hands on projects

Hands-on Projects
PROjECT 1
FileVerifier ® is a tool that will compute hashes on
any single file, or all of your files at once. These hashes
are then checked to see if there have been any changes
to those files. FileVerifier can quickly check the
integrity of a large number of files.
FileVerifier is useful if you need to verify that
a given set of files has not been changed or altered in
any way. For example, it could be used to verify that
customer, employee, financial, or sales records were
not manipulated. If a file was changed without autho-
rization, it can be compared with an earlier version to
determine which changes were made. Using a file veri-
fier is one way IT security professionals can detect a
possible intrusion.
1. Download and install FileVerifier from http://
www.programmingunlimited.net.
2. Start, All Programs, FileVerifier , and FileVerifier .
3. In FileVerifier , click the Options button.
4. Change the Default Algorithm to MD5.
5. Click OK.
6. Click on the Dirs button to select the directories
you want. (You can also select individual files.)
7. Browse to and select your downloads directory.
8. Click OK.
9. Take a screenshot.
10. Click the Verify All button. (Browse to your down-
loads directory if necessary.)
11. Click OK.
12. Take a screenshot.
13. Create a new text file named YourNameHash.txt,
and save it in your downloads folder. (Replace
YourName with your first and last names.)
14. Open the text file labeled YourNameHash.txt you
just created in your downloads folder.
15. Add your name to the contents of the text file.
16. Save your changes to that text file by clicking File
and Save.
17. Close the text file.
18. In the FileVerifier window, click Verify All again.
(Browse to your downloads folder if necessary.)
19. Scroll down until you can see the text file that you
changed. (It should be highlighted in red.)
20. Take a screenshot.
PROjECT 2
Good administrators check their logs regularly. They
need to know what went on when they were away. They
need to look for intruders, compromised machines, sto-
len or deleted files, and so on. The list of things to look
for can be extensive.
Microsoft Windows Event Viewer® is a simple
program that organizes these logs in a way that makes
Chapter 7 • Host Hardening 443
them easy to view. Learning how Event Viewer works
is a great training platform for beginners. It is also a
useful diagnostic tool.
In this example, you will enable logging of secu-
rity events, log in and out of your machine, and then
look up the event in Event Viewer.
1. Click Start, Control Panel, System and Security,
Administrative Tools, and Local Security Policy.
2. Click on Local Policies and Audit Policy.
3. Double-click on the policy labeled “Audit account
logon events.”
4. Select both Success and Failure.
5. Click OK.
6. Double-click on the policy labeled “Audit logon
events.”
7. Select both Success and Failure.
8. Click OK.
9. Take a screenshot.
10. In the control panel, click System and Security,
Administrative Tools, and Event Viewer.
11. Click Windows Logs and Security.
12. Take a screenshot.
13. Log off your computer (you don’t need to shut
down) by clicking Start, the drop-down menu next
to Shut down, and Log Off.
14. Log onto your computer by clicking your user-
name and entering your password.
15. In the control panel, click System and Security,
Administrative Tools, and Event Viewer.
16. Click Windows Logs and Security.
17. Take a screenshot.
18. Double-click on the Logon/Logoff event that was
just recorded.
19. Take a screenshot.
20. Click Close.
21. Click Applications and Services Logs and Microsoft
Office Sessions.
22. Click on one of the log events.
23. Take a screenshot.
Assignments Submission Direction for all Lab assignment and projects
Before you start working on the projects, keep a word document open. Take screen captures while performing the steps, and plug them in the document. Do not forget to number the steps. That will help me to check if the screen capture matches with the step, and how did you complete the project.
Once the last step is done, I want you to look back at all the steps and the purpose of the project. Write a brief lab reflection -i.e . what did you achieve in the lab, why did you do, and what did you learn. I do not want to know “how did you do’. The screen captures will show me anyway ‘how did you do’.
Please submit a single document with all projects.
I reserve the right to deduct points if your screen captures are not clear enough. i.e. time-stamp on your host machine , or your user name in the virtual machine.