University of Baltimore
Merrick School of Business

Mini-project 2: testing security of Windows.

Go to the MISLAB. Go to the XP VM machine and log as student in your group XP "machine" as follows: Group 1: MisLab 02, Group 2: MisLab 04, Group 3: MisLab 06, Group 4: MisLab 08, and Group 5: MisLab 10.

1. Think about physical security: what can you do to prevent somebody bringing a diskette and booting from it, or yet install another copy of Windows? How can a person with a diskette read files in a directory formatted in NTFS (Hint: NTFSDOS)? Of course if your machine is off and you have a key to it you could just turn off the key, but suppose you cannot turn off your machine or your machine does not have a key? (Hint: think about the BIOS). Should users set screen-savers for security reasons? If they should, what and how should you, as administrator, do to increase security?

2. What ports are active in your machine (take snapshots)? (Hint: use Active Ports and NukeNabber). Suppose you decided to close the default ports for Back Orifice, NetBus, SubSeven and one more backdoor program of your choice (see PacketStorm for additional backdoor programs). How can you do this using a simple firewall? Install one and do it. Show me.

3. Read OPtOut and install a sniffer in your machine (CommView, for example). Explain how it works and show an example of it running in your group machine.

4. Download and install Cain in your machine. Obtain the LSA secrets. Show me. See if you can get any other interesting information. Do the same for LCP, that uses the same techniques of lsadump2, and if does not work (a hint), why does not?

5. Download and install l0phtcrack from their new site. The free trial should go for 15 days, so be sure to do this item within this timeframe. See if it can crack the XP virtual machine passwords. You will see both the LanMan and NT Hashes. Show me. It will use brute force to try to crack the passwords. You need to be admin to run this, and it may take some time to finish.
6. Open Local Security Policy and (a) set account policies which increase password security (explain what and why, see this article.), and (b) set the Audit Policy. Show me. Where can you see if there were security events you asked to be logged (show me an image)?

7. Now it is time to a more delicate security action. Close ports 139, 445 and do not let XP/2K save the LAN Manager hash value of the passwords. Show me. Hint: see this slide.

8. Another delicate operation: install BOWall. Explain how it works and its importance. Select a .dll to "fix", save it with another name (create a backup) and use BOWall to protect it (take a snapshot to show you did it). Once it is done, restore the original .dll file.

9. Turn SYSKEY on in your system and explain what it does (what it protects) and describe what you did (show snapshots, etc). What is the impact on end users?

10. Finally, check for critical security patches (Hint: install Microsoft Baseline Security Analyzer to check your system). Report the results -- capture the output. You may fix the most critical problems found.

Submitting the report

• Post your group project report in the Mini-project 2 entry of the Assignments folder of one of the group members in WebTycho.
• You should submit just one file per group in zip format.
• Place all your files of the project in one directory and use a free compression software from Nonags to create one file in zip format.
• You may find difficult sometimes to save some of the screens you see. If this is the case, please use a free software for screen capture you can download from Nonags.
• If you have problems capturing to your liking the reports, please use a free software from PrimoPDF to create a PDF file.

This page is maintained by Al Bento who can be reached at abento@ubalt.edu This page was last updated on September 25, 2009. Although we will attempt to keep this information accurate, we can not guarantee the accuracy of the information provided.