fully encrypt the hard disks of laptops and other portable client devices?
No, laptop hard disks are not fully encrypted. Users are responsible for protecting sensitive
information on laptops.
Do you allow access to confidential information (e.g., email) from unencrypted mobile devices such as
phones and tablets?
Yes, our users can sync potentially confidential information like email onto their mobile phones or
tablets.
No, we do not allow access to corporate information from unencrypted devices such as mobile
phones or tablets.
Is there anything else you want us to know about the security of your client systems?
Why this section matters: In addition to audits of your information security program, you should
perform technical security testing of information systems to make sure they function as intended, and
that the data is properly protected. Some security issues, particularly in proprietary software, can only
be identified manually; therefore both manual and automated testing should be performed. Even if
the project exclusively uses standard off-the-self software, technical security testing helps ensure that
software and infrastructure are configured securely and free of known security issues.
Does an independent third party regularly perform penetration tests on all systems used to provide
services to customers?
Yes.
Are all of the systems used in this project scanned for host-level vulnerabilities? (Note: This question
does not refer to anti-malware scans. Instead, it refers to scans that look for known vulnerabilities
and misconfiguration of the software running on servers.)
Yes
No
In addition to third-party penetration tests and security scans, do you have security know-how
internally, and do you use that know-how to conduct in-house security testing?
Yes, our security team does technical security reviews of the systems used for this project.
Is there anything else you want us to know about the security testing of your infrastructure and/or
product?
Security Contact🔗
Please provide the email addresses (separated by semicolons) of team members who should be
contacted about any security issues:
Feedback🔗
Good news! You have made it to the end of this questionnaire. If you can spare another minute,
please let us know how we can improve it. Any feedback is highly appreciated.
SECURITY TRAINING
The more trained up you and your colleagues are on security, the better.
It's impossible to have good security practices at your company if employees and
users haven't received good trainings and resources.
This will boost a healthy company culture and overall attitude towards security.
A working environment that encourages people to speak up when they feel
something isn't right is critical.
It encourages them to do the right thing.
To help create this context, it's important for
employees to have a way that they can ask questions when they come up.
This could be a mailing list where users can ask questions about security
concerns or to report things they suspect are security risks.
Having the designated communication channel where people can feel comfortable
asking questions and getting clear answers back is super important.
Helping others keep security in mind will help decrease the security burdens
you'll have as an IT support specialist.
It will also make the overall security of the organization better.
Creating a culture that makes security a priority isn't easy.
You have to reinforce and
reward behaviors that boost the security of your organization.
Think of the small things we do every day when we use our computers,
just entering your password to log in or
locking your screen when you walk away from your computer is helpful.
Hopefully, you're careful about entering your password on websites and
check the address of the site you're authenticating against.
If you aren't,
try it out to avoid entering your password into a fake website.
When you're working on your laptop in a public space like a library or
coffee shop, do you lock your screen when you leave to use the restroom or
get another caffeine fix?
If not you absolutely should be.
Hopefully, you aren't leaving your computer unattended in public
in the first place.
That's a really bad idea.
These are the types of small things that security training should address.
You also need to justify why these are good behaviors to adopt.
In some cases, the company culture can turn screen locking into a sort of game.
When colleagues forget to lock their screen,
other team members can play harmless pranks on them.
The last time I forgot to lock my computer,
my colleague changed the default language to Turkish.
It reminded me to always lock my screen because anyone with access to the machine
can impersonate you and get access to any resources you're logged into.
But building a culture that embraces security principles isn't always enough.
There are some things that all employees should know.
This is when an occasional mandatory security training course can help.
This could be a short video or informational presentation followed by
a quiz to see if your employees understood the key concepts covered in the training.
The quiz can also increase the chances of information being retained.
Making employees retake the training every once a year or so
ensures that everyone is up to date on their training.
You can also cover new concepts or updated policies when needed.
This type of training should cover the most common attack types and
how to avoid falling victim to them.
This includes things like phishing emails and best practices around password use.
These trainings often include scenarios that can help test the user's
understanding of a particular topic.
Training courses like these are the last in the line of defenses that you and
your company need to have in place to make sure that you're as safe as possible for
as long as possible.
QUALITY OF IT CANDIDATE
INCIDENT REPORTING
Incident Response
Incident Response
When you’ve had a data breach, you may need forensic analysis to analyze the attack. This analysis usually
involves extensive evidence gathering. This reading covers some considerations for protecting the integrity
of your forensic evidence and avoiding complications or issues related to how you handle evidence.
Regulated data
It’s important to consider the type of data involved in an incident. Many types of data are subject to
government regulations that require you to take extra care when handling it. Here are some examples
you’re likely to encounter as an IT support specialist.
1. Protected Health Information: This information is regulated by the Health Insurance Portability and
Accountability Act (HIPAA). It is personally identifiable health information that relates to:
3. Personally Identifiable Information (PII): PII is a category of sensitive information associated with a
person. Examples include addresses, Social Security Numbers, or similar personal ID numbers.
4. Federal Information Security Management Act (FISMA) compliance: FISMA requires federal agencies
and those providing services on their behalf to develop, document, and implement specific IT security
programs and to store data on U.S. soil. For example, organizations like NASA, the National Institutes of
Health, the Department of Veteran Affairs—and any contractors processing or storing data for them—need
to comply with FISMA.
5. Export Administration Regulations (EAR) compliance: EAR is a set of U.S. government regulations
administered by the U.S. Department of Commerce’s Bureau of Industry and Security (BIS). These
regulations govern the export and re-export of commercial and dual-use goods, software, and technology.
Dual-use goods are items that can be used both for civilian and military applications. These goods are
heavily regulated because they can be classified for civilian use and then transformed for military
purposes.
Digital rights management (DRM)
Digital Rights Management (DRM) technologies can help ensure data regulations compliance. DRM
technology comes in the form of either software or hardware solutions. Both options allow content
creators to prevent deliberate piracy and unauthorized usage. DRM often involves using codes that prohibit
content copying or limit the number of devices that can access a product. Content creators can also use
DRM applications to restrict what users can do with their material. They can encrypt digital media so only
someone with the decryption key can access it. This gives content creators and copyright holders a way to:
Restrict users from editing, saving, sharing, printing, or taking screenshots of content or products
Set expiration dates on media to prevent access beyond that date or limit the number of times
users can access the media
Limit access to specific devices, Internet Protocol (IP) addresses, or locations, such as limiting
content to people in a specific country
Organizations can use these DRM capabilities to protect sensitive data. DRM enables organizations to track
who has viewed files, control access, and manage how people use the files. It also prevents files from being
altered, duplicated, saved, or printed. DRM can help organizations comply with data protection
regulations.
End User Licensing Agreements (EULAs) are similar to DRM in specifying certain rights and restrictions that
apply to the software. You often encounter EULA statements when installing a software package, accessing
a website, sharing a file, or downloading content. A EULA is usually considered a legally binding agreement
between the owner of a product (e.g., a software publisher) and the product's end-user. The EULA specifies
the rights and restrictions that apply to the software, and it’s usually presented to users during installation
or setup of the software. You can’t complete an installation (or access, share, or download data) until you
agree to the terms written in the EULA statement.
Unlike DRM restrictions, EULAs are only valid if you agree to it (i.e., you check a box or click the ‘I Agree’
button). DRM restrictions don’t require your agreement—or rely on you to keep that agreement. DRMs are
built into the product they protect, making it easier for content creators to ensure users do not violate
restrictions.
Chain of custody
“Chain of custody” refers to a process that tracks evidence movement through its collection, safeguarding,
and analysis lifecycle. Maintaining the chain of custody makes it difficult for someone to argue that the
evidence was tampered with or mishandled. Your chain of custody documentation should answer the
following questions. Documentation for these questions must be maintained and filed in a secure location
for current and future reference.
Who collected the evidence? Evidence can include the afflicted or used devices, media, and
associated peripherals.
How was the evidence collected, and where was it located?
Who seized and possessed the evidence?
How was the evidence stored and protected in storage? The procedures involved in storing and
protecting evidence are called evidence-custodian procedures.
Who took the evidence out of storage and why? Ongoing documentation of the names of
individuals who check out evidence and why must be kept.
When a data breach occurs, forensic analysis usually involves taking an image of the disk. This makes a
virtual copy of the hard drive. The copy lets an investigator analyze the disk’s contents without modifying
or altering the original files. An alteration compromises the integrity of the evidence. This kind of
compromised integrity is what you want to avoid when performing forensic investigations.
Key takeaways:
Incident handling requires careful attention and documentation during an incident investigation's analysis
and response phases.
Be familiar with what types of regulated data may be on your systems and ensure proper
procedures are in place to ensure your organization’s compliance.
DRM technologies can be beneficial for safeguarding business-critical documents or sensitive
information and helping organizations comply with data protection regulations.
When incident analysis involves the collection of forensic evidence, you must thoroughly
document the chain of custody.
Here's a list of all the permissions that apps can request and if I select one,
I can see and control which apps have access to my device's location.
I can do the same thing in IOS and with other permissions, for example, let's
check which apps have access to record sounds through the devices, microphone.
So here I have an iPhone, from the privacy setting, I can view all of the different
categories of private data and control which apps have access to which data.
If I select one, I can see and control which apps have access to my devices,
microphone.
Android and IOS Use different names for the type of permissions and
private data that they can grant to apps.
But the basics are the same.
Traditionally, IT departments would provide mobile devices to employees for business use. This gave the IT
staff control over the security of those devices. Today, an increasing number of companies permit
employees to bring their own devices to work. This trend started with employees requesting permission to
carry a single smartphone rather than carrying one phone for work and one for personal use. Organizations
noticed the cost savings gained by allowing their employees to select their personal smartphones as the
single device. By using smartphones with dual SIM card slots or phone apps like Google Voice, users can
configure multiple phone lines on a single smartphone. However, BYODs can become dangerous security
threats to companies’ data and networks. IT departments do not have the same level of control over the
security of BYOD devices as they would with company-owned devices.
BYOD Threats
Some of the potential threats BYODs pose to company networks, resources, and data include:
Loss or theft could result in an organization’s data being stolen or the lost device being used to
gain unauthorized access to a company’s network.
Data loss, including:
1. Data leakage losses can happen when a computing device is lost or compromised; when an
employee accidentally saves or sends confidential information to the wrong destination; when a
disgruntled employee exposes data maliciously; or when viruses, malware, phishing attacks, etc.
penetrate organizations’ networks.
2. Data portability losses can occur when former employees take company data with them on their
BYOD when they resign or are fired by the organization.
Security vulnerabilities are any type of weakness in the security of a device or network that
provides access for a threat to penetrate the system.
Meddler in the middle attacks (MITM) occur when an attacker monitors the data transfers
between two sources with the intent to copy and/or interfere with that information. One of the
most common opportunities for an MITM attack arises when a mobile device accesses important
information through a public Wi-Fi connection, such as at a hotel or restaurant.
Malware is malicious software that can be used to steal, modify, or delete data. It can also be used
to gain unauthorized access to a device or network.
Jailbreaking happens when a manufacturer’s protective restrictions are removed on a mobile
device. Without these restrictions, a device becomes vulnerable to the risk of the user unknowingly
installing malicious software.
Solutions
To mitigate these threats, organizations and their IT departments should design security policies for BYOD
use inside company networks. Some preventative steps could include:
1. Develop a bring your own device (BYOD) policy: IT departments and organizations can create
written policies that detail the minimum technology requirements for permitted BYODs, provide
instructions for employees on how to properly secure their devices, and list the rules for safe data
access and storage.
2. Use Mobile Device Management (MDM) software: MDM software can be used to enforce BYOD
policy requirements for mobile devices to help secure company data and networks. IT
departments can use MDM software to:
a. Automatically install apps and updates, including antivirus and anti-malware software
b. Configure secure connections to an organization’s wireless networks
c. Encrypt storage on devices
d. Require a lock screen and password
e. Remote wipe a mobile device that is lost or stolen
f. Block the execution of certain apps
g. Meet compliance standards
h. Prevent data being shared or stored in unauthorized locations
i. Manage devices remotely
3. Use an Enterprise Mobile Management (EMM) system: MDM policies are specific to mobile
operating systems. In order to distribute MDM policies across Android, iOS, and other mobile
operating systems, the BYODs can be enrolled through an Enterprise Mobility Management (EMM)
system.
4. Require the use of multi-factor authentication (MFA): Users can be authenticated by presenting
more than one method of identification. Some common identification factors include:
a. Something you know: a password or pin number
b. Something you have: a physical token, like an ATM or bank card, USB device, key fob, or
OTP (one-time password)
c. Something you are: biometric data, like a fingerprint, voice signature, facial recognition,
or retina scan
d. Somewhere you are: location-dependent access, like a Global Positioning System (GPS)
location
e. Something you do: gestures, like swipe patterns; Turing tests, like CAPTCHA; or normal
patterns of behavior, like regular login and logout times
5. Set an acceptable use policy (AUP): Organizations could create policies that set a code of conduct
for use of the companies’ data, systems, network, and other resources.
6. Use non-disclosure agreements (NDA): Organizations can create legally binding contracts with
employees to assert the confidentiality and security policies for the companies’ data and
intellectual property.
7. Restrict data access: IT departments should protect company data by limiting access to only those
employees who need access to perform their jobs.
8. Educate staff about data security: Organizations can provide training manuals and seminars to
inform employees about network security risks and to instruct on how to secure their BYODs.
9. Back up device data: IT departments need to create backup policies for all important data. This
should include a schedule for frequency of backups, storage space for the back-up copies, how
long back-ups should be stored, and disaster recovery plans.
10. Data leakage prevention (DLP): IT departments can implement DLP software solutions to help
manage and protect confidential information.
Key takeaways
Organizations are taking advantage of the cost savings created by adopting “bring your own device”
(BYOD) policies for employees. However, permitting employees to connect personal mobile devices to
company networks introduces multiple security threats. There are a variety of security measures that IT
departments can implement to protect organizations’ information systems:
BYOD (bring your own device) - Additional information on how BYOD works, why is it important,
level of access options, risks, challenges, policy comparisons, best practices, how to implement a
BYOD policy.
BYOD policy: An in-depth guide from an IT leader - Compares BYOD advantages and disadvantages,
what should be included in a BYOD policy, tips for reducing security risks, and more.
What is MDM? - Introduces the purpose of MDM software, how it works, advantages of using MDM,
use cases, and more.
Enterprise Mobility Management (EMM) - Outlines the features, services, and benefits of EMM
systems.
TIPS FOR INTERVIEW
[MUSIC]
It's very important to do prior research on the role and
company that you're interviewing for.
You want to make sure that you have some questions in advance prepared for
your interview on those two things.
So in terms of the role, feel free to ask your interview,
their perspective on the day to day of what you'll be doing.
In terms of asking questions about the company,
you want to show that you have some of the same values and
admission that the company has and asking questions along those lines.
Outside of soft skills, some of the qualities that and hiring manager or
interview maybe looking for are going to be, are you showing that
you have a methodical approach to the way that you're approaching the problem?
Another quality that hiring managers or interviews maybe looking for
is the ability to problem solve.
IT professionals are not going to know everything about IT, but
you do want to show that you are able to think on the spot, challenge yourself and
still walk through a scenario even if it is a bit unfamiliar to you.
In order to prepare for the troubleshooting and problem solving aspect
of the interview, a good way to do that is to practice via mock interviews.
So that you do get in the art and the exercise of being able
to walk out and talk out your thought process.
Find yourself a person that can run through some questions with you whether
that be a roommate, a relative.
Identify some questions that they can ask you,
real life scenario questions that you've either encountered or
haven't encountered before and have them ask those questions.
Practice walking out something that you're not as familiar with, and practice your
communication skills in delivering that, even if you're not sure of the answer.
We’re excited to be able to offer you 12 months of free access (a $79/month value) as part of
the Google IT Support Certificate! You’ve earned it. On Big Interview you can:
Follow the steps below to sign up for your Big Interview account and start practicing!
1. Go to https://googlecerts.biginterview.com/.
2. Click Register.
3. Register with your name, email address, and password.
4. Log in.
5. Go to the Learn page.
6. Click Google Certificates Practice Sets.
7. Choose IT Support to begin practicing!
Question 1
Overview: Now that you’re super knowledgeable about security, let's put your newfound know-how to the
test. You may find yourself in a tech role someday, where you need to design and influence a culture of
security within an organization. This project is your opportunity to practice these important skillsets.
Assignment: In this project, you’ll create a security infrastructure design document for a fictional
organization. The security services and tools you describe in the document must be able to meet the needs
of the organization. Your work will be evaluated according to how well you met the organization’s
requirements.
About the organization: This fictional organization has a small, but growing, employee base, with 50
employees in one small office. The company is an online retailer of the world's finest artisanal, hand-
crafted widgets. They've hired you on as a security consultant to help bring their operations into better
shape.
Organization requirements: As the security consultant, the company needs you to add security measures
to the following systems:
Engineers will require access to internal websites, along with remote, command line access to their
workstations.
What you'll do: You’ll create a security infrastructure design document for a fictional organization. Your
plan needs to meet the organization's requirements and the following elements should be incorporated
into your plan:
Authentication system
External website security
Internal website security
Remote access solution
Firewall and basic rules recommendations
Wireless security
VLAN configuration recommendations
Laptop security configuration
Application policy recommendations
Security and privacy policy recommendations
Intrusion detection or prevention for systems containing customer data
External Website
The customer-facing website will be served via HTTPS, since it will be serving an e-commerce
site permitting visitors to browse and purchase products, as well as create and log into
accounts. This website would be publically accessible.
Internal Website
The internal employee website will also be served over HTTPS, as it will require
authentication for employees to access. It will also only be accessible from the internal
company network and only with an authenticated account.
Remote Access
Since engineers require remote access to internal websites, as well as remote command line
access to workstations, a network-level VPN solution will be needed, like OpenVPN. To make
internal website access easier, a reverse proxy is recommended, in addition to VPN. Both of
these would rely on the LDAP server that was previously mentioned for authentication and
authorization.
Firewall
A network-based firewall appliance would be required. It would include rules to permit traffic
for various services, starting with an implicit deny rule, then selectively opening ports. Rules
will also be needed to allow public access to the external website, and to permit traffic to the
reverse proxy server and the VPN server.
Wireless
For wireless security, 802.1X with EAP-TLS should be used. This would require the use of
client certificates, which can also be used to authenticate other services, like VPN, reverse
proxy, and internal website authentication. 802.1X is more secure and more easily managed
as the company grows, making it a better choice than WPA2.
VLANs
Incorporating VLANs into the network structure is recommended as a form of network
segmentation; it will make controlling access to various services easier to manage. VLANs can
be created for broad roles or functions for devices and services. An engineering VLAN can be
used to place all engineering workstations and engineering services on. An Infrastructure
VLAN can be used for all infrastructure devices, like wireless APs, network devices, and critical
servers like authentication. A Sales VLAN can be used for non-engineering machines, and a
Guest VLAN would be useful for other devices that don't fit the other VLAN assignments.
Laptop Security
As the company handles payment information and user data, privacy is a big concern.
Laptops should have full disk encryption (FDE) as a requirement, to protect against
unauthorized data access if a device is lost or stolen. Antivirus software is also strongly
advised to avoid infections from common malware. To protect against more uncommon
attacks and unknown threats, binary whitelisting software is recommended, in addition to
antivirus software.
Application Policy
To further enhance the security of client machines, an application policy should be in place to
restrict the installation of third-party software to only applications that are related to work
functions. Specifically, risky and legally questionable application categories should be
explicitly banned. This would include things like pirated software, license key generators, and
cracked software.
In addition to policies that restrict some forms of software, a policy should also be included to
require the timely installation of software patches. “Timely” in this case will be defined as 30
days from the wide availability of the patch.
In addition to accessing user data, policies regarding the handling and storage of user data
are also important to have defined. These will help prevent user data from being lost and
falling into the wrong hands. User data should not be permitted on portable storage devices,
like USB keys or external hard drives. If an exception is necessary, an encrypted portable hard
drive should be used to transport user data. User data at rest should always be contained on
encrypted media to protect it from unauthorized access.
Security Policy
To ensure that strong and secure passwords are used, the password policy below should be
enforced:
Password must have a minimum length of 8 characters
Password must include a minimum of one special character or punctuation
Password must be changed once every 12 months
In addition to these password requirements, a mandatory security training must be
completed by every employee once every year. This should cover common security-related
scenarios, like how to avoid falling victim to phishing attacks, good practices for keeping your
laptop safe, and new threats that have emerged since the last time the course was taken.
An example of this is OpenVPN, which uses the OpenSSL library to handle key exchange
and encryption of data along with control channels.
An example of this is OpenVPN, which uses the OpenSSL library to handle key exchange
and encryption of data along with control channels.
Module 2 Glossary
New terms and their definitions: Course 5 Week 2
Advanced Encryption Standard (AES): The first and only public cipher that's approved for
use with top secret information by the United States National Security Agency
Asymmetric encryption: Systems where different keys are used to encrypt and decrypt
CA (Certificate authority): It's the entity that's responsible for storing, issuing, and signing
certificates. It's a crucial component of the PKI system
Caesar cipher: A substitution alphabet, where you replace characters in the alphabet with
others usually by shifting or rotating the alphabet, a set of numbers or characters
Central repository: It is needed to securely store and index keys and a certificate
management system of some sort makes managing access to storage certificates and
issuance of certificates easier
Certificate fingerprints: These are just hash digests of the whole certificate, and aren't
actually fields in the certificate itself, but are computed by clients when validating or
inspecting certificates
Certificate Revocation List (CRL): A means to distribute a list of certificates that are no
longer valid
Certificate Signature Algorithm: This field indicates what public key algorithm is used for
the public key and what hashing algorithm is used to sign the certificate
Certificate-based authentication: It is the most secure option, but it requires more support
and management overhead since every client must have a certificate
CMACs (Cipher-based Message Authentication Codes): The process is similar to HMAC, but
instead of using a hashing function to produce a digest, a symmetric cipher with a shared
keys used to encrypt the message and the resulting output is used as the MAC
Code signing certificates: It is used for signing executable programs and allows users of these
signed applications to verify the signatures and ensure that the application was not tampered
with
Cryptography: The overarching discipline that covers the practice of coding and hiding
messages from third parties
Data binding and sealing: It involves using the secret key to derive a unique key that's then
used for encryption of data
Decryption: The reverse process from encryption; taking the garbled output and
transforming it back into the readable plain text
Deterministic: It means that the same input value should always return the same hash value
ECDH & ECDSA: Elliptic curve variants of Diffie-Hellman and DSA, respectively
Eliptic curve cryptography (ECC): A public key encryption system that uses the algebraic
structure of elliptic curves over finite fields to generate secure keys
Encapsulating security payload: It's a part of the IPsec suite of protocols, which
encapsulates IP packets, providing confidentiality, integrity, and authentication of the
packets
Encryption: The act of taking a message (plaintext), and applying an operation to it (cipher),
so that you receive a garbled, unreadable message as the output (ciphertext)
Encryption algorithm: The underlying logic or process that's used to convert the plaintext
into ciphertext
Entropy pool: A source of random data to help seed random number generators
FIPS (Federal Information Processing Standard): The DES that was adopted as a federal
standard for encrypting and securing government data
Forward secrecy: This is a property of a cryptographic system so that even in the event that
the private key is compromised, the session keys are still safe
Frequency analysis: The practice of studying the frequency with which letters appear in
ciphertext
Full disk encryption (FDE): It is the practice of encrypting the entire drive in the system
Hashing (Hash function): A type of function or operation that takes in an arbitrary data input
and maps it to an output of a fixed size, called a hash or a digest
HTTPS: Hypertext Transfer Protocol Secure is a secure version of HTTP that ensures the
communication your web browser has with the website is secured through encryption
Intermediary (subordinate) CA: It means that the entity that this certificate was issued to
can now sign other certificates
IPsec (Internet Protocol security): A VPN protocol that was designed in conjunction with
IPv6
Issuer Name: This field contains information about the authority that signed the certificate
Key: A crucial component of a cipher, which introduces something unique into your cipher
Key signing parties: Organized by people who are interested in establishing a web of trust,
and participants perform the same verification and signing
Key size: It is the total number of bits or data that comprises the encryption key
MD5: A popular and widely used hash function designed in the early 1990s as a
cryptographic hashing function
MIC (Message Integrity Check): It is essentially a hash digest of the message in question
Password salt: Additional randomized data that's added into the hashing function to
generate the hash that's unique to the password and salt combination
PKI system: A system that defines the creation, storage and distribution of digital certificates
Public key authentication: A key pair is generated by the user who wants to authenticate
Public key signatures: Digital signature generated by composing the message and
combining it with the private key
Rainbow table attacks: To trade computational power for disk space by pre-computing the
hashes and storing them in a table
Rainbow tables: A pre-computed table of all possible password values and their
corresponding hashes
Random numbers: A very important concept in encryption because it avoids some kind of
pattern that an adversary can discover through close observation and analysis of encrypted
messages over time
RC4 (Rivest Cipher 4): Asymmetric stream cipher that gained widespread adoption because
of its simplicity and speed
Remote attestation: The idea of a system authenticating its software and hardware
configuration to a remote system
Root certificate authority: They are self signed because they are the start of the chain of
trust, so there's no higher authority that can sign on their behalf
RSA: One of the first practical asymmetric cryptography systems to be developed, named for
the initials of the three co-inventors: Ron Rivest, Adi Shamir and Leonard Adleman
Secure channel: It is provided by IPsec, which provides confidentiality, integrity, and
authentication of data being passed
Secure element: It's a tamper resistant chip often embedded in the microprocessor or
integrated into the mainboard of a mobile device
Secure Shell (SSH): A secure network protocol that uses encryption to allow access to a
network service over unsecured networks
Security through obscurity: The principle that if no one knows what algorithm is being used
or general security practices, then one is safe from attackers
Self-signed certificate: This certificate has been signed by the same entity that issued the
certificate
Serial number: A unique identifier for their certificate assigned by the CA which allows the CA
to manage and identify individual certificates
Session key: The shared symmetric encryption key using TLS sessions to encrypt data being
sent back and forth
SHA1: It is part of the secure hash algorithm suite of functions, designed by the NSA and
published in 1995
Shannon's maxim: It states that the system should remain secure, even if your adversary
knows exactly what kind of encryption systems you're employing, as long as your keys remain
secure
SSL 3.0: The latest revision of SSL that was deprecated in 2015
SSL/TLS Client Certificate: Certificates that are bound to clients and are used to
authenticate the client to the server, allowing access control to a SSL/TLS service
SSL/TLS Server Certificate: A certificate that a web server presents to a client as part of the
initial secure setup of an SSL, TLS connection
Steganography: The practice of hiding information from observers, but not encoding it
Stream ciphers: It takes a stream of input and encrypts the stream one character or one digit
at a time, outputting one encrypted character or digit at a time
Subject: This field contains identifying information about the entity the certificate was issued
to
Subject Public Key Info: These two subfields define the algorithm of the public key along
with the public key itself
Substitution cipher: An encryption mechanism that replaces parts of your plaintext with
ciphertext
Symmetric key algorithm: Encryption algorithms that use the same key to encrypt and
decrypt messages
TLS 1.2 with AES GCM: A specific mode of operation for the AES block cipher that
essentially turns it into a stream cipher
TPM (Trusted Platform Module): This is a hardware device that's typically integrated into
the hardware of a computer, that's a dedicated crypto processor
Transport mode: One of the two modes of operations supported by IPsec. When used, only
the payload of the IP packet is encrypted, leaving the IP headers untouched
Tunnel: It is provided by L2TP, which permits the passing of unmodified packets from one
network to another
Tunnel mode: One of the two modes of operations supported by IPsec. When used, the entire
IP packet, header, payload, and all, is encrypted and encapsulated inside a new IP packet
with new headers
Validity: This field contains two subfields, Not Before and Not After, which define the dates
when the certificate is valid for
X.509 standard: It is what defines the format of digital certificates, as well as a certificate
revocation list or CRL
Availability: Means that the information we have is readily accessible to those people that
should have it
Backdoor: A way to get into a system if the other methods to get in a system aren't allowed,
it's a secret entryway for attackers
Baiting: An attack that happens through actual physical contact, enticing a victim to do
something
Bots: Machines compromised by malware that are utilized to perform tasks centrally
controlled by an attacker
Brute force attacks: A common password attack which consists of just continuously trying
different combinations of characters and letters until one gets access
CIA Triad: Confidentiality, integrity, and availability. Three key principles of a guiding model
for designing information security policies
Cross-site scripting (XSS): A type of injection attack where the attacker can insert malicious
code and target the user of the service
D
Denial-of-Service (DoS) attack: An attack that tries to prevent access to a service for
legitimate users by overwhelming the network or server
Dictionary attack: A type of password attack that tries out words that are commonly used in
passwords, like password, monkey, football
DNS Cache Poisoning Attack: It works by tricking a DNS server into accepting a fake DNS
record that will point you to a compromised DNS server
Evil twin: The premise of an evil twin attack is for you to connect to a network that is
identical to yours but that is controlled by an attacker. Once connected to it, they will be able
to monitor your traffic
Injection attacks: A common security exploit that can occur in software development and
runs rampant on the web, where an attacker injects malicious code
Keylogger: A common type of spyware that's used to record every keystroke you make
Malware: A type of malicious software that can be used to obtain your sensitive information
or delete or modify files
Meddler in the middle (formerly known as Man in the Middle): An attack that places the
attacker in the middle of two hosts that think they're communicating directly with each other
Password attacks: Utilize software like password crackers that try and guess your password
Phishing attack: It usually occurs when a malicious email is sent to a victim disguised as
something legitimate
Ping flood: It sends tons of ping packets to a system. If a computer can't keep up with this,
then it's prone to being overwhelmed and taken down
Ransomware: A type of attack that holds your data or system hostage until you pay some
sort of ransom
Risk: The possibility of suffering a loss in the event of an attack on the system
Rogue Access Point (AP) Attack: An access point that is installed on the network without the
network administrator's knowledge
Screen lock: A security feature that helps prevent unwanted access by creating an action you
have to do to gain entry
Social engineering: An attack method that relies heavily on interactions with humans instead
of computers
Spear phishing: Phishing that targets individual or group - the fake emails may contain some
personal information like your name, or the names of friends or family
SQL Injection Attack: An attack that targets the entire website if the website is using a SQL
database
Tailgating: Gaining access into a restricted area or building by following a real employee in
Trojan: Malware that disguises itself as one thing but does something else
Vulnerability: A flaw in the system that could be exploited to compromise the system
Worms: They are similar to viruses except that instead of having to attach themselves onto
something to spread, worms can live on their own and spread through channels like the
network
0-Day Vulnerability (Zero Day): A vulnerability that is not known to the software developer
or vendor, but is known to an attacker
Qwiklabs Introduction
For some of your graded assessments, you’ll use the Qwiklabs tool to complete the assigned
activities. Qwiklabs is an online lab tool that creates simulated Windows and Linux OS
environments. With this tool, you can complete the course activities without having to install
extra software on your computer.
Important details
Qwiklabs allows you to use both Linux and Windows operating systems as if they were
installed on your local machine. When you access your Qwiklabs activities through Coursera
you will be given the software and OS setup needed to complete the activity within the tool.
Make sure to always access labs directly through Coursera (not through the Qwiklabs
catalog). If you do not access labs directly through Coursera, you will not receive a grade.
Resource
Contact Qwiklabs Support
Below is a comprehensive list of skills that the Google IT Support Professional Certificate was
designed to develop, along with advice for adding them to your resume and LinkedIn profile.
If you’d like to build your resume from scratch, make sure to scroll down to the bottom of this
page to download PDFs of resume templates to help you get started. Keep in mind, these are
just sample resumes, and you should customize them as you see fit!
To add the Google IT Support Professional Certificate to your current resume, you can follow
the steps below.
List the certificate under the Education section of your resume. Example:
Add the most relevant skills to the Skills/Proficiencies section of your resume. To
identify what’s most relevant, focus on your strongest skills, and the ones that are
most prevalent in the job descriptions for the roles you’re applying to. Example:
If the Google IT Support Professional Certificate is your primary qualification for the
roles you’re applying for, you can include information about it in the Summary section
of your resume. Example:
List the certificate under the Licenses & Certifications section of your LinkedIn Profile.
Example:
Describe your Google IT training in the Summary (About) section of your LinkedIn
profile. It’s helpful to frame this credential in the context of your career if you have
previous experience. Learn more about writing an engaging LinkedIn summary.
Example:
You can list your skills under the Skills section of your LinkedIn profile and collect
endorsements from your network. Example:
Consider including the certificate in your LinkedIn headline. Example:
Searching for jobs is all about casting a wide net. We recommend that you spend time on
common job sites like Indeed, Glassdoor, and Google for Jobs, using common job search
terms to help you find IT support roles. (See example searches on these sites below.) Here are
some search terms to get you started:
Glassdoor: www.glassdoor.com
Data handling policies: Should cover the details of how different data is classified
Entry point: the act to determine the entry point to figure out how the attacker got in, or
what vulnerability the malware exploited
High value data: usually includes account information, like usernames and passwords.
Typically, any kind of user data is considered high value, especially if payment processing is
involved
Penetration testing: The practice of attempting to break into a system or network to verify
the systems in place
Principle of least privilege: Helps to ensure that sensitive data is only accessed by people
who are authorized to access it
Security: It's all about determining risks or exposure understanding the likelihood of attacks;
and designing defenses around these risks to minimize the impact of an attack
Severity: Includes factors like what and how many systems were compromised and how the
breach affects business functions
Threats & password policies: Protects Data & IP, Data Protection, Infrastructure Defense,
Identity Management, and users
Vendor risk review: Questionnaire that covers different aspects of their security policies
procedures and defenses
Vulnerability scanner: Detect lots of things, ranging from misconfigured services that
represent potential risks, to detecting the presence of back doors and systems
Access Control Entries: The individual access permissions per object that make up the ACL
Access Control List (ACL): It is a way of defining permissions or authorizations for objects
Accounting: Keeping records of what resources and services your users access or what they
did when they were using your systems
Activation threshold: Triggers a pre-configured action when it is reached and will typically
block the identified attack traffic for a specific amount of time
Advanced Encryption Standard (AES): The first and only public cipher that's approved for
use with top secret information by the United States National Security Agency
Analyzing logs: The practice of collecting logs from different network and sometimes client
devices on your network, then performing an automated analysis on them
Antivirus software: It monitors and analyze things like new files being created or being
modified on the system in order to watch for any behavior that matches a known malware
signature
Application policies: Defines boundaries of what applications are permitted or not, but they
also help educate folks on how to use software more securely
Asymmetric encryption: Systems where different keys are used to encrypt and decrypt
Attack surface: It's the sum of all the different attack vectors in a given system
Auditing: It involves reviewing records to ensure that nothing is out of the ordinary
Authorization: It pertains to describing what the user account has access to or doesn't have
access to
Availability: Means that the information we have is readily accessible to those people that
should have it
Backdoor: A way to get into a system if the other methods to get in a system aren't allowed,
it's a secret entryway for attackers
Baiting: An attack that happens through actual physical contact, enticing a victim to do
something
Bastion hosts or networks: A server used to provide access to a private network from an
external network
Binary whitelisting software: It's a list of known good and trusted software and only things
that are on the list are permitted to run
Block ciphers: The cipher takes data in, places that into a bucket or block of data that's a
fixed size, then encodes that entire block as one unit
Brute force attacks: A common password attack which consists of just continuously trying
different combinations of characters and letters until one gets access
CA (Certificate authority): It's the entity that's responsible for storing, issuing, and signing
certificates. It's a crucial component of the PKI system
Caesar cipher: A substitution alphabet, where you replace characters in the alphabet with
others usually by shifting or rotating the alphabet, a set of numbers or characters
CCMP (counter mode CBC-MAC protocol): A mode of operation for block ciphers that
allows for authenticated encryption
Central repository: It is needed to securely store and index keys and a certificate
management system of some sort makes managing access to storage certificates and
issuance of certificates easier
Certificate fingerprints: These are just hash digests of the whole certificate, and aren't
actually fields in the certificate itself, but are computed by clients when validating or
inspecting certificates
Certificate Revocation List (CRL): A means to distribute a list of certificates that are no
longer valid
Certificate Revocation List (CRL): A means to distribute a list of certificates that are no
longer valid
Certificate Signature Algorithm: This field indicates what public key algorithm is used for
the public key and what hashing algorithm is used to sign the certificate
Certificate-based authentication: It is the most secure option, but it requires more support
and management overhead since every client must have a certificate
CIA Triad: Confidentiality, integrity, and availability. Three key principles of a guiding model
for designing information security policies
Client certificates: They operate very similarly to server certificates but are presented by
clients and allow servers to authenticate and verify clients
CMACs (Cipher-based Message Authentication Codes): The process is similar to HMAC, but
instead of using a hashing function to produce a digest, a symmetric cipher with a shared
keys used to encrypt the message and the resulting output is used as the MAC
Code signing certificates: It is used for signing executable programs and allows users of these
signed applications to verify the signatures and ensure that the application was not tampered
with
Correlation analysis: The process of taking log data from different systems, and matching
events across the systems
Counter-based tokens: They use a secret seed value along with the secret counter value
that's incremented every time a one-time password is generated on the device
Cross-site scripting (XSS): A type of injection attack where the attacker can insert malicious
code and target the user of the service
Cryptography: The overarching discipline that covers the practice of coding and hiding
messages from third parties
Cryptosystem: A collection of algorithms for key generation and encryption and decryption
operations that comprise a cryptographic service
Data binding and sealing: It involves using the secret key to derive a unique key that's then
used for encryption of data
Data information tree: A structure where objects will have one parent and can have one or
more children that belong to the parent object
Decryption: The reverse process from encryption; taking the garbled output and
transforming it back into the readable plain text
Defense in depth: The concept of having multiple overlapping systems of defense to protect
IT systems
Denial-of-Service (DoS) attack: An attack that tries to prevent access to a service for
legitimate users by overwhelming the network or server
Deterministic: It means that the same input value should always return the same hash value
Dictionary attack: A type of password attack that tries out words that are commonly used in
passwords, like password, monkey, football
Distinguished name (DN): A unique identifier for each entry in the directory
DNS Cache Poisoning Attack: It works by tricking a DNS server into accepting a fake DNS
record that will point you to a compromised DNS server
Dynamic ARP inspection (DAI): A feature on enterprise switches that prevents certain types
of attacks
ECDH & ECDSA: Elliptic curve variants of Diffie-Hellman and DSA, respectively
Eliptic curve cryptography (ECC): A public key encryption system that uses the algebraic
structure of elliptic curves over finite fields to generate secure keys
Encapsulating security payload: It's a part of the IPsec suite of protocols, which
encapsulates IP packets, providing confidentiality, integrity, and authentication of the
packets
Encryption: The act of taking a message (plaintext), and applying an operation to it (cipher),
so that you receive a garbled, unreadable message as the output (ciphertext)
Encryption algorithm: The underlying logic or process that's used to convert the plaintext
into ciphertext
End-entity (leaf certificate): A certificate that has no authority as a CA
Entropy pool: A source of random data to help seed random number generators
Evil twin: The premise of an evil twin attack is for you to connect to a network that is
identical to yours but that is controlled by an attacker. Once connected to it, they will be able
to monitor your traffic
FIPS (Federal Information Processing Standard): The DES that was adopted as a federal
standard for encrypting and securing government data
Forward secrecy: This is a property of a cryptographic system so that even in the event that
the private key is compromised, the session keys are still safe
Four-Way Handshake: It is designed to allow an AP to confirm that the client has the correct
pairwise master key in a WPA-PSK setup without disclosing the PMK
Frequency analysis: The practice of studying the frequency with which letters appear in
ciphertext
Full disk encryption (FDE): It is the practice of encrypting the entire drive in the system
GTK (Groupwise Transient Key): A temporal key, which is actually used to encrypt data
Hashing (Hash function): A type of function or operation that takes in an arbitrary data input
and maps it to an output of a fixed size, called a hash or a digest
Host-based firewalls: Protects individual hosts from being compromised when they're used
in untrusted and potentially malicious environments
HTTPS: Hypertext Transfer Protocol Secure is a secure version of HTTP that ensures the
communication your web browser has with the website is secured through encryption
Hubs: Devices that serve as a central location through which data travels through; a quick
and dirty way of getting packets mirrored to your capture interface
Implicit deny: A network security concept where anything not explicitly permitted or allowed
should be denied
Injection attacks: A common security exploit that can occur in software development and
runs rampant on the web, where an attacker injects malicious code
Intermediary (subordinate) CA: It means that the entity that this certificate was issued to
can now sign other certificates
IP source guard (IPSG): It can be enabled on enterprise switches along with DHCP snooping
IPsec (Internet Protocol security): A VPN protocol that was designed in conjunction with
IPv6
Issuer Name: This field contains information about the authority that signed the certificate
Kerberos: A network authentication protocol that uses tickets to allow entities to prove their
identity over potentially insecure channels to provide mutual authentication
Kerckhoff's principle: A principle that states that a cryptosystem, or a collection of
algorithms for key generation and encryption and decryption operations that comprise a
cryptographic service should remain secure, even if everything about the system is known
except for the key
Key escrow: Allows encryption key to be securely stored for later retrieval by an authorized
party
Key signing parties: Organized by people who are interested in establishing a web of trust,
and participants perform the same verification and signing
Key size: It is the total number of bits or data that comprises the encryption key
Key: A crucial component of a cipher, which introduces something unique into your cipher
Keylogger: A common type of spyware that's used to record every keystroke you make
Logs analysis systems: They are configured using user-defined rules to match interesting or
atypical log entries
Malware: A type of malicious software that can be used to obtain your sensitive information
or delete or modify files
MD5: A popular and widely used hash function designed in the early 1990s as a cryptographic
hashing function
Meddler in the middle (formerly known as Man in the Middle): An attack that places the
attacker in the middle of two hosts that think they're communicating directly with each other
MIC (Message Integrity Check): It is essentially a hash digest of the message in question
Monitor mode: It allows to scan across channels to see all wireless traffic being sent by APs
and clients
Network software hardening: Includes things like firewalls, proxies, and VPNs
Network time protocol (NTP): A network protocol used to synchronize the time between the
authenticator token and the authentication server
Normalization: It's the process of taking log data in different formats and converting it into a
standardized format that's consistent with a defined log structure
OAuth: An open standard that allows users to grant third-party websites and applications
access to their information without sharing account credentials
OES (Operating Encounter Mode): It turns a block cipher into a stream cipher by using a
random seed value along with an incrementing counter to create a key stream to encrypt
data with
One-time password (OTP) tokens: Another very common method for handling multifactor
One-time password (OTP): A short-lived token, typically a number that's entered along with
a username and password
OpenID: An open standard that allows participating sites known as Relying Parties to allow
authentication of users utilizing a third party authentication service
Organizational units (OUs): Folders that let us group related objects into units like people or
groups to distinguish between individual user accounts and groups that accounts can belong
to
Packet sniffing (packet capture): the process of intercepting network packets in their
entirety for analysis
Pairwise Transient Key (PTK): It is generated using the PMK, AP nonce, Client nonce, AP
MAC address, and Client MAC address
Password attacks: Utilize software like password crackers that try and guess your password
Password salt: Additional randomized data that's added into the hashing function to
generate the hash that's unique to the password and salt combination
PBKDF2 (Password Based Key Derivation Function 2): Password Based Key Derivation
Function 2
Phishing attack: It usually occurs when a malicious email is sent to a victim disguised as
something legitimate
Physical tokens: They take a few different forms, such as a USB device with a secret token on
it, a standalone device which generates a token, or even a simple key used with a traditional
lock
PIN authentication method: It uses PINs that are eight-digits long, but the last digit is a
checksum that's computed from the first seven digits
Ping flood: It sends tons of ping packets to a system. If a computer can't keep up with this,
then it's prone to being overwhelmed and taken down
PKI system: A system that defines the creation, storage and distribution of digital certificates
Platform key: It's the public key corresponding to the private key used to sign the boot files
Port mirroring: Allows the switch to take all packets from a specified port, port range, or the
entire VLAN and mirror the packets to a specified switch port
Post-fail analysis: Investigating how a compromise happened after the breach is detected
Pre-shared key: It's the Wi-Fi password you share with people when they come over and
want to use your wireless network
Promiscuous mode: A type of computer networking operational mode in which all network
data packets can be accessed and viewed by all network adapters operating in this mode
Proxy: Can be useful to protect client devices and their traffic. They also provide secure
remote access without using a VPN
Public key authentication: A key pair is generated by the user who wants to authenticate
Public key signatures: Digital signature generated by composing the message and combining
it with the private key
Rainbow table attacks: To trade computational power for disk space by pre-computing the
hashes and storing them in a table
Rainbow tables: A pre-computed table of all possible password values and their
corresponding hashes
Random numbers: A very important concept in encryption because it avoids some kind of
pattern that an adversary can discover through close observation and analysis of encrypted
messages over time
Ransomware: A type of attack that holds your data or system hostage until you pay some
sort of ransom
RC4 (Rivest Cipher 4): Asymmetric stream cipher that gained widespread adoption because
of its simplicity and speed
Remote attestation: The idea of a system authenticating its software and hardware
configuration to a remote system
Remote Authentication Dial-in User Service (RADIUS): A protocol that provides AAA
services for users on a network
Reverse proxy: A service that might appear to be a single server to external clients, but
actually represents many servers living behind it
Risk mitigation: Understanding the risks your systems face, take measures to reduce those
risks, and monitor them
Risk: The possibility of suffering a loss in the event of an attack on the system
Rogue Access Point (AP) Attack: An access point that is installed on the network without the
network administrator's knowledge
Rogue DHCP server attack: An attacker can hand out DHCP leases with whatever
information they want by deploying a rogue DHCP server on your network, setting a gateway
address or DNS server, that's actually a machine within their control
Root certificate authority: They are self signed because they are the start of the chain of
trust, so there's no higher authority that can sign on their behalf
RSA: One of the first practical asymmetric cryptography systems to be developed, named for
the initials of the three co-inventors: Ron Rivest, Adi Shamir and Leonard Adleman
Screen lock: A security feature that helps prevent unwanted access by creating an action you
have to do to gain entry
Secure boot protocol: It uses public key cryptography to secure the encrypted elements of
the boot process
Secure element: It's a tamper resistant chip often embedded in the microprocessor or
integrated into the mainboard of a mobile device
Secure Shell (SSH): A secure network protocol that uses encryption to allow access to a
network service over unsecured networks
Security information and event management systems (SIEMS): Form of centralized logging
for security administration purposes
Security keys: Small embedded cryptoprocessors, that have secure storage of asymmetric
keys and additional slots to run embedded code
Security through obscurity: The principle that if no one knows what algorithm is being used
or general security practices, then one is safe from attackers
Self-signed certificate: This certificate has been signed by the same entity that issued the
certificate
Serial number: A unique identifier for their certificate assigned by the CA which allows the CA
to manage and identify individual certificates
Session key: The shared symmetric encryption key using TLS sessions to encrypt data being
sent back and forth
SHA1: It is part of the secure hash algorithm suite of functions, designed by the NSA and
published in 1995
Shannon's maxim: It states that the system should remain secure, even if your adversary
knows exactly what kind of encryption systems you're employing, as long as your keys remain
secure
Single Sign-on (SSO): An authentication concept that allows users to authenticate once to be
granted access to a lot of different services and applications
Social engineering: An attack method that relies heavily on interactions with humans instead
of computers
Spear phishing: Phishing that targets individual or group - the fake emails may contain some
personal information like your name, or the names of friends or family
SQL Injection Attack: An attack that targets the entire website if the website is using a SQL
database
SSL 3.0: The latest revision of SSL that was deprecated in 2015
SSL/TLS Client Certificate: Certificates that are bound to clients and are used to
authenticate the client to the server, allowing access control to a SSL/TLS service
SSL/TLS Server Certificate: A certificate that a web server presents to a client as part of the
initial secure setup of an SSL, TLS connection
Stream ciphers: It takes a stream of input and encrypts the stream one character or one digit
at a time, outputting one encrypted character or digit at a time
Subject Public Key Info: These two subfields define the algorithm of the public key along
with the public key itself
Subject: This field contains identifying information about the entity the certificate was issued
to
Substitution cipher: An encryption mechanism that replaces parts of your plaintext with
ciphertext
Symmetric key algorithm: Encryption algorithms that use the same key to encrypt and
decrypt messages
TACACS+: It is a device access AAA system that manages who has access to your network
devices and what they do on them
Tailgating: Gaining access into a restricted area or building by following a real employee in
Tcpdump: It's a super popular, lightweight command-line based utility that you can use to
capture and analyze packets
Ticket granting service (TGS): It decrypts the Ticket Granting Ticket using the Ticket
Granting Service secret key, which provides the Ticket Granting Service with the client Ticket
Granting Service session key
TKIP (Temporal Key Integrity Protocol): To address the shortcomings of WEP security
TLS 1.2 with AES GCM: A specific mode of operation for the AES block cipher that
essentially turns it into a stream cipher
Transport mode: One of the two modes of operations supported by IPsec. When used, only
the payload of the IP packet is encrypted, leaving the IP headers untouched
Trojan: Malware that disguises itself as one thing but does something else
Tunnel mode: One of the two modes of operations supported by IPsec. When used, the entire
IP packet, header, payload, and all, is encrypted and encapsulated inside a new IP packet
with new headers
Tunnel: It is provided by L2TP, which permits the passing of unmodified packets from one
network to another
U2F (Universal 2nd Factor): It's a standard developed jointly by Google, Yubico and NXP
Semiconductors that incorporates a challenge-response mechanism, along with public key
cryptography to implement a more secure and more convenient second-factor
authentication solution
Validity: This field contains two subfields, Not Before and Not After, which define the dates
when the certificate is valid for
VPNs: Commonly used to provide secure remote access, and link two networks securely
Vulnerability: A flaw in the system that could be exploited to compromise the system
W
Web of trust: It is where individuals instead of certificate authorities sign other individuals'
public keys
WEP (Wired Equivalent Privacy): First security protocol introduced for Wi-FI networks
Wireshark: It's another packet capture and analysis tool that you can use, but it's way more
powerful when it comes to application and packet analysis, compared to tcpdump
Worms: They are similar to viruses except that instead of having to attach themselves onto
something to spread, worms can live on their own and spread through channels like the
network
WPS (Wifi Protected Setup): It's a convenience feature designed to make it easier for clients
to join a WPA-PSK protected network
802.1X with EAP-TLS: Offers arguably the best security available, assuming proper and
secure handling of the PKI aspects of it
802.1x: It is the IEEE standard for encapsulating EAP or Extensible Authentication Protocol
traffic over the 802 networks
X.509 standard: It is what defines the format of digital certificates, as well as a certificate
revocation list or CRL
XTACACS: It stands for Extended TACACS, which was a Cisco proprietary extension on top
of TACACS
0-Day Vulnerability (Zero Day): A vulnerability that is not known to the software developer
or vendor, but is known to an attacker
Course 5 Glossary
Course 5 Glossary
To use the template for this course item, click the link below and select “Use Template.”
OR
If you don’t have a Google account, you can download the template directly from the
attachment below.
C5 Glossary
DOCX File
Learners who complete all five courses of this certificate are eligible to earn a digital badge from Credly
and Google.
Additionally, Google and CompTIA have teamed up to offer a co-skilled badge of completion. To get the
badge, learners must complete the Google IT Support Professional Certificate and pass the CompTIA A+
certification exams (1000 Series). With this dual badge, people who complete the Google IT Support
Professional Certificate and receive the CompTIA A+ certification are better set up to share their skills with
potential employers.
More details are in the FAQs below. For any other questions, including issues with your certificate, please
reach out to Coursera Learner Services.
About badges
What is a badge?
A badge is a visual representation of a credential you’ve earned - in this case, your credential is the Google
IT Support Professional Certificate! You’ll get a badge upon completion of the program; you can share it on
platforms like LinkedIn to catch the attention of potential employers.
What is Credly/Acclaim?
Acclaim is a badging platform that’s part of Credly, a leading digital credential service provider. Acclaim
provides badges so that you can easily share your achievements to online destinations like LinkedIn, and
employers can instantly verify your skills.
Follow the steps in this Acclaim article to add your badge to your LinkedIn. You can also check out this
YouTube video.
How do I claim my badge for completing the Google IT Support Professional Certificate?
Upon completion of the certificate, you will receive an email letting you know you have earned a badge.
From the email, you can choose to claim the badge and opt in to share your information for the purposes of
badge issuing. If you decide to claim the badge, Coursera will then send a request to Acclaim to issue your
badge. If you don’t have an Acclaim account yet, you will be asked to create one before you can accept and
view your badge.
Please allow at least one week from your date of completion for the system to update. Make sure to check
your spam folder just in case it ends up there!
I completed the Google IT Support Professional Certificate program. What do I do if I have not received
an email invite to claim my badge?
If you’ve waited a week since you completed the certificate and haven’t received an email, please submit a
request through the Acclaim help center: https://support.youracclaim.com/hc/en-us.
Badges are sent out daily to learners who have completed all five courses of this Professional Certificate.
Please allow at least one week from your date of completion for the system to update.
If you complete all five courses of the Google certificate and pass the CompTIA A+ certification exams (1000
series), you’ll have access to a new dual badge from CompTIA and Google that you can also post on
LinkedIn to catch the attention of potential employers. Learn more here.
What is the difference between the dual badge with CompTIA and the badge for the Professional
Certificate?
The dual badge shows that you completed both the Google IT Support Professional Certificate and passed
the CompTIA A+ certification exams (1000 series). The Professional Certificate badge only shows your
completion of the Google IT Support Professional Certificate. If you earn both badges, you’re basically a
rockstar and we encourage you to share them both on LinkedIn to show off your rockstar status.
I completed the Google IT Support Professional Certificate program and I passed the CompTIA A+
exams but did not receive an email from Acclaim to claim the dual badge. What do I do?
Please submit a request through the Acclaim help center for technical issues:
https://support.youracclaim.com/hc/en-us.
Will completing the Google certificate prepare me for the CompTIA A+ exams?
The Google IT Support Professional Certificate program aligns with the objectives covered by the newly
updated CompTIA A+ certification. Upon completion of the certificate program, you can download the
CompTIA A+ exam objectives to ensure that you’ve studied what you need to before taking the exams.
Dual badges are delivered within 2 weeks of completion of both the Google certificate and CompTIA exams.
Contact information
Professional summary
Core competencies
Professional experience
Education and certifications
Pro tip: Resumes should be written in the third person and should not contain personal
pronouns.
Let’s discuss how to incorporate your new skills into these sections of your resume.
Contact information
Your header should contain your contact information and should go at the top of your
resume.
Use your summary to set the tone. Your summary should be one to three lines and
should clearly state why you are the best candidate for the position. It should
showcase the most important things you want the reader to know about you. If you
are applying for a new role, you will want to update your industry specialty. You likely
have experience that can be related to IT support, and you will want to incorporate
that relevant experience into your new professional summary. Make sure you tailor
your description of yourself to the role you are applying for.
Merge the description of the role you are applying for with your experience. Here is
an example:
o IT support technician with two years of demonstrated success in network
installation. Skilled in cross-functional collaboration and project execution.
Articulate communicator who thrives in a results-driven collaborative
environment.
Use keywords from the job description to describe yourself. If the job description
states that the company is looking for a candidate with knowledge of IT security, you
should add that to your resume—you have gained that knowledge with this
certification.
Once you have your professional introduction, your next sentence should describe how your
unique expertise will make you valuable to the employer.
Pro tip:Don’t forget to use this section to highlight something that makes you stand out from
other applicants. Use an accomplishment from a previous role to show the employer what
you can offer them. Take a look at this example of a professional summary section:
Now that you have your heading and professional summary updates, let’s move on to the
core competencies section of your resume.
Core competencies
Your core competencies should be a bulleted list of the most relevant skills applicable to the
position you are applying for.
Pro tip: Scan the job description for core competencies you have gained during this
certification and your past experience then use those skills as bullet points in this section.
Make sure to keep this section relatively short, with four to eight bullets. Here is an example
of a IT support resume core competencies section:
Now that you have showcased who you are and what makes you the best candidate for the
job, it is time to tell the story of what you have accomplished throughout your career in the
professional experience section.
Professional experience
The professional experience section of your resume provides a summary of the roles and
positions you have held in your career. List at least three positions in reverse chronological
order and only include what is most relevant to the position you are applying for.
Your professional experience will not change much from previous resumes, because you can’t
change the past roles you have held. However, you can possibly rewrite some of your bullets
to relate them to IT support. Make sure you are tying the industry lingo back to your previous
experience to show the reader—usually a hiring manager—how your skills relate to IT
support.Use terms like assessing compatibility, evaluating system, testing, implementation,
software maintenance and customer support to show the reader that your past experience
translates to an IT support role.
Pro tip: Make sure your resume conveys how your past accomplishments are valuable to the
role you are applying for. Show the reader how you can make a difference in their
organization. An easy way to remember this is through the P.A.R.I.S. framework:
Now that the majority of your resume has been updated with your new skills and knowledge,
it is time to update your Education and Certifications section. In this section of your resume,
you should include any degrees beyond your high school diploma in reverse chronological
order. For each degree, list the degree you earned, institution, location, and date of
graduation. This section should also list any professional certifications or credentials you
hold. It is here where you will list this new IT support certification. Here is an example of an
education and credentials section of an IT support resume:
Your resume is now updated and ready to use for IT support position applications! You have
revised your professional summary, added newly-acquired core competencies, related past
professional experience to IT support, and added this certification to your resume.
Pro tip:It is always a good idea to have someone review your resume for any spelling or
grammatical errors. Recruiters and hiring managers often toss resumes aside that contain
typos. Once you are sure your resume is error-free, it is time to start your job search!
Generalist vs specialist
Another category to consider when attempting to find your right path is whether you want to
work as a generalist or a specialist. A generalist is knowledgeable about many topics and has
various interests, while a specialist is an expert in a specific field.
Generalists have broad, multifaceted roles that allow entry-level employees to gain
invaluable experience in many different areas related to the field. Alternatively, specialists are
focused on a singular aspect of IT. The table below provides an overview of common
generalist and specialist roles.
Systems Administrator
Network Administrator
Field Service Technician
IT Support Administrator
Please note that the word “specialist” is often used in job titles, even for roles that include
generalist-like tasks. When reviewing a job listing, be sure to read the duties and
responsibilities assigned to that role so that you have a clear understanding of what you will
be doing if hired.
Choosing what type of environment works best for you is just as important as the type of role
you select. Different types of environments have their own cultures and practices. As an
entry-level employee, you’ll come across two types of workplaces: agency or in-house. You
can also choose to work for yourself in a freelance role.
As an entry-level employee, you can expect to work for several clients. This is because
agencies often take on many different clients. It is common to work with a client for a short
time. While doing agency work, it’s unlikely that you will decide on the direction of
assignments since those are determined by the company that hired your agency’s services.
Alternatively, companies who create and distribute a product or a service may build an “in-
house” team of internal employees to handle their IT needs.There are many reasons
companies choose this option, including reduced costs, full transparency between the team
and the larger company, and concern for the privacy of their users and their personal
information.
As an entry-level employee, you can expect to work on a team that is relatively smaller than
the rest of the company. Unlike working at an agency, many employees on an in-house team
have the opportunity to learn a great amount about the company they are performing IT
tasks for.
Key takeaways
As you navigate your job search, think about what you want in a career. Establish the types of
roles you want early on and the type of company you want to work for. Over time, your
experience will help you make better-informed decisions related to your career direction.
1.
Question 1
This is an optional activity. To "pass" this practice quiz, you must receive 100%, or 1 out of 1 point, by
completing the activity below.
Activity overview
In this activity, you will create a job search project plan to help you track your progress and expectations
during your job search.
Be sure to complete this activity before moving on. Once you have completed it, you will have a project
plan you can use to help you when you search for a job.
Step-By-Step Instructions
Click the link to create a copy of the template. If you don’t have a Google account, download the template
directly from the attachment below.
OR
XLSX File
Since project managers work in nearly every industry, the first step in job search is choosing an industry or
specialty. Reflect on your passions, what communities you’d like to work with, or what work gets you
excited, and investigate project management opportunities in those areas. Here are some more examples
of industries you can explore:
Business
Construction
Government
Education
Finance
Marketing
Check that you are in the Job Tracker tab. Once you have determined your preferred industry, record it in
the Industry column.
Now that you know what industry you’re searching in, it’s time to get specific. For example, if you chose the
education industry, there are many avenues you can take as an IT Support professional. You could work in
education, government positions, or commercial businesses.
If you’re unsure what kinds of opportunities are available, search for a company in the industry of your
choice and review the career opportunities for IT support roles. Once you’ve found a job you are interested
in, record the company, job title in the appropriate columns. Paste the link to the job description under Job
Link.
Networking can be a great tool that can lead to potential job opportunities. If you apply for a job through a
referral, record the name and contact information of the person who referred you under Referral Name
and Referral Contact Information.
Tailor your resume and cover letter to reflect the language used in the job description and apply as soon as
possible. Refer to the activity on creating a resume to help prepare for your job search.
Once you've applied to the job, identify the resume you used under Resume Used and the date on which
you applied under Date Applied.
If you schedule an interview with a recruiter, record the interview date, your interviewer’s name, and your
interviewer’s contact information in the next three columns.
Once you’ve successfully completed your first interview, make sure to send a thank you email to your
interviewer within 24 hours. Remind them of who you are, what job you applied for, and thank them for
their time. Your interviewer will likely appreciate your courtesy, which will make you more memorable.
Don't forget to record the date you send the thank you email under Follow-up Email Date.
Step 8: (Optional) Prepare for further interviews
As you move forward in the application process, you will likely have at least one or two more interviews.
Log any further information in remaining columns.
Successfully applying to and landing a job is a competitive and difficult process. No matter the outcome of
a certain application, persistence pays off!
Once you’ve connected with someone, you should track your relationship with them. Record the date of
your first meeting, the person’s name, and their contact information in the first three columns.
Make note of anything new you learned about the industry or job from your conversation under Key
Questions. Pay close attention to any issues that your contact deems important.
It is also helpful to remember interesting details or stories from your conversation, both personal and
professional. Write down any professional tips, common interests, or fun facts from your conversation
under Professional Takeaways and Personal Talking Points. You can use these details to build on your
connection with your contact the next time you connect with them.
You will most likely have more questions after your first networking session. Record these under Further
Questions. You can use these questions to reconnect with your contact or ask future contacts.
Be sure to address the following elements in your completed job search project plan:
Industry
Company
Job Title
Job Link
Network Tracker Tab 2 (Optional) should include:
Contact information
First meeting date
Professional takeaways
Common interests or fun facts
Further questions to ask
The date you plan to reach out again
1 point
Yes
No
Coursera Honor Code Learn more
I, Ronald Shiundu, understand that submitting work that isn’t my own may result in permanent failure of
this course or deactivation of my Coursera account.
SubmitSave draft
Like
Dislike
Report an issue
Personal Branding
Personal Branding
Having a good resume and an excellent elevator pitch are important. They will show
employers your skills and your work history, and they will give you a chance to impress
employers with what you have done, and what you can do for them. There is one more step
you can take to make sure you stand out from other candidates. Having your own personal
brand will make you unique and help you stand out from other candidates. This reading will
help you build your own personal brand.
Your personal brand represents you, so the first part of personal branding is to look at
yourself and see what makes you unique. Brands represent what they are. Product makers
use branding to help people notice their products, and to develop people’s trust in their
products and keep people coming back to them. You need to build a brand that does the
same things for you.
Taking an inventory of your skills, interests, and things that motivate you will give you a start
in building your personal brand. You can build an inventory in any order that works best for
you. Here are some examples of inventory questions:
Study your potential employers and learn all about their organizations. Look for their
values and goals and see how you can align your goals and values with theirs.
Identify who their influencers are. Once you know about the companies offering
positions, study their needs based on what the job offers say.
Identify who the stakeholders are who have the most interest in your services.
Look at your inventory and match what you know about yourself to those companies’
needs. Your talents, your skills, the things that give you energy, your strengths, your
knowledge and experience, and the rest of the information you put together in your
inventory are all part of the recipe for your personal brand. Now that you have the
information you need, you can start putting together your brand.
Identify some challenges the companies are facing
People often choose products because those products help them deal with a challenge or
challenges. Brands help them remember the products, so they look for those products as
soon as they have those challenges. If the challenges are ongoing, they keep using those
products.
Now that you have taken a personal inventory, studied your audience, and identified some
challenges your audience of potential employers face in their organizations, you are ready to
build your personal brand. Using the information you put together, write one or two
sentences that describe you and what you do.
You may need to write a few drafts before you find one you like best. Once you find the one
you think is the best, you now have a brand you can use along with resumes, elevator pitches
and cover letters to stand out from other candidates.
Key Takeaway
Having a good resume and a great elevator pitch will help you impress potential employers,
but having a personal brand will help you stand out from all the other candidates. It will give
potential employers something to remember you out of all the applicants they are looking at
for the position.
Recruiters, Headhunters and Staffing Agencies
Recruiters, Headhunters, and Staffing
Agencies
One of the many ways to apply and secure jobs in the IT industry is through recruiters,
headhunters, and staffing agencies. Sometimes it’s possible to secure a long-term position
for a company by first completing temporary or contract work through a recruitment agency.
Recruiters
There are two primary types of recruiters: external and internal. External recruiters work
outside the organization they represent, usually through a recruitment agency. These types
of recruiters can help candidates find a multitude of open positions in the industry and work
with them on a non-contractual basis until the candidate secures a position. Internal
recruiters work with the company of interest. Internal recruiters can help leverage a
candidate’s application by assisting them through the hiring process within a specific
company.
Staffing Agencies
Staffing agencies assist companies with finding qualified candidates to fulfill their open
positions. These positions range anywhere from permanent, to contract, and contract-to-
hire. The staffing agencies are responsible for recruiting and sometimes conducting entry-
level screening questions on candidates to ensure they are a good fit for the company. If the
agency can’t find a suitable fit for the job right away, they may post the job on online job
boards on behalf of the company. The company ultimately makes the final decision for who is
selected, and the staffing agency assists with the initial onboarding process.
Career Coaches
Career coaches can greatly assist with helping job seekers hone in their job search and find
positions that cater to their strengths and personal values. They can also assist with guiding
the candidate through all the ups and downs of the job hunting process, reframing thoughts,
challenging limiting beliefs about the job search process, and finding opportunities for
professional growth. However, career coaches often cost more than other routes for securing
a job. Consider hiring a career coach if you’re experiencing challenges in moving up in your
career, securing interviews, receiving offers, or are unsure about what the next steps in your
career should look like. There are multiple types of career coaches out there. Conduct
research and find the type of coach you’re looking for. Some provide basic services such as
resume reviews, editing of cover letters, or LinkedIn profile analysis. Other career coaches will
go further and offer live coaching sessions either in person or online, offer additional
resources to help you on your journey, and/or a supportive community of other job seekers.
Body:
Pro tip: Not all job applications require a cover letter. When a cover letter is stated as being
optional, it’s best to consider how much a cover letter might improve your standing. The
following are common situations when people prefer to include a cover letter:
Pro tip: A cover letter is between 250-400 words in length and doesn’t exceed one page.
Introduction
The primary goals of the introduction section of a cover letter are to:
Body Section
The goal of the body section of a cover letter is to describe how your skills apply to the open
position. Suppose the job description has these qualifications:
Example
I completed the Google IT Support Professional certificate and have previous customer service
experience in retail electronics. I was responsible for helping customers choose the right devices
for their needs, and solve any problems they had with those devices. I also helped keep the
computers and printers in the location running well at the location by finding and solving any
technical problems. With my attention to detail, the IT support team will be able to solve
problems quickly and efficiently.
Pro tip: Avoid the temptation to rehash the content of your resume. A warning sign is if your
cover letter has essentially the same information as your resume but in a paragraph format.
Pro tip: Focus on what you can do for the company rather than on how you would benefit
from being hired for that position. The difference between being company-focused and self-
focused can be subtle, as in the following sentences:
Closing
The goal of the closing section of a cover letter is to restate your interest in the company and
position. It is also used to indicate your expectations, such as scheduling an interview, being
considered for other jobs, or a timeframe for follow up.
Example
Thank you for taking the time to review my resume for this position. I’m confident I can excel in
this role using my combined work experience and skills from the Google IT Support Professional
certificate. I’m looking forward to an interview and request the privilege to follow up on my
application’s progress in the coming weeks.
Proofread your cover letter
Many errors in cover letters are caused by copying and pasting text from one cover letter to
another. After you write your cover letter, proofread it carefully to catch these common
things:
Awkward formality—Few people call people Sir or Madam nowadays, so you shouldn’t
use these in your cover letter either. Also refrain from using “To whom it may concern”
which sounds highly impersonal. If you don’t know the name of the hiring manager,
use “Dear Hiring Team.” Likewise, consider using “Best regards” instead of
“Sincerely” which sounds a little outdated.
Misspelled words (especially those that sound the same but are spelled differently).
For example, “affect” and “effect,” “then” and “than,” and “your” and “you’re.”
Mismatched skills—Make sure you aren’t incorporating skills for the wrong job
description in your cover letter. This happens with copying and pasting.
Passive voice—Use active voice whenever possible: “I revised the ads” instead of
passive voice: “I ensured that the ads were revised.”
Long anecdotes—Save stories that describe any past results you achieved for when
you are being interviewed.
Key takeaways
Cover letters help introduce the best points about yourself to a potential employer. Make sure
that your cover letter doesn’t simply rehash the skills outlined in your resume, but adds value
by describing how your skills align with the job requirements and how you would be
successful in the role. To write the best cover letters, it’s helpful to research the company,
identify the most important skills from the job descriptions, and prioritize and include your
matching and relevant skills.
LinkedIn is a global professional network that lets you keep a resume online and link up with
recruiters looking for professionals in many fields including IT support specialists. Joining
LinkedIn is easy, and there are many opportunities available through it.
Body:
Signing up
1. Browse to linkedin.com
2. Click Join now.
3. After you click Join now:
1. Enter your email address and a password and click Agree & Join (or click Join with
Google to link to a Google account).
2. Enter your first and last name and click Continue.
3. Enter your country/region, your postal code, and location with the area (this helps
LinkedIn find job opportunities near you).
4. Enter your most recent job title, or select I’m a student.
5. If you entered your most recent job title, select your employment type and enter the
name of your most recent company.
6. If you select self-employed or freelance, LinkedIn will ask for your industry.
7. Click confirm your email address. You will receive an email from LinkedIn.
8. To confirm your email address, click Agree & Confirm in your email.
9. LinkedIn will then ask if you are looking for a job. Click the answer that applies. If you
select Yes, LinkedIn will help you start looking for job opportunities.
10. Follow any of the steps under Join Now that are relevant.
To upload your resume:
It is a good idea to take your time filling out every section of your profile. This helps recruiters
find your profile and helps people you connect with get to know you better. Start with your
photo. Here are some tips to help you choose a great picture for your new profile:
Choose an image that looks like you: You want to make sure that your profile is the
best representation of you and that includes your photo. You want a potential
connection or potential employer to be able to recognize you from your profile picture
if you were to meet.
Use your industry as an example: If you are having trouble deciding what is
appropriate for your profile image, look at other profiles in the same industry or from
companies you are interested in to get a better sense of what you should be doing.
Choose a high-resolution image: The better the resolution, the better impression it
makes, so make sure the image you choose isn’t blurry. The ideal image size for a
LinkedIn profile picture is 400 x 400 pixels. Use a photo where your face takes up at
least 60% of the space in the frame.
Remember to smile: Your profile picture is a snapshot of who you are as a person so it
is ok to be serious in your photo. But smiling helps put potential connections and
potential employers at ease.
Adding connections
Connections are a great way to keep up to date with your previous coworkers, colleagues,
classmates, or even companies you want to work with. The world is a big place with a lot of
people. So here are some tips to help get you started.
On LinkedIn, letting recruiters and potential employers know that you are in the market for a
new job is simple. Just follow these steps:
This example shows jobs available in the United States, but there are job opportunities
available all over the world.
Add to your profile to keep it complete, current, and interesting. For example, remember to
add the Google IT Support Specialist certificate to your profile after you complete the
program!
Key Takeaways
LinkedIn is a resource that lets you keep a profile online including a resume so recruiters will
always have access to anything you make public. You can use LinkedIn to look for positions
and send resumes directly to the recruiters for the positions through the LinkedIn network.
Using LinkedIn, you can find connections, search through thousands of positions offered, and
learn about companies you want to work for in your career.
This guide is designed to help job seekers get more interviews. If you’re eager to increase the number of
interviews you’re currently getting, we have some tips and strategies for you that can make a big difference
in your results and help you overcome some of the challenges associated with job boards, such as out-of-
date listings and heavy application volumes that can make it hard to stand out.
This guide will help you address the challenges of job boards through networking. Because the idea of
networking can seem daunting for many, this guide will focus on four actionable steps you can take to
make the most of your networking efforts. You’ll learn everything from how to find people to connect with
and how to schedule and prepare for important conversations, to what to talk about and how to follow up.
If some of these strategies and actions feel challenging at first, don’t worry; they get easier over time. Plus,
you’ll be getting more interviews, so it will all be worth it!
For our purposes here, we want to focus specifically on how strategic networking can help you overcome
some of the challenges associated with online job applications. Benefits include:
Getting accurate information about job availability. The fact that a role is posted online doesn’t
mean that the hiring team is actively reviewing applications. There is often a delay between the
time a role is open and the time it’s posted online, as well as the time it is filled and taken down
from online job boards. At the same time, there are often open positions that are not (yet) posted
online for a variety of reasons. Networking can help you ensure you’ve got up-to-date information.
Learning more details about the role. Job descriptions are not always precise. As a result, you
might end up applying for roles that you think are a good fit but are, in fact not. Or, you might fail
to properly tailor your application to meet the needs of the hiring team. Insider information via
networking can help you understand what the team is really looking for.
Standing out amid the competition. Once a job is posted to a job board, there are often tens or
even hundreds of people applying to it, so it can be difficult to stand out. Networking can help you
get an early jump on a new opportunity before it’s posted.
The networking process described in this guide can help you address all these challenges.
Through a short and focused conversation with someone at your target company—who has insider
knowledge of relevant opportunities—you will be able to:
Understand the requirements for your target role at that specific company. Jobs with the same
title can vary greatly from company to company, and the actual requirements are not always
obvious from job descriptions.
Gain insight into the company’s organizational structure and team culture to learn what’s required
for success, and understand how best to position yourself in your application materials and
interviews.
Learn about ways to monitor and apply for opportunities at that specific company, so you can
know exactly what’s available and how to float your application to the top of the pile. You might
even be able to get a referral.
Establish a relationship with a professional who might be able to help you in your current job
search and be a part of your professional network moving forward.
The process of networking for your job search begins with identifying the right people to network with.
Because you are looking for insider information on the role and its application process—as well as other
relevant opportunities—you need to connect with insiders.
People you are going to network with must work in, or close to, your target role at a company you are
interested in working for. These people will have the information you need, beyond what’s publicly posted
online. They will understand the exact skills and qualities the hiring team is looking for. They’ll know the
status of currently open roles and upcoming openings, and they might even be able to connect you directly
to the hiring team.
If you are already connected to the right people, you can jump straight to Step 2 below. If you don’t
currently know such people, begin with finding and connecting with them as described in Step 1.
To begin, put together a list of the companies you’re interested in. The more companies you have on your
list, the more people you will be able to reach out to, and the more opportunities that will be available to
you. Don’t be surprised if your company list grows to 50 or more companies. It might sound like a lot, but
remember that not every company will have the right role available when you need it.
If you are not sure how to identify target companies for your job search, consider the following ideas:
Search job boards for openings. If a company has ever posted a relevant role, it’s worth exploring
further.
Go through your existing contacts and research the companies where they work. Even if you
don’t know anyone in your target role, your personal and professional contacts might be able to
introduce you to their relevant coworkers.
Identify a target industry (e.g., online education, medical supplies, entertainment). If you know
one company within that industry, you can perform a search for its competitors to expand your
list.
Map out companies located in your area (or companies with a remote workforce, if you are
looking to work remotely). You want to make sure you can definitely be considered for any
opportunity you uncover.
Remember, your target companies do not need to have open jobs posted—you will find out exactly what is
currently available there through your networking conversations.
Once you know the companies you are interested in, you can start connecting with relevant people. The
method described here uses LinkedIn because it is accessible to most people. You can also ask for
introductions from mutual connections, attend professional events to meet people, post in networking
communities online, or use any other way you prefer.
To find people through LinkedIn, begin with performing a LinkedIn People Search using your target job
title as the search string, and setting a filter for “Current Companies.” See below for an example searching
for a Data Analyst at Coursera.
Review the profiles that come up to identify people you want to reach out to. Focus on people you’d like to
learn from and that you think you can build a rapport with based on their background, interests, and even
their tone of communication. Keep in mind that people with well-developed LinkedIn profiles—that
include profile photos, summaries, and other details—are more likely to reply to you than those who have
very basic profiles, because they are likely to be more active LinkedIn users.
Once you identify a person you might be interested in speaking to, send them a connection request with a
note explaining why you are reaching out.
Hi <name>, I discovered your profile because of the interesting work you do as a <role> at <company>. I’d
appreciate an opportunity to ask you a few questions to learn more about what you do and what it is like to
work at <company>. Thank you in advance for connecting with me!
Note that some of your connection requests may go unanswered. Don’t get discouraged or take it
personally. Many people are too busy or simply don’t monitor their LinkedIn messages. The great thing is
that LinkedIn provides you with access to a large number of professionals, and it’s a great idea to reach out
to a lot of people.
Once you’ve established the connection, you can ask your new contact for a time to speak. It is important
to be open to communicating via the connection's preferred approach (in-person, video, phone, in writing,
etc.), but ideally, you want to schedule a live conversation. It’s generally a more effective way to build a
relationship, and can often make it easier to get your specific questions answered.
Make scheduling easy by suggesting a specific time to speak, offering to work around their calendar, and
sending out a calendar invitation with information on how you will connect (phone, video conferencing,
etc.).
Thank you for accepting my connection request! As I mentioned, I reached out because I’m researching
<industry/company> and would really appreciate an opportunity to ask you a few questions about your
experience in <role, company>. Would you be open to scheduling a 15-minute video or phone call on <date,
time>? I’m also happy to adjust to your schedule if you prefer another time.
Note that some people find it easier to provide information in writing. If you don’t get a response to your
original request for a conversation, you can follow up by asking whether it would be easier for them to
answer a few questions over email. Remember, everyone is different and it’s important to gauge and adjust
to the style of the person you are reaching out to!
Don’t be discouraged if someone does not reply to you immediately. People are busy. Since you have
already established a connection, it’s a good idea to follow up after a few days, and then again a week later
to give them a chance to reply.
If you still don’t hear back after a couple of follow-ups, you can assume this person is too busy at this time
to speak with you and move on to other potential contacts. Remember that while this is a process of
developing personal connections, it’s also a numbers game, and you should plan to reach out to a lot of
people!.
Before moving on, acknowledge your decision to your new contact—a quick note will help ensure there is
no awkwardness so you can easily reconnect in the future.
I'm sorry we haven't been able to connect. I definitely don't want to flood your inbox with requests, so I just
wanted to thank you again for connecting with me, and if you do end up having some time to chat, please let
me know.
Preparation
Once the conversation is on the calendar, it’s time to prepare. Remember, your focus should be on learning
about your target role at the company and determining the best ways to connect to new opportunities.
Things you’ll want to focus on include:
What is the day-to-day like in the role? What is the team structure, how are priorities decided, what
do they like about their work, and what do they struggle with?
What skills and experiences do the hiring team look for? What is essential, and what is nice-to-
have?
Do they think your skills and background are a good fit for the role, or are there ways you can
improve your candidacy through education or experience?
What is the best way to monitor and apply for opportunities? Is there anything coming up that is
not yet posted on the careers page?
Are there any other people they can recommend that you speak with?
To inform your questions, you’ll want to conduct thorough research on the person you are speaking with,
the company they work at, and your target role. Consider the following sources of information:
Your contact’s LinkedIn profile, and any information it links to. Look for information to inform
your questions as well as anything that can help you build rapport, such as shared volunteering
interests, hobbies, school experience, etc.
Job descriptions for your target role at the company (if available). During the conversation, you’ll
have an opportunity to clarify requirements and responsibilities.
LinkedIn profiles of people working in your target role at the company. You want to understand
their skill sets and backgrounds to get additional insights into what it takes to succeed in this role.
Company website. You should have a good understanding of the company’s mission, business,
and anything else they chose to highlight to the public.
Company reviews on platforms such as Glassdoor. It’s a great idea to see what people are saying
about the company, so you can ask more specific questions about the culture.
News about the company. Just in case there is something significant happening at the company,
you want to be aware of it.
Company careers page. Make sure you know which roles are currently posted so that you can ask
about the status, and about applying to them directly.
Step 4: Speak with your new contact
Speaking with strangers does not come naturally to many people. If you are feeling uncomfortable before
or during your first few conversations, that’s completely normal! It will get easier with time as you develop
the invaluable skill of networking.
Remember that the other person is also going into a conversation with a stranger (you) and might not
know what to expect. To make both of you comfortable and to help build rapport, be ready to set the
structure for the conversation.
Remind them about who you are, why you reached out, and what your goals are for the
conversation. By this point, you will have done extensive research in preparation for the
conversation, but your new contact might not have had the time to look at your profile and doesn’t
know why exactly you reached out. Help them out by starting with a brief overview of your
background and the reasons for the conversation.
Monitor time. Conversations like this generally last 15–30 minutes. Make sure you respect the
other person’s time by keeping the meeting to the length you had originally agreed upon, unless
the other person wants to continue talking.
Make it about them. While you are there to learn, the person you are speaking to is being generous
with their time, and it’s your responsibility to make them feel valued and appreciated. Explain why
you wanted to talk to them and show the research you’ve done. Honest praise and genuine
engagement go a long way.
Listen more than talk. Since you are there to learn about their experience and company, the
primary focus of the conversation should be on the other person. Some people might be more
talkative, while others may need more input from you in order to engage. Ideally, they should be
speaking for 50% to 80% of the conversation. Don’t be afraid of short pauses, and be respectful
and patient if they need time to gather their thoughts.
Take note of action items as you go along. There are many action items that can come out of a
conversation like this: you might need to send the other person your resume, they might offer to
connect you with someone else, either one of you might want to share articles or resources that
comes up in the conversation, etc. It’s your responsibility to keep a record of these action items, so
you can follow up on your promises and make it easy for the other person to remember theirs.
Close the conversation by clarifying what’s next. Thank them for their time, summarize what you
have learned, and go over any action items from the conversation. The goal is to make the other
person feel useful and appreciated—after all, they’ve been generous with their time.
Asking for a referral
Getting a referral is an ideal outcome for a networking conversation. However, not every conversation will
end in a referral—sometimes there will be no role available, and sometimes the person might not be open
to referring you for a variety of reasons. Make sure not to take this personally or push too hard—their
reasons may have nothing to do with you specifically. It’s important to respect their boundaries and
comfort levels. It is also important to go into the conversation without the expectation of a referral.
Focusing on learning about the role and getting advice from your new connection will take the pressure off
you and them.
If, during the course of the conversation, you confirm that there is a role available that you are qualified for,
do consider asking for a referral. You should be able to sense from the conversation whether the person
thinks you could be a valuable addition to their team and therefore open to referring to you. If you have
any doubts about that, provide an easy way for them to say “no” to you to avoid an awkward situation. For
example, you can ask, “Would you be able to refer me to this role, or do you recommend I apply online?”
If your contact agrees to refer you, make sure you understand exactly what’s required from you. Depending
on the company’s system, you might need to apply through a special referral link, have your contact
submit your resume internally on your behalf, or apply online and then have your contact reach out to the
relevant member of the hiring team.
Step 5: Follow up
Always send a thank-you email within a day or two to the person who has been generous enough to share
their time and expertise with you. Go beyond the basic “thank you” and reinforce the connection you’ve
made by:
Hi <name>,
It was great to catch up with you today and hear about the incredible work you are doing at <company>, and
I was excited to learn about our shared interest in <x>. Here is a link to the article I had mentioned on <topic>
that I thought you might enjoy.
Thanks again for sharing about the <role> opening with me and sharing my resume with the hiring manager!
My resume is attached. Please let me know if you have any questions or need anything else from me.
Again, it was great to speak with you. Thank you for your time and willingness to share your experience with
me! Please let me know if I can ever be of any help. I have a pretty extensive network in <industry> and would
be happy to introduce you to any of my connections.
Share updates on your job search. Follow up on any advice from the conversation once you have a
chance to act on it. Your connection will appreciate that you valued their guidance and will be glad
to know if it helped. Also, remember to update and thank them once your job search is complete.
Send interesting information as it comes up. If you come across an article or information that
reminds you of the person, it is a great reason to send them a quick note.
Engage on LinkedIn. If your new connection is active on LinkedIn, commenting on their posts and
updates is a great way to continue the conversation.
Add them to your celebrations calendar. Add them to your holiday mailing list. In addition, if any
important dates, such as a birthday, come up in the conversation, make sure to mark your
calendar and send your congratulations.
Do be mindful about your rate and volume of outreach, as you don't want to overdo it. Make sure to
establish a pace that feels right for the relationship.
You now know how to find, reach out to, and develop relationships with people who can help your job
search through insider information. Not every conversation you have will result in an immediate job lead,
but many will. Networking is the most reliable way to get interviews, and it’s available to everyone with a
LinkedIn account, effective strategies and some grit.
Don’t be discouraged if you don’t feel great about your first few conversations, or if they don’t result in
referrals. It is normal to feel uneasy about speaking with strangers, particularly at first. It’s a skill you need
to practice. Each conversation you have with an industry professional is a win. You are building one of your
most valuable professional assets—your network—one person at a time!
While an elevator pitch is usually specific to an idea or a product, you can also use it to sell
yourself as a professional to potential employers. In an interview, a strong elevator pitch can
be used to stand out to your interviewer. It can be used to help explain why you’re a good fit
for the role or to answer the popular interview question “tell me about yourself.” This reading
helps you prepare your elevator pitch to sell yourself and the value you can provide as an IT
Support Professional.
Please examine these resources before continuing with the rest of the reading:
Provide an introduction
Start by providing an introduction. Introduce yourself and give a brief overview of your
professional background. Explain some job roles you’ve had, your years of work experience,
and the types of industries you’ve worked in. If this is your first job IT Support, mention some
of your past roles that are unrelated.
Even if you’re interviewing for your first internship or job in IT Support, it’s important to
clarify that this is what you want to do as a career.
For example, you could say, “I want to apply my excellent technical problem-solving skills to
find and solve information technology problems for internal and external users.”
This is where you share your passion for the field and why you want to work in the industry. If
you’re motivated to sell products online, mention that. This is also a good time to talk about
your goals.
For example, you could say, “I love solving information technology issues because doing it
lets me research and apply new IT solutions and technologies. Long term, I’d love to develop
my knowledge of IT problem solving for company IT infrastructures.”
This has been left the same. The example works for most fields. IT support works with
Google Shopping and with other online services.
Communicating why you are interested in the company—and not just the role—is a great way
to help the interviewer recognize that you are knowledgeable about the company.
For example, if you were interviewing for a position for Google’s Shopping team, you could
say, “Google Shopping helps connect millions of people to the products they desire or need.
As a long-time Google Shopping user, I’m looking forward to the opportunity to be a part of
that mission and provide outstanding support.”
These have been left the same. They are good examples of elevator pitches. The only way to
replace them would be to interview and get pitches from people in IT.
To bring the structure of an elevator pitch to life, check out two examples of elevator pitches
at Google. The first is by Sean, a Marketing Manager on the Google Ads team. The second is by
Joi, an Associate Product Marketing Manager.
Sean
Marketing Manager, Google Ads
I’m Sean, a Marketing Manager for Google Ads, with over a decade’s worth of experience in
the field of digital marketing, most of that with Google. When I went to school, I didn’t even
know this industry existed. I majored in English because I liked reading and writing. My first
employer in digital marketing took a chance on me because of my experience with client
management and spreadsheets, and they figured they could teach me about digital
marketing. I’m glad the industry and I found each other. Google is always innovating, which
means when you work in this field you never stop learning. My first company actually ran a
blog all about the latest changes to Google Ads (then called AdWords), and because of my
English degree, I took a keen interest in the blog. In a few months, I was managing the blog,
and it was through my posts on that site that Google found me. It’s been wonderful to be on
the team that announces the latest changes and updates to Google Ads. Because of my
hands-on experience buying ads myself, I can immediately see how somebody’s workflow will
change after an announcement. I love being able to tell Google’s story to our advertisers so
that companies of all sizes can continue to find success and grow their businesses.
Joi
Associate Product Marketing Manager
I’m Joi, an Associate Product Marketing Manager at Google with 10 years experience as a
content creator for YouTube and organic social channels.
Outside of work, I run my own beauty e-commerce business, an experience that has helped
me develop a plethora of skills around digital marketing and paid advertising, project
management and operations.
My entrepreneurial mindset paired with my love for creativity is what led me to a company
like Google. I thrive in ambiguity and love strategizing and solving problems from the ground
up.
Key Takeaways
Creating a 60 second or less elevator elevator pitch is a great tool to use to quickly share who
you are. Use an elevator pitch to introduce yourself to career and business connections in the
future. You can even use your elevator pitch in other types of situations, like meeting new
friends or new colleagues.
In this reading, we list several questions you should consider asking your interviewer and
explain why you should ask the question and the intention behind it.
One reason to ask your interviewer questions is that it helps you determine if you are
interested in the role. One mistake people make in interviews is believing they are the only
one being interviewed. Remember, you are also interviewing the organization to determine if
you would like to work there! Ask questions to help determine if the organization is a good fit
for you.
Another reason to ask questions is that it shows your interest in the role. When possible,
make your question specific to the company you are interviewing for. For example, imagine
during your pre-interview research, you come across an article discussing the company’s
entrepreneurial culture. You can mention that you read about the organization’s
entrepreneurial culture. Then, ask how that culture gets represented in the company.
Often, at the end of the interview, the interviewer will ask you if you have questions. This is
the perfect time to ask your questions. The interview may end without any questions, that’s
OK too. It’s typically best to respect the interview time frame rather than ask questions past
the time.
If the interviewer doesn’t confirm they will allow time at the end for questions, one way to fit
them in before time runs out is to ask during the interview. When asking during an interview,
ensure the questions don’t disrupt the flow. For example, if the interviewer mentions
available training for the role, you can comment that you are interested in the company’s
training. You can then ask them what type of training is available for the position and its
delivery.
Additionally, if you are unable to ask any questions during the interview, you can follow-up
with an email. Make sure your questions are directly related to the role and related to
something you are genuinely interested in.
This question helps you better understand what skills or qualities make someone successful
in the role. If the interviewer mentions skills or qualities you have, you can then discuss how
you applied them in your previous experience.
It’s important to know the day-to-day activities of the position. Does this match with the type
of role you’re interested in? If it doesn’t, the role may not be a fit for you. This question also
confirms that the tasks for the role match the job description.
A company culture is the attitudes and behaviors of the company and its employees. Asking
this question helps you better understand if the company’s culture is a fit for you. For
example, if you’d like to work for a company that supports creativity and encourages new
ideas, look for that type of information when someone describes the culture.
Similar to the question about culture, this question provides the positive qualities of a
workplace. Ensure these qualities match with what you’re interested in for a work
environment.
Is there any training for the role and how is the training delivered?
If you’re interested in receiving training for a role, consider asking this question. Additionally,
you may want to ask how the training will be delivered, such as digitally, in-person,
shadowing a current employee, or another method. Shadowing is when you closely observe
another employee perform the role.
Do you have any questions or hesitations about my qualifications or experience?
If you ask this question at the end of an interview, it gives you a chance to address any
concerns the interviewer has about your work background. Sometimes the interviewer is
interested in an experience that you have, but you haven’t included on a resume. This is the
perfect question to address that discrepancy.
Key takeaways
When interviewing, you should ask questions to learn more about the organization and show
your interest in the role. When doing pre-interview research, write down any questions you
may have for the organization or the role. It’s a best practice to have at least four questions
prepared before the interview. If there is time available and the question seems appropriate,
ask it!
Activity Overview
In this activity, you will answer two common behavioral interview questions using the STAR
method.
In an interview, you may be asked behavioral interview questions. These types of questions
require you to share a time when you were faced with a particular situation or had to practice
a certain skill. The STAR method is a helpful strategy for answering behavioral interview
questions in a clear, organized, and engaging way. As you’ve learned, STAR stands for
“situation,” “task,” “action,” and “result.”
Be sure to complete this activity before moving on. The next course item will provide you with
a completed exemplar to compare to your own work. You will not be able to access the
exemplar until you have completed this activity.
Scenario
Using the STAR method to answer behavioral interview questions gives interviewers a sense
of who you are and why you’ve applied for the role. This method can make your responses
easy to follow by providing a logical structure to each story you share. Preparing and
practicing responses using the STAR method in advance can also help you feel more
confident going into an interview.
In this activity, you will prepare responses to two common behavioral interview questions.
First, you will recall and record notes about experiences you’ve had in the past that
demonstrate your key skills. Then, you will select two questions from a list of frequently-
asked behavioral questions in IT support interviews. You will answer each of these questions
using the STAR method. And optionally, you will practice answering these questions and
others aloud in front of a mirror, friend, or family member.
Step-By-Step Instructions
To use the template for this course item, click the link below and select “Use Template.”
OR
If you don’t have a Google account, you can download the template directly from the
attachment below.
DOCX File
Add notes on at least three of those experiences to the Experiences that demonstrate my
skills section of the STAR responses template.
Step 3: Select interview questions
During a job interview, you may be asked behavioral interview questions. Your answers to
these questions should demonstrate how you handled a specific situation in the past and
indicate how you might handle a similar situation in the future.
Review the list of Common Behavioral Interview Questions for IT Support Professionals on
the second page of the STAR responses template. Consider which questions would allow you
to describe the experiences you recorded in Step 2. Then, select two of the questions to
answer, copy them, and paste them in the Question 1 and Question 2 sections of the
template.
Using the STAR method helps organize your responses following a story-like structure. To
review, STAR stands for “situation,” “task,” “action,” and “result.”
Begin by describing a particular situation, challenge, or event you experienced. First, review
Question 1 and the experiences you added to the STAR responses template. Select an
experience you had that relates to the question. Then, in the Situation section, add 2–3
sentences describing the situation. Be as specific as possible, providing enough detail to help
the interviewer understand the context in which the situation took place.
In the Task section, add 1–2 sentences describing what you were asked to do, how you were
involved, or what you were responsible for in the situation. Explain exactly how you fit into
the story you’re telling.
In the Results section, add 2–4 sentences discussing the outcome of the actions you took and
the impact you had. Where possible, use data—such as numbers and percentages—to
reinforce your response. If you’re sharing an experience that came with challenges, you may
also want to share the lessons you learned.
Now that you have the skills and knowledge to work as an IT support professional, it’s time to start
preparing for interviews. Interview Warmup is a tool that helps you practice answering questions to get
more confident and comfortable with interviewing.
Get started
1. Go to grow.google/interview-warmup.
2. Click Start practicing.
3. Select the “IT Support” practice set.
4. Click Start.
It takes about 10 minutes, and the questions will be different every time. Each question set will have two
background questions, one behavioral question, and two technical questions, simulating what you would
encounter in a real interview. You can try as many practice interviews as you want.
You’ll also have the option to access the full list of interview questions if you’d like to review more of the
questions available or focus on specific topics.
How it works
Interview Warmup asks interview questions for you to practice answering out loud. It transcribes your
answer in real time so you can review what you said. You’ll also review insights, which are patterns
detected by machine learning that can help you discover things about your answers and identify ways to
keep improving.
Your manager asks you to make a training program for all employees after a big security
vulnerability incident. What kind of training would you create, and why?
Why is it important that you can manage your entire fleet of desktops and servers via enterprise
management software?
How do you stay up to date with recent security incidents, threats, or defense methods?
You've been put in charge of upgrading a company's desktop machines to the latest versions.
There are about 200 employees. How would you approach this?
A company is configured to take full backups every 14 days, and differential backups every day.
Describe some pros and cons for this setup.
Why would a company spend resources on multiple technologies like network firewalls, desktop
firewalls, anti-virus software, and network scanners instead of just relying on one?
Here are some of the insights that Interview Warmup provides:
Talking points: The tool lets you know which topics you covered in your answer, such as your
experience, skills, and goals. You’ll also be able to view other topics that you might want to
consider covering.
Most-used words: The tool highlights the words you used most often and suggests synonyms to
broaden your word choices.
Job-related terms: The tool highlights the words you used that are related to the role or industry in
which you are preparing to work. You’ll also be able to view an entire list of job-related terms that
you might want to consider including in your answer.
Interview Warmup gives you the space to practice and prepare for interviews on your own. Your responses
will be visible only to you, and they won’t be graded or judged.
Key takeaways
Practicing for interviews is an important skill for your career in IT support. Using Interview Warmup can
help you practice interview questions and receive feedback in real time. As you practice, you will gain
confidence and be able to prepare more polished responses for common interview questions.
Research
Hopefully by this time, you will have done your research on the role - not only on the
qualifications for the job, but also the average salary expectations. Knowing the average
salary for an IT support technician in your location is the best way to determine if the offer
you received is fair. Keep in mind what makes you stand out as a candidate as it might give
you insight as to whether you should ask for more or identify when you have received a
generous offer. Always ask for the range that the team is targeting and which components of
the offer the company will consider. For example, does the company offer sign-on bonuses?
Additional equity? Merit increases? This will give you an idea not just of what you are
receiving at the moment but the potential for growth as well.
Negotiate
In certain cases, you might be asked if you have a rate or salary range in mind at the
beginning of the interview process. While this question might seem straightforward, it is
important to not respond with a specific number before knowing the actual number for the
role because the moment you do, you will be giving up negotiating power.
A contract negotiation often starts with the potential employer providing you with an offer
letter with general details about your compensation package. This is their initial offer and
companies will often expect your request changes to the package, whether it be more money
or additional benefits. This is referred to as a counter-offer. Once a counter-offer is made the
potential employer will try to reconcile what you are asking for with what they initially
proposed and find a middle ground if possible.
Always remember that negotiation is your right and it is not considered impolite. On the
contrary, showing initiative in negotiating displays your confidence and tenacity to advocate
for yourself. If you react with a well-researched counteroffer, it will also demonstrate that you
are intelligent enough to know your value.
While a negotiated offer is common, don’t be discouraged if your counter offer is not met.
Unless you have competing offers, you will likely still decide to take the job if it’s a fair offer. If
it makes practical sense to take the initial offer, you should consider reevaluating in 12
months or whenever you have amassed more experience and will have more leverage to work
with.
Pay close attention to the following video, which will demonstrate an interview where the
candidate displays their negotiating abilities.
Imposter Syndrome
Impostor Syndrome
Professionals in many fields including IT sometimes feel like they don’t belong in their positions. They look
at others they work with and feel like the other people are real professionals in the field and they are
impostors and are not worthy of their positions. They feel like they got into their fields through luck or
timing, and they are worried others will find out they are impostors. This is impostor syndrome. This
reading will help you understand impostor syndrome and how to deal with it if you see it in yourself.
You feel like all the success you have in your career came from luck, not learning skills and working
hard.
You are afraid someone will discover you are not qualified for your position. Once someone does,
you will lose your position.
You will be perceived as dishonest, and you won’t be able to work in your field again.
You feel like you need to put a lot of extra effort in to try to be worthy of the position.
If you do something well and your team members or supervisors praise you, you feel you are not
worthy of the praise.
You sometimes don’t try to reach for goals because you feel like they are unattainable goals.
How to deal with Impostor Syndrome
First, don’t feel bad about yourself if you have Impostor Syndrome. Many professionals in your field share it
with you. There are even Nobel Prize winners who have impostor syndrome. It’s very common. You are not
an impostor, though. You worked hard to get this far. Here are some ways to deal with impostor syndrome:
Look at all you’ve done in the course and in your experiences. Keep a journal of all your
accomplishments. Every time you think of another one, write it in the journal. Be sure to include
your achievement of successfully completing this IT Support Specialist certificate. When you feel
like an impostor, read through your journal and look at what you have already accomplished.
Write down any new accomplishments in the journal as you make them.
Become a teacher - teach someone about your field. Let them ask questions and answer those
questions the best you can. You might find out you know a lot more about the field than you
thought you did.
Take out your accomplishment journal sometimes, read it, and celebrate your accomplishments.
You can even reward yourself with something you really want and celebrate your success.
Every time you doubt yourself, think about a real problem you solved or an important task you
completed successfully on the job. Find something good you did that week. Maybe you were able
to troubleshoot a problem others struggled with, and you solved the problem successfully.
Acknowledge your accomplishments and you will find plenty of proof you are very worthy of your
position, and you are a true professional in your field- not an impostor.
Taking risks
Once you have beat impostor syndrome and proven to yourself you are worthy of your position, you may
fail in a task or on a project and feel like an impostor again, or a failure. Even the most well known
professionals, scientists, inventors, and other innovators have failed, and they have failed often. Failure
does not make you an impostor. Instead, by learning from your failures, you will become even better at
what you do.
To move ahead in your career, sometimes you need to take risks. Here are some tips for dealing with risk:
When you fail at something, learn from the failure. What went wrong, and how can you do it better
next time?
Examine each project or task carefully, and think about it succeeding. What is the outcome? It may
take a few failed tries to get to that outcome, but if you never start, you will never achieve that
outcome.
Find others on the team who have done similar projects. Ask them for advice about how they
worked on those projects. If the project fails, share what you learned with them and ask them for
advice on how to avoid the same problem from happening again.
Safe identity workspaces
Safe identity workspaces are a recent development in workplace environments, and their design lets
employees share their ideas freely. In these spaces, employees feel a strong sense of belonging. They feel
like essential parts of the team, and are less likely to be intimidated. In your career, you may work in one of
these environments, as many companies are moving toward them and away from traditional offices.
In a safe identity workplace, there is a leader, but the leader pays close attention to what the employees
have to say and acts on their suggestions and ideas. In some of them, managers and supervisors are open
to constructive criticism from the team. All team members in the workspace are treated as equals and
encouraged to move forward in their careers.
Key takeaways
Impostor Syndrome happens when a professional in a field feels unworthy of their position. People
with impostor syndrome are scared someone will find out they are impostors and that they got
their positions through luck and timing.
You can fight impostor syndrome by beating self doubt and using your accomplishments to prove
to yourself you are a worthy professional in your field
Failure is always a possibility, but if you don’t take risks, you won’t move forward in your career.
Learn from your failures.
Safe identity workspaces are a recent development, and they provide a workspace where everyone
is treated as an equal. This encourages creativity and helps employees experience their parts as
important members of the team.
Working from home has its benefits. You are independent, no longer commuting, more productive. You
save money on gas and clothing while being able to have more quality time with family and friends, an
improved work-life balance, a flexible schedule, and more job opportunities, to mention a few.
What about a hybrid model? A hybrid model means some days at home and some days at the office. This
raises questions, like how to choose which days to work at home? How many days in a week? A hybrid work
schedule is a flexible approach where the employee and the employer agree on a mixed work environment
of working from home and working at the office.
But the reality is, no matter if you are a full time or a hybrid work-from-home employee, you will need to
set up your home work environment to suit your job responsibilities.
When working from home, you will need some standard and basic services and accommodations like
reliable high-speed internet connection, a computer or laptop, a phone, headset, desk, and chair.
Depending on your job, you may also need to have an accessible printer, some specific programs, an extra
monitor, and so on. Also, you will need to have a noise/distraction free environment. As an IT support
specialist working from home, if you are traveling to the customer location, you will need to have a toolbox
with the necessary tools to do your job, along with a reliable way of transportation.
One of the challenges of working from home is scheduling your work week and staying organized. Before
starting to work from home, make sure to set some ground rules:
Decide your working hours. When you start your day, when you end it, lunch time, brain breaks,
etc. After you decide your working hours, try to stick to them as much as possible.
Plan your working tasks. Keep track of assignments for the month, the week, and the day. It will
keep you organized and help you to meet your deadlines.
Set some working rules to your loved ones. Establish when it is appropriate to get your attention,
appropriate noise levels, and what is considered an emergency.
Create boundaries between your work and your household chores.
Learn how to prioritize your work.
Now that you have all that you need to start working from home successfully, it is time to learn to take
advantage of the tools available to enhance collaboration. There are a few tools that will improve your
productivity when working from home. Depending on your job, you will have these tools set up by your
employer, or maybe you will have the flexibility to choose the one that is right for you. Whatever is the case,
familiarize yourself with these types of tools:
Calendar sharing
File sharing
Instant messaging
Document synchronization
Cloud storage
Video-conferencing
Key takeaways
To successfully work from home:
Career Burnout
Constantly exhausted
Physical pain such as migraines, headaches, muscle aches and pains, and
Changes in appetite
No longer interested or have enough energy to engage in activities outside of work
Changes in your sleep. If you notice you are suddenly sleeping way more or way less
than usual, it might be a symptom of burnout.
Identifying burnout triggers
It’s equally important to take time to reflect what is contributing to your burnout symptoms
and experiences. A lack of agency is one of the root causes of burnout. A lack of agency occurs
when you feel like you’re not in control of your current situation and have no opportunity to
either progress in your career at your company, financial restrictions, feeling that there’s not
enough time to get things done, or lack of recognition in the workplace. Not getting enough
rest or sleep also contributes a lot to burnout. When we don’t get enough sleep, we are not as
productive, have troubles focusing, and lower pain tolerance. Do you feel like you are in a
constructive community? Feeling like you’re alone in the workplace can lead to burnout. If
you’re working at a job that doesn’t give you a sense of purpose, it might be time to
reconsider your options. Completing tasks that are not fulfilling to you or utilizing all your
skills impact the quality of your work and can lead to burnout.
One of the main ways to decrease symptoms of burnout is to reframe your thoughts around
the current situation.It’s always beneficial too to reach out for help from Human Resources,
your supervisors, or other colleagues. For example, if you feel like your work has no sense of
purpose, notify your supervisor and ask if there are other tasks or positions within your
organization that allow you to work on projects and teams that give you a sense of fulfillment
and purpose. Resetting expectations additionally greatly helps with repairing burnout. Take
inventory of what the contract deliverables are for your current position, assess whether you
are meeting those deliverables, and then take note of your own expectations of the position
up until that moment in time.
Sustainable workplaces
Working for a company that grants its employees schedule flexibility, mental health
resources, and manageable workloads can bring a peace of mind and help your career in the
long run by supporting your health and well-being. Flexible schedules allow for employees to
attend life events such as medical appointments, family matters, and related matters at times
that work best for the employee. Some companies will support mental health days and allow
you to take paid time off (PTO) to rest, recover, and recharge.
What do you want to accomplish as an IT professional? There are multiple specialist fields in
the industry that will give you the opportunity to further develop and hone your skills in
specific areas. However, you can just as easily take the generalist route and cross-apply your
knowledge of technology and tech support to various roles. What type of work environment
do you want to work in? Some companies provide lots of in-office perks such as a
comprehensive kitchen with free snacks, unlimited PTO, and team-building community
events. Other workplaces include flexible work schedules and options that allow you to work
from home, in the office, or a hybrid. Having a general idea of what you’re looking for in a
work environment will help you narrow down your job search and land opportunities that are
a better fit for you. Additionally, do you aspire to eventually work in management in any
capacity? If so, it’s important during your job hunt to ask about opportunities for
advancement or transition throughout the company. Some companies are limited in
opportunities due to long-term employee retention or other factors.
What are your unique strengths and skills that you bring with you to a company? Identifying
your strengths, both soft and hard skills, will help you stand out from other applicants. There
are a plethora of transferable skills that you can use to leverage your application. If you’re not
sure where to start on identifying your unique strengths and identifying your transferable
skills, there are lots of online resources and platforms to help you get an idea. Skill stacking is
becoming more appealing to hiring managers and companies within the field of technology.
Skill stacking is when employees combine skills from different fields or industries to produce
novel ideas, approaches, and systems. Soft skills are the most important skills to have if
you’re considering any position in management or if you want to work in a team-based work
environment. Having the skills to hold conversations, navigate conflict, and collaborate with
others will highly benefit your career.
Creating a timeline
A common question that is asked in interviews is the “where do you see yourself in x amount
of years?” Creating a timeline for you and your career is helpful in gaining insight into what
career opportunities will work best for you moving forward. One helpful way to gain clarity
into this is to break down your bigger career goals into smaller goals.
Approach your job search and career in IT with an open mind. Be flexible with deadlines,
milestones, and your own personal timeline. Be receptive to potential job opportunities that
you might not traditionally apply to or pursue. Adaptability and flexibility are two of the most
coveted soft skills employers look for in their employees. Lastly, hold yourself accountable for
your own progress. Technology is always changing and staying informed of all the changes
that pertain to your job or specialty will give you an advantage over other employees. Look at
taking other certifications, take online courses, read books on the subject, attend
conferences, continuously network with other professionals in your field, and/or complete
passion projects in your free time. Taking extra measures to inform yourself about your field
and attending events with other professionals will greatly increase your chances of success
and career satisfaction.
etting Promoted
As you are starting to look for an entry level job in IT support, consider why you should start
thinking about a promotion.
There are two main reasons to start job planning for a promotion: 1) Since you are prepared
and committed to do your best from day 1, you will give an amazing first impression and
probably get noticed from the beginning; 2) Knowing where you want to be in 5 to 10 years
will help you successfully plan for your growing career. You know that you have the tools to
successfully start your career as an IT support professional. Now is the time to plan for what
to do next, with special consideration as to what IT path to continue. Perhaps you're
interested in furthering your knowledge in networking, help desk support, or cyber security.
What are the growth opportunities in your organization? Do they support training? Is this a
transitional job? Is this your dream job? All these questions must be taken into account when
planning your next steps.
After you answer those basic questions, you have to prepare and space your next steps
accordingly. If you are planning to grow within your organization, there are a few
considerations that you want to evaluate to get to the place where you want to be.
The first thing to consider when planning for a promotion is performing beyond average at
your current position. This means proving to your employer that you are not only capable of
doing your actual job, but that you are capable of taking on bigger responsibilities. Now, the
question is, how to achieve that?
Work on your development. There are two groups of workers: the ones doing the same
job every year and excelling at it, and the ones excelling at the same job while adding
value to it. To get a chance at that promotion, you need to be in the second group. The
employee that gives more every day, willing to take new responsibilities.
Show leadership and be a team player. Showing that you are a team player and can
take leadership roles will help you to get noticed by your employers. Strive to be a role
model, gain your coworkers respect, and motivate your team members. In other
words, display and build qualities that will make you a good leader.
Continue your education. When developing your career path, consider and plan for
future certifications and training. For example, if you are planning to get from IT
support to network administration, plan to take a few new certifications like
Network+, Cisco professional certifications, and so on. Check for the company
network administration job requirements and improve your skills accordingly.
Maintain strong work ethics. Always be punctual for work, have excellent customer
service, meet your deadlines, excel at your job, be respectful, and collaborate with
your coworkers.
Communicate with your boss, your coworkers, and your customers. Good
communication is a key characteristic to display in any type of job, but when you are
looking for a promotion, you need to excel in the way you communicate. It is crucial to
know how to communicate. It will help when planning for your career path and add
some communication training to your skill development.
Key takeaways
Planning for a promotion doesn't necessarily mean that you are going to get one. Sometimes
you will need to ask for it, or change roles or organization in order to have it. But it means that
you will be ready and will be able to daily demonstrate your value as part of the organization.
Related Technical Careers
The Google IT Support Certifications are part of a bigger project called Grow with Google
(GWG).
GWG offers some other certifications that can help you grow even more and pursue advanced
job opportunities.
This program takes your IT foundations to the next level, teaching you how to program with
Python and how to automate common system administration tasks using it.
Google IT Certificates
Learn the foundations of user experience (UX) design with this certification, which will
prepare you to enter a fast growing career field. In its 7 courses, through this certification you
will learn:
UX Design Certificate
Take your first steps into the field of project management with this professional certificate
developed by Google. Learn about:
You can also grow your career by taking any of these Google Cloud professional certifications:
Prioritizing your workload is a critical skill that will save you a lot of time, stress, and can help
you prevent burnout in the long haul. There are multiple tools, apps, and online resources
that can assist with time management, to-do’s, and tasks. Find a method or approach that
works for you. There is no one solution that works for everyone, stay curious about different
approaches to your organization and time management strategy. Break your big projects and
tasks into smaller tasks to make it more manageable and more rewarding. Focus on what
outcomes you want to achieve by completing a specific task or goal.
Confidence is at the cornerstone of success. It’s a critical skill that will help you be seen as a
leader within your workplace and eventually lead to more opportunities for advancement or
raises. Having confidence additionally helps you provide better quality customer service to
clients while working in the field of IT support. Building positive relationships with clients will
ensure they return to you for technical support, and your confidence will guide them to
trusting your expertise to a greater degree than a professional with not as much confidence.
Regulating emotions also goes a long way in career success.
Practicing empathy with coworkers and clients further develops a positive relationship with
them. Everyone loves to feel like they’re understood and supported in their endeavors. It’s
equally important that you take time to practice self-compassion and self-forgiveness. If you
ever feel overwhelmed by the amount of tasks you have to complete or don’t understand the
nature of your assignment, always reach out to your colleagues and supervisors for
assistance. You are not in it alone and everyone in the IT field has been a novice at some point
in their career. Reach out to your team to gain clarification on the expectations for your role,
brainstorm ideas about making your work more efficient, or revising your workload if you are
assigned more than what you’re able to complete without burnout.
Diversity starts at the very top with a company’s executive leadership. Examine the leadership at the
company you want to work for. The people working at the executive level is typically a good indicator of
how diverse and well-represented their employees are as well. If a company’s executive leadership does
not embrace diversity, the employees will experience greater difficulties in creating and maintaining that
culture. Some questions to ask yourself as you are conducting research on companies:
The company’s website. Assess their core values, history, mission statement, and keywords. See if
their website includes any photographs of their employees.
Their social media page(s). What kind of pictures and content do they post publicly? Check for
photos of their employees, community outings, whether or not they recognize or celebrate various
events or historical moments such as pride month, black history month, or world mental health
day as a couple examples.
Interview former employees. Conduct informational interviews to learn more about a company in
general and ensure that workplace culture will be a good fit for you.
Unconscious/Implicit Bias
Unconscious or implicit bias refers to the attitudes, stereotypes, judgements, or prejudices that we have
unconsciously in our brain. This bias makes our reactions, thinking, and predisposition to information,
actions, or environments alter in a particular way, whether it be positive or negative, without self
awareness of its occurrence. It occurs beyond our control and could impact our decisions, actions, and
understanding.
Unconscious bias is present, to some degree, in every single person and is developed from an early age
through the course of one's life. Unconscious bias is associated with many characteristics such as race,
ethnicity, gender, religion, sexual orientation, socioeconomic background, and educational background.
Some of the common types of unconscious bias are:
Affinity bias, which refers to preferences when choosing people to connect with. These people
share similar interests, experiences, and backgrounds to your own.
Attribution bias, which refers to the ways you perceive your actions in comparison to others. This
bias is mostly in association with how you perceive success and failure.
Ageism, which refers to negative feelings or discriminations against someone based on their age.
Beauty bias, which refers to relating a person's physical appearance to their success, competence,
and/or qualifications.
Gender bias, which refers to a preference for one gender over others.
Ableism bias, which refers to perceiving able-bodied people as the norm and people with
disabilities should strive to perform at the same level as able bodied people without necessary
accommodations. (examples: reserving a meeting space that is not wheelchair accessible,
assuming people have to have a visible disability to be considered disabled, framing disability as
something tragic or as an inspiration)
In order to identify our own biases, it’s important to know what are some of the causes of
unconscious/implicit bias. Bias occurs because, as human beings, we are susceptible to tendencies and are
creatures of habit. For example: humans tend to seek patterns, our brains are known to simplify the world,
we get influenced by culture and/or media.
The truth is that no matter what the causes are, we are susceptible to implicit bias, and this could affect
our relationships at work, the way we behave on certain occasions, the decisions we make, and how we
react in our work environment.
The first step that we can take to remediate this behavior is to recognize that we are susceptible to bias
and to identify it. The next step is to take actions that reduce the implicit bias at work. Some corrective
measures that can be taken are:
Increasing education. Educating employers and employees about the different types of
unconscious bias and how to recognize it is one of the most effective methods to reduce this bias
at work.
Creating an inclusive work environment. Having an inclusive work environment will help to
broaden perspectives and balance any prejudices.
Taking into account the types of bias when making decisions. Check your decision for any cultural,
racial, ability, or gender stereotypes.
Key Takeaways
We are all human, each with our own thoughts and opinions. It is important to recognize we do not
all think the same way.
Unconscious/Implicit Bias is an unavoidable result of being human and can influence daily
decisions in our personal and professional lives.
Make sure to be conscientious about unconscious/implicit bias when in the workplace by being
open minded.
A culture of diversity, equity and inclusion starts with executive leadership in any organization.
Continuous education and training is very important and effective for reducing bias at work and
promoting a culture of diversity, equity, and inclusion.
In your IT career, you will need to use interpersonal communication every day. You will need to speak with
other people in the company, including employees, managers, and different people outside the company
such as vendors. You may manage a team at some point in your career. This reading will help you build the
interpersonal communication skills you can use for everyday communications.
Verbal Communication - This is spoken communication. You use this when you speak to others at
the workplace, on the phone, or at virtual meetings.
Listening - Listening is more than hearing what people say. Listening is focusing on what they are
saying, and receiving their messages.
Written communication - Letters, emails, text messages, emojis, and GIFs are all different types of
written communication.
Nonverbal communication - Gestures, body language, eye contact, facial expressions, and touch
are all examples of nonverbal communication.
Some ways to improve interpersonal communication:
For a team or an organization to work well, members need to be able to say what they need others to know
and to fully understand what others need from them. Here are some tips to help with interpersonal
communication:
Members of a team or organization sometimes need to make requests of each other. Effective requests are
more likely to get results, and they show team or organization members they can rely on each other. When
making requests:
Be sure to know what you are requesting before you make the request
Be clear when you make a request - it’s important to communicate exactly what you need from the
other person.
You may need to wait for the right opportunity to make the request if the other person is busy.
Listen carefully to what the other person has to say with an open mind after you make the request
if the person denies it.
Always make requests politely and respectfully.
When to use which type of communication
Some communications are done verbally in the workplace or in a virtual meeting. Others are done through
phone calls. Some are done through email, messaging, or on paper. Not all communications use written or
spoken language. Some communication is nonverbal. Each situation calls for one or more types of
communication.
In situations where information has to be given to the whole team, you should share it at the workplace in
a meeting or in a virtual meeting using verbal communication.These situations include:
For communications after hours, or for private conversations between two people, you can have a phone
conversation. You can meet the individual in a private office, but private conversations include sensitive
information, so be sure to respect the other person’s privacy and have the conversation in a way no one
else can hear it or join in. Here are some examples of private conversations:
Criticism - Use criticism to help someone else solve a problem, not to hurt them. If you criticize
them in front of the team, it will embarrass them, and it can lead to gossip and conflicts.
Personal situations - Someone may come to you with personal information.Treat this as a private
communication. If the person wants the team to know, they will share it themselves.
Nonverbal communication is important. It helps get the message across without words. It can cause
problems when the wrong message comes through. When having interpersonal communications at work,
try to be careful to avoid too much emotion. Here are some examples of nonverbal cues:
Facial expressions - Example: A person says they’re happy, but they have a sad facial expression.
People who experience the expression know the person is sad.
Tone of voice - Tone of voice can say more than the words said. For example, when someone says
“good job” in an angry tone, it probably means the speaker isn’t happy about what the other
person did.
Eye contact - looking directly at the speaker demonstrates to them that you are listening and
interested in what they have to say.
Actions - Hand movements and other body movements are also communication. If you slam your
fist on a table but say you are not angry, people will still know you are angry.
Leadership and Interpersonal Communication
During your IT Support Specialist career, you may lead a team or have a supervisory role. Communication
skills are essential for a leadership position. You need to be able to communicate:
Expectations - be sure to set realistic expectations, and to clearly communicate them to your staff
members. Make sure they understand them and encourage questions if there is something they
don’t fully understand.
Asking questions - Asking the right questions is important. Be sure you know exactly what
information you need before asking questions.
o Examine the problem or situation and decide what you need to know.
o Ask your question in a tone that demonstrates to the other person that you are interested
in the answer. If you ask in an over formal or accusing tone, the other person will feel
anxious, and they may not answer fully.
o Ask your questions clearly, and focus them on what you need to know. If the questions
aren’t clear, or if they aren’t focused on what you need to know, the answers will also be
unclear.
o Actively listen to the answer after you ask the question. You need to fully understand what
the other person is saying before you react to the information or use it.
o After you get the information you need, thank the person who gave you the information. It
shows the other person respect, and they will be more likely to answer questions in the
future.
Communication for Introverts
If you are an introvert, your communication experiences may be different than what extroverts experience.
Here are some tips for communication for introverts:
Think about what you want to know, and ask open ended questions. That will let the other person
give you full answers and take on much of the conversation.
Use quick greetings and responses to others’ greetings. If someone says, “good morning” to you,
say the same. You can acknowledge the greeting without starting a conversation.
Prepare for meetings and team or organizational functions. Think about what you are going to say,
and have answers ready for questions you may be asked. If someone asks a question you don’t
have an answer prepared for, ask if you can take a little time to think about it.
Cross-Cultural Communication
You will be working with many different people from different cultures and in different time zones all over
the world. Cross-cultural communication will help you understand the similarities and differences among
different cultural groups and engage with different people from different cultures. For people to work
together in teams and organizations, they need to understand each other well across cultures.
Your teams and organizations will have members from all over the world. There will be cultural differences
between you and them. Some things you do will be different from how they do them. Since you are
working with them, you need to understand each other to work together efficiently. Here are some ways to
improve your cross-cultural communications:
Research and study the cultures of people you work with. Find out what types of gestures and
actions they use for communication. Find out if there are any gestures you use that are offensive to
them and avoid those gestures. Find out which gestures they understand and try to use those.
Don’t use slang when having cross-cultural communications. Your slang comes from your culture
and other cultures may not understand what it means. In some cases slang from your culture may
offend people from other cultures.
Be careful with humor. Different cultures have different understandings of humor. What is funny in
your culture might not be funny in other cultures. People from those cultures may be confused.
Sometimes humor that’s funny in one culture is offensive in others.
Speak slower if someone asks you to, but don’t speak too slow or it may offend the other person.
Problems with cross cultural communication
Problems happen with cross-cultural communication, but if you know what causes them, you can avoid
them. Here are some of the problems that can happen:
Gesture problems - Simple gestures in one culture can mean something different in another. You
may use a gesture that’s positive in your culture, but is offensive to the person you are
communicating with from another culture. In the same way, another culture’s positive gesture
may be offensive to you.
Stereotyping - Stereotyping is offensive, and it gives you the wrong ideas about cultures.
Sometimes well-meaning people mistake stereotypes for knowledge of a culture and use them to
communicate with members of that culture.
Misunderstood humor - Most cultures have some form of humor and jokes. People from other
cultures might be confused by your joke, or, in some cases, jokes that are funny to you might
offend people from other cultures.
Differences in messaging - You might send an email and find it either doesn’t get a response, or the
response is slow. Some cultures treat email and other communications differently. You might
come from a culture where individuals answer emails right away, but the culture you sent the
email to doesn’t respond until their whole team looks at the email.
Time zone problems - The world has 24 time zones, one for each hour. You need to check where
the people you are communicating with are and what time zones they’re in. Problems happen
when someone in one time zone calls out at a regular time like 9:00 in the morning, but the person
on the other end of the communication has to wake up at 3:00 in the morning to take the
communication. The receiver sees this as inconsiderate and it can lead to conflict and lost
opportunities.
Managing Conflict
When people work together, there will be some miscommunications. Problems with interpersonal
communications, cross-cultural communications and clashing thoughts and ideas create conflict. Conflict
can make your team inefficient since members have a difficult time working together. Being able to
manage conflict will keep conflict from harming productivity and help your team work together toward
goals even if they disagree with each other.
Conflict happens for many reasons. Here are a few of the situations that cause conflict:
Personality conflict - Every person is different, and each person has their own personality.
Sometimes these personalities clash.
Work environment problems - Having a negative work environment leads to conflict. It’s important
to keep a safe, comfortable work environment to prevent conflict.
Interpersonal communication problems - Misunderstandings and negative responses to criticism
cause conflict.
Cross-cultural communication problems - Cultural misunderstandings and assumptions may
create conflicts.
How do I solve conflict?
Conflict is natural when people work together. People have different ideas and disagree. Once conflict
happens, you need to solve the conflict before it becomes worse.
Address issues as soon as you see them. Meet with the team members involved with the conflict
and listen to what each of them has to say. Give each of them a chance to share their side of the
conflict.
Be clear about what each side needs and address the situation. Once you know what each side
needs and you heard both sides’ information about the conflict, find a resolution that will stop
further conflict.
Prevent conflict by keeping a safe, pleasant work environment. Keep the environment positive.
Encourage open, friendly communication between team members. If there are minor
disagreements, let them share them in an open, positive environment and put them aside before
they create bigger problems.
Encourage team members to share their ideas and cultures with the rest of the team often to
promote cultural understanding and prevent cross-cultural communication problems.
What if I’m in the middle of the conflict?
As an IT professional, you will face conflict at times in your career. Conflict will happen, and dealing with it
well will stop it from getting in the way of your work. Handling conflict and interruptions is important for
success in your field. Here are some times you may be faced with conflict:
Critical feedback - How you take criticism can lead to knowledge or conflict. When you receive
criticism:
o Listen actively to what the other person is saying. Figure out the point they are telling you.
Is it constructive criticism? If it is, thank them and learn from it. Work on improving what
they criticized you about.
o If the criticism is empty criticism or hostile criticism, don’t fight back. If the person keeps
doing it, report the hostile behavior to your supervisor. If you fight back, it will end in
conflict.
Interruptions - Sometimes someone will interrupt you while you are speaking. When you deal with
an interrupter:
o Find a time to talk to the interruptor in private and tell them you are upset about the
interruptions. Say something like, “Please let me finish my sentences when I speak. I
would be happy to answer any questions or discuss any points after I finish speaking”.
o When they interrupt you at a meeting or in a conversation, calmly ask them to let you
finish your sentence. If you react with hostility, your reaction will create conflict.
Key takeaways
Having good interpersonal communication skills will help you throughout your career as a team
member and as a leader. Knowing which type of communication to use helps you get messages
across in specific situations.
You will be working with people from all over the world in your career. Having cross-cultural
communication skills will help you understand them and show respect for their cultures. It will
also help you teach them about your culture and prevent misunderstandings.
Managing conflict is important when you are dealing with a team or organization and other team
members. Always listen with an open mind to all sides of the conflict.
When someone criticizes you, responding with hostility will create conflict. If the criticism is
constructive, learn from it.
A safe, comfortable workplace helps prevent conflict.
Instead of responding to an interrupter with hostility, calmly ask them to let you finish your
sentence.