Security for a day

The fun part of building labs is breaking them.

I have a fully functioning Windows 2003 Domain, running MOSS ’07, Exchange 2007, six XP machine running office and ForeFront.

Time to cause havoc on my own network

Quick backup of the lab – dump all the VM’s to external hard drive, just in case.

Now to start on the simple and safe tests -Randomly adding accounts with bad passwords (easy to guess) as normal users and in adminstrators group.

ForeFront Security Scans finds the changes on each machine and alerts – tick in that box!

Now for the virus and malware tests. Again wanting to stay on the safe side of testing I use the old trusty eicar file for checking. FCS picks it up and identifies it as a test signature. I’d be worried if Ms missed this one.

Now for something sneaky.  One of my SANS instructors, Mike Poor, suggested a tool that Intelguardians built to mimic spyware. Spycar is a test tool that has a bunch of funky malware-like features.

Threw this at FCS and not only did it block it, it recognized Spycar!

ForeFront generated all the alerts for the different tests in the MOM operator which it the thing that counts.