Security UPDATE--Cleaning Up After Mass Password Changes--December 14, 2005

1. In Focus: Cleaning Up After Mass Password Changes

2. Security News and Features

- Recent Security Vulnerabilities

- Windows Server 2003 R2 Ready to Go

- Two Microsoft Security Bulletins Released in December

- Easy 802.11g Security

3. Security Toolkit

- Security Matters Blog

- FAQ

- Security Forum Featured Thread

4. New and Improved

- Security Appliance Line Gets Software Upgrade, New Models

==== Sponsor: St. Bernard Software ====

Filtering the Spectrum of Internet Threats: Defending Against Inappropriate Content, Spyware, IM, and P2P at the Perimeter

Because of the proliferation of Web-based threats, you can no longer rely on basic firewalls as your sole network protection. Attackers continue to evolve clever methods for reaching victims, such as sending crafty Web links through Instant Messaging (IM) clients or email, or by simply linking to other Web sites that your employees might surf. This free white paper examines the threats of allowing unwanted or offensive content into your network and describes the technologies and methodologies to combat these types of threats. Get your free copy now!

http://www.windowsitpro.com/whitepapers/stbernard/internetaccess/index.cfm?code=sectop1214

==== 1. In Focus: Cleaning Up After Mass Password Changes ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Last week, I mentioned ways to change passwords en masse. Hobbit (creator of the hugely popular netcat tool) wrote to remind me that I didn't mention the fact that storing plaintext passwords in scripts carries considerable risk. Obviously, the passwords might be recoverable by an intruder.

After you've performed mass password changes, don't leave password strings lying around in plaintext. You might use strong encryption to encrypt the data, or better yet, you might remove the passwords from your system completely. To do that, delete any password strings in your scripts or delete the scripts completely. Then securely erase your disk space to ensure that the passwords can't be recovered by intruders.

To wipe a disk clean, you need to overwrite all sectors on a drive in some fashion. Some disk-wiping tools can overwrite sectors numerous times to better ensure that the magnetic flux (which is the means by which data is recorded) is dramatically changed so that little if any flux remains to be used toward data recovery. You can use Stellar Information Systems' Stellar Wipe Safe Data Eraser, Heidi Computers' Eraser, or any number of other tools designed to destroy disk-based data. If you use Sunbelt Software's CounterSpy antispyware tool, you might know that it has a built-in file eraser utility that you could use.

http://www.stellarinfo.com/file-eraser.htm

http://www.heidi.ie/eraser

http://www.sunbeltsoftware.com/CounterSpy.cfm

If you're interested in some facts and theory about how someone might recover data from your disks and how disk-erasing technology can help prevent that from happening, read "Secure Deletion of Data from Magnetic and Solid-State Memory" by Peter Gutmann at

http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/

Instead of creating and running your scripts from a hard disk, you could run your script from a floppy disk drive and then burn the floppy disk when you're done. I can't think of a more secure method than this. But many systems these days don't even have floppy disk drives.

A long time ago, I used RAM disks to help some programs run much faster. A RAM disk would be great for helping to secure your passwords in scripts that are used to perform mass password changes. You can create a RAM disk, use it to develop and run your scripts, and when you're finished, repeatedly erase the RAM disk. Then uninstall the RAM disk drivers, shut down the system, power it off (which destroys anything in RAM), and reboot the computer. There's still a slim chance that someone might be able to recover passwords written to RAM, but it would be incredibly difficult, because the RAM space used by the RAM disk will be overwritten repeatedly by the OS and your applications. Using a RAM disk is probably much safer than relying on a tool to erase hard disk space.

When establishing a RAM disk, be sure that you immediately set permissions on the new disk drive to prevent unwanted access. You can find numerous RAM disk drivers for Windows 2000 and Windows XP (some of which are free) by using your favorite search engine. Use a search string similar to

RAMdisk +"Windows XP" +"Windows 2000"

If you don't want to trust somebody else's RAM disk code, download Microsoft's RAM disk source code, review it carefully to make sure you trust it, then compile it yourself. Keep in mind that Microsoft's sample RAM disk code works only on Windows 2000. The Microsoft article "FILE: Ramdisk.sys sample driver for Windows 2000" cautions that if you use the code on Windows XP, it could render the System Restore features useless.

http://support.microsoft.com/?kbid=257405

Finally, you might use a thumb drive, which can essentially act like a RAM disk. Or you could use an MP3 player or digital camera as an additional disk drive on your system, then detach it when you're finished using it. As with hard disks and RAM disks, be absolutely certain that you delete any sensitive information the drive contains, then erase the unused space repeatedly.

==== Sponsor: Panda Software ====

Provide Secure Remote Access

It may be tempting to deploy a WiFi wireless access point or offer PDAs or laptops to your roaming employees so they can work from virtually anywhere. In this free white paper you'll get the important security implications you should consider before you do so.

http://www.windowsitpro.com/go/whitepapers/panda/mobileandwireless?code=secmid1214

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

Windows Server 2003 R2 Ready to Go

Microsoft released Windows Server 2003 Release 2 (R2) to manufacturing. The updated version of the OS brings new features and functionality. A key security focus area for Microsoft is identity management, which is based on the capabilities of Active Directory (AD). R2 also brings improvements to virtual machine (VM) technology, branch office management, and storage management (first URL below). For a more-in-depth look at R2, see "R2 Moves Windows Server 2003 Forward" (second URL below).

http://www.windowsitpro.com/Article/ArticleID/48678

http://www.windowsitpro.com/Article/ArticleID/48251

Two Microsoft Security Bulletins Released in December

Microsoft released two security patches yesterday: one rated critical and the other, important. Microsoft also released five high-priority nonsecurity updates. As usual, the company also released an updated version of its Malicious Software Removal Tool (MSRT). For Randy Franklin Smith's analysis of the security bulletins, go to

http://www.ultimatewindowssecurity.com/msbulletins.html

Easy 802.11g Security

Many inexpensive wireless APs emphasize ease of setup at the expense of security. Jeff Fellinge helps you secure your wireless network in this article on our Web site.

http://www.windowsitpro.com/Article/ArticleID/48168

==== Resources and Events ====

SQL Server 2005: Up & Running Roadshows Coming to Europe!

SQL Server experts will present real-world information about administration, development, and business intelligence to help you put SQL Server 2005 into practice and learn how to use its new capabilities. Includes one-year PASS membership and subscription to SQL Server Magazine. Register now for London, UK, and Stockholm, Sweden, at

http://www.windowsitpro.com/roadshows/sqlservereurope/index.cfm?code=1214emailannc

Upgrade to Analysis Services 2005

Get the tips and tricks you'll need to upgrade to Analysis Services 2005, including possible upgrade and migration scenarios, preplanning steps, and tips on running the new Analysis Services migration wizard. Plus, you'll discover what steps are required after the migration process is complete and explore some of the new features of Analysis Services 2005.

http://www.windowsitpro.com/go/seminars/analysisservices/?partnerref=1214emailannc

Are You Really Prepared for Disaster Recovery?

Join industry guru Liam Colvin in this free Web seminar and get the tips you need to validate your disaster recovery data. You'll learn if your backup and restore data is worth staking your career on, what type of geo-clustering is right for you, which response to use in crisis situations, and more!

http://www.windowsitpro.com/go/seminars/disasterrecovery/?partnerref=1214emailannc

Scripting and code don't have to be boring. Subscribe today to Scripting Central and get a down-and-dirty technical yet lighthearted look at scripts. You'll also get tools and tips for writing scripts for a variety of Windows applications, such as Exchange and SQL Server. Sign up today!

http://www.windowsitpro.com/email

Do You Know What "High Availability" Really Means?

Learn what high availability really means and the different strategies that you can use to improve your email systems' availability and resiliency. Download this FREE guide now and get prepared to choose the appropriate solutions to protect your messaging data at the lowest cost and with the highest reliability.

http://www.windowsitpro.com/essential/index.cfm?code=1214emailannc

Black Hat Federal Briefings and Trainings

January 23-26, 2006, Sheraton Crystal City, Washington, DC. This new show--with 4 Briefings tracks and 11 Training classes--focuses on the problems and issues that governments face in protecting their infrastructure. Content will be oriented toward attack and defense, rootkit detection to IDS evasion. Stellar speakers include Michael Lynn, Simson Garfinkel, Halvar Flake, and Dan Kaminsky. Visit http://www.blackhat.com for complete updates.

==== Featured White Paper ====

Ensure Data Protection and High Availability for Microsoft Exchange

Having a mission-critical, data protection solution that is cost effective, hardware independent, and scalable is something every IT manager should consider. In this free white paper, get all you need to know about ensuring data protection and high availability for Exchange. This is one paper you can't afford to miss! Get your copy today at

http://www.windowsitpro.com/go/whitepapers/NSI/exchange?code=1214emailannc

==== Hot Spot ====

Protect and Manage Instant Messaging

85% of businesses use IM for business or personal use to improve communication and reduce email usage. In this free white paper learn how to protect your company and implement a managed IM security solution!

http://www.windowsitpro.com/go/whitepapers/postini/instantmessaging?code=sechot121

==== 3. Security Toolkit ====

Security Matters Blog: Cisco Developers Might Be Up Late This Holiday Season

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Mike Lynn encountered difficulty early this year in his attempts to discuss a flaw in Cisco hardware at the Black Hat conference in Las Vegas. He apparently knows of 15 more flaws in Cisco hardware. But the story gets even worse. Read about it in this blog article on our Web site.

http://www.windowsitpro.com/Article/ArticleID/48717

FAQ

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: How do I enable HTTP Secure (HTTPS) traffic on my Microsoft IIS 6.0 Web server site by using my local forest Certificate Authority (CA)?

Find the answer at http://www.windowsitpro.com/Article/ArticleID/48664

Security Forum Featured Thread: Host-based Firewalls for Windows Server 2003

A forum participant wonders if someone can suggest a very powerful and easy to manage (locally and remotely) host-based firewall solution that runs on Windows Server 2003 and includes robust reporting and alerting features. Join the discussion at

http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=44937&STARTPAGE=1

==== Announcements ====

(from Windows IT Pro and its partners)

The Windows IT Pro Master CD has it all.

Get the Windows IT Pro Master CD and get portable, high-speed access to the entire Windows IT Pro article database on CD--that's a library of more than 9000 articles! The newest issue includes BONUS Windows IT Tips; sign up now, and you'll SAVE 25%. Offer ends 12/31/05, so take advantage of this holiday offer now.

https://store.pentontech.com/index.cfm?s=1&promocode=eu225cuc

Exchange & Outlook Administrator Newsletter--Holiday Special

Need answers to your tough Exchange questions? Subscribe to the Exchange & Outlook Administrator newsletter and SAVE up to $30 off the regular price. Each issue features tools and solutions you won't find anywhere else to help you migrate, optimize, administer, back up, recover, and secure Exchange and Outlook. Paid subscribers also get searchable access to the full online Exchange article database (more than 1000 articles). Order now:

https://store.pentontech.com/index.cfm?s=1&promocode=eu235cue

==== 4. New and Improved ====

by Renee Munshi, [email protected]

Security Appliance Line Gets Software Upgrade, New Models

Network Engines is shipping version 3.0 software for all its NS Series Security Appliances, including two new models: NS6250 and NS8400. The new features in 3.0 deliver platform extensibility, management integration into the Microsoft Operations Manager (MOM) environment, and advanced protection for Web-based communications, including Web content security for Microsoft Exchange, SharePoint Portal server, and IIS. The NS Series is a family of multifunctional security appliances based on Microsoft Internet Security and Acceleration (ISA) Server 2004 and designed for small and midsized businesses (SMBs) and remote offices. The new NS6250 is a lower cost solution for smaller businesses or branch locations; the NS8400 is the highest performance platform to date. List pricing for the NS Series ranges from $3795 to $16,495.

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to

[email protected].

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]