College of Technological Innovation

Laboratory Project Portfolio

By

Rami Elsayed, ID #: M80006762

April 2015

Rami Elsayed, 2015

Advisor: Dr. Anthony Rhodes

Table of Contents1. Project 1-1: Automatically Receive the Latest Security Information.......................5

2. Project 1-2: Detect and Install Software Updates Using Secunia Personal Software Inspector (PSI)...............................................................................................................5

3. Project 1-3: Use an EULA Analyzer.........................................................................6

4. PC Tab Alarm Team System:....................................................................................6

5. HDD wipe software:..................................................................................................7

6. Project 2-1: Block a USB Drive................................................................................7

7. Project 2-3: Use a Software Key logger....................................................................8

8. Windows File backup:...............................................................................................8

9. aeCERT Services:......................................................................................................9

10.Internet Explorer Security Zones:.............................................................................9

11.Project 3-2: Set Web Browser Security..................................................................10

12.Project 3-4: ARP Poisoning....................................................................................11

13.Project 3-5: Create an HTTP Header......................................................................12

14.Project 3-5: Manage Flash Cookies........................................................................13

15.Stealth Signal Transmitter software:.......................................................................13

16.Spy& Sniffer Software:...........................................................................................13

17.Project 5-1: Setting Windows 7 Local Security Policy:..........................................14

18.Project 5-2: Viewing Windows 7 Firewall Settings................................................15

19.Project 5-3: Viewing Logs using the Microsoft Windows Event Viewer..............15

20.Project 5-4: Creating a Custom View in Microsoft Windows Event Viewer.........16

21.Project 6-2: Using an Internet Content Filter..........................................................16

22.Project 10-1: Download and Install a Password Management Application............17

23.Project 10-2: Download and Install a Browser-Based Password Management Application...................................................................................................................17

24.Project 10-3: Using a Browser-Based Password Management Application...........18

25.Project 10-4: Use Cognitive Biometrics.................................................................18

26.Project 10-5& 10-6: Creating and Using OpenID Account....................................18

27.Project 11-4: Using Microsoft Encrypting File System (EFS)...............................19

28.Project 11-5: Using TrueCrypt................................................................................19

29.Project 11-6: Enable BitLocker Encryption............................................................19

30.Ultimate Zip Cracker:.............................................................................................20

31.Microsoft Office Trust Center:................................................................................20

32.Hash Algorithms:....................................................................................................21

33.Biometric Authentication Software:.......................................................................21

34.Hushmail:................................................................................................................21

35.PGP:........................................................................................................................21

36.etisalat PKI Solution :.............................................................................................22

37.Verisign:..................................................................................................................22

38.Project 12-1: Viewing Digital Certificates..............................................................22

39.Project 12-2: Viewing Digital Certificates Revocation Lists (CRL) and Untrusted Certificates...................................................................................................................23

40.Project 12-3: Downloading and Installing Digital Certificate................................24

41.Project 12-4: Using a Digital Certificate for Signing Documents..........................24

References....................................................................................................................25

Table of FiguresFigure 1-1: Google Reader discontinued..................................................................................5Figure 1-2: RSS feed viewed in MS Outlook..............................................................................5Figure 2-1: Secunia PSI update scanning report.......................................................................5Figure 3-1: Windows 8.1 Pro license analysis...........................................................................6Figure 6-1: thumbscrew system tray (USB writing blocked).....................................................7Figure 6-2: Windows 8 Local group policy (Removable Storage Access).................................7Figure 7-1: Kaspersky Endpoint Protection stopped downloading the exe file........................8Figure 8-1: Windows backup Utility turned-on.........................................................................8Figure 8-2 : windows backup events in event viewer...............................................................8Figure 8-3: advanced setting for windows backup utility.........................................................8Figure 10-1: Internet Explorer Security Zones........................................................................10Figure 11-1: Specific (Skype) IE Add-on information..............................................................10Figure 11-2: Delete browsing history in IE..............................................................................10Figure 11-3: bad.com before restricting it in IE......................................................................11Figure 11-4: IE Privacy levels..................................................................................................11Figure 11-5: bad.com after restricting it in IE.........................................................................11Figure 11-6: IE history files and last checked state................................................................11Figure 12-1: arp-a command to state ARP table.....................................................................11Figure 12-2: Default gateway IP address................................................................................11Figure 12-3: Deleting ARP entry by ARP –d command............................................................12Figure 12-4: running cmd console under UAC (windows8.1)..................................................12Figure 13-1: Generated HTTP header and response...............................................................12Figure 13-2: Error retuned with httpdebugger.com...............................................................12Figure 14-1: Global Privacy Settings panel..............................................................................13Figure 16-1: WebWatcher website.........................................................................................14Figure 16-1: Local Security Policy MMC..................................................................................14Figure 18-1: new access rule created n windows firewall console.........................................15Figure 19-1: DHCP event incident...........................................................................................15Figure 19-2: Windows 8.1 Event Viewer summary page........................................................15Figure 20-1: Event Viewer custom view.................................................................................16Figure 21-1: google.com had been blocked by K9 web protection.........................................16Figure 22-1: Keepass used to open saved URL and copy password without memorizing it....17Figure 23-1: Exploring LastPass Videos...................................................................................17Figure 23-2: LastPass Vault.....................................................................................................17Figure 24-1: passfaces.com demo completed........................................................................18Figure 25-1: OpenID created..................................................................................................18Figure 26-2: OpenID used to access scribblelive.com, (Unsuccessful)....................................18Figure 26-3: OpenID accessed livejournal.com.......................................................................18Figure 27-1: Encrypted and unencrypted word documents...................................................19Figure 28-1: TruCrypt end of life.............................................................................................19Figure 29-1: BitLocker recovery key.......................................................................................20Figure 29-2: BitLocker encryption...........................................................................................20Figure 30-1: Ultimate Zip Cracker, installed............................................................................20Figure 31-1: Microsoft Office (word) Trust Center..................................................................20Figure 32-1: Microsoft Office (word) Trust Center..................................................................21Figure 34-1: Hushmail sent inbox...........................................................................................21Figure 34-2: ZUmail inbox from Hushmail..............................................................................21

Figure 35-1: PKI solution from etisalat...................................................................................22Figure 37-1: PKI solution from etisalat...................................................................................22Figure 38-3: no padlock (no certificate) in normal http connection.......................................22Figure 38-1: padlock indicating certificate in URL (SSL Connection).......................................22Figure 38-2: certificate issuing& expiring dates......................................................................23Figure 38-4: certificate public key...........................................................................................23Figure 38-5: certificate root....................................................................................................23Figure 38-6: certificate's exports default format....................................................................23Figure 39-1: untrusted certificate...........................................................................................23Figure 39-2: CRL Certificate....................................................................................................23Figure 40-1: email & Client authentication certificates..........................................................24Figure 41-1: sealed incoming email........................................................................................24Figure 41-2: extra information for my email receiver.............................................................24Figure 41-3: using private key to sign outgoing email............................................................24

1. Project 1-1: Automatically Receive the Latest Security Information

As security filed is dynamic for IT professional to keep updated about the most recent threats, vulnerability and attacks. It's essential to get the latest news in one centralized, easy access view: this is accomplished by tracking these updates using RSS (Really Simple Syndication) which could be viewed as items in Microsoft Outlook and browse the as simple as checking emails.

Through this exercise, the above-mentioned method was optimized by using one of the most famous blogs in internet security (Google Online Security). Although Google Reader had been discontinued (Figure 1-2) Microsoft Outlook used and there are different number of RSS applications to be used (Figure 1-1), number of them work on mobile devices (Flip Board App.).

2.

Project 1-2: Detect and Install Software Updates Using Secunia Personal Software Inspector (PSI)

The purpose to install and configure Secunia PSI, which scans PC for installed software and cross check them with their vendor to keep track of most recent patch updates and install them. This initiative came after realizing that 78% of open doors on standard PC comes from non-Microsoft programs (Free computersecurity, 2015)

Figure 1-2: Google Reader discontinuedFigure 1-1: RSS feed viewed in MS Outlook

Figure 2-3: Secunia PSI update scanning report

3. Project 1-3: Use an EULA AnalyzerStep (1) of the exercise has outdated URL that changed to

http://www.microsoft.com/en-us/legal/IntellectualProperty/UseTerms/Default.aspx.

I were not aware of these agreements of tracing and monitoring when I installed windows 8.1 professional Edition. Never the less these information seems to collect information beyond my knowledge and use it for improvements and may use for advertising purposes. In real world situation, normal user has to agree or even ignore such tracking behavior since he has no option to control them or use customized edition of Open Source Software: which in always easy to achieve productivity within it as of shelf products.

The purpose of this exercise to explore the hidden features of tracking and monitoring that buried in EULA by the software vendors. It's not practical to analyze every work and explore the legal issues behind it. Using such tools would highlight such hidden points and educate the computer user about them.

Figure 3-4: Windows 8.1 Pro license analysis

4. PC Tab Alarm Team System:PC Tab System uses a special hardware sensor with steel cable attached to any

PC system (PC, laptop, tablet …etc.) to alert the owner of any possible theft or tampering. Alerts would be displayed in central panel and connect through existing network connections. (PC Tab Alarm System, 2015)

5. HDD wipe software:There is number of application to secure wipe the whole hard disk, selected

file or even the USB flash memory, here the names of reliable software and its mission respectively: Secure Erase or Parted Magic, the open-source Eraser and Roadkil's Disk Wipe. (Brad, 2012)

6. Project 2-1: Block a USB DriveThe purpose is use third party software to control the access write control to

USB flash drive. This exercise is handy to end users to allow them disabling write option in case of malware uses this facility to infect the portable storage.

Although thumbscrew installed successfully but it was not able to block the write access to USB flash drive (figure 6-1). Another option is to use local group policy provided by windows using this command gpedit.msc and number of options

available

Figure 6-5: thumbscrew system tray (USB writing blocked)

Figure 6-6: Windows 8 Local group policy (Removable Storage Access)

7. Project 2-3: Use a Software Key loggerThe purpose of the exercise to provide information

about such program working mechanism. Such software may suppressed by using latest and updated Antivirus & Antispam software (Endpoint Protection Suits). Another simple and safe step is to use virtual web keyboards implemented in various numbers of ecommerce websites.

I tried to install the software on running virtual Windows XP machine (HyperV Machine). I have not find any version coming without spyware. So decided to stop working at this point.

Although in the past, I used Family Logger for experimenting these logging capabilities and the report was in simple test format.

8. Windows File backup:Windows Backup utility embedded in

Microsoft Windows operating system: used to backup user files on external storage or network mapped drive illustrated in figure (8-1). The tools accessed by navigating to Control Panel then choosing System and Security next executing File History icon. As described in figure (8-3) frequency of backup operations, type of backup (normal, differential or incremental) and cashing size could controlled under advanced options of the utility. Event Viewer provides extensive look and logging tool for failed and succeed backup processes figure (8-2).

Figure 7-7: Kaspersky Endpoint Protection stopped downloading the exe file.

Figure 8-9: advanced setting for windows backup utility

Figure 8-10 : windows backup events in event viewer.

Figure 8-8: Windows backup Utility turned-on

9. aeCERT Services:According to aeCERT website, their services are (aeCERT Services, 2015):

1. Awareness and Education : (AE1): Conduct awareness sessions, workshops and seminars about

information security in conjunction with the relevant government entities, private sector, academia and public.

2. Monitoring and Response : (M&R-1): Develop actionable intelligence from the analysis threat,

incident and vulnerability data. This information, as well as announcements, guidelines, or recommendations that pertain to longer term security issues.

(M&R-2): Forensics services include digital forensics investigations (computer forensics and mobile forensics),

data recovery and data wiping. (M&R-3): Crawling constituent websites and alert them in case of a

defacement or failure in reachability is detected. (M&R-4): Study the behavior of the malware and analyze it malicious

system and network activities in infected system.3. Security Quality :

(SQ1): Vulnerability Assessment: The aeCERT Vulnerability Assessment will provide information and reports about the Operating Systems and software running on the constituents' devices in order to discover potential vulnerabilities and threats.

(SQ2): Penetration Testing: The aeCERT Penetration Testing will attempt to simulate attacks against vulnerable operation systems or software running on a constituent’s device. It is intended to determine the possibility a successful attack and the impact of the exploitation on the system.

10.Internet Explorer Security Zones:Security zones offer you a convenient and flexible method for managing a

secure environment (Microsoft Internet Explorer 6 Resource Kit, 2015). Security zones enable user to:

Group sets of sites together. Assign a security level to each zone.

Internet Explorer includes the following predefined security zones:

Local intranet zone. The Local intranet zone includes all sites inside an organization's firewall (for computers connected to a local network). 

Trusted sites zone. The Trusted sites zone can include all Internet sites that you know are trusted. For example, the

Trusted sites zone might contain corporate subsidiaries' sites or the site of a trusted business partner. 

Internet zone. The Internet zone includes all sites on the Internet that are not in the Trusted sites or Restricted sites zones. 

Restricted sites zone. The Restricted sites zone can include all sites that you do not trust.

11. Project 3-2: Set Web Browser SecurityI have done all the steps in this project and results would displayed in the

following figures (11-1 to 11-5). Main idea to explore various internet browsing and tracking attributes: enable /disable contents, cookies management and tracking behavior.

Figure 11-13: Delete browsing history in IE.Figure 11-12: Specific (Skype) IE Add-on information.

Figure 11-14: bad.com before restricting it in IE.

Figure 11-16: bad.com after restricting it in IE.

Figure 11-17: IE history files and last checked state.

Figure 11-15: IE Privacy levels.

12. Project 3-4: ARP PoisoningFrom this exercise commands to control ARP tables entry had been utilized in

listing ARP table by using (arp –a) command- Figure (12-1), deleting ARP entry by (arp –d) command- Figure (12-3)., and adding specific MAC address entry using ( arp –s)- Figure(12-3).

Figure 12-21: running cmd console under UAC (windows8.1)

Figure 12-18: arp-a command to state ARP tableFigure 12-19: Default gateway IP address.

Figure 12-20: Deleting ARP entry by ARP –d command.

Worth to mention that these commands won't run under windows 7 or windows 8.1without user privilege escalation by running command prompt console under administrative privilege. This feature called User Access Control (UAC), which stop executables files to run without user permission, see Figure (12-4).

13. Project 3-5: Create an HTTP HeaderThe provided website returned an error (The remote server returned an error: (500)

Internal Server Error), figure (13-2). Another web site (http://requestmaker.com/) used and the result was the following, Figure (13-1).

The main objective of this exercise is to explore HTTP header

manipulation to create attack. Since original HTTP headers and originated by web browser such free available web sites can build the header for the attacker's advantage.

14. Project 3-5: Manage Flash CookiesExploring various Adobe Flash Cookies

had been explored and deleting all information from all websites had been experienced, Figure (14-1). The purpose of this exercise was highlighted that Adobe Settings Panel controls Adobe Flash Cookies not through normal web browser settings page.

Figure 13-23: Error retuned with httpdebugger.comFigure 13-22: Generated HTTP header and response

Figure 14-24: Global Privacy Settings panel

15. Stealth Signal Transmitter software: Stealth Signal for Mac OS & Mac OS X :

When using the Stealth Signal service user's computer is being kept tabs on, so the next time someone steals laptop of desktop computer they will help you locate it. A small undetectable program (Stealth Signal Transmitter) is installed in user's computer. This program silently tries to send a signal to Service Monitoring Network at random times without affecting computer's normal operations. (Stealth Signal forMac OS & Mac OS X, 2015)

XTool Computer Tracker: "The XTool Computer Tracker is the award winning system that helps assure

portable and desktop computers are safe and traceable. XTool Computer Tracker is the signature software based transmitter that, once installed, secretly sends a signal to the Stealth Signal Control Center via telephone or Internet connection, allowing our Recovery Team to track its location when reported lost or stolen. Worldwide recovery services available." (Stealth Signal Asset Recovery, 2006)

16. Spy& Sniffer Software:"Spy Software: is security monitoring software, also known as keylogger,

employee monitoring software, surveillance software, parental control, etc. Spy software can record computer activities such as typed keystrokes, visited websites, opened documents, typed messages, emails, used programs, screenshots, etc. Spy software can work invisibly or notify about monitoring." (Spy Software, 2015)

"Sniffer Software: In common industry usage, a sniffer is a program that monitors and analyzes network traffic, detecting bottlenecks and problems". (Rouse,2015)

The most famous network sniffer is Wireshark that comes embedded in Kali Linux as free software. Another one is Solarwinds Network Sniffer, which is add-on to Network performance Manager.

The given site is blocked by TRA in UAE another URL is working (http://www.webwatcher.com/), figure (16-1).

"WebWatcher is Parental & Employee Monitoring Software, offers a full family of monitoring software compatible with PC, Mac, iPhone, Android & BlackBerry. All WebWatcher products install easily in 5 minutes or less, are undetectable (and thus tamper proof) and all recorded data is sent to a secure web-based account, which allows you to monitor kids and employees at your convenience from any computer. WebWatcher allows you to monitor multiple devices (such as a PC and

Figure 16-25: WebWatcher website

an iPhone) from the same user interface so you get one unified view." (WebWatcher,2015)

17. Project 5-1: Setting Windows 7 Local Security Policy:

This exercise is about securing host computer by defining various attributes. These attributes control password complexity, password expiration date and how long it should be? Account lockout policy was addressed also in terms of how many times the user can access the account before it is locked out by failure authentication.

I did not change in default values in my personal computer, just explored the capability of each attribute.

18. Project 5-2: Viewing Windows 7 Firewall Settings

The idea behind this exercise to explore and modify setting of built-in firewall software in windows 7. Although I used Windows 8.1 the steps were identical and new rule TEST85 was created successfully, figure (18-1). The rule specify that inbound connection are allowed if the request came to specific bond of port (80 to 85).

19.Project 5-3: Viewing Logs using the Microsoft Windows Event Viewer

During this exercise, investigating different events took place on Windows 8.1 machine including error, warning and information events; also, view of Event Viewer includes Auditing logs. A lot of information logged for careful analysis to detect any

Figure 16-26: Local Security Policy MMC

Figure 18-27: new access rule created n windows firewall console

error happened in the past or to predict error or failure to be happened by notice behavior of errors.

20. Project 5-4: Creating a Custom View in Microsoft Windows Event Viewer

Figure 19-29: Windows 8.1 Event Viewer summary page

Figure 19-28: DHCP event incident

Figure 20-30: Event Viewer custom view

21. Project 6-2: Using an Internet Content FilterThe purpose is to explore K9 Web Protection by Bluecoat to control access to

web pages according to their content: special keywords, specific web sites and monitor the access sessions.

22. Project

10-1: Download and Install a Password Management Application

The idea is explore the capabilities of password manger. In this exercise, Keepass portable edition had been used. Although password mangers are excellent tools for generating complex passwords and eliminate the need to memorize them for various accounts, all security depends heavily on Master Password used for protecting software database. If Master Password had been compromised, the whole accounts saved on it should be changed immediately. There is no way to tell if such action had been achieved my malicious software or user. For myself I would recommend using 1Password, it's platform independent and could be use in any other platform rather than windows. This would eliminate the need to save ac copy of Keepass portable edition and its database.

Figure 21-31: google.com had been blocked by K9 web protection

Figure 22-32: Keepass used to open saved URL and copy password without memorizing it

23. Project 10-2: Download and Install a Browser-Based Password Management Application

Basics of using LastPass had had been explored along with How to Automatically Fill Webpage Forms with 1 Click videos. The main objective is to eliminate security risk of opening password management program and use automatic option of retrieving passwords from web browser based password managers.

24. Project 10-3: Using a Browser-Based Password Management Application

Since achvieving this exerscise, I have been using LastPass as my dialy password manger. The strength of using such application is central mangment store over the web and brwoser extiontion that relivied me of remebbering password. Never the less it was great tool for creating strong passwords, figure (23-1).

25. Project 10-4: Use Cognitive Biometrics

The exercise was excutied succesfully, figure (25-1). Using congnitive faces demo was achvied and spical link to each photo –only by the user- was accoplmished.

Figure 23-33: Exploring LastPass VideosFigure 23-34: LastPass Vault

Figure 24-35: passfaces.com demo completed

26. Project 10-5& 10-6: Creating and Using OpenID Account

OpenID account had been successfully created (ramy85.pip.verisignlabs.com), figure (26-1). Livejournal.com was successfully authenticated across my OpenID, figure (26-2) but scribblelive.com was not, (figure 26-3).

27. Project 11-4: Using

Microsoft Encrypting File System (EFS)The process of encryption and decryption is fully transparent and the only

difference the color of the encrypted file name to be green, figure (27-1). No delay was noticed may be because of fast PCs or the content was not large enough. It is always good practice to backup encryption key for decryption later if the PC was formatted.

Figure 25-36: OpenID created

Figure 26-38: OpenID accessed livejournal.com

Figure 26-37: OpenID used to access scribblelive.com, (Unsuccessful)

Figure 27-39: Encrypted and unencrypted word documents

28. Project 11-5: Using TrueCrypt"TrueCrypt is a discontinued source-

available freeware utility used for on-the-fly encryption (OTFE). It can create a virtual encrypted disk within a file or encrypt a partition or (under Microsoft Windows except Windows 8 with GPT) the entire storage device." (Wikipedia:TrueCrypt, 2015) TrueCrypt is alternative to Windows EFS for protecting user files (Ciampa,2012). TrueCrypt is longer supported since May 2014 also TrueCrypt was no longer secure (TrueCrypt, 2015). For the previous reasons I chose to do Project 11-5 and do Bit Locker exercise e instead, project 11-6.

29. Project 11-6: Enable BitLocker EncryptionThe purpose of this exercise to use BitLocker to encrypt removable storage

unit and use password to decrypt it. Smart Card could be used also to open the encrypted unit. To protect fixed hard drives TPM should be available on computer hardware otherwise administrator should enable encryption without TPM, which should require additional credentials during logon process.

30. Ultimate Zip Cracker:I will skip this exercise even I tried working with the software, which I

installed.

Figure 28-40: TruCrypt end of life

Figure 29-42: BitLocker encryptionFigure 29-41: BitLocker recovery key

Figure 30-43: Ultimate Zip Cracker, installed

31. Microsoft Office Trust Center:The Trust Center is where user can find security and privacy settings for the

Microsoft Office system programs. The Very High, High, Medium, and Low security levels that were used in earlier versions of Office are now replaced with a more streamlined security system. Trust Center settings used to guard against external threats like those sometimes posed by add-ins, VBA macros, ActiveX controls and other content from sources you haven’t granted trusted status. (Technet, 2014)

To access trust center settings in Office applications by going to File > Options > Trust Center > Trust Center Settings.

32. Hash Algorithms: I will skip this exercise even I tried used given page to process my name

through different hash algorithms.

33. Biometric Authentication Software: Biotacker : behavioral biometrics (mouse and free-text keystroke

movements). (Biotacker, 2015) BioID : face and voice recognition. (BioID, 2015) BIO-key: fingerprint biometric identification. (BIO-key, 2015)

34. Hushmail:Created email successfully but I was tried it. Unfortunately, the results was not

the same as mention from supplementary document. The received message to ZU Mail

Figure 31-44: Microsoft Office (word) Trust Center

Figure 32-45: Microsoft Office (word) Trust Center

with fully readable and there is no way to confirm the encryption rather than trust the site itself.

35.

PGP:Simply, did work with newer version of windows. In addition, I did not get

time to start with Dr. Maurice recommendation or use virtual PC edition.

36. etisalat PKI Solution :The provided URL had been changed to

http://www.etisalat.ae/en/business-/products-and-services/services/securityservices/pki-solutions.jsp, figure (36-1)

Figure 35-48: PKI solution from etisalat

Figure 34-47: ZUmail inbox from HushmailFigure 34-46: Hushmail sent inbox

37. Verisign:VeriSign Authentication Services, now

part of Symantec Corp. (NASDAQ: SYMC), provides solutions that allow companies and consumers to engage in communications and commerce online with confidence. (Verisign, 2015)

38. Project 12-1: Viewing Digital Certificates

Since google.com default web page keeping directing me to SSL site I used ZU home page to prove that with HTTP in URL there is no padlock. Aim of this exercise to experience the difference between normal HTTP and HTTPS connection also to get familiar with different digital certificate attributes.

Figure 37-49: PKI solution from etisalat

Figure 38-50: no padlock (no certificate) in normal http connection

Figure 38-51: padlock indicating certificate in URL (SSL Connection)

Figure 38-53: certificate public keyFigure 38-52: certificate issuing& expiring dates

39. Project 12-2: Viewing Digital Certificates Revocation Lists (CRL) and Untrusted Certificates

To explore CRL on windows machine along with untrusted repository with certificates included

40.

Project 12-3: Downloading and Installing Digital Certificate

Although I applied for Comdo free email certificate, I have certificate of mine issued by Emirates ID- as everybody else of UAE. The submittal and installation was easy through web page, email download and Certificate Manager Import process. The destination was in personal repository in current user certificates, figure (39-1)

P.S.: I am proud to hold such personal certificate (EIDA Client Authentication Cert.) from mGoverment. This tells us that somebody in this government is thinking ahead for the future.

41. Project 12-4: Using a Digital Certificate for Signing Documents

Suring this exercise I used my obtained free certificate from Comdo and used it sign any email going from my work email. The receiver will indicate red seal upon receiving an email from my work email indicating my digital identity, figure (41-2&3)

Figure 39-57: CRL CertificateFigure 39-56: untrusted certificate

Figure 40-58: email & Client authentication certificates

Figure 41-61: using private key to sign outgoing email

Figure 41-60: extra information for my email receiver

ReferencesaeCERT Services. (2015). Retrieved from Computer Emergency Response Team:

http://aecert.ae/en/section/services

BioID. (2015, May 4). Retrieved from BioID: https://www.bioid.com/

BIO-key. (2015, May 4). Retrieved from BIO-key: http://www.bio-key.com/

Biotacker. (2015, May 4). Retrieved from Plurilock: https://www.plurilock.com/products/biotracker/

Brad, C. (2012, Septemper 3). How to securely erase your hard drive. Retrieved from PC world: http://www.pcworld.com/article/261702/how_to_securely_erase_your_hard_drive.html

Ciampa, M. (2012). Malware And Social Engineering Attacks. In M. Ciampa, Security+ Guide to Network Security Fundamentals (p. 48). Course Technology.

Free computer security. (2015). Retrieved from Secunia: http://secunia.com/vulnerability_scanning/personal/

Microsoft Internet Explorer 6 Resource Kit. (2015). Retrieved from Chapter 4 - Security Zones: https://technet.microsoft.com/en-us/library/dd361896.aspx

PC Tab Alarm System. (2015). Retrieved from Computer Security: http://www.computersecurity.com/pctab/

Rouse, M. (2015, April 23). Sniffer. Retrieved from TechTarget: http://searchnetworking.techtarget.com/definition/sniffer

Spy Software. (2015, April 23). Retrieved from Employe Monitor System: http://hidetools.com/spy_software.html

Stealth Signal Asset Recovery. (2006, June 7). Retrieved from Computer Security Products, Inc.: https://www.computersecurity.com/pdf/Stealth_Signal.pdf

Stealth Signal for Mac OS & Mac OS X. (2015, April 23). Retrieved from Macintosh Security Site: https://www.securemac.com/stealthsignalservice.php

Technet. (2014, Septemper 17). Trust Center settings for Office 2013. Retrieved from Microsoft Technet: https://technet.microsoft.com/en-us/library/dn166703.aspx

TrueCrypt. (2015, May 3). Retrieved from TrueCrypt: http://truecrypt.sourceforge.net/

Verisign, S. (2015, May 4). Products and Services. Retrieved from Symantc Verisign: http://www.verisign.com/products-services/index.html?tid=gnps

WebWatcher. (2015, April 23). Retrieved from WebWatcher: http://www.webwatcher.com/

Wikipedia: TrueCrypt. (2015, April 11). Retrieved from Wikipedia: the free encyclopedia: http://en.wikipedia.org/wiki/TrueCrypt