College of Technological Innovation

Laboratory Project Portfolio

By
Rami Elsayed, ID #: M80006762

April 2015

Rami Elsayed, 2015

Advisor: Dr. Anthony Rhodes

Table of Contents
1. Project 1-1: Automatically Receive the Latest Security Information
5
2. Project 1-2: Detect and Install Software Updates Using Secunia
Personal Software Inspector (PSI)......................................................5
3. Project 1-3: Use an EULA Analyzer.................................................6
4. PC Tab Alarm Team System:...........................................................6
5. HDD wipe software:........................................................................7
6. Project 2-1: Block a USB Drive.......................................................7
7. Project 2-3: Use a Software Key logger..........................................8
8. Windows File backup:.....................................................................8
9. aeCERT Services:............................................................................9
10.Internet Explorer Security Zones:.................................................9
11.Project 3-2: Set Web Browser Security........................................10
12.Project 3-4: ARP Poisoning..........................................................11
13.Project 3-5: Create an HTTP Header............................................12
14.Project 3-5: Manage Flash Cookies.............................................13
15.Stealth Signal Transmitter software:...........................................13
16.Spy& Sniffer Software:................................................................13
17.Project 5-1: Setting Windows 7 Local Security Policy:.................14
18.Project 5-2: Viewing Windows 7 Firewall Settings.......................15
19.Project 5-3: Viewing Logs using the Microsoft Windows Event
Viewer..............................................................................................15
20.Project 5-4: Creating a Custom View in Microsoft Windows Event
Viewer..............................................................................................16
21.Project 6-2: Using an Internet Content Filter...............................16
22.Project 10-1: Download and Install a Password Management
Application.......................................................................................17
23.Project 10-2: Download and Install a Browser-Based Password
Management Application.................................................................17
24.Project 10-3: Using a Browser-Based Password Management
Application.......................................................................................18
25.Project 10-4: Use Cognitive Biometrics.......................................18
26.Project 10-5& 10-6: Creating and Using OpenID Account...........18
27.Project 11-4: Using Microsoft Encrypting File System (EFS)........19
28.Project 11-5: Using TrueCrypt.....................................................19

29.Project 11-6: Enable BitLocker Encryption..................................19

30.Ultimate Zip Cracker:..................................................................20
31.Microsoft Office Trust Center:......................................................20
32.Hash Algorithms:........................................................................21
33.Biometric Authentication Software:............................................21
34.Hushmail:....................................................................................21
35.PGP:............................................................................................21
36.etisalat PKI Solution :..................................................................22
37.Verisign:......................................................................................22
38.Project 12-1: Viewing Digital Certificates....................................22
39.Project 12-2: Viewing Digital Certificates Revocation Lists (CRL)
and Untrusted Certificates...............................................................23
40.Project 12-3: Downloading and Installing Digital Certificate.......24
41.Project 12-4: Using a Digital Certificate for Signing Documents. 24
References.......................................................................................25

Table of Figures
Figure 1-1: Google Reader discontinued...................................................5
Figure 1-2: RSS feed viewed in MS Outlook..............................................5
Figure 2-1: Secunia PSI update scanning report........................................5
Figure 3-1: Windows 8.1 Pro license analysis............................................6
Figure 6-1: thumbscrew system tray (USB writing blocked)......................7
Figure 6-2: Windows 8 Local group policy (Removable Storage Access). .7
Figure 7-1: Kaspersky Endpoint Protection stopped downloading the exe
file............................................................................................................... 8
Figure 8-1: Windows backup Utility turned-on..........................................8
Figure 8-2 : windows backup events in event viewer................................8
Figure 8-3: advanced setting for windows backup utility..........................8
Figure 10-1: Internet Explorer Security Zones........................................10
Figure 11-1: Specific (Skype) IE Add-on information...............................10
Figure 11-2: Delete browsing history in IE..............................................10
Figure 11-3: bad.com before restricting it in IE.......................................11
Figure 11-4: IE Privacy levels..................................................................11
Figure 11-5: bad.com after restricting it in IE.........................................11
Figure 11-6: IE history files and last checked state................................11
Figure 12-1: arp-a command to state ARP table.....................................11
Figure 12-2: Default gateway IP address.................................................11
Figure 12-3: Deleting ARP entry by ARP d command............................12
Figure 12-4: running cmd console under UAC (windows8.1)...................12
Figure 13-1: Generated HTTP header and response................................12
Figure 13-2: Error retuned with httpdebugger.com.................................12
Figure 14-1: Global Privacy Settings panel..............................................13
Figure 16-1: WebWatcher website..........................................................14
Figure 16-1: Local Security Policy MMC...................................................14
Figure 18-1: new access rule created n windows firewall console...........15
Figure 19-1: DHCP event incident...........................................................15
Figure 19-2: Windows 8.1 Event Viewer summary page.........................15
Figure 20-1: Event Viewer custom view..................................................16
Figure 21-1: google.com had been blocked by K9 web protection..........16
Figure 22-1: Keepass used to open saved URL and copy password
without memorizing it...............................................................................17
Figure 23-1: Exploring LastPass Videos...................................................17
Figure 23-2: LastPass Vault.....................................................................17
Figure 24-1: passfaces.com demo completed.........................................18
Figure 25-1: OpenID created...................................................................18
Figure 26-2: OpenID used to access scribblelive.com, (Unsuccessful)....18
Figure 26-3: OpenID accessed livejournal.com.......................................18
Figure 27-1: Encrypted and unencrypted word documents.....................19
Figure 28-1: TruCrypt end of life..............................................................19
Figure 29-1: BitLocker recovery key........................................................20
Figure 29-2: BitLocker encryption...........................................................20
Figure 30-1: Ultimate Zip Cracker, installed............................................20
Figure 31-1: Microsoft Office (word) Trust Center....................................20
Figure 32-1: Microsoft Office (word) Trust Center....................................21
Figure 34-1: Hushmail sent inbox............................................................21
Figure 34-2: ZUmail inbox from Hushmail...............................................21

Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure
Figure

35-1: PKI solution from etisalat....................................................22

37-1: PKI solution from etisalat...................................................22
38-3: no padlock (no certificate) in normal http connection........22
38-1: padlock indicating certificate in URL (SSL Connection).......22
38-2: certificate issuing& expiring dates......................................23
38-4: certificate public key...........................................................23
38-5: certificate root....................................................................23
38-6: certificate's exports default format.....................................23
39-1: untrusted certificate...........................................................23
39-2: CRL Certificate....................................................................23
40-1: email & Client authentication certificates...........................24
41-1: sealed incoming email........................................................24
41-2: extra information for my email receiver..............................24
41-3: using private key to sign outgoing email............................24

1.Project 1-1: Automatically Receive the Latest

Security Information
As security filed is dynamic for IT professional to keep updated
about the most recent threats, vulnerability and attacks. It's essential
to get the latest news in one centralized, easy access view: this is
accomplished by tracking these updates using RSS (Really Simple
Syndication) which could be viewed as items in Microsoft Outlook and
browse the as simple as checking emails.
Through this exercise, the above-mentioned method was
optimized by using one of the most famous blogs in internet security
(Google Online Security). Although Google Reader had been
discontinued (Figure 1-2) Microsoft Outlook used and there are
different number of RSS applications to be used (Figure 1-1), number
of them work on mobile devices (Flip Board App.).

2.

Figure 12: RSS feed viewed in MS Outlook

Figure 11: Google Reader discontinued

Project 1-2: Detect and Install Software Updates

Using Secunia Personal Software Inspector (PSI)
The purpose to install and
configure Secunia PSI, which scans
PC for installed software and cross
check them with their vendor to
keep track of most recent patch
updates and install them. This
initiative came after realizing that
78% of open doors on standard PC
comes
from
non-Microsoft
programs (Free computer security,
2015)

Figure 21: Secunia PSI update scanning report

3.Project 1-3: Use an EULA Analyzer

Step (1) of the exercise has outdated URL that changed to
http://www.microsoft.com/en-us/legal/IntellectualProperty/UseTerms/Default.aspx .

I were not aware of these agreements of tracing and

monitoring when I installed windows 8.1 professional Edition. Never
the less these information seems to collect information beyond my
knowledge and use it for improvements and may use for advertising
purposes. In real world situation, normal user has to agree or even
ignore such tracking behavior since he has no option to control them
or use customized edition of Open Source Software: which in always
easy to achieve productivity within it as of shelf products.
The purpose of this exercise to explore the hidden features of
tracking and monitoring that buried in EULA by the software
vendors. It's not practical to analyze every work and explore the
legal issues behind it. Using such tools would highlight such hidden
points and educate the computer user about them.

Figure 31: Windows 8.1 Pro license analysis

4.PC Tab Alarm Team System:

PC Tab System uses a special hardware sensor with steel cable
attached to any PC system (PC, laptop, tablet etc.) to alert the
owner of any possible theft or tampering. Alerts would be displayed
in central panel and connect through existing network connections.
(PC Tab Alarm System, 2015)

5.HDD wipe software:

There is number of application to secure wipe the whole hard
disk, selected file or even the USB flash memory, here the names of
reliable software and its mission respectively: Secure Erase or Parted
Magic, the open-source Eraser and Roadkil's Disk Wipe. (Brad,
2012)

6.Project 2-1: Block a USB Drive

The purpose is use third party software to control the access
write control to USB flash drive. This exercise is handy to end users
to allow them disabling write option in case of malware uses this
facility to infect the portable storage.
Although thumbscrew installed successfully but it was not able
to block the write access to USB flash drive (figure 6-1). Another
option is to use local group policy provided by windows using this
command gpedit.msc and number of options available

Figure 61: thumbscrew system tray (USB writing blocked)

Figure 62: Windows 8 Local group policy (Removable Storage Access)

7.Project 2-3: Use a Software Key logger

The
purpose
of
the exercise
to
provide
information
about such
program
working
mechanism.
Such
software
Figure 71: Kaspersky Endpoint Protection stopped downloading the exe file.
may
suppressed by using latest and updated Antivirus & Antispam software
(Endpoint Protection Suits). Another simple and safe step is to use
virtual web keyboards implemented in various numbers of ecommerce
websites.
I tried to install the software on running virtual Windows XP
machine (HyperV Machine). I have not find any version coming without
spyware. So decided to stop working at this point.
Although in the past, I used Family Logger for experimenting
these logging capabilities and the report was in simple test format.

8.Windows File backup:

Figure 81: Windows backup Utility turned-on

Windows Backup utility embedded in Microsoft Windows

operating system: used to backup user files on external storage or
network mapped drive illustrated in figure (8-1). The tools accessed by
navigating to Control Panel then choosing System and Security next
executing File History icon. As described in figure (8-3) frequency of
backup operations, type of backup (normal, differential or incremental)
and cashing size could controlled under advanced options of the utility.
Event Viewer provides extensive look and logging tool for failed and
succeed backup processes figure (8-2).

9.aeCERT Services:

Figure 83: advanced setting for windows backup utility

Figure 82 : windows backup events in event viewer.

According
website, their services are (aeCERT Services, 2015):

to

aeCERT

1. Awareness and Education:

(AE1): Conduct awareness sessions, workshops and
seminars about information security in conjunction with
the relevant government entities, private sector,
academia and public.
2. Monitoring and Response:
(M&R-1): Develop actionable intelligence from the
analysis threat, incident and vulnerability data. This
information, as well as announcements, guidelines, or
recommendations that pertain to longer term security
issues.
(M&R-2): Forensics services include digital forensics
investigations
(computer
forensics
and
mobile
forensics),
data recovery and data wiping.

(M&R-3): Crawling constituent websites and alert them

in case of a defacement or failure in reachability is
detected.
(M&R-4): Study the behavior of the malware and analyze
it malicious system and network activities in infected
system.
3. Security Quality:
(SQ1):
Vulnerability
Assessment:
The
aeCERT
Vulnerability Assessment will provide information and
reports about the Operating Systems and software
running on the constituents' devices in order to discover
potential vulnerabilities and threats.
(SQ2): Penetration Testing: The aeCERT Penetration
Testing will attempt to simulate attacks against
vulnerable operation systems or software running on a
constituents device. It is intended to determine the
possibility a successful attack and the impact of the
exploitation on the system.

10.Internet Explorer Security Zones:

Security zones offer you a convenient and flexible method for
managing a secure environment (Microsoft Internet Explorer 6
Resource Kit, 2015). Security zones enable user to:
Group sets of sites together.
Assign a security level to each zone.
Internet Explorer includes the following predefined security zones:
Local
intranet
zone. The
Local intranet zone includes all
sites inside an organization's
firewall
(for
computers
.connected to a local network)

Trusted
sites
zone. The
Trusted sites zone can include
all Internet sites that you know
are trusted. For example, the
Trusted
sites
zone
might
contain corporate subsidiaries'
sites or the site of a trusted
.business partner

Internet

zone. The

Internet

Figure 101: Internet Explorer Security Zones. zone includes all sites on the

Internet that are not in the Trusted sites or Restricted sites

.zones

Restricted sites zone. The Restricted sites zone can include

.all sites that you do not trust

11. Project 3-2: Set Web Browser Security

I have done all the steps in this project and results would
displayed in the following figures (11-1 to 11-5). Main idea to
explore various internet browsing and tracking attributes: enable
./disable contents, cookies management and tracking behavior

Figure 111: Specific (Skype) IE Add-on information.

Figure 112: Delete browsing history in IE.

Figure 113: bad.com before restricting it in IE.

Figure 114: IE Privacy levels.

Figure 115: bad.com after restricting it in IE.

Figure 116: IE history files and last checked state.

12.Project 3-4: ARP Poisoning

From this exercise commands to control ARP tables entry had
been utilized in listing ARP table by using (arp a) command- Figure
(12-1), deleting ARP entry by (arp d) command- Figure (12-3)., and
adding specific MAC address entry using ( arp s)- Figure(12-3).

Figure 121: arp-a command to state ARP table

Figure 122: Default gateway IP address.

Figure 123: Deleting ARP entry by ARP d command.

that

Figure 124: running cmd console under UAC (windows8.1)

Worth to
mention
these

commands won't run under windows 7 or windows 8.1without user

privilege escalation by running command prompt console under
administrative privilege. This feature called User Access Control
(UAC), which stop executables files to run without user permission,
see Figure (12-4).

13. Project 3-5: Create an HTTP Header

The provided website returned an error ( The remote server
returned an error: (500) Internal Server Error ), figure (13-2). Another web site
(http://requestmaker.com/) used and the result was the following, Figure
(13-1).

Figure 131: Generated HTTP header and response

Figure 132: Error retuned with httpdebugger.com

The main objective of this exercise is to explore HTTP header

manipulation to create attack. Since original HTTP headers and
originated by web browser such free available web sites can build the
header for the attacker's advantage.

14. Project 3-5: Manage Flash Cookies

Exploring
various
Adobe
Flash Cookies had been explored and
deleting all information from all
websites had been experienced,
Figure (14-1). The purpose of this
exercise was highlighted that Adobe
Settings Panel controls Adobe Flash
Cookies not through normal web
browser settings page.
Figure 141: Global Privacy Settings panel

15.

Stealth Signal Transmitter software:

Stealth Signal for Mac OS & Mac OS X:

When using the Stealth Signal service user's computer is
being kept tabs on, so the next time someone steals laptop of
desktop computer they will help you locate it. A small undetectable
program (Stealth Signal Transmitter) is installed in user's computer.
This program silently tries to send a signal to Service Monitoring
Network at random times without affecting computer's normal
operations. (Stealth Signal for Mac OS & Mac OS X, 2015)
XTool Computer Tracker:

"The XTool Computer Tracker is the award winning system

that helps assure portable and desktop computers are safe and
traceable. XTool Computer Tracker is the signature software based
transmitter that, once installed, secretly sends a signal to the Stealth
Signal Control Center via telephone or Internet connection, allowing
our Recovery Team to track its location when reported lost or stolen.
Worldwide recovery services available." (Stealth Signal Asset
Recovery, 2006)

16. Spy& Sniffer Software:

"Spy Software: is security monitoring software, also known
as keylogger, employee monitoring software, surveillance software,
parental control, etc. Spy software can record computer activities
such as typed keystrokes, visited websites, opened documents,
typed messages, emails, used programs, screenshots, etc. Spy
software can work invisibly or notify about monitoring." (Spy
Software, 2015)
"Sniffer Software: In common industry usage, a sniffer is a
program that monitors and analyzes network traffic, detecting
bottlenecks and problems". (Rouse, 2015)
The most famous network sniffer is Wireshark that comes
embedded in Kali Linux as free software. Another one is Solarwinds
Network Sniffer, which is add-on to Network performance Manager.
The given site is blocked by TRA in UAE another URL is
working (http://www.webwatcher.com/),
figure (16-1).
"WebWatcher is Parental &
Employee Monitoring Software,
offers a full family of monitoring
software compatible with PC, Mac,
iPhone, Android & BlackBerry. All
WebWatcher products install easily
in 5 minutes or less, are
undetectable (and thus tamper
proof) and all recorded data is sent
to a secure web-based account,
Figure 161: WebWatcher website
which allows you to monitor kids
and employees at your convenience from any computer. WebWatcher
allows you to monitor multiple devices (such as a PC and an iPhone)
from the same user interface so you get one unified view."
(WebWatcher, 2015)

17. Project 5-1: Setting Windows 7 Local

Security Policy:
This exercise is about securing host
computer by defining various attributes.
These
attributes
control
password
complexity, password expiration date and
how long it should be? Account lockout
policy was addressed also in terms of how
many times the user can access the
account before it is locked out by failure
authentication.
I did not change in default values
in my personal computer, just explored the Figure 161: Local Security Policy MMC
capability of each attribute.

18. Project 5-2: Viewing Windows 7 Firewall

Settings
The idea behind
this exercise to explore
and modify setting of
built-in firewall software in
windows 7. Although I
used Windows 8.1 the
steps were identical and
new rule TEST85 was
created
successfully,
figure (18-1). The rule
specify
that
inbound
connection are allowed if Figure 181: new access rule created n windows firewall console
the request came to specific bond of port (80 to 85).

19.Project 5-3: Viewing Logs using the Microsoft

Windows Event Viewer

During this exercise, investigating different events took place

on Windows 8.1 machine including error, warning and information
events; also, view of Event Viewer includes Auditing logs. A lot of
information logged for careful analysis to detect any error happened
in the past or to predict error or failure to be happened by notice
behavior of errors.

Figure 191: DHCP event incident

Figure 192: Windows 8.1 Event Viewer summary page
20. Project 5-4:
Creating a Custom View in Microsoft Windows
Event Viewer

Figure 201: Event Viewer custom view

21. Project 6-2: Using an Internet Content Filter

The purpose is to explore K9 Web Protection by Bluecoat to
control access to web pages according to their content: special
keywords, specific web sites and monitor the access sessions.

22.

Figure 211: google.com had been blocked by K9 web protection

10-1: Download and Install a Password

Management Application

P
r
o
j
e
c
t

The idea is explore the capabilities of password manger. In this

exercise, Keepass portable edition had been used. Although password
mangers are excellent tools for generating complex passwords and
eliminate the need to memorize them for various accounts, all

Figure 221: Keepass used to open saved URL and copy password without memorizing it

security depends heavily on Master Password used for protecting

software database. If Master Password had been compromised, the
whole accounts saved on it should be changed immediately. There is
no way to tell if such action had been achieved my malicious
software or user. For myself I would recommend using 1Password, it's
platform independent and could be use in any other platform rather
than windows. This would eliminate the need to save ac copy of
Keepass portable edition and its database.

23. Project 10-2: Download and Install a BrowserBased Password Management Application
Basics of using LastPass had had been explored along with
How to Automatically Fill Webpage Forms with 1 Click videos.
The main objective is to eliminate security risk of opening password
management program and use automatic option of retrieving
passwords from web browser based password managers.

Figure 232: LastPass Vault

Figure 231: Exploring LastPass Videos

24. Project 10-3: Using a Browser-Based

Password Management Application
Since achvieving this exerscise, I have been using LastPass as
my dialy password manger. The strength of using such application is
central mangment store over the web and brwoser extiontion that
relivied me of remebbering password. Never the less it was great tool
for creating strong passwords, figure (23-1).

25. Project 10-4: Use

Cognitive Biometrics
The exercise was excutied
succesfully, figure (25-1). Using
congnitive faces demo was achvied
and spical link to each photo only by
the user- was accoplmished.

Figure 241: passfaces.com demo completed

26.
10-

Project 10-5&
6: Creating and
Using OpenID
Account

Figure 251: OpenID created

OpenID account had been successfully created

(ramy85.pip.verisignlabs.com), figure (26-1). Livejournal.com was
successfully authenticated across my OpenID, figure (26-2) but
scribblelive.com was not, (figure 26-3).

27. Project 11-4: Using Microsoft Encrypting File

System (EFS)

Figure 262: OpenID used to access scribblelive.com, (Unsuccessful)

The process of encryption

and decryption is fully transparent
and the only difference the color of the encrypted file name to be
green, figure (27-1). No delay was noticed may be because of fast
PCs or the content was not large enough. It is always good practice to
backup encryption key for decryption later if the PC was formatted.

Figure 263: OpenID accessed livejournal.com

Figure 271: Encrypted and unencrypted word documents

28. Project 11-5: Using TrueCrypt

"TrueCrypt is a discontinued
source-available freeware utility used
for on-the-fly encryption (OTFE). It can
create a virtual encrypted disk within a
file or encrypt a partition or (under
Microsoft Windows except Windows 8
with GPT) the entire storage device."
(Wikipedia: TrueCrypt, 2015) TrueCrypt
is alternative to Windows EFS for
protecting user files (Ciampa, 2012).
TrueCrypt is longer supported since May Figure 281: TruCrypt end of life
2014 also TrueCrypt was no longer secure (TrueCrypt, 2015). For the
previous reasons I chose to do Project 11-5 and do Bit Locker exercise
e instead, project 11-6.

29. Project 11-6: Enable BitLocker Encryption

The purpose of this exercise to use BitLocker to encrypt
removable storage unit and use password to decrypt it. Smart Card
could be used also to open the encrypted unit. To protect fixed hard
drives TPM should be available on computer hardware otherwise
administrator should enable encryption without TPM, which should
require additional credentials during logon process.

30.
Ultimate Zip Cracker:

Figure 291: BitLocker recovery key

Figure 292: BitLocker encryption

I will skip this exercise even I tried working with the software,
which I installed.

Figure 301: Ultimate Zip Cracker, installed

31. Microsoft Office Trust Center:

The Trust Center is where user can find security and privacy
settings for the Microsoft Office system programs. The Very High,
High, Medium, and Low security
levels that were used in earlier
versions of Office are now replaced
with a more streamlined security
system. Trust Center settings used
to guard against external threats like
those sometimes posed by add-ins,
VBA macros, ActiveX controls and
other content from sources you
havent granted trusted status.
Figure 311: Microsoft Office (word) Trust Center
(Technet, 2014)
To access trust center settings in Office applications by going
to File > Options > Trust Center > Trust Center Settings.

32. Hash Algorithms:

I will skip this exercise even I tried used given page to process
my name through different hash algorithms.

Figure 321: Microsoft Office (word) Trust Center

33. Biometric Authentication Software:

Biotacker: behavioral biometrics (mouse and free-text

keystroke movements). (Biotacker, 2015)
BioID: face and voice recognition. (BioID, 2015)
BIO-key: fingerprint biometric identification. (BIO-key,
2015)

34. Hushmail:
Created email successfully but I was tried it. Unfortunately,
the results was not the same as mention from supplementary
document. The received message to ZU Mail with fully readable and
there is no way to confirm the encryption rather than trust the site
itself.

Figure 341: Hushmail sent inbox

35.
35.
35.

Figure 342: ZUmail inbox from Hushmail

PGP:
Simply, did work with newer version of windows. In addition, I
did not get time to start with Dr. Maurice recommendation or
use virtual PC edition.

36. etisalat PKI Solution

:
The provided URL had been
changed to
http://www.etisalat.ae/en/business-/productsand-services/services/securityservices/pkisolutions.jsp, figure (36-1)

Figure 351: PKI solution from etisalat

37.Verisign:
VeriSign Authentication
Services, now part of Symantec Corp.
(NASDAQ: SYMC), provides solutions
that allow companies and consumers
to engage in communications and
commerce online with confidence.
(Verisign, 2015)

Figure 371: PKI solution from etisalat

38. Project 12-1: Viewing Digital Certificates

Since google.com default web page keeping directing me to
SSL site I used ZU home page to prove that with HTTP in URL there is
no padlock. Aim of this exercise to experience the difference between
normal HTTP and HTTPS connection also to get familiar with different
digital certificate attributes.

Figure 381: no padlock (no certificate) in normal http connection

Figure 382: padlock indicating certificate in URL (SSL Connection)

Figure 384: certificate public key

Figure 383: certificate issuing& expiring dates

39.
o
c

Pr
je
t

Figure 385: certificate root

Figure 386: certificate's exports default format.

12-2: Viewing
Digital Certificates Revocation Lists (CRL) and
Untrusted Certificates

To explore CRL on windows machine along with untrusted

repository with certificates included

40.

Project 123:
Figure 392: CRL Certificate
Downloading and Installing Digital Certificate
Figure 391: untrusted certificate

Although I applied for Comdo free email certificate, I have

certificate of mine issued by
Emirates ID- as everybody else of
UAE. The submittal and installation
was easy through web page, email
download and Certificate Manager
Import process. The destination was
in personal repository in current
user certificates, figure (39-1)
P.S.: I am proud to hold such
personal certificate (EIDA Client Figure 401: email & Client authentication certificates

Authentication Cert.) from mGoverment. This tells us that somebody

in this government is thinking ahead for the future.

41. Project 12-4: Using a Digital Certificate for

Signing Documents
Suring this exercise I used my obtained free certificate from
Comdo and used it sign any email going from my work email. The
receiver will indicate red seal upon receiving an email from my work
email indicating my digital identity, figure (41-2&3)

FigureFigure
413: using
to sign email
outgoing email
411private
: sealedkey
incoming
Figure 412: extra information for my email receiver

References
aeCERT Services. (2015). Retrieved from Computer Emergency
Response Team: http://aecert.ae/en/section/services
BioID. (2015, May 4). Retrieved from BioID: https://www.bioid.com/
BIO-key. (2015, May 4). Retrieved from BIO-key: http://www.biokey.com/
Biotacker. (2015, May 4). Retrieved from Plurilock:
https://www.plurilock.com/products/biotracker/
Brad, C. (2012, Septemper 3). How to securely erase your hard
drive. Retrieved from PC world:
http://www.pcworld.com/article/261702/how_to_securely_eras
e_your_hard_drive.html
Ciampa, M. (2012). Malware And Social Engineering Attacks. In M.
Ciampa, Security+ Guide to Network Security Fundamentals
(p. 48). Course Technology.
Free computer security. (2015). Retrieved from Secunia:
http://secunia.com/vulnerability_scanning/personal/
Microsoft Internet Explorer 6 Resource Kit. (2015). Retrieved from
Chapter 4 - Security Zones: https://technet.microsoft.com/enus/library/dd361896.aspx
PC Tab Alarm System. (2015). Retrieved from Computer Security:
http://www.computersecurity.com/pctab/
Rouse, M. (2015, April 23). Sniffer. Retrieved from TechTarget:
http://searchnetworking.techtarget.com/definition/sniffer
Spy Software. (2015, April 23). Retrieved from Employe Monitor
System: http://hidetools.com/spy_software.html
Stealth Signal Asset Recovery. (2006, June 7). Retrieved from
Computer Security Products, Inc.:
https://www.computersecurity.com/pdf/Stealth_Signal.pdf
Stealth Signal for Mac OS & Mac OS X. (2015, April 23). Retrieved
from Macintosh Security Site:
https://www.securemac.com/stealthsignalservice.php
Technet. (2014, Septemper 17). Trust Center settings for Office
2013. Retrieved from Microsoft Technet:
https://technet.microsoft.com/en-us/library/dn166703.aspx
TrueCrypt. (2015, May 3). Retrieved from TrueCrypt:
http://truecrypt.sourceforge.net/

Verisign, S. (2015, May 4). Products and Services. Retrieved from

Symantc Verisign: http://www.verisign.com/productsservices/index.html?tid=gnps
WebWatcher. (2015, April 23). Retrieved from WebWatcher:
http://www.webwatcher.com/
Wikipedia: TrueCrypt. (2015, April 11). Retrieved from Wikipedia: the
free encyclopedia: http://en.wikipedia.org/wiki/TrueCrypt