IFSM 430 Lab exercise 28 Jan. Using the CERT Advisory CA-2003-28 handout find the file with the vulnerability on your system. What is the file's full pathname, size and modification date:______________________________________________ Look at the Workstation service: Start|PRograms|Administrative Tools|Services What is the status of this service:____________________________ What is its startup type:__________________________ What are the three startup types for services:__________________________ What is the executable's pathname:_____________________________ Go to www.cert.org What is Advisory CA-2003-20 about: _________________________________________ Which advisory is about Nimda: _________________________________ What is the "only safe way to recover" from a Nimda compromise: ________________________________________________________ Go to www.grc.com to use the well-known Gibson Research ShieldsUp to a security scan of your computer. Navigate to the ShieldsUp page. What is the "machine name" and IP address that it reports your computer as: ________________________________________________ (This is actually the name and IP of our router. The lab computers are invisible to the Internet.) Do a common ports scan. What are the common ports that are scanned? __________________________________________________________________ __________________________________________________________________ What are the 3 categories: _______________________________ Which is the best category: ______________________ What category are our common ports in: ____________________________ FTP Use anonymous ftp to download a file from the Linux server. At the command prompt: 'ftp 192.168.0.197' Login as user 'anonymous', password can be anything or, traditionally, your email address, or nothing. 'ls' lists the directory. Publically available files are in the pub subdirectory. Typically with anonymous ftp you're limited in what parts of the system you can access and you can't upload files, only download. 'cd bin' to change to the bin directory. Do 'ls' again to see what happened: ______________________________ 'pwd' shows the present working directory (where you "are"): ____________ 'cd ..' takes you up one directory level to the parent directory 'cd pub' to change to the pub directory 'ls -l' to see what's there. what's the size of the zonealarm.exe: _____________________ Download the zonealarm.exe file: 'get zonealarm.exe' Then logoff the ftp server: 'quit' (or is it 'exit'?, one of them) ftp to the Linux server and logon as user 'ifsm430' and you'll have to give the correct password. With non-anonymous ftp you typically have as much access as you have when telneting. 'cd ..' takes you up one directory level to the parent directory 'ls -l' What is the modification date of your home directory? ________________________ 'cd ifsm430' to move back down to your home directory. Upload a file that has your name as its name (e.g. if your name is smith, create a small file on Windows named smith using whatever method you want to create the file). Upload with 'put filename' Do 'ls -l' to see your file on the Linux server. What is the line with your file: ___________________________________________________________ Log off Windows and log on as 'class admin' and I will type in the password. Install ZoneAlarm. Make up a name and email address. Survey can be skipped. Start it now. Select ZoneAlarm. Wait. Accept the default alerting of accesses. What programs and Windows components need network access and will be preconfigured for safe access: ______________________________ Skip the ebay and tutorial. As soon as this firewall is running it will detect and stop acces attempt to your computer, so you might see some alert pop ups. Most of these are harmless chatter that computers on a LAN need to engage in. Overview shows number of "blocked intrusions": __________ Firewall shows Internet Zone Security level: ________________ Program Control shows its level: _______________ Its Programs tab shows the programs that have tried to use the network and whether they are allowed to or not. What two programs can Access the Internet: __________________________________ Change IE to block access to the Internet. Start IE. What happens: __________________________ ping 192.168.0.197 What happens: ________________________ Allow it. Repeat. Set it so that you don't get alert each use. ping your computer from another computer (have your neighbor ping you). What kind of Alert pops up: ___________________ telnet 192.168.0.197 What does ZoneAlarm do: ____________________ From the Linux server run nmap of your computer. Alerts&Logs lists all the alerts that have popped up. How many came from 192.168.0.197: _____________ How many "intrusions" have been blocked so far: ___________ Shutdown ZoneAlarm. Uninstall it: Start|Settings|Control Panel|Add/remove Programs choose ZoneAlarm and remove it. Reboot and log on as student.