Name:_______________________ COMP-2073

Objectives Get to know linux config files How to enable/disable services

Requirements Two virtual machines in lab manager: Windows XP and Linux erif! that !ou can get to the internet with the Windows XP virtual machine "ou must have !our student id in each screenshot or !ou will receive #ero Lab 4

1.

Try running autoruns a. b. http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx Screenshot of it running

2.

Enable an ssh server on Backtrack a. b. Type sshd-generate in the terminal then Type /etc/init.d/ssh start

c.

Use netstat to confirm the sshd is running (screenshot) netstat ant (screenshot)

d.

Now connect to the ssh server from one of your windows clients using putty (screenshot)

e.

Depending on your firewall rules you may need to make a rule for ssh

3.

Tcp Wrappers a. b. c. d. Edit the two files needed to allow sshd clients access So the tcp wrapper rules should allow only your two windows machines It should block ssh clients from everywhere else Screenshot the configuration

e.

And try it from at least one windows machine (screenshot) (putt)

4.

Audit account logon events a. b. c. d. e. From the command prompt type secpol.msc You should see the security policy options Find the Audit policy under Local Policies Now turn on auditing of logon events (screenshot) Now you will be recording all attempts to logon to the system

5.

Now find the password policy in Windows 7 a. b. c. d. secpol.msc Choose Account Policies Choose any two password policies in Windows 7 and turn them on Enforce the policies and take a screenshot

6.

Find one more policy that would block the command prompt a. Screenshot of how to block command prompt

7.

Install and Run Tiger/Tara a. b. c. d. e. f. g. Type apt-get install tiger Type tiger O run tara Download from http://www-arc.com/tara/ Untar with tar-xvf Run ./rata Screenshot of the report ADVANCED

8.

Ensure your browser is secure. a. b. c. Run a metasploit attack against any browser. Show it being exploited (there is a video of IE being exploited on youtube) Now tell me how to stop the attack

d.

Or do it and screenshot it

Lab Review Questions $% &n !our own words' describe what !ou learned b! com(leting this lab)

*% +ame , wa!s we can secure our -(erating .!stem/

0% 1x(lain tc( wra((ers' ex(lain the conce(t and the files associated with linux tc(wra((ers) ANS: with the use of tcp wrappers we dont have to ma e ru!es for a!!ow or den" some #$s% &e just update hosts%a!!ow or den" fi!es and we can b!oc or a!!ow an" #$s 'va!uation 2$3 4arks% 5om(letion of Pro6ects 7iscussion 8uestions () *)

References: http:++www%debian,administration%or-+artic!es+(. http://www.howtogeek.com/howto/12837/use-autoruns-to-manually-clean-an-infected-pc/