This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which
you might be interested. Please take a moment to visit these
advertisers' Web sites and show your support for Security UPDATE.
St. Bernard Software
1. In Focus: Cleaning Up After Mass Password Changes
2. Security News and Features
- Recent Security Vulnerabilities
- Windows Server 2003 R2 Ready to Go
- Two Microsoft Security Bulletins Released in December
- Easy 802.11g Security
3. Security Toolkit
- Security Matters Blog
- Security Forum Featured Thread
4. New and Improved
- Security Appliance Line Gets Software Upgrade, New Models
==== Sponsor: St. Bernard Software ===
Filtering the Spectrum of Internet Threats: Defending Against
Inappropriate Content, Spyware, IM, and P2P at the Perimeter
Because of the proliferation of Web-based threats, you can no longer
rely on basic firewalls as your sole network protection. Attackers
continue to evolve clever methods for reaching victims, such as sending
crafty Web links through Instant Messaging (IM) clients or email, or by
simply linking to other Web sites that your employees might surf. This
free white paper examines the threats of allowing unwanted or offensive
content into your network and describes the technologies and
methodologies to combat these types of threats. Get your free copy now!
==== 1. In Focus: Cleaning Up After Mass Password Changes === by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Last week, I mentioned ways to change passwords en masse. Hobbit
(creator of the hugely popular netcat tool) wrote to remind me that I
didn't mention the fact that storing plaintext passwords in scripts
carries considerable risk. Obviously, the passwords might be
recoverable by an intruder.
After you've performed mass password changes, don't leave password
strings lying around in plaintext. You might use strong encryption to
encrypt the data, or better yet, you might remove the passwords from
your system completely. To do that, delete any password strings in your
scripts or delete the scripts completely. Then securely erase your disk
space to ensure that the passwords can't be recovered by intruders.
To wipe a disk clean, you need to overwrite all sectors on a drive in
some fashion. Some disk-wiping tools can overwrite sectors numerous
times to better ensure that the magnetic flux (which is the means by
which data is recorded) is dramatically changed so that little if any
flux remains to be used toward data recovery. You can use Stellar
Information Systems' Stellar Wipe Safe Data Eraser, Heidi Computers'
Eraser, or any number of other tools designed to destroy disk-based
data. If you use Sunbelt Software's CounterSpy antispyware tool, you
might know that it has a built-in file eraser utility that you could
If you're interested in some facts and theory about how someone might
recover data from your disks and how disk-erasing technology can help
prevent that from happening, read "Secure Deletion of Data from
Magnetic and Solid-State Memory" by Peter Gutmann at
Instead of creating and running your scripts from a hard disk, you
could run your script from a floppy disk drive and then burn the floppy
disk when you're done. I can't think of a more secure method than this.
But many systems these days don't even have floppy disk drives.
A long time ago, I used RAM disks to help some programs run much
faster. A RAM disk would be great for helping to secure your passwords
in scripts that are used to perform mass password changes. You can
create a RAM disk, use it to develop and run your scripts, and when
you're finished, repeatedly erase the RAM disk. Then uninstall the RAM
disk drivers, shut down the system, power it off (which destroys
anything in RAM), and reboot the computer. There's still a slim chance
that someone might be able to recover passwords written to RAM, but it
would be incredibly difficult, because the RAM space used by the RAM
disk will be overwritten repeatedly by the OS and your applications.
Using a RAM disk is probably much safer than relying on a tool to erase
hard disk space.
When establishing a RAM disk, be sure that you immediately set
permissions on the new disk drive to prevent unwanted access. You can
find numerous RAM disk drivers for Windows 2000 and Windows XP (some of
which are free) by using your favorite search engine. Use a search
string similar to
RAMdisk +"Windows XP" +"Windows 2000"
If you don't want to trust somebody else's RAM disk code, download
Microsoft's RAM disk source code, review it carefully to make sure you
trust it, then compile it yourself. Keep in mind that Microsoft's
sample RAM disk code works only on Windows 2000. The Microsoft article
"FILE: Ramdisk.sys sample driver for Windows 2000" cautions that if you
use the code on Windows XP, it could render the System Restore features
Finally, you might use a thumb drive, which can essentially act like a
RAM disk. Or you could use an MP3 player or digital camera as an
additional disk drive on your system, then detach it when you're
finished using it. As with hard disks and RAM disks, be absolutely
certain that you delete any sensitive information the drive contains,
then erase the unused space repeatedly.
==== Sponsor: Panda Software ===
Provide Secure Remote Access
It may be tempting to deploy a WiFi wireless access point or offer
PDAs or laptops to your roaming employees so they can work from
virtually anywhere. In this free white paper you'll get the important
security implications you should consider before you do so.
==== 2. Security News and Features ===
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
Windows Server 2003 R2 Ready to Go
Microsoft released Windows Server 2003 Release 2 (R2) to
manufacturing. The updated version of the OS brings new features and
functionality. A key security focus area for Microsoft is identity
management, which is based on the capabilities of Active Directory
(AD). R2 also brings improvements to virtual machine (VM) technology,
branch office management, and storage management (first URL below). For
a more-in-depth look at R2, see "R2 Moves Windows Server 2003 Forward"
(second URL below).
Two Microsoft Security Bulletins Released in December
Microsoft released two security patches yesterday: one rated
critical and the other, important. Microsoft also released five high-
priority nonsecurity updates. As usual, the company also released an
updated version of its Malicious Software Removal Tool (MSRT). For
Randy Franklin Smith's analysis of the security bulletins, go to
Easy 802.11g Security
Many inexpensive wireless APs emphasize ease of setup at the expense
of security. Jeff Fellinge helps you secure your wireless network in
this article on our Web site.
==== Resources and Events ===
SQL Server 2005: Up & Running Roadshows Coming to Europe!
SQL Server experts will present real-world information about
administration, development, and business intelligence to help you put
SQL Server 2005 into practice and learn how to use its new
capabilities. Includes one-year PASS membership and subscription to SQL
Server Magazine. Register now for London, UK, and Stockholm, Sweden, at
Upgrade to Analysis Services 2005
Get the tips and tricks you'll need to upgrade to Analysis Services
2005, including possible upgrade and migration scenarios, preplanning
steps, and tips on running the new Analysis Services migration wizard.
Plus, you'll discover what steps are required after the migration
process is complete and explore some of the new features of Analysis
Are You Really Prepared for Disaster Recovery?
Join industry guru Liam Colvin in this free Web seminar and get the
tips you need to validate your disaster recovery data. You'll learn if
your backup and restore data is worth staking your career on, what type
of geo-clustering is right for you, which response to use in crisis
situations, and more!
Scripting and code don't have to be boring. Subscribe today to
Scripting Central and get a down-and-dirty technical yet lighthearted
look at scripts. You'll also get tools and tips for writing scripts for
a variety of Windows applications, such as Exchange and SQL Server.
Sign up today!
Do You Know What "High Availability" Really Means?
Learn what high availability really means and the different
strategies that you can use to improve your email systems' availability
and resiliency. Download this FREE guide now and get prepared to choose
the appropriate solutions to protect your messaging data at the lowest
cost and with the highest reliability.
Black Hat Federal Briefings and Trainings
January 23-26, 2006, Sheraton Crystal City, Washington, DC. This new
show--with 4 Briefings tracks and 11 Training classes--focuses on the
problems and issues that governments face in protecting their
infrastructure. Content will be oriented toward attack and defense,
rootkit detection to IDS evasion. Stellar speakers include Michael
Lynn, Simson Garfinkel, Halvar Flake, and Dan Kaminsky. Visit
http://list.windowsitpro.com/t?ctl=1BEE9:4FB69 for complete updates.
==== Featured White Paper ===
Ensure Data Protection and High Availability for Microsoft Exchange
Having a mission-critical, data protection solution that is cost
effective, hardware independent, and scalable is something every IT
manager should consider. In this free white paper, get all you need to
know about ensuring data protection and high availability for Exchange.
This is one paper you can't afford to miss! Get your copy today at
==== Hot Spot ===
Protect and Manage Instant Messaging
85% of businesses use IM for business or personal use to improve
communication and reduce email usage. In this free white paper learn
how to protect your company and implement a managed IM security
==== 3. Security Toolkit ====
Security Matters Blog: Cisco Developers Might Be Up Late This Holiday
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=1BEE3:4FB69
Mike Lynn encountered difficulty early this year in his attempts to
discuss a flaw in Cisco hardware at the Black Hat conference in Las
Vegas. He apparently knows of 15 more flaws in Cisco hardware. But the
story gets even worse. Read about it in this blog article on our Web
by John Savill, http://list.windowsitpro.com/t?ctl=1BEE1:4FB69
Q: How do I enable HTTP Secure (HTTPS) traffic on my Microsoft IIS 6.0
Web server site by using my local forest Certificate Authority (CA)?
Find the answer at http://list.windowsitpro.com/t?ctl=1BEDD:4FB69
Security Forum Featured Thread: Host-based Firewalls for Windows Server
A forum participant wonders if someone can suggest a very powerful
and easy to manage (locally and remotely) host-based firewall solution
that runs on Windows Server 2003 and includes robust reporting and
alerting features. Join the discussion at
==== Announcements === (from Windows IT Pro and its partners)
The Windows IT Pro Master CD has it all.
Get the Windows IT Pro Master CD and get portable, high-speed access
to the entire Windows IT Pro article database on CD--that's a library
of more than 9000 articles! The newest issue includes BONUS Windows IT
Tips; sign up now, and you'll SAVE 25%. Offer ends 12/31/05, so take
advantage of this holiday offer now.
Exchange & Outlook Administrator Newsletter--Holiday Special
Need answers to your tough Exchange questions? Subscribe to the
Exchange & Outlook Administrator newsletter and SAVE up to $30 off the
regular price. Each issue features tools and solutions you won't find
anywhere else to help you migrate, optimize, administer, back up,
recover, and secure Exchange and Outlook. Paid subscribers also get
searchable access to the full online Exchange article database (more
than 1000 articles). Order now:
==== 4. New and Improved === by Renee Munshi, firstname.lastname@example.org
Security Appliance Line Gets Software Upgrade, New Models
Network Engines is shipping version 3.0 software for all its NS
Series Security Appliances, including two new models: NS6250 and
NS8400. The new features in 3.0 deliver platform extensibility,
management integration into the Microsoft Operations Manager (MOM)
environment, and advanced protection for Web-based communications,
including Web content security for Microsoft Exchange, SharePoint
Portal server, and IIS. The NS Series is a family of multifunctional
security appliances based on Microsoft Internet Security and
Acceleration (ISA) Server 2004 and designed for small and midsized
businesses (SMBs) and remote offices. The new NS6250 is a lower cost
solution for smaller businesses or branch locations; the NS8400 is the
highest performance platform to date. List pricing for the NS Series
ranges from $3795 to $16,495.
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and
solutions in the Windows IT Security print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
email@example.com. If we print your submission, you'll
get $100. We edit submissions for style, grammar, and length.
==== Contact Us ====
About the newsletter -- firstname.lastname@example.org
About technical questions -- http://list.windowsitpro.com/t?ctl=1BEE6:4FB69
About product news -- email@example.com
About your subscription -- firstname.lastname@example.org
About sponsoring Security UPDATE -- email@example.com
This email newsletter is brought to you by Windows IT Security,
the leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for
internal users. Subscribe today.
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2005, Penton Media, Inc. All rights reserved.
Earn your Master's degree in Information Security ONLINE
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.