Security Awareness Lab

ENC-109

Experiment 1-1 Examine Data Breaches—Textual

Introduction
The Privacy Rights Clearinghouse (PRC) is a nonprofit organization whose goals are
to raise consumers’ awareness of how technology affects personal privacy and
empower consumers to take action to control their personal information. The PRC
maintains a searchable database of security breaches that impact consumer’s privacy.
Objective:
To gather information from the PRC website

Steps:
1. Open a web browser and enter the URL
www.privacyrights.org/data-breach
(if you are no longer able to access the site through the web address, use
a search engine to search for “Privacy Rights Clearinghouse data
breach”).
2. First spend time reading about the PRC. Click About Us in the
toolbar.
3. Scroll down to the content under Mission and Goals and also under
Services. Spend a few minutes reading about the PRC.
4. Click your browser’s Back button to return to the previous page.
5. On the Chronology of Data Breaches page scroll down and observe
the different breaches listed in chronological order.
6. Now create a customized list of the data that will only list data reaches
of educational institutions. Scroll back to the top of the page.
7. Under Select organization type(s), uncheck all organizations except
EDU – Educational Institutions.
8. Click GO!.
9. Scroll down to Breach Subtotal if necessary. How many breaches
that were made public pertain to educational institutions?
10. Scroll down and observe the breaches for educational institutions.
11. Scroll back to the top of the page. Click New Search, located beneath
the GO! button.
12. Now search for breaches that were a result of lost, discarded, or
stolen equipment that belonged to the government and military. Under
Choose the type of breaches to display, uncheck all types except
Portable device (PORT) - Lost, discarded or stolen laptop, PDA,
smartphone, portable memory device, CD, hard drive, data tape, etc.
13.Under Select organization type(s), uncheck all organizations except
GOV – Government and Military.
1
 14.Click GO!.
15.Scroll down to Breach Subtotal, if necessary. How many breaches that
were made public pertain to this type?
16.Scroll down and observe the breaches for governmental institutions.
17.Scroll back to the top of the page.
18. Now create a search based on criteria that you are interested in, such
as the Payment Card Fraud against Retail/Merchants during the
current year.
19. When finished, close all windows.

Experiment 1-2 Examine Data Breaches—Visual

Introduction
The Privacy Rights Clearinghouse (PRC) is a nonprofit organization whose goals are
to raise consumers’ awareness of how technology affects personal privacy and
empower consumers to take action to control their personal information. The PRC
maintains a searchable database of security breaches that impact consumer’s privacy.
Objective:
To view the biggest data breaches resulting in stolen information through a visual
format.

Steps:
1. Open your web browser and enter the URL
http://www.informationisbeautiful.net/visualizations/worlds-biggest-
data-breaches-hacks/
(if you are no longer able to access the site through this web address, use
a search engine to search for “Information Is Beautiful World’s Biggest
Data Breaches”).

2. Click Hide Filter to display a visual graphic of the data breaches, as

shown in the following Figure

2
3. Scroll down the page to view the data breaches. Note that the size of
the breach is indicated by the size of the bubble.
4. Scroll back up to the top and note that the color of the bubbles that
have an “Interesting Story.” Click one of the bubbles and read the
story.
5. Click Read a bit more.
6. Click Click to see the original report.
7. Read about the data breach. When finished close only this tab in your
browser.
8. Click Show Filter to display the filter menu.
9. Under “Organisation” click Retail.
10.Under “Method of Leak” click Hacked. How many bubbles appear?
11.Under “Organisation” click Government.
12.Under “Method of Leak” click Inside Job. How many bubbles appear?
13.Under “Organisation” click All.
14.Under “Method of Leak” click All.
15.At the top of the graphic click Method of Leak so that the bubbles
display how the leak occurred. Which type of leak is the most
common? Why do you think this is the case?
16. Does this visual convey a better story than the textual data in the
previous project?
17. Close all windows.

3
The student has to choose only one project to do at home and then
submit the results to the Instructor.

Project 1-1 Scan for Malware Using the Microsoft Safety

Scanner
In this project you will download and run the Microsoft Safety Scanner to determine if
there is any malware on the computer
Steps:
1. Determine which system type of Windows you are running. Click
Start, Control Panel, System and Security, and then System. Look
under System type for the description.
2. Open your web browser and enter the URL
www.microsoft.com/security/scanner/en-us/default.asp
(if you are no longer able to access the site through the URL, use a search
engine to search for “Microsoft Safety Scanner”).
3. Click Download Now.
4. Select either 32-bit or 64-bit, depending upon which system type of
Windows you are running. (refer to the results of step 1).
5. When the program finishes downloading, right-click Start and click
Open Windows Explorer.
6. Click the Downloads icon in the left pane.
7. Double-click the msert.exe file.
8. Click Run. If the User Account Control dialog box appears, click Yes.
9. Click the check box to accept the license terms for this software.
Click Next.
10. Click Next.
11. Select Quick scan if necessary.
12. Click Next.
13. Depending on your computer this scan may take several minutes.
Analyse the results of the scan to determine if there is any malicious
software found in your computer. (report the results).
14.If you have problems you can click View detailed results of the scan.
After reviewing the results, click OK. If you do not find any
problems, click Finish.
15. If any malicious software was found on your computer run the scan
again and select Full scan. After the scan is complete, click Finish to
close the dialog box.
16. Close all windows.

4
The student has to choose only one project to do at home and then
submit the results to the Instructor.

Project 1-2 Write-Protecting a USB Flash Drive

In Malicious software is often spread from one computer to another by infected USB
flash drives. This can be controlled by write-protecting the drive so that no alware
can be copied to it. In this project, you will download and install a software -based
USB write blocker to prevent data from being written to a USB device. You will
need a USB flash drive for this project

Steps:
1. Open your web browser and enter the URL
www.irongeek.com/i.php?page=security/thumbscrew-software-usb-
write-blocker
(if you are no longer able to access the program through the URL, use
a search engine to search for “Irongeek Thumbscrew”).
2. Click Download Thumbscrew. Do not click on any other link or
download any thing else.
3. If the File Download dialog box appears, click Save and follow the
instructions to save this file in a location such as your desktop or a
folder you preferred. Sometimes, it is automatically being download
into Downloads folder.
4. When the file finishes downloading, extract the files in a location
such as your desktop or a folder you preferred. Navigate to that
location and double-click thumbscrew.exe and follow the default
installation procedures.
5. After installation, notice that a new icon appears in the system tray in
the lower right corner of the screen.
6. Insert a USB flash drive into the computer.
7. Navigate to a document on the computer.
8. Right-click the document and then select Send to.
9. Click the appropriate Removable Disk icon of the USB flash drive to
copy the file to the flash drive.
10. Now make the USB flash drive write protected so it cannot be written
to. Click the icon in the system tray.
11. Click Make USB Read Only. Notice that a red circle now appears
over the icon to indicate that the flash drive is write protected.
12. Navigate to a document on the computer.
13. Right-click the document and then select Send to.
14. Click the appropriate Removable Disk icon of the USB flash drive to
copy the file to the flash drive. What happens? Report the result.

5
15. Click the icon in the system tray to change the permissions so that the
USB drive is no longer read only.
16. Close all windows.