Project 3-1: Configure Data Execution Prevention (DEP)

1. The first step is to determine if the computer supports NX. Use your Web browser to go to
www.grc.com/securable. Click Download now and follow the default settings to install the application on
your computer.

2. Double-click on Securable to launch the program. If it reports that Hardware D.E.P. is “No” then that
computer’s processor does not support NX. Close the Securable application.

3. The next step is to check the DEP settings in Vista. Click Start and then click Control Panel.
4. Click System and Maintenance and then click System.
5. Click Advanced system settings and then click the Advanced tab.

6. Click Settings under Performance and then click the Data Execution Prevention tab.
7. If the configuration is set to Turn on DEP for essential Windows programs and services only then click
Turn on DEP for all Windows programs and services except those I select. This will provide full
protection to all programs.

8. If an application does not function properly, it may be necessary to make an exception for that application
and not have DEP protect it. If this is necessary, click the Add button and search for the program. Click on
the program to add it to the exception list.

9. Close all windows and applications and then restart your computer to invoke DEP protection.
 Project 3-2: Test AV Software

1. Check the antivirus settings on your computer. Click Start, click Control Panel, click Security, and then
click Security Center.

2. The Virus protection setting should be On. If it is not, click theRecommendations button and indicate that
you want Windows to monitorthe AV software.
3. Close all windows.

4. Open your Web browser and enter the URL www.eicar.org/anti_virus_test_file.htm.

5. Read the “Anti-Virus or Anti-Malware test file” information carefully. The file you will download is not a
virus but is designed to appear to an antivirus scanner as if it were a virus.

6. Click the file eicar.com, which contains a fake virus. A dialog box opens that asks if you want to download
the file. Wait to see what happens. What does your antivirus software do? Close your antivirus message and
click Cancel to stop the download procedure.
7. Now click eicar_com.zip. This file contains a fake virus inside a compressed (ZIP) file. What happened?
Download allowed.

8. If your antivirus software did not prevent you from accessing the eicar_com.zip file, when the File
Download dialog box appears click Save and download the file to your desktop or another location
designated by your instructor.

9. When the download is complete, click Close, if necessary.

10. Right-click point to the Start button and then click Explore.

11. In Windows Explorer navigate to the folder that contains the eicar_com.zip file.

12. Right-click the file eicar_com.zip and then click Scan for viruses on the shortcut menu (your menu
command might be slightly different). What happened now?
13. Return to the Web site and this time click eicarcom2.zip. This file has a double-compressed ZIP file with a
fake virus. What happened?

14. If your antivirus software did not prevent you from accessing the eicarcom2. zip file, when the File
Download dialog box appears click Save and download the file to your desktop or another location
designated by your instructor.

15. When the download is complete, click Close, if necessary.

16. Return to Windows Explorer.

17. Windows Explorer navigate to the folder that contains the eicarcom2.zip file.

18. Right-click the file eicarcom2.zip and then click Scan for viruses on the shortcut menu (your menu
command might be slightly different). What happened now?
 19. Erase both files from your hard drive.

20. Close all windows.

Project 3-3: Set Web Browser Security

1. Start Internet Explorer.

2. Click Tools on the menu bar, and then click Internet Options to display the Internet Options dialog box.
Click the General tab, if necessary.

3. First remove all of the HTML documents and cookies that are in the cache on the computer. Before erasing
the files, look at what is stored in the cache. Under Browsing history click the Settings button and then click
the View files button to see all of the files. If necessary, maximize the window that displays the files.
4. Click the Last Checked column heading to see how long this information has been on the computer.

5. Next, select a cookie by locating one in the Name column (it will be something like cookie:
windows_vista@microsoft.com). Double-click the name of the cookie to open it. If you receive a Windows
warning message, click Yes. What information does this cookie provide? Close the cookie file and open
several other cookies. Do some cookies contain more information than others?
6. Close the window listing the cookie files to return to the dialog box. Click the Cancel button.

7. In the Internet Options dialog box under Browsing history click Delete.

8. In the Delete Browsing History dialog box click Delete all and then Yes.

9. Close the Internet Options dialog box.

10. Click Tools and point to Manage Add-ons and then click Enable or Disable Add-ons.

11. On the Show: drop-down menu click Add-ons that run without requiring permission. These are the
ActiveX controls that run without asking you for permission.

12. Close the dialog box.

13. Click Tools and then click Internet Options.

14. Click the Security tab to display the security options. Click the Internet icon. This is the zone in which all
Web sites are placed, that are not in another zone. Under Security level for this zone move the slider to look
at the various settings.

15. Click Custom level and scroll through the ActiveX security settings. Would you consider these sufficient?
Click Cancel.

16. Now place a Web site in the Restricted zone. Click OK and return to your Web browser. Go to
www.bad.com and view the information on that site. Notice that the status bar displays an Internet icon,
indicating that this Web site is in the Internet zone. Click your Home button.
17. Click Tools on the menu bar and then click Internet Options to display the Internet Options dialog box
again. Click the Security tab and then click Restricted sites. Click Sites, and enter www.bad.com, click
Add, click Close, and then OK. Now return to that site again. What happens this time? Why?

18. Click Tools on the menu bar and then click Internet Options to display the Internet Options dialog box
again. Click the Privacy tab. Drag the slider up and down to view the different privacy settings regarding
cookies. Which one should you choose? Click OK to save the settings and then close the Internet Options
dialog box. Apply.
19. Internet Explorer includes a pop-up blocker. Click Tools and point to Popup Blocker and then click Pop-up
Blocker Settings. Note that you can add sites to allow pop-ups to appear. Be sure that the Filter level is set to
Medium or High.

20. Close your browser.

Project 3-6: Performing a Baseline Security Audit

1. Open your Web browser and enter the URL http://www.microsoft.com/

technet/security/tools/mbsahome.mspx. The location of content on the Internet such as this program may
change without warning. If you are no longer able to access the program through the above URL, use a
search engine like Google (www.google.com) and search for “Microsoft Baseline Security Analyzer”.

2. Click on the latest version of MSBA

3. Scroll down to Download Now, and then click English.

4. Click Continue in the Validation Required section.

5. Click MBSASetup-EN.msi.

6. Depending on the version you choose to download you may be able to click the Download button
instead.When the File Download dialog box appears click Save and follow the instructions to save this file
in a location such as your Desktop or a folder designated by your instructor. When the file finishes
downloading, click Run and follow the default installation procedures.

7. Double -click the Microsoft Baseline Security Analyzer icon on the desktop.

8. Click Scan a computer.

9. Accept the default settings for the scan by clicking Start Scan.

10. When the scan is complete, a report appears. Items with a green shield and a white check mark indicate that
the item passed the scan. An item with a yellow shield or red shield means it has located a vulnerability that
should be attended to. Scroll down to any item that has a yellow or red check and click What was scanned.
Close that window when completed.

11. Click How to correct this and read the explanation regarding how to correct this. Close the window when
finished.

12. Close all windows.