>> When it comes to security control types, you have several, there's managerial, there's

operational and technical. What I thought I would do is open up a particular PDF here of the
800-53 NIST standard. And it talks about different types of security controls and you can
see the list here.

What I thought I would do is talk about something access control oriented right here at the
top of this table and specifically. I'm going to give you an example of a technical control that
is administrative, and if you take a look at this here. I've got here a little operating system
opened, its my parrot Linux is what it's called.

It's basically based on a boon two and I've got a terminal here so I can't help it show you
this. That's here is ,something called Thor's well on the Oregon Coast, fantastic place to visit.
All right before so back to work here. I'm gonna show you a technical administrative
control, let's say you've been asked to administer a patchy server to stop it an restart it.

Okay, well, if you do that on a Linux system, this is a Linux system, Parrot Linux is based on
a boon, two Linux. And basically what we've got here is you have to have permissions to do
that, to administer a Web Server, give you a quick case in point.

In this case I'm the user James, I'm gonna use the whoami command and that tells me as I've
logged into a terminal. Who is it that's logged into terminal. See that little dollar sign, that
means I'm a standard user. If I was the root user, you'd see the hash mark, or it looks like
the pound sign, some people see it that way.

That would denote the root user, which can do kind of everything. So you have kind of that
standard user versus privileged user kind of thing. If you're a Windows person, you've got
your normal user right than your administrative user. Well, in order to stop and start
Apache server for example, you would have to have the right permissions.

And these are controls that basically say well, look you can't just kind of leave it to open to
everything or everything open to everyone. You've got to really kind of start locking things
down. So for example if I wanted to administer and restart Apache server, I could use their
particular script here.
And this particular script here Apache2 is the name of the script here. Now to just check the
status as a normal user, I can do that. Now notice what it's saying here, it's saying, well, it's
actually not working, it's dead, it's inactive, okay? Well, if I wanted to and I'll just go back
and add it the command line here.

I'm going to go here and say, well I want to start Apache server well in order to do that,
notice what happened right away. It's like well, to do that, do more than just check the
status to actually start the thing you're going to have to have privileged access here.

So this is example again of a kind of administrative, a technical administrative control. So in

this case what I can do is type in the password here. And let's see if I did in fact start it well
lucky there I did. You can see that I have now an active Apache server that's running here.

And if I wanted to actually stop it now because I've already, I could hit stop here and now
it's going to ask me again. It's like well, you just started it, but in order to stop it, you're
going to have to provide your password or some form of authentication.

Which I'll do and then let's see here if we can check its status here, and in fact it is now stop.
What you're seeing is just a simple example of that type of control that you'll be using as a
security professional.