2.5

Practical 2-5: Download and Install VMware Workstation

For this practical, I would be using a different software. It is the VMware Workstation.
VMware Workstation is used for creating and using virtual machines. I have already know how to use Vmware Workstation as I have used it a few times.

VMware Station is a useful software as it allows users to save space, cost and time getting another computer. It is useful in cases like testing unknown software/anti-virus protection. If the server is affected, it can just be closed by the user.

VMware Workstation can be downloaded from www.vmware.com and located under Downloads.

To create a virtual machine:
File > New > Virtual Machine > Typical Setup > Choosing OS > Filling up required information of the OS planning to install.

2.4

2.3

Practical 2-3: Block a USB Driver

Blocking USB drive is to use third-party software to control USB driver permission.

First I went to http://www.irongeek.com/i.php?page=security/thumbscrew-software-usb-write-blocker.
After downloading, I unzip the file and run it. (An icon appears at bottom left of task bar)

After transferring file from documents to thumbdrive, I click the new icon at task bar and select 'Make USB Read Only'.
This prevents files from being transferred to the USB Drive or files being edited. It only allows files to be read.

This second picture shows how to make the USB drive writeable.
'Writeable' means that it allows files inside the USB thumbdrive to be edited, transferred in/out of thumbdrive and to be read.

This tool is very useful.
It helps prevents files from being transferred out of the laptop incase when the user is not around. However, it is very easy to be disabled if a user has encounter this before.

2.2

Practical 2-2: Use a keylogger

First I went to www.softdd.com/keystrokerecorder/index.html to download the keylogger.
After download, I installed the keylogger.

This practical would show me the use of a keylogger and by the end of this practical, I would roughly know the dangers of the use of a keylogger.

First, I run the program, it would ask for a password. Just click ok twice.
Tick the checkbox, 'Always run (Ignore start time)'
Activate the keylogger by clicking the activate/start button.


Now I went to do a fake email checking.
I click the keyboard collector again. This time I deactivate it and click view log.


Things learn.
Keylogger can be placed and run at any computers without the user knowledge.
Do not view files and accounts that require sensitive passwords.

2.1

Practical 2-1: Scan for Rootkits using RootkitRevealor

Rootkit - A set of software tools used by an intruder to break into a computer, obtain special privileges to perform unauthorised functions and removing all traces of it.

In this practical, I would be using a rootkitrevealor and learning how to use it.
First, I went to http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx to download the rootkit revealer.
I extracted the file and run it.
When it is running, accept the Rootkit License Agreements.
It looks like other scanners just that this is for rootkits.
Click file then scan.
It will display discrepancies between the Windows registry keys and other parts of the registry. Any discrepancies does not necessarily mean that a rootkit is detected.

1.4

Practical 1-4: Scan for Malware Using the Microsoft Windows Malicious Software Removal Tool.
From reading the title of this practical, it is obvious that we would be doing a scan of the computer.

First, I go to http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en.
This is the microsoft download centre for the Malicious Software Removal Tool.
I save the file to my desktop.
Run the file and a dialog box would appear.
Click next.
Quick Scan - It only scans areas that malicious software would most probably be.
Full Scan - Entire system scan.
Custom Scan - In addition to quick scan, users can also input where else they would want their system to be scan.

Since I was rushing for time, I used quick scan.

The scan would last around 1-2mins.


Scan completed and there is no malicious software detected.

1.3

Project 1-3: Inspection for Insecure Versions of Applications Using Secunia Software Inspector

For this practical, I would be using Secunia Software Inspector to check for applications that are not patched. Nowadays, unpatched applications softwares programs are increasingly becoming targets of attackers.

First, I go to http://secunia.com/vulnerability_scanning/online.
This websites runs a scan of your computer for any unpatch applications. It will alert you of the programs that your computer have which are not patched and will give you links of which for you to download patches to the applications.


This picture above shows that it has applications that are unpatched and it also provides the link for the user to go to download it.



However, for this picture, all of its applications have been patched.

Overall, I think that the software inspector is an excellent tool. It is useful for people that are not so up-to-date with application patches and for applications that the user does not use often.