For most chapters in the course you will need to complete some assignments which may include homework and/or labs. The specific type of assignment(s) varies depending on the chapter. This page will list the labs and/or other assignments you need to complete, organized by chapter. If you have any questions about these assignments please contact the instructor for clarification or assistance. All assignments are due as indicated on the course schedule.

Chapter 1

There is no homework or lab assignment for chapter 1.

Chapter 2

Prepare a Windows XP VM

Your first task is to prepare a Windows XP virtual machine which we will use throughout the course as a lab system. In the lab we will use the Oracle VirtualBox software and a pre-built Windows XP system which we will make a copy of specifically for this class.

1. Open the D: drive of your computer by clicking the Start Menu and typing "d:" in the search box, then pressing Enter.
2. Create a new folder on this drive titled "fa11-yourlogin" where you have replaced yourlogin with the username you use to log in to the system
3. Start the VirtualBox software Start -> All Programs -> Oracle VM VirtualBox -> Oracle VM VirtualBox
4. IMPORTANT!!! Change the default storage location for your VMs to your new "fa11-yourlogin" folder by clicking File -> Preferences and selecting "Other..." from the "Default Machine Folder" drop down list on the "General" page. Navigate to the Computer -> D: -> "fa11-yourlogin" folder and click OK. Verify the folder location is correct for the "Default Machine Folder" setting and click OK.
5. Import the base virtual machine. Click the File -> Import Appliance menu option then click the "Choose..." button. Navigate to Computer -> D: -> CNT Files -> VirtualBox XP and open the "CNT XP Base" file. Click the Next button and verify the "Virtual Disk Image" location is inside the "D:\fa11-yourlogin" folder then click the Import button.
6. Disable USB, shared folders and audio for the VM by clicking on the new virtual machine listed on the left side of the screen and then clicking on the word "USB" on the right side of the screen. Click OK on the warning message and then uncheck the "Enable USB Controller" box at the top of the window. Click the "Shared Folders" page on the left side of the window, click the "Desktop" shared folder and then press the Delete key. Finally, click the "Audio" page on the left side of the window and uncheck the "Enable Audio" box. Click the OK button to save your settings.
7. Start the VM by clicking on the new virtual machine listed on the left side of the screen and then clicking the green Start arrow at the top of the window. Read and then click OK on the message about keyboard capture. Read and then click OK on the message about mouse pointer integration. Wait as the mini-setup process completes, reading and then clicking OK on any VirtualBox messages that come up. You may choose to check the box not to see the message again on any of these if you like.
8. Once the system reboots once you can login to the Virtual Machine using the Administrator account and the password "College1".
9. Open a web browser in the VM. You will need to enter your IHCC login and password and install the SafeConnect client to access the Internet from your VM, do this now.
10. Congratulations! Your Windows XP Virtual Machine is now setup and configured for your use during this course.

Scan Your System for Rootkits

Follow the instructions on page 73 of your book to complete "Project 2-2: Scan for Rootkits". Note that all of this should be done inside your Windows XP Virtual Machine.

Use a Software Keylogger

Note that all of this should be done inside your Windows XP Virtual Machine.

Follow the instructions at the bottom page 73 of your book to complete "Project 2-3: Use a Software Keylogger". IMPORTANT: Due to some corrupt system files in the XP Base image you will not be able to use the Wolfeye Keylogger noted in the book. Instead please download and use the free Pykeylogger software from [1]. Instructions on that site explain how to use the keylogger. I suggest installing it with a shortcut to the desktop so you can easily start it.

You will need to modify the settings of the keylogger to access it's control panel because the Right-Ctrl key which is normally used is already being used by VirtualBox for keyboard capture. To do this:

1. Open Wordpad by clicking Start -> All Programs -> Accessories -> Wordpad.
2. Open the file "C:\Program Files\PyKeylogger\pykeylogger.ini". You may need to switch to showing "All Documents" or enter the full location into the open dialog box to access the file.
3. Find the line Control Key = Control_L;Control_R;F12 and change it to Control Key = Control_L;Alt_R;F12
4. Now when you start the keylogger you can access it's hidden control panel by pressing the Left Control, Right Alt and F12 keys at the same time.

This keylogger is started either through the link in the start menu or on your desktop if you chose to create one. Your log files are stored in the "C:\Program Files\PyKeylogger\logs" folder.

Chapter 3

Configure DEP

Complete Hands-On Project 3-1 on your Windows XP VM

Hosts File Attack

Complete Hands-On Project 3-3 on your Windows XP VM

MITM Sidejacking Attack

For this lab you will need to pay close attention and be under the supervision of the instructor, doing this incorrectly will cause problems on the campus network and could be viewed as an attack on the network!

First, you will need to download and install some software in your VM:

• WinPcap
• Ettercap NG for Windows
• Hamster & Ferret
• Firesheep

Next, you MUST disconnect from the campus network and connect to the special CNT network. Verify that you have an IP address in the correct range (192.168.203.x) before proceeding!

You will need to do a little research online about how to use these tools. Your goal is to hijack the session of your partner so that you can access a webmail or social network site without their password. Below is a brief description of what each tool is for:

• WinPcap - This driver allows the other software to talk directly to the network card in Windows.
• Ettercap NG - This tool can be used for an ARP poisoning attack against a specific IP (your partner) so that you can route all traffic from them to the default gateway through your system first and sniff it (in this case for session cookies).
• Hamster & Ferrer - These utilities allow you to actually sniff for session cookies to steal from your partner and then pass them off to websites as your own.
• Firesheep - A simplified, point-and-click interface with automatic capabilities like Hamster & Ferret which works with many popular "Web 2.0" sites to demonstrate a sidejacking attack. Note that traffic must already be flowing through your machine (such as on a hub, wireless network or through an ARP poisoning attack.

When you are done and have switched off all poisoning and attack software you may shut down your VM and then make sure to reconnect to the campus network for the next class.

Chapter 4

Using an Internet Port Scanner

Complete project 4-1 in the book. Do this at school as well as at home and compare the results. If you have Windows Vista or Windows XP explore the built in firewalls in those instead of the one for Windows 7 which is described in the activity.

Using a Vulnerability Scanner

Complete project 4-2 in the book. Make sure to download and run the scanner inside your Virtual Machine and run it ONLY when attached to the special CNT 2820 network (192.168.x.x address) and NOT when on the campus network. You will have to move the connection for your computer to the CNT network switch.

Use the Nmap Port Scanner

One of the most popular port-scanning utilities is nmap. It is available as a command line program for Linux, but a GUI and Windows version are also available.

• Read the instructions for installing it at the Nmap site.
• Download the latest stable version from the Windows binaries section on the download page and install it in your VM.
• Make sure you are attached to the special CNT 2820 network (192.168.x.x address) and NOT the campus network.
• Trade IP addresses with a partner and try scanning each others systems. The Zenmap GUI is fairly easy to use and understand but check the manual if you need help.
• Turn off your firewall in the VM and try scanning each others systems again.

Chapter 5

Viewing Logs Using the Microsoft Windows Event Viewer

Complete Project 5-3 in the textbook, Viewing Logs Using the Microsoft Windows Event Viewer.

Creating a Custom View in Microsoft Windows Event Viewer

Complete Project 5-4 in the textbook, Creating a Custom View in Microsoft Windows Event Viewer.

Chapter 6

Projects 6.3-6.6

For the following projects you will need to install Windows Server 2008 and Windows 7 into VMs on your system. You can find the ISO files for installing these in VirtualBox.

• Complete Project 6-3: Install a Microsoft Windows Server 2008 Network Policy Server and System Health Validator
• Complete Project 6-4: Create a Health and Network Policy for Secure Clients
• Complete Project 6-5: Create a Health and Network Policy for Nonsecure Clients and Configure a DHCP Server
• Complete Project 6-6: Configure a Windows 7 Client for Network Access Protection

Chapter 7

Project 7.1: Using an FTPS Client

Complete Project 7.1: Using an FTPS Client in the book but try using the free FileZilla client (from http://filezilla-project.org) instead of the Glub client. You should do this from inside your Windows XP VM, make sure it is connected to the network in "bridged" mode.

Project 7.2: Using a Faster DNS

Complete Project 7.2: Using a Faster DNS in the book. In addition to the Google Namebench software try the GRC Domain Name Speed Benchmark software, you can download it and read how it works at http://www.grc.com/dns/benchmark.htm You should do this from inside your Windows XP VM, make sure it is connected to the network in "bridged" mode.

Project 7.3: Install a Cloud Desktop Application

Complete Project 7.3: Install a Cloud Desktop Application in the book. You should do this from inside your Windows XP VM, make sure it is connected to the network in "bridged" mode.

Project 7.6: View SNMP Management Information Base (MIB) Elements

Complete Project 7.6: View SNMP Management Information Base (MIB) Elements in the book.

Chapter 8

Wireless Network Detection

For this lab you will use a wireless access point and laptop, get these from your instructor.

1. Configure the Linksys Wireless Router for wireless networking. Do not attach the router to the campus or any other network, we will be using it as an access point only. At this point you should setup an SSID and wireless channel but leave the access point open.
2. Download and install the Xirrus Wi-Fi Inspector software and the inSSIDer software on the laptop. You will need to attach the laptop to an Internet connection or use a USB drive to get these programs installed.
3. Check out these instructions for using inSSIDer and read through Project 8-1 and 8-2 in the textbook.
4. Experiment with using both Wi-Fi Inspector and inSSIDer to locate your wireless network. Pay special attention to the types of information you can get from both programs and note any differences and which one you prefer and why.
5. Try enabling WEP and then WPA on your access point. Re-scan for wireless networks with the software and see how they display the different types of secured wireless networks.

MAC Address Protection

1. Continuing with your lab setup from the wireless network detection lab set the access point back to open access. Enable MAC address filtering on the access point. Set the access point to only allow connections from some bogus MAC address.
2. Try connecting to the access point and verify that the laptop is NOT able to connect because it has the incorrect MAC address.
3. Although MAC addresses can be spoofed by simply modifying the registry we can make it even easier with a GUI tool. Download and install the MacMakeup utility.
4. Use the utility to spoof your MAC address to the one you have allowed access for in the router configuration.
5. Verify that you are now able to connect to the access point.
6. Set your MAC address back to the original address.

Chapter 9

There are no labs for this chapter.

Chapter 10

Complete projects 10-1, 10-2, 10-3, 10-4, 10-5 and 10-6 from the textbook in one of your Virtual Machines.

Chapter 11

Hash Generation and Comparison

Complete these projects inside of one of your VMs:

1. Complete Project 11-2: Installing Command-Line Hash Generators and Comparing Hashes from the book.
2. Complete Project 11-3: Installing GUI Hash Generators and Comparing Hashes from the book.

File and Drive Encryption

Complete these projects inside of one of your VMs:

1. Complete Project 11-4: Using Microsoft Encrypting File System (EFS) from the book.
2. Complete Project 11-5: Using TrueCrypt from the book.

In the above project TrueCrypt is used to create an encrypted container file on an existing drive. This container can hold a number of other files but it is important to note that the drive itself is not encrypted. TrueCrypt also supports "Whole Disk Encryption" as do several other programs. This is especially useful for laptop computers. Try downloading the DiskCryptor program install it in one of your VMs and encrypt the entire disk with it.

Chapter 12

Complete these tasks inside one of your VMs:

1. Download and install Gpg4win
   1. Create a GPG key using GPA or Kleopatra (installed with Gpg4win)
   2. Use your key to sign a file on your system
   3. Use your key to encrypt a file on your system
2. Download and install the Thunderbird email program on your system
   1. Get Thunderbrid working with one of your email accounts
   2. Download and install the Enigmail plugin to allow for signing and encrypting emails
   3. Use Enigmail/OpenPGP to send a GPG signed email to ben@ihcnt.net
   4. Receive back a GPG encrypted email from Ben
3. Register at CAcert and activate with your email
   1. Install the CAcert Root certificates (both Class 1 and Class 3) in your browser
   2. Get your identity verified by Ben and points allocated on CAcert
   3. Download and install in Thunderbird a personal email certificate from CAcert
      1. You will need to install this in your browser first by clicking the automatic installation link and then open your browser's certificate store and export the certificate to a file and import it into Thunderbird.
   4. Associate your certificate with an email account in Thunderbird then send an email signed with your personal email certificate (S/MIME) to ben@ihcnt.net
   5. Receive back a certificate encrypted email from Ben

Chapter 13

Chapter 14