[ISN] Security UPDATE -- Wipe Old Hard Disks Clean Reprise -- April 20, 2005

InfoSec News isn at c4i.org
Thu Apr 21 01:23:21 EDT 2005


This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which 
you might be interested. Please take a moment to visit these 
advertisers' Web sites and show your support for Security UPDATE. 

The Competitive Advantages of Multi-Platform Remote Control: A Pathway 
to Increased Productivity

Is Your Office Truly Fax Integrated?


1. In Focus: Wipe Old Hard Disks Clean--Reprise

2. Security News and Features
   - Recent Security Vulnerabilities
   - SSL VPN Products 
   - IIS Application Isolation
   - eEye Releases Free WiFi Scanner

3. Instant Poll

4. Security Toolkit
   - Security Matters Blog
   - FAQ
   - Security Forum Featured Thread

5. New and Improved
   - Manage Windows Firewall


==== Sponsor: Netopia ====
The Competitive Advantages of Multi-Platform Remote Control: A Pathway 
to Increased Productivity
   The largest cost component associated with computers in the 
workplace is "misdirected end user activities" - the amount of time 
wasted by end users trying to fix a problem themselves or trying to 
help a colleague fix a problem that is best handled by IT staff. In 
this free white paper discover how to achieve a faster resolution of 
IT-related problems, reduce end-user downtime, increase employee 
productivity, and operate in a more efficient manner. Learn how your 
company can intelligently manage their enterprise environment and 
possess an inherent competitive advantage.
   Discover how you can outperform the competition by controlling costs 
and boosting productivity and download this free white paper now!


==== 1. In Focus: Wipe Old Hard Disks Clean--Reprise ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

A year ago, I wrote in this space about tools that you can use to wipe 
hard disks clean of all data. In that article, I mentioned four 
software-based tools. This week I learned about two more tools and 
about another type of product that can help when you need to erase a 

The tools I mentioned in the previous article (first URL below) are 
Autoclave (no longer supported), LSoft Technologies' Active at KillDisk 
(second URL below), Stellar Information Systems' Stellar Wipe Safe Data 
Eraser (third URL below), and Heidi Computers' Eraser (fourth URL 

Because Autoclave, formerly provided by the University of Washington, 
is no longer supported, the university now refers people to the open 
source Darik's Boot and Nuke tool (DBAN). DBAN works from a bootable 
floppy disk, can erase data in various modes (DoD short, random number 
streams) and works with PCs and PowerPC platforms, including Apple 
Macintosh. DBAN is also bundled with Heidi Computers' Eraser. 

If you have Windows XP, then maybe you know that it ships with a 
command-line tool, cipher.exe, designed to manage encryption on entire 
volumes as well as directories. One of the features of cipher.exe is 
that it can wipe a disk to help prevent data recovery. The tool's /? 
switch gives you a list of all the available command-line options. You 
can use the last option, /W, to wipe an entire disk or a select 
directory. There are, of course, other tools that can do the same job, 
which you can probably find using your favorite search engine.

Wiping an entire disk clean (so that you can recycle or dispose of it, 
donate it to charity, or return it under warranty) is sometimes quite a 
problem, especially if the disk is in a system that can no longer boot. 
You can of course try to use some sort of bootable CD-ROM and then run 
a software-based tool to wipe the disk. You can also remove the disk 
and put it into another system, boot that system, then wipe it clean. 

Another method, which I think is very handy, is to use a custom 
connector that lets you connect a disk to any system using a USB or 
FireWire port. Such connectors are relatively inexpensive and have the 
added advantage of letting you connect any ATA disk to a supported 
system, including a laptop, which is also a great way to get a bunch of 
extra disk space when you need it. 

The Dan's Data Web site reviews at least four connectors I think you 
might be interested in. One is an external drive box shell from 
Sunnytek Information available for ATA and SATA configurations (review 
at the first URL below). You can insert just about any regular ATA disk 
you can think of inside the shell. Another is ComboDock by WiebeTech, 
which is a small external connector box that connects to the back of an 
ATA disk (review at the second URL below). Yet another is the USB 2.0 
to IDE Cable, available from USBGEEK.COM (review at the third URL 
below). And finally, there is the R-Driver II USB to IDE cable (review 
at the fourth URL below), which I think is the best choice because it 
lets you connect regular ATA drives and the mini-ATA drives that are 
typically used in laptops and other portable computing devices. 

One thing to keep in mind is that USB 2.0 (up to 480Mbps) is much 
faster than USB 1.x (up to 12Mbps). And likewise, FireWire 1394b (up to 
800Mbps) is twice as fast as FireWire 1394a (up to 400Mbps). If you 
don't have USB 2.0 or FireWire 1394b in your system, you can buy an 
inexpensive add-on card to significantly speed up read and write times. 

Any of the ATA connectors I mentioned let you add a disk to a system in 
just a few seconds. Not only can you use them to wipe data off disk, 
but because they offer complete portability, you can also use them with 
CD-ROM and DVD drives to create your own portable backup solutions. 

If you're interested in these connectors, be sure to read the related 
hardware reviews at Dan's Data.


==== Sponsor: FaxBack ====
Is Your Office Truly Fax Integrated?     
   Discover how to make your business more productive with easier ways 
for users to communicate and carry out mission-critical business 
processes. Download this free white paper to learn how to integrate fax 
with Microsoft Office and Exchange/Outlook applications. Get usage 
examples of Office-to-Fax integration, learn the benefits, and how fax 
works with Microsoft Office to deliver clear and substantial benefits 
to users.


==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at

SSL VPN Products 
   Not having access to your company's network and applications when 
you're on the road or working at home can seriously compromise your 
ability to do your job. This Buyer's Guide looks at Secure Sockets 
Layer (SSL) VPNs, a special type of remote access product that 
complements the secure gateways and network-based VPN technology that 
most companies already have. 

IIS Application Isolation
   From time to time, you're probably called on to deploy a Web 
application that traffics sensitive information. The deployment 
includes installing the application on a hardened server in such a way 
that no other Microsoft IIS applications can access the application 
files. Learn how to isolate applications in Brett Hill's article on our 
Web site. 

eEye Releases Free WiFi Scanner
   eEye Digital Security announced the release of its free Retina WiFi 
Scanner, which is designed to help detect active wireless devices, 
including those that might already be connected to a company's wireless 


==== Resources and Events ====

Microsoft Tech Ed 2005 Europe, 5 - 8 July, Amsterdam, The Netherlands
   Build you own 4 day agenda from 12 targeted tracks offering over 400 
technical sessions, Hands-On Labs, Chalk-&-Talks, Panel Discussions and 
more. At Microsoft's flagship European technical education conference 
for Developers and IT Professionals engage with outstanding speakers, 
network with your European peers, evaluate current and soon-to-be-
launched technologies and share the inspiration! Save 300 euros! 
Register before our 20th May Early Bird deadline at

Are You Experiencing Increased Frustration with Your Current Antispam 
   With new and more dangerous email threats, in-house software, 
appliances, and even some services may no longer work effectively. They 
require too much IT staff time to update and maintain or to satisfy the 
needs of different users. In this free Web seminar, learn firsthand 
from your colleagues and peers about their search for a better 
solution. Register today!

Get The Valuable Resources You Need To Secure Your IT Environment.
   Stay on top of new security threats, address those security threats, 
ensure trustworthy computing in your environment, and more! Download an 
eBook or white paper before June 30th and you'll be entered for a 
chance to win an Xbox!

Developing, Deploying and Managing SQL Server Integration Services 
   In this free Web seminar, find out the role SSIS plays in 
Microsoft's BI strategy and learn about the important new SSIS 
features. You'll get a guided tour illustrating how to develop SSIS 
packages using the new SSIS Designer and learn how to customize those 
packages to run on different systems. Sign up today!

Improve Fax Messaging and Application Integration
   View this on-demand Web seminar and receive a complimentary 30-day 
software evaluation and industry white paper! Join industry expert 
David Chernicoff and learn how leading organizations are incorporating 
fax technologies to empower users and enhance existing investments in 
infrastructure and applications while providing substantial ROI. 
Register now!

Get Ready for SQL Server 2005 Roadshow in a City Near You
   Get the facts about migrating to SQL Server 2005. SQL Server experts 
will present real-world information about administration, development, 
and business intelligence to help you implement a best-practices 
migration to SQL Server 2005 and improve your database computing 
environment. Attend and receive a 1-year membership to PASS and 1-year 
subscription to SQL Server Magazine. Register now!


==== Featured White Paper ====

Converting a Microsoft Access Application to Oracle HTML DB
   Get the most efficient, scaleable, and secure approach to managing 
information using an Oracle Database with a Web application as the user 
interface. In this free white paper learn how you can use an Oracle 
HTML Database to convert a Microsoft Access application into a Web 
application that can be used by multiple users concurrently. Download 
this free white paper now!


==== Hot Release ====
Best Practices for Establishing and Enforcing a Security Policy in Your 
   With all the viruses, Trojans, spyware, malware, and malicious 
attacks out there, is your company as prepared as it can be to fend off 
these threats? This white paper will provide you with detailed 
information for establishing and enforcing a security policy so that 
you have a safety net to fall back on and can ensure that you're making 
the right decisions at a demanding time. Download this free white paper 


==== 3. Instant Poll ====

Results of Previous Poll: Do you consider IIS 6.0 to be a secure 
   The voting has closed in this Windows IT Pro Security Hot Topic 
nonscientific Instant Poll. Here are the results from the 52 votes:
   52% Yes
   48% No

New Instant Poll: Do you map the data you collect during wireless-
network audits by using tools such as StumbVerter and MapPoint?
   Go to the Security Hot Topic and submit your vote for 
   - Yes
   - I haven't been, but I plan to
   - No, and I don't plan to

==== 4. Security Toolkit ==== 

Security Matters Blog 
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=7F03:4FB69

Honeynet Project Challenge: Scan 34
   The Honeynet Project's latest Scan of the Month challenge is online 
now and invites you to analyze data collected from an Apache server, a 
Linux system, an iptables firewall, and a Snort IDS system. If you plan 
to participate, your forensic analysis is due by May 9. 

   by John Savill, http://list.windowsitpro.com/t?ctl=7F01:4FB69 

Q: What's new in Windows Server 2003 Service Pack 1 (SP1)? 

Find the answer at http://list.windowsitpro.com/t?ctl=7EFB:4FB69

Security Forum Featured Thread: Pushing Software to Client PCs
   A forum participant wants to know how to install software on PCs on 
which the users don't have administrator rights. He needs to push out 
client software to a few hundred users. He's considering using a 
Windows Management Instrumentation (WMI) script to set up a scheduled 
task running as a local admin on each PC. This task would map the drive 
and run the silent install. He wonders if that would work or whether 
there's another option that he should know about. Join the discussion 


==== Announcements ====
   (from Windows IT Pro and its partners)

Check Out the New Windows IT Security Newsletter!
   Security Administrator is now Windows IT Security. We've expanded 
our content to include even more fundamentals on building and 
maintaining a secure enterprise. Each issue also features product 
coverage of the best security tools available and expert advice on the 
best way to implement various security components. Plus, paid 
subscribers get online access to our entire security article database! 
Click here to try a sample issue today:

Windows IT Security Monthly Pass = Quick Answers!
   Sign up today for your Windows IT Security Monthly Pass and get 24/7 
online access to every article on the Windows IT Security Web site, 
including exclusive subscriber-only content. That's a database of more 
than 1900 security articles to help you get all the answers you need, 
when you need them! Sign up now:


==== 5. New and Improved ====
   by Renee Munshi, products at windowsitpro.com

Manage Windows Firewall
   Gravity Storm Software announced the release of Service Pack Manager 
(SPM) 7.0, which now includes functionality to manage Windows Firewall 
on networked Windows XP and Windows Server 2003 machines. SPM 7.0 lets 
you detect all the machines on the network running Windows Firewall, 
determine which machines are in compliance with your user-defined 
Windows Firewall policy, and easily distribute your policy. Compliance 
checks are performed at the level of allowed/blocked ports. Service 
Pack Manager doesn't require use of Active Directory (AD), Group 
Policies, or scripting. For more information or to download a free 
evaluation copy, go to

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving 
you time or easing your daily burden? Tell us about the product, and 
we'll send you a T-shirt if we write about the product in a future 
Windows IT Pro What's Hot column. Send your product suggestions with 
information about how the product has helped you to 
   whatshot at windowsitpro.com.

Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and 
solutions in the Windows IT Security print newsletter's Reader to 
Reader column. Email your contributions (500 words or less) to 
r2rwinitsec at windowsitpro.com. If we print your submission, you'll 
get $100. We edit submissions for style, grammar, and length.


==== Sponsored Links ====

Quest Software
   Heading to Exchange from Notes or GroupWise? Get Expert Help!

Argent versus MOM 2005
   Experts Pick the Best Windows Monitoring Solution

High Availability for Windows Services
   Learn of core issues surrounding Windows high availability - 
Download this white paper now!


==== Contact Us ==== 

About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=7F0A:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com


This email newsletter is brought to you by Windows IT Security, 
the leading publication for IT professionals securing the Windows 
enterprise from external intruders and controlling access for 
internal users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.

More information about the ISN mailing list