Download Security Auditing Labs

To download the contents for each lab please send an e-mail to ia@mgt.unm.edu and the school where you teach or research.

The following Information Assurance labs are available for download:

Security Auditing

• Introduction to Security-Enhanced Linux (SELinux)
• Digital Analysis Using Benford's Law
• Intrusion Analysis (File Topology)
• System Auditing and Vulnerability Assessment
• Introduction to Penetration Testing
• Network Reconnaissance and Security Auditing
• Spreadsheet Protection and Identification of Fraud
• Introduction to Malicious Macros
• Keylogger Software: Operation and Detection
• Malicious Code and System Attack
• Vulnerability Assessment Tools
• Windows XP Security Features and Text Mining
• Introduction to Cookies
• Introduction to Linux
• Introduction to Phishing
• Phishing Attack

Introduction to Security-Enhanced Linux (SELinux)

Authors: Amadeo Casas, Jorge Navas, Fall 2007
Revised by: Hue Lai, Spring 2008

CNSS/NSTISSI Mapping: n/a

Abstract:
The purpose of this tutorial is to familiarize the readers with different possibilities of security provided by more sophisticated operating systems. This tutorial will guide the reader through a Linux box, in which the SELinux package is installed. The user will become familiar with the system and the main features that SELinux provides. The reader will go through graphical user interfaces to manage and create SELinux policies, which provide the same function as the commands previously explained. This is a core characteristic of Linux systems: all the functionality is obtained via execution of commands, which can be of difficult use. Thus, in order to simplify their use, some user-friendly applications are usually provided, as it is the case with SELinux.

Requirements:
You will need a distribution for Fedora 8 system running on VMWare Workstation The software and tools required for this tutorial(s) are open source, freeware, shareware, trial version or a combination thereof. It is recommended that the user take a few minutes to read the entire tutorial before starting any computer interactions.

Download Introduction to Security-Enhanced Linux (SELinux) (932,555.583 KB)
SHA1: 1197607713ccc873512118f037e7f5c8cff7aaf3

Digital Analysis Using Benford's Law

Authors: Sara Young, Sandy Woods, Spring 2008
Revised by: Alessandro Seazzu, Summer 2008

CNSS/NSTISSI Mapping: n/a

Abstract:
This lab is designed to help students indentify duplicate payments, duplicate invoices, and journal entries made on Federal holidays or weekends. This will be accomplished by using XL Audit Commander to apply Benford's law and analyze Excel spreadsheets. In order to complete this lab you will need a copy of Microsoft Office 2003.

Requirements:
The requirements include using VMWare with Microsoft Windows XP, Microsoft Excel 2003 and XL Audit Commander. The software and tools required for this tutorial(s) are open source, freeware, shareware, trial version or a combination thereof. As such, some tools or software might expire or will be outdated by the time this lab is executed. If the executables accompanying this lab do not work, please download the latest version from the website provided in this lab. It is recommended that the user take a few minutes to read the entire tutorial before starting any computer interactions.

Download Digital Analysis Using Benford's Law (13,055.878 KB)
SHA1: 2575c99261c790b202500d32bc81bcd4117f7fc7

Intrusion Analysis (File Topology)

Authors: Leila Potts, Fall 2007
Revised by: Hue Lai, Spring 2008

CNSS/NSTISSI Mapping: n/a

Abstract:
This lab is designed to help students detect a possible intrusion and assess the file integrity of a Windows XP system. This will be accomplished by creating a baseline of the Windows XP system, then manipulating critical system files. The system will then be scanned again to create a snapshot, which will be compared to the baseline. This will allow us to determine if the system has been compromised and in which ways.

Requirements:
The requirements include using VMWare with Microsoft Windows XP and FTimes. The software and tools required for this tutorial(s) are open source, freeware, shareware, trial version or a combination thereof. As such, some tools or software might expire or will be outdated by the time this lab is executed. If the executables accompanying this lab do not work, please download the latest version from the website provided in this lab. It is recommended that the user take a few minutes to read the entire tutorial before starting any computer interactions.

Download Intrusion Analysis (File Topology) (1,253.878 KB)
SHA1: 88e08d9f527a3da49161e9fb91ce2a102f5243f1

System Auditing and Vulnerability Assessment

System Auditing and Vulnerability Assessment
Author: Brandon Fetters, Fall 2004
Revised: Jessica Dillinger, Patricia Watson and Joel Nunes, Summer 2005
Alessandro Seazzu, June 30, 2006

CNSS/NSTISSI Mapping: n/a

Abstract:
This lab is designed to help students assess the operating condition of a Windows XP system. This will be accomplished by auditing the system against a set of benchmarks from CIS and then evaluating the system's exposure to known vulnerabilities.

Requirements:
The requirements include using VMWare with Microsoft Windows XP, CIS Benchmark and Scoring Tool, and NeWT Security Scanner. The software and tools required for this tutorial(s) are open source, freeware, shareware, trial version or a combination thereof. As such, some tools or software might expire or will be outdated by the time this lab is executed.

Download System Auditing and Vulnerability Assessment (65,378.011 KB)
SHA1: 1e2ca8b4bc13d23b3d79a7d4f96b85d8b0a3fce3

Introduction to Penetration Testing

Introduction to Penetration Testing
Author: Brad Greene and Erik Larson, Fall 2006
Revised: Joel Nunes and Alessandro Seazzu, June 2007

CNSS/NSTISSI Mapping: n/a

Abstract:
This lab is designed to expose students to some introductory principles of penetration testing and the exploit of vulnerabilities discovered as a result of said testing. Specifically, the students will run port scanning software to determine if the system in question is running applications that have ports open to exploit. The students will then run real exploits with payloads to compromise the integrity of the system under attack.

Requirements:
This lab uses Windows XP, and Windows 2000 operating systems running on VMWare Workstation. The software and tools required for this tutorial(s) are open source, freeware, shareware, trial version or a combination thereof. It is recommended that the user take a few minutes to read the entire tutorial before starting any computer interactions.

Download Introduction to Penetration Testing (13,655.523 KB)
SHA1: c6a4e5016dddfd58da3577c2a6e4547a13e66aa1

Network Reconnaissance and Security Auditing

Author: Biwesh Pradhan, Spring 2007
Revised: Joel Nunes and Alessandro Seazzu, June 2007

CNSS/NSTISSI Mapping: n/a

Abstract:
This lab is designed to demonstrate the concepts of network reconnaissance and security auditing. We will begin by building a corporate network with a DMZ that contains a webserver and a mailserver. This network will be inspected and explored. Then the webserver is misconfigured in such that it poses a security threat when it goes alive. This threat is detected by the scanner and immediate measures are taken to avoid any security breaches.

Requirements:
The computing requirements include VMWare with Microsoft Windows 2000, Windows XP and three Windows 2003 Servers. The software and tools provided are open source, freeware, shareware, trial version or a combination thereof. Some tools or software might expire or will be outdated by the time this lab is executed. If the executables accompanying this lab do not work, please download the latest version from the websites provided in this lab. It is recommended that the user take a few minutes to read the entire tutorial before starting any computer interactions. Since this lab will simulate 5 machines, it is imperative that users strictly assign the recommended resources (especially memory) for each of the machines. Failure to do so might impose heavy loads on the host server leading to program or system crashes.

Download Network Reconnaissance and Security Auditing (15,605.794 KB)
SHA1: 90ef76ad24ac52bd344a3130a4383ff4ae8ba87c

Spreadsheet Protection and Identification of Fraud

Author: Jennifer Gonzales and Shelley Brisson, Spring 2007
Revised: Joel Nunes, Alessandro Seazzu, June 2007

CNSS/NSTISSI Mapping: n/a

Abstract:
This lab is designed to give you hands on experience on how spreadsheets can be protected. The environment we will simulate in the lab is one where an authorized user can change cells and attach attachments.

Requirements:
The requirements include using VMWare with Windows XP. The software and tools required for this tutorial(s) are open source, freeware, shareware, trial version or a combination thereof. As such, some tools or software might expire or will be outdated by the time this lab is executed. If the executables accompanying this lab do not work, please download the latest version from the website provided in this lab. It is recommended that the user take a few minutes to read the entire tutorial before starting any computer interactions.

Download Spreadsheet Protection and Fraud Identification (3,102.848 KB)
SHA1: c979c3e3c61913657de3063e54ea94d23f3bac3b

Introduction to Malicious Macros

Authors: Bridget Esquibel and Stacey Lohr, Fall 2004
Revised by: Jessica Dillinger, Patricia Watson and Joel Nunes, Summer 2005
Alessandro Seazzu, Summer 2007

CNSS/NSTISSI Mapping: n/a

Abstract:
This tutorial discusses the implications of malicious code including how easy it is to insert the code and for a normal user to accidentally insert malicious code into an Office document. The purpose of this lab is to gain a better understanding of how easily code can turn 'malicious' and how 'malicious code' can hide in authenticate code.

Requirements:
The lab uses the Windows XP operating system running on VMWare Workstation along with hash creation software.

Download Introduction to Malicious Macros (202.130 KB)
SHA1: 384fcc8203af7a4326911e893ff2413e8b348d45

Keylogger Software: Operation and Detection

Authors: Jacob Lund and Mark Scott, Spring 2007
Revised by: Joel Nunes and Alessandro Seazzu, July 2007

CNSS/NSTISSI Mapping: n/a

Abstract:
This lab was designed to show the student how to: (1) operate a key-logging software and (2) detect a key-logging software.

Requirements:
The lab uses the Windows XP operating system running on VMWare Workstation along with hash creation software.

This lab archive contains code that is considered malicious by most antivirus applications. It is strongly recommended that you store this file in an isolated test system away from any production environments.

Download Keylogger Software: Operation and Detection (67,997.379 KB)
SHA1: dfd4559188b2d407088a91c257c81bc0c418de88

Malicious Code and System Attack

Authors: Eric Chavez and Lenny Martinez, Spring 2005
Revised by: Jessica Dillinger, Patricia Watson and Joel Nunes, Summer 2005
Alessandro Seazzu, Fall 2006

CNSS/NSTISSI Mapping: n/a

Abstract:
This lab is designed to give you hands-on experience with the importance of knowledge when dealing with malicious code. The scenario we simulate is an environment where an "attacker" will gain Administrator rights to a host machine through a Trojan horse. Once gaining Admin rights, we will demonstrate the power of Root privileges through a public application/tool set. The Trojan payload will be contained within an executable file the host machine will receive (assumed thru email or removable media) and run to play a Macromedia Flash game.

Requirements:
The lab uses the Windows XP operating system running on VMWare Workstation along with hash creation software.

Download Malicious Code and System Attack (13,777.178 KB)
SHA1: cd8276fe78be281bb77d290b9140172ccd3c42e5

Vulnerability Assessment Tools

Authors: Matthew Walker, Spring 2005
Revised by: Jessica Dillinger, Patricia Watson and Joel Nunes, Summer 2005
Alessandro Seazzu, Fall 2006

CNSS/NSTISSI Mapping: n/a

Abstract:
The lab is designed to show you the reporting features of two popular Vulnerability Assessment tools, the MBSA and GFI Languard. The lab is also designed to show the differences in the results of each scanner and that False Positives or False Negatives definitely exist. It is very important, especially in a medium to large organization, to understand that patching and vulnerability assessment tools are an important part of a security administrator's arsenal. But, it is also important to note that you cannot necessarily rely on one single vulnerability assessment tool.

Requirements:
The lab uses the Windows XP operating system running on VMWare Workstation along with hash creation software.

Download Vulnerability Assessment Tools (14,305.926 KB)
SHA1: 108ebb15d9726db1ad4d6348ed2739b41764c8c8

Windows XP Security Features and Text Mining

Authors: Matt Doxtator and Janice Moen, Spring 2007
Revised by: Joel Nunes and Alessandro Seazzu, July, 2007

CNSS/NSTISSI Mapping: n/a

Abstract:
This lab sets up several databases located on different drives with XP NFTS or FAT partitions. One database will be encrypted. You will have the opportunity to create these databases on SQL Express. Ideally we would want to have you text mine on the databases to extrapolate sensitive medical information; however the programs needed to text mine are expensive and difficult to run. As a substitute we will have you run a simple query within the databases to extrapolate the information.

Requirements:
The lab uses the Windows XP operating system running on VMWare Workstation along with hash creation software.

Download Windows XP Security Features and Text Mining (387,186.585 KB)
SHA1: f4e5015dde7ac7325ecfdb16aed290bf82820fdb

Introduction to Cookies

Authors: Peter Ibarra and Paul Ibarra, Fall 2004
Revised by: Joel Nunes and Alessandro Seazzu, Fall 2006

CNSS/NSTISSI Mapping: n/a

Abstract:
This lab is designed to give the user hands on experience with cookies. Many believe that cookies can be harmful to one's security, while others believe that cookies are harmless and are designed to help the user browse the internet more efficiently. In the first part of this lab you will learn how cookies work in a simple demonstration. After completing this demonstration you will be able to visually see how cookies can make web surfing a lot easier for a user. The second part of the lab demonstrates how a cookie can be harmful to a user's privacy. This lab demonstrates two different ways a cookie can be used. One lab is helpful to a user, while the other is unethical.

Requirements:
The lab uses the Windows XP operating system running on VMWare Workstation along with hash creation software.

Download Introduction to Cookies Lab (63,202.888 KB)
SHA1: ba7c9564542d530ab61c16f097e1c6bab9356df8

Introduction to Linux

Authors: Patricia Watson, Spring 2005
Revised by: Jessica Dillinger, Patricia Watson and Joel Nunes, Summer 2005
Alessandro Seazzu, Fall 2006

CNSS/NSTISSI Mapping: n/a

Abstract:
The purpose of this tutorial is to familiarize students enrolled with basic Linux commands. This tutorial is designed so that students will feel comfortable logging into a Linux box and running basic Linux commands. This tutorial will address a few Linux commands used to manipulate and manage files and directories. Hands-on exercises incorporating several Linux commands will help students familiarize themselves with almost all Linux-based operating systems since most follow similar standards.

Requirements:
The lab uses the Windows XP operating system running on VMWare Workstation along with hash creation software.

Download Introduction to Linux Lab (1,821,173.311 KB)
SHA1: f914c73f48055545bc637c7bf364d119e2883282

Introduction to Phishing

Authors: Richard Quezada, Valerie Martinez and Martin Lavoie, Spring 2005
Revised by: Joel Nunes and Alessandro Seazzu, Fall 2006

CNSS/NSTISSI Mapping: n/a

Abstract:
This lab is designed to teach how easy it is to set up a phishing scam. In this lab we will simulate how a phisher sets up a fake webpage in order to obtain personal information like credit card numbers, logins, and passwords. It is assumed that the original message is sent via email and the server is not set up on your machine, but in a remote location. The points made here are deliberately kept concise for the purpose of presentation. If you require technical details please refer to other technical references.

Requirements:
The lab uses the Windows XP operating system running on VMWare Workstation along with hash creation software.

Download Introduction to Phishing Lab (20,462.884 KB)
SHA1: 09815adfcf44c4f36901de4e5b6f9515bb34b463

Phishing Attack

Authors: Vijayaraghavan Jagannathan, Fall 2004
Revised by: Jessica Dillinger, Patricia Watson and Joel Nunes, Summer 2005
Alessandro Seazzu, Fall 2006

CNSS/NSTISSI Mapping: n/a

Abstract:
This lab explains how to set up a Phishing attack based on hosts file modification. The environment we will simulate in the lab is one where a Phisher will forward a Macromedia Flash game to a victim and have the victim execute malicious code on their system while they believe they are playing a game. The code opens a back-door in the victim's computer allowing the Phisher to gain access to and modify a file called 'hosts' in the victim's computer. Upon doing so, when the victim opens his/her browser and types in the URL of a bank or webmail, he/she is redirected to another site masquerading to be the bank or webmail.

Requirements:
The lab uses the Windows XP operating system running on VMWare Workstation along with hash creation software.

Download Phishing Attack Lab (27,581.340 KB)
SHA1: 7c83beb79b9d86bc296a50f76a50d3c1f532b587