[ISN] Security UPDATE -- The Challenge of Data Destruction,
Part 2 -- May 18, 2005
InfoSec News
isn at c4i.org
Sat May 21 01:13:31 EDT 2005
====================
This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which
you might be interested. Please take a moment to visit these
advertisers' Web sites and show your support for Security UPDATE.
Secure and Configure Desktops from One Console
http://list.windowsitpro.com/t?ctl=A259:4FB69
Security Management in a Multi-platform World
http://list.windowsitpro.com/t?ctl=A243:4FB69
====================
1. In Focus: The Challenge of Data Destruction, Part 2
2. Security News and Features
- Recent Security Vulnerabilities
- Trend Micro Acquires InterMute; Novell Acquires Immunix
- What IT Pros Must Know About Sarbanes-Oxley
- Microsoft Plans Gatekeeper Security Contest
3. Instant Poll
4. Security Toolkit
- Security Matters Blog
- FAQ
- Security Forum Featured Thread
5. New and Improved
- Stop Buffer Overflow Attacks
====================
==== Sponsor: ScriptLogic ====
Secure and Configure Desktops from One Console
Get a FREE T-shirt when you evaluate NEW Desktop Authority 6.5, now
with Anti-Spyware and Patch Management options. With this award-winning
desktop management solution, you now have one console to proactively
secure, manage and support desktops from a central location. Centrally
configure drive mappings, printer deployments and many other settings.
Plus use ScriptLogic's patented Validation Logic technology to
determine how, when and where spyware is detected and removed – and
how, when and where patches are scanned-for and deployed. Significantly
reduce total cost of desktop and application ownership with this fully
integrated solution. Download and evaluate a 30-day FREE trial of
Desktop Authority 6.5 and get a FREE T-shirt. Download today at
http://list.windowsitpro.com/t?ctl=A259:4FB69
====================
==== 1. In Focus: The Challenge of Data Destruction, Part 2 ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Two weeks ago, I wrote about the challenge of data destruction. Based
on the number of responses to that column we received, the issue is
something a lot of you have to deal with.
A couple of readers wrote to suggest that heating the disks to a high
temperature might help destroy the magnetic properties of the platters.
One reader in particular said that people who work in universities
might find this concept to be an interesting exercise for students
working in the physics labs.
Two more readers presented what I think is a very economical idea in
terms of both time and money. They suggested having the drives crushed
in a hydraulic press. One of the readers contracts with a local machine
shop to do the work. He stands by while the drives are crushed, and
each visit costs less than $100. The other reader said he first wipes
disks with a software tool, then takes them to a local automobile scrap
yard. A worker at the scrap yard crushes the drives in exchange for
beer! The crushed parts could be separated into multiple lots and
disposed of at several trash dumps and recycling locations.
Another interesting idea is to use an oxyacetylene cutting torch or arc
welder to destroy drives. This sort of approach would certainly destroy
data, however it could become expensive in terms of time and money
depending on who did the work. And as one reader pointed out, the fumes
released from burning drive components could be toxic.
Yet another reader wrote to suggest driving a nail through each drive.
I agree that would work, but it's a lot of hammering if there are a few
hundred drives to destroy. The same reader also pointed out an error I
made in mentioning liquid hydrogen as a way to freeze a drive. The
proper chemical is liquid nitrogen. I apologize for that mistake.
A novel solution is to use a shredder. A reader said he contracts with
a company that offers an on-site shredding service for documents. As a
demonstration of its shredder's ability to shred other materials, the
company shredded an old laptop into pieces no bigger than a fingernail!
Because the reader already contracts with the shredding company for
other shredding needs, having it destroy old disk drives costs the
reader nothing extra.
What if you want to recycle your hardware so that it can be used again
by someone else? A reader suggested using a computer recycling company
such as RetroBox, which charges a fee to collect your old systems and
wipe the drives of all data using technology that meets Department of
Defense specifications. RetroBox then sells the refurbished systems and
returns part of the proceeds to your company. Depending on your
policies and needs, this could be a reasonable solution.
http://list.windowsitpro.com/t?ctl=A25F:4FB69
Finally, another reader suggested using a data encryption solution that
requires a hardware-based key to access the data, such as SecureIDE (at
the URL below). If no key is available, then in theory the data can't
be accessed. This is a reasonable solution for many businesses, and so
are data encryption techniques that use software-based keys. However,
someone might be able to recover the data if he or she has enough
resources to allocate to the task.
http://list.windowsitpro.com/t?ctl=A24F:4FB69
Thanks to all of you who contributed to this list of interesting
solutions.
====================
==== Sponsor: BindView ====
Security Management in a Multi-platform World
In this free white paper you'll learn how to reduce management
overhead when dealing with multiple platforms such as Windows, UNIX,
Linux and NetWare, and the costs and benefits of a centralized
"holistic" approach to security management. Get the ins and outs of
managing multi-platform security and how you can safely, securely, and
sanely manage the security infrastructure of complex, multi-platform
environments.
http://list.windowsitpro.com/t?ctl=A243:4FB69
====================
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=A24D:4FB69
Trend Micro Acquires InterMute; Novell Acquires Immunix
Security solution provider Trend Micro has acquired antispyware
maker InterMute for approximately $15 million. Novell acquired Linux
application security vendor Immunix, maker of AppArmor.
http://list.windowsitpro.com/t?ctl=A253:4FB69
What IT Pros Must Know About Sarbanes-Oxley
Chances are you've already been affected by sections 404 and 302 of
the Sarbanes-Oxley Act (SOX), whether or not you realize it. SOX has
ramifications for everyone in the corporation from the CEO and board of
directors down to IT professionals. Randy Franklin Smith examines the
various IT areas that SOX affects to help you get a handle on your role
in implementing compliance-related mandates from upper management.
http://list.windowsitpro.com/t?ctl=A251:4FB69
Microsoft Plans Gatekeeper Security Contest
All right, all you European IT pros--it's time to dig into the
security resources at http://list.windowsitpro.com/t?ctl=A25B:4FB69 and
http://list.windowsitpro.com/t?ctl=A25D:4FB69 and brush up on your security skills
because Microsoft is having a contest. The Gatekeeper Test will be open
to IT pros in more than 19 European countries and will test security
knowledge with 19 multiple-choice questions and one open-ended
question. The grand prize winner goes to Microsoft TechEd 2005 Europe
in Amsterdam on Bill G's dime. In addition to the TechEd trip, you
could win a Windows XP Tablet PC, a Media Center PC, or subscriptions
to Microsoft TechNet Magazine and Windows IT Pro magazine. Visit
http://list.windowsitpro.com/t?ctl=A25B:4FB69
====================
==== Resources and Events ====
Improve Fax Messaging and Application Integration
View this on-demand Web seminar and receive a complimentary 30-day
software evaluation and industry white paper! Join industry expert
David Chernicoff and learn how leading organizations are incorporating
fax technologies to empower users and enhance existing investments in
infrastructure and applications while providing substantial ROI.
Register now!
http://list.windowsitpro.com/t?ctl=A249:4FB69
Attend the Black Hat Briefings
Attend the Black Hat Briefings & Training USA, July 23-28, 2005 in
Las Vegas. World renowned security experts reveal tomorrow's threats
today. Free of vendor pitches, the briefings are designed to be
pragmatic regardless of your security environment. Featuring 25 hands-
on training courses and 10 conference tracks. Lots of Windows stuff
profiled.
http://list.windowsitpro.com/t?ctl=A260:4FB69
Get Excited About SQL Server 2005 Reporting Services
In this free Web seminar, explore the new features associated with
Microsoft SQL Server 2005 Reporting Services. You'll discover how to
offer the "single version of truth" in your enterprise reporting
environment with the integration of Reporting Services 2005 and the
Analysis Service 2005 Unified Dimensional Model (UDM). Plus, you'll
discover "Report Builder," and more. Sign up today!
http://list.windowsitpro.com/t?ctl=A245:4FB69
Find Out What's New in SQL Server Analysis Services 2005
In this free Web seminar, get an in-depth understanding of the many
new features and capabilities Microsoft has introduced in SQL Server
2005 Analysis Services. You'll learn about data source views, user-
defined hierarchies, measure groups, KPIs and more! Plus--get all you
need to know about integration with Integration Services and Reporting
Services and the new deployment and synchronization capabilities in SQL
Server 2005 Analysis Services.
http://list.windowsitpro.com/t?ctl=A246:4FB69
====================
==== Featured White Paper ====
Optimizing Disk-Based Backups for SMBs and Distributed Enterprises
In this free white paper, learn how your small or midsized business
can optimize disk-based backup. Discover how combining disk-based
backups with automated backup technology can deliver easy-to-manage
backups, fast restores, and simplified creation and tracking of tape
for offsite media rotation. Download this free white paper today!
http://list.windowsitpro.com/t?ctl=A244:4FB69
====================
==== Hot Release ====
FREE Download – The Next Generation of End-Point Security is Available
Today.
NEW NetOp Desktop Firewall's fast 100% driver-centric design offers
a tiny footprint that protects machines from all types of malware even
before Windows loads and without slowing them down. NetOp provides
process & application control, real-time centralized management,
automatic network detection & profiles, more. Try it FREE.
http://list.windowsitpro.com/t?ctl=A242:4FB69
====================
==== 3. Instant Poll ====
Results of Previous Poll: Do you map the data you collect during
wireless-network audits by using tools such as StumbVerter and
MapPoint?
The voting has closed in this Windows IT Pro Security Hot Topic
nonscientific Instant Poll. Here are the results from the 12 votes:
- 25% Yes
- 8% I haven't been, but I plan to
- 67% No, and I don't plan to
New Instant Poll: How will you use WSUS in your enterprise?
Go to the Security Hot Topic and submit your vote for
- As my patch management infrastructure
- As a backup to SMS 2003 or other patch management infrastructure
- As a reporting tool to check on compliance with patches
- I won't be using WSUS
http://list.windowsitpro.com/t?ctl=A254:4FB69
==== 4. Security Toolkit ====
Security Matters Blog: Firefox 1.0.4 Fixes Three Critical Security
Problems
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=A258:4FB69
If you use Mozilla Firefox, it's time to upgrade to the latest
version, 1.0.4, released May 11. The new version fixes three critical
security problems.
http://list.windowsitpro.com/t?ctl=A252:4FB69
FAQ
by John Savill, http://list.windowsitpro.com/t?ctl=A255:4FB69
Q: Are Group Policy Objects (GPOs) inherited by child domains?
Find the answer at
http://list.windowsitpro.com/t?ctl=A250:4FB69
Security Forum Featured Thread: Blocking Port 220
A forum participant writes, "I have a Dell box running Windows
Server 2003 Service Pack 1 (SP1), and my network folks tell me that
it's been compromised by a Trojan horse program. They see outbound
traffic over port 220. Their solution is to take the machine down and
reformat the drive. There has got to be another way. How do I block
this port--with an outbound firewall?" Join the discussion at
http://list.windowsitpro.com/t?ctl=A24A:4FB69
====================
==== Announcements ====
(from Windows IT Pro and its partners)
SQL Server Magazine Gives DBAs and Developers What They Need
With SQL Server 2005 right around the corner, it's important to note
that SQL Server Magazine is on target to deliver comprehensive coverage
of all betas of the new product and the final release. If you aren't
already a subscriber, now is the time to subscribe. Act now and save
47% off the cover price, plus get the new Reporting Services poster.
http://list.windowsitpro.com/t?ctl=A257:4FB69
Nominate Yourself or a Friend for the MCP Hall of Fame
Are you a top-notch MCP who deserves to be a part of the first-ever
MCP Hall of Fame? Get the fame you deserve by nominating yourself or a
peer to become a part of this influential community of certified
professionals. You could win a VIP trip to Microsoft and other valuable
prizes. Enter now--it's easy:
http://list.windowsitpro.com/t?ctl=A24B:4FB69
====================
==== 5. New and Improved ====
by Renee Munshi, products at windowsitpro.com
Stop Buffer Overflow Attacks
SoftSphere Technologies announced the release of Defence Plus, the
latest version of its antihacking software tool previously known as
Anti-Cracker Shield. Defence Plus detects and stops buffer overflow
attacks, protecting Windows, its components, and all software
applications installed on the computer. When intrusion-like behavior is
detected, Defence Plus blocks it and notifies you with a sound. You can
click an icon to view a detailed report on the blocked attack. Defence
Plus is designed for Windows NT/2000/XP/2003 and costs $39 for a
single-user license. For more information, go to
http://list.windowsitpro.com/t?ctl=A25E:4FB69
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
whatshot at windowsitpro.com.
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and
solutions in the Windows IT Security print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rwinitsec at windowsitpro.com. If we print your submission, you'll
get $100. We edit submissions for style, grammar, and length.
====================
==== Sponsored Links ====
Converting a Microsoft Access Application to Oracle HTML DB
Convert MS Access into a Web application for multiple users.
Download now!
http://list.windowsitpro.com/t?ctl=A261:4FB69
Phishing, viruses, bot-nets and more: How to prevent the "Perfect
Storm" from devastating your email system
Stop attacks with a multi-layered approach. Download this white
paper now!
http://list.windowsitpro.com/t?ctl=A248:4FB69
Protecting Your Company by Managing Your Users' Internet Access
Internet access within an organization can represent a legal &
security risk
http://list.windowsitpro.com/t?ctl=A247:4FB69
====================
==== Contact Us ====
About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=A25A:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com
====================
This email newsletter is brought to you by Windows IT Security,
the leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for
internal users. Subscribe today.
http://list.windowsitpro.com/t?ctl=A24E:4FB69
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2005, Penton Media, Inc. All rights reserved.
More information about the ISN
mailing list