Hands-on Project 4-3

What is DNS ?

" It refers to Domain Name System (DNS). It is a hierarchical naming system for computers, services, or any resource connected to the internet or a private network. It associates various information with domain names assigned to each of the participants.


Most importantly, it translate domain names which are meaningful to humans into numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide. "



Click here for source


------------------------------------------------------------------------------------


Homepage of website (www.course.com)


















Right click on notepad and run as administrator


























Navigate to C:\windows\system32\drivers\etc and select "hosts"

Type in the IP address for Google and the website that you want to direct from

After saving the file, go to www.course.com

The original website is now directed to Google.com

-----------------------------------------------------------------------------------

Reflection

Attackers can make use of the local hosts file and alter the user's most frequent website to another IP address, where by the website contains virus that is harmful to your computer. If they succeeded in planting virus like keylogger into your computer, then your personal information like passwords or credit card numbers will be captured down and transmitted back to the attacker without the user's acknowledgement.

And of course, the attacker wouldn't only target one user only, so there will also be countless of users out there affected by the same problem.

Hands-on Project 3-3

What is ActiveX ?

ActiveX is a set of technologies developed by Microsoft in 1996 that specifies how applications should share information.

ActiveX also poses some security problems. Firstly, when user decides to allow installation of an ActiveX control is based on the source of the ActiveX control and not based on the ActiveX control itself. The person who signed the control may not have properly assessed the control's safety and left open security vulnerabilities. Secondly, as a control is registered only once per computer and the control can be shared among all the users on the same computer, therefore if a malicious control is downloaded by one of the user, then the computer will be affected.

Active X in non-IE applications

It may not always be possible to use IE to execute ActiveX content (e.g. on a WINE installation), nor may a user want to.

- FF ActiveX Host can run ActiveX controls in Mozilla Firefox for Windows.
- Mozilla ActiveX Control was last updated in late 2005, and runs in Firefox 1.5.

Click here for source

--------------------------------------------------------------------------------

Window shown for internet options


























Click on "View Files" to view all the cookies

List of cookies shown

Click "Yes" to continue

Some samples of the information provided by the cookie

Click on "Delete" twice to remove all cookies

Window shown while deleting the files

Click on the highlighted option

Select "Run without permission"

Settings for different level of security

Security settings of ActiveX

Adding a website to restricted zone

Changes made to the page after adding it to restricted zone

Different privacy settings regarding cookies

------------------------------------------------------------------------------------

Reflection

The most common type of web browser used nowadays is the Windows Internet Explorer. In order to keep our computers secure, setting the right security settings for IE will play a very important role. This is because malwares are normally downloaded into our computer via the internet, hence keeping a high security level for our web browser will definitely help to reduce the risk of having a virus attack in our computers.

We can do this by blocking pop-ups from most of the websites ( prevents virus from being downloaded via pop-ups ), setting "medium-high" level of setting for privacy and also adding websites on the restricted zone.

Hands-on Project 3-2

Currently I'm using the antivirus software called "Symantec Endpoint Protection".

Key Features:

- Seamlessly integrates essential technologies such as antivirus, antispyware,
firewall, intrusion prevention, device and application control.

- Requires only a single agent that is managed by a single management console.

- Provides unmatched endpoint protection from the market leader in endpoint
security.

- Enables instant NAC upgrade without additional software deployment for
each endpoint.

Key Benefits:

- Stops malware such as virus, worm, Trojans, spyware, adware, bots, zero-day
threats and rootkits.

- Prevents security ooutbreaks thus reducing administrative overhead.

- Lowers total cost of owndership for endpoint security.

Click here for source

-------------------------------------------------------------------------------------

Homepage of EICAR

Links to download the files required

Warning message shown when trying to download file (eicar.com)
















Save eicar_com.zip in desired location



















Manually scan eicar_com.zip for virus



















Virus detected after scanning


















Save eicarcom2.zip in desired location

Manually scan the file for virus

Virus detected after scanning (same results as eicar_com.zip)

-----------------------------------------------------------------------------------

Reflection:

Antivirus software like Symantec Endpoint Protection may not be totally effective in protecting our computer systems from malwares. As shown from the results above, the antivirus software is not able to detect any malware present in a zipped folder before downloading, and the virus in the zipped folder can only be detected after doing the virus scan manually. Hence this proves that malwares can still be easily downloaded into our computer through zipped folders even though the virus protection is on. A lot of people including me does not have the habit of doing a virus scan after a file is being downloaded, therefore virus can still spread from one computer to another easily without the user's acknowledgement. So its still advisable to purchase a cd from a trusted brand and install, instead of using free trials found online.

Hands-on Project 2-3 (half done)

Search for "Irongeek Thumbscrew"














Click on the first link














Homepage of the Irongeek Thumbscrew














Click on the highlighted link to download the software














Save the thumbscrew file in desired location


















Download completed




















New icon found in the system tray

















Click the highlighted button to make USB read only















----------------------------------------------------------------------------------------

Reflection


As the thumbdrives that I have at home is not able to switch to read only, so I'm only able to complete half of the project.

It is important to control the permission of a USB device, especially when used by big organisations / large-scale companies. Because most of the information stored inside are normally not allowed to be amended by anyone, unless given permission to do so. If everyone is allowed to amend the information stored inside the USB device, then there will be a lot of confusion going around in the company/organisation, hence lowering the productivity.

By making the USB device read only, this helps to reduce the risk of leaking out confidential information of a company or organisation to a third party without the user's consent or acknowledgement.

Hands-on Project 2-2

Main Objective :
To understand how exactly does a keylogger functions, and how the data capture by the keylogger is actually presented to the attacker. This better understanding of the keylogger, will help us to prevent keylogger from being planted into our computer.

-------------------------------------------------------------------------------------------

Searching for Keyboard Collector using Google


















Search results displayed


















Homepage of the keyboard collector


















Click on the following link to go to the page to download the software



















Click on "Download Now" to download the software required


















Save the file in desired location inside computer

















Run the program












Installing keyboard collector trial



















Select "OK"

















Select "Run Keyboard Collector" then click on "OK"

















Click on the button to activate the trial software
























Click "Yes"









Click on the desktop shortcut to view the key log



















Captured Keyboard Logs

















No sign of keyboard collector software on windows task manager

























Reflection

The reason why keyboard collector software is not displayed under one of the applications running in windows ask manager, might be due to the fact that software keylogger programs hide themselves in the computer to avoid being easily detected by the user.

Maybe its because of the fact that I'm using VMware, so the keyboard collector is unable to capture the keystrokes, which cause my key log to be empty even after I have sent an email. But from the screenshot printed in textbook, I'm still able to understand what information is the keylogger is able to capture without having the user's acknowledgement.