CEG 233: Linux and Windows 

Lab on Security and Privacy

   

Table of Contents

  1. Educational Objectives
  2. Background
  3. Lab Experiment
  4. Acknowledgements
  5. References

Educational Objectives

The objectives of this lab experiment are to make you :

  1. Learn techniques to improve security and privacy in your computer work.
  2. Use a few tools.
  3. Aware of the security and privacy issues

Background

Prabhaker Mateti, Security and Privacy.   Required Reading.  Listed in the References below.

In Windows, download from http://portableapps.com/  and install into your USB drive all of the following security/privacy tools.  The first three are essential and we are sure you will use them many times.  We use the remaining tools in this Lab.

  1. WinSCP Portable - SFTP, FTP and SCP client
  2. FileZilla Portable - the full-featured FTP client
  3. PuTTY Portable - lightweight telnet and SSH client
  4. ClamWin Portable - Antivirus on the go; 
  5. Eraser Portable - securely delete files and data; 
  6. KeePass Password Safe Portable - Secure, easy-to-use password manager; 
  7. winMd5Sum Portable - check md5 sums to verify files on the go; 
  8. Toucan - backup, sync and encrypt for advanced users.

Lab Experiment

All work is expected to be carried out in the Operating Systems and Internet Security (OSIS) Lab, 429 Russ.   But, you are welcome to work wherever.  Note that use of both Linux and Windows and other software, that may not always be installed in other facilities, may be needed.

Record the lines you type and your observations in a plain text file named myLabJournal.txt using your own words and/or copying appropriate lines.  You may use any editor you wish to edit this file.  All descriptions asked for also go into this file.

In Linux

  1. Create a text file named myInfo.txt  in your home directory containing exactly four lines: Your full name, your UID, your email address, and the darkest wish ;-) you have, each on a separate line.  Make sure that this file is strictly for your eyes-only.  Not even the super-user should be able to read it.  Record how you did it.  Copy this file to your USB thumb drive.
  2. Compute the md5sum of myInfo.txt. Change just one or two characters in this file, and re-compute the md5sum.   See if you can change this file so that even after the change the md5sum comes out the same as before.  Try a few times (say 10).  Record your trials.
  3. Learn the details of the shred command.  Use the -v flag and describe how it securely deleted a file.
  4. Search the web, learn, and describe the purpose of /etc/hosts, /etc/hosts.deny and /etc/hosts.allow files.
  5. Invoke the web browser you have been using all this time.  Locate and copy the history it has recorded into the journalDescribe what steps you can take to reduce/eliminate this history keeping.

In Windows

  1. Copy  myInfo.txt  that you saved above on your USB thumb drive to Windows TEMP directory. Make sure myInfo.txt is strictly for your eyes-only.  Not even the administrator (super-user) should be able to read it.  Record how you did it.
  2. Using winMd5Sum Portable perform Step 2 of Linux above.
  3. Use Eraser Portable to securely delete a file and compare it with shred.
  4. Use and then write a short (say around 10 lines)  how-to on KeePass Password Safe Portable.
  5. Use and then write a short (say around 10 lines)  how-to on ClamWin Portable.

Visit a few Sites

  1. Vist http://anonymouse.org/  and experience their service.  Record your observations and opinions.
  2. Visit  www.cnn.com   Read a few stories, say for 5 minutes.  Discover if this site has deposited any cookies.  Where?  If it did, copy them as "regular" text lines into the journal, and describe their content as best as you can.
  3. Spend a few minutes browsing the site http://packetstormsecurity.org/  and describe what kind of a site it is.
  4. Spend a few minutes browsing the site http://www.securityfocus.com/ and describe what kind of a site it is.
  5. Search and find a serious violation of privacy that happened in 2007.

Turnin

  1. Note the number <n> of this Lab from the course home page and use L<n> as the first argument to turnin.

Link to Grading Sheet

Acknowledgements

References

  1. Prabhaker Mateti, Security and Privacy.  Required Reading.
Copyright © 2007 Prabhaker Mateti last edited: December 19, 2007