We started the day with an intensive lab. We focused on the IAAA model, which stands for Identification, Authentication, Authorization, and Accounting.
This model describes the fundamental steps to secure access to a system:
Accounting: Tracking and recording the user’s activities while accessing resources, often for auditing purposes.
Identification: The process of recognizing a user or device, typically through a username or ID.
Authentication: Verifying the identity of the user or device, often using passwords, biometrics, or two-factor authentication.
Authorization: Granting or denying access to specific resources based on the authenticated user’s permissions.
After exploring the IAAA model, we moved on to access control concepts. One key concept I learned about was a replay attack. A replay attack occurs when an attacker intercepts and resends valid data (such as authentication credentials) to gain unauthorized access to a system. This highlights the importance of using techniques like timestamps or unique session tokens to prevent this type of attack.
We also covered different types of access control models:
- DAC (Discretionary Access Control): In this model, the resource owner (such as a file owner) determines who can access their resources. It’s more flexible but can be less secure, as the owner has full control over the permissions.
- MAC (Mandatory Access Control): MAC is more rigid and uses predefined policies to govern access. Access is determined by the system, not the resource owner, and is often used in highly secure environments like government systems.
- RBAC (Role-Based Access Control): In RBAC, access rights are assigned based on the user’s role within the organization. For example, a “Manager” role might have access to certain resources that a “Staff” role doesn’t. It helps simplify and scale access control across large organizations.
Next, we dove into some practical experience with Active Directory (AD). We learned about several key concepts in AD:
- Organizational Units (OUs): These are containers within AD used to organize users, groups, and devices. They help manage and delegate administrative control over groups of objects.
- Forest: An AD forest is the top-level container in AD, consisting of one or more domains. It provides a framework for the directory and defines trust relationships between domains.
- AD Domains: A domain is a logical grouping of objects (like users and computers) that share a common directory database. Domains help simplify security and management.
- AD Controllers: Domain controllers are servers that host the Active Directory database and authenticate users within the domain.
After that, we tackled some challenging PowerShell exercises. PowerShell is a powerful scripting language used for managing and automating system tasks. We worked with various commands like:
- Get-EventLog: Retrieves event log data from the system, useful for troubleshooting and monitoring system events.
- Get-Service: Lists the status of services running on the system, allowing for service management.
- WMIC: The Windows Management Instrumentation Command-line tool, which provides a way to query and manage system resources.
- Net Start: Displays or starts services on a local or remote computer.
- Get-Process: Retrieves a list of processes running on the system, which can be helpful for system monitoring.
A unique aspect of PowerShell is its use of verbs in commands (such as “Get”, “Set”, “Start”, “Stop”), which describe the action being performed. This consistent structure makes it easier to understand and remember PowerShell commands.
At the end of the day, I was able to wrap up the SQL Fundamentals course and even get a bit of hands-on experience with Burp Suite, a popular tool for web security testing. It was a long, challenging day, but I’m proud of the progress I made and the new skills I gained!
