Security 1 Lab

ovenforksqueeSecurity

Nov 3, 2013 (4 years and 5 days ago)

837 views

Security 1

Lab


Hosts File Attack


Substituting a fraudulent IP address can be done by either attacking the Domain

Name System (DNS)
server or the local host table. Attackers can target a local

hosts file to create new entries that will
redirect users to
their fraudulent site. In

this
part
, you will add a fraudulent entry to the local hosts
file.


1. Start Internet Explorer or any other Web Browser.


2.
Go a site

such as
http://www.qub.ac.uk

which is the website for Q
ueens University.


3. Click
Start

and
All Programs

and then
Accessories
.


4. Right
-
click Notepad and then select
Run

as administrator.


5 . Click File and then
Open
.

‘Click the File Name drop
-
down arrow to

change from Text Documents
(”`.txt) to All Files (
*.*).


6. Navigat
e to the file C:
\
windo
ws
\
system32
\
drivers
\
etc
\
hosts and open it.


7. At the end of the file, enter
143.117.143.26.

This is the IP address of

qub.ac.uk. You can work out
the IP address of any website by visiting
http://www.site24x7.com/find
-
ip
-
address
-
of
-
web
-
site.html


8. Press Tab and enter www.g4s.com.

In this hosts table,
www
.g4s.com

is now
resolved

to the IP
address
143.117.143.26
.
(note: In case you are wondering,

g4s.com is simply a security firm which
appears on the first page of Google results when you enter security. You could replace this with any
other site).


Before proceeding, just ensure your last line of hosts looks like as follows:


143.117.143.26 www.g4
s.com



9. Click
File

and then
Save
.


10. Open your Web browser and then enter the URL
www.g4s.com
.
What Web site appears?


11. Return to the h
osts file and remove this entry (when you are finished experimenting with more).


12. Click
File

and then
Save
.


13.
Close

all windows.




RSA encryption and decryption Demo


1.
Use your web browser to go to
http://www.cs.uri.edu/cryptography/publickeyrsademo.htm
.
Note: It is no
t unusual for websites to change the location of a file so if this link is broken, try
searching for "RSA Cipher Demonstration".


2
. Read the info
rmation about the demonstration and then
click on RSA interactive applet.

3.
Enter prime ‘p’ and ‘q’ values

e.g.
29

and
53
.

4.
Click
Continue
.

5.
This now generates
M

and
N
.

6.
Go now to the
E
:

box and enter a value
e.g.
43
.

7
.
This now generates D. Therefore we now have a private and public key pair.


8
. Scroll down to
Enter text, numbers, or encoded numbers
below
.

9
. Delete
Plain text message
.


1
0
. Enter
Today the sun is shining!

11
. Because RSA only functions on numeric values, any text must be first

converted to its ASCII
equivalent.
Click Convert to number.

12
. Click the
Encrypt

button to encrypt this phra
se using RSA.

13
. Delete the number generated

in the Convert to number box.

14
. Delete the text
Today the sun is shining!

in the Plain Text message box.

15
. Click the
Decrypt

button to decrypt it to a numeric value based on the p,

q, n, e
, and
d

values.

16
.
You should now see the decrypted text displayed on the left.

17
. Close the window.



Installing Command
-
Line Hash Generators

and Comparing Hashes


In this project, you download different command
-
line hash generators to compare hash
values.


1. Use y
our Web browser to go to
http://www.scis.ulster.ac.uk/~kevin/com320/labs/md5deep.zip



2. Download

this zip archive
.


3
. Using Windows Explorer, navigate to the lo
cation of the downloaded

file. Right
-
click the file and
then click
Extract All

to extract the files.


4
.
Create

a Microsoft Word document with the contents
Now is the time

for all good men to come to
the aid of their country.


5
. Save the document as
Country1.docx

in the directory that contains the

files and then close the
document.


6
. Start a command prompt by clicking
Start
, entering
cmd
, and then

pressing
Enter
.


7
.
Navigate

to the location of the downloaded files.


8
. Enter
MD5
DEEP
64

Country1.docx

to

start the application that creates an

MD5 hash of
Country1.docx and then press Enter. What is the length of

this hash?

(note: If you are not working on
a 64 bit machine, then simply run the MD5deep.exe 32 bit version).


9
. Now enter
MD5
DEEP
64

MD5DEEP.T
XT

to start the application that creates an MD5 hash of the
accompanying documentation file

MD5DEEP.TXT and then press Enter. What is the length of this
hash?

Compa
re it to the hash of Country1.do
cx. What does this tell you about

the strength of the
MD5 ha
sh?


1
0
. Start Microsof
t Word and then
open

Country1.do
cx.


1
1
. Remove the period at the end of the sentence so it says
Now is the time

for all good men to
come to the aid of their country
and then
save

the

document as
Country2.docx

in the directory that
contains the files. Close

the document.


12
.
At the command prompt, enter
MD5
DEEP
64

Country2.docx

to start the

application that creates
an MD5 hash of Country2.docx and then press

Enter. What
difference does removing the period
make
to the hash?


1
3
. Return to the command prompt and perform the same comparisons of

Country1.docx and
Country2.docx using
sha1deep.exe

(SHA
-
1),

sha2S6deep.exe

(SI∙IA

25 6), and

whirlpoo
ldeep.exe

(Whirlpool). What

observations can you make regarding the leng
th of the hashes between

Country1.docx and Country2.docx for each hash algorithm? What do

you observe regarding the
differences between hash algorithms (compare

MD5 with SHA

1, SHA

256 with Whirlpool, and so
on)?

(Note
-

you may need to run64 bit versions)


1
4
. Enter Exit at the command prompt.





Installing GUI Hash Generators and

Comparing Hashes


In this project, you download a GUI hash generator and compare the results

of various hashes.


1. Download Hash
Tab
for Wind
ows
from
here :
http://www.scis.ulster.ac.uk/~kevin/com320/labs/hashtab.exe


2
. Follow the default instructions to
install

Hash Tab.


3
. Click the right mouse button on the Windows
Start

icon.


4
. C
lick
Open Windows Explorer
.



5
. Navigate to the document
Country1.docx
.


6
. Click once on
Country1.docx

and then right
-
click.


7
. Click
Properties
.


8
. Notice that there is a new tab, File Hashes.
Click this tab

to display the

hashes for this file, as
shown below.




10.
Right click and select
Click Settings.


11. Click the
Select All
button.


12. Click
OK
.


13. Scroll through the different hash values generated.


14. Click
Compare a file
.


15. Navigate to the file
Country2.docx

and then click
OK
.


16.

A hash is generated on this file. what tells you that the hashes are not the same?


17. Which program would you prefer to use?


18. Close all windows.

Viewing Digital Certificates


1. Visit a site such as
http://w
w
w.cnet.com

in your browser


2. Note that there is
no padlock

in the browser address bar to left of URL. This indicates that no
certificates are used for this site. To verify this, click Page and then Properties. The Protocol is HTTP
and the connection is N
ot Encrypted. Why do you think digital certificates are not used here?

Should
they be?


3. Click the
Certificates

button. What message appears? Click OK and then

click OK in the Properties
dialog box.


4. Now use your Web browser to go to
gmail.google.com
.

This is the Web

interface to the Google e
-
mail facility. What protocol is being used

(notice what appears before the :// in the address)? Why
did that

automatically occur? What is different about the information exchanged

t
hrough e
-
mail and
through a sear
ch engine?


5 . Note the padlock icon in the browser address bar. Click the padlock
icon
to View the Website
Identification window,

Click "
More Information
".


6. Click View
certificates
.

Note the general information displayed under the General tab.


8. Now

click the
Details

tab. The fields are displayed for this X.509 digital

certificate.


9. C
lick
Validity

& then "
Not After
"
to view the expiration date of this certificate.


10.
Under
Certificate
,
Click
Subject

Public key
Info

and then
Subject's Public Key

to view the public
key associated with this digital

certificate. Why is this site not concerned with distributing this key?

H
ow does embedding the public key in a digital certificate protect it

from impersonators?


11.
c
lick OK again to
close the Certifica
te window
.


12. Now view all the certificates in this Web browser. Click
Tools and

Internet Options.


13. Click the
Content

tab.


14. Click the
Certificates

button.


15. Click
Trusted Root Certificate Authorities

to view the root certificates in

this Web b
rowser. Why
are there so many?


16. Click the
Advanced

button.


17. Under
Export

Format, what is the default format? Click the down

arrow. To which PKCS format
can this information be downloaded?

Why this format only?


18. Close all windows.


Viewing Digital Certificate Revocation Lists

(CRL) and Untrusted Certificates


Revoked digital certificates are listed in a Certificate Revocation List (CRL),

which can be accessed to
check the certificate status of other users.
Here
you
view the CRL and any untrusted certificates on
your computer.


1. Click
Start
, type
Run
, and then press
Enter
.


2. Type
CERTMGR.MSC

and then press Enter.

You should see a popup similar to below:




3. In the left pane, expand
Trusted Root Certification
Authorities
.


4. In the right pane, double
-
click
Certificates
. These are the CAs approved

for this computer. »


5. In the left pane, expand
Intermediate Certification Authorities
.


6. Click Certificates to view the intermediate CAs.


7. Click
Certification

Revocation List
.


8. In the right pane, all revoked certificates are displayed. Select a revoked

certificate and double

click it.


9. Double
-
click one of the revoked certificates. Read the information about

it and click fields for
more detail if necessary
. Why do you think this

certificate has been revoked? Close the Certificate
Revocation List by

clicking the
OK

button.


10. In the left pane, expand Untrusted Certificates.


11. Click Certificates. The certificates that are no longer trusted are listed in

the right pane.


12. Double
-
click one of the
untrusted certificates
. Read the information

about it and click fields for
more detail if necessary. Why do you think

this certificate is no longer trusted?


13. Click
OK

to close the Certificate dialog box.


14
. Close all windows.

D
ownloading and Installing

a Digital Certificate


In this project, you download and install a free e
-
mail digital certificate.


1. Go to
http://www.comodo.com/home/email
-
security/free
-
email
-
certificate.php
.

(Note:

lt is not unusual for Web sites to change the location where files are stored. If the preceding
URL no longer functions, then open a search

engine and search for "Comodo Free Sec
ure Email
Certificate"
)


2. Click
Free Download
.


3. You will be taken to the Application for Secure Email Certificate. If a

Web Access Confirmation
dialog box opens, click
Yes
.


4. Enter the requested information. Based on the information requested,

how
secure would you rate
this certificate? Under which circumstances

would you trust it? Why? Click
I accept

and then click
Next
.


5. If a Web Access Confirmation dialog box opens, click
Yes
.


6. Open your e
-
mail account that you entered in the application an
d
open

the e
-
mail

from Comodo.


7. Click
Click &
Install Comodo Email Certificate
.


8. Follow the instructions to install the certificate on the computer by

a
ccepting all default settings
.


9. Verify that the certificate is installed. Click
Start
, type
Ru
n,

and then

press
Enter
.


10. Type
CERTMGR.MSC

and then press
Enter
.


11. In the left pane, expand
Personal
.


12. In the right pane, double
-
click
Certificates
. Your personal certificate

should be displayed.


13. Close all windows.


Homework
: Using a Digital Certificate for Signing

Documents


In this project

which most of you can only do it you are on your home pc and using Windows as you
will be using the
digital certificate in Microsoft Outlook 2010.


1. Start
Microsoft Outlook 2010
.


2.
Create

an e
-
mail message to send to yourself.


3. Click
File
.


4. Click
Options
.


5. In the left pane, click Trust Center button at the bottom of the list.


6. In the right pane, click
Trust Center Settings
.


7. Click
E
-
mail Security
.


8. Click
Add d
igital signature to outgoing messages
.


9. Click
OK

and then click
Close

in the dialog box.


10. Click
Send
.


11. Note that when the message is displayed, the icon contains a seal

indicating that it was signed.


12. Open the message and note that it states

who the signer was.


13.
Close

all windows.




Configure Microsoft Windows Data Execution Prevention (DEP)


Data Execution Prevention (DEP) is a Microsoft Windows feature that prevents attackers from using buffer
overflow to execute malware. Most modern CPUs support an NX (No eXecute) bit to designate a part of
memory for containing only data. An attacker who la
unches a buffer overflow attack to change the "return
address" to point to his malware code stored in the data area of memory would be defeated because DEP will
not allow code in the memory area to be executed. If an older computer processor does not suppo
rt NX, then a
weaker software
-
enforced DEP will be enabled by Windows. Software
-
enforced DEP protects only limited
system binaries and is not the same as NX DEP. DEP provides an additional degree of protection that reduces
the risk of buffer overflows. In
this lab, you will determine if a Microsoft Windows system can run DEP. If it can,
you learn how to configure DEP.


1. The first step is to determine if the computer supports NX. Use your

Web browser to go to
w
w
w.grc.com/securable
. Click Download now

and follow the default settings to install the
application on your

computer.


Please note that t
he location of content on the Internet, such as this program, may

change without
warning. If you are no longer able to a
ccess the program through the preceding URL, then use a
search engine to search

for "GRC securable".


2. Double
-
click
SecurAble

to launch the program, as shown
below.







If it reports that Hardware D.E.P. is "No," then that computer’s proce
s
sor does not support NX.
Close
the SecurAble application.


3. The next step is to check the DEP settings in Microsoft Windows 7.

Click
Start

and
Control Panel
.


4. Click
System and Security

and then click System.


5. Click
Advanced system settings

in the left pane.


6. Click the
Advanced

tab.


7. Click
Settings

under
Performance

and then click the
Data Execution

Prevention

tab.


8. Windows supports two levels of DEP controls: DEP enabled for only

Windows programs and
services and DEP enabled for
Windows programs

and services as well as all other application
programs and services. If the

configuration is set to
Turn on DEP for essential Windows programs
and

services only,

then click
Turn on DEP for all Windows programs and services

except those I
s
elect
. This will provide full protection to all programs.


9. If an application does not function properly, it may be necessary to make

an exception for that
application and not have DEP protect it. If this is

necessary, click the
Add

button and then searc
h for
the program. Click

the program to add it to the exception list.


10. Close all windows and applications and then restart your computer to

invoke DEP protection.



Set Web Browser Security


Web browsers can provide protections against

attacks. In this project, you will

use the Windows
Internet Explorer (IE) Web browser.

This was done for IE9 but should work on higher versions too.



1.
Start

Internet Explorer.

Click the
Tools

icon and then click
Internet Options

to display the Internet

Options dialog box. Click the
General

tab, if necessary.


2
. First, remove all of the HTML documents and cookies that are in the

cache on the computer.
Before erasing the files,
look at what is stored in

the cache
. Under Browsing history click the
Setting
s button and then

click the
View files

button to see all of the files. If necessary, maximize

the
window that displays the files.


3
. Click the Last Checked column heading to see how long this information

has been on the
computer.


4
. Next,
select a cookie

by locating one in the Name column (it will be

something like cookie:
w
indows_7@microsoft.com).
Double
-
click

the

name of the cookie to open it. If you receive a
Windows warning

message, click
Yes
. What information does this cookie provide? Close

the cooki
e
file and open several other cookies. Do some cookies contain

more information than others?


5
. Close the window listing the cookie files to return to the Settings dialog

box. Click the Cancel
button.


In the Internet
Options

dialog box under
Browsing His
tory
, click
Delete
.


6
. In the Delete Browsing History dialog box, click
Delete All

and then
Yes
.

Close the
Internet
Options dialog

box.


Click the
Tools

icon and then click
Manage Add
-
ons
.


7
. Under Add
-
on Types, there are the different add
-
on categories.
Select an

add
-
on

that has been
added to this browser and view its name,

publisher, version, and type in the details section of the
window.
Close

the dialog box.


8.

Click the
Tools

icon and t
hen
Internet Options
. Click the
Security

tab to display the security
options. Click the
Internet

icon. This is the zone in which all Web sites are placed that are not in

another zone. Under Security level for this zone, move the slider to look

at the var
ious settings.


9
. Click
Custom

level and scroll through the ActiveX security settings.

Would you consider t
hese
sufficient? Click Cancel.


1
0
. Now place a Web site in the Restricted zone. Click
OK

and return to

your Web browser. Go to
w
ww.bad.com and vi
ew the information on that site. Notice that the status bar displays an Internet
icon, indicating

that this Web site is in the Internet zone. Click your
Home button
.


11
. Click the
Tools

icon and then click
Internet Options

to display the

Internet Options dialog box
again. Click the
Security

tab and then

click
Restricted

sites. Click
Sites
, enter www.bad.com, click
Add, and then OK. Now return to that site again. What happens this

time? Why?


12
. Click the
Privacy

tab. Drag the slider up an
d down to view the different

privacy settings regarding
cookies. Which one should you choose?

Choose one and then click
Apply
.


Click
Close
.


13
. IE 9
(and others)
also offers tracking protection. Click the
Tools

icon and then click

Safety
.


Click
Tracking

Protection.


Click the
Enable

button in this new window.


14.

There are two ways to add sites from which you will be protected. You can visit the Web site
that has added a script or cookie onto your

computer and then click the Settings button to add or
r
emove the site.

Another option is to download a list of sites. Go to
http://
ie.microsoft.com/testdrive/Browser/TrackingProtectionLists/Default.html
.


2
2
. Close all windows.