Student Workbook - urbanteach.orgurbanteach.org/uploads/3/4/2/3/34238252/final_student_workbook_2017.pdf · © 2017 Air Force Association CyberCamp Student Workbook 2017 CyberCamp

2017 AFA CyberCamp

Student Workbook

© Air Force Association

© 2017 Air Force Association CyberCamp Student Workbook

2017 CyberCamp Student Workbook

Student Workbook Table of Contents

Student Pre-survey..…………………………...……………………..…………………………………………………....Page i

Module 1 Activities

Activity 1-1: How to Beat Cyberbullying ..…………………………...……………………..………...Page 1

Activity 1-2: Cyber Ethics Case Study…..………………………………………………………..……Pages 2-7

Module 2 Activities

Activity 2-1: VMWare Lab…..……………………………………………………………........……..……….Page 8

Activity 2-2: System Admin Lab…..…………………………………………………........................…Page 9

Module 3 Activities

Activity 3-1: File Protections Lab……………………………………..…………………………………...Page 10

Activity 3-2: Intermediate Security Tools Lab………………………………………….……………..Page 11

Activity 3-3: Checklist Challenge..…………………………………………………………………...Pages 12-14

Module 4 Activities

Activity 4-1: Linux Familiarization Lab…….…………………………………………………………...Pages 15

Activity 4-2: Linux GUI Security Lab……..………………………………………………………………..Page 16

Activity 4-3: Linux Command Line Lab I ……..…………………………………………………Pages 17-18

Activity 4-4: Linux Command Line Lab II……..…………………………………………………Pages 19-20

Activity 4-5: Intermediate Ubuntu Security Lab……..………………………………………………Page 21

Student Post-survey..…………………………...………………………………………………….……………..………...Page ii

Notes Pages (Take notes to use for the week!)

© 2017 Air Force Association CyberCamp Student Workbooki

Student Pre-survey

Dear Students:

Welcome to AFA CyberCamps! We hope you have a fun and exciting week learning about cybersecurity and system administration.

When you have a moment, please use your smart phone, smart device or type in the url into your browser to fill out this brief Student Pre-survey. On Day 5 (Friday) you will find a Post-survey on page ii of this workbook. The survey takes 5-10 minutes to complete.

Your valuable feedback helps CyberPatriot improve your camp experience. Good luck this week and remember to take lots of notes!

2017 Pre-survey

https://goo.gl/1Jd5oc

https://www.surveymonkey.com/r/6LTTJGV


Activity 1-1: How to Beat Cyberbullying

Well Cast http://static.tumblr.com/alrccnk/J6Hmj0apn/bully.pdf

1

© 2017 Air Force Association CyberCamp Student Workbook2

Activity 1-2: Cyber Ethics Case Study

Instructions: The news articles used for this activity are printed on pages 3-7 of this workbook. Read the article your team has been assigned by the camp instructor and discuss the case together. Be prepared to summarize the case, as well as discuss your answers to the questions below with the rest of the camp. Use the space provided for notes.

Summarize the case in the space below. Who is involved? What happened?

____________________________________________________________________________

____________________________________________________________________________

____________________________________________________________________________

____________________________________________________________________________

Have any of the 10 Commandments of Cyber Ethics been broken? If so, which?

____________________________________________________________________________

____________________________________________________________________________

____________________________________________________________________________

____________________________________________________________________________

Which party or parties violated the Commandments of Cyber Ethics? How so?

____________________________________________________________________________

____________________________________________________________________________

____________________________________________________________________________

____________________________________________________________________________


Activity 1-2: Cyber Ethics Case Study (cont.)

Case One:

Cops Demand Google Data on Anyone Who Searched a Person’s Name…Across a Whole City

March 17, 2017

By: Thomas Fox-Brewster, Forbes

Source: http://www.forbes.com/sites/thomasbrewster/2017/03/17/google-government-data-grab-

in-edina-fraud-investigation/#243a26e17ade

A judge in Minnesota has signed off on a warrant allowing police to demand Google data on anyone who

searched for the name of a fraud victim across a whole city, according to web engineer and public

records researcher Tony Webster.

Webster posted the warrant on his site, explaining that Edina Police Department sought the records

after a bank, Spire Credit Union, was contracted by a man they thought was a customer asking for a

$28,500 wire transfer. Turned out it was a fraud attempt and whoever was behind it had created a fake

passport to use as ID.

Police did a google image search for the real bank account owner and discovered the fake passport

photo used by the fraudster, which was not of the real victim but of someone with the same name.

Searches on Bing and Yahoo didn’t return the same photo.

Believing the perpetrator lived in Edina, the cops asked a court if they could request Google provide

records of everyone in the city who’d searched four different variations of the victims name between

December 1 2016 and January 7 2017. Specifically, they wanted names, email addresses, social security

numbers, payment information, account data and IP addresses, which could be enough to identify

where those searches were made.

Needless to say a lot of innocent people could be caught up in such a data grab. “It’s possible that such a

wide net could catch completely routine and non-criminal searches of the victim’s name by neighbors,

prospective employees or business associates, journalists, or friends,” said Webster.

Unsurprisingly, there was a fair amount of disbelief from privacy and legal experts, including this from

Elizabeth Joh, professor at UC Davis School of Law:

“Is this for real? Warrant for everyone in Edina, Minnesota who entered a particular Google search:

http://t.co/wop8K6aK9V -Elizabeth Joh (@elizabeth_joh) March 17, 2017

One staff attorney at the Electronic Frontier Foundation suggested a case name change was in order:

“[sic]. Case name should be In re Minnesota Unconstitutional General Warrant. Nice job unearthing

@webster https://t.co/IGUd6s32dt -Andrew Crocker (@agcrocker) March 16, 2017

Google initially rejected a subpoena from Hennepin County, but investigators are still arguing for the

information. It’s unknown if Google is fighting the new order. A Google spokesperson said: “We aren’t

able to comment on specific cases, but we will always push back when we receive excessively broad

requests for data about our users.” A spokesperson from Edina Police Department said they could not

comment on active investigations.



Case Two:

Smart Toy Flaws Make Hacking Kids’ Info Child’s Play

February 28, 2017

By: Laura Hautala, CNet

Source: https://www.cnet.com/news/cloudpets-iot-smart-toy-flaws-hacking-kids-info-children-cybersecurity/

Bad news for parents and kids who sent each other voice messages through internet-connected stuffed animals

called CloudPets: Their account information and voice recording were left exposed on the internet, ready for

anyone with a few web search skills to find.

That’s according to reports published Monday from cybersecurity expert Troy Hunt, as well as Vice cybersecurity

publication in Motherboard.

The account information of more than 800,000 users, which included email addresses and easily guessed

passwords, was stored on an online database that could be viewed by anyone – no password required, both

reports said.

Nearly 2.2 million voice recordings were also stored online unsecured. Hackers could listen to them by guessing

the URL of the recording, Hunt found. Finally, both Hunt and Motherboard reported that hackers appear to have

wiped the user database clean and held its contents for ransom at least twice.

Spiral Toys, the maker of CloudPets, said in an email Monday that the voice recordings were not compromised.

The company didn’t comment on whether its database was accessed and ransomed by hackers, or whether

hackers could have accessed the voice recordings either by guessing easy passwords or the URLs of voice

recordings. Spiral Toys didn’t respond to follow-up questions from CNET on these topics.

On Tuesday the company put out an official statement confirming the database of account information was

exposed on the internet.

“Spiral Toys was notified about a potential breach on February 22 and took immediate and swift action to protect

the privacy of our customers,” the company said in its statement. “[W]e carried out an internal investigation and

immediately invalidated all current customer passwords to ensure that no information could be accessed.”

The company said it believed the voice recordings and photos of users weren’t accessed. The company will notify

users and require them to pick password with “increased security,” the statement said.

The reports come two weeks after German regulators warned parents that connected doll My Friend Cayla could

compromise children’s privacy. There haven’t been reports of data leaking from the Cayla doll, but fears of

exposing children’s personal information have been percolating for a few years now.

Those fears heightened with the release of the interactive talking Hello Barbie doll in 2015 and subsequent claims

from researchers that the doll had cybersecurity flaws. Other connected children’s toys have also proved

vulnerable to hackers, including VTech’s Learning Lodge app and the Fisher-Price Smart Toy, also a smart stuffed

animal.

Both Hunt and Motherboard had said they were unable to get in touch with the company. Spiral Toys said in an

email that it didn’t receive emails from Victor Gevers, a cybersecurity researcher who told Motherboard he

reached out to the company multiple times. Gevers sent CNET screenshots of his attempts to reach Spiral Toys via

email, which he said bounced back to him, as well as a link to a tweet sent to the company. Spiral Toys didn’t

respond to questions about the screenshots. Hunt found that the data was no longer publicly searchable after

January 13. He also said there was compelling evidence the database has been copied by hackers, who then

offered to give it back to Spiral Toys for a ransom, paid in bitcoins. Hunt detailed two random demands.



Case Three:

Man Indicted for Using GIF as ‘Deadly Weapon’

March 22, 2017

By: Tom Brant, PC Magazine

Source: http://www.pcmag.com/news/352556/man-indicted-for-using-gif-as-deadly-weapon

A Texas grand jury this week indicted a man for using an animated GIF to cause Newsweek journalist

Kurt Eichenwald to suffer a seizure, in what could be the first case to legally consider a GIF to be an

assault weapon.

Eichenwald, who has epilepsy, suffered a seizure after he received a GIF in December from the

defendant, John Rivello, according to the FBI’s criminal complaint. The GIF, which Rivello sent via

Twitter, contained an animated strobe image embedded with the statement, “You deserve a seizure for

your post.”

Rivello’s tweet was sent shortly after Eichenwald appeared on Fox News to discuss a claim [sic] about

President Donald Trump. As the Washington Post, notes there is no evidence to support that claim.

The FBI arrested Rivello, of Salisbury, Maryland, on Friday and charged him with violating a federal

cyberstalking law. A Dallas grand jury indicted him for using Twitter and the GIF as a “deadly weapon“

the Post Reports.

Defense attorney Tor Ekeland told NBC News that Rivello’s case is likely the first time someone has been

indicted for using “the internet as a weapon that causes physical harm.”

The case is also noteworthy for how the FBI used cyber sleuthing methods to identify Rivello as the

perpetrator. Rivello sent the seizure-inducing tweet from a fake account using data from a prepaid SIM

card that he purchased with case, according to the complaint. The FBI obtained the phone number from

a search warrant sent to Twitter, which revealed the phone number associated with the fake account.

Agents then requested subscriber data for that phone number from AT&T, the provider of the SIM card.

Although there was no subscriber data because the account was prepaid with cash, AT&T records did

show that the SIM card was used in an iPhone 6. Yet another search warrant to Apple revealed that the

iPhone was linked to Rivello’s iCloud account.



Case Four:

Hacker Takes Over Burger King Twitter Account

February 18, 2013

By: Candice Choi and Joshua Freed, The Christian Science Monitor

Source: http://www.csmonitor.com/Business/Latest-News-Wires/2013/0218/Hacker-takes-over-

Burger-King-Twitter-account

Somebody hacked Burger King’s Twitter account on Monday, posting obscene messages and changing

its profile picture to a McDonald’s logo.

The tweets stopped after a little more than an hour, and Burger King said it had reached out to Twitter

to suspend the account. A Twitter spokesman did not immediately respond to a phone message left on

Monday.

Burger King, which usually tweets several times a week, said it was working to get the account back up.

Typical tweets promoted sales on chicken sandwiches, or asked how many bites it takes to eat a chicken

nugget.

But just after noon EST (1700 GMT) on Monday, someone tweeted via Burger King’s account, “We just

got sold to McDonalds!” They also changed the icon to rival McDonald Corp.’s golden arches and the

account’s background picture to McDonald’s new Fish McBites.

About 55 tweets and retweets followed over the next hour and a quarter, including some that contained

racial epithets, references to drug use and obscenities. The account tweeted: “if I catch you at a wendys,

we’re fightin!”

Monday’s appropriation of Burger King’s Twitter account was as relatively mild of cybersecurity

problems, which are causing increasing concern in Washington and for industry. Media outlets including

The New York Times, The Wall Street Journal and the Washington Post have all said this year that their

computer systems were breached, while several NBC websites were briefly hacked in November. White

House officials and some lawmakers are pursuing legislation that would make it easier for the

government and industry to share information on how to defend against hacking.

Burger King didn’t know who hacked the account, and no other social media accounts were affected,

said Bryson Thorton, a spokesman for Miami-based Burger King worldwide Inc. Its social media team

and an outside agency manage the Twitter account, but Thornton declined to say how many people

knew the account’s password. He said they hope to have it working again soon, and will post a

statement on Facebook later Monday apologizing for the tweets.

Twitter acknowledged on Feb. 1 that cyber attackers may have stolen user names and password of

250,000 users. It said at the time that it notified users of the breach.

Competitors were sympathetic.

McDonald’s responded on Twitter that it empathized with its Burger King counterparts. “Rest assured,

we had nothing to do with the hacking.”

“My real life nightmare is playing out” on Burger King’s Twitter feed, wrote Wendy’s social media

worker Amy Rose Brown.



Case Five:

Hack Brief: Hackers are Holding an LA Hospital’s Computers Hostage

February 16, 2016

By: Brian Barrett, WIRED

Source: https://www.wired.com/2016/02/hack-brief-hackers-are-holding-an-la-hospitals-computers-

hostage/

Ransomware attacks, in which hackers lock your computer or keyboard until you pay a ransom, are on

the rise. The latest notable ransomware victim is Hollywood Presbyterian Medical Center in Los Angeles,

whose computers have been offline for over a week. The computers will come back online, the hackers

reportedly say, in exchange for $3.4 million, paid in bitcoin.

The Hack

The incident, first reported by a local NBC affiliate, affects the Los Angeles hospital’s computer systems,

including those needed for lab work, pharmaceutical orders, and even the emergency room.

While the hospital’s spokesperson was unavailable to comment, HPMC president and CEO Allen

Stefanek told KNBC that it was “clearly not a malicious attack; it was just a random attack.” It’s not clear

what he means, though; a hospital in a wealthy neighborhood seems unlikely to be a random target,

especially for such a large sum.

As WIRED explained last fall, while ransomware has been around for over a decade, hackers have been

embracing increasingly sophisticated methods. In the past, ransomware could only lock down a target’s

keyboard and computer; now, hackers can encrypt an infected system’s files with a private key know

only to the attacker. That may be what has happened here, according to anonymous hospital sources

who told NBC4 that the hackers offered a “key” in exchange for the ransom money. The hospital has yet

to officially detail the attack.

Who’s Affected

Stefanek told NBC4 that patient care hasn’t suffered, although some 911 patients have been sent to

other nearby hospitals. Meanwhile, it appears to mostly add up to a headache for those in the HPMC

system because hospital staff have had to write all documentation out by hand for the last week. Some

patients, meanwhile, need to drive to more remote hospitals for medical tests that HPMC cannot offer

without a functioning network.

The fallout appears limited to this one hospital, though, and even within its walls the impact seems

annoying, but not crippling. HPMC says it’s working with the FBI, LAPD, and computer forensics experts

to recover its systems.

How Bad Is It?

Given the degree of things that could potentially go wrong at the intersection of hospitals and hackers,

this isn’t so terrible. But in terms of the scale of the ransomware, it’s about as bad as it gets. Symantec

recently pegged the total amount of ransomware paid out in any given year at $5 million. This single

incident asks for well over half that amount.

The bigger impact many not be clear until after the incident is resolved. If the hospital ends up paying

out, it could inspire copycat attacks. If not, and the hackers are identified, it could act as a deterrent.

Either way, for not it shows that no target is off limits for ransomware, nor is any sum.


Activity 2-1: VMWare Lab

Instructions: Complete the tasks listed below in order. Do not edit the image in any way not listed below.

1. Open the Windows 7 Demo Image in VMWare Player. Click the “CyberPatriot” account. This is the account you will use throughout the camp.

2. Personalize the desktop background to the sample picture of penguins in the “Pictures” library.

3. Open Mozilla Firefox. Click the list button to the right of the Home icon and select “Options”. Change the homepage to www.uscyberpatriot.org.

4. Open Notepad from the Start Menu (Start Menu > All Programs > Accessories > Notepad)

5. Type a question in Notepad and leave the window up.

6. Close VMWare. When prompted, select “Suspend” instead of “Power Off”.

7. Re-open the Windows 7 Demo Image.

8. Open the DemoBackground picture in the Pictures library. Right-click it and select “Set as desktop background”.

9. Type an answer to your question in Notepad and save it as “Q&A” in your “Documents” folder.

10. Close VMWare. When prompted, select “Power Off” instead of “Suspend”.

11. Re-open the Windows 7 Demo Image.

12. Drag the sample Koala picture from the image Pictures library and drop it onto the desktop of your host computer.

13. Right-click the Koala picture on your host computer and select “Rename”. Rename the file “Giraffe”.

14. Drag and drop the “Giraffe” image file you just created from your host computer onto your virtual image’s desktop.

15. Hover over the Start Menu of your host machine. Click the small Windows Demo Image menu that says that pops up. Select “My Documents” from the menu. Open your “Q&A” file.

16. Type another question in the Notepad and click File > Save.

17. Open the Q&A file from your “My Documents” folder. Type an answer to your question and save it.

18. Close VMWare Player. Select “Power Off”.


Activity 2-2: System Admin Lab

Instructions: Complete the tasks listed below in order. Do not edit the image in any way not described below.

1. Open the Windows 7 Demo Image in VMWare Player. When you click the “CyberPatriot” account, you should receive an error message notifying you the password is expired. This is because we just updated password policies in the Local Security Policies menu as a group. Leave the first Password text field blank and type Cyb3rD3mo! into the New Password and Confirm Password text fields. Do not change the password to anything other than Cyb3rD3mo!. If you do, you could lock yourself out of the image for the rest of the camp.

2. Check Windows Update for notifications. Install any important updates. You can continue to work on the next steps of this lab as the updates are being downloaded. Restart the image, if prompted.

3. Navigate to the Local Security Policy menu in Control Panel. Change the minimum password age to 24 days. Change the minimum password length to 10 characters.

4. Until recently, Nadia was an intern at the company. She just graduated with a degree in computer science has been given a full-time position in the IT department. Give her account administrator rights.

5. Hodor just quit his job in the marketing department to work with the company’s main competitor, Lanister Enterprises. Remove Hodor’s account and create a new account for his replacement, Fleur. She should be a Standard User.

6. Since allowing Spotify through Windows Firewall, employee efficiency has dropped significantly. Remove Spotify from the list of Windows Firewall exceptions by clicking the “Allow a program or feature through Windows Firewall” button and then the “Change settings” button. Uncheck the network boxes next to the Spotify.exe entries. Alternatively, you can select Spotify and choose to remove it from the list.

7. Use the Users and Groups Console to set a temporary password for every employee except the “CyberPatriot” account (you) and then require each user to reset his or her password at next login. Keep the Cyb3rD3mo! password for the “CyberPatriot” account.

8. Becky’s username is misspelled. Use the User and Groups Console to rename her user account and full name.

9. Use the Users and Groups Console to make sure IT staff (Eric and Nadia), the built-in Administrator account (Alex), and “CyberPatriot” (you) are the only members of the Administrators group.


Activity 3-1: File Protections Lab


1. Open the Windows 7 Demo Image in VMWare Player and log into the “CyberPatriot” account (password: Cyb3rD3mo!).

2. Set up a regular backup of the department folders on this computer by following these instructions:

1. Navigate to the Backup and Restore menu in Control Panel.

2. Click the “Change settings” link in the right portion of the menu.

3. Select the DVD or CD Drive as your Backup Destination. Click “Next”.

4. Select “Let me choose” and click “Next”.

5. Uncheck all of the boxes in the Data Files section

6. Expand the OS (C:) drive and check the boxes next to the Finance, Human Resources, IT, Legal, and Marketing folders. These should be the only folders checked.

7. Click “Next”.

8. Click the “Change schedule” link and change the backup time to Fridays at 6:00 PM.

9. Click “Save settings and run backup.” Note that since your computer does not have a blank CD or DVD drive in it, you will get an error message. However, although this backup cannot be completed, your settings for automatic backups will remain. If you had a blank CD, DVD, or USB drive, you would need only insert in your computer every Friday before 6:00pm, and Windows would automatically save a backup to it.

3. As the company’s legal counsel, Becky should have Full Control permission to the Legal folder and its child objects. Administrators (IT staff) should also have Full Control permission, but all other users should not have permissions. Apply these permissions.

4. The company’s CEO is preparing to brief the board of directors. He would like you to email him all of the company’s Annual Financial Reports. The files are too large to send by email as is, so use 7-Zip to create a zipped folder containing all of the reports. Encrypt the folder with the password 3Broom$st1cks.

5. Becky is preparing to defend the company in a wrongful termination suit filed by Iso. Give her Read access to the Employee Incident Reports folder.


Activity 3-2: Intermediate Security Tools Lab


1. Open the Windows 7 Demo Image in VMWare Player and log into the “CyberPatriot” account (password: Cyb3rpD3mo!).

2. Use Task Manager to disable the Telnet service.

3. Navigate to the Audit Policy menu (Control Panel > System and Security > Administrative Tools > Local Security Policy > Local Policies > Audit Policy) and enable Success and Failure auditing for account logon events, account management, logon events, policy change, process tracking, and system events.

4. If you have not guessed already, the Severe Weather Alerts pop-up is a piece of malware. Use Task Manager to disable the SevereWeatherAlerts.exe process running on the system. Then, open My Computer and search for files containing “severe weather”. Delete all of the files in the search result.

5. Share the System Files folder with Joseph (right-click the folder, select Properties, click the Sharing tab, and then click the Share button). In the File Sharing menu that pops-up, add Joseph and give him “Read/Write Permissions”.

6. View all the folders and drives currently being shared on the system by clicking Control Panel > Administrative Tools > Computer Management. After you have opened the Computer Management menu, double-click the “Shared Folders” icon on the left and then click the “Shares” folder. Revoke Joseph’s access to the System Files folder by right-clicking it and selecting “Stop Sharing”.


Activity 3-3: Checklist Challenge

Instructions: Discuss what you have learned the last few days with your team and use your notes to create a standard checklist for securing a computer system. Describe how and why you would enforce each security setting in your checklist. Additional worksheet space is provide on the two next page.

e.g. Step: __Turn on Windows Firewall______________________________________________

Why: Firewalls filter incoming data packets, blocking data from the Internet that has irregularities or might bemalware.__________________________________________________________________________________

How: Control Panel > System and Security > Windows Firewall > Turn Firewall on or off. Turn firewalls on for all network types and enable notifications for when Windows Firewall blocks a program._________________

1. Step:_____________________________________________________________________________

Why:_____________________________________________________________________________

_________________________________________________________________________________

How:_____________________________________________________________________________

_________________________________________________________________________________

2. Step:_____________________________________________________________________________

Why:_____________________________________________________________________________

_________________________________________________________________________________

How:_____________________________________________________________________________

_________________________________________________________________________________

3. Step:_____________________________________________________________________________

Why:_____________________________________________________________________________

_________________________________________________________________________________

How:_____________________________________________________________________________

_________________________________________________________________________________

4. Step:_____________________________________________________________________________

Why:_____________________________________________________________________________

_________________________________________________________________________________

How:_____________________________________________________________________________

_________________________________________________________________________________


Activity 3-3: Checklist Challenge (cont.)

5. Step:_____________________________________________________________________________

Why:_____________________________________________________________________________

_________________________________________________________________________________

How:_____________________________________________________________________________

_________________________________________________________________________________

6. Step:_____________________________________________________________________________

Why:_____________________________________________________________________________

_________________________________________________________________________________

How:_____________________________________________________________________________

_________________________________________________________________________________

7. Step:_____________________________________________________________________________

Why:_____________________________________________________________________________

_________________________________________________________________________________

How:_____________________________________________________________________________

_________________________________________________________________________________

8. Step:_____________________________________________________________________________

Why:_____________________________________________________________________________

_________________________________________________________________________________

How:_____________________________________________________________________________

_________________________________________________________________________________

9. Step:_____________________________________________________________________________

Why:_____________________________________________________________________________

_________________________________________________________________________________

How:_____________________________________________________________________________

_________________________________________________________________________________


Activity 3-3: Checklist Challenge (cont.)

10. Step:_____________________________________________________________________________

Why:_____________________________________________________________________________

_________________________________________________________________________________

How:_____________________________________________________________________________

_________________________________________________________________________________

11. Step:_____________________________________________________________________________

Why:_____________________________________________________________________________

_________________________________________________________________________________

How:_____________________________________________________________________________

_________________________________________________________________________________

12. Step:_____________________________________________________________________________

Why:_____________________________________________________________________________

_________________________________________________________________________________

How:_____________________________________________________________________________

_________________________________________________________________________________

13. Step:_____________________________________________________________________________

Why:_____________________________________________________________________________

_________________________________________________________________________________

How:_____________________________________________________________________________

_________________________________________________________________________________

14. Step:_____________________________________________________________________________

Why:_____________________________________________________________________________

_________________________________________________________________________________

How:_____________________________________________________________________________

_________________________________________________________________________________


Activity 4-1: Linux Familiarization Lab

Part 1 Instructions: Complete the tasks listed below in your Ubuntu Demo Image and answer the questions in order. Do not edit the image in any way not listed below.

1. Open the Ubuntu Demo Image in VMWare Player and log into the CyberPatriot account (password: CyberPatriot!)

2. Find Ubuntu Software Center in the menu on the left of the desktop. Open the program and search for gufw. Click Firewall Configuration and install the program. Note: you will be prompted for a password when you start the install. The password is “CyberPatriot!” (without the quotation marks).

3. Look at the reviews for this program by clicking More Info (the description) under gufw in the Software Center and scrolling down to the reviews section. Do you think that this software is both safe and useful?

___________________________________________________________________________

4. In the menu on the left of the desktop, open the program called LibreOffice Impress. What Microsoft Office program does this remind you of?

___________________________________________________________________________

5. Personalize the desktop background with one of the other available wallpapers that come with Ubuntu. Click on the System Settings icon in the menu to the left. Click on Appearance and select a wallpaper. Change back to the CP Demo background using the same steps (CP background is under the drop down box, Pictures folder).

6. Inside the file browser (second icon down), double-click the file labeled 4.mp3 in your Music folder. (Please pause playback immediately in order to limit classroom disruption.) What program opened when you double clicked the music file? (Hint: What icon do you see that’s new on the left hand side?)

___________________________________________________________________________

7. To stop playback do NOT close the window. Instead, move your mouse over the panel at the top of the screen, when you do a menu will appear. After this menu appears choose FileClose.

8. Create a new folder called Math! in the home directory. Double-click on the Files icon in the menu to the left. Right-click in the open white space and choose New Folder. Rename Untitled Folder to Math!

9. Find out where Infinity is located. Open a Terminal and type locate infinity. Use the Search Your Computer Icon to open a Terminal. Answer will follow this setup: /____/_____/______/

________________________________________________________________________________

10. Inside the Files icon, click on Computer on the left hand side. After clicking on Computer, click on the file folder labeled root. Why can’t you access this folder? Is it because you are not authorized or not authenticated?

___________________________________________________________________________


Activity 4-2: Linux GUI Security Lab


1. Open the Ubuntu Demo Image in VMWare Player and log into the CyberPatriot account (password: CyberPatriot!)

2. Navigate to the Software & Updates settings. Click on the System Settings icon and then click on the Software & Updates tab. Then click Update tab. Check the check box indicating you want Ubuntu to install updates from Important security updates. You'll will be asked for the password to authenticate.

3. Usually you want to select Recommended updates, but we’re going to try and save time and bandwidth, so leave Recommended updates unchecked for now.

4. Configure Ubuntu to automatically check for updates daily. Check for updates daily by changing Automatically check for Updates from Never to Daily.

5. Close the Software & Updates settings window and Reload the information about available software when prompted. This may take a few moments.

6. Open the Software Updater (use Search Your Computer to find). To select individual packages to update, click the text Details of updates. Check only the update for Firefox Web Browser by unchecking the Security updates box, then selecting Firefox Web Browser. and click Install Now. You'll will be asked for the password to authenticate

7. The user euler is at least 2.71828 times more knowledgeable of cybersecurity principles than khayyam. Make euler an Administrator and make Khayyam a Standard user. Do this by going to System Settings> User Accounts, then find the account. Unlock to change the settings (you will need to use the password to authenticate). Click Account type and change to appropriate account type.

8. The user winkle is not an authorized user. Delete her account. Highlight name and click the – (minus) sign. Do you want to keep the files?

9. The user gauss has been temporarily suspended from his position. Disable his account so that he cannot log in. Ensure that the account has been disabled by logging out (top right hand side of the Ubuntu image, click the last icon and select Log Out). Then try to log in as gauss using his password “password”.

10. Log back in to the CyberPatriot account, re-enable the account gauss, and give him a new, stronger password.

11. The users on this computer want to set up a TeamSpeak 3 server to communicate with their other math friends. However, TeamSpeak 3 is currently blocked by UFW. Go into the firewall settings and allow the program. Do this by clicking the Firewall Configuration icon, authenticate to create change to firewall. Then click Rules>click + (Add Rule)> Application> find TeamSpeak3. The Policy should Allow, click Add. You will now see that TeamSpeak3 has been added to the firewall list.


Activity 4-3: Linux Command Line Lab I

Instructions: Type each of the following commands in order into the command line (terminal). What is the output of the final command of each sequence? Follow the example below – spaces do matter!

Commands

a) cd type into the terminal cd, hit enter

b) pwd type into the terminal pwd, hit enter

Result: /home/cyberpatriot

1. Commands:

a) cd

b) cd ..

c) pwd

Result:_____________________________________________________________________

2. Commands:

a) cd

b) cp Music/4.mp3 test

c) file test

Result:_____________________________________________________________________

3. Commands:

a) cd

b) cat Documents/hamilton.txt

Result:_____________________________________________________________________

4. Commands:

a) cd

b) cat Documents/hamilton.txt > test

c) file test

Result:_____________________________________________________________________

Go to the next page.


Activity 4-3: Linux Command Line Lab I

Instructions: Use the command line commands you have learned so far to help answer the following questions.

1. According to the manual for the command touch, the -c option does what?

Answer:________________________________________________________________

2. According to the manual for the command rm, the -R option does what?

Answer:________________________________________________________________

3. What type of an image is the file Pictures/escher? (i.e. PNG,GIF,JPEG,BMP)

Answer:________________________________________________________________

4. What is the PDF document version of the file Documents/Nutcracker.pdf?

Answer:________________________________________________________________

5. What is the text contained in the file Documents/strogatz.txt?

Answer:________________________________________________________________


Activity 4-4: Linux Command Line Lab II

Instructions: Use the command line commands you have learned so far to help answer the following questions. Hint: Presentation slides 33 & 34 may help.

1. Which user has a User ID of 1018?

Answer:________________________________________________________________

2. Hypatia changed her login shell, what is it currently set to?

Answer:________________________________________________________________

3. What is the “Group ID” of the sambashare group?

Answer:________________________________________________________________

4. Which users are members of the geometry group?

Answer:________________________________________________________________

5. Which user owns the file Documents/einstein.txt?

Answer:________________________________________________________________

6. Which group does the file Documents/1812.pdf belong to?

Answer:________________________________________________________________

7. Who has been granted permission to read the file Documents/1812.pdf?

Answer:________________________________________________________________

8. Who has been granted permission to write to the file Documents/1812.pdf?

Answer:________________________________________________________________

9. There is a hidden folder in your home directory that is owned by the user lovelace. What is the name of that directory?

Answer:________________________________________________________________

Go to the next page.


Activity 4-4: Linux Command Line Lab II

Instructions: Hone your command line skills by completing the following actions using only the command line.

1. A new employee joined your office of mathematicians. Create a new user account named hilbert.

2. The users hilbert and boole work together on a team. Create a new group for their team named logic.

3. Add the users boole and hilbert to the logic group.

4. The user cooper is not an authorized user. Remove this account from the computer.

5. Change the group for the file Documents/euler.txt to calculus.

6. Some of your users want to access this computer remotely. Install the OpenSSH Server. The OpenSSH Sever package name is “openssh-server”

7. Chebyshev informed you that there is an unauthorized password cracker installed. Remove the prohibited software package “lcrack”


Activity 4-5: Intermediate Ubuntu Security Lab


1. Open the Ubuntu Demo Image in VMWare Player and log into the cyberpatriot account (password: CyberPatriot!)

2. These mathematicians are very hard to please. They want the password age policy figures to be palindrome numbers (numbers that are the same written forwards or backwards). Change the maximum password duration to 99 and the minimum password duration to 11. While you’re at it, change the password change warning duration to 8.

3. Use System Log to look at the dpkg.log file. List some of the most recently installed programs.

________________________________________________________________________

4. Use System Log to examine the bottom of the auth.log file. Do not close this window.

5. In a terminal, as the cyberpatriot user, type the command su and press Enter. You will be prompted for a password, but don’t type anything and press Enter. You should see a new failed authentication attempt at the bottom of the auth.log. What information is present about your failed login attempt next to the line pam_unix(su:auth): ?

________________________________________________________________________

6. Apache is currently installed and running on this computer. Use bum to disable the apache2service.

© 2017 Air Force Association CyberCamp Student Workbookii

Student Post-survey

Thank you for filing out the Student Post-survey. This survey should take about 5-10 minutes to complete.

Your valuable feedback helps CyberPatriot improve your camp experience! We hope to see you compete in the CP-X in the fall. Have a terrific summer of cyber!

2017 Post-survey

https://goo.gl/P955hw

https://www.surveymonkey.com/r/6VNT88C


Notes

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________


Notes

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________


Notes

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________


Notes

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________


Notes

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

______________________________________________________________________________

For more information on how to

participate in the CyberPatriot

National Youth Cyber Defense Competition,

visit wwww.uscyberpatriot.org

or contact [email protected] to join our

mailing list.

SECURING NETWORKS, SECURING FUTURES