86 lines
1.4 KiB
Markdown
86 lines
1.4 KiB
Markdown
# Lab SEC-1: Security Controls and Account Privileges
|
|
|
|
Domain:
|
|
- 2.0 Security
|
|
|
|
Works on:
|
|
- Windows
|
|
- Linux
|
|
- Optional macOS
|
|
|
|
## Goal
|
|
|
|
Practice identifying local account privileges and matching security controls to risks.
|
|
|
|
## Windows Steps
|
|
|
|
Run:
|
|
|
|
```powershell
|
|
whoami
|
|
whoami /groups
|
|
whoami /priv
|
|
net user
|
|
net localgroup
|
|
net localgroup administrators
|
|
```
|
|
|
|
Record:
|
|
- Current user:
|
|
- Is the user in Administrators?
|
|
- One group membership:
|
|
- One privilege listed:
|
|
- Any account/group that seems high risk:
|
|
|
|
## Linux Steps
|
|
|
|
Run:
|
|
|
|
```bash
|
|
whoami
|
|
id
|
|
groups
|
|
sudo -l
|
|
```
|
|
|
|
Record:
|
|
- Current user:
|
|
- UID:
|
|
- Groups:
|
|
- Sudo allowed:
|
|
|
|
## Optional macOS Steps
|
|
|
|
Run:
|
|
|
|
```bash
|
|
whoami
|
|
id
|
|
groups
|
|
```
|
|
|
|
Record:
|
|
- Current user:
|
|
- UID:
|
|
- Groups:
|
|
|
|
## Control Matching
|
|
|
|
Match the best control:
|
|
- Stop vehicles from reaching a building:
|
|
- Prevent one person from following another through a secure door:
|
|
- Store privileged passwords and grant temporary admin access:
|
|
- Stop confidential files from being emailed:
|
|
- Require phones to use PINs and allow remote wipe:
|
|
- Authenticate once and access multiple cloud apps:
|
|
- Give users only the access required for their work:
|
|
|
|
## What You Should Learn
|
|
|
|
- Local group membership affects privileges.
|
|
- Least privilege reduces risk.
|
|
- MFA proves identity using multiple factor types.
|
|
- DLP protects sensitive data from leakage.
|
|
- MDM centrally manages mobile devices and policies.
|
|
- PAM/JIT control privileged access.
|
|
|