[ISN] Cleaning Up After Mass Password Changes -- December 14, 2005

InfoSec News isn at c4i.org
Sun Dec 18 15:42:12 EST 2005


====================

This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which 
you might be interested. Please take a moment to visit these 
advertisers' Web sites and show your support for Security UPDATE. 

St. Bernard Software
   http://list.windowsitpro.com/t?ctl=1BECD:4FB69

Panda Software
   http://list.windowsitpro.com/t?ctl=1BED0:4FB69

====================

1. In Focus: Cleaning Up After Mass Password Changes

2. Security News and Features
   - Recent Security Vulnerabilities
   - Windows Server 2003 R2 Ready to Go
   - Two Microsoft Security Bulletins Released in December
   - Easy 802.11g Security

3. Security Toolkit
   - Security Matters Blog
   - FAQ
   - Security Forum Featured Thread

4. New and Improved
   - Security Appliance Line Gets Software Upgrade, New Models

====================

==== Sponsor: St. Bernard Software ====

Filtering the Spectrum of Internet Threats: Defending Against 
Inappropriate Content, Spyware, IM, and P2P at the Perimeter 
   Because of the proliferation of Web-based threats, you can no longer 
rely on basic firewalls as your sole network protection. Attackers 
continue to evolve clever methods for reaching victims, such as sending 
crafty Web links through Instant Messaging (IM) clients or email, or by 
simply linking to other Web sites that your employees might surf. This 
free white paper examines the threats of allowing unwanted or offensive 
content into your network and describes the technologies and 
methodologies to combat these types of threats. Get your free copy now!
   http://list.windowsitpro.com/t?ctl=1BECD:4FB69

====================

==== 1. In Focus: Cleaning Up After Mass Password Changes ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Last week, I mentioned ways to change passwords en masse. Hobbit 
(creator of the hugely popular netcat tool) wrote to remind me that I 
didn't mention the fact that storing plaintext passwords in scripts 
carries considerable risk. Obviously, the passwords might be 
recoverable by an intruder. 

After you've performed mass password changes, don't leave password 
strings lying around in plaintext. You might use strong encryption to 
encrypt the data, or better yet, you might remove the passwords from 
your system completely. To do that, delete any password strings in your 
scripts or delete the scripts completely. Then securely erase your disk 
space to ensure that the passwords can't be recovered by intruders. 

To wipe a disk clean, you need to overwrite all sectors on a drive in 
some fashion. Some disk-wiping tools can overwrite sectors numerous 
times to better ensure that the magnetic flux (which is the means by 
which data is recorded) is dramatically changed so that little if any 
flux remains to be used toward data recovery. You can use Stellar 
Information Systems' Stellar Wipe Safe Data Eraser, Heidi Computers' 
Eraser, or any number of other tools designed to destroy disk-based 
data. If you use Sunbelt Software's CounterSpy antispyware tool, you 
might know that it has a built-in file eraser utility that you could 
use. 
   http://list.windowsitpro.com/t?ctl=1BEE4:4FB69
   http://list.windowsitpro.com/t?ctl=1BEE8:4FB69 
   http://list.windowsitpro.com/t?ctl=1BEE2:4FB69

If you're interested in some facts and theory about how someone might 
recover data from your disks and how disk-erasing technology can help 
prevent that from happening, read "Secure Deletion of Data from 
Magnetic and Solid-State Memory" by Peter Gutmann at
   http://list.windowsitpro.com/t?ctl=1BED3:4FB69 

Instead of creating and running your scripts from a hard disk, you 
could run your script from a floppy disk drive and then burn the floppy 
disk when you're done. I can't think of a more secure method than this. 
But many systems these days don't even have floppy disk drives.

A long time ago, I used RAM disks to help some programs run much 
faster. A RAM disk would be great for helping to secure your passwords 
in scripts that are used to perform mass password changes. You can 
create a RAM disk, use it to develop and run your scripts, and when 
you're finished, repeatedly erase the RAM disk. Then uninstall the RAM 
disk drivers, shut down the system, power it off (which destroys 
anything in RAM), and reboot the computer. There's still a slim chance 
that someone might be able to recover passwords written to RAM, but it 
would be incredibly difficult, because the RAM space used by the RAM 
disk will be overwritten repeatedly by the OS and your applications. 
Using a RAM disk is probably much safer than relying on a tool to erase 
hard disk space.

When establishing a RAM disk, be sure that you immediately set 
permissions on the new disk drive to prevent unwanted access. You can 
find numerous RAM disk drivers for Windows 2000 and Windows XP (some of 
which are free) by using your favorite search engine. Use a search 
string similar to 

RAMdisk +"Windows XP" +"Windows 2000"  

If you don't want to trust somebody else's RAM disk code, download 
Microsoft's RAM disk source code, review it carefully to make sure you 
trust it, then compile it yourself. Keep in mind that Microsoft's 
sample RAM disk code works only on Windows 2000. The Microsoft article 
"FILE: Ramdisk.sys sample driver for Windows 2000" cautions that if you 
use the code on Windows XP, it could render the System Restore features 
useless.
   http://list.windowsitpro.com/t?ctl=1BEE5:4FB69

Finally, you might use a thumb drive, which can essentially act like a 
RAM disk. Or you could use an MP3 player or digital camera as an 
additional disk drive on your system, then detach it when you're 
finished using it. As with hard disks and RAM disks, be absolutely 
certain that you delete any sensitive information the drive contains, 
then erase the unused space repeatedly.

====================

==== Sponsor: Panda Software ====

Provide Secure Remote Access
   It may be tempting to deploy a WiFi wireless access point or offer 
PDAs or laptops to your roaming employees so they can work from 
virtually anywhere. In this free white paper you'll get the important 
security implications you should consider before you do so.
   http://list.windowsitpro.com/t?ctl=1BED0:4FB69

====================

==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at
   http://list.windowsitpro.com/t?ctl=1BED6:4FB69

Windows Server 2003 R2 Ready to Go
   Microsoft released Windows Server 2003 Release 2 (R2) to 
manufacturing. The updated version of the OS brings new features and 
functionality. A key security focus area for Microsoft is identity 
management, which is based on the capabilities of Active Directory 
(AD). R2 also brings improvements to virtual machine (VM) technology, 
branch office management, and storage management (first URL below). For 
a more-in-depth look at R2, see "R2 Moves Windows Server 2003 Forward" 
(second URL below).
   http://list.windowsitpro.com/t?ctl=1BEDF:4FB69
   http://list.windowsitpro.com/t?ctl=1BEE0:4FB69

Two Microsoft Security Bulletins Released in December
   Microsoft released two security patches yesterday: one rated 
critical and the other, important. Microsoft also released five high-
priority nonsecurity updates. As usual, the company also released an 
updated version of its Malicious Software Removal Tool (MSRT). For 
Randy Franklin Smith's analysis of the security bulletins, go to
   http://list.windowsitpro.com/t?ctl=1BEDB:4FB69

Easy 802.11g Security
   Many inexpensive wireless APs emphasize ease of setup at the expense 
of security. Jeff Fellinge helps you secure your wireless network in 
this article on our Web site.
   http://list.windowsitpro.com/t?ctl=1BEDE:4FB69

====================

==== Resources and Events ====

SQL Server 2005: Up & Running Roadshows Coming to Europe!
   SQL Server experts will present real-world information about 
administration, development, and business intelligence to help you put 
SQL Server 2005 into practice and learn how to use its new 
capabilities. Includes one-year PASS membership and subscription to SQL 
Server Magazine. Register now for London, UK, and Stockholm, Sweden, at
   http://list.windowsitpro.com/t?ctl=1BED2:4FB69

Upgrade to Analysis Services 2005
   Get the tips and tricks you'll need to upgrade to Analysis Services 
2005, including possible upgrade and migration scenarios, preplanning 
steps, and tips on running the new Analysis Services migration wizard.  
Plus, you'll discover what steps are required after the migration 
process is complete and explore some of the new features of Analysis 
Services 2005.
   http://list.windowsitpro.com/t?ctl=1BECF:4FB69

Are You Really Prepared for Disaster Recovery?
   Join industry guru Liam Colvin in this free Web seminar and get the 
tips you need to validate your disaster recovery data. You'll learn if 
your backup and restore data is worth staking your career on, what type 
of geo-clustering is right for you, which response to use in crisis 
situations, and more!
   http://list.windowsitpro.com/t?ctl=1BECE:4FB69

Scripting and code don't have to be boring. Subscribe today to 
Scripting Central and get a down-and-dirty technical yet lighthearted 
look at scripts. You'll also get tools and tips for writing scripts for 
a variety of Windows applications, such as Exchange and SQL Server. 
Sign up today!
   http://list.windowsitpro.com/t?ctl=1BEE7:4FB69

Do You Know What "High Availability" Really Means?
   Learn what high availability really means and the different 
strategies that you can use to improve your email systems' availability 
and resiliency. Download this FREE guide now and get prepared to choose 
the appropriate solutions to protect your messaging data at the lowest 
cost and with the highest reliability.
   http://list.windowsitpro.com/t?ctl=1BED5:4FB69

Black Hat Federal Briefings and Trainings
   January 23-26, 2006, Sheraton Crystal City, Washington, DC. This new 
show--with 4 Briefings tracks and 11 Training classes--focuses on the 
problems and issues that governments face in protecting their 
infrastructure. Content will be oriented toward attack and defense, 
rootkit detection to IDS evasion. Stellar speakers include Michael 
Lynn, Simson Garfinkel, Halvar Flake, and Dan Kaminsky. Visit 
http://list.windowsitpro.com/t?ctl=1BEE9:4FB69 for complete updates.

====================

==== Featured White Paper ====

Ensure Data Protection and High Availability for Microsoft Exchange
   Having a mission-critical, data protection solution that is cost 
effective, hardware independent, and scalable is something every IT 
manager should consider. In this free white paper, get all you need to 
know about ensuring data protection and high availability for Exchange. 
This is one paper you can't afford to miss! Get your copy today at
   http://list.windowsitpro.com/t?ctl=1BED4:4FB69

====================

==== Hot Spot ====

Protect and Manage Instant Messaging
   85% of businesses use IM for business or personal use to improve 
communication and reduce email usage. In this free white paper learn 
how to protect your company and implement a managed IM security 
solution!  
   http://list.windowsitpro.com/t?ctl=1BED1:4FB69

====================

==== 3. Security Toolkit ==== 

Security Matters Blog: Cisco Developers Might Be Up Late This Holiday 
Season
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=1BEE3:4FB69

Mike Lynn encountered difficulty early this year in his attempts to 
discuss a flaw in Cisco hardware at the Black Hat conference in Las 
Vegas. He apparently knows of 15 more flaws in Cisco hardware. But the 
story gets even worse. Read about it in this blog article on our Web 
site.
   http://list.windowsitpro.com/t?ctl=1BEDC:4FB69

FAQ
   by John Savill, http://list.windowsitpro.com/t?ctl=1BEE1:4FB69 

Q: How do I enable HTTP Secure (HTTPS) traffic on my Microsoft IIS 6.0 
Web server site by using my local forest Certificate Authority (CA)?   

Find the answer at http://list.windowsitpro.com/t?ctl=1BEDD:4FB69

Security Forum Featured Thread: Host-based Firewalls for Windows Server 
2003
   A forum participant wonders if someone can suggest a very powerful 
and easy to manage (locally and remotely) host-based firewall solution 
that runs on Windows Server 2003 and includes robust reporting and 
alerting features. Join the discussion at 
   http://list.windowsitpro.com/t?ctl=1BECC:4FB69

====================

==== Announcements ====
   (from Windows IT Pro and its partners)

The Windows IT Pro Master CD has it all.
   Get the Windows IT Pro Master CD and get portable, high-speed access 
to the entire Windows IT Pro article database on CD--that's a library 
of more than 9000 articles! The newest issue includes BONUS Windows IT 
Tips; sign up now, and you'll SAVE 25%. Offer ends 12/31/05, so take 
advantage of this holiday offer now.
   http://list.windowsitpro.com/t?ctl=1BED7:4FB69

Exchange & Outlook Administrator Newsletter--Holiday Special
   Need answers to your tough Exchange questions? Subscribe to the 
Exchange & Outlook Administrator newsletter and SAVE up to $30 off the 
regular price. Each issue features tools and solutions you won't find 
anywhere else to help you migrate, optimize, administer, back up, 
recover, and secure Exchange and Outlook. Paid subscribers also get 
searchable access to the full online Exchange article database (more 
than 1000 articles). Order now:
   http://list.windowsitpro.com/t?ctl=1BED9:4FB69

====================

==== 4. New and Improved ====
   by Renee Munshi, products at windowsitpro.com

Security Appliance Line Gets Software Upgrade, New Models
   Network Engines is shipping version 3.0 software for all its NS 
Series Security Appliances, including two new models: NS6250 and 
NS8400. The new features in 3.0 deliver platform extensibility, 
management integration into the Microsoft Operations Manager (MOM) 
environment, and advanced protection for Web-based communications, 
including Web content security for Microsoft Exchange, SharePoint 
Portal server, and IIS. The NS Series is a family of multifunctional 
security appliances based on Microsoft Internet Security and 
Acceleration (ISA) Server 2004 and designed for small and midsized 
businesses (SMBs) and remote offices. The new NS6250 is a lower cost 
solution for smaller businesses or branch locations; the NS8400 is the 
highest performance platform to date. List pricing for the NS Series 
ranges from $3795 to $16,495.

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving 
you time or easing your daily burden? Tell us about the product, and 
we'll send you a T-shirt if we write about the product in a future 
Windows IT Pro What's Hot column. Send your product suggestions with 
information about how the product has helped you to 
   whatshot at windowsitpro.com.

Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and 
solutions in the Windows IT Security print newsletter's Reader to 
Reader column. Email your contributions (500 words or less) to 
r2rwinitsec at windowsitpro.com. If we print your submission, you'll 
get $100. We edit submissions for style, grammar, and length.

====================

==== Contact Us ==== 

About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=1BEE6:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- salesopps at windowsitpro.com

====================

This email newsletter is brought to you by Windows IT Security, 
the leading publication for IT professionals securing the Windows 
enterprise from external intruders and controlling access for 
internal users. Subscribe today.
   http://list.windowsitpro.com/t?ctl=1BEDA:4FB69

View the Windows IT Pro privacy policy at
   http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.





More information about the ISN mailing list