Security UPDATE - 31 Mar 2004

===============

==== This Issue Sponsored By ==== Symantec ON iPatch - First Enterprise Patch Management Solution http://sea.symantec.com/WindowsiPatch Symantec V2i Protector – Real-time Backup/Recovery http://sea.symantec.com/WindowsV2i

==========

* In Focus: Wiping Old Hard Disks Clean * Security News and Features - News: Scripting MBSA 1.2 - News: Windows 2003 AD Quotas - News: Cryptcat and Netcat; Secure Your Domain for 100 Years - News: Three Betas: XP SP2, LimitLogon, Mozilla 1.7 * New and Improved - Respond to Network Security Information in Real Time

==========

==== Sponsor: Symantec ON iPatch - First Enterprise Patch Management Solution ==== ON iPatch lets you proactively patch and secure thousands of computers simultaneously - including remote and mobile computers, no matter where they are located or connected - and rapidly recover from virus corruption, without the significant cost and time delay of sending IT staff to remote locations. ON iPatch proactively identifies and installs all missing patches and removes unauthorized files and applications. It provides an automated, unattended solution for a security audit of all your managed computers, and has the ability to place corrupted computers in "safe mode" and then execute remediation utilities off line in a 100% unattended manner. Click here for more information: http://sea.symantec.com/WindowsiPatch

==========

==== In Focus: Wiping Old Hard Disks Clean ==== by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net A component that's typically changed during computer upgrades is the hard disk. Users run out of space and need a larger disk, particularly if their existing disks are somewhat old and therefore probably have less capacity. Swapping out disks or complete systems is common, but I wonder whether you wipe clean your old disks before sending them off for recycling or resale. If you do wipe the disks, are you sure that data can't be recovered from them? Some people might think that simply using Fdisk to destroy partitions is a good enough technique for eliminating data. After all, if the partitions are gone, who could recover the data, right? Wrong. Fdisk changes only partition tables--it doesn't touch the other sectors on the drive. So any data that users stored on those other sectors is still there, which means that someone with a little knowledge could recover that data. Simson Garfinkel wrote the article "Hard Disk Risk" about a year ago for CSO Magazine. In the article, Garfinkel talks about his adventures in purchasing old hard drives at resale shops and the data that he found on them. One drive was formerly used in an ATM machine and contained a year's worth of transaction records; another drive had more than 5000 credit card numbers; yet another had sensitive personal information about an individual Only 10 percent of the drives Garfinkel purchased were properly wiped of data. http://www.simson.net/clips/2003.CSO.04.hard_disk_risk.htm To wipe a disk clean, you need to overwrite all sectors on a drive in some fashion. Some disk-wiping tools can overwrite sectors numerous times to better ensure that the magnetic flux (which is the means by which data is recorded) is dramatically changed so that little if any flux remains to be used toward data recovery. Or you might decide that one overwrite process is enough for your needs. Garfinkel raises an interesting question: If you give your old hardware to resellers or other organizations, do you trust these organizations to satisfactorily delete your data? You might consider wiping your own drives before you release them from your control. To get the job done, you might use Autoclave, LSoft Technologies' Active@KillDisk, Stellar Information Systems' Stellar Wipe Safe Data Eraser, Heidi Computers' Eraser, or any number of other tools designed to destroy disk-based data. http://staff.washington.edu/jdlarios/autoclave http://www.killdisk.com http://www.stellarinfo.com/file-eraser.htm http://www.heidi.ie/eraser If you're interested in some facts as well as theory about how someone might recover data from your old drives and how disk-wiping technology can help prevent that from happening, be sure to read Peter Gutmann's extensive article on the subject. http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/ Last week, I requested feedback about this newsletter. I've received numerous responses and want to thank those of you who did respond. However, I'd like to hear from even more of you! If you're so inclined, please email me your comments. If you missed last week's editorial, you can read it at the URL below. In essence, I welcomed any suggestions, comments, or critiques regarding this newsletter. Send your response to mark at ntsecurity dot net, and please prefix the subject line with "SECUPD" so that I can more easily identify responses to this request. http://www.winnetmag.com/article/articleid/42127/42127.html

==========

==== Sponsor: Symantec V2i Protector – Real-time Backup/Recovery ==== In the event of a security threat or disaster V2i Protector provides a real-time, disk-based backup and disaster recovery solution designed to capture a system's active state. Using V2i Protector, you can also quickly restore failed systems to a specified point-in-time by performing a full system restoration, a complete bare metal recovery or restore individual files and folders in minutes. V2i Protector creates exact backups of volumes/partitions through the use of snapshot technology. This captures all files and volumes, including system personalities and configurations. Click here to download an evaluation version today: http://sea.symantec.com/WindowsV2i

==========

==== Security News and Features ==== Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://www.winnetmag.com/departments/departmentid/752/752.html News: Scripting MBSA 1.2 Updated sample scripts are now available for the Microsoft Baseline Security Analyzer (MBSA) 1.2. Microsoft published the updates on March 17. http://www.winnetmag.com/article/articleid/42116/42116.html Feature: Windows 2003 AD Quotas Windows Server 2003 has a new Active Directory (AD) quotas feature that lets you monitor and limit the number of objects a security principal (user, group, or computer) can create in a partition. This feature is similar to the built-in quota that Windows 2000 and later versions assign to authenticated users for creating computer objects except that the new Windows 2003 quotas apply to all object types. Robbie Allen explains the new feature in this article on our Web site. http://www.winnetmag.com/article/articleid/41898/41898.html News: Cryptcat and Netcat; Secure Your Domain for 100 Years You've probably heard of Netcat, a flexible network utility that can perform all sorts of functions. But have you heard of Cryptcat? The tool has been around for almost 4 years, but plenty of people don't know it exists. Network Solutions now lets you secure your domain name for 100 years in advance for $999. http://www.winnetmag.com/article/articleid/42131/42131.html News: Three Betas: XP SP2, LimitLogon, Mozilla 1.7 Microsoft released Windows XP Service Pack 2 (SP2) to public beta last week. Along with the beta, the company established 11 newsgroups in which users can discuss various aspects of the service pack. The ieXbeta.com Web site reports that Microsoft is now accepting applications for beta testers of an upcoming Windows Server 2003 Resource Kit tool, LimitLogon, which will let you limit the number of allowed concurrent sessions per user in an Active Directory (AD) domain. The tool requires Windows 2003 and Microsoft IIS 6.0. The Mozilla Organization released the Mozilla 1.7 public beta. The new version includes improved cookie controls, support for SMTP "MSN Authentication" in the mail client, performance improvements, and several other enhancements. http://www.winnetmag.com/article/articleid/42093/42093.html

==========

==== Sponsor: Virus Update from Panda Software ==== Are your traditional antivirus solutions really protecting your network? Panda Antivirus GateDefender is a dedicated hardware device installed at the Internet gateway to block viruses before they contaminate your network. It scans 7 different communication protocols, achieving optimum protection against external attacks. Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus GateDefender 7200 (500 seats+) provide the highest scalability with native load balancing that transparently adapts to traffic volume. Visit "Panda's GateDefender Stands Guard!" at http://www.pandasecurity.com/gatedefender/ for more information.

==========

==== Announcements ==== (from Windows & .NET Magazine and its partners) Windows & .NET Magazine Connections Windows & .NET Magazine Connections features speakers from Microsoft and other top independent experts. Complete details about workshops, breakout sessions, and speakers are now online. All attendees will get a chance to win a Florida vacation. Keep your competitive edge by learning from the world's best experts. Go online now to register. http://www.winconnections.com Take Our Brief Survey! Does your company use third-party management tools to manage your Microsoft Windows network? If you do, Windows & .NET Magazine would like to hear from you about your preferences. Please respond to our short survey regarding Windows management tools and we'll enter you in a drawing to win one of two $50 Amazon.com gift certificates. http://www.zoomerang.com/survey.zgi?p=9VFBX43WXLCN

==========

==== Hot Release: Free Trial SSL Certificate from Thawte ==== Take your first step towards giving your online business a competitive advantage. Test-drive a Thawte SSL certificate – our easy online guide will show you how. Click here to get started: http://ad.doubleclick.net/clk;7681426;8993437;c

==========

==== Security Toolkit ==== Virus Center Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.winnetmag.com/windowssecurity/panda FAQ: Can I Move Microsoft Exchange Server Systems Between Administrative Groups? by John Savill, http://www.winnetmag.com/windowsnt20002003faq A. No, even in a native Exchange Server 2003 organization, you can't move servers between administrative groups. However, if you're running Exchange in native mode, you can move mailboxes between administrative groups. To work around the inability to move Exchange servers between administrative groups, you can delete a server in one group and recreate it from scratch in another by performing the following steps: 1. Remove all resources and mailboxes from the server you want to move (in native mode, you can move the mailboxes to another server temporarily or use Exmerge to export the mailboxes). 2. Remove the server from the administrative group (i.e., uninstall Exchange). 3. Rebuild the server and select the new administrative group. 4. If Exchange is in native mode, move the mailboxes from the temporary Exchange server back to the original server. If you used Exmerge, import the mailboxes and relink them to the Active Directory (AD) accounts. Featured Thread: pcAnywhere with ISA Server (Four messages in this thread) Yushi writes that a client has requested that Yushi set up pcAnywhere on the client's server so that the client can remotely administer a database. The server is running Small Business Server (SBS) 2000 and Internet Security and Acceleration (ISA) Server. Yushi wants to know how to configure ISA Server to allow access to pcAnywhere. Lend a hand or read the responses: http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=118332 ==== Events Central ==== (A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events ) New Web Seminar Preemptive Email Security: How Enterprise Rent-A-Car Eliminates Spam Get the inside scoop on how Enterprise Rent-A-Car eliminated spam and viruses, improved their email security, and increased productivity. Don't miss this opportunity to educate yourself and become a smarter customer when it comes to choosing an antispam solution that best fits your organization's needs. Sign up for this free Web seminar today! http://www.winnetmag.com/seminars/emailsecurity/index.cfm?code=emailannc ==== New and Improved ==== by Jason Bovberg, [email protected] Respond to Network Security Information in Real Time eEye Digital Security and e-Security announced an enterprise threat-management solution. The eEye Retina Network Security Scanner scans every machine on a corporate network for vulnerabilities and immediately makes that information available to the e-Security ESM real-time management console, so you have accurate and timely information available to help you prioritize resources for vulnerability remediation. For more information about this partnership, contact eEye or e-Security on the Web. http://www.eeye.com http://www.esecurity.net Tell Us About a Hot Product and Get a T-Shirt! Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

=========

==== Contact Us ==== About the newsletter -- [email protected] About technical questions -- http://www.winnetmag.com/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring Security UPDATE -- [email protected]

==========

==== Contact Our Sponsors ==== Primary/Secondary Sponsor: Symantec -- http://www.symantec.com Hot Release Sponsor: Thawte -- http://www.thawte.com

===============

This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.

http://www.winnetmag.com/sub.cfm?code=wswi201x1z

View the Windows & .NET Magazine privacy policy at

http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy

Windows & .NET Magazine, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.