Tutorial #1

Lab#: 1

Securing your system

Lab 1.2: Tenable Nessus

Nessus currently works on Windows, Linux, and Mac. It is a vulnerability scanner, which allows you to scan a targeted system or a range of systems and identify any vulnerabilities or weaknesses. In this exercise you will learn how to work with Nessus.

Nessus has two parts a server, which is already set up, and the client which you will be working with. When you first lunch the Nessus client you need to connect to the server.

Conti…Click on connect on the bottom left corner. A list of

servers will appear, chose your server, and click connect.

After connecting to the server, the left side tap would show targets that can be scanned; you can add a new target; which could be a single host or a range of hosts. Click on add.

Chose Single host, and type in your PC’s IP address.Highlight your host and click on Scan.Nessus will generate a whole report about the

scanned system.

Lab 1.3: Run the Microsoft Baseline Security Analyzer The Microsoft Baseline Security Analyzer

(MBSA) currently works with Microsoft Windows Sever 2003/2008, as well as Windows Vista, Windows XP, and Windows 2000. It allows you to scan a system and identify weaknesses and misconfigurations. To run MBSA, follow these steps:

1. Log in with administrator privileges and download the latest version of MBSA from http://technet.microsoft.com/en-us/security/cc184924.aspx.

Conti…2. When prompted, choose to install the

application. After the installation is complete, run MBSA.

3. Choose the option ‘Scan a computer’.

4. The default computer to scan will be the one you are sitting at, but you can change this to another on the network by specifying either the computer’s name or IP address.

5. Click Start Scan.

Conti…6- View the report that is given when the

scan finishes. The report will include information on missing security updates, and service packs for the operating system as well as Microsoft applications. It will also identify any user accounts that have blank or simple passwords, firewall status, the number of local administrators configured, unnecessary services.

Figure 1.3 MBSA

Figure 1.4 results of MBSA

Lab 1.4: Update a Windows-Based System

Whether you are running Windows Server 2003 or 2008, you’ll use these steps to look for updates to your system and to begin installing them:

1. Log in as administrator and start Microsoft Internet Explorer.

2. Go to http://v4.windowsupdate.microsoft.com/en/default.asp.

3. Click Express. The system will be checked, and you can choose to install any updates that are found.

Lab 1.5: Configure Windows Automatic updates

One of the most important things you can do to keep your systems secure is to keep them up-to-date. In this exercise, you’ll turn on Automatic Updates for a Windows XP Professional workstation:

1. Start the System applet by choosing Start Control Panel System. *Switch the view to Classic mode

2. Click the Automatic Updates tab. 3. Check the Keep My Computer Up To Date option

(with some service packs, this becomes simply an Automatic radio button).

Conti…4. In the Settings section, choose the Download

the Updates Automatically and Notify Me When They Are Ready to Be Installed radio button

(based upon the version of service pack you have installed, this option may not be present).

5. Click OK, and exit the System applet. This option allows the operating system to download and install updates as they become available. Some updates—such as service packs—usually require a reboot in order to be active after the installation.

Lab#: 2

Identifying running processes, ports, and services

IntroductionIt is important to know what processes are

running on a machine at any given time. In addition to the programs that a user may be using, there are always many others that are required by the operating system, the network, or other applications.

Lab 2.1: Identify Running Processes on a Windows-Based Machine

All recent versions of Windows include the Task Manager to allow you to see what is running. To access this information, follow these steps:

1. Right-click an empty location in the Windows Taskbar.

2. Choose Task Manager from the pop-up menu that appears.

3. The Task Manager opens to Applications by default and shows what the user is actually using. Click the Processes tab. Information about the programs that are needed for the running applications is shown, as well as all other processes running. (If the Show Processes From All Users check box appears beneath this tab, be sure to click it.) Many of the names of the processes appear cryptic, but definitions for most (good and bad) can be found at http://www.liutilities.com/products/wintaskspro/processlibrary/.

Conti…4. Examine the list and look for anything out

of the ordinary. After doing this a few times, you will become familiar with what is normally there and will be able to spot oddities quickly.

Conti…5. Notice the values in the CPU column.

Those values will always total 100, with System Idle Processes typically making up the bulk. High numbers on another process can indicate that there is a problem with it. If the numbers do not add up to 100, it can be a sign that a rootkit is masking some of the display.

6. Close the Task Manager.

Lab 2.2: using Processes explorer to identify running Processes, Ports and Services

Process Explorer is a system monitoring and examination utility and can be used as the first step in debugging software or system problems.

To use Process Explorer follow these steps:Double click “procexp” on your desktop.

Conti…Click Ctrl+L. a lower panel will show up.

The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded.

Figure 2.1 Process Explorer.

Click Ctrl+I, a system information window will appear showing statistics and graphs about the system.

Click on any process from the top window (i.e. svchost.exe), and right click on it and chose ‘properties’.

Figure2.2 System information from Process explorer

Lab#: 3

Windows system

Lab#: 3It is important for a security professional to

know the way around your system, either windows, Linux, or any other system. In this Lab, you will be learning some important security aspects in the Windows system; this lab will go over users and permissions, sharing and folders permissions.

Lab 3.1: Adding new user in Windows

User name is the ID used by windows and a lot other systems to identify users, in this exercise, you will be creating new user on your windows system, to do so follow these steps:

Conti…Choose Start Control Panel.Double click ‘User Accounts’.Click the Create a New Account link.Enter a name for the account.Select the type of account you want to create

for Windows.Click the Create Account button.Close the Control Panel.

Figure 3.1 adding a user.

Lab 3.2: Identify User Accounts with Administrator Access in Windows XP

User management is simplified by adding users to groups. To see which users are members of the Administrators group, follow these steps:

1. Choose Start Run Click on Start enter compmgmt.msc, then click on the OK button

2. Within the left frame, expand Local Users and Groups and then expand Groups, as shown in Figure 3.2.

3. Double-click Administrators and a list of users appears. You can use the Add or

Remove button to place users in this group or take them from it, respectively.

4. Exit the Computer Management console.

5. Exit Control Panel.

Figure 3.2 Expand the Groups folder to see the local groups.

Lab 3.3: Hide and Access a Windows Share

This lab requires two Windows workstations.A simple method for “protecting” shares is to

make them hidden. To hide a share in Windows, you use the dollar sign character ($) as the last character of its name. It will then no longer appear in listings and will need to be referred to specifically to be accessed.

Follow these steps:1. On Computer1, choose to share the C:\

WINDOWS directory, and name the share DATA$.

Conti…2. On Computer2, look for the share. Use My

Network Places (or Network Neighborhood on older Windows operating systems) to look for the share. You should not be able to see the share because the name ends with $.

3. Right-click My Network Places and choose Map Network Drive.

4. In the Path box, type \\Computer1\DATA$.5. Click OK. You should now be able to access

the share.

Lab 3.4: Secure the Account Database

The Windows XP account database can be secured through encryption to prevent it from being compromised. To perform this action, follow these steps:

1. Choose Start Run.2. Type syskey and press Enter. The dialog

box shown in Figure 3.3 appears.3. Click Update. The dialog box shown in

Figure 3.3 appears.

Conti…4. Choose Password Startup.

5. Enter a password that you want to require during startup.

6. Enter the same password in the Confirm box.

7. Click OK.Note the warning—once encryption is

enabled, it cannot be disabled.

Figure 3.3 Use encryption to secure the Windows XP account database.

Lab 3.5: Changing ACL for a folder

Access Control Lists apply only to files stored on an NTFS formatted drive, each ACL determines which users (or groups of users) can read or edit the file. When a new file is created it normally inherits ACL's from the folder where it was created.

The easy way in Windows is by right clicking on the folder and changing the privileges, to do so follow these steps:

1. Double click the folder ‘My Document’, and then create new folder in it.

2. Right click on the new folder, and chose ‘properties’.

Conti…3. Click on the 3rd tap ‘Security’.

4. You will see all users, including the user you have created. Click on any user.

5. User’s permissions are displayed in the bottom window; you can change any permission by clicking on ‘Allow’ or ‘Deny’.

6. Click on advanced and explore what other options you can perform.

Thanks !

Tutorial Delivered By :Maqsood Mahmud

Researcher/TA,Center of Excellence in Information Assurance,

College of Computer and Information Sciences (CCIS),King Saud University ,

Riyadh ,Kingdom of Saudi Arabia.

Cell: +966-544062273Office: +966-1-4697350Fax: +966-1-4675423

E-mail : information493@gmail.comWeb: http://faculty.ksu.edu.sa/maqsood