Updated Windows 2000 Security Tools

On June 6, I wrote about the need for adequate exit procedures for when an employee leaves a company (for whatever reasons). This week, I came across an interesting news item at ComputerWorld (see URL below) that serves as a great case in point. A company suffered repeated Denial of Service (DoS) attacks after firing two key software developers. As it turned out, the company failed to change certain passwords after firing the two employees, and subsequently, these two former employees used those passwords to gain remote access to the company's application server and crash it. Be sure to read the details of the story with its interesting comments.

You might also recall that on June 20, I mentioned that the National Security Agency (NSA) had released a set of documents to help users secure Windows 2000 systems. The demand for these documents was overwhelming, and the NSA had to take the documents offline because of the server load. NSA contracted with Conxion to host these documents, which are available again from links at the NSA Web site. In addition, NSA has made documents available that help secure Cisco routers.

Speaking of Win2K security, Microsoft has an updated version of the cipher.exe tool that it's shipping with Win2K as part of the Encrypting File System (EFS). The original cipher.exe version that ships with the OS doesn't include a mechanism to wipe data off the hard disk; however, the updated version does include such functionality. During typical system operation, when you delete a file, the OS doesn't actually erase the data associated with that file. Instead, the OS marks the disk clusters related to that file as available empty space, and the data remains intact within those clusters until another process overwrites the clusters with new data. In other words, you can recover deleted files from a Win2K system in certain instances.

Clem Colman of Colman Communications realized the problem and suggested that Microsoft provide a cluster-wiping mechanism, and now this updated cipher.exe version is available to overwrite all unallocated clusters, guarding against unwanted data recovery. You can find the updated cipher.exe file on Microsoft's TechNet Web site.

Of course, third-party tools that wipe data off the hard disk are also available. A few freeware packages that I am aware of include Parisien Encryption Tools from Parisien Research, Without a Trace from Karmadrome Software, and BCWipe from Jetico.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.