IFSM 430 Lab exercise 3 Use the 'md5sum' program on Linux to generate a MD5 checksum of a file. Create a small text file (not a Word doc!) either on Windows and upload it to Linux with ftp or create it on Linux ('jed' is a simple text editor with pull-down menus), then run the md5sum command: md5sum myfilewhateveritsnameis The output is the MD5 checksum:_______________________________ Each character is a hexadecimal digit that represents 4 bits, so an MD5 checksum is how many bits:______ Make a one-bit change to the file by changing one letter to the next letter, say a 'b' to a 'c', run the md5sum program on the changed file, what is the result (in words):_____________________________ _______________________________________________________ On Linux, do a software fingerprinting of an Internet server. We'll see what web server software www.ad.umuc.edu is. telnet can be used to connect to any TCP port, not just the telnet port 23. The port number just needs to be added to the command: telnet www.ad.umuc.edu 80 80 is HTTP (web) port HEAD / HTTP/1.0 HTTP "command" to the web server blank line (hit Enter) What is the web server and what is its version: __________________________ Use the 'dig' command to discover the DNS servers of a domain. dig www.ad.umuc.edu The NS records show the name servers for ad.umuc.edu and umuc.edu domains: ________________________________________________ _________________________________________________________ Certificates in Internet Explorer: Tools|Internet Options|Content|Certificates|Intermediate or TrustedRootCertificationAuthorities Select one of the VeriSign ones that hasn't expired. How long is this certificate valid for:_______________ "Public key" was issued by this CA (certificate authority) to you (actually, your system). The matching private key was also part of the certificate and is now installed on your system. The certificate is your system's way of showing the world that this public key is indeed yours. Your system sends the certificate to someone who wants to send you encrypted messages. The certificate has been digitally signed with the CA's private key, proving that it was issued by the CA. Now other systems can send you messages encrypted with your public key that only you can decrypt using your private key. What type is the public key and how many bits does it have: _______________ "Thumbprint" is the cryptographic checksum of this certifacte (to detect if it's been corrupted). What algorithm does it use? ________ How many bits does this checksum use (count the hex digits and multiply by 4): _______ Encrypt a file on Windows NTFS. In Windows Explorer, right click the Properties of a small text file (not a Word doc!) (create one if nothing's handy), Advanced, "Encrypt contents to secure data", choose File Only. In "Details" (try to) Remove user student so that decryption is not automatically and transparently done. Well, if there were any other (certified?) users of the computer we could remove student and then see the contents of an encrypted file... Someone figure out a way to see the encrypted file. What color is the file listed: _____________ W32.Swen.A@mm is a virus/worm. Start the antivirus from the system tray. What is the date of the Virus Definition File: __________ If it is not from 2004 alert me. In the Linux account is file 'swen.virus'. What is the length of the swen.virus file on Linux: _____________Use ftp to download it to Windows. The antivirus on Windows should automatically detect it and quarantine it, but even if it doesn't the file is harmless unless executed on Windows (which you will not do). If your antivirus doesn't alert you alert me. Start the antivirus from the system tray, look at Histories to see the information about the detection of that virus. Go to www.symantec.com and search for swen. Look at the first hit. What is the Type of swen: _________________ What is its Infection Length: _____________ Internet Connection Firewall of XP. Ping your system from your neighbor (have your neighbor ping your computer); the pings work and get a REPLY. XP has a built-in firewall. Need to log in as administrator: "class admin" LocalAreaConnection|Properties|Advanced|InternetConnectionFirewall click the checkbox, then Settings, then ICMP (which is the protocol that ping uses). Notice nothing is allowed, in particular "Allow incoming echo request" (which is what pings sent to a system are). but these are not activated until you "OK" all the way back out. Now ping your computer from another one, what happens: __________________ Go back to the Advanced Settings and look at Security Logging. What is log file: __________________________ Click the "Log dropped packets" options (and maybe have to OK all the way out). Ping your computer from another. Use Windows Explorer to go to the log file and open it. What is the "action" done on the ICMP packets that just happened recently: _________ Ok. Now turn off the firewall.