[ISN] Cleaning Up After Mass Password Changes -- December 14, 2005
InfoSec News
isn at c4i.org
Sun Dec 18 15:42:12 EST 2005
====================
This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which
you might be interested. Please take a moment to visit these
advertisers' Web sites and show your support for Security UPDATE.
St. Bernard Software
http://list.windowsitpro.com/t?ctl=1BECD:4FB69
Panda Software
http://list.windowsitpro.com/t?ctl=1BED0:4FB69
====================
1. In Focus: Cleaning Up After Mass Password Changes
2. Security News and Features
- Recent Security Vulnerabilities
- Windows Server 2003 R2 Ready to Go
- Two Microsoft Security Bulletins Released in December
- Easy 802.11g Security
3. Security Toolkit
- Security Matters Blog
- FAQ
- Security Forum Featured Thread
4. New and Improved
- Security Appliance Line Gets Software Upgrade, New Models
====================
==== Sponsor: St. Bernard Software ====
Filtering the Spectrum of Internet Threats: Defending Against
Inappropriate Content, Spyware, IM, and P2P at the Perimeter
Because of the proliferation of Web-based threats, you can no longer
rely on basic firewalls as your sole network protection. Attackers
continue to evolve clever methods for reaching victims, such as sending
crafty Web links through Instant Messaging (IM) clients or email, or by
simply linking to other Web sites that your employees might surf. This
free white paper examines the threats of allowing unwanted or offensive
content into your network and describes the technologies and
methodologies to combat these types of threats. Get your free copy now!
http://list.windowsitpro.com/t?ctl=1BECD:4FB69
====================
==== 1. In Focus: Cleaning Up After Mass Password Changes ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Last week, I mentioned ways to change passwords en masse. Hobbit
(creator of the hugely popular netcat tool) wrote to remind me that I
didn't mention the fact that storing plaintext passwords in scripts
carries considerable risk. Obviously, the passwords might be
recoverable by an intruder.
After you've performed mass password changes, don't leave password
strings lying around in plaintext. You might use strong encryption to
encrypt the data, or better yet, you might remove the passwords from
your system completely. To do that, delete any password strings in your
scripts or delete the scripts completely. Then securely erase your disk
space to ensure that the passwords can't be recovered by intruders.
To wipe a disk clean, you need to overwrite all sectors on a drive in
some fashion. Some disk-wiping tools can overwrite sectors numerous
times to better ensure that the magnetic flux (which is the means by
which data is recorded) is dramatically changed so that little if any
flux remains to be used toward data recovery. You can use Stellar
Information Systems' Stellar Wipe Safe Data Eraser, Heidi Computers'
Eraser, or any number of other tools designed to destroy disk-based
data. If you use Sunbelt Software's CounterSpy antispyware tool, you
might know that it has a built-in file eraser utility that you could
use.
http://list.windowsitpro.com/t?ctl=1BEE4:4FB69
http://list.windowsitpro.com/t?ctl=1BEE8:4FB69
http://list.windowsitpro.com/t?ctl=1BEE2:4FB69
If you're interested in some facts and theory about how someone might
recover data from your disks and how disk-erasing technology can help
prevent that from happening, read "Secure Deletion of Data from
Magnetic and Solid-State Memory" by Peter Gutmann at
http://list.windowsitpro.com/t?ctl=1BED3:4FB69
Instead of creating and running your scripts from a hard disk, you
could run your script from a floppy disk drive and then burn the floppy
disk when you're done. I can't think of a more secure method than this.
But many systems these days don't even have floppy disk drives.
A long time ago, I used RAM disks to help some programs run much
faster. A RAM disk would be great for helping to secure your passwords
in scripts that are used to perform mass password changes. You can
create a RAM disk, use it to develop and run your scripts, and when
you're finished, repeatedly erase the RAM disk. Then uninstall the RAM
disk drivers, shut down the system, power it off (which destroys
anything in RAM), and reboot the computer. There's still a slim chance
that someone might be able to recover passwords written to RAM, but it
would be incredibly difficult, because the RAM space used by the RAM
disk will be overwritten repeatedly by the OS and your applications.
Using a RAM disk is probably much safer than relying on a tool to erase
hard disk space.
When establishing a RAM disk, be sure that you immediately set
permissions on the new disk drive to prevent unwanted access. You can
find numerous RAM disk drivers for Windows 2000 and Windows XP (some of
which are free) by using your favorite search engine. Use a search
string similar to
RAMdisk +"Windows XP" +"Windows 2000"
If you don't want to trust somebody else's RAM disk code, download
Microsoft's RAM disk source code, review it carefully to make sure you
trust it, then compile it yourself. Keep in mind that Microsoft's
sample RAM disk code works only on Windows 2000. The Microsoft article
"FILE: Ramdisk.sys sample driver for Windows 2000" cautions that if you
use the code on Windows XP, it could render the System Restore features
useless.
http://list.windowsitpro.com/t?ctl=1BEE5:4FB69
Finally, you might use a thumb drive, which can essentially act like a
RAM disk. Or you could use an MP3 player or digital camera as an
additional disk drive on your system, then detach it when you're
finished using it. As with hard disks and RAM disks, be absolutely
certain that you delete any sensitive information the drive contains,
then erase the unused space repeatedly.
====================
==== Sponsor: Panda Software ====
Provide Secure Remote Access
It may be tempting to deploy a WiFi wireless access point or offer
PDAs or laptops to your roaming employees so they can work from
virtually anywhere. In this free white paper you'll get the important
security implications you should consider before you do so.
http://list.windowsitpro.com/t?ctl=1BED0:4FB69
====================
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=1BED6:4FB69
Windows Server 2003 R2 Ready to Go
Microsoft released Windows Server 2003 Release 2 (R2) to
manufacturing. The updated version of the OS brings new features and
functionality. A key security focus area for Microsoft is identity
management, which is based on the capabilities of Active Directory
(AD). R2 also brings improvements to virtual machine (VM) technology,
branch office management, and storage management (first URL below). For
a more-in-depth look at R2, see "R2 Moves Windows Server 2003 Forward"
(second URL below).
http://list.windowsitpro.com/t?ctl=1BEDF:4FB69
http://list.windowsitpro.com/t?ctl=1BEE0:4FB69
Two Microsoft Security Bulletins Released in December
Microsoft released two security patches yesterday: one rated
critical and the other, important. Microsoft also released five high-
priority nonsecurity updates. As usual, the company also released an
updated version of its Malicious Software Removal Tool (MSRT). For
Randy Franklin Smith's analysis of the security bulletins, go to
http://list.windowsitpro.com/t?ctl=1BEDB:4FB69
Easy 802.11g Security
Many inexpensive wireless APs emphasize ease of setup at the expense
of security. Jeff Fellinge helps you secure your wireless network in
this article on our Web site.
http://list.windowsitpro.com/t?ctl=1BEDE:4FB69
====================
==== Resources and Events ====
SQL Server 2005: Up & Running Roadshows Coming to Europe!
SQL Server experts will present real-world information about
administration, development, and business intelligence to help you put
SQL Server 2005 into practice and learn how to use its new
capabilities. Includes one-year PASS membership and subscription to SQL
Server Magazine. Register now for London, UK, and Stockholm, Sweden, at
http://list.windowsitpro.com/t?ctl=1BED2:4FB69
Upgrade to Analysis Services 2005
Get the tips and tricks you'll need to upgrade to Analysis Services
2005, including possible upgrade and migration scenarios, preplanning
steps, and tips on running the new Analysis Services migration wizard.
Plus, you'll discover what steps are required after the migration
process is complete and explore some of the new features of Analysis
Services 2005.
http://list.windowsitpro.com/t?ctl=1BECF:4FB69
Are You Really Prepared for Disaster Recovery?
Join industry guru Liam Colvin in this free Web seminar and get the
tips you need to validate your disaster recovery data. You'll learn if
your backup and restore data is worth staking your career on, what type
of geo-clustering is right for you, which response to use in crisis
situations, and more!
http://list.windowsitpro.com/t?ctl=1BECE:4FB69
Scripting and code don't have to be boring. Subscribe today to
Scripting Central and get a down-and-dirty technical yet lighthearted
look at scripts. You'll also get tools and tips for writing scripts for
a variety of Windows applications, such as Exchange and SQL Server.
Sign up today!
http://list.windowsitpro.com/t?ctl=1BEE7:4FB69
Do You Know What "High Availability" Really Means?
Learn what high availability really means and the different
strategies that you can use to improve your email systems' availability
and resiliency. Download this FREE guide now and get prepared to choose
the appropriate solutions to protect your messaging data at the lowest
cost and with the highest reliability.
http://list.windowsitpro.com/t?ctl=1BED5:4FB69
Black Hat Federal Briefings and Trainings
January 23-26, 2006, Sheraton Crystal City, Washington, DC. This new
show--with 4 Briefings tracks and 11 Training classes--focuses on the
problems and issues that governments face in protecting their
infrastructure. Content will be oriented toward attack and defense,
rootkit detection to IDS evasion. Stellar speakers include Michael
Lynn, Simson Garfinkel, Halvar Flake, and Dan Kaminsky. Visit
http://list.windowsitpro.com/t?ctl=1BEE9:4FB69 for complete updates.
====================
==== Featured White Paper ====
Ensure Data Protection and High Availability for Microsoft Exchange
Having a mission-critical, data protection solution that is cost
effective, hardware independent, and scalable is something every IT
manager should consider. In this free white paper, get all you need to
know about ensuring data protection and high availability for Exchange.
This is one paper you can't afford to miss! Get your copy today at
http://list.windowsitpro.com/t?ctl=1BED4:4FB69
====================
==== Hot Spot ====
Protect and Manage Instant Messaging
85% of businesses use IM for business or personal use to improve
communication and reduce email usage. In this free white paper learn
how to protect your company and implement a managed IM security
solution!
http://list.windowsitpro.com/t?ctl=1BED1:4FB69
====================
==== 3. Security Toolkit ====
Security Matters Blog: Cisco Developers Might Be Up Late This Holiday
Season
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=1BEE3:4FB69
Mike Lynn encountered difficulty early this year in his attempts to
discuss a flaw in Cisco hardware at the Black Hat conference in Las
Vegas. He apparently knows of 15 more flaws in Cisco hardware. But the
story gets even worse. Read about it in this blog article on our Web
site.
http://list.windowsitpro.com/t?ctl=1BEDC:4FB69
FAQ
by John Savill, http://list.windowsitpro.com/t?ctl=1BEE1:4FB69
Q: How do I enable HTTP Secure (HTTPS) traffic on my Microsoft IIS 6.0
Web server site by using my local forest Certificate Authority (CA)?
Find the answer at http://list.windowsitpro.com/t?ctl=1BEDD:4FB69
Security Forum Featured Thread: Host-based Firewalls for Windows Server
2003
A forum participant wonders if someone can suggest a very powerful
and easy to manage (locally and remotely) host-based firewall solution
that runs on Windows Server 2003 and includes robust reporting and
alerting features. Join the discussion at
http://list.windowsitpro.com/t?ctl=1BECC:4FB69
====================
==== Announcements ====
(from Windows IT Pro and its partners)
The Windows IT Pro Master CD has it all.
Get the Windows IT Pro Master CD and get portable, high-speed access
to the entire Windows IT Pro article database on CD--that's a library
of more than 9000 articles! The newest issue includes BONUS Windows IT
Tips; sign up now, and you'll SAVE 25%. Offer ends 12/31/05, so take
advantage of this holiday offer now.
http://list.windowsitpro.com/t?ctl=1BED7:4FB69
Exchange & Outlook Administrator Newsletter--Holiday Special
Need answers to your tough Exchange questions? Subscribe to the
Exchange & Outlook Administrator newsletter and SAVE up to $30 off the
regular price. Each issue features tools and solutions you won't find
anywhere else to help you migrate, optimize, administer, back up,
recover, and secure Exchange and Outlook. Paid subscribers also get
searchable access to the full online Exchange article database (more
than 1000 articles). Order now:
http://list.windowsitpro.com/t?ctl=1BED9:4FB69
====================
==== 4. New and Improved ====
by Renee Munshi, products at windowsitpro.com
Security Appliance Line Gets Software Upgrade, New Models
Network Engines is shipping version 3.0 software for all its NS
Series Security Appliances, including two new models: NS6250 and
NS8400. The new features in 3.0 deliver platform extensibility,
management integration into the Microsoft Operations Manager (MOM)
environment, and advanced protection for Web-based communications,
including Web content security for Microsoft Exchange, SharePoint
Portal server, and IIS. The NS Series is a family of multifunctional
security appliances based on Microsoft Internet Security and
Acceleration (ISA) Server 2004 and designed for small and midsized
businesses (SMBs) and remote offices. The new NS6250 is a lower cost
solution for smaller businesses or branch locations; the NS8400 is the
highest performance platform to date. List pricing for the NS Series
ranges from $3795 to $16,495.
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
whatshot at windowsitpro.com.
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and
solutions in the Windows IT Security print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rwinitsec at windowsitpro.com. If we print your submission, you'll
get $100. We edit submissions for style, grammar, and length.
====================
==== Contact Us ====
About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=1BEE6:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- salesopps at windowsitpro.com
====================
This email newsletter is brought to you by Windows IT Security,
the leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for
internal users. Subscribe today.
http://list.windowsitpro.com/t?ctl=1BEDA:4FB69
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2005, Penton Media, Inc. All rights reserved.
More information about the ISN
mailing list