CYSE 270

Linux Systems for Cybersecurity

Overall Reflection

As this is being written I am currently a freshman within my spring semester. This class, CYSE 270, was my first real step into the cybersecurity world. My reason for taking Linux Systems for Cybersecurity is due to how I wanted to get a feel for actual cyber work/experience rather than simply cover theories or policies. Coming into the class I knew next to nothing in terms of linux and working within a terminal. With each lab and notes via slides my understanding grew with ease. I now know how to script which may prove useful for future automation, troubleshoot issues within the operating system, and find networking information. I believe that this class has laid a foundation for my IT/Cyber future by opening me up to various different parts of the digital playing field.

Lab 1 – Create a Virtual Machine

This lab served as the foundation for the course by setting up the primary environment used for all subsequent tasks. I installed Kali Linux within Oracle VirtualBox, which involved configuring virtual hardware settings such as RAM, CPU allocation, and disk space to ensure the guest operating system ran smoothly on my physical machine.

  • Key Skills/Concepts: Virtualization basics, ISO mounting, allocating system resources (RAM/Storage), and navigating the initial Linux desktop environment.
  • Challenges: The primary challenge was ensuring that Virtualization Technology was enabled in the system BIOS. Without this, the virtual machine would not boot. Additionally, balancing resource allocation so the VM performed well without slowing down the host OS required some adjustment.
  • Overall Takeaway: Setting up a virtual environment is a fundamental skill in cybersecurity. It provides a safe, isolated “sandbox” where I can practice system administration and security testing without the risk of damaging my primary computer’s operating system.

Lab 2 – Linux File System Navigation and Management

This lab focused on the core fundamentals of interacting with the Linux filesystem. I practiced navigating between directories using both absolute and relative paths, manipulating files and folders, and using filters to find specific data. These operations are the daily “bread and butter” for any cybersecurity professional working in a Linux environment.

  • Key Skills/Concepts: Absolute vs. Relative pathing, directory creation and removal (mkdir, rm -rf), file manipulation (cp, mv, rm), and viewing file content metadata (file, tail).
  • Challenges: The distinction between relative and absolute paths can be tricky at first—specifically remembering that a relative path starts from the current location while an absolute path always starts from the root (/). I also had to be careful with the recursive flag when copying or deleting directories.
  • Overall Takeaway: Efficiently moving through the filesystem and understanding where configuration files (like /etc/group or /etc/passwd) are located is crucial. This lab reinforced that the terminal is much faster than a GUI for system administration once the commands become second nature.

Lab 3 – The VI Editor

This lab provided hands-on experience with vi, a powerful and ubiquitous text editor in the Linux environment. Unlike modern word processors, vi operates using different modes, which required a shift in how I approach text entry and navigation. Learning these shortcuts is essential for any cybersecurity student, as vi is often the only editor available when troubleshooting remote servers or analyzing system logs through a secure shell.

  • Key Skills/Concepts: Switching between Command, Insert, and Last Line modes; advanced navigation (jumping to lines, words, and sentences); and using global search-and-replace strings.
  • Challenges: The initial learning curve of “Command Mode” was the biggest hurdle. It was counterintuitive at first that typing wouldn’t immediately put characters on the screen. However, after practicing the ESC key habit, the efficiency of jumping across the file without a mouse became clear.
  • Overall Takeaway: Mastering vi is a rite of passage in cybersecurity. It allows for rapid configuration changes and script editing directly in the terminal, making it a critical tool for system hardening and incident response.

Lab 4 – User and Group Accounts

This lab focused on managing access controls within a Linux environment. I practiced creating new users, assigning them to specific groups, and modifying administrative privileges. It was interesting to see how permissions can be layered to ensure that users only have access to the directories necessary for their roles.

  • Key Skills/Concepts: Utilizing useradd, groupadd, and usermod commands; managing the /etc/passwd and /etc/group files.
  • Challenges: Initially, I struggled with the syntax for adding a user to multiple secondary groups simultaneously without removing them from their primary group.
  • Overall Takeaway: Managing user accounts is the first line of defense in system security. Learning to apply the principle of least privilege ensures a more secure and organized network.

Lab 5 – Linux File Permissions

During this lab, I explored the numeric and symbolic methods for changing file and directory permissions. I practiced using chmod, chown, and chgrp to secure sensitive data and learned how to interpret the standard rwx permission strings.

  • Key Skills/Concepts: Understanding Read, Write, and Execute permissions; converting between octal and symbolic notation.
  • Challenges: Understanding the difference between how permissions affect a file versus how they affect a directory was a bit “aha!” moment that took some trial and error.
  • Overall Takeaway: File permissions are critical for maintaining data integrity and confidentiality. Mastery of these commands is essential for preventing unauthorized users from accessing or modifying system files.

Lab 6 – Network Subnetting and IP Addressing

This lab moved into the networking side of cybersecurity, requiring the calculation of subnets based on host requirements. I used various tools to verify connectivity and practiced dividing a large network into smaller, manageable segments to improve performance and security.

  • Key Skills/Concepts: IPv4 addressing, CIDR notation, calculating subnet masks, and identifying broadcast addresses.
  • Challenges: The math involved in VLSM (Variable Length Subnet Masking) was complex at first. It required careful attention to detail to ensure that subnets did not overlap.
  • Overall Takeaway: Proper subnetting is vital for network organization and security. It allows administrators to isolate different departments or functions, reducing the attack surface within an organization.

Lab 7 – Automation with Crontab

In this lab, I learned how to automate repetitive system tasks using the cron daemon. I wrote scripts to perform basic system maintenance and scheduled them to run at specific intervals using the crontab editor.

  • Key Skills/Concepts: Crontab syntax (minute, hour, day, month, weekday), scheduling backups, and troubleshooting background processes.
  • Challenges: Debugging a script that ran perfectly in the terminal but failed when executed by cron was difficult. I eventually learned that cron uses a different environment and requires absolute file paths.
  • Overall Takeaway: Automation is a force multiplier for system administrators. By mastering crontab, I can ensure that security audits and backups occur consistently without manual intervention.

Lab 8 – Shell Scripting

This lab transitioned from executing individual commands to automating workflows through Shell Scripting. I practiced creating scripts that use conditional logic (if/else statements), read user input, and perform file system checks. This is a pivotal skill in cybersecurity, as automation allows for rapid system auditing, log analysis, and the deployment of security patches across multiple machines.

  • Key Skills/Concepts: Using the Shebang (#!/bin/bash), making scripts executable with chmod +x, using the read function for user input, and implementing conditional logic for file and directory validation.
  • Challenges: A recurring challenge was managing the precise syntax required for bracketed conditional statements in Bash specifically ensuring there were spaces after the opening bracket and before the closing bracket. Forgetting these small details often caused the script to fail.
  • Overall Takeaway: Scripting transforms the Linux terminal from a simple command line into a programmable engine. By learning how to check for the existence of files or directories before acting on them, I can create more robust and error-resistant administrative tools.

Lab 9 – Automated Backups and Scheduling

This lab combined shell scripting with system scheduling to create a robust backup solution. I learned how to automate the protection of user data by archiving directories and scheduling those tasks to run without human intervention. This is a fundamental security practice, ensuring that data can be recovered in the event of a system failure or a security breach like a ransomware attack.

  • Key Skills/Concepts: Creating and managing local user accounts, archiving and compressing data with the tar command, and utilizing crontab for time-based job scheduling.
  • Challenges: Configuring the crontab timing was a bit precise specifically ensuring the script ran every three minutes as required. I also had to make sure the script had the correct permissions to write to the /var/backups directory, which required understanding system-level file access.
  • Overall Takeaway: Reliability is key in cybersecurity. Automating backups ensures that the process is consistent and eliminates the risk of human error. Using compression (like tar -z) also taught me how to manage system resources efficiently while maintaining a history of system states.

Lab 10 – Network Subnetting and Binary Conversion

This lab delved into the mathematical foundation of networking, specifically focusing on IPv4 addressing and subnetting. I practiced breaking down IP addresses into their binary components to understand how subnet masks determine the division between the network and host portions of an address. This skill is critical in cybersecurity for designing secure network architectures and identifying unauthorized devices on a specific segment.

  • Key Skills/Concepts: Binary-to-Decimal conversion, calculating Network and Broadcast addresses, determining the range of usable host IPs, and understanding CIDR (Classless Inter-Domain Routing) notation.
  • Challenges: Converting between binary and decimal manually was the most time-consuming part of the lab. It required high precision, as a single bit error would result in an incorrect IP address or subnet mask calculation.
  • Overall Takeaway: Subnetting is more than just a math exercise; it’s about logical organization and security. By properly segmenting a network, an administrator can limit the “blast radius” of a potential security breach, ensuring that an infected host in one subnet cannot easily communicate with sensitive servers in another.

Lab 11 – Basic Network Configurations

This lab focused on the practical tools used to manage and troubleshoot network connectivity within a Linux environment. By transitioning the Virtual Machine between NAT and Bridge modes, I observed firsthand how the system’s network identity (IP address and routing) changes based on how it interacts with the host machine and the external network.

  • Key Skills/Concepts: Utilizing essential networking commands (ifconfig, route, netstat, ping, host), understanding system configuration files like /etc/hostname and /etc/resolv.conf, and differentiating between virtualization networking modes.
  • Challenges: The transition to Bridge mode was particularly insightful but challenging. Losing internet connectivity while on a campus network demonstrated how strict network security policies can prevent bridged VMs from obtaining valid IP addresses compared to NAT mode.
  • Overall Takeaway: Networking is the backbone of cybersecurity. Being able to quickly identify a system’s IP, its DNS resolvers, and its current active connections (netstat) is critical for both defending a system and identifying potential compromise.