Computing Basics for Security Analysts: Operating Systems, Linux, and SQL

Name: The Basics of Computing Security: Linux & SQL | Google Cybersecurity Certificate
Uploaded: 2026-02-19T11:49:06.147246+00:00
Channel: Google Career Certificates
Description: Summary and key takeaways on Computing Basics for Security Analysts: Operating Systems, Linux, and SQL, covering Introduction Kim, a Technical Program Manager
Google Career Certificates
Feb 19, 2026
•
3 min read
YouTube video ID: gmzQgmlR1eI
Source: YouTube video by Google Career Certificates — Watch original video
PDF
Introduction

Kim, a Technical Program Manager in Security, welcomes learners to a course that bridges computing fundamentals with security analysis. The curriculum covers operating systems, Linux command‑line usage, and SQL querying—essential skills for protecting organizational data.
Why Understanding Operating Systems Matters

OS as the bridge between hardware and users, enabling efficient execution of multiple applications.
Historical evolution: early computers required manual program loading; modern OSes automate multitasking, device handling, and resource allocation.
Security relevance: OS security (file protection, authentication, firewalls) is the first line of defense against malware, viruses, and unauthorized access.
How an OS Works

Boot process – Power button → BIOS/UEFI → bootloader → OS kernel.
User request flow – Application → OS → hardware (CPU, memory, I/O) → response back to application.
Resource management – The OS acts like a conductor, balancing CPU, memory, and I/O among competing processes.
Interfaces: GUI vs. CLI

Graphical User Interface (GUI) – Icons, menus, and windows; intuitive but limited to one task at a time.
Command‑Line Interface (CLI) – Text‑based; offers powerful scripting, batch operations, and precise control—crucial for security analysts when parsing logs or automating tasks.
Linux Fundamentals

Open‑source nature – Anyone can view and modify the source; community‑driven development.
Architecture components: user, applications, shell, filesystem hierarchy, kernel, hardware.
Distributions (distros) – Over 600 flavors; common security‑focused distros include Kali Linux, Ubuntu, Parrot OS, Red Hat, and CentOS.
Shell (Bash) – The CLI interpreter that translates commands into kernel actions; supports input, output, and error streams.
Core Linux Commands for Analysts

Navigation: pwd, ls, cd
File inspection: cat, head, tail
Filtering: grep, piping (|)
File & directory management: mkdir, rmdir, touch, rm, mv, cp
Permissions: ls -l, chmod (symbolic mode, e.g., chmod g+w,o-r access.txt)
User management: useradd, userdel, sudo for privileged actions.
Getting Help Directly in the Shell

man <command> – Full manual pages.
whatis <command> – One‑line description.
apropos <keyword> – Search manuals for related commands.
SQL Basics for Security Analysts

Relational databases – Tables with rows (records) and columns (fields); primary keys uniquely identify rows, foreign keys create relationships.
SQL syntax – SELECT, FROM, WHERE, JOIN.
Filtering data – Operators (=, >, <, LIKE, BETWEEN) and logical connectors (AND, OR, NOT).
Joining tables – INNER JOIN, LEFT JOIN, RIGHT JOIN, FULL OUTER JOIN to combine related data from multiple tables.
Practical Use Cases

Log analysis – Use SELECT * FROM log_in_attempts WHERE country = 'USA'; to isolate suspicious login activity.
Patch management – Filter machines by OS_patch_date BETWEEN '2021-03-01' AND '2021-09-01' to schedule updates.
Vulnerability assessment – Combine employees and machines tables via INNER JOIN on employee_id to pinpoint vulnerable endpoints.
Resources & Community Support

Online forums (Stack Exchange, Linux communities) and official documentation provide quick answers.
Searching the web for specific command usage or distro tutorials accelerates learning.
Conclusion

Mastering OS fundamentals equips analysts to trace security events from hardware to application.
CLI proficiency (especially Bash) dramatically speeds up log parsing, file manipulation, and automation.
Understanding Linux permissions and user management safeguards critical assets.
SQL empowers analysts to query massive datasets, filter for anomalies, and join disparate data sources for comprehensive insight.
Continuous learning through community resources ensures analysts stay current with evolving tools and threats.
Operating systems are the foundation of every security task; knowing how they boot, allocate resources, and interact with hardware enables effective incident response.
Command‑line expertise, particularly in Linux Bash, provides the speed and flexibility needed for log analysis, bulk file operations, and automation.
Proper management of file permissions, users, and sudo privileges is essential to enforce the principle of least privilege and prevent accidental or malicious changes.
SQL is a powerful, universal language for extracting, filtering, and correlating data across relational databases, turning raw logs into actionable intelligence.
Leveraging community documentation and built‑in help commands (man, whatis, apropos) accelerates problem‑solving and keeps skills up‑to‑date.
Frequently Asked Questions

Who is Google Career Certificates on YouTube?

Google Career Certificates is a YouTube channel that publishes videos on a range of topics. Browse more summaries from this channel below.
Does this page include the full transcript of the video?

Yes, the full transcript for this video is available on this page. Click 'Show transcript' in the sidebar to read it.
Why Understanding Operating Systems Matters

- **OS as the bridge** between hardware and users, enabling efficient execution of multiple applications. - **Historical evolution**: early computers required manual program loading; modern OSes automate multitasking, device handling, and resource allocation. - **Security relevance**: OS security (file protection, authentication, firewalls) is the first line of defense against malware, viruses, and unauthorized access.
How an OS Works

1. **Boot process** – Power button → BIOS/UEFI → bootloader → OS kernel. 2. **User request flow** – Application → OS → hardware (CPU, memory, I/O) → response back to application. 3. **Resource management** – The OS acts like a conductor, balancing CPU, memory, and I/O among competing processes.
Helpful resources related to this video

If you want to practice or explore the concepts discussed in the video, these commonly used tools may help.
Linux Command Line And Shell Scripting Bible Recommended
Comprehensive guide to Bash commands, scripting, and Linux administration; helps analysts automate tasks and master the CLI essential for security work.
Amazon →
Kali Linux Revealed Book
Official Kali Linux documentation and tutorials; equips security professionals with penetration‑testing tools and techniques needed for offensive security tasks.
Amazon →
Sql For Data Analysis Book
Practical examples of writing queries, filters, and joins; enables analysts to efficiently extract and analyze security‑related data from databases.
Amazon →
Comptia Security+ Study Guide
Covers core security concepts, including OS hardening, permissions, and incident response; reinforces the foundational knowledge taught in the course.
Amazon →
Links may be affiliate links. We only include resources that are genuinely relevant to the topic.
Summarize another video
Full Transcript YouTube

KIM: Hi.
Welcome to this course on
computing basics for security.
My name is Kim, and I work
as a Technical Program
Manager in Security.
I grew up with computers
and the internet
but didn't really consider
security as a career
opportunity until I saw how it
was interwoven into technology.
Before my first security job,
I worked on a cloud application
team and had to
regularly interact
with the security team.
It was my first experience
working with security.
But the idea of protecting
information and working
with others towards that
goal was exciting to me.
As a result, I decided to
work towards my CISSP, which
led me to some new job
opportunities at my company.
And I was then able
to move into security.
At this point, if you've
been following along,
you've already
explored a variety
of concepts useful to
the security field,
including security
domains and networking.
I'm excited to join you during
the next part of the program.
We'll take it slow so
that you can understand
these topics in practical ways.
The focus of this course
is computing basics.
When you understand how the
machines in an organization's
system work, it helps you do
your job as a security analyst
more efficiently.
Part of your job as
a security analyst
is to keep systems protected
from possible attacks.
You're one of the first levels
of defense in protecting
an organization's data.
To do this effectively,
it's helpful to understand
how the system you're
protecting works.
In addition, you may need to
investigate events to help
correct errors in the system.
Being familiar with
Linux operating
system and its
associated commands
and also being able to interact
with an organization's data
through SQL will
help you with that.
In this course, you'll learn
about operating systems
and how they relate to
applications and hardware.
Next, you'll explore
the Linux operating
system in more detail.
Then you'll use the
Linux command line
within a security context.
Finally, we'll
discuss how you can
use SQL to query databases while
working as a security analyst.
I'm excited to explore all
of these topics with you.
Let's get started.
How many times a week
do you use a computer?
For some of us, the
answer might be a lot.
They're incredible machines
that let us do everything
from using specialized
applications when completing
a task at work to
sending emails to loved
ones in a distant place.
Have you ever thought about how
computers can do all of this?
Well, that's where
operating systems come in.
In this section, we'll learn
about common operating systems,
and we'll explore the main
functions of an operating
system.
Then we'll learn
the relationship
between operating systems,
applications, and hardware.
Finally, we'll compare
graphical user interfaces
and command-line interfaces.
The command-line
interface will be
an essential part of your
job as a security analyst.
Understanding operating systems
is an important foundation
for your career in security.
There's so much to explore.
Let's begin.
Devices like computers,
smartphones, and tablets
all have operating systems.
If you've used a desktop
or laptop computer,
you may have used the Windows
or macOS operating systems.
Smartphones and tablets run
on mobile operating systems,
like Android and iOS.
Another popular operating
system is Linux.
Linux is used in the
security industry.
And as a security
professional, it's
likely that you'll
interact with the Linux OS.
So what exactly is
an operating system?
It's the interface between the
computer hardware and the user.
The Operating System, or the
OS, as it's commonly called,
is responsible for making the
computer run as efficiently
as possible while also
making it easy to use.
"Hardware" may be
another new term.
Hardware refers to the physical
components of a computer.
The OS interface that
we now rely on every day
is something that early
computers didn't have.
In the 1950s, the biggest
challenge with early computers
was the amount of time it took
to run a computer program.
At the time, computers could
not run multiple programs
simultaneously.
Instead, people had to wait for
a program to finish running,
reset the computer, and
load up the new program.
Imagine having to turn your
computer on and off each time
you had to open a
new application.
It would take a long time
to complete a simple task
like sending an email.
Since then, operating
systems have evolved,
and we no longer have to worry
about wasting time in this way.
Thanks to operating systems
and their evolution,
today's computers
run efficiently.
They run multiple
applications at once,
and they also access
external devices
like printers,
keyboards, and mice.
Another reason why operating
systems are important
is that they help humans
and computers communicate
with each other.
Computers communicate
in a language
called binary, which
consists of zeros and ones.
The OS provides an interface
to bridge this communication
gap between the user
and the computer,
allowing you to interact with
the computer in complex ways.
Operating systems are critical
for the use of computers.
Likewise, OS security is also
critical for the security
of a computer.
This involves securing
files, data access, and user
authentication to help
protect and prevent
against threats, such as
viruses, worms, and malware.
Knowing how operating
systems work
is essential for completing
different security-related
tasks.
For example, as a
security analyst,
you may be responsible for
configuring and maintaining
the security of a system
by managing access.
You may also be responsible
for managing and configuring
firewalls, setting
security policies,
enabling virus
protection, and performing
auditing, accounting,
and logging
to detect unusual behavior.
All these tasks require
a deep understanding
of operating systems.
And as we continue
this course, we'll
explore operating systems
in greater detail.
Previously, you learned about
what operating systems are.
Now let's discuss how they work.
In this video, you'll
learn what happens
with an Operating System,
or OS, when someone
uses a computer for a task.
Think about when
someone drives a car.
They push the gas pedal,
and the car moves forward.
They don't need to pay
attention to all the mechanics
that allow the car to move.
Just like a car can't
work without its engine,
a computer can't work
without its operating system.
The job of an OS is to help
other computer programs
run efficiently.
The OS does this by taking
care of all the messy details
related to controlling the
computer's hardware so you
don't have to.
First, let's see what happens
when you turn on the computer.
When you press the
power button, you're
interacting with the hardware.
This boots the computer and
brings up the operating system.
Booting the computer means
that a special microchip
called the BIOS is activated.
On many computers
built after 2007,
the chip was
replaced by the UEFI.
Both BIOS and UEFI contain
booting instructions
that are responsible for
loading a special program called
the bootloader.
Then the bootloader is
responsible for starting
the operating system.
And just like that,
your computer is on.
As a security analyst,
understanding these processes
can be helpful for you.
Vulnerabilities can
occur in something
like a booting process.
Often, the BIOS is not scanned
by the antivirus software,
so it can be vulnerable
to malware infection.
Now that you learned how to
boot the operating system,
let's look at how
you and all users
communicate with the
system to complete a task.
The process starts
with you, the user.
And to complete tasks, you use
applications on your computer.
An application is a program
that performs a specific task.
When you do this, the
application sends your request
to the operating system.
From there, the operating
system interprets this request
and directs it to the
appropriate component
of the computer's hardware.
In the previous
video, we learned
that the hardware consists of
all the physical components
of the computer.
The hardware will
also send information
back to the operating
system, and this, in turn,
is sent back to the application.
Let's give a simple
overview of how
this works when you want
to use the calculator
on your computer.
You use your mouse to click
on the Calculator application
on your computer.
When you type in the number
you want to calculate,
the application communicates
with the operating system.
Your operating system
then sends the calculation
to a component of the hardware,
the Central Processing
Unit, or CPU.
Once the hardware does
the work of determining
the final number, it
sends the answer back
to your operating system.
Then it can be displayed in
your Calculator application.
Understanding this
process is helpful
when investigating
security events.
Security analysts should
be able to trace back
through this process flow
to analyze where a security
event could have occurred.
Just like a mechanic needs to
understand the inner workings
of a car more than
an average driver,
recognizing how
operating systems
work is important knowledge
for a security analyst.
Now we're ready to
discuss a different aspect
of your operating system.
Not only does the OS
interact with other parts
of your computer, but it's
also responsible for managing
the resources of the system.
This is a big task that
requires a lot of balance
to make sure all the
resources of the computer
are used efficiently.
Think of this like
the concept of energy.
A person needs energy to
complete different tasks.
Some tasks need more energy,
while others require less.
For example, going for a
run requires more energy
than watching TV.
A computer's OS also
needs to make sure
that it has enough energy
to function correctly
for certain tasks.
Running an antivirus
scan on your computer
will use more energy than using
the Calculator application.
Imagine your computer
is an orchestra.
Many different instruments, like
violins, drums, and trumpets,
are all part of the orchestra.
An orchestra also
has a conductor
to direct the flow of the music.
In a computer, the
OS is a conductor.
The OS handles resource
and memory management
to ensure the limited capacity
of the computer system
is used where it's needed most.
A variety of programs,
tasks, and processes
are constantly competing for
the resources of the Central
Processing Unit, or CPU.
They all have their own reasons
why they need memory, storage,
and input/output bandwidth.
The OS is responsible
for ensuring
that each program is allocating
and deallocating resources.
All this occurs in your
computer at the same time
so that your system
functions efficiently.
Much of this is hidden
from you as a user.
For example, your
browser's Task Manager
will list all of the tasks
that are being processed along
with their memory and CPU usage.
As an analyst, it's
helpful to know where
a system's resources are used.
Understanding usage
of resources can
help you respond to an incident
and troubleshoot applications
in the system.
For example, if a computer
is running slowly,
an analyst might discover
it's allocating resources
to malware.
A basic understanding of
how operating systems work
will help you better understand
the security skills you will
learn later in this program.
Now that you've learned the
inner workings of computers,
let's discuss how users and
operating systems communicate
with each other.
So far, you've learned
that a computer
has an operating system,
hardware, and applications.
Remember the operating
system communicates
with the hardware
to execute tasks.
In this video, you'll
learn how the user--
that's you-- interacts with
the operating system in order
to send tasks to the hardware.
The user communicates
with the operating system
via an interface.
A user interface
is a program that
allows the user to control
the functions of the operating
system.
Two user interfaces
that we'll discuss
are the Graphical User
Interface, or GUI,
and the Command-Line
Interface, or CLI.
Let's cover these
interfaces in more detail.
A GUI a user interface
that uses icons
on the screen to
manage different tasks
on the computer.
Most operating systems can
be used with a graphical user
interface.
If you've used a personal
computer or a cell phone,
you have experienced
operating a GUI.
Most GUIs include these
components-- a start menu
with program groups, a taskbar
for launching programs,
and a desktop with
icons and shortcuts.
All these components help
you communicate with the OS
to execute tasks.
In addition to clicking on
icons, when you use a GUI,
you can also search for
files or applications
from the Start menu.
You just have to remember the
icon or name of the program
to activate an application.
Now let's discuss the
command-line interface.
In comparison, the
Command-Line Interface, or CLI,
is a text-based user
interface that uses commands
to interact with the computer.
These commands communicate
with the operating system
and execute tasks
like opening programs.
The command-line interface
is a much different structure
than the graphical
user interface.
When you use a CLI,
you'll immediately
notice a difference.
There are no icons or
graphics on the screen.
The command-line interface
looks similar to lines of code
used in certain text languages.
A CLI is more flexible and
more powerful than a GUI.
Think about using a CLI
like creating whatever meal
you'd like from ingredients
bought at a grocery store.
This gives you a lot of
control and customization
about what you're going to eat.
In comparison, using the GUI
is more like ordering food
from a restaurant.
You can only order
what's on the menu.
If you want both a
noodle dish and pizza,
but the first restaurant
you go to only has pizza,
you'll have to go to
another restaurant
to order the noodles.
With a graphical user interface,
you must do one task at a time.
But the command-line
interface allows
for customization,
which lets you complete
multiple tasks simultaneously.
For example, imagine
you have a folder
with hundreds of files
of different file types,
and you need to move only the
JPEG files to a new folder.
Think about how slow
and tedious this
would be as you use a
GUI to find each JPEG
file in this folder and
move it into the new one.
On the other hand,
the CLI would allow
you to streamline this process
and move them all at once.
As you can see, there are very
big differences in these two
types of user interfaces.
As a security analyst,
some of your work
may involve
command-line interface.
When analyzing logs or
authenticating and authorizing
users, security
analysts commonly
use a CLI in their
everyday work.
In this video, we discussed
two types of user interfaces.
You learned that you
already have experience
using a graphical
user interface,
as most personal computers
and cell phones use a GUI.
And you were introduced to
the command-line interface.
Later in the program, you'll
learn how to use a CLI in Linux
and how relevant it is to
your daily work as a security
analyst.
You'll get practical
experience communicating
through the command line.
Pretty exciting, right?
We did it.
What a great
section of learning.
The best thing is that we
did this together and covered
some very useful topics.
Let's recap this
section's lessons.
As a security analyst,
it's important
that you understand the systems
that you're working with.
Understanding computer basics
will help you do your job more
effectively and efficiently.
In this section, we covered
common operating systems.
We also discussed
the main functions
of an operating system.
Importantly, you learned
about the relationship
between operating systems,
applications, and hardware.
It was nice to learn
how they flow together
like an orchestra.
In addition, you learned
about the differences
between the graphical
user interface
and the command-line interface.
Understanding the
command-line interface
will be very important
for your work.
I enjoyed exploring the world
of operating systems with you.
Knowing how operating
systems work
is an important
step in preparing
for a position as
a security analyst.
You are doing great.
Let's keep moving forward
with this program.
In the next section,
we'll focus specifically
on the Linux operating system.
Welcome back.
We have another important
topic to explore.
Previously, you learned about
operating systems and user
interfaces.
You learned how
operating systems work
and how resources are
allocated in computers.
We also reviewed several
common operating systems.
You may already have a
favorite operating system.
It's common to hear that people
are fans of one over another.
But in the security world,
Linux is commonly used.
In this section,
you'll be learning more
about the Linux operating
system and how it's used
in everyday tasks in security.
First, you'll learn about
the architecture of Linux.
After this, we'll compare
the different distributions
of Linux that are available.
Lastly, you'll explore
the shell, a key Linux
component that allows you to
communicate with the system.
I remember when I first
learned about the Linux OS,
and I'm really happy to
explore it with you now.
You might have seen or heard
the name "Linux" in the past,
but did you know Linux is
the most used operating
system in security today?
Let's start by taking
a look at Linux
and how it's used in security.
Linux is an open-source
operating system.
It was created in two parts.
In the early 1990s,
two different people
were working separately
on projects to improve
computer engineering.
The first person
was Linus Torvalds.
At the time, the Unix operating
system was already in use.
He wanted to improve
it and make it
open source and
accessible to anyone.
What was revolutionary
was this introduction
of the Linux kernel.
We're going to learn what
the kernel does later.
Around the same time,
Richard Stallman
started working on GNU.
GNU was also an operating
system based on Unix.
Stallman shared Torvalds'
goal of creating software that
was free and open to anyone.
After working on
GNU for a few years,
the missing element for the
software was the kernel.
Together, Torvalds and
Stallman's innovations
made what is commonly
referred to as Linux.
Now that you've learned
the history behind Linux,
let's take a look at
what makes Linux unique.
As mentioned before,
Linux is open source,
meaning anyone can have
access to the operating
system and the source code.
Linux and many of the
programs that come with Linux
are licensed under the
terms of the GNU Public
License, which allow you to use,
share, and modify them freely.
Thanks to Linux's open
source philosophy, as well as
a strong feature set, an
entire community of developers
has adopted this
operating system.
These developers are able
to collaborate on projects
and advance computing together.
As a security analyst,
you'll discover
that Linux is used at
different organizations.
More specifically, Linux is
used in many security programs.
Another unique
feature about Linux
is the different
distributions or varieties
that have been developed.
Because of the large
community contribution,
there are over 600
distributions of Linux.
Later, you'll learn more
about distributions.
Finally, let's
take a look at how
you would use Linux in an
entry-level security position.
As a security analyst, you'll
use many tools and programs
in everyday work.
You might examine
different types of logs
to identify what's
going on in a system.
For example, you
might find yourself
looking at an error log
when investigating an issue.
Another place where
you will use Linux
is to verify access and
authorization in an identity
and access management system.
In security, managing
access is key in order
to ensure a secure system.
We'll take a closer look into
access and authorization later.
Finally, as an
analyst, you might
find yourself working with
specific distributions designed
for a particular task.
For example, you might
use a distribution
that has a digital forensic
tool to investigate what
happened in an event alert.
You might also
use a distribution
that's for pen testing
in offensive security
to look for vulnerabilities
in the system.
Distributions are created to
fit the needs of their users.
I hope you're excited to
learn more about Linux.
This will be a very useful
skill in the security field.
Let me start with a
quick question that
may seem unrelated to security.
Do you have a favorite building?
And what is it about
its architecture
that impresses you the most?
The windows?
The structure of the walls?
Just like buildings,
operating systems
also have an architecture
and are made up
of discrete components that
work together to form the whole.
In this video, we're going
to look at all the components
that together make up Linux.
The components of Linux
include the user, applications,
the shell, the file system
hierarchy standard, the kernel,
and the hardware.
Don't worry.
We'll go into these components
one by one together.
First, you're the user.
The user is the person
interacting with the computer.
In Linux, you're the first
element to the architecture
of the operating system.
You're initiating
the tasks or commands
that the OS is going to execute.
Linux is a multi-user system.
This means that more than
one user can use a system's
resources at the same time.
The second element
of the architecture
is the applications
within a system.
An application is a
program that performs
a specific task, such as a
word processor or a calculator.
You might hear the word
"application" and "programs"
used interchangeably.
As an example, one
popular Linux application
that we'll learn more
about later is nano.
Nano is a text editor.
This simple application helps
you keep notes on the screen.
Linux applications are
commonly distributed
through package managers.
We'll learn more about
this process later.
The next component in
the architecture of Linux
is a shell.
This is an important
element because it
is how you will communicate
with the system.
The shell is a
command-line interpreter.
It processes commands
and outputs the results.
This might sound familiar.
Previously, we learned about the
two types of user interfaces,
the GUI and the CLI.
You can think of
the shell as a CLI.
Another element of the
architecture of Linux
is a Filesystem Hierarchy
Standard, or FHS.
It's the component of the
Linux OS that organizes data.
An easy way for you
to think about the FHS
is to think about it as
a filing cabinet of data.
The FHS is how data
is stored in a system.
It's a way to organize
data so that it
can be found when the data
is accessed by the system.
That brings us to the kernel.
The kernel is a
component of the Linux OS
that manages
processes and memory.
The kernel communicates
with the hardware
to execute the commands
sent by the shell.
The kernel uses
drivers to enable
applications to execute tasks.
The Linux kernel helps
ensure that the system
allocates resources
more efficiently
and makes the
system work faster.
Finally, the last component
of the architecture
is the hardware.
Hardware refers to the physical
components of a computer.
You can compare this to
software applications, which can
be downloaded into a system.
The hardware in your computer
are things like the CPU, mouse,
and keyboard.
Congratulations.
We've now covered the
architecture of Linux.
An understanding
of these components
will help you
become increasingly
familiar with Linux.
Let's learn a little
bit more about Linux
and what you need to know
about this operating system
when working as a
security analyst.
Linux is a very customizable
operating system.
Unlike other operating
systems, there
are different versions
available for you to use.
These different versions of
Linux are called distributions.
You might also hear them
called "distros" or "flavors
of Linux."
It's essential for you to
understand the distribution
that you're using so you
know what tools and apps are
available to you.
For example, Debian
is a distro that
has different tools than
the Ubuntu distribution.
Let's use an analogy to
describe Linux distributions.
Think of the OS as a vehicle.
First, we'll start
with its engine.
That would be the kernel.
Just as the engine
makes the vehicle run,
the kernel is the most important
component of the Linux OS.
Because the Linux
kernel is open source,
anyone can take the
kernel and modify
it to build a new distribution.
This is comparable to a vehicle
manufacturer taking an engine
and creating different types of
vehicles-- trucks, cars, vans,
convertibles, buses,
airplanes, and so on.
These different
types of vehicles
can be compared to different
Linux distributions.
A bus is used to
transport lots of people.
A truck is used to transport
a large number of goods
across vast distances.
An aircraft transports
passengers or goods by air.
Just as each vehicle
serves its own purpose,
different distributions are
used for different reasons.
Additionally, vehicles all
have different components
which distinguish
them from each other.
Aircrafts have control panels
with buttons and knobs.
Regular cars have four tires,
but trucks can have more.
Similarly, different
Linux distributions
contain different preinstalled
programs, user interfaces,
and much more.
A lot of this is based on
what the Linux user needs,
but some distros are
also chosen based
on preference, the same
way a sports car might
be chosen as a vehicle.
The advantage of
using Linux as an OS
is that you can customize it.
Distributions include the
Linux kernel, utilities,
a package management
system, and an installer.
We learned earlier that
Linux is open source,
and anyone can contribute to
adding to the source code.
That is how new
distributions are created.
All distros are derived
from another distro,
but there are a few
that are considered
parent distributions.
Red Hat is a parent of
CentOS, and Slackware
is the parent of SUSE.
Both Ubuntu and Kali Linux
are derived from Debian.
As we continue, we're
going to take a look
at some of the distributions
most commonly used
by security analysts.
The more you understand
these distributions,
the easier your work will be.
In this section, we're
going to cover a Linux
distribution that's
widely used in security
and discuss Kali Linux.
Kali Linux is a trademark
of offensive security
and is Debian derived.
This open-source distro
was made specifically
with penetration testing and
digital forensics in mind.
There are many tools
preinstalled into Kali Linux.
It's important to note
that Kali Linux should
be used on a virtual machine.
This prevents damage to
your system in the event
its tools are used improperly.
An additional benefit is
that using a virtual machine
gives you the ability to
revert to a previous state.
As security professionals
advance in their careers,
some specialize in
penetration testing.
A penetration test
is a simulated attack
that helps identify
vulnerabilities
in systems, networks, websites,
applications, and processes.
Kali Linux has
numerous tools that
are useful during
penetration testing.
Let's look at it a few examples.
To begin, Metasploit can be
used to look for and exploit
vulnerabilities on machines.
Burp Suite is another
tool that helps
to test for weaknesses
in web applications.
And finally, John the Ripper is
a tool used to guess passwords.
As a security analyst,
your work might
involve digital forensics.
Digital forensics
is the practice
of collecting and analyzing
data to determine what
has happened after an attack.
For example, you might
take an investigative look
at data related to
a network activity.
Kali Linux is also a
useful distribution
for security professionals
who are involved
in digital forensic work.
It has a large number of tools
that can be used for this.
As one example, tcpdump is a
command-line packet analyser.
It's used to capture
network traffic.
Another tool commonly used
in the security profession
is Wireshark.
It has a graphical
user interface
that can be used to analyze live
and captured network traffic.
And as a final example,
Autopsy is a forensic tool
used to analyze hard
drives and smartphones.
These are just a few tools
included with Kali Linux.
This distribution
has many tools used
to conduct pen testing
and digital forensics.
We've explored how Kali Linux
is an important distribution
that's widely used in
security, but there
are other distributions
that security professionals
use as well.
Next, we'll explore a
few more distributions.
Welcome back.
In this video, we're going
to discuss the Linux shell.
This part of the
Linux architecture
is where the action will happen
for you as a security analyst.
We introduced the shell with
other components of the Linux
OS earlier, but let's
take a deeper look
at what the shell
is and what it does.
The shell is the
command-line interpreter.
That means it helps
you communicate
with the operating system
through the command line.
Previously, we discussed
the command-line interface.
This is essentially the shell.
The shell provides the
command-line interface for you
to interact with the OS.
To tell the OS what to
do, you enter the commands
into this interface.
A command is an instruction
telling the computer
to do something.
The shell communicates
with the kernel
to execute these commands.
Earlier, we discussed
how the operating system
helps humans and computers
speak with each other.
The shell is part of the OS
that allows you to do this.
Think of this as a very
helpful language interpreter
between you and your system.
Since you do not speak
computer language, or binary,
you can't directly
communicate with your system.
This is where the shell
comes in to help you.
Your OS doesn't need a
shell for most of its work,
but it is an
interface between you
and what your system can offer.
It allows you to
perform math, run tests,
and execute applications.
More importantly, it allows
you to combine these operations
and connect applications
to each other
to perform complex
and automated tasks.
Just as there are many
Linux distributions,
there are many different
types of shells.
We'll primarily focus on the
Bash shell in this course.
Let's continue to learn
more about the shell.
Hello again.
In this video,
we're going to learn
a little more about the shell
and how to communicate with it.
Communicating with a computer
is like having a conversation
with your friend.
One person asks a question,
and the other person
answers with a response.
If you don't know the
answer, you can just
say you don't know the answer.
When you communicate
with the shell,
the commands in the shell
can take input, give output,
or give error messages.
Let's explore standard input,
standard output, and the error
messages in more detail.
Standard input consists
of information received
by the OS via the command line.
This is like you asking
your friend a question
during a conversation.
The information is input from
your keyboard to the shell.
If the shell can
interpret your request,
it asks the kernel for
the resources it needs
to execute the related task.
Let's take a look at
this through echo,
a Linux command that outputs
a specified string of text.
String data is data consisting
of an ordered sequence
of characters.
In our example,
we'll just have it
output the string of "hello."
So as input, we'll type
"echo hello" into the shell.
Later, when we press Enter,
we'll get the output.
But before we do that, let's
first discuss the concept
of output in more detail.
Standard output is the
information returned by the OS
through the shell.
In the same way that your
friend gives an answer
to your question, output
is a computer's response
to the command you input.
Output is what you receive.
Let's pick up where we
left off in our example
and send the input of
"echo hello" to the OS
by pressing Enter.
Immediately, the shell
returns the output of "hello."
Finally, standard error
contains error messages returned
by the OS through the shell.
Just like your
friend might indicate
that they can't
answer a question,
the system responds
with an error message
if they can't respond
to your command.
Sometimes this might
occur when we misspell
a command or the
system doesn't know
the response to the command.
Other times, it might
happen because we
don't have the appropriate
permissions to perform
a command.
We'll explore
another example that
demonstrates standard error.
Let's input "eco
hello" into the shell.
Notice I intentionally
misspelled
"echo" as E-C-O.
When we press Enter,
an error message appears.
To wrap up, we've covered
the basics of communication
with the shell.
Communication with the shell can
only go in one of three ways.
The system receives a command.
This is input.
The system responds to the
command and produces output.
And finally, the
system doesn't know
how to respond,
resulting in an error.
Later, you'll become much
more familiar with this
as we explore commands useful
for security professionals.
We've made it to the
end of this section.
Great work.
Let's recap what
you've just completed.
In this section, you learned
about the Linux operating
system.
We examined the
architecture of Linux.
In our exploration of the
different distributions
of Linux, we discussed some of
the most widely used distros
in security.
You were introduced to Kali
Linux, Ubuntu, Parrot, Red Hat,
and CentOS distributions.
Finally, you learned about
the shell and its role
as an interpreter between the
user and operating system.
Congratulations.
You're doing great, and we have
more useful topics to come.
In the next part of
the program, you'll
learn specific commands to use
within the shell while working
as a security analyst.
Let's continue on.
Learning to communicate in
a new way can be exciting.
Maybe you've learned
a new language
and can remember this feeling.
Perhaps a lot of us share this
excitement with young children
as they are expanding
their vocabulary.
Others, including me,
remember a sense of wonder
when we first used a
specialized language
to communicate with a computer.
In this section, we'll continue
to learn more about Linux
and how to communicate with
the OS through its shell.
You'll utilize the command line
to communicate with the OS.
You'll learn how to input
commands in the shell
and learn about some of
the core Linux commands
that you'll use as
a security analyst.
Specifically, this includes
navigating and managing
the file system.
You'll also focus on
authenticating and authorizing
users.
This means you'll be
able to use a command
line to add and delete
users from the system
and to control what
they have access to.
Finally, there's
always more to learn,
so we'll cover accessing
resources that support
learning new Linux commands.
I remember when I first
learned about the command line
and was shocked at the
capabilities it provided.
I didn't need to click
through multiple screens
to get tasks done.
Although it took some practice
and time to get used to,
it has been one of the
biggest tools at my disposal.
After this action, you'll
have a practical experience
in an area important to the
work of a security analyst--
using Linux commands.
Welcome back.
Before we get into
specific Linux commands,
let's explore in more detail
the basics of communicating
with the OS through the shell.
Being able to utilize
Linux commands
is a foundational skill for
all security professionals.
As a security analyst,
you'll work with server logs,
and you'll need to know how to
navigate, manage, and analyze
files remotely without a
graphical user interface.
In addition, you'll need to
know how to verify and configure
users during group access.
You'll also need to give
authorization and set
file permissions.
That means that developing
skills with the command line
is essential for your work
as a security analyst.
When we learned about
the Linux architecture,
we learned that the shell is
one of the main components
of the operating system.
We also learned that there
are different shells.
In this section, we'll
utilize the Bash shell.
Bash is the default shell
in most Linux distributions.
For the most part,
the key Linux commands
that you'll be learning
in this section
are the same across shells.
Now that you know what
shell you'll be using,
let's go into how
to write in Bash.
As we discussed in
the previous section,
communicating with your
OS is like a conversation.
You type in commands, and the
OS responds with an answer
to your command.
A command is an instruction
telling the computer
to do something.
We'll try out a command in Bash.
Notice a dollar sign
before the cursor.
This is your prompt to
enter a new command.
Some commands might tell the
computer to find something
like a specific file.
Others might tell it
to launch a program.
Or it might be to output
a specific string of text.
In the last section, when we
discussed input and output,
we explored how the
echo command did this.
Let's input the
echo command again.
You may notice that the command
we just input is not complete.
If we're going to use the
echo command to output
a specific string
of text, we need
to specify what the
string of text is.
This is what arguments are for.
An argument is
specific information
needed by a command.
Some commands take
multiple arguments.
So now let's complete the
echo command with an argument.
We're learning some
pretty technical stuff,
so how about we output the
words, "You are doing great!"?
We'll add this
argument, and then we'll
press Enter to get the output.
In this example, our argument
was a string of text.
Arguments can provide other
types of information as well.
One thing that is really
important in Linux
is that all commands and
arguments are case sensitive.
This includes file
and directory names.
Keep that in mind as
you learn more about
how to use Linux in
your day-to-day tasks
as a security analyst.
OK, now that we've covered
the basics of entering Linux
commands and arguments
through the Bash shell,
we're ready to learn
some specific commands.
This is exciting, so let's
get to our next video.
Welcome back.
I hope you're learning a
lot about how to communicate
with the Linux OS.
As we continue our journey into
utilizing the Linux command
line, we'll focus on how to
navigate the Linux file system.
Now, I want you
to imagine a tree.
What did you notice
first about the tree?
Would you say the
trunk or the branches?
These might definitely
get your attention,
but what about its roots?
Everything about a tree
starts in the roots.
Something similar happens when
we think about the Linux file
system.
Previously, we learned
about the components
of the Linux architecture.
The Filesystem Hierarchy
Standard, or FHS,
is a component of the Linux
OS that organizes data.
This file system is a very
important part of Linux
because everything
we do in Linux
is considered a file somewhere
in the system's directory.
The FHS is a
hierarchical system,
and just like with
a tree, everything
grows and branches
out from the root.
The root directory is the
highest-level directory
in Linux.
It's designated
by a single slash.
Subdirectories branch off
from the root directory.
The subdirectories branch
out further and further away
from the root directory.
When describing the
directory structure in Linux,
slashes are used when tracing
back through these branches
to the root.
For example, here,
the first slash
indicates the root directory.
Then it branches out a level
into the home subdirectory.
Another slash indicates
it is branching out again.
This time, it's to the
analyst subdirectory
that is located within home.
When working in
security, it is essential
that you learn to
navigate a file
system to locate and analyze
logs, such as log files.
You'll analyze these log
files for application usage
and authentication.
With that background,
we're now ready to learn
the commands commonly used for
navigating the file system.
First, pwd prints the working
directory onto the screen.
When you use this
command, the output
tells you which directory
you're currently in.
Next, ls displays the names
of files and directories
in the current
working directory.
And finally, cd navigates
between directories.
This is the command
you'll use when
you want to change directories.
Let's use these
commands in Bash.
First, we'll type
the command pwd
to display the current
location and then press Enter.
The output is the path
to the analyst directory,
where we're currently working.
Next, let's input ls to display
the files and directories
within the analyst directory.
The output is the name of
four directories-- logs,
oldreports, projects,
and reports,
and one file name, updates.txt.
So let's say we now want to
go into the logs directory
to check for
unauthorized access.
We'll input "cd logs"
to change directories.
We won't get any output on the
screen from the cd command.
But if we enter pwd
again, its output
indicates the working
directory is logs.
Logs is a subdirectory
of the analyst directory.
As a security
analyst, you'll also
need to know how to read
file content in Linux.
For example, you
may need to read
files that contain configuration
settings to identify
potential vulnerabilities.
Or you might look at
user access reports
while investigating
unauthorized access.
When reading file content,
there are some commands
that will help you.
First, cat displays
a content of a file.
This is useful,
but sometimes you
won't want the full
contents of a large file.
In these cases, you can
use the head command.
It displays just the
beginning of a file,
by default, 10 lines.
Let's try out these commands.
Imagine that we want to read
the contents of access.txt,
and we're already in the working
directory where it's located.
First, we input the
cat command and then
follow it with the name
of the file, access.txt.
And Bash returns the full
contents of this file.
Let's compare that
to the head command.
When we input the head command
followed by our file name,
only the first 10 lines of
this file are displayed.
Wow.
This section have
lots of action,
and it's just the beginning.
I'm glad you learned how
security analysts can
use essential commands
to navigate the system.
Next, we'll explore how
to manage the system.
Now that we covered
pwd, ls, and cd
and are familiar with these
basic commands for navigating
the Linux file system, let's
look at a couple of ways
to find what you need
within this system.
As a security analyst, your work
will likely involve filtering
for the information you need.
Filtering means
searching your system
for specific information
that can help
you solve complex problems.
For example, imagine
that your team
determines a piece
of malware contains
a string of characters.
You might be tasked
with finding other files
with the same
string to determine
if those files contain
the same malware.
Later, we'll learn
more about how
you can use SQL to
filter a database,
but Linux is a good place
to start basic filtering.
First, we'll start with grep.
The grep command
searches a specified file
and returns all lines in the
file containing a specified
string.
Here's an example of this--
let's say we have a
file called updates.txt,
and we're currently
looking for lines
that contain the word "OS."
If the file is large, it
would take a long time
to visually scan for this.
Instead, after navigating
to the directory that
contains updates.txt, we'll
type the command "grep OS
updates.txt" into the shell.
Notice how the grep command
is followed by two arguments.
The first argument
is a string we're
searching for, in this case.
"OS."
The second argument is
the name of the file we're
searching through, updates.txt.
When we press Enter,
Bash returns all lines
containing the word "OS."
Now let's talk about piping.
Piping is a Linux
command that can be
used for a variety of purposes.
In a moment, we'll focus on how
it can be used for filtering.
But first, let's talk about
the general idea of piping.
The piping command sends
the standard output
of one command as standard
input into another command
for further processing.
It's represented by the
vertical bar character.
In our context, we can refer
to this as the pipe character.
Take a moment and
imagine a physical pipe.
Physical pipes have two ends.
On one end, for example,
water might enter the pipe
from a hot water tank.
Then it travels through
the pipe and comes out
on the other end in a sink.
Similarly, in Linux, piping
also involves redirection.
Output from one command
is sent through the pipe
and then is used on the
other side of the pipe.
Earlier in this
video, I explained
how grep can be used
to filter for strings
of characters within a file.
Grep can also be
incorporated after a pipe.
Let's focus on this example.
The first command, ls,
instructs the operating system
to output the file and directory
contents of the reports
subdirectory.
But because the command
is followed by the pipe,
the output isn't
returned to the screen.
Instead, it's sent
to the next command.
As we just learned, grep
searches for a specified string
of characters.
In this case, it's "users."
But where is it searching?
Since grep follows a pipe, the
output of the previous command
indicates where to search.
In this case, that
output is a list
of files and directories within
the reports subdirectory.
It will return all
files and directories
that contain the word "users."
OK, let's explore this in Bash.
So we can better
understand how the filter
works, let's first output
everything in the reports
directory.
If we were already
in the directory,
we would just need to input ls.
But since we're not, we'll
also specify the path
to this directory.
When we press Enter,
the output indicates
there are seven files in
the reports directory.
Because we want to return
only the files that
contain the word "users,"
we'll combine this ls command
with piping and
the grep command.
As the output
demonstrates, Linux
has been instructed to
return only files that
contain the word "users."
The two files that don't contain
the string no longer appear.
So now you have
two different ways
that you can filter in Linux
while working as an analyst.
Navigating through
files and filtering
are just part of what
you need to know.
Let's keep exploring
the Linux command line.
Let's make some branches.
What do I mean by that?
Well, in a previous video,
we discussed root directories
and how other
subdirectories branch off
of the root directory.
Let's think again about the
file directory system as a tree.
The subdirectories are
the branches of the tree.
They are all connected
from the same root
but can grow to
make a complex tree.
In this video, we'll create
directories and files
and learn how to modify them.
When it comes to working
with data in security,
organization is key.
If we know where
information is located,
it makes it easier to detect
issues and keep information
safe.
In a previous
video, we've already
discussed navigating
between directories,
but let's take a moment
to examine directories
more closely.
It's possible you're familiar
with the concept of folders
for organizing information.
In Linux, we have directories.
Directories help organize
files and subdirectories.
For example, within a
directory for reports,
an analyst may need to create
two subdirectories, one
for drafts and one
for final reports.
Now that we know why we
need directories, let's
take a look at some essential
Linux commands for managing
directories and files.
First, let's take
note of commands
for creating and
removing directories.
The mkdir command
creates a new directory.
In contrast, rmdir removes
or deletes a directory.
A helpful feature
of this command
is its built-in warning that
lets a directory is not empty.
This saves you from
accidentally deleting files.
Next, you'll use other commands
for creating and removing
files.
The touch command
creates a new file,
and then the rm command
removes or deletes a file.
And last, we have our commands
for copying and moving
files or directories.
The mv command moves a file or
directory to a new location,
and cp copies a file or
directory into a new location.
OK, now we're ready to
try out these commands.
First, let's use a pwd
command, and then let's
display the names of the files
and directories in the analyst
directory with the ls command.
Imagine that we no longer need
the oldreports directory that
appears among the file contents.
Let's take a look
at how to remove it.
We input the rmdir
command and follow it
with the name of the directory
we want to remove, oldreports.
We can use the ls
command to confirm
that oldreports has been
deleted and no longer appears
among the contents.
Now let's make another change.
We want a new directory
for drafts of reports.
So we need to use a command,
mkdir, and specify a name
for this directory, drafts.
If we input ls
again, we'll notice
the new directory, drafts,
included among the contents
of the analyst directory.
Let's change into
this new directory
by entering "cd drafts."
If we run ls, it doesn't
return any output,
indicating that this
directory is currently empty.
But next, we'll add
some files to it.
Let's say we want to draft
new reports on recently
installed email and OS patches.
To create these files, we
input "touch email_patches.txt"
and then "touch OS_patches.txt."
Running ls indicates
that these files are now
in the drafts directory.
What if we realize
that we only need
a new report on OS patches,
and we want to delete
the email patches report?
To do this, we input the rm
command and specify the files
to delete as email_patches.txt.
Running ls confirms
that it's been deleted.
Now, let's focus on our
commands for moving and copying.
We realize that we have a
file called email_policy
in the reports folder that
is currently in draft format.
So we want to move it into the
newly created drafts folder.
To do this, we need to change
into the directory that
currently has that file.
Running ls in that directory
indicates that it contains
several files, including
email_policy.txt.
Then to move that file,
we'll enter the mv command,
followed by two arguments.
The first argument after
mv identifies the file
to be moved.
The second argument
indicates where to move it.
If we change
directories into drafts
and then display
its contents, we'll
notice that the
email_policy file has
been moved to this directory.
We'll change back into reports.
Displaying the file contents
confirms that email_policy
is no longer there.
OK, one more thing--
vulnerabilities.txt
is a file that we
want to keep in the
reports directory.
But since it affects
an upcoming project,
we also want to copy it
into the project directory.
Since we're already in the
directory that has this file,
we'll use a cp command to copy
it into the projects directory.
Notice that the first argument
indicates which file to copy,
and the second argument provides
the path to the directory
that it will be copied into.
When we press Enter, this
copies the vulnerabilities
file into the projects directory
while also leaving the original
within reports.
Isn't it cool what we can
do with these commands?
Now let's focus on
one more concept
related to modifying files.
In addition to
using commands, you
can also use applications
to help you edit files.
As a security
analyst, file editors
are often necessary
for your daily tasks,
like writing or editing reports.
A popular file editor is nano.
It's good for beginners.
You can access this tool
through the nano command.
Let's get familiar
with nano together.
We'll add a title to our new
draft report, OS_patches.txt.
First, we change into the
directory containing that file.
Then we input "nano" followed
by the name of the file we want
to edit, OS_patches.txt.
This brings up the nano file
editor with that file open.
For now, we'll just enter
the title, "OS Patches,"
by typing this into the editor.
We need to save this before
returning to the command line.
And to do so, we press
Control-O and then
Enter to save it with
the current file name.
Then to exit, we
press Control-X.
Great work.
We've covered a lot of topics
here from creating and removing
directories and files to
copying or moving them,
and just now, we've
added editing files.
You're well on your way to
learning Linux commands.
Hi there.
It's great to have you back.
Let's continue to learn
more about how to work
in Linux as a security analyst.
In this video, we'll explore
file and directory permissions.
We'll learn how Linux
represents permissions
and how you can check the
permissions associated
with files and directories.
Permissions are the
type of access granted
for a file or directory.
Permissions are related
to authorization.
Authorization is the
concept of granting access
to specific resources
in a system.
Authorization allows you to
limit access to specified files
or directories.
A good rule to follow
is that data access
is on a need-to-know basis.
You can imagine
the security risk
it would impose if anyone
could access or modify anything
they wanted to on a system.
There are three types
of permissions in Linux
that an authorized
user can have.
The first type of
permission is read.
On a file, read permissions
means contents on the file
can be read.
On a directory, this
permission means
you can read all files
in that directory.
Next are write permissions.
Write permissions on a
file allow modifications
of contents of the file.
On a directory,
write permissions
indicate that new files can
be created in that directory.
Finally, there are also
execute permissions.
Execute permissions
on files mean
that the file can be executed
if it's an executable file.
Execute permissions
on directories
allow users to enter into a
directory and access its files.
Permissions are granted
for three different types
of owners.
The first type is the user.
The user is the
owner of the file.
When you create a file, you
become the owner of the file,
but the ownership
can be changed.
Group is the next type.
Every user is a part
of a certain group.
A group consists
of several users,
and this is one way to manage
a multi-user environment.
Finally, there is other.
Other can be considered all
other users on the system.
Basically, anyone else
with access to this system
belongs to this group.
In Linux, file permissions
are represented
with a 10-character string.
For a directory with full
permissions for the user group,
this string would be drwxrwxrwx.
Let's examine what this
means more closely.
The first character
indicates the file type.
As shown in this
example, d is used
to indicate it is a directory.
If this character
contained a hyphen instead,
it would be a regular file.
The second, third,
and fourth characters
indicate the permissions
for the user.
In this example, r indicates
the user has read permissions,
w indicates the user
has write permissions,
and x indicates the user
has execute permissions.
If one of these
permissions was missing,
there would be a hyphen
instead of the letter.
In the same way, the fifth,
sixth, and seventh characters
indicate permissions for
the next owner type, group.
As it shows here,
the type group also
has read, write, and
execute permissions.
There are no hyphens to indicate
that any of these permissions
haven't been granted.
Finally, the 8th
through 10th characters
indicate permissions for
the last owner type, other.
They also have read, write,
and execute permissions
in this example.
Ensuring files and
directories are
set with the appropriate
access permissions
is critical to protecting
sensitive files
and maintaining the overall
security of a system.
For example, payroll departments
handle sensitive information.
If someone outside
of the payroll group
could read this file, this
would be a privacy concern.
Another example is when the
user, the group, and other
can all write to a file.
This type of file is considered
a world-writable file.
World-writable files can pose
significant security risks.
So how do we check permissions?
First, we need to
understand what options are.
Options modify the
behavior of the command.
The options for a command can be
a single letter or a full word.
Checking permissions
involves adding options
to the ls command.
First, ls -l
displays permissions
to files and directories.
You might also want to
display hidden files
and identify the permissions.
Hidden files, which begin with
a period before their name,
don't normally appear
when you use ls
to display file contents.
Entering ls -a
displays hidden files.
Then you can combine these
two options to do both.
Entering ls -la
displays permissions
to files and directories,
including hidden files.
Let's get into Bash and
try out these options.
Right now, we're in the
projects subdirectory.
First, let's use the ls command
to display its contents.
The output displays the
files in this directory,
but we don't know anything
about the permissions.
By using ls -l instead, we
get expanded information
on these files.
Let's do this.
The file names are now on
the right side of each row.
The first piece of
information in each row
shows the permissions
in the format
that we discussed earlier.
Since these are all files
and not directories,
notice how the first
character is a hyphen.
Let's focus on one specific
file, project1.txt.
The second through fourth
characters of its permissions
show us the user has both
read and write permissions
but lacks execute permissions.
In both the 5th
through 7th characters
and 8th through 10th
characters, the sequence is r--.
This means group and other
have only read privileges.
After the permissions, ls -l
first displays the username.
Here, that's us, analyst.
Next comes the group name, in
our case, the security group.
Now let's use ls -a.
The output includes
two more files,
hidden files with the names
.hidden1.txt and .hidden2.txt.
Finally, we can also
use ls -la to show
the permissions for all files,
including these hidden files.
I thought that was
pretty interesting.
Did you?
You now know a little more about
file permissions and ownership.
This will be helpful
when working in security
because monitoring and
setting correct permissions
is essential for
protecting information.
Take a small break and
meet me in the next video.
Hi there.
In the previous
video, you learned
how to check
permissions for a user.
In this video,
we're going to learn
about changing permissions.
When working as a
security analyst,
there may be many reasons to
change permissions for a user.
A user may have changed
departments or been assigned
to a different work group.
A user might simply no longer
be working on a project that
requires certain permissions.
These changes are
necessary in order
to protect system files
from being accidentally
or deliberately
altered or deleted.
Let's explore a related command
that helps control this access.
In this video, we'll
learn about chmod.
Chmod changes permissions
on files and directories.
The command chmod
stands for CHange MODe.
There are two modes for
changing permissions,
but we'll focus on symbolic.
The best way to learn
about how chmod works is
through an example.
I know this has
a lot of details,
but we'll break this down.
Also, please keep in mind
that, like many Linux commands,
you don't have to
memorize the information
and can always find a reference.
With chmod, you need to
identify which file or directory
you want to adjust
permissions for.
This is the final
argument, in this case,
a file named access.txt.
The first argument
added directly
after the chmod
command indicates
how to change permissions.
Right now, this might
seem hard to interpret,
but soon, we'll understand why
this is called symbolic mode.
Previously, we learned about
the three types of owners--
user, group, and other.
To identify these with chmod,
we use u to represent the user,
g to represent the group,
and o to represent other.
In this particular
example, g indicates
we will make some changes
to group permissions
and o to permissions for other.
These owner types are separated
by a comma in this argument,
but do we want to add or
take away permissions?
Well, for this, we use
mathematical operators.
So the plus sign
after g means we want
to add permissions for group.
And the minus sign
after o means we want
to take them away from other.
And the last question
is, what kind of changes?
We've already learned that r
represents read permissions,
w represents write
permissions, and x
represents execute permissions.
So in this case, the w
indicates that we are adding
write permissions to the group.
And r indicates that we are
taking away read permissions
from other.
This is still very complex, but
now that we've broken it down,
perhaps it doesn't seem quite
so much like a foreign language.
And remember, you don't
have to memorize this all.
Let's give this
new command a try.
We'll start out in
the logs subdirectory.
If we use the ls -l command,
it will output the permissions
for the file.
It shows the permissions for
the only file in this directory,
access.txt.
Previously, we learned how
to read these permissions.
The second through
fourth characters
indicate that the user has
read and write permissions.
The fifth through
seventh characters
show the group only
has read permissions.
And the 8th through
10th characters
show that other only
has read permissions.
We need to adjust
these permissions.
We want to ensure analysts
in the security group
have write permission but
take away read permissions
from the owner type other.
So we add write
permissions for group
and remove read
permissions for other.
Let's run ls -l again.
This shows a change in the
permissions for access.txt.
Notice how in the middle segment
of permissions for the group
w has been added to
give write permissions.
And another change
is that the r has
been removed in
the last segment,
indicating that read permissions
for other have been removed.
As mentioned earlier,
these hyphens
indicate a lack of permissions.
Now other is lacking
all permissions.
Though it requires
practice, working in Linux
becomes more natural with time.
I'm glad you're learning
a little more about how
to use Linux.
Welcome back.
In this video, we are going
to discuss adding and deleting
users.
This is related to the
concept of authentication.
Authentication is
the process of a user
proving that they are who they
say they are in the system.
Just like in a
physical building,
not all users should
be allowed in.
Not all users should get
access to the system.
But we also want to make sure
everyone who should have access
to the system has it.
That's why we need to add users.
New users can be new to the
organization or new to a group.
This could be
related to a change
in organizational
structure or simply
a directive for management
to move someone.
And also, when users
leave the organization,
they need to be deleted.
They should no
longer have access
to any part of the system.
Or if they simply
change groups, they
should be deleted
from groups that they
are no longer a part of.
Now that we've
sorted out why it's
important to add
and delete users,
let's discuss a different
type of user, the root user.
A root user, or superuser, is
a user with elevated privileges
to modify the system.
Regular users have limitations,
where the root does not.
Individuals who need to
perform specific tasks
can be temporarily
added as root users.
Root users can create,
modify, or delete any file
and run any program.
Only root users or accounts
with root privileges
can add new users.
So you may be wondering
how you become a superuser.
Well, one way is logging
in as the root user.
But running commands
as the root user
is considered to be bad
practice when using Linux.
Why is running
commands as the root
user potentially problematic?
The first problem with
logging in as root
is the security risks.
Malicious actors will try
to breach the root account.
Since it's the most powerful
account, to stay safe,
the root account should
have logins disabled.
Another problem is
that it's very easy
to make irreversible mistakes.
It's very easy to type the
wrong command in the CLI.
And if you're running
as a root user,
you run a higher risk of
making an irreversible mistake,
such as permanently
deleting a directory.
Finally, there's the
concern of accountability.
In a multi-user environment like
Linux, there are many users.
If a user is running
as root, there
is no way to track who
exactly ran a command.
One solution to help solve
this problem is sudo.
Sudo is a command
that temporarily
grants elevated permissions
to specific users.
This provides more of
a controlled approach
compared to root, which
runs every command with root
privileges.
Sudo solves lots of
problems associated
with running as root.
Sudo comes from
SuperUser DO and lets
you execute commands
as an elevated user
without having to sign in
and out of another account.
Running sudo will prompt you to
enter the password for the user
you're currently logged in as.
Not all users on a system
can become a superuser.
Users must be granted sudo
access through a configuration
file called the sudoers file.
Now that we've
learned about sudo,
let's learn how we can use
it with another command
to add users.
This command is useradd.
Useradd adds a
user to the system.
Only root or users
with sudo privileges
can use a useradd command.
Let's look at a specific example
in which we need to add a user.
We'll imagine a
new representative
is joining the sales
department and will be given
the username of salesrep7.
We're tasked with adding
them to the system.
Let's try adding the new user.
First, we need to use
a sudo command followed
by the useradd
command, and then last,
the username we want to add,
in this case, salesrep7.
This command doesn't display
anything on the screen.
But since we get a new
Bash cursor and not
an error message, we
can feel confident
that the command
worked successfully.
If it didn't, an error
message would have appeared.
Sometimes an error has to
do with something simple,
like misspelling useradd.
Or it might be because we
didn't have sudo privileges.
Now let's learn how
to do the opposite.
Let's learn how to delete
a user with userdel.
Userdel deletes a
user from the system.
Similarly, we need
root permissions
that we'll access through
sudo to use userdel.
Let's go back to our example
of the user we added.
Let's imagine, two months
later, the sales representative
we just added to the
system leaves the company.
That user should no longer
have access to the system.
Let's delete that
user from the system.
Again, the sudo
command is used first,
then we add the userdel command.
Last, we add the name of
the user we want to delete.
Again, we know it
ran successfully
because there is a new
Bash cursor and not
an error message.
Now, we've covered how
to add and delete users
and how these
actions require sudo.
When using sudo, we have
to use our best judgment.
These special privileges
must be used responsibly
to ensure a secure system.
There are so many
others just like you
who will be using
the command line.
Linux's popularity
and ease of use
has created a large
online community
that constantly
publishes information
to help users learn
how to operate Linux.
Since Linux is
open source, it has
become a global
community of users
that contribute frequently.
This global community is a huge
resource for all Linux users
because users can find
answers for everyday tasks.
Just searching on the internet
will provide many answers.
The easiest way to
troubleshoot a task
is to search and read about
how someone else has done it.
Looking for resources
on how to execute a task
is a good way for beginners
to continue learning.
So far, you've learned
how to add users,
but imagine if later you
wanted to add a new group.
One way to learn how to do
this is to search online.
Let's give this a try
through Google Search.
The search results
give us many options
for adding a group in Linux.
Another reputable source is the
Unix and Linux Stack Exchange.
Their answers are
ranked with points
to display high-quality answers.
Many questions relate
to more advanced users
and are geared towards
troubleshooting.
Well, now you know where to
get some extra support whenever
in doubt about topics in Linux.
There is a lot of support
just a click away.
Coming up, we'll learn
how to get support
from within the
command line itself.
Join me.
Welcome back.
In this video, we're going to
discuss some resources that
are available directly
through the shell
and can help you while
working in Linux.
One of the great
things about Linux
is that you can get help right
through the command line.
The first command that can
help you in this way is man.
Man displays information
on other commands
and how they work.
The name of this command
comes from the word "manual."
Let's examine this more closely
by using man to get information
about the usermod command.
After man, we type the
name of this command.
The information that man returns
includes a general description.
It also contains
information about each
of usermod's options.
For example, the
option -d can be
added to usermod to change
a user's home directory.
Man provides a lot
of information,
but sometimes we just
need a quick reference
on what a command does.
In that case, you use whatis.
Whatis displays a description
of a command on a single line.
Let's say you heard a coworker
mention a command like tail.
You've never heard of
this command before,
but you can find
out what it does.
Simply use the
command "whatis tail"
and learn that it outputs
the last part of files.
Sometimes we might not even
know what command to look up.
This is where
apropos can help us.
Apropos searches the
manual page descriptions
for a specified string.
Let's try it out.
Let's say you have
a task that requires
you to change a password,
but you're not quite sure
how to do this.
If we use the apropos command
with the string "password,"
this will display a large number
of commands with that word.
This helps somewhat,
but it still
may be difficult to
find what we need.
But we can filter this
by adding the -a option
and an additional string.
This option will return
only the commands
that contain both strings.
In our case, since we want
to change the password,
let's look for commands with
both "change" and "password."
Now the output has been limited
to the most relevant commands.
These commands make
it a lot easier
to navigate the
Linux command line.
As a new analyst, you won't have
all the answers all the time,
but you can learn
where to find them.
Congratulations.
You completed another
section in this course.
Take a minute to think
about what you achieved.
You learned a lot
in this section.
Let's recap what we covered.
In this section, you
utilized the command line
to communicate with the OS.
Part of this was using commands
for navigating and managing
the file system.
And you used other commands for
authenticating and authorizing
users.
These are all tasks
that a security analyst
is likely to encounter.
Finally, you learned
about accessing
resources that support
learning new Linux commands.
With this knowledge,
you'll be able to continue
learning more and more about
using the command line.
We did it.
We learned how to
communicate with Linux.
That's a great
accomplishment and one
that will be very useful to you
in your career as a security
analyst.
You should be proud of the
work that you've done so far.
In the world of security,
diversity is important.
Diverse perspectives
are often needed
to find effective solutions.
This is also true
of the tools we use.
Your job will often require you
to use a lot of diverse tools.
In the last section, we
studied the Linux command line
and learned how this tool can
help you search and filter
through data, navigate
through the Linux file system,
and authenticate users.
Now we'll learn
about another tool.
In this section,
we'll explore SQL
and how it allows
you to analyze data
in a way needed for your
role as a security analyst.
We're going to start
off by learning
about relational databases
and how they're structured.
From there, we're going
to introduce SQL queries
and how to use them to
access data from databases.
We then move on to
SQL filters, which
help us refine
our queries to get
the exact information we need.
Lastly, we'll explore
SQL joins, which allow
you to combine tables together.
When I'm presented with a
problem or a project at work,
I often have to sift through
a large amount of data.
When I use SQL, I'm able to
review data quickly and provide
results with confidence since
the queries are consistent
and easily executed.
SQL is a very powerful
and flexible tool.
Throughout this
section, you'll learn
how to use the parts of it
you need as a security analyst
and gain hands-on experience.
Good luck, and I'll join you
for the rest of the course.
Our modern world is
filled with data,
and that data almost
always guides us
in making important decisions.
When working with
large amounts of data,
we need to know how
to store it so it's
organized and quick
to access and process.
The solution to this
is through databases,
and that's what we're
exploring in this video.
To start us off, we
can define a database
as an organized collection
of information or data.
Databases are often
compared to spreadsheets.
Some of you may have
used Google Sheets
or another common spreadsheet
program in the past.
While these programs are
convenient ways to store data,
spreadsheets are often
designed for a single user
or a small team to
store less data.
In contrast, databases can be
accessed by multiple people
simultaneously and can store
massive amounts of data.
Databases can also
perform complex tasks
while accessing data.
As a security analyst, you'll
often need to access databases
containing useful information.
For example, these could
be databases containing
information on login attempts,
software and updates,
or machines and their owners.
Now that we know how
important databases
are for us, let's talk
about how they're organized
and how we can
interact with them.
Using databases allow us to
store large amounts of data
while keeping it quick
and easy to access.
There are lots of different ways
we can structure a database.
But in this course,
we'll be working
with relational databases.
A relational database
is a structured database
containing tables that
are related to each other.
Let's learn more about what
makes a relational database.
We'll start by examining an
individual table and a larger
database of organizational
information.
Each table contains
fields of information.
For example, in this
table on employees,
these would include fields
like employee_id, device_id,
and username.
These are the columns
of the tables.
In addition, tables contain
rows, also called records.
Rows are filled with
specific data related
to the columns in the table.
For example, our
first row is a record
for an employee whose ID is 1000
and who works in the Marketing
department.
Relational databases often
have multiple tables.
Consider an example where we
have two tables from a larger
database, one with
employees of the company
and another with machines
given to those employees.
We can connect two tables if
they share a common column.
In this example, we establish
a relationship between them
with a common
employee_id column.
The columns that relate
two tables to each other
are called keys.
There are two types of keys.
The first is called
a primary key.
The primary key
refers to a column
where every row
has a unique entry.
The primary key must not
have any duplicate values
or any NULL or empty values.
The primary key allows
us to uniquely identify
every row in our table.
For the table of employees,
employee_id is a primary key.
Every employee_id is unique,
and there are no employee_ids
that are duplicate or empty.
The second type of
key is a foreign key.
The foreign key is a
column in a table that is
a primary key in another table.
Foreign keys,
unlike primary keys,
can have empty values
and duplicates.
The foreign key allows us to
connect two tables together.
In our example, we can look
at the employee_id column
in the machines table.
We previously identified
this as the primary key
in the employees table.
So we can use this to
connect every machine
to their corresponding employee.
It's also important to
note that a table can only
have one primary key but
multiple foreign keys.
With this information,
we're ready to move on
to the basics of SQL,
the language that
lets us work with databases.
Throughout this
section, we'll gain
hands-on experience working with
the concepts we just covered.
As a security
analyst, you'll need
to be familiar both with
databases and the tools used
to access them.
Now that we know the
basics of databases,
let's focus on an important tool
used to work with them, SQL,
and learn more
about how analysts
like yourself might utilize it.
SQL, or as it's also
pronounced, "S-Q-L,"
stands for Structured
Query Language.
SQL is a programming
language used
to create, interact with,
and request information
from a database.
Before learning
more about SQL, we
need to define
what "query" means.
A query is a request for
data from a database table
or a combination of tables.
Nearly all relational databases
rely on some version of SQL
to query data.
The different
versions of SQL only
have slight differences
in their structure,
like where to place
quotation marks.
Whatever variety of
SQL you use, you'll
find it to be a very important
tool in your work as a security
analyst.
First, let's discuss how SQL
can help you retrieve logs.
A log is a record of events that
occur within an organization's
systems.
As a security
analyst, you might be
tasked with reviewing
logs for various reasons.
For example, some logs
might contain details
on machines used in a company.
And as an analyst,
you would need
to find those machines that
weren't configured properly.
Other logs might describe the
visitors to your website or web
app and the tasks they perform.
In that case, you
might be looking
for unusual patterns that may
point to malicious activity.
Security logs are often very
large and hard to process.
There are millions
of data points,
and it's very time consuming
to find what you need.
But this is where SQL comes in.
It can search through
millions of data points
to extract relevant rows of
data using one query that
takes seconds to run.
That's pretty useful, right?
SQL is also a very
common language
used for basic data
analytics, another set
of skills that will set you
apart as a security analyst.
As a security
analyst, you can use
SQL filtering to
find data to support
security-related
decisions and analyze
when things may go wrong.
For instance, you can
identify what machines haven't
received the latest patch.
This is important because
patches are updates that
help secure against attacks.
As another example, you can
use SQL to determine the best
time to update a machine
based on when it's least used.
Now that we know why
SQL is important to us,
we're going to start making
basic queries to a sample
database.
This is definitely
exciting, and I'll
meet you in the next video.
In this video, we're going to
be running our very first SQL
query.
This query will be based
on a common work task
that you might encounter
as a security analyst.
We're going to determine
which computer has been
assigned to a certain employee.
Let's say we have access
to the employees table,
and the employees
table has five columns.
Two of them, employee_id
and device_id,
contain the information
that we need.
We'll write a
query to this table
that returns only those
two columns from the table.
The two SQL keywords we
need for basic SQL queries
are SELECT and FROM.
SELECT indicates which
columns to return.
FROM indicates which
table to query.
The use of these
keywords in SQL is
very similar to how we
would use these words
in everyday language.
For example, we
could ask a friend
to select apples and
bananas from the big box
when going out to buy fruit.
This is already
very similar to SQL.
So let's go ahead and use
SELECT and FROM in SQL
to return the information
we need on employees
and the computers they use.
We start off by typing
in the SQL statement.
After FROM, we've identified
that the information
will be pulled from
the employees table.
And after SELECT,
employee_id and device_id
indicate the two columns we
want to return from this table.
Notice how a comma
separates the two columns
that we want to return.
It's also worth mentioning a
couple of key aspects related
to the syntax of SQL here.
Syntax refers to the
rules that determine
what is correctly structured
in a computing language.
In SQL, keywords are
not case sensitive,
so you could also write
select and from in lowercase,
but we're placing them
in capital letters
because it makes the query
easier to understand.
Another aspect of the syntax
is that semicolons are placed
at the end of the statement.
And now we'll run the
query by pressing Enter.
The output gives
us the information
we need to match employees
to their computers.
We just ran our very
first SQL query.
Suppose we wanted to know what
department the employee using
the computer is from or
their username or the office
they work in.
To do that, we can
use SQL to make
another statement
that prints out all
of the columns from the table.
We can do this by placing
an asterisk after SELECT.
This is commonly referred
to as SELECT ALL.
Now let's run this query to
the employees table in SQL.
And now we have the full
table in the output.
You just made it through
a basic query in SQL.
Congratulations.
In the next video,
we'll learn how
to add filters to our queries,
so I'll meet you there.
One of the most
powerful features of SQL
is its ability to filter.
In this video,
we're going to learn
how this helps us
make better queries
and select more specific
pieces of data from a database.
Filtering is selecting data
that match a certain condition.
Think of filtering as a way of
only choosing the data we want.
Let's say we wanted to select
apples from a fruit cart.
Filtering allows us to
specify what kind of apples
we want to choose.
When we go buy apples,
we might explicitly
say, choose only
apples that are fresh.
This removes apples that aren't
fresh from the selection.
This is a filter.
As a security analyst, you might
filter a log_in_attempts table
to find all items from
a specific country.
This could be done by applying
a filter on the country column.
For example, you can
filter to just return
records containing Canada.
Before we get started, we need
to focus on an important part
of the syntax of SQL.
Let's learn about operators.
An operator is a
symbol or keyword
that represents an operation.
An example of an operator
would be the equal to operator.
For example, if we wanted to
find all records that have
'USA' in the country column,
we use country = 'USA'.
To filter a query
in SQL, we simply
add an extra line to
the SELECT and FROM
statement we used before.
This extra line will
use a WHERE clause.
In SQL, WHERE indicates
a condition for a filter.
After the keyword WHERE,
the specific condition
is listed using operators.
So if you wanted to find all
of the login attempts made
in the United States, we
would create this filter.
In this particular condition,
we're indicating to return all
records that have a value in
the country column that is equal
to 'USA'.
Let's try putting it
all together in SQL.
We're going to start with
selecting all the columns
from the log_in_attempts table
and then add the WHERE filter.
Don't forget the semicolon.
This tells us we finished
the SQL statement.
Now, let's run this query.
Because of our filter,
only in the rows
where the country of the
login attempts was 'USA'
are returned.
In the previous example,
the condition for our filter
was based simply on
returning records that are
equal to a particular value.
We can also make our
conditions more complex
by searching for a pattern
instead of an exact word.
For example, in the
employees table,
we have a column for office.
We can search for records
in this column that
match a certain pattern.
Perhaps you might want all
offices in the East Building.
To search for a pattern,
we use the percentage sign
to act as a wild card for
unspecified characters.
If we ran a filter for 'East%',
this would return all records
that start with 'East', for
example, the offices East-120,
East-290, and East-435.
When searching for patterns
with the percentage sign,
we cannot use the
equals operator.
Instead, we use
another operator, LIKE.
LIKE is an operator
used with WHERE
to search for a
pattern in a column.
Since LIKE is an operator,
similar to the equals sign,
we use it instead
of the equals sign.
So when our goal is to return
all values in the office column
that start with the word 'East',
LIKE would appear in a WHERE
clause.
Let's go back to
the example in which
we wanted to filter for login
attempts made in the United
States.
Imagine that we realize
our database contains
inconsistencies with how the
United States is represented.
Some entries use "US,"
while others use "USA."
Let's get into SQL and apply
this new type of filter
with LIKE.
We're going to start with the
same first two lines of code
because we want to
select all columns
from the log_in_attempts table.
And we're going to add a filter
with LIKE so that records will
be returned if they contain
a value in the country column
beginning with the
characters 'US'.
This includes both
'US' and 'USA'.
Let's run this query to
check if the output changes.
This returns all the entries
where the user location
was in the United States.
And now we can use the LIKE
clause to filter columns
based on a pattern.
Wow.
We've already learned how to get
very precise with our database
and get exactly the data we
need with one single query.
I'm excited for what's next.
In this video, we're going
to continue using SQL queries
and filters, but now
we're going to apply them
to new data types.
First, let's explore the three
common data types that you
will find in databases--
string, numeric,
and date and time.
String data is data consisting
of an ordered sequence
of characters.
These characters could be
numbers, letters, or symbols.
For example, you'll
encounter string data
in usernames, such as
a username analyst10.
Numeric data is data consisting
of numbers, such as a count
of login attempts.
Unlike strings,
mathematical operations
can be used on numeric
data, like multiplication
or addition.
Date and time data refers
to data representing a date
and/or time.
Previously, we applied
filters using string data,
but now let's work with
numeric and date and time data.
As a security
analyst, you'll often
need to query numbers and dates.
For example, we could
filter patch dates
to find machines
that need an update.
Or we could filter
login attempts
to return only those made
in a certain period of time.
We learned about operators
in the last video,
and we're going to use them
again for numbers and dates.
Common operators for working
with numeric or date and time
data types include equals,
greater than, less than,
not equal to, greater
than or equal to,
and less than or equal to.
Let's say you want
to find the login
attempts made after 6:00 PM.
Because this is past
normal business hours,
you want to look for
suspicious patterns.
You can identify these
attempts by using
the greater-than
operator in your filter.
We'll start writing
our query in SQL.
We begin by indicating
that we want
to select all columns from
the log_in_attempts table.
Then we'll add our
filter with WHERE.
Our condition indicates that
the value in the time column
must be greater than,
or for dates and times,
later than 18:00, which is
how 6:00 PM is written in SQL.
Let's run this and
examine the output.
Perfect.
Now we have a list of login
attempts made after 6:00 PM.
We can also filter
for numbers and dates
by using the BETWEEN operator.
BETWEEN is an operator that
filters for numbers or dates
within a range.
An example of this
would be when looking
for all patches installed
within a certain range.
Let's do this.
Let's find all the patches
installed between March 1,
2021, and September 1, 2021.
In our query, we start
with selecting all records
from the machines table.
And we add that BETWEEN
operator in WHERE statement.
Let's break down the statement.
First, after WHERE, we indicate
which column to filter,
in our case, OS_patch_date.
Next comes our
operator, BETWEEN.
We then add the beginning
of a range, type AND,
then finish by adding the end
of our range and a semicolon.
Now let's run this and
explore the output.
And now we have a list
of all machines patched
between those two dates.
Before we wrap up, an
important thing to note
is that when we filter for
strings, dates, and times,
we use quotation marks to
specify what we're looking for.
However, for numbers, we
don't use quotation marks.
With this new
knowledge you're now
ready to work on all sorts of
interesting filters for numbers
and dates.
In the next video, we'll be able
to expand our filtering even
further by using multiple
conditions in one query.
In the previous lesson, we
learned about even more ways
to filter queries in SQL to
work with some typical security
analyst tasks.
However, when working with
real security questions,
we often have to filter
for multiple conditions.
Vulnerabilities,
for instance, might
depend on more than one factor.
For example, a
security vulnerability
might be related to machines
using a specific email client
on a specific operating system.
So to find the possible
vulnerabilities,
we need to find machines
using both the email client
and the operating system.
To make a query with multiple
conditions that must be met,
we use the AND operator between
two separate conditions.
AND is an operator that
specifies that both conditions
must be met simultaneously.
Bringing this back to our
fruit and vegetable analogy,
this is the same
as asking someone
to select apples
from the big box
where the apples
are large and fresh.
This means our results won't
include any small apples,
even if they're fresh,
or any rotten apples,
even if they're large.
They'll only include
large, fresh apples.
The apples must meet
both conditions.
Going back to our database,
the machines table
lists all operating
systems and email clients.
We want a list of machines
running operating system 1
and a list of machines
using email client 1.
We'll use the left and right
circles in the Venn diagram
to represent these groups.
We need SQL to select the
machines that have both
'OS 1' and 'Email Client 1'.
The filled-in area at the
intersection of these circles
represents this condition.
Let's take this and
implement it in SQL.
First, we're going
to start by building
the first lines of
the query, telling
SQL to select all columns
from the machines table.
Then we'll add the WHERE clause.
Let's examine this more closely.
First, we indicate the first
condition that it must meet,
that the operating_system
column has a value of 'OS 1'.
Then we use AND to join
this to another condition.
And finally, we enter the
other condition, in this case,
that the email_client
column should have a value
of 'Email Client 1'.
And this is how you use
the AND operator in SQL.
Let's run this to get
the query results.
Perfect.
All the results match
both our conditions.
Let's keep going and
explore more ways
to combine different conditions
by working with the OR
operator.
The OR operator is
an operator that
specifies that either
condition can be met.
In a Venn diagram,
let's say each circle
represents a condition.
When they are
adjoined with OR, SQL
would select all rows that
satisfy one of the conditions,
and it's also OK if it
meets both conditions.
Let's run another query
and use the OR operator.
Let's say that we
wanted the filter
to identify machines that
have either 'OS 1' or 'OS 3'
because both types need a patch.
We'll type in these conditions.
Let's examine this more closely.
After WHERE, our first condition
indicates we want a filter
so that the query selects
machines with 'OS 1'.
We use the OR operator
because we also
want to find records that
match another condition.
This additional condition
is placed after OR
and indicates to also select
machines running OS 3.
Executing the query,
our results now
include records that have a
value of either 'OS 1' or 'OS
3' in the
operating_system column.
Good job.
We're running some
complex queries.
The last operator we're going
to go into is the NOT operator.
NOT negates a condition.
In a diagram, we can show this
by selecting every entry that
does not match our condition.
The condition is
represented by the circle.
The filled-in portion
outside the circle
represents what gets returned.
This is all data that does
not match the condition.
For example, when
picking out fruit,
you could be looking for any
fruit that is not an apple.
That is a lot more
efficient than telling
your friend you want a banana or
an orange or a lime and so on.
Suppose you wanted to update
all the devices in your company
except for the ones using OS 3.
Bringing this into SQL,
we can write this query.
We placed NOT after WHERE
and before the condition
of the filter.
Executing these queries gives
us the list of all the machines
that aren't running
OS 3, and now we
know which machines to update.
That was a lot of new content
that we just looked into,
but you're learning
more and more SQL
that you can use on your
journey to become an analyst.
In the next video,
will be learning
how to combine and join
two tables together
to expand the kinds
of queries we can run.
I'll meet you there.
You've already learned a lot
about SQL queries and filters.
Nice work.
The last concept we're
introducing in this section
is joining tables when
querying a database.
This is helpful when
you need information
from two different
tables in a database.
Let's say we have two
tables, one that tells us
about security vulnerabilities
of different operating
systems and one about different
machines in our company,
including their
operating systems.
Having the ability
to combine them
gives us a list of
vulnerable machines.
That's pretty cool, right?
First, let's start talking
about the syntax of joins.
Since we're working
with two tables now,
we need a way to
tell SQL what table
we're picking columns from.
In our example database, we
have an employee_id column
in both the employees table
and the machines table.
In SQL statements that
contain two columns,
SQL needs to know which
column we're referring to.
The way to resolve this is by
writing the name of the table
first, then a period, and
then the name of the column.
So we would have employees
followed by a period followed
by the column name.
This is the employee_id column
for the employees table.
Similarly, this is
the employee_id column
for the machines table.
Now that we
understand the syntax,
let's apply it to a join.
Imagine that we
want to get a deeper
understanding of the
employees accessing
the machines in our company.
By joining the employees
and the machines tables,
we can do this.
We first need to identify
the shared column that we'll
use to connect the two tables.
In this case, we'll use a
primary key in one table
to connect to another table
where it's a foreign key.
The primary key of
the employees table
is employee_id, which is a
foreign key in the machines
table.
Employee_id is a primary
key in the employee table
because it has a unique value
for every row in the employees
table and no empty values.
We don't have a guarantee
that the employee_id column
in the machines table
follows the same criteria
since it's a foreign key
and not a primary key.
Next, we'll use a type of
join called an INNER JOIN.
An INNER JOIN
returns rows matching
on a specified column that
exists in more than one table.
Tables usually contain
many more rows.
But to further explain
what we mean by INNER JOIN,
let's focus on just four
rows from the employees table
and four rows from
the machines table.
We'll also look at
just a few columns
of each table for this example.
Let's say we choose
employee_id in both tables
to perform an INNER JOIN.
Let's look at the two rows
where there is a match.
Both tables have 1188 and 1189
in the respective employee_id
columns, so they are
considered a match.
The result of the
join is the two rows
that have 1188 and 1189 and
all columns from both tables.
Before we move on
to the queries,
we have to talk about the
NULL values in the tables.
In SQL, NULL represents
a missing value
due to any reason.
In this case, this might
be machines that are not
assigned to any employee.
Now let's bring this into
SQL and do an INNER JOIN
on the full tables.
Let's imagine we want to
join these tables in order
to get a list of users
and their office location
that also shows what
operating system they
use on their machines.
Employee_id is a common
column between these tables,
and we can use
this to join them,
but we won't need to show
this column in the results.
First, let's start
with a basic query
that indicates we want to
select the username, office,
and operating_system columns.
We want employees to be
our first or left table,
so we'll use that in
our FROM statement.
Now we write the
part of the query
that tells SQL to
join the machines
table with the employees table.
Let's break down this query.
INNER JOIN tells SQL to
perform the inner join.
Then we name the second table we
want to combine with the first.
This is called the right table.
In this case, we
want to join machines
with the employees
table that was already
identified after FROM.
Lastly, we tell SQL what
column to base the join on.
In our case, we're using
the employee_id column.
Since we're using two tables,
we have to identify the table
and follow that with
the column name.
So we have employees.employee_id
and machines.employee_id.
Let's review the output.
Perfect.
We have now joined two tables.
The results of
our query displays
the records that match on
the employee_id column.
Notice that these
records contain columns
from both tables
but only the ones
we've indicated through
our SELECT statement.
There are other types of joins
that don't require a match
to join two tables,
and we're going
to discuss those
in the next video.
I'll meet you there.
Welcome back.
I hope you enjoyed
working on inner joins.
In the previous
video and exercises,
we saw how inner joins
can be useful by only
returning records that share
a value in specified columns.
However, in some
situations, we might
need all of the entries from
one or both of our tables.
This is where we need
to use outer joins.
There are three types of outer
joins, LEFT JOIN, RIGHT JOIN,
and FULL OUTER JOIN.
Similar to inner joins, outer
joins combine two tables
together.
However, they don't necessarily
need to match between columns
to return a row.
Which rows are returned
depends on the type of join.
LEFT JOIN returns all of the
records of the first table
but only returns rows
of the second table
that match on a
specified column.
Like we did in the
previous video,
let's examine this
type of join by looking
at just four rows of two tables
with a small number of columns.
Employees is the left
table, or the first table,
and the machines is the right
table, or the second table.
Let's join on employee_id.
There's a matching value in this
column for two of four records.
When we execute the
join, SQL returns
these rows with
the matching value,
all other rows from
the left table,
and all columns
from both tables.
Records from the employees
table that didn't match but were
returned through the LEFT
JOIN contain NULL values
in columns that came
from the machines table.
Next, let's talk
about right joins.
RIGHT JOIN returns all of the
records of the second table
but only returns rows
from the first table that
match on a specified column.
With the RIGHT JOIN on
the previous example,
the full result returns
matching rows from both,
all the rows from
the second table,
and all the columns
in both tables.
For the values that don't
exist in either table,
we are left with a NULL value.
Last, we'll discuss
full outer joins.
FULL OUTER JOIN returns all
records from both tables.
Using our same example, a FULL
OUTER JOIN returns all columns
from all tables.
If a row doesn't have a value
for a particular column,
it returns NULL.
For example, the
machines table did not
have any rows with
employee_id 1190,
so the values for that
row in the columns that
came from the machines
table is NULL.
To implement left
joins, right joins,
and full outer joins in SQL, you
use the same syntax structure
as the inner join but
use these keywords--
LEFT JOIN, RIGHT JOIN,
and FULL OUTER JOIN.
As a security
analyst, you're not
required to know all
of these from memory.
Once you understand the
type of join you need,
you can quickly search and
find all the information you
need to execute these queries.
With this information
on joins, we've
now covered some very
important information
you'll need as a security
analyst using SQL.
Thank you for joining
me in this video.
Congratulations.
We've made it together through
the end of our focus on SQL.
You've put in a lot of work
and learned an important tool
that will help you on your
journey as a security analyst.
Let's take a moment to go
through all of the topics
you learned in this section.
We started by learning
about the structure
of relational databases and
how we can access them by using
the query language, SQL.
We then got hands-on practice
with writing our own SQL
queries.
We used SQL to
bring up information
you might need on the job
when working as an analyst.
We then focused on SQL filters.
We started with simple
conditions with strings,
and by the end, we learned
how to use multiple filters
in one query.
We concluded the unit
with SQL joins and learned
how to join multiple
tables, giving us
even more information at once.
By completing this
course, you just
took a very big step
in your future career
as a security analyst.
You have been introduced
to a powerful tool that
can help you in your work.
And whenever you
need to, I encourage
you to revisit the
materials in this course.
Learning a querying language
like SQL takes time.
Thank you again for
joining me in this journey.
I hope you'll enjoy using
SQL as much as I do.
You made it to the
end of this course.
Congratulations.
You did it.
I hope you are proud
of all you learned.
The focus of this course
was computing basics.
Understanding the
basics of computing
is a valuable skill as you
transition into your career
as a security analyst.
Let's recap what you
learned in this course.
We first focused on
operating systems
and how they relate to
applications and hardware.
Understanding how the system
you're protecting works
is essential for doing
your job effectively.
That brings us to the
Linux operating system.
When working in the
security profession,
familiarity with
Linux is important.
We first discussed
its architecture
and various distributions.
Then we used the
Linux command line
to carry out tasks you might
encounter as a security
analyst.
Finally, we looked at
another useful tool
and used SQL to query databases.
After this course, I hope you
have a better understanding
of how these
foundations of computing
support a security analyst
in their daily work.
I also hope you continue
your path with this program.
There are a lot of other useful
and exciting topics ahead.
Once again, congratulations.
You finished another course.
Building skills is something
you should be proud of.
Keep it up as you progress
through this program.
[MUSIC PLAYING]
PDF
Introduction

Why Understanding Operating Systems Matters

How an OS Works

Interfaces: GUI vs. CLI

Linux Fundamentals

Core Linux Commands for Analysts

Getting Help Directly in the Shell

SQL Basics for Security Analysts

Practical Use Cases

Resources & Community Support

Conclusion

Frequently Asked Questions

Who is Google Career Certificates on YouTube?

Does this page include the full transcript of the video?

Why Understanding Operating Systems Matters

How an OS Works

Helpful resources related to this video

Share This Summary

Embed This Summary
