DOC PREVIEW
FSU CIS 5930 - Windows Securing

This preview shows page 1-2 out of 5 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 5 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 5 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 5 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

CI-Security ScoringAPPLIED SECURITY—SPRING 2007BRENO DE MEDEIROS, INSTRUCTOR.2nd Programming Assignment. DUE on 02/28Points: 100Windows Lockdown LabPart I: Patches and ServicesThe purpose of this lab is to introduce you to the popular software tools available to assist you inlocking down Windows XP. This lab should be performed IMMEDIATELY after installingWindows XP onto a machine.DO NOT UPDATE YOUR PC VIA WINDOWS UPDATE/MICROSOFT UPDATEBEFORE SCANNING THE MACHINE! ALSO, MAKE SURE THAT AUTOMATICUPDATES ARE TURNED OFF, WINDOWS REMOTE DESKTOP IS TURNED ON, ANDTHAT WINDOWS FIREWALL IS TURNED OFF.1. Microsoft Baseline Security Analyzer/hfnetchk:a. Download MBSA from http://www.microsoft.com and install it on your WindowsXP machine.b. Download the latest version of hfnetchk from http://hfnetchk.shavlik.com andinstall it on your Windows XP machine. You will be warned that there is an olderversion of hfnetchk already installed on the machine. This is because MBSA usesthe hfnetchk application as its patch detection engine, so an older version ofhfnetchk was installed when you installed MBSA. Go ahead and proceed with theinstallation.c. Run MBSA targeting the local machine.d. Copy the scan results and paste them to a text file.e. From the command line, run hfnetchk with the –vv switch and redirect the outputto a text file.f. Summarize the MBSA scan results.i. What was the “security assessment?”ii. How many patches were missing?iii. How many of these patches were critical?g. Research 5 of the critical updates that were missing and identify any exploits thatexist. HINT: Use the data gathered by hfnetchk when run at the commandprompt to assist you. 2. Nmap:a. Perform an Nmap scan on your Windows XP machine.b. Save the scan results to be printed later.c. Summarize the scan results.i. Which ports does Nmap report as open?ii. Explain how Nmap may be used to help compromise a system.3. Nessus:a. Perform a Nessus scan on your Windows XP machine.b. Summarize the scan results.i. Which services does Nessus report as running?ii. Which services/processes does Windows report as running?iii. Explain how Nessus may be used to help compromise a system.c. Briefly research the running services. Which services, if any, may be stoppedwithout crippling the Operating System? Why? UPDATE YOUR MACHINE WITH ALL THE APPROPRIATE PATCHES (KEEP INMIND THAT THIS MIGHT MEAN THAT YOU HAVE TO RUN WINDOWS UPDATEMORE THAN ONCE).4. Microsoft Baseline Security Analyzer/hfnetchk (AGAIN):a. Rerun MBSA targeting the local machine.b. Copy the scan results and paste them to a text file.c. Summarize the second MBSA scan results.i. What was the “security assessment” the second time?5. Nmap (AGAIN):a. Perform an Nmap scan on your Windows XP machine.b. Save the scan results to be printed later.c. Summarize the scan results.i. Which ports does Nmap now report as open?ii. Are these results any different from the first time this was run? If so,how?6. Nessus (AGAIN):a. Perform a Nessus scan on your Windows XP machine.b. Summarize the scan results.i. Which services does Nessus report as running?ii. Which services/processes does Windows report as running?c. Are these results any different from the first time this was run? If so, how?Part II: Password HardeningYou will be introduced to methods by which Windows stores passwords, and to some toolsavailable to evaluate password strength and to crack passwords.Windows Password Hardening7. Add 4 users to your Windows XP machine. Make 1 user a member of the administratorsgroup and make 3 users members of the users group (the usernames may be whatever youlike).a. Set the password for the first user to an English word with six or fewer letters.b. Set the password for the second user to an English word with seven or moreletters.c. Set the password for the third user to a different English word with six or fewerletters appended by 2 characters other than letters, such as monkey#2 or saturn1+.d. Set the password for the administrator account you just created to a strongpassword. In this case, a strong password is defined as a password at least 8characters long, and contains at least one uppercase and lowercase letter, asymbol, and a number.8. Before continuing, conduct some research on the Windows SAM. What is the SAM andwhere is it located? What access privileges on the NTFS ACL does the SAM have? Howwould you go about performing an OFFLINE password attack against the SAM?9. Download Cain and Abel from http://www.oxid.it and install it.10. You shall now perform an ONLINE password attack against the SAM. Dump the localSAM database into Cain’s password cracker.11. Run a dictionary attack on all of the users (you may use LM only).a. Were any of the attacks successful? If so, how long did it take to crack?12. Run a Brute Force attack on all of the users (you may use LM only).a. Were any of the attacks successful? If so, how long did it take to crack?b. Which password has the longest time to be deciphered and how long will it take?c. You were asked to use LM cracking versus NTLM and NTLM v2 cracking (this isbecause LM hashing, a weaker hashing algorithm, is enabled by default). Whatare the differences between the three hashing algorithms? Briefly describe howthe three work. Why does LM hashing still exist as an option if it is relativelyinsecure?13. The last form of attack in Cain and Abel is called “Cryptanalysis”, and it uses rainbowtables to crack passwords. These rainbow tables must be created, or you can use rainbowtables from other projects. In particular, Cain and Abel’s software is compatible withrainbow tables created for Ophcrack. Download and install the free rainbow tablesavailable at http://ophcrack.sourceforge.net/, and use the Cain and Abel onlinedocumentation as a guide on how to install and run the tables.a. What is a rainbow table? b. What are the advantages and disadvantages to creating and using rainbow tables?Answer based on your observation of comparative performance of the rainbow-table based attacks relative to the other attacks.c. In your opinion, is this a viable option to crack passwords? Why or why not?Consider also the availability of more comprehensive rainbow tables for sale.14. Download bd050303.zip from http://home.eunet.no/~pnordahl/ntpasswd/. a. Create a


View Full Document

FSU CIS 5930 - Windows Securing

Download Windows Securing
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Windows Securing and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Windows Securing 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?