AOH :: ISN-1833.HTM

Cleaning Up After Mass Password Changes -- December 14, 2005

Cleaning Up After Mass Password Changes -- December 14, 2005
Cleaning Up After Mass Password Changes -- December 14, 2005

This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which 
you might be interested. Please take a moment to visit these 
advertisers' Web sites and show your support for Security UPDATE. 

St. Bernard Software 

Panda Software 

1. In Focus: Cleaning Up After Mass Password Changes

2. Security News and Features
   - Recent Security Vulnerabilities
   - Windows Server 2003 R2 Ready to Go
   - Two Microsoft Security Bulletins Released in December
   - Easy 802.11g Security

3. Security Toolkit
   - Security Matters Blog
   - FAQ
   - Security Forum Featured Thread

4. New and Improved
   - Security Appliance Line Gets Software Upgrade, New Models

==== Sponsor: St. Bernard Software ===
Filtering the Spectrum of Internet Threats: Defending Against 
Inappropriate Content, Spyware, IM, and P2P at the Perimeter 
   Because of the proliferation of Web-based threats, you can no longer 
rely on basic firewalls as your sole network protection. Attackers 
continue to evolve clever methods for reaching victims, such as sending 
crafty Web links through Instant Messaging (IM) clients or email, or by 
simply linking to other Web sites that your employees might surf. This 
free white paper examines the threats of allowing unwanted or offensive 
content into your network and describes the technologies and 
methodologies to combat these types of threats. Get your free copy now! 

==== 1. In Focus: Cleaning Up After Mass Password Changes ===   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Last week, I mentioned ways to change passwords en masse. Hobbit 
(creator of the hugely popular netcat tool) wrote to remind me that I 
didn't mention the fact that storing plaintext passwords in scripts 
carries considerable risk. Obviously, the passwords might be 
recoverable by an intruder. 

After you've performed mass password changes, don't leave password 
strings lying around in plaintext. You might use strong encryption to 
encrypt the data, or better yet, you might remove the passwords from 
your system completely. To do that, delete any password strings in your 
scripts or delete the scripts completely. Then securely erase your disk 
space to ensure that the passwords can't be recovered by intruders. 

To wipe a disk clean, you need to overwrite all sectors on a drive in 
some fashion. Some disk-wiping tools can overwrite sectors numerous 
times to better ensure that the magnetic flux (which is the means by 
which data is recorded) is dramatically changed so that little if any 
flux remains to be used toward data recovery. You can use Stellar 
Information Systems' Stellar Wipe Safe Data Eraser, Heidi Computers' 
Eraser, or any number of other tools designed to destroy disk-based 
data. If you use Sunbelt Software's CounterSpy antispyware tool, you 
might know that it has a built-in file eraser utility that you could 

If you're interested in some facts and theory about how someone might 
recover data from your disks and how disk-erasing technology can help 
prevent that from happening, read "Secure Deletion of Data from 
Magnetic and Solid-State Memory" by Peter Gutmann at 

Instead of creating and running your scripts from a hard disk, you 
could run your script from a floppy disk drive and then burn the floppy 
disk when you're done. I can't think of a more secure method than this. 
But many systems these days don't even have floppy disk drives.

A long time ago, I used RAM disks to help some programs run much 
faster. A RAM disk would be great for helping to secure your passwords 
in scripts that are used to perform mass password changes. You can 
create a RAM disk, use it to develop and run your scripts, and when 
you're finished, repeatedly erase the RAM disk. Then uninstall the RAM 
disk drivers, shut down the system, power it off (which destroys 
anything in RAM), and reboot the computer. There's still a slim chance 
that someone might be able to recover passwords written to RAM, but it 
would be incredibly difficult, because the RAM space used by the RAM 
disk will be overwritten repeatedly by the OS and your applications. 
Using a RAM disk is probably much safer than relying on a tool to erase 
hard disk space.

When establishing a RAM disk, be sure that you immediately set 
permissions on the new disk drive to prevent unwanted access. You can 
find numerous RAM disk drivers for Windows 2000 and Windows XP (some of 
which are free) by using your favorite search engine. Use a search 
string similar to 

RAMdisk +"Windows XP" +"Windows 2000"  

If you don't want to trust somebody else's RAM disk code, download 
Microsoft's RAM disk source code, review it carefully to make sure you 
trust it, then compile it yourself. Keep in mind that Microsoft's 
sample RAM disk code works only on Windows 2000. The Microsoft article 
"FILE: Ramdisk.sys sample driver for Windows 2000" cautions that if you 
use the code on Windows XP, it could render the System Restore features 

Finally, you might use a thumb drive, which can essentially act like a 
RAM disk. Or you could use an MP3 player or digital camera as an 
additional disk drive on your system, then detach it when you're 
finished using it. As with hard disks and RAM disks, be absolutely 
certain that you delete any sensitive information the drive contains, 
then erase the unused space repeatedly.

==== Sponsor: Panda Software ===
Provide Secure Remote Access
   It may be tempting to deploy a WiFi wireless access point or offer 
PDAs or laptops to your roaming employees so they can work from 
virtually anywhere. In this free white paper you'll get the important 
security implications you should consider before you do so. 

==== 2. Security News and Features ===
Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at 

Windows Server 2003 R2 Ready to Go
   Microsoft released Windows Server 2003 Release 2 (R2) to 
manufacturing. The updated version of the OS brings new features and 
functionality. A key security focus area for Microsoft is identity 
management, which is based on the capabilities of Active Directory 
(AD). R2 also brings improvements to virtual machine (VM) technology, 
branch office management, and storage management (first URL below). For 
a more-in-depth look at R2, see "R2 Moves Windows Server 2003 Forward" 
(second URL below). 

Two Microsoft Security Bulletins Released in December
   Microsoft released two security patches yesterday: one rated 
critical and the other, important. Microsoft also released five high-
priority nonsecurity updates. As usual, the company also released an 
updated version of its Malicious Software Removal Tool (MSRT). For 
Randy Franklin Smith's analysis of the security bulletins, go to 

Easy 802.11g Security
   Many inexpensive wireless APs emphasize ease of setup at the expense 
of security. Jeff Fellinge helps you secure your wireless network in 
this article on our Web site. 

==== Resources and Events ===
SQL Server 2005: Up & Running Roadshows Coming to Europe!
   SQL Server experts will present real-world information about 
administration, development, and business intelligence to help you put 
SQL Server 2005 into practice and learn how to use its new 
capabilities. Includes one-year PASS membership and subscription to SQL 
Server Magazine. Register now for London, UK, and Stockholm, Sweden, at 

Upgrade to Analysis Services 2005
   Get the tips and tricks you'll need to upgrade to Analysis Services 
2005, including possible upgrade and migration scenarios, preplanning 
steps, and tips on running the new Analysis Services migration wizard.  
Plus, you'll discover what steps are required after the migration 
process is complete and explore some of the new features of Analysis 
Services 2005. 

Are You Really Prepared for Disaster Recovery?
   Join industry guru Liam Colvin in this free Web seminar and get the 
tips you need to validate your disaster recovery data. You'll learn if 
your backup and restore data is worth staking your career on, what type 
of geo-clustering is right for you, which response to use in crisis 
situations, and more! 

Scripting and code don't have to be boring. Subscribe today to 
Scripting Central and get a down-and-dirty technical yet lighthearted 
look at scripts. You'll also get tools and tips for writing scripts for 
a variety of Windows applications, such as Exchange and SQL Server. 
Sign up today! 

Do You Know What "High Availability" Really Means?
   Learn what high availability really means and the different 
strategies that you can use to improve your email systems' availability 
and resiliency. Download this FREE guide now and get prepared to choose 
the appropriate solutions to protect your messaging data at the lowest 
cost and with the highest reliability. 

Black Hat Federal Briefings and Trainings
   January 23-26, 2006, Sheraton Crystal City, Washington, DC. This new 
show--with 4 Briefings tracks and 11 Training classes--focuses on the 
problems and issues that governments face in protecting their 
infrastructure. Content will be oriented toward attack and defense, 
rootkit detection to IDS evasion. Stellar speakers include Michael 
Lynn, Simson Garfinkel, Halvar Flake, and Dan Kaminsky. Visit for complete updates. 

==== Featured White Paper ===
Ensure Data Protection and High Availability for Microsoft Exchange
   Having a mission-critical, data protection solution that is cost 
effective, hardware independent, and scalable is something every IT 
manager should consider. In this free white paper, get all you need to 
know about ensuring data protection and high availability for Exchange. 
This is one paper you can't afford to miss! Get your copy today at 

==== Hot Spot ===
Protect and Manage Instant Messaging
   85% of businesses use IM for business or personal use to improve 
communication and reduce email usage. In this free white paper learn 
how to protect your company and implement a managed IM security 

==== 3. Security Toolkit ==== 

Security Matters Blog: Cisco Developers Might Be Up Late This Holiday 
by Mark Joseph Edwards, 

Mike Lynn encountered difficulty early this year in his attempts to 
discuss a flaw in Cisco hardware at the Black Hat conference in Las 
Vegas. He apparently knows of 15 more flaws in Cisco hardware. But the 
story gets even worse. Read about it in this blog article on our Web 

by John Savill, 

Q: How do I enable HTTP Secure (HTTPS) traffic on my Microsoft IIS 6.0 
Web server site by using my local forest Certificate Authority (CA)?   

Find the answer at 

Security Forum Featured Thread: Host-based Firewalls for Windows Server 
   A forum participant wonders if someone can suggest a very powerful 
and easy to manage (locally and remotely) host-based firewall solution 
that runs on Windows Server 2003 and includes robust reporting and 
alerting features. Join the discussion at 

==== Announcements ===   (from Windows IT Pro and its partners)

The Windows IT Pro Master CD has it all.
   Get the Windows IT Pro Master CD and get portable, high-speed access 
to the entire Windows IT Pro article database on CD--that's a library 
of more than 9000 articles! The newest issue includes BONUS Windows IT 
Tips; sign up now, and you'll SAVE 25%. Offer ends 12/31/05, so take 
advantage of this holiday offer now. 

Exchange & Outlook Administrator Newsletter--Holiday Special
   Need answers to your tough Exchange questions? Subscribe to the 
Exchange & Outlook Administrator newsletter and SAVE up to $30 off the 
regular price. Each issue features tools and solutions you won't find 
anywhere else to help you migrate, optimize, administer, back up, 
recover, and secure Exchange and Outlook. Paid subscribers also get 
searchable access to the full online Exchange article database (more 
than 1000 articles). Order now: 

==== 4. New and Improved === by Renee Munshi, 

Security Appliance Line Gets Software Upgrade, New Models
   Network Engines is shipping version 3.0 software for all its NS 
Series Security Appliances, including two new models: NS6250 and 
NS8400. The new features in 3.0 deliver platform extensibility, 
management integration into the Microsoft Operations Manager (MOM) 
environment, and advanced protection for Web-based communications, 
including Web content security for Microsoft Exchange, SharePoint 
Portal server, and IIS. The NS Series is a family of multifunctional 
security appliances based on Microsoft Internet Security and 
Acceleration (ISA) Server 2004 and designed for small and midsized 
businesses (SMBs) and remote offices. The new NS6250 is a lower cost 
solution for smaller businesses or branch locations; the NS8400 is the 
highest performance platform to date. List pricing for the NS Series 
ranges from $3795 to $16,495.

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving 
you time or easing your daily burden? Tell us about the product, and 
we'll send you a T-shirt if we write about the product in a future 
Windows IT Pro What's Hot column. Send your product suggestions with 
information about how the product has helped you to 

Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and 
solutions in the Windows IT Security print newsletter's Reader to 
Reader column. Email your contributions (500 words or less) to If we print your submission, you'll 
get $100. We edit submissions for style, grammar, and length.

==== Contact Us ==== 

About the newsletter -- 
About technical questions -- 
About product news -- 
About your subscription -- 
About sponsoring Security UPDATE -- 

This email newsletter is brought to you by Windows IT Security, 
the leading publication for IT professionals securing the Windows 
enterprise from external intruders and controlling access for 
internal users. Subscribe today. 

View the Windows IT Pro privacy policy at 

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.

Earn your Master's degree in Information Security ONLINE 
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.

Site design & layout copyright © 1986-2015 CodeGods