4.3

Practical 4-3: Hosts File Attack

In this practical, I am going to learn what is a hosts file attack.
It is by substituting a fraudulent IP address by either attacking the Domain Name System (DNS) or local host table.

First, I run notepad using the administrator account.
Next I open the hosts file which is located at C:\WINDOWS\system32\drivers\etc.
At the bottom of the file, I type in 74.125.47.99 followed by pressing tab and typing www.course.com
This is the IP address of Google.

In doing this, when a users types in www.course.com, it will link to google through the use of Google ip address.

4.1

Practical 4-1: Using the Wireshark Protocol Analyzer

First, download wireshark from www.wireshark.org
Install it.

A protocol analyzer (Also known as a sniffer) captures packets to decode and analyze one or more protocols into a human-readable format for the network administrator. It can also store packets on disk for further analysis later on.
http://www.answers.com/topic/packet-sniffer

In this practical, I am going to connect to a fake FTP connection.

Run the wireshark.
Click Capture > Interfaces > Start


Go to Start, type cmd and press enter.
Type ftp server1.
Packets will then appear on the wireshark.
Type exit and press enter and close cmd.

Open IE and go to www.bluehost.com/cgi-bin/uftp
Type in Gerald in username and happy for password.
It will display invalid as it is a fake account.


Then I went back wireshark and search for Gerald. And the information of bluehost.com is been found.

I think that this is actually most dangerous tool as it actually shows packets of information in forms of codes to the attacker.

3.3

Practical 3-3: Set Web Browser Security

This practical requires Windows Internet Explorer (IE) Version 7 Web browser and above to do.
Through this, I will learn how to do various security settings on the browser which can help protect my computer from the different threats out there on the net.

The security settings I would be doing are the cookies, Add-ons, Security Zones, Restricted Zones, privacy level and pop-up blocker.

Cookies

Tools > Internet Options > General Tab > Browsing History > Settings > View files


(Figure 3.2.1)

It has different kinds of information like where the user frequently browse which hackers can make use of to upload viruses on these websites without the knowledge of the user who is surfing the website.

Add-on

Tools > Manage Add-ons

Add-ons are additional programs that are needed to run things like media applications and other applications on the web browser. Examples of these are Java and Javascript. These settings allow user whether to enable/disable the add-ons used on the web browser.

(Figure 3.3.2)

As shown in the red box in Figure 3.3.2, this is where users can enable/disable the add-ons.

Security Zones

Tools > Internet Options > Security tab

Moving the slider of the Security level for this zone allows various settings.

Medium - prompts before downloading potential unsafe content and unsigned ActiveX controls.
Medium-high - Appropriate for most websites, prompts before downloading potential unsafe content and unsigned ActiveX controls.
High - Appropriate for websites that might have harmful content, maximum safeguards and less secure features are disabled.


Figure 3.3.3

This is where user would do their own custom settings for security zones.

Restricted Zones


Figure 3.3.4

When a website is added to the restricted zones, the next time the user enters that website, the security levels would automatically change to the High security level so that it is able to prevent malicious activity from happening.
Privacy Level

Tools > Internet Options > Privacy


Figure 3.3.5

It helps block cookies from being seen by other websites who try to use this to know peoples' browsing habits.

Pop-up blocker

Tools > Pop-up blocker > pop-up blocker settings


Figure 3.3.6

As what is name suggest, it is used to block unwanted pop-ups that the user does not want to receive. User can adjust the settings to set whether they want all the pop-ups to be block.

3.2

Practical 3.2: Test AV Software

First, as I was using VMware to do practical 3.2, my windows xp did not have any antivirus.
So I went to download a a antivirus.
After downloading that, I went on to do the practical.
I went to http://eicar.org/anti_virus_test_file.html and tried to download the file eicar.com
This file contains a fake virus so before downloading it, my av software detected it and prevented me from downloading it.


Next, I tried to download eicarcom2.zip. As it is a zip file, my av software did not detect that it was harmful. After downloading, right click the file and scan for virus. The av software detected a virus and remove the file.



AV software is a must for computers as it comes in handy to detect virus when running files.