Unit 3: Computer Hardware, Operating Systems, and Virtualization

Lesson at a glance

| Item | Detail | | --------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | | Suggested length | 4 × 60 minutes | | Recommended placement | Weeks 3–4 of Cybersecurity I | | Prerequisite | Unit 2; signed Lab Safety Agreement on file | | Materials | Workstations with virtualization support (VirtualBox or VMware Workstation Player), VM disk images for Kali Linux, Windows 10/11 eval, Ubuntu Server | | Required disk | ~80 GB free per workstation |

Safety: Students operate only inside the host-only or NAT network configured by the teacher. No bridged interfaces. No internet-facing VMs. Snapshot before every lab. No tool is run against any host outside the virtual lab range, ever.

Standards & credential alignment

• EHE Domain 2: Information Security Threats and Vulnerabilities - host fundamentals.
• VA CTE: Demonstrate use of virtualization for safe lab environments.
• CompTIA A+ overlap: hardware basics, OS concepts, file systems.

Learning objectives

By the end of this unit, students can:

1. Identify and describe the major components of a computer (CPU, RAM, storage, NIC, motherboard).
2. Compare Windows, Linux, and macOS at the security-relevant level (file systems, accounts, permissions).
3. Install a hypervisor and create a working VM from an ISO.
4. Configure VM networking (NAT vs. host-only) and explain the security implications of each.
5. Take, name, and roll back a VM snapshot.
6. Create users and groups in Linux and assign correct permissions.
7. Use Windows admin tools (Computer Management, Event Viewer, Task Manager) at a basic level.

Vocabulary

• Hypervisor - Software that runs virtual machines (Type 1: bare-metal; Type 2: hosted, like VirtualBox/Workstation).
• Virtual Machine (VM) - A software-defined computer running on a host.
• Snapshot - A saved point-in-time state of a VM you can roll back to.
• NAT / Host-only networking - NAT lets the VM talk out through the host; host-only isolates VMs to a private network with no internet path.
• Filesystem - How an OS organizes files (NTFS on Windows, ext4/xfs on Linux, APFS on macOS).
• Permissions - Read/write/execute access rights for users and groups (rwx on Linux; ACLs on Windows).
• Process / Service - A running program / a long-running background program managed by the OS.

Teacher background

The lab build is the rite of passage for the program. Students who get this unit are ready for everything else. Students who don't get this unit will drown in Unit 4. Do not move on until every student has a working Kali VM with a known-good snapshot.

Two specific landmines:

1. Nested virtualization: many school-issued laptops have BIOS-level virtualization disabled. Get IT involved before Day 1. If it's blocked at the device level, you need a workaround (lab desktops, cloud-hosted lab, or a school-provided VM with VirtualBox pre-installed).
2. Bridged networking: tempting, never appropriate for a classroom. Bridged places the Kali VM on the school's real network. Use host-only for any offensive practice, NAT only for downloading legitimate updates inside guest VMs.

Materials checklist

• [ ] VirtualBox 7.x or VMware Workstation Player installed on every workstation
• [ ] Kali Linux ISO (current LTS release)
• [ ] Windows 10/11 evaluation ISO
• [ ] Ubuntu Server LTS ISO
• [ ] Per-student credentials sheet (host-only IPs, default usernames)
• [ ] Lab worksheet PDF
• [ ] Wall poster: snapshot rule ("Snapshot before. Snapshot after.")

Pacing - Day 1 (60 min): Hardware and OS concepts

| Time | Segment | Notes | | ----------- | ------------------------------- | ---------------------------------------------------------------------- | | 0:00 – 0:15 | Mini-lesson - hardware tour | Open a desktop on the table. Show CPU, RAM, NIC, drive. | | 0:15 – 0:35 | Mini-lesson - three OS families | Side-by-side comparison table. | | 0:35 – 0:55 | Activity - OS scavenger hunt | Identify version, filesystem, current user on the lab Windows machine. | | 0:55 – 1:00 | Exit ticket | "Name one security-relevant difference between Windows and Linux." |

Day 1 - The OS comparison table for the wall

| | Windows | Linux | macOS | | -------------------- | --------------------- | ----------------- | ------------------------- | | Default filesystem | NTFS | ext4 (often) | APFS | | Default shell | PowerShell, cmd | bash, zsh | zsh | | Account model | Local + AD | Local + LDAP/SSSD | Local + MDM | | Privilege escalation | UAC, Run As | sudo | sudo, authopen | | Common log location | Event Viewer (evtx) | /var/log/ | /var/log/ + Console.app |

Pacing - Day 2 (60 min): Build a hypervisor + first VM

| Time | Segment | Notes | | ----------- | ---------------------------------- | ----------------------------------------------------- | | 0:00 – 0:10 | Mini-lesson - what's a hypervisor | Type 1 vs. Type 2 with diagrams. | | 0:10 – 0:50 | Lab - install VirtualBox + Kali VM | Walk-through, follow the lab handout. | | 0:50 – 0:55 | Snapshot ceremony | Every student takes a snapshot named clean-install. | | 0:55 – 1:00 | Exit ticket | "What does NAT mean for our lab safety?" |

Day 2 - Lab walkthrough (project on board)

1. Launch VirtualBox.
2. New → Name: kali-student-NN. Type: Linux. Version: Debian 64-bit.
3. Memory: 4 GB. CPU: 2. Disk: 40 GB dynamically allocated.
4. Settings → Network → Adapter 1 → Host-only Adapter. Confirm host-only adapter exists (vboxnet0 or similar).
5. Settings → Storage → attach Kali ISO to the optical drive.
6. Start. Install. Default user; strong password.
7. Reboot. Log in. Open terminal. ip a - verify host-only IP (typically 192.168.56.x).
8. Snapshot now: VirtualBox menu → Machine → Take Snapshot → name it clean-install.

Safety: If a student sees a 10.x or 192.168.1.x address, networking is misconfigured (likely bridged). Stop, fix, snapshot. No labs proceed until host-only is verified.

Pacing - Day 3 (60 min): Linux fundamentals

| Time | Segment | Notes | | ----------- | ------------------------------------------- | ------------------------------------------------------- | | 0:00 – 0:10 | Recap - snapshots | Cold-call. Expected: "snapshot before, snapshot after." | | 0:10 – 0:35 | Mini-lesson - Linux files, users, perms | Hands-on alongside instruction. | | 0:35 – 0:55 | Lab - make user, set permissions, lock down | See command sequence below. | | 0:55 – 1:00 | Exit ticket | "What does chmod 700 mean?" |

Day 3 - Linux command sequence (do this together on the projector)

# Verify your VM and snapshot
hostname
whoami
date

# Filesystem orientation
pwd
ls -la /
ls -la ~
df -h

# Make a new user
sudo adduser analyst1
sudo usermod -aG sudo analyst1

# Permissions
mkdir ~/casework
chmod 700 ~/casework      # owner: rwx, group: ---, other: ---
echo "case notes" > ~/casework/notes.txt
ls -la ~/casework

# Try to read another user's directory
sudo -u analyst1 ls /root  # expected: Permission denied

Stop after each block and explain. The command line is a foreign language; translate every word.

Pacing - Day 4 (60 min): Windows admin + snapshot break/restore

| Time | Segment | Notes | | ----------- | ------------------------------ | ---------------------------------------------------------- | | 0:00 – 0:30 | Lab - Windows admin tools tour | Computer Management, Event Viewer, Task Manager, Services. | | 0:30 – 0:55 | Lab - break and restore | Each student deliberately breaks their VM. Roll back. | | 0:55 – 1:00 | Exit ticket | "Why do real teams snapshot before every change?" |

Day 4 - The break-and-restore ceremony

This is the most important muscle memory of the entire course. Have each student:

1. Boot Kali VM. Confirm snapshot clean-install exists.
2. Pick a way to break it: rename /etc/hosts to /etc/hosts.bak, delete a user's home directory, drop the firewall rules, etc. (You list five legal options on the board.)
3. Reboot. See it broken.
4. Right-click VM → Restore Snapshot → clean-install.
5. Boot. Verify everything works.

Land the line: "In real life, this is what happens after a ransomware test, after a malware sample, after a misconfigured exploit. The snapshot is the difference between 'fascinating learning experience' and 'I just bricked the SOC laptop.'"

Common misconceptions

• "VMs are slow / not real computers." - Modern hardware barely notices a 4 GB VM. They are real computers, with real network identities, that can absolutely attack other things if misconfigured.
• "Host-only means it can't do anything." - Host-only means it can't reach the internet or your school network. It can absolutely attack other lab VMs - that's the point.
• "I'll just take one snapshot at the start." - No. Snapshot before every change. Storage is cheap; rebuilding from scratch is not.

Differentiation

• Pair students for the install. One drives, one reads the handout aloud. Switch every 10 minutes.
• Pre-built VMs: for students with disability accommodations or device limitations, distribute a pre-built .ova file they import in two clicks.
• Reading: handout has screenshots at every step. Don't rely on verbal instruction alone.

Assessment

• Day 2 deliverable: working Kali VM with clean-install snapshot. Pass/fail.
• Day 3 deliverable: screenshot of ls -la ~/casework showing drwx------.
• Day 4 deliverable: video or screenshot showing successful restore from snapshot.

Career connection

Every Linux command in today's lesson is a Day 1 expectation at any SOC, MSP, or IT support desk. Snapshot/restore discipline is the difference between a junior engineer who is trusted with production access and one who is not.

Homework / next class

• Practice the Day 3 command sequence at home (or during open lab) until it's muscle memory.
• Bring one screenshot of a Linux permission error and explain it next class.