Cookbook 1.7.4

PGP
PGP is a tool that can you can

use to encrypt, decrypt, and
digitally sign e-mail and files
Security Essentials Cookbook © 2003 SANS 16-1
PGP
When transferring sensitive information, a security professional should use some
precautions. PGP has long been the de-facto standard for sharing sensitive information.
Phil Zimmerman created PGP, but the ownership recently changed from NAI to the
newly formed PGP Corporation. PGP uses a combination of conventional and public-key
cryptography to let users encrypt and verify the integrity of data as well as communicate
securely with people they have never met.
16 - 1
PGP Details
• Name: PGP
• Operating system: most operating systems
• License: freeware for personal use
• Protocol used: N/A
• Category: encryption
• Description: a tool that can integrate within
mail clients and also be a stand-alone
application to encrypt and digitally sign files
• URL: http://www.pgp.com/
The following topics and action items are covered in this chapter:
• Installing PGP
• Running and Using PGP
• Exporting a Key
• Encrypting Files
• Fingerprint Verification
16 - 2
PGP Background
• PGP written by Phil Zimmerman
• It was originally written to help people
protect their files from eavesdroppers
• PGP quickly became the de-facto
standard across the Internet
• There is a commercial version and a
free version for personal use
PGP’s Purpose
• PGP provides an easy way to integrate
encryption into existing applications
– For e-mail, it has plug-ins
– For other applications, you save the file
and then encrypt it
• Encryption uses someone’s public key
• Decryption uses your private key
16 - 3
PGP Architecture
• The following are the steps PGP takes:
– Runs messages through a hash
– Encrypts the hash with your private key
– Encrypts the entire message and hash with
someone’s public key
• Note: Some steps can be skipped
PGP Architecture (2)

• PGP takes the following encryption
steps:
– Generates a new secret key
– Encrypts the message with the secret key
– Finds the public key for each recipient
– Encrypts the secret key with the public key
of each recipient and attaches it to the top
of the encrypted message
16 - 4
PGP Installation
• Unzip the file
• Double-click the exe installation
program
• Import a key ring
• Select options
• Restart your computer
Installing PGP 8
Following are the steps for installing PGP 8:
1. To start the installation of PGP 8.0, unzip the PGP800-PF-W.zip file and
then double-click the PGP8.exe executable contained within it.
2. The Welcome window appears. Click Next.
16 - 5
3. The License Agreement window appears. If you accept the terms of the
License Agreement, click Yes. Otherwise, click Cancel and move on to
the next chapter.
4. The Read Me window appears. Click Next.
16 - 6
5. The User Type window appears. Select No, I’m a New User and click
Next.
16 - 7
6. The Install Directory window appears. Accept the default location and
click Next.
7. The Select Components window appears. Accept the default PGP

plugins unless you use mail software that is not included in the following
screen. Click Next.
16 - 8
8. The Start Copying Files window appears. Click Next to start the
installation.
9. The Setup Status window appears. Continue on to the next step.
16 - 9
10. The PGP 8.0 install complete window appears. Because PGP uses a
number of device drivers to perform its duties, you must restart the system
before PGP can start. Click Finish to restart your system.
16 - 10
Running PGP
• First time: create a public/private key
pair
• Configure PGP using the options under
PGP tray
– Time to store pass phrase
– Types of encryption to use
• Use PGP tray to select the options you
want
• You can also use the plugins for various
mail clients
Running and Using PGP

After you reboot the system, PGP prompts you for a license key. Because you are using
the PGP 8 freeware to explore its capabilities, click Later. The freeware version of PGP
does not include some functionality, namely PGPDisk.
Note: I discuss PGPDisk later in this section.
16 - 11
Creating PGP Key Pairs
The next step is the creation of a PGP key pair. Follow these steps:
1. The PGP Key Generation Wizard – Welcome window appears. Click

Next.
2. The Name and E-mail Assignment window appears. Because you will
be sharing your public key with many people and possibly housing it on a
public-key server, enter the full name and e-mail address you want others
to know you by, and then click Next.
16 - 12
3. The Passphrase Assignment window appears. After you enter a full
name and e-mail address, the PGP Key Generation Wizard prompts you to
enter a passphrase. Select a strong one: The only thing protecting your
private key from a person with access to it is your passphrase. PGP
stresses the use of passphrases instead of passwords because they can be
stronger if chosen wisely. Enter and confirm your passphrase and then
click Next.
16 - 13
4. The Key Generation Progress window appears. This window shows the
status of the key generation process. When this process is done, click
Next.
5. The Completing the PGP Key Generation Wizard window appears.

Click Finish. That's it: you have now created a PGP key pair.
PGP Tray Components
16 - 14
You should notice a new item in your system tray. The padlock on the left is the PGP
tray.
1. Right-clicking the PGP tray opens a pop-up menu. From here, you can
access all components of the PGP tray. This section takes a look at some
of the PGP tray components.
2. While the PGP tray right-click menu is open, click PGPkeys. The
PGPkeys window appears. It displays the key you created earlier. As you
obtain the public keys of others, they are added to PGPkeys. You should
notice that the validity and trust columns are both set. Because you own
the key, you implicitly trust yourself. Click Edit, Options.
3. The PGP Options window appears. The default view is of the General
tab. Leave the Always encrypt to default key option checked. Because
the key you created earlier is set as the default key, anything you encrypt
16 - 15
will be encrypted for your key as well as any others you select. With the
Faster key generation option checked, PGP does not calculate a new set
of random prime numbers when creating key pairs. There is not much of a
security risk by leaving this option checked, but unchecking it can cause
key-creation times to become much longer. The Number of passes option
tells PGP how many times to overwrite a file when securely wiping it.
16 - 16
4. Click on the Files tab. The Files options tab shows you the path to your
public and private key rings. Your public key ring contains all of the
public keys that you have collected, including your own. The private key
ring contains any private keys you have created or obtained and should
remain in a secure location because the only thing protecting it is that
super-secure passphrase you assigned to it.
16 - 17
5. Click on the E-mail tab. The E-mail options tab contains settings for your
e-mail software. Depending on your level of paranoia, you might want to
start signing your messages by default. Doing this allows anyone with
your public key to verify that a message in fact came from you. The
Secure Viewer option is for really paranoid people. Anything you encrypt
with the Secure Viewer must be read in the Secure Viewer application.
You cannot copy the text or "print screen" any of the contents within the
viewer.
16 - 18
6. Click on the HotKeys tab. The HotKeys options tab allows you to set up
shortcuts to commonly used operations, such as encrypting and decrypting
text within the current window.
16 - 19
7. Click on the Servers tab. The Servers option tab lists the default key
servers that can be used to store your public keys. You can add additional
servers to the list by clicking New.
16 - 20
8. Click on the Advanced tab. The Advanced options tabbies used to
configure the algorithms and trust levels within PGP. Note the grayed-out
option, Warn when encrypting to keys with ADKs. The commercial
version of PGP gives you the ability to create preconfigured installations
for PGP. One of the options you can configure is the inclusion of an ADK,
or additional decryption key. If you assign an ADK to an installation of
PGP, the user cannot encrypt anything without the ADK being included.
That way, if he forgets his passphrase, or if his key becomes corrupt, you
can decrypt any data with the ADK.
16 - 21
Exporting a Key
1. To send your public key to another person, you need to export it to an .asc
file. To accomplish this, right-click on the key in the PGPkeys window,
and then select Export.
2. The Export Key to File window appears. When saving your key, make sure that
you do not select Include Private Key(s) unless you intentionally want to send someone
your private key. Select or enter a filename and click OK.
16 - 22
Encrypting a File
One of the most common tasks that you will perform with PGP is the encryption of
documents. Following are the steps for encrypting a file:
1. Open WordPad and type a message that you would like to encrypt. Save
the file as Sensitive_Data.rtf.
2. Using Windows Explorer, locate your message file and right-click on it.
Select PGP, Encrypt & Sign. The Create SDA option allows you to
create a passphrase-protected, self-extracting executable that anyone can
open, even if they do not have PGP installed.
16 - 23
3. The PGPshell - Key Selection Dialog window appears. Because you do
not have any other keys on the public key ring, the only possible recipient
is your key. This is where you have the opportunity to do a number of
additional tasks, such as wipe the original file or encrypt the file using
conventional encryption, which uses passphrases instead of public keys.
Select your key and click OK.
4. The PGPshell – Enter Passphrase window appears. Enter your passphrase

and click OK.
16 - 24
5. In Windows Explorer, you should now see two files, the original file and
the PGP encrypted file.
6. Open the encrypted file using WordPad to ensure that all contents are in
fact encrypted.
16 - 25
7. Delete the unencrypted file, and rename the encrypted file from Sensitive
Data.rtf.pgp to Public Data.rtf. Now it won't draw as much attention.
8. You just renamed a PGP encrypted file to a plain old .rtf file. Let's make
sure that the contents are still encrypted by opening the file with
WordPad.
16 - 26
9. Yep, still encrypted. To decrypt the file, right-click on it and select Open
With, PGP Encryption/Decryption Tool.
10. The PGPshell – Enter Passphrase window appears. Enter your

passphrase and click OK.
16 - 27
11. The PGPlog window appears. It details the information about the file that
was encrypted.
12. Looking back in the Windows Explorer window, you can see in that a
new file was created with the name of the original file you encrypted.
13. When you are done with the file, you can securely wipe the file from the
file system. Right-click on the file, and select PGP, Wipe.
16 - 28
14. The Are you sure … window appears. Before PGP wipes the file, it
prompts you for confirmation because once the file is wiped, there is no
return. Click Yes and the file is securely deleted.
16 - 29
Fingerprint Verification
To ensure that the public key you have received is in fact the public key of the original
sender, PGP provides a unique fingerprint with each key. You can find the fingerprint by
right-clicking your key in the PGPkeys window and selecting Key Properties. The
fingerprint appears as a list of words or as a hexadecimal string.
When you receive a public key, you can call the other party and ask her to read her
fingerprint to you. If the fingerprints match, you can be reasonably sure that the key was
not tampered with. This window also provides you with an interface to change the
passphrase for your private key (note the Change Passphrase button).
16 - 30
PGP Summary
• PGP provides and easy-to-use GUI

to bring encryption to the masses
• Make sure you protect your private
key
• Beware of export and import laws
with encryption for certain
countries
16 - 31
Cisco ConfigMaker
ConfigMaker allows
administrators to more
effectively design and maintain
their corporate infrastructure
Cisco ConfigMaker
17 - 1
So it is Monday morning on your first day of work when your new boss comes into your
cube with the following assignment: Map out our Cisco environment and provide him
with a schemata of the company’s topology. Because you are brilliant and worth every
cent you are paid, you browse on over to Cisco’s website and download Cisco
ConfigMaker.
This is a wonderful utility provided by Cisco for Cisco environments (makes sense) that
not only maps out the network similar to Microsoft Visio or What’s Up Gold but also can
assist with configuring devices by creating the Cisco IOS configuration files. The
program is designed to help get the network running from a first step integration process.
After installing the devices and setting up some preliminary settings, the administrator
would still need to do some additional fine-tuning of the configuration.
ConfigMaker Details
• Name: ConfigMaker
• Operating system: Windows
• License: Shareware
• Protocol used: multiple
• Category: network design and configuration
• Description: ConfigMaker is a tool that allows
administrators to not only map out and design
their networks, but to also maintain the
environment through remote management
• URL: http://www.cisco.com
ConfigMaker runs on everything by Microsoft from Windows 98 through Windows XP.

It provides an easy-to-use Graphical User Interface (GUI) to assist in mapping the
network as well as configuring the devices. If you already have an existing network you
can use ConfigMaker to auto detect devices on the network.
• Setting up a basic network consisting of a firewall, router, DMZ, and trusted

internal network.
• Going over how to utilize Cisco ConfigMaker to map out your network.
• Gaining a better understanding of how you can utilize Cisco ConfigMaker within
your organization.
17 - 2
Please note you can download Cisco ConfigMaker version 2.6, from now on simply
referred as ConfigMaker, from Cisco at:
http://www.cisco.com/univercd/cc/td/doc/clckstrt/cfgmkr/download.htm
ConfigMaker Background
• This tool was created to assist
administrators with the task of
designing their corporate networks
as well as having the ability to
centrally control not only the IOS
on the multiple devices, but also
the configurations
17 - 3
ConfigMaker’s Purpose
• To provide a central console to
design, test and maintain a Cisco
environment
• This tool also allows you to add
non-Cisco devices
1. The easiest way to install this product is to locate where the executable
you downloaded is stored, or from the CD, and double-click on the file.
The Welcome window appears. Click Next.
17 - 4
2. The Software Licensing Agreement window appears. After reading the
license agreement, if you accept it, click Yes. Otherwise, click No and go
on to the next chapter.
3. The Select Components window appears. Accept the default components

and directory locations and click Next.
17 - 5
4. The Setup Complete window appears. Unselect I want to view the
README file and click Finish.
Running ConfigMaker
• To run Cisco ConfigMaker simply

double click on the newly created
icon or go to Start, All Programs,
Cisco ConfigMaker
17 - 6
1. Let’s start the program and begin defining and documenting your network.
Click on Start, All Programs, Cisco ConfigMaker. The Getting
Started with Cisco ConfigMaker window appears. Click No to skip the
tutorial.
2. The main Cisco ConfigMaker window appears. Note that the window is
divided into several areas: the Network Diagram area in the middle
where the network diagram is created, the Devices area in the upper-left
which displays a list of available devices, the Connections area in the
lower-left which displays a list of network connection types, and the
Using Cisco ConfigMaker area on the right which provides helpful
information.
17 - 7
3a. Lets start mapping our network! Under Devices, click on Internet.
3b. Drag the Internet icon over to the Network Diagram workspace. Click
somewhere in the middle of the Network Diagram workspace. The
Internet Device Wizard – Finish window appears. Click Finish. An
Internet icon appears in the Network Diagram workspace.
17 - 8
4a. The next step is to place a router below the Internet connection. Under
Devices, expand Router, Cisco 1700 Series and click on Cisco 1720.
4b. Drag the Cisco 1720 icon over to the Network Diagram workspace.
Click on the Network Diagram workspace below the Internet icon. The
Cisco 1720 Device Wizard – Assign Name window appears. Leave the
device name of Cisco1720. Click Next
17 - 9
4c. The Cisco 1720 Device Wizard - Assign Password window appears.
The administrator needs to assign two unique passwords for the router, the
Login password and the Enable password. For the purposes of this lab,
use something easy to remember. One suggestion, for the lab ONLY, is to
use password for the Login and passphrase for the Enable. After
entering the Login and Enables passwords, click Next.
4d. The Cisco 1720 Device Wizard - Select Network Protocols window
appears. Select only TCP/IP and click Next.
17 - 10
4e. The Cisco 1720 Device Wizard – Indicate Cards Installed window
appears. This screen identifies the different interface cards installed on the
router. Initially, the slots are empty. Continue to the next step.
4f. For WAN Slot 0, select 1 Ethernet . For WAN Slot 1, select 1 T1
CSU/DSU. Click Next.
17 - 11
4g. The Cisco 1720 Device Wizard – Finish window appears. Click Finish.
4h. The main Cisco ConfigMaker window reappears. A new icon for the
Cisco1720 router appears in the Network Diagram area.
17 - 12
5a. The next step is to connect the Internet to your Cisco1720 border router.
Under Connections, click on HDLC. Move to the Network Diagram
area and click on Internet. A dialog box appears and asks you to click on
the connecting device. Click on Cisco1720 to complete the connection.
5b. The HDLC Wizard – Setup window appears. Click Next.
17 - 13
5c. The HDLC Wizard – Cisco1720 – Specify IP address window appears.
You will enter the IP address for the external interface of the router.
5d. For this exercise, use an IP address of 207.59.192.1 and a subnet mask of
255.255.255.252. When done entering the information, click Next.
17 - 14
5e. The HDLC Wizard – Select Whether to Use NAT window appears.
Select NAT and then select Use WAN interface IP address for source
address translation. Click Next.
5f. The HDLC Wizard – Cisco1720 – Choose CSU/DSU Values window

appears. Accept all of the default values and click Next.
17 - 15
5g. The HDLC Wizard – Finish window appears. Click Finish.
5h. You should now see a completed network connection labeled with the IP
addresses and connection type in the Network Diagram area.
17 - 16
6a. Now begins the fun part; creating a screened subnet, aka a DMZ. Under
Devices, expand Switches, Cisco 1500 Series and click on Cisco 1548.
6b. Drag the Cisco 1548 icon over to the Network Diagram workspace.
Place it to the right of the Cisco1720 icon.
17 - 17
6c. The next step is to connect the Cisco1548 switch to your Cisco1720
border router. Under Connections, click on Ethernet. Move to the
Network Diagram area and click on Cisco1720. A dialog box appears
and asks you to click on the connecting device. Click on Cisco 1548 to
complete the connection.
6d. The Ethernet Wizard - Setup window appears. Click Next.
17 - 18
6e. The Ethernet Wizard – Cisco1720 - Interface window appears. Leave
the default interface selected and click Next.
6f. The Ethernet Wizard – Cisco1720 – Specify IP Address window

appears. For this exercise, use an IP address of 207.54.160.1 and a subnet
mask of 255.255.255.0. When done entering the information, click Next.
17 - 19
6g. The Ethernet Wizard – Finish window appears. Click Finish.
7a. Now that we have our screened host segment, aka a DMZ, we need to add
some hosts. Under Devices , click on Host.
17 - 20
7b. Drag the Host icon over to the Network Diagram workspace. Place it to
the right of the Cisco 1548 icon.
7c. Repeat steps 7a and 7b two more times so that there are three hosts on the
screened network. Rename each host by clicking on the icons and
renaming them DNS Server, Mail Server and Web Server.
17 - 21
7d. The next step is to connect the Cisco1548 switch to your three DMZ hosts.
Under Connections, click on Ethernet. Move to the Network Diagram
area and click on Cisco1548. A dialog box appears and asks you to click
on the connecting device. Click on DNS Server to complete the
connection.
7e. The Ethernet Wizard – DNS Server – Specify IP Address window

appears. For this exercise, use the next available IP address on the subnet.
When done entering the information, click Next.
17 - 22
7f. The Ethernet Wizard – Finish window appears. Click Finish.
7g. Repeat steps 7e thru 7f for the Mail Server and Web Server objects. Use
the IP address 207.54.160.3 for the Mail Server and 207.54.160.4 for the
Web Server.
17 - 23
8a. Now that we have an Internet connection, an external router and a DMZ
network with active hosts, We need to complete this network by adding
an trusted internal network. Under Devices, expand Switches, Cisco 1500
Series and click on Cisco 1548. Drag the Cisco 1548 icon over to the
Network Diagram workspace. Place it below the Cisco1720 icon. It will
be named Cisco1548_1.
8b. The next step is to connect the Cisco1548_1 switch to your Cisco1720
border router. Under Connections, click on Ethernet. Move to the
Network Diagram area and click on Cisco1720. A dialog box appears
and asks you to click on the connecting device. Click on Cisco 1548_1 to
complete the connection..
17 - 24
8c. The Ethernet Wizard - Setup window appears. Click Next.
8d. The Ethernet Wizard – Cisco1720 - Interface window appears. Leave

the default interface selected and click Next.
17 - 25
8e. The Ethernet Wizard – Cisco1720 – Specify IP Address window
appears. For this exercise, use an IP address of 192.168.0.1 and a subnet
mask of 255.255.255.0. When done entering the information, click Next.
8f. The Ethernet Wizard – Finish window appears. Click Finish.
17 - 26
9a. As we created three hosts in the DMZ network, we now need to create
three hosts on the internal network. Under Devices, click on Host.
9b. Drag the Host icon over to the Network Diagram workspace. Place it
below the Cisco1548_1 switch icon. Repeat steps 9a and 9b two more
times so that there are three host icons under the Cisco1548_1 switch icon.
17 - 27
9c. Next, connect the Cisco1548_1 switch to your three internal hosts. Under
Connections, click on Ethernet. Move to the Network Diagram area
and click on Cisco1548_1. A dialog box appears and asks you to click on
the connecting device. Click on Host to complete the connection. The
Ethernet Wizard – Setup window appears. Click Next.
9d. The Ethernet Wizard – HOST – Specify IP Address window appears.

For this exercise, use the IP address 192.168.0.2. When done entering the
information, click Next.
17 - 28
9e. The Ethernet Wizard – Finish window appears. Click Finish.
9f. Repeat steps 9c thru 9e for HOST_1 and HOST_2. Use the IP address
192.168.0.3 for HOST_1 and 192.168.0.4 for HOST_2. We now have a
network diagram with a router, a DMZ and an internal network.
17 - 29
10a. We now need to configure the firewall to protect this network. The first
step is to start the Firewall wizard. Click on the Cisco1720 router in the
Network Diagram area. Click on Configuration, Firewall listed in the
Configuration menu. The Firewall Wizard window appears. Click
Next.
10b. The Firewall Wizard – Firewall window appears. Select Yes to indicate
that the router has the firewall IOS feature set. Click Next.
17 - 30
10c. The Firewall Wizard – DMZ window appears. Select I have a DMZ.
Select Cisco1548 as the DMZ LAN. Click Next.
10d. The Firewall Wizard – Policy window appears. Click Next.
17 - 31
17 - 32
10e. The Firewall Wizard – Cisco 1548 – Access Policy window appears.
This is where we implement rules about allowing access from specific
devices utilizing a specific application. In this case, we will begin with
setting some rules for the internal Cisco1548_1 switch. Left-click on the
ellipsis ….
10f. The Firewall Policy – Cisco 1548_1 accessing Cisco1548 window

appears. Select Access Selected Services from the Permission pulldown
menu. Double-click on each of the following services to be allowed:
DNS, HTTP, ICMP and SMTP.
17 - 33
10g. The following error message will appear when you double-click on
ICMP. Click OK to remove the message.
10h. Finish adding the specified services and then click OK.
17 - 34
10i. The Firewall Wizard – Cisco 1548 – Access Policy window reappears.
Click on the ellipses … on the line with HOST.
10j. The Firewall Policy – HOST accessing Cisco1548 window appears.

Select Access Selected Services from the Permission pulldown menu.
Double-click on each of the following services to be allowed: DNS,
HTTP, ICMP and SMTP. You will see the same error dialog on ICMP
as before. Click OK to dismiss the error dialog. Finish adding the
specified services and then click OK.
17 - 35
10k. The Firewall Wizard – Cisco 1548 – Access Policy window reappears.
Repeat steps 10i and 10j for HOST_1, HOST_2 and Internet.
The Access Policy window should appear like the following after adding the services for
each of the hosts.
Now repeat the steps for the Internet client. Click Next when you are done.
17 - 36
10l. Following the configuration of the Cisco1548 switch, the wizard now
begins to configure the access policies for the DNS Server. You can
always tell which device is being configured by looking on the left hand
side of the window. The device in bold is currently being configured,
whereas any devices with a checkmark have already been successfully
configured.
17 - 37
10m. Click on the ellipses … on the row with Cisco 1548_1. The Firewall
Policy – Cisco1548_1 accessing DNS Server window appears. Select
Access Selected Services from the Permission pulldown menu. Double-
click on each of the following services to be allowed: DNS and ICMP.
You will see the same error dialog on ICMP as before. Click OK to
dismiss the error dialog. Finish adding the specified services and then
click OK.
10n. The Firewall Wizard – DNS Server – Access Policy window reappears.
Repeat step 10m for HOST, HOST_1 and HOST_2.
10o. Repeat step for 10m for Internet but only add DNS. When done, click
Next.
17 - 38
10p. The Firewall Wizard – Mail Server – Access Policy window appears.
Repeat step 10m for Cisco1548_1, HOST, HOST_1 and HOST_2.
Select the following services to be allowed: ICMP and SMTP.
10q. Repeat step for 10m for Internet but only add SMTP. When done, click
Next.
10r. The Firewall Wizard – Web Server – Access Policy window appears.
Repeat step 10m for Cisco1548_1, HOST, HOST_1 and HOST_2.
Select the following services to be allowed: HTTP and ICMP.
17 - 39
10s. Repeat step for 10m for Internet but only add HTTP. When done, click
Next.
10t. The Firewall Wizard – Cisco1548_1 – Access Policy window appears.

Since the Cisco 1548_1 and all of the attached hosts (HOST, HOST_1,
HOST_2) are internal devices, they should not be visible to the Internet.
Therefore, the policy should be left to deny all services. Click Next.
17 - 40
10u. The Firewall Wizard – HOST – Access Policy window appears. As with
the Cisco1548_1 object, the policy should be left to deny all services.
Click Next.
10v. The Firewall Wizard – HOST_1 – Access Policy window appears. As

with the Cisco1548_1 object, the policy should be left to deny all services.
Click Next.
17 - 41
10w. The Firewall Wizard – HOST_2 – Access Policy window appears. As
with the Cisco1548_1 object, the policy should be left to deny all services.
Click Next.
10x. The Firewall Wizard – Internet – Access Policy window appears. We

want the internal hosts to only be able to access the Internet via HTTP.
Repeat step 10m for HOST, HOST_1 and HOST_2. Select the following
services to be allowed: HTTP. Click Next.
17 - 42
10y. The Firewall Wizard - Summary window appears. Click Finish.
17 - 43
11. And here we are…only a few hours since your new boss on your first day
asked you to diagram the network and you have created this:
17 - 44
ConfigMaker Exercise
1. Can ConfigMaker be used to manage
Nortel switches
2. What protocol is used to push and pull
configuration changes to remote
devices
3. Do you need detailed knowledge of
the Cisco IOS to use ConfigMaker
4. Can you add ingress and egress ACLs
to routers through ConfigMaker?
This section poses a set of questions that are answered in the following section.
Following are the questions:
1. Can ConfigMaker be used to manage Nortel switches

2. What protocol is used to push and pull configuration changes to remote
devices
3. Do you need detailed knowledge of the Cisco IOS to use ConfigMaker
4. Can you add ingress and egress ACLs to routers through ConfigMaker?
17 - 45
ConfigMaker Exercise Solutions
1. No
2. TFTP
3. No. You can actually configure all of your
switches with little or no knowledge of the
actual Cisco IOS. The authors of this book
Highly recommend that you do not use this tool
as a replacement for actually learning the IOS
4. Yes. Any configuration changes you can make
at the console of the device you can make with
this tool
Following are the answers to the questions:
1. No
2. TFTP
3. No. You can actually configure all of your switches with little to no knowledge
of the actual Cisco IOS. The authors of this book recommend strongly that you
do not use this tool as a replacement for actually learning the IOS
4. Yes. Any configuration changes you can make at the console of the device you
can make with this tool
Summary
When it comes to network design tools are key. Diagramming a network is as difficult as
your tool makes it. Cisco has created an easy to use, GUI interface network definition
tool that makes the initial design and implementation easier. Through the experiences in
this chapter you became familiar with the simple interface which made our task easier.
As is the case with all software, the user must provide the analytical knowledge to
properly define the data. ConfigMaker streamlines the process.
Realize that ConfigMaker is one of many tools existing in the marketplace. Some, like
Microsoft Visio, are flowchart design applications and are not simply for network
architecture. Regardless of the tool you use, the need for having a network diagram
exists and is an important tool for good network security.
17 - 46
For additional information:
http://www.cisco.com/warp/public/779/smbiz/netguide/v_network_design.html
17 - 47
S-Tools
S-Tools is a steganographic tool

used to hide data inside of
BMPs, GIFs, and WAV files on
Windows systems
S-Tools
S-Tools can be used to hide messages inside of BMP, GIF, and WAV files. Depending on
the options that you choose, the output file that contains the hidden data may have
different properties than the original file.
S-Tools Details
• Name: S-Tools
• License: freeware
• Protocol used: NA
• Category: Steganography
• Description: S-Tools is a GUI tool used to
hide data in multiple file types
18 - 1
• Installing S-Tools
• Running S-Tools
• Hiding files in images
• Hiding files in WAV files
S-Tools Background
• S-Tools version 4 is now a drag-and-

drop Steganography tool for use with
BMP, GIF and WAV file types
18 - 2
S-Tools’ Purpose
• Like all Steganography tools, the main
purpose of S-Tools is to hide data in multiple
data types
• Give the user the ability to encrypt and hide
data in a manner to hide itself through
obscurity
• Utilizes symmetric cryptography for its
encryption method
S-Tools Architecture
• S-Tools is a GUI based application

for use on Windows platforms
greater than 3.1
• Has the ability to both hide and
retrieve information
• Can only retrieve data that was
hidden by S-Tools itself
The file in which data is hidden is called the carrier file. After hiding a file within a
carrier file, you can send the carrier file to another person who knows to use S-Tools with
the appropriate password; he or she will be able to view the contents of the hidden file,
while unsuspecting others view a regular image file.
18 - 3
Installation
• Like many Steganographic tools,

there is no installation required
Installing S-Tools
S-Tools does not require installation. Simply extract the zip archive s-tools4.zip to
C:\tools\s-tools.
Running S-Tools
• To run S-Tools, simply double-click the

S-Tools.exe executable provided on the
CDRom
18 - 4
Running S-Tools
Start S-Tools by double-clicking S-Tools.exe, which is located in C:\tools\s-tools\. The
interface for S-Tools launches and you are presented with the following window.
Click Continue to get to the main screen. As you can tell, there are not many options in
the S-Tools interface.
18 - 5
Hiding Files in Images
This section explains how to hide files in images with S-Tools. Follow these steps:
1. Select File, Properties to view the compression ratio for the file that you
are hiding. The higher the compression, the longer it will take to hide a
file; however, you will be able to hide larger files when the compression is
cranked up. Click OK to close the Properties dialog box.
2. Start a Windows Explorer session and find one of several bmp files that
are on your system. For this example you could use c:\icons\icon.bmp or
any other bmp file. Copy this file to your s-tools directory and then drag
the bmp file onto the S-Tools window.
18 - 6
3. Create a document called Secret_data.txt by opening up WordPad and
typing in some text. Now drag Secret_data.txt on top of the bmp image
that is in the S-Tools window. You will then receive a passphrase prompt,
as shown in the following screen. Enter and confirm the passphrase that
you will use to secure the file. The dialog box also details the amount of
data that you are hiding; in this case, we are hiding 196 bytes of data
inside of the BMP file.
4. S-Tools natively supports a number of encryption algorithms, including

IDEA (the default), DES, Triple-DES, and MDC. Accept the default value
of IDEA and click OK.
5. As shown in the following screen, the next prompt deals with the quality
of the output file. If you convert it to a 24-bit file, the output file will be
larger than the original due to the storage of the extra hidden data. The
other option, Attempt color reduction, reduces the quality of the picture
in an attempt to keep the output file size close to the original. Accept the
default value of Attempt color reduction and click OK.
18 - 7
6. The newly created .bmp file now appears in the S-Tools interface. Notice
that in the following screen, the newly created file appears to the human
eye to be the same as the original file.
7. Right-click the picture that includes the hidden file, and then select
Properties. Notice the dimensions of the file as well as the memory usage.
8. Now right-click the original file and click Properties. You will see that
the dimensions are the same, except for the memory usage. The hidden
file's memory usage is larger due to the added data that is masked within
the file.
18 - 8
9. To save the newly created hidden file, right-click it and select Save as.
10. Save the file as Hidden.bmp.
18 - 9
11. After you have saved the file, close out of S-Tools and then restart it. Drag
the newly created hidden.bmp file onto the S-Tools window. Then right-
click the picture and select Reveal.
12. You are now prompted for the passphrase in order to reveal any data
hidden in hidden.bmp. Enter and confirm the passphrase that you’ve
selected, and click OK.
13. The Revealed Archive window, listing our hidden file Secret_data.txt,
now appears.
18 - 10
14. Highlight Secret_data.txt. Then, right-click it and select Save as, as
demonstrated in the following screen. Save the file as
Secret_data_after_steg.txt so it will be easy to compare it to
Secret_data.txt.
15. You can now open the new text file to ensure that your message is still
intact.
18 - 11
Hiding Files in WAV Files
Images are not the only things that S-Tools can use for hiding files. This section describes
how you use the same steps in the previous section to hide files; however, this time, you
will use a WAV file as the carrier file. Follow these steps:
1. Using Windows Explorer find a wav file on your system and drag the file
onto the S-Tools window. For this example you could use
C:\WINDOWS\Media\\Windows XP Startup.wav
18 - 12
2. Once again, drag our Secret_data.txt onto the WAV file. Enter and
confirm the passphrase with which you wish to secure the hidden file, and
click OK.
The new file containing the hidden data is now present in the S-Tools
window.
Viewing the properties of these two files, as shown in the following

screen, reveals that the audio properties are the same, but the file sizes and
dates are different.
Following is the hidden file's properties:
Following is the original file's properties:
18 - 13
3. Next, right-click within the hidden data window and click Save as. Accept
the default file name hidden.wav.
4. After saving the newly created file, you can reveal the information in the
same way that you did for the .bmp file.
18 - 14
S-Tools Exercise
1. Can you use S-Tools to hide files within

.mp3 files?
2. Will the size of the new carrier file be
different than the original file?
3. Does the recipient of the carrier file need to
have S-Tools to view the hidden data?
4. Will a WAV file that contains hidden data
still play?
1. Can you use S-Tools to hide files within .mp3 files?

2. Will the size of the new carrier file be different than the original file?
3. Does the recipient of the carrier file need to have S-Tools to view the
hidden data?
4. Will a WAV file that contains hidden data still play?
18 - 15
S-Tools Exercise Solutions
1. No, S-Tools supports, BMP, GIF and WAV.

2. Yes, the file will get either larger or smaller depending
on a number of variables, including the size of the
hidden data, the quality of the picture, and the
compression settings.
3. Yes, S-Tools will need to be installed and the
passphrase must be known (if one was set during
creation).
4. Yes, a WAV file containing hidden data will still play.
1. No, S-Tools supports, BMP, GIF, and WAV

2. Yes, the file will get either larger or smaller depending on a number of
variables, including the size of the hidden data, the quality of the picture,
and the compression settings.
3. Yes, S-Tools will need to be installed and the passphrase must be known
(if one was set during creation).
4. Yes, a WAV file containing hidden data will still play.
18 - 16
Summary
• S-Tools provides an easy way to

disguise sensitive data in various types
of carrier files
• Experiment with S-Tools compression
settings to get the best results
S-Tools provides an easy way to disguise sensitive data within media files. Practice is the
best way to gain experience to know what compression setting works best for stealthily
hiding data and still appearing as the original file.
18 - 17
Invisible Secrets 2002
Invisible Secrets 2002 is a

steganographic tool that
allows people to hide text
inside of multiple file types
Invisible Secrets 2002 Introduction

If you want a wider range of carrier file types and more options than S-Tools provides,
then look no further than Invisible Secrets 2002. Invisible Secrets 2002 is a security suite
that lets you, among other things, hide files within the following file types:
• JPEG
• PNG
• BMP
• HTML
• WAV
19 - 1
Invisible Secrets 2002 Details
• Name: Invisible Secrets 2002
• License: trial version
• Category: steganography
• Description: Invisible Secrets 2002 allows users to
hide encrypted information inside of pictures
• URL: http://www.neobytesolution.com/invsecre/
• Installing Invisible Secrets

• Running Invisible Secrets
19 - 2
Background
• Invisible Secrets is an application
created by Neobyte Solutions
• It is a full-featured stego tool that
provides multiple encryption methods
for protecting your hidden data
• Allows users to put sensitive data in
seemingly normal files such as pictures
of your latest vacation
Invisible Secrets 2002’s Purpose
• Hides data inside pictures

• Encrypts hidden data
• Properly deletes information on your hard
drive with its integrated DOD-compliant
shredder
19 - 3
Architecture
• It is a Windows-based GUI application
used to hide information inside of
multiple file types
• It can use multiple symmetric
encryption algorithms to secure hidden
data
• Incorporates a DOD 5220.22-M
complaint data shredder
19 - 4
In this chapter, you use Invisible Secrets 2002 as a steganographic tool. If you do not
need a covert method of disguising information but still need to store sensitive
information securely, Invisible Secrets 2002 allows you to encrypt and decrypt files using
a number of algorithms. Of course, these added features cost money. This chapter uses
the 30-day demo version of Invisible Secrets 2002.
Installation
• To install make sure you are logged in
as the administrator
• Locate the invsecr.exe file on your
CD-ROM and copy it to your local drive
• Double click on invsecr.exe to begin
the installation
Running Invisible Secrets

2002
• To run the application, go to Start,
Programs, Invisible Secrets
• Make sure that you have the
appropriate authority to use this
tool and that it does not conflict
with any of your company’s policies
19 - 5
Installing and Running Invisible Secrets 2002
This section discusses how to install and run Invisible Secrets 2002.
Installing Invisible Secrets 2002
To install the program, follow these steps:
1. Locate invsecr.exe on the CD-ROM. Double-click it to start the

installation process. The Welcome window appears. Click Next to
continue.
19 - 6
2. The License Agreement window appears. If you agree to the 30-day
evaluation License Agreement, click Yes; otherwise, you cannot continue
with this chapter.
3. The Choose Destination Location window appears. Accept the default

installation folder by clicking Next.
19 - 7
4. The Select Program Manger Group window appears. Accept the default
Program Manager group by clicking Next.
5. The Start Installation window appears. Click Next to start the

installation of Invisible Secrets 2002.
19 - 8
6. The Installation Complete window appears. After the installation is
finished, uncheck Yes, I would like to view the README file and click
Finish.
19 - 9
Running Invisible Secrets 2002
After you finish the install, Invisible Secrets 2002 launches. Follow these steps to run it:
1. Click Try to start the 30-day countdown.
19 - 10
2. The settings you access with the Options button let you perform a number
of tasks, including the following:
• Add new carrier file types

• Add new algorithms
• Set the number of times to overwrite a file when shredding
• Manage passwords
• Prompt for a password when Invisible Secrets starts
19 - 11
3. The Welcome window appears. You will be using the default settings for
the purposes of this book. Click Next to start the fun.
4. The Select Action window appears. As shown in the following figure,

you can select the action that you want to perform. Use the default setting
Encrypt and Hide file(s) in a carrier file. Click Next.
19 - 12
5. The Select the files … window appears. You are prompted to select the
files that you want to hide. Click Add files.
6. Select a file to hide. I am going to use the secret-data.txt file that I created
in the S-Tools exercise but any text file will do and click Open.
19 - 13
7. The Select the files … window reappears. Click Next to continue.
8. The Select Carrier File window appears. You are prompted to select the
carrier file that you will use to hide data in.
19 - 14
9. Click the open folder image to the right of the field, as shown in the next
figure. Select a jpg file from your system and click Open. You can
search you hard drive for sample jpg files that are included with the install.
10. The file Blue Hills.jpg is selected as the carrier file. You are given the
option to wipe the original carrier after the encryption and hide process
finishes. Do NOT select this option.
19 - 15
11. If you don't know where a good carrier file is located, click Search for
Carrier. Invisible Secrets provides you with an interface to search for a
carrier by file type. After you have selected a file, you can view it by
clicking View Carrier, and if you decide to use it, just click Use Carrier.
12. Click Close in the Search Carrier window and then click Next in the
Select Carrier File window.
The next window prompts you for the password and the algorithm to use
when encrypting the file. The algorithms that are natively supported
include:
• AES
• Twofish
• RC4
• CAST
• GOST
• Diamond 2
• Sapphire II
• Blowfish
19 - 16
13. The Encryption Settings window appears. If you want to hide a file but
do not want to assign a password to the file, you can check the box Skip
encryption/hide only at this time. Enter and confirm the password that
you want to use for the newly created file. When you are done click Next.
Note: The demo version of Invisible Secrets limits you to five symbols
due to U.S. export restrictions.
14. The Select Target File window appears. Enter the name that you want to
use for this new file. To do this, click the open folder button located to the
right of the field.
19 - 17
15. The Select Target Carrier window appears. Enter test.jpg as the name
of the target carrier, save it to C:\ and click Save.
16. The Select Target File window reappears. After reviewing the location
and filename of your target file, click Hide.
17. The Encrypting / Hiding window appears. The file is now encrypted
while the Secret_Data.txt file is hidden within your new target carrier.
When this process is done, click Next.
19 - 18
19 - 19
Performing Actions on the Newly Created File
Invisible Secrets allow you to perform a number of steps on the newly created file,
including sending it via e-mail and FTP. Follow these steps to perform actions on the
newly created file:
1. The Carrier Transfer Wizard window appears. Click Exit to close

Invisible Secrets. You can examine the newly created file in C:\.
19 - 20
2. When you are ready to reveal the information contained within c:\test.jpg,
start Invisible Secrets. After clicking on the Try button and Next, the
Select Action window appears. Select the Unhide and Decrypt file(s)
from a carrier file radio button and click Next.
3. The Select Carrier File window appears. To choose the carrier file, click
the open folder button to the right of the field.
19 - 21
4. Select c:\test.jpg and click Open.
5. The Select Carrier File window reappears. Click Next.
6. You are prompted for the password that you entered during the
encrypt/hide phase. Remember that it will only be a five-character
password due to the demo restrictions.
19 - 22
7. The Carrier Access/Decryption Settings window appears. Enter the
passphrase you selected and click Next.
8. The Unhide/Decrypt Data window appears. Shown in this window is

your original text file. Click Next to extract the file.
Note: The default location to decrypt files is the C:\Program Files

subdirectory. If the data contained within the file is in fact sensitive, you
might want to change the location to a more suitable place, such as an
encrypted volume.
19 - 23
9. The Unhiding / Decrypting window appears. After the process is
finished, you can explore the data by clicking the Explore Extracted
Data button, as shown in the next figure.
10. Invisible Secrets starts Windows Explorer and starts at the location that
you selected.
19 - 24
11. Invisible Secrets also adds a right-click option in Windows Explorer to
hide and encrypt files. Simply right-click a file that you want to hide or
encrypt, and select Invisible Secrets and then the option you want to
perform. If you select Hide, the Invisible Secrets Wizard automatically
starts at the prompt for the carrier file.
Invisible Secrets 2002 Exercise
1. Is Invisible Secrets free?

2. Can you add new carrier file types and
algorithms?
3. Is there a way to recover a file that
has been shredded?
4. Can I secure access to the Invisible
Secrets application?
1. Is Invisible Secrets free?

2. Can you add new carrier file types and algorithms?
3. Is there a way to recover a file that has been shredded?
4. Can I secure access to the Invisible Secrets application?
19 - 25
Invisible Secrets 2002 Exercise
Solutions
1. No, the included program is a demo version. You must pay

to have access to all of the available features.
2. Yes.
3. No. Unless you choose to lower the default overwrite
settings and have money to send your hard drive to a
company that specializes in recovering data. Even then
your chances may be slim.
4. Yes, you can assign a password that must be entered
before Invisible Secrets will start.
1. No, the included program is a demo version. You must pay to access all of
the available features.
2. Yes. You can add new carrier file types and algorithms.
3. No, unless you choose to lower the default overwrite settings and spend
money to send your hard drive to a company that specializes in recovering
data. Even then, your chances may be slim.
4. Yes, you can assign a password that must be entered before Invisible
Secrets will start.
Summary
As corporate policies and methods become more stringent, employees may turn to
steganographic tools hide the presence of restricted information. Invisible Secrets
provides a powerful method for securely transferring data between parties. As these tools
come into use, steganalysis, or the art of discovering the use of steganography, will be
more important.
19 - 26
Xsteg/Stegdetect
Xsteg/Stegdetect is a tool
used to determine if there is
information hidden in a
particular file
Xsteg
You have learned how to hide a file within another file. You may need to know how to
detect when a file has been altered with a steganograhic tool. Steg Detect is a tool
designed for this purpose.
Xsteg/Stegdetect Details
• Name: Xsteg/Stegdetect
• License: Freeware
• Category: File alteration detection
• Description: XSteg is a GUI front-end for a
steganography detection tool called
Stegdetect
20 - 1
• Installing Xsteg
• Running Xsteg
Xsteg Background
• Xsteg was created as a GUI front-end
for the command line application
stegdetect
• Used to determine whether
steganographic techniques were used
on a file via multiple means
• It is a freeware tool used to attempt to
counter Stego techniques, but still
requires manual scanning of each file
Xsteg’s Purpose
• Determines if there is hidden

information inside of a file through the
use of Stegonagraphic techniques
20 - 2
Xsteg Architecture
• Xsteg is a GUI front-end for Stegdetect
• Stegdetect has the capability to
determine if there is hidden information
inside of a file
• Stegdetect also can launch a dictionary
attack against the hidden information in
an attempt to crack the cryptography
used to protect it
Xsteg is a graphical front-end for Stegdetect. The command-line version of Stegdetect is

also included on the CD-ROM. Stegdetect tests a file to determine if it has been altered
by any of the following steganographic tools:
• Jsteg
• Outguess
• Jphide
• Invisible Secrets
Installation
• Neither Stegdetect or Xsteg require
installation
20 - 3
Running Xsteg/Stegdetect
• To run stegdetect open a command

prompt, traverse to the directory
containing the executable, and type
stegdetect.exe
• To run xsteg browse to the folder
containing the executable and type
xsteg.exe
Installing and Running Xsteg

This section explains how to install and run Xsteg.
Installing Xsteg
The only step that is required for installing Xsteg is to extract the contents of the zip
archive to the appropriate folder. Extract the file stegdetect-0.4.zip folder to
C:\stegdetect\.
Running Xsteg
Xsteg is the graphical interface to StegDetect. To run it, follow these steps:
1. First you will need to open a command prompt. Click Start, Run. Type
cmd and click OK.
20 - 4
2. A command prompt appears, as shown in the following screen.
3. Next, change the directory to the location from which the archive was
extracted by issuing the command cd c:\stegdetect.
20 - 5
4. To start Xsteg, simply type xsteg at the command prompt and press Enter.
The Xsteg window appears. The easy-to-use interface just needs to know
which tools to look for, as well as the sensitivity level to use. Adjusting
the sensitivity will help identify files that have been altered, but it may
also result in false positives.
20 - 6
5. Select File, Open.
6. You can now select a file or directory that you want to search for files that
have been subjected to steganographic changes. Select C:\test.jpg which
is the file you create in the Invisible Secrets exercise and click OK. If you
do not have this file just scan the C:\ drive.
20 - 7
As shown in the previous screen, Xsteg detected that the file test.jpg has
been altered using Invisible Secrets. The message window details the
options that were used during the test.
Xsteg/Stegdetect Exercise
1. Can Stegdetect retrieve hidden information?

2. Name 3 steganographic tools that
Stegdetect can detect.
3. Can stegdetect be used to hide information?
4. What file types can stegdetect work on?
1. Can Stegdetect retrieve hidden information

2. Name 3 Steganographic tools Stegdetect can detect
3. Can Stegdetect be used to hide information?
4. What file types can Stegdetect work on?
20 - 8
Xsteg/Stegdetect Exercise
Solutions
1. Yes, Stegdetect retrieves hidden

information.
2. jsteg, jphide, Invisible Secrets, F5, and
Outguess
3. No, Stegdetect cannot be used to hide
information.
4. Jpeg files.
1. Yes, Stegdetect retrieves hidden information.

2. jsteg, jphide, Invisible Secrets, F5, and Outguess are tools Stegdetect can
detect.
3. No, Stegdetect cannot be used to hide information.
4. Jpeg files.
Summary
As new options and capabilities are added to Stegdetect, it will become more and more
efficient at detecting the use of steganographic tools.
20 - 9

Cookbook 1.7.4

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Cookbook 1.7.4

Transféré par

Droits d'auteur :

Formats disponibles

PGP

PGP is a tool that can you can

Security Essentials Cookbook © 2003 SANS 16-1

Security Essentials Cookbook © 2003 SANS 16-2

Security Essentials Cookbook © 2003 SANS 16-3

Security Essentials Cookbook © 2003 SANS 16-4

Security Essentials Cookbook © 2003 SANS 16-5

PGP Architecture (2)

Security Essentials Cookbook © 2003 SANS 16-6

Security Essentials Cookbook © 2003 SANS 16-7

2. The Welcome window appears. Click Next.

4. The Read Me window appears. Click Next.

7. The Select Components window appears. Accept the default PGP

9. The Setup Status window appears. Continue on to the next step.

Running and Using PGP

Note: I discuss PGPDisk later in this section.

1. The PGP Key Generation Wizard – Welcome window appears. Click

5. The Completing the PGP Key Generation Wizard window appears.

PGP Tray Components

4. The PGPshell – Enter Passphrase window appears. Enter your passphrase

10. The PGPshell – Enter Passphrase window appears. Enter your

• PGP provides and easy-to-use GUI

Security Essentials Cookbook © 2003 SANS 16-9

Security Essentials Cookbook © 2003 SANS 17-2

ConfigMaker runs on everything by Microsoft from Windows 98 through Windows XP.

• Setting up a basic network consisting of a firewall, router, DMZ, and trusted

Security Essentials Cookbook © 2003 SANS 17-3

Security Essentials Cookbook © 2003 SANS 17-4

3. The Select Components window appears. Accept the default components

• To run Cisco ConfigMaker simply

Security Essentials Cookbook © 2003 SANS 17-5

5b. The HDLC Wizard – Setup window appears. Click Next.

5f. The HDLC Wizard – Cisco1720 – Choose CSU/DSU Values window

6d. The Ethernet Wizard - Setup window appears. Click Next.

6f. The Ethernet Wizard – Cisco1720 – Specify IP Address window

7e. The Ethernet Wizard – DNS Server – Specify IP Address window

8d. The Ethernet Wizard – Cisco1720 - Interface window appears. Leave

8f. The Ethernet Wizard – Finish window appears. Click Finish.

9d. The Ethernet Wizard – HOST – Specify IP Address window appears.

10d. The Firewall Wizard – Policy window appears. Click Next.

10f. The Firewall Policy – Cisco 1548_1 accessing Cisco1548 window

10j. The Firewall Policy – HOST accessing Cisco1548 window appears.

10t. The Firewall Wizard – Cisco1548_1 – Access Policy window appears.

10v. The Firewall Wizard – HOST_1 – Access Policy window appears. As

10x. The Firewall Wizard – Internet – Access Policy window appears. We

Security Essentials Cookbook © 2003 SANS 17-6

1. Can ConfigMaker be used to manage Nortel switches

Following are the answers to the questions:

S-Tools is a steganographic tool

Security Essentials Cookbook © 2003 SANS 18-1

Security Essentials Cookbook © 2003 SANS 18-2

• S-Tools version 4 is now a drag-and-

Security Essentials Cookbook © 2003 SANS 18-3

Security Essentials Cookbook © 2003 SANS 18-4

• S-Tools is a GUI based application

Security Essentials Cookbook © 2003 SANS 18-5

• Like many Steganographic tools,

Security Essentials Cookbook © 2003 SANS 18-6

• To run S-Tools, simply double-click the

Security Essentials Cookbook © 2003 SANS 18-7

4. S-Tools natively supports a number of encryption algorithms, including

10. Save the file as Hidden.bmp.

Viewing the properties of these two files, as shown in the following

Following is the hidden file's properties: