12
10. A summary of your notification selections appears. Click Finish to create the task and
add it to the actions your operating system will perform.
11. An Event Viewer dialog box opens, alerting you that the task has been created. Click
12. You can see the task you just created by opening Task Scheduler. Press Win + R and
13. In the Task Scheduler window, click the down arrow next to Task Scheduler
Library, then click Event Viewer Tasks. Select the task you just created, and answer
the following questions:
a. In the lower pane, check the Security options section. Which user account will be
used when the task runs?
b. Click Run. What happens?
c. What command would keep this task from running without removing it from
Task Scheduler?
14. You can now delete this task if you want. Close all open windows.
Project 11-2: SNMP Service in Windows 10
Windows contains an embedded SNMP service, but it’s not enabled by default. In this
project, you turn on the SNMP service, configure the service to start collecting SNMP
messages, and enable the SNMP Trap service. Complete the following steps:
13
1. Open Control Panel. Click Programs and Features, then click Turn Windows
2. Scroll down and click the plus sign (+) next to “Simple Network Management
Protocol (SNMP).” Click the Simple Network Management Protocol (SNMP)
3. Press Win + R and enter services.msc. Scroll down and double-click SNMP Service.
4. In the SNMP Service Properties (Local Computer) window, click the Security tab,
5. Leave the Community rights as READ ONLY, type public in the Community Name
6. Click OK to close the SNMP Service Properties (Local Computer) window, then
7. Open Task Manager and use the Resource Monitor (on the Performance tab, click
Open Resource Monitor) to determine which ports the SNMP and SNMP Trap
services are listening on, and which protocols (TCP or UDP) the services are using.
You’ll need to check the Network tab and the Listening Ports section. What
information did you find?
8. Return to the Services window, right-click on SNMP Service, click Stop, and repeat
for the SNMP Trap service. Close all open windows.
Project 11-3: Research Disaster Recovery Solutions
Many companies offer DRaaS (disaster recovery as a service) solutions for all types of
IT-related problems. These solutions might include basics, such as off-site storage and
access to virtual servers during recovery, or more expensive (but more convenient)
options such as customizable backup schedules and single-file recovery, which is the
ability to recover a single file at a time rather than an entire drive. In this project, you will
research two different disaster recovery solutions and compare the features, cost, and
reviews for each. Use complete sentences, good grammar, and correct spelling in your
answers. Complete the following steps:
1. Use a search engine to find companies that provide disaster recovery solutions, and
2. For each of your selections, find answers to at least three of the following five
questions:
What are the key features?
Where would the company store your data? In other words, in what geographic
areas are their servers located?
What kind of encryption does the company use?
Which standards are the services compliant with: HIPAA? PCI? SOX?
Who audits the company and their disaster recovery services?
3. Find reviews for both solutions. Summarize feedback from at least three customers
about these solutions.
Project 11-4: Explore Computer Forensics Investigations
As a network technician, you’ll be better prepared to spot security issues if you’re already
familiar with breaches that have affected other networks in the past. In this project, you
will research three computer forensics investigations. Use complete sentences, good
grammar, and correct spelling in your answers. Complete the following steps:
1. Using a search engine, find articles, blogs, or videos discussing three different
computer forensics cases. Identifying information might have been changed to protect
privacy, but be sure the cases are actual cases, not just theoretical ones. Document
your source or sources for each case.
2. Answer the following questions for each case:
How was the problem discovered?
What clues initiated the investigation?
What crime was committed or suspected?
What evidence was collected using computer forensics?
Were there any significant mistakes made in collecting this evidence?
What was the final outcome of the case?
16
Capstone Projects
Capstone Project 11-1: Manage Log Files in Ubuntu Server
Oftentimes it seems that working with Linux operating systems, compared to working
with Windows, is like driving a stick shift rather than an automatic. As you’ve already
learned, to configure an installed program in Ubuntu, you must edit a text file. For
example, in Capstone Project 5-1, you edited the /etc/vsftpd.conf text file when
configuring the FTP program you installed in Ubuntu.
Ubuntu creates various logs to track just about any event, and these logs are stored as text
files. By default, most are stored in the /var/log directory. The FTP program maintains its
own activity log in a text file that, by default, is /var/log/vsftpd.log. (You can change the
default path and filename by editing the /etc/vsftpd.conf file.) This log file is essential to
a technician who needs to monitor which users have logged on to the FTP server, when
and from where they logged on, and what files they uploaded or downloaded. You can
also monitor failed logons, which can tip you off to someone or a robot trying to hack
into your system.
Using the installation of Ubuntu Server you created in Capstone Project 4-1 in a VM,
follow along to learn how to manage log files in Ubuntu:
1. Start Ubuntu Server and log on with your username and password. Refer to your
LastPass vault if you don’t remember that information.
2. Enter the commands shown in Table 11-3.
[[Begin Table 11-3]]
17
Table 113 Manage Ubuntu log files
Command
Explanation
cd /var/log
Goes to the directory that contains log files.
ls l
Lists all files and subdirectories, and details
about each item. Look for log files that have
ls l vsftpd.log
Lists details about vsftpd.log. Notice the file is
owned by root. Also notice the file size. If it is
ls l vsftpd.log*
Lists all vsftpd.log filesfor example,
vsftpd.log and vsftpd.log.1. In the next three
commands, if the vsftpd.log file is empty, use
one that has contents.
18
is owned by root. How many failed logins are
reported?
Answer: Answers may vary.
q
Quits the less pager.
sudo grep “LOGIN”
Uses the grep command to narrow down a
sudo grep “login
vsftpd.log
Answer: No results are reported.
Searches for the same text string except using
all lowercase letters in the string. How many
results do you see?
sudo grep i “login
Ignores case when searching. For example, the
[[End Table 11-3]]
3. It’s helpful to learn about other log files in the /var/log directory. Search the
help.ubuntu.com website or do a general Google search on three log files you
19
find in the directory (enter ls -l again if you need to see the list again). Write a
one-sentence description of the type of information kept in each file and why a
technician might find this information helpful.
Answer: Answers may vary.
4. Make some notes on your Wikidot website about your activities for this project.
Capstone Project 11-2: Use Syslog in Ubuntu Desktop
In the Hands-On Project 11-2, you viewed and manipulated log file entries on a computer
running Windows. In this project, you will do the same on a computer running the Linux
operating system. Because Linux versions vary in the type of GUI application that allows
you to open the system log, this exercise uses the command-line method instead.
For this exercise, you need a computer with a Linux operating system installed, such as
the Ubuntu Desktop VM that you created in Chapter 2, Capstone Project 2-1. It need not
be connected to a network, but for best results, it should be a computer that has been used
in the past and not a fresh install. You must be logged on to the Linux computer as a user
with administrator privileges.
1. If you are not already at a command-line (or shell) prompt, open a Terminal session
now.
2. The syslog file contains information similar to that shown in Figure 11-34. The first
step in viewing your Linux computer’s system log is to find out where the file is
located. Try each of these commands until you find the syslog file that contains
20
3. The first part of the syslog file appears. In this part of the file, you should see a list of
4. Write down the location and filename of the file that logs all events, as indicated by
5. Press the Spacebar enough times to view the entire log configuration file and return
to the shell prompt.
6. Now that you know the name and location of your system log, you can view its
messages. At the shell prompt, enter one of the following commands, depending on
7. The last 10 lines of your log file appear (assuming it is at least 10 lines long). What
types of messages are recorded? When did the events occur?
8. Next find out all the types of log files your computer saves. Enter one of the
following to change your working directory to the same directory where log files are
kept:
21
9. To view a listing of the directory’s contents, enter ls la. Notice the types of log
files that appear in this directory.
10. Suppose you want to find every message in the system log file that pertains to DHCP
addressing. At the shell prompt, enter one of the following:
11. Run a new search using a text string that appeared in your results from Step 6. What
command did you use?
12. If your operating system is configured to start a new log file each day or each time the
computer is restarted, your log file might be brief. Repeat Step 9 and this time, look
for other versions of the syslog or messages file in your working directory. For
example, Ubuntu Linux will save older system messages in a file called syslog.1,
syslog.2, and so on (see Figure 11-35). If you find a larger, older log file, repeat Step
10 using this log file’s name. How do the results differ?
13. Close the Terminal session window. Make some notes on your Wikidot website about
your activities for this project.