[ISN] Security UPDATE -- Wipe Old Hard Disks Clean Reprise -- April
20, 2005
InfoSec News
isn at c4i.org
Thu Apr 21 01:23:21 EDT 2005
====================
This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which
you might be interested. Please take a moment to visit these
advertisers' Web sites and show your support for Security UPDATE.
The Competitive Advantages of Multi-Platform Remote Control: A Pathway
to Increased Productivity
http://list.windowsitpro.com/t?ctl=7EED:4FB69
Is Your Office Truly Fax Integrated?
http://list.windowsitpro.com/t?ctl=7EF0:4FB69
====================
1. In Focus: Wipe Old Hard Disks Clean--Reprise
2. Security News and Features
- Recent Security Vulnerabilities
- SSL VPN Products
- IIS Application Isolation
- eEye Releases Free WiFi Scanner
3. Instant Poll
4. Security Toolkit
- Security Matters Blog
- FAQ
- Security Forum Featured Thread
5. New and Improved
- Manage Windows Firewall
====================
==== Sponsor: Netopia ====
The Competitive Advantages of Multi-Platform Remote Control: A Pathway
to Increased Productivity
The largest cost component associated with computers in the
workplace is "misdirected end user activities" - the amount of time
wasted by end users trying to fix a problem themselves or trying to
help a colleague fix a problem that is best handled by IT staff. In
this free white paper discover how to achieve a faster resolution of
IT-related problems, reduce end-user downtime, increase employee
productivity, and operate in a more efficient manner. Learn how your
company can intelligently manage their enterprise environment and
possess an inherent competitive advantage.
Discover how you can outperform the competition by controlling costs
and boosting productivity and download this free white paper now!
http://list.windowsitpro.com/t?ctl=7EED:4FB69
====================
==== 1. In Focus: Wipe Old Hard Disks Clean--Reprise ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
A year ago, I wrote in this space about tools that you can use to wipe
hard disks clean of all data. In that article, I mentioned four
software-based tools. This week I learned about two more tools and
about another type of product that can help when you need to erase a
disk.
The tools I mentioned in the previous article (first URL below) are
Autoclave (no longer supported), LSoft Technologies' Active at KillDisk
(second URL below), Stellar Information Systems' Stellar Wipe Safe Data
Eraser (third URL below), and Heidi Computers' Eraser (fourth URL
below).
http://list.windowsitpro.com/t?ctl=7EFF:4FB69
http://list.windowsitpro.com/t?ctl=7F0F:4FB69
http://list.windowsitpro.com/t?ctl=7F04:4FB69
http://list.windowsitpro.com/t?ctl=7F0E:4FB69
Because Autoclave, formerly provided by the University of Washington,
is no longer supported, the university now refers people to the open
source Darik's Boot and Nuke tool (DBAN). DBAN works from a bootable
floppy disk, can erase data in various modes (DoD short, random number
streams) and works with PCs and PowerPC platforms, including Apple
Macintosh. DBAN is also bundled with Heidi Computers' Eraser.
http://list.windowsitpro.com/t?ctl=7F0D:4FB69
If you have Windows XP, then maybe you know that it ships with a
command-line tool, cipher.exe, designed to manage encryption on entire
volumes as well as directories. One of the features of cipher.exe is
that it can wipe a disk to help prevent data recovery. The tool's /?
switch gives you a list of all the available command-line options. You
can use the last option, /W, to wipe an entire disk or a select
directory. There are, of course, other tools that can do the same job,
which you can probably find using your favorite search engine.
Wiping an entire disk clean (so that you can recycle or dispose of it,
donate it to charity, or return it under warranty) is sometimes quite a
problem, especially if the disk is in a system that can no longer boot.
You can of course try to use some sort of bootable CD-ROM and then run
a software-based tool to wipe the disk. You can also remove the disk
and put it into another system, boot that system, then wipe it clean.
Another method, which I think is very handy, is to use a custom
connector that lets you connect a disk to any system using a USB or
FireWire port. Such connectors are relatively inexpensive and have the
added advantage of letting you connect any ATA disk to a supported
system, including a laptop, which is also a great way to get a bunch of
extra disk space when you need it.
The Dan's Data Web site reviews at least four connectors I think you
might be interested in. One is an external drive box shell from
Sunnytek Information available for ATA and SATA configurations (review
at the first URL below). You can insert just about any regular ATA disk
you can think of inside the shell. Another is ComboDock by WiebeTech,
which is a small external connector box that connects to the back of an
ATA disk (review at the second URL below). Yet another is the USB 2.0
to IDE Cable, available from USBGEEK.COM (review at the third URL
below). And finally, there is the R-Driver II USB to IDE cable (review
at the fourth URL below), which I think is the best choice because it
lets you connect regular ATA drives and the mini-ATA drives that are
typically used in laptops and other portable computing devices.
http://list.windowsitpro.com/t?ctl=7F08:4FB69
http://list.windowsitpro.com/t?ctl=7F06:4FB69
http://list.windowsitpro.com/t?ctl=7F07:4FB69
http://list.windowsitpro.com/t?ctl=7F09:4FB69
One thing to keep in mind is that USB 2.0 (up to 480Mbps) is much
faster than USB 1.x (up to 12Mbps). And likewise, FireWire 1394b (up to
800Mbps) is twice as fast as FireWire 1394a (up to 400Mbps). If you
don't have USB 2.0 or FireWire 1394b in your system, you can buy an
inexpensive add-on card to significantly speed up read and write times.
Any of the ATA connectors I mentioned let you add a disk to a system in
just a few seconds. Not only can you use them to wipe data off disk,
but because they offer complete portability, you can also use them with
CD-ROM and DVD drives to create your own portable backup solutions.
If you're interested in these connectors, be sure to read the related
hardware reviews at Dan's Data.
====================
==== Sponsor: FaxBack ====
Is Your Office Truly Fax Integrated?
Discover how to make your business more productive with easier ways
for users to communicate and carry out mission-critical business
processes. Download this free white paper to learn how to integrate fax
with Microsoft Office and Exchange/Outlook applications. Get usage
examples of Office-to-Fax integration, learn the benefits, and how fax
works with Microsoft Office to deliver clear and substantial benefits
to users.
http://list.windowsitpro.com/t?ctl=7EF0:4FB69
====================
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=7EF6:4FB69
SSL VPN Products
Not having access to your company's network and applications when
you're on the road or working at home can seriously compromise your
ability to do your job. This Buyer's Guide looks at Secure Sockets
Layer (SSL) VPNs, a special type of remote access product that
complements the secure gateways and network-based VPN technology that
most companies already have.
http://list.windowsitpro.com/t?ctl=7EFC:4FB69
IIS Application Isolation
From time to time, you're probably called on to deploy a Web
application that traffics sensitive information. The deployment
includes installing the application on a hardened server in such a way
that no other Microsoft IIS applications can access the application
files. Learn how to isolate applications in Brett Hill's article on our
Web site.
http://list.windowsitpro.com/t?ctl=7EFD:4FB69
eEye Releases Free WiFi Scanner
eEye Digital Security announced the release of its free Retina WiFi
Scanner, which is designed to help detect active wireless devices,
including those that might already be connected to a company's wireless
network.
http://list.windowsitpro.com/t?ctl=7EFA:4FB69
====================
==== Resources and Events ====
Microsoft Tech Ed 2005 Europe, 5 - 8 July, Amsterdam, The Netherlands
Build you own 4 day agenda from 12 targeted tracks offering over 400
technical sessions, Hands-On Labs, Chalk-&-Talks, Panel Discussions and
more. At Microsoft's flagship European technical education conference
for Developers and IT Professionals engage with outstanding speakers,
network with your European peers, evaluate current and soon-to-be-
launched technologies and share the inspiration! Save 300 euros!
Register before our 20th May Early Bird deadline at
http://list.windowsitpro.com/t?ctl=7F05:4FB69
Are You Experiencing Increased Frustration with Your Current Antispam
Solution?
With new and more dangerous email threats, in-house software,
appliances, and even some services may no longer work effectively. They
require too much IT staff time to update and maintain or to satisfy the
needs of different users. In this free Web seminar, learn firsthand
from your colleagues and peers about their search for a better
solution. Register today!
http://list.windowsitpro.com/t?ctl=7EEF:4FB69
Get The Valuable Resources You Need To Secure Your IT Environment.
Stay on top of new security threats, address those security threats,
ensure trustworthy computing in your environment, and more! Download an
eBook or white paper before June 30th and you'll be entered for a
chance to win an Xbox!
http://list.windowsitpro.com/t?ctl=7EEA:4FB69
Developing, Deploying and Managing SQL Server Integration Services
(SSIS)
In this free Web seminar, find out the role SSIS plays in
Microsoft's BI strategy and learn about the important new SSIS
features. You'll get a guided tour illustrating how to develop SSIS
packages using the new SSIS Designer and learn how to customize those
packages to run on different systems. Sign up today!
http://list.windowsitpro.com/t?ctl=7EE9:4FB69
Improve Fax Messaging and Application Integration
View this on-demand Web seminar and receive a complimentary 30-day
software evaluation and industry white paper! Join industry expert
David Chernicoff and learn how leading organizations are incorporating
fax technologies to empower users and enhance existing investments in
infrastructure and applications while providing substantial ROI.
Register now!
http://list.windowsitpro.com/t?ctl=7EF2:4FB69
Get Ready for SQL Server 2005 Roadshow in a City Near You
Get the facts about migrating to SQL Server 2005. SQL Server experts
will present real-world information about administration, development,
and business intelligence to help you implement a best-practices
migration to SQL Server 2005 and improve your database computing
environment. Attend and receive a 1-year membership to PASS and 1-year
subscription to SQL Server Magazine. Register now!
http://list.windowsitpro.com/t?ctl=7EF1:4FB69
====================
==== Featured White Paper ====
Converting a Microsoft Access Application to Oracle HTML DB
Get the most efficient, scaleable, and secure approach to managing
information using an Oracle Database with a Web application as the user
interface. In this free white paper learn how you can use an Oracle
HTML Database to convert a Microsoft Access application into a Web
application that can be used by multiple users concurrently. Download
this free white paper now!
http://list.windowsitpro.com/t?ctl=7EEE:4FB69
====================
==== Hot Release ====
Best Practices for Establishing and Enforcing a Security Policy in Your
Business
With all the viruses, Trojans, spyware, malware, and malicious
attacks out there, is your company as prepared as it can be to fend off
these threats? This white paper will provide you with detailed
information for establishing and enforcing a security policy so that
you have a safety net to fall back on and can ensure that you're making
the right decisions at a demanding time. Download this free white paper
now!
http://list.windowsitpro.com/t?ctl=7EEC:4FB69
====================
==== 3. Instant Poll ====
Results of Previous Poll: Do you consider IIS 6.0 to be a secure
platform?
The voting has closed in this Windows IT Pro Security Hot Topic
nonscientific Instant Poll. Here are the results from the 52 votes:
52% Yes
48% No
New Instant Poll: Do you map the data you collect during wireless-
network audits by using tools such as StumbVerter and MapPoint?
Go to the Security Hot Topic and submit your vote for
- Yes
- I haven't been, but I plan to
- No, and I don't plan to
http://list.windowsitpro.com/t?ctl=7F00:4FB69
==== 4. Security Toolkit ====
Security Matters Blog
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=7F03:4FB69
Honeynet Project Challenge: Scan 34
The Honeynet Project's latest Scan of the Month challenge is online
now and invites you to analyze data collected from an Apache server, a
Linux system, an iptables firewall, and a Snort IDS system. If you plan
to participate, your forensic analysis is due by May 9.
http://list.windowsitpro.com/t?ctl=7EFE:4FB69
FAQ
by John Savill, http://list.windowsitpro.com/t?ctl=7F01:4FB69
Q: What's new in Windows Server 2003 Service Pack 1 (SP1)?
Find the answer at http://list.windowsitpro.com/t?ctl=7EFB:4FB69
Security Forum Featured Thread: Pushing Software to Client PCs
A forum participant wants to know how to install software on PCs on
which the users don't have administrator rights. He needs to push out
client software to a few hundred users. He's considering using a
Windows Management Instrumentation (WMI) script to set up a scheduled
task running as a local admin on each PC. This task would map the drive
and run the silent install. He wonders if that would work or whether
there's another option that he should know about. Join the discussion
at
http://list.windowsitpro.com/t?ctl=7EF3:4FB69
====================
==== Announcements ====
(from Windows IT Pro and its partners)
Check Out the New Windows IT Security Newsletter!
Security Administrator is now Windows IT Security. We've expanded
our content to include even more fundamentals on building and
maintaining a secure enterprise. Each issue also features product
coverage of the best security tools available and expert advice on the
best way to implement various security components. Plus, paid
subscribers get online access to our entire security article database!
Click here to try a sample issue today:
http://list.windowsitpro.com/t?ctl=7EF9:4FB69
Windows IT Security Monthly Pass = Quick Answers!
Sign up today for your Windows IT Security Monthly Pass and get 24/7
online access to every article on the Windows IT Security Web site,
including exclusive subscriber-only content. That's a database of more
than 1900 security articles to help you get all the answers you need,
when you need them! Sign up now:
http://list.windowsitpro.com/t?ctl=7EF4:4FB69
====================
==== 5. New and Improved ====
by Renee Munshi, products at windowsitpro.com
Manage Windows Firewall
Gravity Storm Software announced the release of Service Pack Manager
(SPM) 7.0, which now includes functionality to manage Windows Firewall
on networked Windows XP and Windows Server 2003 machines. SPM 7.0 lets
you detect all the machines on the network running Windows Firewall,
determine which machines are in compliance with your user-defined
Windows Firewall policy, and easily distribute your policy. Compliance
checks are performed at the level of allowed/blocked ports. Service
Pack Manager doesn't require use of Active Directory (AD), Group
Policies, or scripting. For more information or to download a free
evaluation copy, go to
http://list.windowsitpro.com/t?ctl=7F0B:4FB69
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
whatshot at windowsitpro.com.
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and
solutions in the Windows IT Security print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rwinitsec at windowsitpro.com. If we print your submission, you'll
get $100. We edit submissions for style, grammar, and length.
====================
==== Sponsored Links ====
Quest Software
Heading to Exchange from Notes or GroupWise? Get Expert Help!
http://list.windowsitpro.com/t?ctl=7F10:4FB69
Argent versus MOM 2005
Experts Pick the Best Windows Monitoring Solution
http://list.windowsitpro.com/t?ctl=7F11:4FB69
High Availability for Windows Services
Learn of core issues surrounding Windows high availability -
Download this white paper now!
http://list.windowsitpro.com/t?ctl=7EEB:4FB69
====================
==== Contact Us ====
About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=7F0A:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com
====================
This email newsletter is brought to you by Windows IT Security,
the leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for
internal users. Subscribe today.
http://list.windowsitpro.com/t?ctl=7EF8:4FB69
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2005, Penton Media, Inc. All rights reserved.
More information about the ISN
mailing list