Project 3-2: Configure Microsoft Windows Data Execution Prevention (DEP)

Mohammed Alkhelaiwi

IT-335 Corporate Cybersecurity

9.16.2014

Lab3

Project 3-1: Scan Web Browser Plug-ins

Steps 1-6

The main goal of this project is to scan web browser plug-ins and check if there is any issue with the browser plug-ins. First I went to then I read about the features that they provided. The final steps were to start scanning and see the results. I found out that I need to update Java to the newest version in order to be secure as the web shows me. I like the fact that I did not need to download an application to be able to scan my browser.

Project 3-2: Configure Microsoft Windows Data Execution Prevention (DEP)

Steps 1- 10

The purpose of this project is to have almost an absolute protection against buffer overflow attack. First I needed to know if my computer supports NX or not. In order to know that I had to download ScurableAble and launch it see the result. As it shows in the above picture that my comuter supports NX which is really good to have this for protection purposes. I followed the rest of the steps and chose “DEP for all programs” as it appeared on the above photo.

Project 3-3: Set Web browser Security

Steps 1-9

This project asks first to check the browser history and see the information that different cookies have. After I went over the list of cookies files, I deleted the browser history as instructed on the beginning of the steps of this project.

Steps 10-19

The objective of this part of the project is to inform the student about the Manage add-ons feature, adding website to restricted site, and choosing the level of privacy against cookies.

Steps 20-25

The last steps showed how to turn on tracking protection. It also shows me how to personalize my list. I visited a website to download one as I was instructed in the book.

Project 3-4: Hosts File Attack

Steps: 1-14

This project guide students on how to add fraudulent entry to the local hosts file. What I did is, I substitute the ip address of .com with Google IP address, and everytime I put and hit enter I go to google instead of cengage.com

Project 3-5: ARP Poisoning

Steps 1-11

The steps of this project basically guide the users how to delete the ARP table entry of the default gateway. Also, these steps show how to add to the ARP table by entering arp –s . Even though, I face some difficulty working on this project, but I enjoyed working on it due to the fact that I had to try until it worked and see the results.

Project 3-6: Create an HTTP Header

Steps 1-7

This project shows how to use Referer, and the steps go through how to do it. Finally, in the last steps there is a question “how can an attacker use this in an HTTP header attack?” I think the answer for this question is that an attacker could use the Refererto redirect the target computer to a harmful website whether if it is the attacker’s website or other websites that the attacker wants his target to be visiting.

Project3-7: Manage Flash Cookies

Steps 1- 6

This project is about Managing Flash Cookies, this project shows me how to delete the cookies that cannot be deleted using the browser’s normal configuration settings as regular cookies. Personally I learned a new thing doing this project because before this project I thought all cookies can be deleted from the browser’s configuration.