Skip navigation

Security UPDATE--The Challenge of Data Destruction--May 4, 2005

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

Understanding Compliance from an IT Point of View

Turn Raw Security Data into an Enterprise Defense System


1. In Focus: The Challenge of Data Destruction

2. Security News and Features

- Recent Security Vulnerabilities

- SurfControl Enters Enterprise Anti-Spyware Market

- Tenebril Gets Funding and a New CEO

- Protecting Data at Rest

3. Security Toolkit

- Security Matters Blog


4. New and Improved

- Fight Fraudulent Web Sites


==== Sponsor: Quest Software ====

Understanding Compliance from an IT Point of View

There are a variety of compliance-related regulations affecting organizations and industries today. These regulations require that differing initiatives be put in place to meet a myriad of requirements. Many of the regulations are vague and cause confusion about what actually needs to be done to become compliant. In this techbrief titled: 'Understanding Compliance from an IT Point of View', you will learn how compliance requirements impact the IT environment, what procedures and policies organizations need to implement to become compliant, and what steps are necessary to meet these objectives. Also, you will find out about solutions you can use to secure internal controls, automate reporting, and prepare for remediation--all components for passing a compliance-related audit. Get your tech brief today.


==== 1. In Focus: The Challenge of Data Destruction ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Two weeks ago in my editorial "Wipe Old Hard Disks Clean--Reprise," I wrote about erasing disk data and mentioned some software and hardware tools that can help with that task. This week I want to follow up with some more information.

Sande Nissen wrote to tell me about the difficulties faced by the college he works for. Each year, the college replaces a portion of its computers, and this year he will need to dispose of about 200 computers. Before those systems can be sent to a recycler, the data on the disks must be destroyed. According to Nissen, the college's tool of choice at the moment (Symantec Ghost Solution Suite's GDisk component) requires about 1.5 hours per gigabyte to wipe disk data when using a Department of Defense-certified erasing routine. With so many disk drives and so many gigabytes to erase, the college needs a faster way to ensure data destruction.

Nissen said the college doesn't trust demagnetizers (degaussers), which erase disk data by subjecting the drives to a strong magnetic field. Degaussers are also expensive, costing anywhere from a few thousand dollars to more than $25,000. Even renting the equipment is expensive. Some companies charge $1400 per month per rental unit. If you're interested in degaussers, here are some links to manufacturers and rental companies:

An important thing to know about degaussers is that there are two basic types: open field and closed field. Open field units expose their magnetic fields to the surrounding environment, which means you and anything else that might be within range. That might pose health risks and could damage anything magnetic in the vicinity, including the magnetic strips on your credit cards. Closed field units, which are far more expensive than open field units, typically let you insert the drives inside the unit and contain the magnetic field emissions.

Nissen said the college has tried physically destroying the drives by driving a nail through them or smashing them. A few years ago, I read about people using liquid hydrogen to help destroy disk drives. Liquid hydrogen quickly freezes and makes brittle whatever it comes into contact with. If you dip a drive into it, you can then easily smash the drive with a hammer. This approach is a bit extreme because liquid hydrogen is very dangerous.

If you have only a few drives to erase, destruction is relatively simple. But as we've learned from Nissen's situation, the task becomes much more of a challenge when you have a lot of drives. Do you know of a better way to destroy data on a large number of drives, with a high degree of certainty that no one can recover the data? If so, send me an email message with the details.


Don't miss today's Web chat with Randy Franklin Smith on the topic "The Security Event Log: The Unofficial Guide." It's at 12:00 P.M. Eastern (9:00 A.M. Pacific). For more information, go to


==== Sponsor: BrightTools ====

Turn Raw Security Data into an Enterprise Defense System

Activeworx Security Center is a cost-effective network security log management solution for organizations of all sizes. ASC automatically correlates multi-vendor security event information to detect potential IT security threats. ASC eliminates the need to manually analyze multiple security alerts making you more productive – and your network much safer. Try it FREE.


==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

SurfControl Enters Enterprise Anti-Spyware Market

SurfControl announced its new Enterprise Threat Shield, which is designed to defend against malicious software, including spyware. The product stops adware, spyware, and keyloggers and protects against threats from Instant Messaging (IM) clients, peer-to-peer (P2P) clients, and games.

Tenebril Gets Funding and a New CEO

Tenebril, makers of SpyCatcher Enterprise, secured approximately $6.5 million in new funding. The company also recently hired former Zone Labs President and COO Irfan Salim as CEO.

Protecting Data at Rest

When Ameritrade announced that it had lost backup tapes containing personal information for about 200,000 of its customers, there was a clear sense of deja vu all over again. After all, just 2 months ago, Bank of America revealed that it had lost tapes containing data for 1.2 million federal employees. Elliot King discusses the ramifications in this article on our Web site.


==== Resources and Events ====

Establish a Manageable Desktop Software Configuration and Control IT Costs

Managing desktop software configurations is a manual process, resulting in unplanned costs, deployment delays, and client confusion. In this free Web seminar, find out how you can meet software-package-preparation requirements and increase your desktop reliability, user satisfaction, and IT cost effectiveness. You'll learn about the new application process, issue management during package preparation, historical recording and reporting, and more.

Are You Experiencing Increased Frustration with Your Current Antispam Solution?

With new and more dangerous email threats, in-house software, appliances, and even some services may no longer work effectively. They require too much IT staff time to update and maintain or satisfy the needs of different users. In this free Web seminar, learn firsthand from your colleagues and peers about their search for a better solution. Register today!

Improve The Availability of Your Exchange Servers

Managing storage growth, providing application resiliency, and handling small errors and problems before they grow are all important aspects of boosting your Exchange uptime. In this free Web seminar, discover how storage and application management techniques for Exchange can be used to improve the resiliency and performance of your Exchange infrastructure. Register now!

Get Excited About SQL Server 2005 Reporting Services

In this free Web seminar, explore the new features associated with Microsoft SQL Server 2005 Reporting Services. You'll discover how to offer the "single version of truth" in your enterprise reporting environment with the integration of Reporting Services 2005 and the Analysis Service 2005 Unified Dimensional Model (UDM). Plus, you'll discover Report Builder and more. Sign up today!

Get Ready for SQL Server 2005 Roadshow in a U.S. City Near You--and in Europe

Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Attend and receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now!

For a U.S. city

For Europe


==== Featured White Paper ====

Configuring Blade Servers for Your Application Needs

Blade servers are the evolution of the server market. They pack a lot of function into a small space, conserve power, and are flexible. From setting up storage, configuring a file-and-print server, a Web server, an email server, a database server, or a terminal server, you'll learn all the tips you need in this free white paper.


==== Hot Release ====

Evaluate New Security Tool & Get A Free T-Shirt

Get a FREE T-shirt after you evaluate NEW Desktop Authority 6.5 from ScriptLogic, now with Anti-Spyware & Patch Management options! Proactively secure and manage desktops from a central location with the award-winning desktop management solution. Download 30-day free trial today.


==== 3. Security Toolkit ====

Security Matters Blog

by Mark Joseph Edwards,

Stay Away from Googkle Dot Com and MSMN Dot Com

Someone who decided to take advantage of people's inevitable typing errors has set up a Web site at Googkle dot com that's designed to infect visitors' systems with malware. Google isn't the only one whose identity is being misused. The MSMN dot com domain mimics MSN's search site.


by John Savill,

Q: How do I use the Windows Server 2003 Service Pack 1 (SP1) Security Configuration Wizard (SCW)?

Find the answer at


==== Announcements ====

(from Windows IT Pro and its partners)

SQL Server Magazine Gives DBAs and Developers What They Need

With SQL Server 2005 right around the corner, it's important to note that SQL Server Magazine is on target to deliver comprehensive coverage of all betas of the new product and the final release. If you aren't already a subscriber, now is the time to subscribe. Act now and save 47% off the cover price, plus get the new Reporting Services poster.

Windows IT Pro Monthly Pass = Quick Answers!

Sign up today for your Windows IT Pro Monthly Pass and get 24/7 online access to every article on the Windows IT Pro Web site, including exclusive subscriber-only content. That's a database of more than 9000 Windows articles to help you get all the answers you need, when you need them! Sign up now:


==== 4. New and Improved ====

by Renee Munshi, [email protected]

Fight Fraudulent Web Sites

FraudEliminator has released FraudEliminator and FraudEliminator Pro for Microsoft Internet Explorer (IE) and Mozilla Firefox to fight fraudulent Web sites. FraudEliminator defends against all kinds of online fraud, including phishing, pharming, and DNS exploits, and shows information about each site you visit, including where it's hosted and when the domain name was registered. To identify fraudulent sites, FraudEliminator retrieves new fraud definitions and fraudulent site lists frequently from a central database and uses detection algorithms. FraudEliminator users can also report fraud incidents to the central database. FraudEliminator works with IE 5.0 or later and Firefox 1.0 or later. The basic version of FraudEliminator is free; FraudEliminator Pro, available for $19.99, delivers users more frequent fraud database updates and helps support the ongoing development of the product. For more information, go to

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.


==== Sponsored Links ====

Converting a Microsoft Access Application to Oracle HTML DB

Convert MS Access into a Web application for multiple users. Download now!;15956147;8214395;r?

Phishing, viruses, bot-nets and more: How to prevent the "Perfect Storm" from devastating your email system

Stop attacks with a multi-layered approach. Download this white paper now!


==== Contact Us ====

About the newsletter -- [email protected]

About technical questions --

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]


This email newsletter is brought to you by Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.