Module 02: Administrative Network Security

58 Minutes Remaining
Instructions Resources Help 100%
Exercise 3: Monitoring Activities on a Remote User System

Spytech SpyAgent is a powerful computer spy software that allows the network defender to stealthily
monitor all activities of users on their respective computers. SpyAgent provides a large array of
essential computer monitoring features as well as a website; an application; and chat-client blocking,
lockdown scheduling, and remote delivery of logs via email or FTP.

Lab Scenario

Today, employees are given access to a wide array of electronic communication equipment. Email,
instant messaging, global positioning systems, telephone systems, and video cameras have given
employers new ways to monitor the conduct and performance of their employees. Many employees
are provided with a laptop computer and mobile phone that they can take home and use for
business outside the workplace. Whether an employee can reasonably expect privacy when using
such company-supplied equipment depends, in large part, on the security policy the employer has
established and made known to employees. Thus, the network defender should know how to track
and monitor the activities of remote users in the organization.

Lab Objectives

The objective of this lab is to demonstrate how to monitor user activities remotely using Spytech
SpyAgent. In this lab, you will

• Understand the process of monitoring employee activities using Spytech SpyAgent

Overview of the Lab

SpyAgent provides a large array of essential computer monitoring features as well as a website; an
application; and chat client blocking, logging scheduling, and remote delivery of logs via email or
FTP.

Lab Tasks

If you have already launched Smoothwall Firewall and AD Domain Controller VM in the previous
exercise, skip steps from 1 to 8.

1. Click Smoothwall Firewall to launch Smoothwall Firewall VM.

2. Type the password toor and press Enter.
3. Press Tab button twice to navigate to Done button. Hit Enter.
4. Wait for few seconds to load the smoothwall express,the smoothwall login screen
appears, leave smoothwall in running state.

5. Click AD Domain Controller to launch ADDomainController VM.

6. Click Ctrl+Alt+Delete link to login to AD Domain Controller.
7. By default CND\Administrator account is selected, click Pa$$w0rd and
press Enter to login.
8. The network screen appears, click Yes
9. Click Admin Machine-1 to launch AdminMachine-1 VM.
10. Click Ctrl+Alt+Delete link to login
11. By default the username Admin is selected type password as admin@123 and
press Enter.
12. Click on the Windows Start icon at the lower-left corner of the desktop, and then
click Search. In the right pane, search for Remote Desktop Connection and click on it.
13. The Remote Desktop Connection window appears; to connect to AD Domain
Controller, enter the IP address for AD Domain Controller (20.20.10.19) in the
Computer field and click Show Options.
14. In the User name field, type Administrator (log in as a local admin account) and
click Connect.
15. The Windows Security pop-up appears; type Pa$$w0rd to log in as a local administrator for
the Domain Controller VM and click OK.
16. A Remote Desktop Connection prompt appears. Click Yes.
17. Remote connection is established for the Domain Controller machine and local
administrator login.
18. Next, we will install the SpyAgent tool on AD Domain Controller Machine remotely.
19. Navigate to Z:\CND-Tools\CNDv2 Module 02 Administrative Network
Security\Spyagent and unzip the Spyagent.zip file.
20. Double-click Setup (password=spytech).exe to start the installation. If the User
Account Control window appears, click Yes.
21. The Spytech SpyAgent Setup window appears. Click Next.
22. In the Welcome window, click Next to continue with the installation.
23. Click on Next in the Important Notes window.
24. Next, the Software License Agreement window appears; click Yes to accept the
terms and conditions.
25. The Choose Destination Location window appears; leave the Destination Directory
to default and click Next.
26. The Select SpyAgent Installation Type window appears; click
the Administrator/Tester radio (default) and click Next.
27. Continue with the installation until you reach the Spytech SpyAgent setup window.
Click Yes.
28. The Spytech SpyAgent window appears after the installation is completed; next,
minimize or close the window.
29. A NOTICE FOR ANTIVIRUS USERS window appears; read the notice and click Next.
30. The Finished window appears. Ensure Run SpyAgent is checked and click Close.
31. The Spytech SpyAgent dialog box appears; click Continue….
32. Step 1 of the setup wizard appears; select click to continue….
 33. Enter a password in the New Password field, and then retype the same password in
the Confirm field.

The password entered is qwerty@123.

34. Click OK.

35. The password changed pop-up appears; click OK.
36. Step 2 of the Welcome wizard appears; select click to continue…
37. The Configuration section of the setup wizard appears; click the Complete +
Stealth Configuration radio button and click Next.
38. The Extras section of the setup wizard appears; check the Load on Windows
Startup option and click Next.
39. The Confirm Settings section of the setup wizard appears; click Next to continue.
40. The Apply section of the setup wizard appears; click Next.
41. The Configuration Finished window appears; click Finish to successfully set up
SpyAgent.
42. The main SpyAgent window appears along with Step 3 of the setup wizard.
43. Select click to continue….
44. If a Getting Started dialog box appears, click No.
45. To track the general user activities, click Start Monitoring.
46. The Enter Access Password window appears; enter the password specified in step
31 (in this lab, qwerty@123), and then click OK.
 47. The Stealth Notice window appears. Read the instructions, and then click OK.

To remove SpyAgent from stealth mode, press Ctrl+Shift+Alt+M.

48. A SpyAgent pop-up appears. Check Do not show this Help Tip again and Do not
show Related Help Tips like this again, and then select click to continue…
49. Next, close the remote connection.
50. Log in to AD Domain Controller VM.
51. Click Ctrl+Alt+Delete .
52. By default CND\Administrator account is selected, click Pa$$w0rd and
press Enter to login.
53. Perform random activities such as browsing webpages.
54. Switch to Admin Machine-1 VM and establish a new Remote Desktop Connection to
connect to the** AD Domain Controller** VM (follow steps from 12 to 16 in this lab
exercise).
55. To remove SpyAgent from stealth mode, Click Windows Start and select Stop
SpyAgent Stealth Mode from the recently added app.
56. SpyAgent will request the Access Password (qwerty@123); enter the password and
click OK.
57. To check the user keystrokes, click Keyboard & Mouse on the SpyAgent GUI and
select View Keystrokes Log.
58. The user’s keystroke logs can be reviewed by simply selecting them.
59. Click on the left side Website Activity under Screenshots, the user browsed social
media site Facebook.
60. This way, you can view screenshots, program usage, chat and messages, and other
user activities on the user’s computer.