Security UPDATE--Wipe Old Hard Disks Clean Reprise--April 20, 2005

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

The Competitive Advantages of Multi-Platform Remote Control: A Pathway to Increased Productivity

http://www.windowsitpro.com/whitepapers/netopia/remotecontrol/index.cfm?code=secnl_420

Is Your Office Truly Fax Integrated?

http://www.windowsitpro.com/whitepapers/faxback/officefax/index.cfm?code=secnl_420

===============

1. In Focus: Wipe Old Hard Disks Clean--Reprise 2. Security News and Features - Recent Security Vulnerabilities - SSL VPN Products - IIS Application Isolation - eEye Releases Free WiFi Scanner 3. Instant Poll 4. Security Toolkit - Security Matters Blog - FAQ - Security Forum Featured Thread 5. New and Improved - Manage Windows Firewall

==========

==== Sponsor: Netopia ==== The Competitive Advantages of Multi-Platform Remote Control: A Pathway to Increased Productivity The largest cost component associated with computers in the workplace is "misdirected end user activities" - the amount of time wasted by end users trying to fix a problem themselves or trying to help a colleague fix a problem that is best handled by IT staff. In this free white paper discover how to achieve a faster resolution of IT-related problems, reduce end-user downtime, increase employee productivity, and operate in a more efficient manner. Learn how your company can intelligently manage their enterprise environment and possess an inherent competitive advantage. Discover how you can outperform the competition by controlling costs and boosting productivity and download this free white paper now! http://www.windowsitpro.com/whitepapers/netopia/remotecontrol/index.cfm?code=secnl_420

==========

==== 1. In Focus: Wipe Old Hard Disks Clean--Reprise ==== by Mark Joseph Edwards, News Editor, mark at ntsecurity / net A year ago, I wrote in this space about tools that you can use to wipe hard disks clean of all data. In that article, I mentioned four software-based tools. This week I learned about two more tools and about another type of product that can help when you need to erase a disk. The tools I mentioned in the previous article (first URL below) are Autoclave (no longer supported), LSoft Technologies' Active@KillDisk (second URL below), Stellar Information Systems' Stellar Wipe Safe Data Eraser (third URL below), and Heidi Computers' Eraser (fourth URL below). http://www.windowsitpro.com/Article/ArticleID/42207 http://www.killdisk.com http://www.stellarinfo.com/file-eraser.htm http://www.heidi.ie/eraser Because Autoclave, formerly provided by the University of Washington, is no longer supported, the university now refers people to the open source Darik's Boot and Nuke tool (DBAN). DBAN works from a bootable floppy disk, can erase data in various modes (DoD short, random number streams) and works with PCs and PowerPC platforms, including Apple Macintosh. DBAN is also bundled with Heidi Computers' Eraser. http://dban.sourceforge.net If you have Windows XP, then maybe you know that it ships with a command-line tool, cipher.exe, designed to manage encryption on entire volumes as well as directories. One of the features of cipher.exe is that it can wipe a disk to help prevent data recovery. The tool's /? switch gives you a list of all the available command-line options. You can use the last option, /W, to wipe an entire disk or a select directory. There are, of course, other tools that can do the same job, which you can probably find using your favorite search engine. Wiping an entire disk clean (so that you can recycle or dispose of it, donate it to charity, or return it under warranty) is sometimes quite a problem, especially if the disk is in a system that can no longer boot. You can of course try to use some sort of bootable CD-ROM and then run a software-based tool to wipe the disk. You can also remove the disk and put it into another system, boot that system, then wipe it clean. Another method, which I think is very handy, is to use a custom connector that lets you connect a disk to any system using a USB or FireWire port. Such connectors are relatively inexpensive and have the added advantage of letting you connect any ATA disk to a supported system, including a laptop, which is also a great way to get a bunch of extra disk space when you need it. The Dan's Data Web site reviews at least four connectors I think you might be interested in. One is an external drive box shell from Sunnytek Information available for ATA and SATA configurations (review at the first URL below). You can insert just about any regular ATA disk you can think of inside the shell. Another is ComboDock by WiebeTech, which is a small external connector box that connects to the back of an ATA disk (review at the second URL below). Yet another is the USB 2.0 to IDE Cable, available from USBGEEK.COM (review at the third URL below). And finally, there is the R-Driver II USB to IDE cable (review at the fourth URL below), which I think is the best choice because it lets you connect regular ATA drives and the mini-ATA drives that are typically used in laptops and other portable computing devices. http://www.dansdata.com/sntboxes.htm http://www.dansdata.com/combodock.htm http://www.dansdata.com/usbadapt.htm http://www.dansdata.com/rdriver.htm One thing to keep in mind is that USB 2.0 (up to 480Mbps) is much faster than USB 1.x (up to 12Mbps). And likewise, FireWire 1394b (up to 800Mbps) is twice as fast as FireWire 1394a (up to 400Mbps). If you don't have USB 2.0 or FireWire 1394b in your system, you can buy an inexpensive add-on card to significantly speed up read and write times. Any of the ATA connectors I mentioned let you add a disk to a system in just a few seconds. Not only can you use them to wipe data off disk, but because they offer complete portability, you can also use them with CD-ROM and DVD drives to create your own portable backup solutions. If you're interested in these connectors, be sure to read the related hardware reviews at Dan's Data.

==========

==== Sponsor: FaxBack ==== Is Your Office Truly Fax Integrated? Discover how to make your business more productive with easier ways for users to communicate and carry out mission-critical business processes. Download this free white paper to learn how to integrate fax with Microsoft Office and Exchange/Outlook applications. Get usage examples of Office-to-Fax integration, learn the benefits, and how fax works with Microsoft Office to deliver clear and substantial benefits to users. http://www.windowsitpro.com/whitepapers/faxback/officefax/index.cfm?code=secnl_420

==========

==== 2. Security News and Features ==== Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://www.windowsitpro.com/departments/departmentid/752/752.html SSL VPN Products Not having access to your company's network and applications when you're on the road or working at home can seriously compromise your ability to do your job. This Buyer's Guide looks at Secure Sockets Layer (SSL) VPNs, a special type of remote access product that complements the secure gateways and network-based VPN technology that most companies already have. http://www.windowsitpro.com/Article/ArticleID/45612 IIS Application Isolation From time to time, you're probably called on to deploy a Web application that traffics sensitive information. The deployment includes installing the application on a hardened server in such a way that no other Microsoft IIS applications can access the application files. Learn how to isolate applications in Brett Hill's article on our Web site. http://www.windowsitpro.com/Article/ArticleID/45549 eEye Releases Free WiFi Scanner eEye Digital Security announced the release of its free Retina WiFi Scanner, which is designed to help detect active wireless devices, including those that might already be connected to a company's wireless network. http://www.windowsitpro.com/Article/ArticleID/46029

==========

==== Resources and Events ==== Microsoft Tech·Ed 2005 Europe, 5 - 8 July, Amsterdam, The Netherlands Build you own 4 day agenda from 12 targeted tracks offering over 400 technical sessions, Hands-On Labs, Chalk-&-Talks, Panel Discussions and more. At Microsoft's flagship European technical education conference for Developers and IT Professionals engage with outstanding speakers, network with your European peers, evaluate current and soon-to-be-launched technologies and share the inspiration! Save 300 euros! Register before our 20th May Early Bird deadline at http://www.microsoft.com/europe/teched/ Are You Experiencing Increased Frustration with Your Current Antispam Solution? With new and more dangerous email threats, in-house software, appliances, and even some services may no longer work effectively. They require too much IT staff time to update and maintain or to satisfy the needs of different users. In this free Web seminar, learn firsthand from your colleagues and peers about their search for a better solution. Register today! http://www.windowsitpro.com/seminars/antispamsolutions/index.cfm?code=0420emailanncs Get The Valuable Resources You Need To Secure Your IT Environment. Stay on top of new security threats, address those security threats, ensure trustworthy computing in your environment, and more! Download an eBook or white paper before June 30th and you'll be entered for a chance to win an Xbox! http://www.windowsitpro.com/techxtraining/microsoftsecurity/index.cfm?code=0420emailannc Developing, Deploying and Managing SQL Server Integration Services (SSIS) In this free Web seminar, find out the role SSIS plays in Microsoft's BI strategy and learn about the important new SSIS features. You'll get a guided tour illustrating how to develop SSIS packages using the new SSIS Designer and learn how to customize those packages to run on different systems. Sign up today! http://www.windowsitpro.com/seminars/sqlserverintegrationservices/index.cfm?code=0420emailannc Improve Fax Messaging and Application Integration View this on-demand Web seminar and receive a complimentary 30-day software evaluation and industry white paper! Join industry expert David Chernicoff and learn how leading organizations are incorporating fax technologies to empower users and enhance existing investments in infrastructure and applications while providing substantial ROI. Register now! http://www.windowsitpro.com/seminars/faxservers/index.cfm?code=0420emailannc Get Ready for SQL Server 2005 Roadshow in a City Near You Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Attend and receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now! http://www.windowsitpro.com/roadshows/sqlserverusa/index.cfm?code=0418emailanncs

==========

==== Featured White Paper ==== Converting a Microsoft Access Application to Oracle HTML DB Get the most efficient, scaleable, and secure approach to managing information using an Oracle Database with a Web application as the user interface. In this free white paper learn how you can use an Oracle HTML Database to convert a Microsoft Access application into a Web application that can be used by multiple users concurrently. Download this free white paper now! http://www.windowsitpro.com/whitepapers/oracle/htmlaccess/index.cfm?code=0420emailannc

==========

==== Hot Release ==== Best Practices for Establishing and Enforcing a Security Policy in Your Business With all the viruses, Trojans, spyware, malware, and malicious attacks out there, is your company as prepared as it can be to fend off these threats? This white paper will provide you with detailed information for establishing and enforcing a security policy so that you have a safety net to fall back on and can ensure that you're making the right decisions at a demanding time. Download this free white paper now! http://www.windowsitpro.com/whitepapers/microsoft/bestpractices/index.cfm?code=secnl_420

==========

==== 3. Instant Poll ==== Results of Previous Poll: Do you consider IIS 6.0 to be a secure platform? The voting has closed in this Windows IT Pro Security Hot Topic nonscientific Instant Poll. Here are the results from the 52 votes: 52% Yes 48% No New Instant Poll: Do you map the data you collect during wireless-network audits by using tools such as StumbVerter and MapPoint? Go to the Security Hot Topic and submit your vote for - Yes - I haven't been, but I plan to - No, and I don't plan to http://www.windowsitpro.com/windowssecurity#poll ==== 4. Security Toolkit ==== Security Matters Blog by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters Honeynet Project Challenge: Scan 34 The Honeynet Project's latest Scan of the Month challenge is online now and invites you to analyze data collected from an Apache server, a Linux system, an iptables firewall, and a Snort IDS system. If you plan to participate, your forensic analysis is due by May 9. http://www.windowsitpro.com/Article/ArticleID/46092 FAQ by John Savill, http://www.windowsitpro.com/windowsnt20002003faq Q: What's new in Windows Server 2003 Service Pack 1 (SP1)? Find the answer at http://www.windowsitpro.com/Article/ArticleID/46055 Security Forum Featured Thread: Pushing Software to Client PCs A forum participant wants to know how to install software on PCs on which the users don't have administrator rights. He needs to push out client software to a few hundred users. He's considering using a Windows Management Instrumentation (WMI) script to set up a scheduled task running as a local admin on each PC. This task would map the drive and run the silent install. He wonders if that would work or whether there's another option that he should know about. Join the discussion at http://www.windowsitpro.com/Forums/messageview.cfm?catid=42&threadid=131628

==========

==== Announcements ==== (from Windows IT Pro and its partners) Check Out the New Windows IT Security Newsletter! Security Administrator is now Windows IT Security. We've expanded our content to include even more fundamentals on building and maintaining a secure enterprise. Each issue also features product coverage of the best security tools available and expert advice on the best way to implement various security components. Plus, paid subscribers get online access to our entire security article database! Click here to try a sample issue today: http://www.secadministrator.com/rd.cfm?code=fseu2554up Windows IT Security Monthly Pass = Quick Answers! Sign up today for your Windows IT Security Monthly Pass and get 24/7 online access to every article on the Windows IT Security Web site, including exclusive subscriber-only content. That's a database of more than 1900 security articles to help you get all the answers you need, when you need them! Sign up now: http://www.windowsitpro.com/sub/MonthlyAccess/index.cfm?promocode=eu2554mp

==========

==== 5. New and Improved ==== by Renee Munshi, [email protected] Manage Windows Firewall Gravity Storm Software announced the release of Service Pack Manager (SPM) 7.0, which now includes functionality to manage Windows Firewall on networked Windows XP and Windows Server 2003 machines. SPM 7.0 lets you detect all the machines on the network running Windows Firewall, determine which machines are in compliance with your user-defined Windows Firewall policy, and easily distribute your policy. Compliance checks are performed at the level of allowed/blocked ports. Service Pack Manager doesn't require use of Active Directory (AD), Group Policies, or scripting. For more information or to download a free evaluation copy, go to http://www.securitybastion.com Tell Us About a Hot Product and Get a T-Shirt! Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]. Editor's note: Share Your Security Discoveries and Get $100 Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==========

==== Sponsored Links ==== Quest Software Heading to Exchange from Notes or GroupWise? Get Expert Help! http://ad.doubleclick.net/clk;14771969;8214395;x?http://wm.quest.com/WITPUpdateNotesMigratorforExchange32005 Argent versus MOM 2005 Experts Pick the Best Windows Monitoring Solution http://ad.doubleclick.net/clk;15681373;8214395;n?http://www.argent.com/w/whitepapers_mom.html?Source=WNT%20Sponsored%20Link High Availability for Windows Services Learn of core issues surrounding Windows high availability - Download this white paper now! http://www.winnetmag.com/whitepapers/neverfail/highavailability/index.cfm?code=NL418-422

==========

==== Contact Us ==== About the newsletter -- [email protected] About technical questions -- http://www.windowsitpro.com/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring Security UPDATE -- [email protected]

===============

This email newsletter is brought to you by Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.

http://www.secadministrator.com/rd.cfm?code=00ep254xeb

View the Windows IT Pro privacy policy at

http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.