Cybersecurity: 123 - 124
Site Certificate
A ???, also called a security certificate, is a small data file that is validated by a "certificate authority". It allows an organization to have a secure website.
Process Tree
A process tree is a representation of all running processes shown in a tree-like structure with parent and child processes forming the branches of the tree.
Environment Variable
A value that can change depending on the environment in which a processes runs.
A questionable process, possibly malware.
Launch PLTW Security Lab 1.2.3 - Process Management. If necessary, in File Explorer, navigate to the target location for the Notepad application. Recall that this is where the executable file resides, not the desktop shortcut. As before, Files Explorer does not show the Owner of the file. Add the Owner column to File Explorer. Using this application file, launch (right-click > Open) Notepad and if necessary, Task Manager. Click the Details tab in Task Manager. In Task Manager, click the User name column heading to sort the entries by User name. All user processes such as notepad.exe and Taskmgr.exe should show your user name, in this case, "Administrator". The system process will have a variety of owners. If you saw a process with a User name "unknown" or a strange, random name such as "xx#spff", what might you suspect?
System process owners are DWM-1, DWM-2, LOCAL SERVICE, NETWORK, and SYSTEM.
Launch PLTW Security Lab 1.2.3 - Process Management. If necessary, in File Explorer, navigate to the target location for the Notepad application. Recall that this is where the executable file resides, not the desktop shortcut. As before, Files Explorer does not show the Owner of the file. Add the Owner column to File Explorer. Using this application file, launch (right-click > Open) Notepad and if necessary, Task Manager. Click the Details tab in Task Manager. In Task Manager, click the User name column heading to sort the entries by User name. All user processes such as notepad.exe and Taskmgr.exe should show your user name, in this case, "Administrator". The system process will have a variety of owners. Who owns the various system processes?
The owner of the process is you, the User. You launched the application, so you own the process.
Launch PLTW Security Lab 1.2.3 - Process Management. If necessary, in File Explorer, navigate to the target location for the Notepad application. Recall that this is where the executable file resides, not the desktop shortcut. As before, Files Explorer does not show the Owner of the file. Add the Owner column to File Explorer. Using this application file, launch (right-click > Open) Notepad and if necessary, Task Manager. Click the Details tab in Task Manager. Who is the owner (User name) of the notepad.exe process?
TrustedInstaller
Launch PLTW Security Lab 1.2.3 - Process Management. If necessary, in File Explorer, navigate to the target location for the Notepad application. Recall that this is where the executable file resides, not the desktop shortcut. As before, Files Explorer does not show the Owner of the file. Add the Owner column to File Explorer. Who is the owner of the notepad.exe file?
Block sites from running Flash
Launch PLTW Security Lab 1.2.4 - Securing Your Browser. Start to explore and configure Chrome security settings by clicking the Customize and Control Google Chrome icon (three dots) to open the menu. Select the Settings menu item. This will take you to an internal page called chrome://settings where you see a variety of settings for your Chrome browser. Let's explore some of the most important security settings. On the Settings page, expand the Advanced section by clicking on the down-arrow to reveal the Privacy and security section. In the Privacy and Security section, click the subsection titled Site settings. Balancing security and ease of use, predict what you think the Chrome settings should be for the following content type and then check what it actually is. Flash (a software tool that provides interactive content in a browser)
Ask before accessing
Launch PLTW Security Lab 1.2.4 - Securing Your Browser. Start to explore and configure Chrome security settings by clicking the Customize and Control Google Chrome icon (three dots) to open the menu. Select the Settings menu item. This will take you to an internal page called chrome://settings where you see a variety of settings for your Chrome browser. Let's explore some of the most important security settings. On the Settings page, expand the Advanced section by clicking on the down-arrow to reveal the Privacy and security section. In the Privacy and Security section, click the subsection titled Site settings. Balancing security and ease of use, predict what you think the Chrome settings should be for the following content type and then check what it actually is. Location (for devices with Global Positioning Systems, the device will make its physical location known)
RAM
Random Access Memory, or ???, stores data that is in use.
Cookie
Small text-based bits of information about your browser that a web server saves.
URL
The acronym for "Uniform Resource Locator". The systematic way to find specific web addresses and web pages. A ??? is composed of characters that contain information about where to locate a resource over the internet.
Browser Extension
An optional feature of a browser that extends standard browser features. Also called an add-on.
explorer.exe
Launch PLTW Security Lab 1.2.3 - Process Management. Launch a PowerShell application and if they are not already running, open Notepad and Task Manager. Minimize all windows except the Task Manager. In Task Manager on the Processes tab, notice that processes are separated into Apps, Background, or Windows processes categories. If you suspect malware, note that it can disguise itself as any process: user, background, or windows. Click the Details tab and click the Name column to sort the processes by name. You should see the processes you started, powershell.exe and notepad.exe. You will also see many processes that are unfamiliar. For example, observe the Description of conhost.exe. It is a Console Window Host process, and a bit of research will show that it is used by powershell.exe. Other processes were started for you by the operating system, such as explorer.exe, a Windows Explorer that actually runs your desktop. You can kill or end a process using Task Manager.In the Details tab, find the powershell.exe process.Right-click on its entry and select End task.Click End process to kill the process. In the same way, kill or end Notepad.Some processes are not as easy to kill. Launch a Chrome browser and minimize the window. In Task Manager's Detail tab, notice that Chrome starts a number of chrome.exe processes. This helps improve performance and user experience. Notice the column titled "PID". This stands for process ID and is used by the operating system to identify all processes. One of the chrome.exe processes owns all of the other sub-processes. It's considered a parent process that spawns, or launches, the other child processes. You cannot find parent process IDs (PPIDs) using Task Manager, so relaunch PowerShell. The PPID is tricky to find and requires the use of the command wmic. Enter this command in PowerShell. (Press enter after wmic). wmic process get name,parentprocessid,processid You will see the ParentProcessId for all processes, including chrome.exe. One of the chrome.exe PPIDs is unique; the others are all the same. This indicates that the unique chrome process is the parent process of all other chrome processes; it launched all of them. But what process launched the first chrome process? Make note of the unique PPID, and then find it in Task Manager (Details tab). This is the process that launched Chrome. What launched the first (parent) Chrome process?
Use the address bar in Files Explorer to see full path to the file. The path This PC > Local Disk (C:) > Windows > system32 is more simply referred to as C:\Windows\system32.
Launch PLTW Security Lab 1.2.3 - Process Management. To find the application file of a Desktop shortcut: Right-click on the desktop icon and select Properties. The Properties window opens and the Target value on the Shortcut tab tells you where the application file resides. Use Open File Location to navigate to the folder that contains the executable file and check the View > File name extensions check box. Right-click on the AVGUI.exe and bring up its Properties. Explore the Digital Signature tab. Select the signature and explore its Details. Use View Certificate to learn about the application's certificate information. To find the application file of a taskbar item: Right-click on the item in the taskbar, for example, the Google Chrome icon. In the context menu that appears, right-click on the Google Chrome item and select Properties. The Target value tells you where the application file resides. Use Open File Location to navigate to the folder that contains the executable file. Explore Chrome's digital signature(s). Dismiss the various windows. To find an application file of a Start menu item: Find the Notepad menu item in the Start menu (under Windows Accessories). Right-click over the menu item and select Open file location. Notice its file type: This is a shortcut, not the actual application file. Explore its Properties. Use Open File Location to navigate to the folder that contains the actual executable file (not the shortcut). Where does it reside?
%windir%\system32\notepad.exe
Launch PLTW Security Lab 1.2.3 - Process Management. To find the application file of a Desktop shortcut: Right-click on the desktop icon and select Properties. The Properties window opens and the Target value on the Shortcut tab tells you where the application file resides. Use Open File Location to navigate to the folder that contains the executable file and check the View > File name extensions check box. Right-click on the AVGUI.exe and bring up its Properties. Explore the Digital Signature tab. Select the signature and explore its Details. Use View Certificate to learn about the application's certificate information. To find the application file of a taskbar item: Right-click on the item in the taskbar, for example, the Google Chrome icon. In the context menu that appears, right-click on the Google Chrome item and select Properties. The Target value tells you where the application file resides. Use Open File Location to navigate to the folder that contains the executable file. Explore Chrome's digital signature(s). Dismiss the various windows. To find an application file of a Start menu item: Find the Notepad menu item in the Start menu (under Windows Accessories). Right-click over the menu item and select Open file location. Notice its file type: This is a shortcut, not the actual application file. Explore its Properties. Where does the Notepad executable application file reside?
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Launch PLTW Security Lab 1.2.3 - Process Management. To find the application file of a Desktop shortcut: Right-click on the desktop icon and select Properties. The Properties window opens and the Target value on the Shortcut tab tells you where the application file resides. Use Open File Location to navigate to the folder that contains the executable file and check the View > File name extensions check box. Right-click on the AVGUI.exe and bring up its Properties. Explore the Digital Signature tab. Select the signature and explore its Details. Use View Certificate to learn about the application's certificate information. To find the application file of a taskbar item: Right-click on the item in the taskbar, for example, the Google Chrome icon. In the context menu that appears, right-click on the Google Chrome item and select Properties. The Target value tells you where the application file resides. What is the full path to the executable application file for the Google Chrome taskbar item?
C:\Program Files\AVG\Antivirus\AVGUI.exe
Launch PLTW Security Lab 1.2.3 - Process Management. To find the application file of a Desktop shortcut: Right-click on the desktop icon and select Properties. The Properties window opens and the Target value on the Shortcut tab tells you where the application file resides. What is the full path to the AVG Business Security executable application file?
Although you don't see it, changes are happening in your browser: For Browsing history, the browser clears history and auto-completions in the address bar. For Cookies and other site data, the browser signs you out of most sites.
Launch PLTW Security Lab 1.2.4 - Securing Your Browser. If you're no longer in Chrome settings, select Settings from the Customize and control Google Chrome menu. From the main Settings page, use the Search Settings text box to search for "history". In the privacy and security section, click Clear browsing data. You should see another window that gives you the option to clear specific browser data. What does the browser say will happen if you clear Browsing history? If you clear cookies and other site data?
Some risky settings might be: JavaScript (could run malware) Microphone (someone could be listening in) Unsandboxed plugin access (could install malware on your computer)
Launch PLTW Security Lab 1.2.4 - Securing Your Browser. Start to explore and configure Chrome security settings by clicking the Customize and Control Google Chrome icon (three dots) to open the menu. Select the Settings menu item. This will take you to an internal page called chrome://settings where you see a variety of settings for your Chrome browser. Let's explore some of the most important security settings. On the Settings page, expand the Advanced section by clicking on the down-arrow to reveal the Privacy and security section. In the Privacy and Security section, click the subsection titled Site settings. On the Settings page, select Automatic Downloads. On the next page, click on the Add button and enter https://www.pltw.org and then click Add. In the browser's address bar, enter the URL of the site you just enabled to automatically download multiple files, https://www.pltw.org. With your new security setting, you will not be asked every time you download files. Change the Settings for Popups and Redirects to Blocked. Then Add https://pltw.org as a site exception so it can display popups. What other settings do you think might pose a security risk?
https://www.google.com (Notice the https in place of http)
Launch PLTW Security Lab 1.2.4 - Securing Your Browser. Type the following URL exactly as shown: http://google.com The URL is redirected. What is the resulting address?
