mohammed-lvw644-IS1003_Lab-04
pdf
keyboard_arrow_up
School
University of Texas, San Antonio *
*We aren’t endorsed by this school
Course
1003
Subject
Information Systems
Date
Apr 3, 2024
Type
Pages
16
Uploaded by BailiffGuanacoMaster519
1 IS-1003-ON1-Spring-2022-Unlocking Cyber Lab 04 –
Filtering Your Data Author
: Fiona Mohammed Course Section
: IS-1003-ON1-Spring-2022-Unlocking Cyber Date
: May 3, 2022 I
NTRODUCTION
The objective of this Lab is to perform ethical searches on entities for which we have permission, namely, items of interest to me. I will learn to search in a few different ways; Using grep and regular expressions (regexes) to filter our Slack workspace, using search for online presence and recent news using Google dorking, and Set up a (more) secure browser and search engine. I also lean how to Harden my Mobile Device, and the security reason.
P
ROCESS
Part 1: Set Up Your Environment: How I secured my browser environment
: I secured my browsing environment by researching and following the steps and guidelines on Firefox Hardening Guide, Xiao, hardening Firefox, and I then decided to download and installed DuckDuckGo as an extension to Firefox. See below a picture of my browser and search engine page (Breakpoint #1
–
a screenshot of my browser and search engine page.)
2 What is the difference between a search engine and web browser: A browser is a piece of software that retrieves and displays web pages; a search engine is a website that helps people find web pages from other websites. The web browser is the user's portal into the World Wide Web, and the search engine is the mechanism that retrieves the user's desired content.
3 Part 2: Google Hacking: Dork 1:
Below are images of the various ways and combinations I searched in DuckDuckGo (Image 1 through 3), and the various ways and results of google (images 4 through 7). (Breakpoint #2a
–
a screenshot of The filter string in DuckDuckGo search engine. (Image 1))
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4 (Breakpoint #2b
–
a screenshot of The filter string in DuckDuckGo search engine (Image 2).) (Breakpoint #2c
–
a screenshot of The filter string in DuckDuckGo search engine. (Image 3))
5 (Breakpoint #2d
–
a screenshot of The filter string in Google search engine. (Image 4))
6 (Breakpoint #2e
–
a screenshot of The filter string in Google search engine. (Image 5)) (Breakpoint #2f
–
a screenshot of The filter string in Google search engine. (Image 6))
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7 (Breakpoint #2g
–
a screenshot of The filter string in Google search engine. (Image 7)) A breakdown definition of all of the keyword/operator pairs in the string: Inurl: Searches for Strings in the url Intitle: Searches for Strings in the title of the page Site: Searches only one website The differences between your searches as specified
Google provided more generic report, while DuckDuckGo provided a more detailed, refined result.
8 Dork 2:
A “
false flag
”
operation is an act committed with the intent of disguising the actual source of responsibility and pinning blame on another party. Below are images of my search with “false flag” as a keyword along with at least two other search operators and string pairs. (Breakpoint #2h
–
a screenshot of my search with “false flag” as a keywor
d along with at least two other search operators and string pairs in google)
9 (Breakpoint #2i
–
a screenshot of my search with “false flag” as a keywor
d along with at least two other search operators and string pairs in DuckDuckGo) A breakdown definition of all of the keyword/operator pairs in the string: Inurl: Searches for Strings in the url Intitle: Searches for Strings in the title of the page Site: Searches only one website The differences between your searches as specified
Google provided some information, while DuckDuckGo provided no result.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
10 Dork 3: The reliability of my sources falls under the L areas. When searched again but this time, explicitly including “C” designated site with the “site” keyword
, I got results back from google, but no results from DuckDuckGo. See below images. (Breakpoint #2j
–
a screenshot of my search without “false flag” explicitly including a “C” designated site with the “site” keyword
in google)
11 (Breakpoint #2k
–
a screenshot of my search with “false flag
explicitly including a “C” designated site with the “site” ke
yword in google)
12 (Breakpoint #2l
–
a screenshot of my search without “false flag” explicitly including a “C” designated site with the “site” keyword
s in DuckDuckGo) (Breakpoint #2m
–
a screenshot of my search with “false flag” explicitly including a “C” designated site with the “site” keyword
in DuckDuckGo)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
13 A breakdown definition of all of the keyword/operator pairs in the string: Inurl: Searches for Strings in the url Intitle: Searches for Strings in the title of the page Site: Searches only one website Intext: Search for sites with the given word(s) in the text of the page
14 Part 3: Mobile Hardening Exercise A.
Note the steps you took to check and modify settings to harden your device or browser
: Secured Passcode
: •
I went to the settings on my iPhone 12 •
Choose General •
Passcode Lock •
Slide Simple Passcode to off •
I was prompted to enter a passcode of my choice •
I entered a secure six digits long passcode Auto-lock : •
I went to the settings on my iPhone 12 •
Choose General •
I clicked on Auto-Luck •
Tapped 5 Minutes Set up two-factor authentication
: •
I set up the two-factor authentication for my IPad •
I went to the Settings app •
I tapped my Apple ID Profile •
I signed in with the account to protect with two-factor authentication •
I selected Password and Security •
I found the Two-Factor Authentication setting and turned it on •
I entered the phone number where I can receive a text message with the two factor code Turn on the Find Device feature
: •
I went to the settings on my iPhone 12 •
I tapped on my name •
Slide Find My iPhone to turn it on Opt out of geotagging (location, location, location)
: •
I went to the settings on my iPhone 12 •
Privacy •
Location and Services •
Camera •
Then I chose Never
15 Keep your device updated.
: •
I went to the settings on my iPhone 12 •
Choose General •
Software Update •
Automatic Update •
I also turned on Download iOS Updates and Install iOS Updates B.
What roadblocks did you come across? For example, have online instructions been updated since the last update of the device/browser?: I had a little bit of problem re-configuring the passcode from the existing 4 digit passcode I had, but I was able to re-set it. I also initiated the software download and update without plugging the charger, and it refused to work until I plugged my charger. Everything else went straight forward. C.
How useful do you find this security feature? What will you enable/disable or not, and why? What additional features, if any, are available in your version of this setting?: All the security features are useful and necessary except for the two-factor authentication which I think is a little over the top for a cell phone device. I would enable fingerprint ID, Face ID, Data Protection, Fraud Warning and turn off automatic sync to iCloud for more security and protection. I will also discard automatic wifi connections to unknown networks, turn off cookies in browser, and will not let apps access my contacts, photos, messages, and data for the safety of my phone, my private data, and security. I do not see any additional features available except for an update that was waiting because I did not initially set my phone to update automatically. L
IMITATIONS
/C
ONCLUSION
I was about to spend another +30 hours on this lab because my Virtual Machine refused to boot for 20 hours. Thankfully, I decided to post on slack, which is what I should have done within the first 5 hours I was stuck. Prof. Rita Mitra was not only immediately available to assist, but she was kind enough to hoop on zoom and troubleshoot my VM. It turns out that I have been shutting it down incorrectly which caused it to start giving me trouble in Lab 3, and completely refuse to boot to do Lab 4. I was given the go ahead to do Part 1 & 2 of the Lab outside the VM, and to complete an alternative Mobile Hardening Exercise for Part 3. The goals of the techniques and tools used in this lab will help me secure my devices, secure my browsing environment, and be familiar with google hacking or dorking. It has also helped me understand and practice some Cybersecurity Steps.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
16 R
EFERENCES
University of San Antonio Library (Last updated: Feb 3 2021). Cite It Right –
APA Style –
7
th
Edition.
https://libguides.utsa.edu/cite/APA https://help.duckduckgo.com/duckduckgo-help-pages/results/syntax/. (n.d.). Search smarter by dorking
. Search Smarter by Dorking - The Kit 1.0 documentation. (n.d.). Retrieved May 5, 2022, from https://kit.exposingtheinvisible.org/en/how/google-
dorking.html Compass Security Osint Cheat Sheet
. (n.d.). Retrieved May 6, 2022, from https://www.compass-
security.com/fileadmin/Research/White_Papers/2017-01_osint_cheat_sheet.pdf Emily Blades
. SANS Cheat Sheet. (2022, March 23). Retrieved May 5, 2022, from https://www.sans.org/posters/google-hacking-and-defense-cheat-sheet/ GoogleCheatSheet.pdf on Egnyte
. Egnyte. (n.d.). Retrieved May 5, 2022, from https://sansorg.egnyte.com/dl/f4TCYNMgN6 Welcome to the University of Texas at San Antonio
. UTSA. (n.d.). Retrieved May 5, 2022, from https://www.utsa.edu/ Media bias
. AllSides. (2022, February 24). Retrieved May 5, 2022, from https://www.allsides.com/media-bias The Associated Press
. Associated Press. (n.d.). Retrieved May 5, 2022, from https://www.ap.org/en/ Lamonte, T., McGaha, B., Widner, J., & Kondrot, D. E. (2022, January 24). Restoring eyesight in Togo, Africa
. Sight.org. Retrieved May 5, 2022, from https://sight.org/ Use the built-in security and privacy protections of iPhone
. Apple Support. (n.d.). Retrieved May 5, 2022, from https://support.apple.com/guide/iphone/use-built-in-security-and-privacy-
protections-iph6e7d349d1/ios Apple IOS hardening checklist
. The UT Austin Information Security Office. (2016, September 1). Retrieved May 5, 2022, from https://security.utexas.edu/handheld-hardening-
checklists/ios C
OLLABORATION
Troubleshooting with Prof. Rita Mitra.