You may or may not know that when you drag items to the trash on your computer, they aren't permanently deleted. Just watch an episode of your favorite CSI show, and you'll see that its possible to recover files that haven't been deleted properly. And while I'm sure you're not guilty of any CSI type crimes (or are you???), I'm sure you want to figure out how to permanently delete your files and keep your private things private -- after all everyone has to have some secrets!

Why emptying your recycling bin doesn't permanently delete your files

When you tell your computer to empty its recycling bin, your operating system only deletes the records it has of the files you want to delete. Yet the files still remain on the hard drive memory.

Here's an analogy: If you think of your files as books in a library and you decide you no longer have use for a certain book. Emptying the trash is equivalent to removing the entry in the library's card catalog. The book is still there but not easily found by everyday visitors. But if someone really wanted to find it, and had a clue where to look, they quite possibly do so since it is still physically there.

What it means to permanently delete a file

To permanently delete a file, you need to not only delete its record, but also overwrite the physical portion of the hard drive where it lives. A low level format is equivalent to replacing your private file with random bits (1's and 0's). Continuing with the library analogy you need to remove remove the book, shred it, light up in flames and possibly replace it with a different book

A simple way to permanently delete?

According to Microsoft, there is a keyboard shortcut in Windows to, quote, "permanently delete files". You do this by selecting your file and hitting SHIFT+DEL. Convinced? Neither am I. What they're really explaining is a shortcut from having to move the item to the trash and then emptying the trash.

Take it a step further

Here's a poor man's version of permanent deletion. Delete your files, empty your recycle bin, and run Disk Defragmenter located in the Start menu under Accessories/System Tools. What this will do is optimize your hard drive by rearranging (most) of your files, and in doing so will most likely overwrite the files you want permanently deleted. Nice!

Do it right and do it better

While performing a defragmentation will probably do the trick, it's really not a viable solution. Waiting for disk defragmentation is not something I'd do every time I wanted to do a permanent deletion. The defragmentation process is waaaaay too long. The right way to how to permanently and quickly delete files is to use a program specifically designed for that purpose. You're in luck too because most Windows operating systems have a command line tool called CIPHER to do the trick!

Here's how to use CIPHER:

1. After closing all windows, open up a command window.

2. Type the following: cipher /w:driveletter:\foldername where driveletter and foldername correspond to the drive a location of where your deleted file used to live.

3. Sit back and enjoy your freedom and privacy while your file is truly permanently deleted!

Access Control Lists (ACLs) are sequential lists of permit and deny conditions applied to traffic flows on a device interface. ACLs are based on various criteria including protocol type source IP address, destination IP address, source port number, and/or destination port number.

ACLs can be used to filter traffic for various purposes including security, monitoring, route selection, and network address translation. ACLs are comprised of one or more Access Control Entries (ACEs). Each ACE is an individual line within an ACL.

ACLs on a Cisco ASA Security Appliance (or a PIX firewall running software version 7.x or later) are similar to those on a Cisco router, but not identical. Firewalls use real subnet masks instead of the inverted mask used on a router. ACLs on a firewall are always named instead of numbered and are assumed to be an extended list.

The syntax of an ACE is relatively straight-forward:

Ciscoasa(config)#access-list name [line number] [extended] {permit | deny} protocol

source_IP_address source_netmask [operator source_port] destination_IP_address

destination_netmask [operator destination_port] [log [[disable | default] | [level]] [interval seconds]] [time-range name] [inactive]

Here's an example:

asa(config)# access-list demo1 permit tcp 10.1.0.0 255.255.255.0 any eq www

asa(config)# access-list demo1 permit tcp 10.1.0.0 255.255.255.0 any eq 443

asa(config)# show access-list demo1

access-list demo1; 2 elements

access-list demo1 line 1 extended permit tcp 10.1.0.0 255.255.255.0 any eq www

access-list demo1 line 2 extended permit tcp 10.1.0.0 255.255.255.0 any eq https

In the above example, an ACL called "demo1" is created in which the first ACE permits TCP traffic originating on the 10.1.0.0 subnet to go to any destination IP address with the destination port of 80 (www). In the second ACE, the same traffic flow is permitted for destination port 443. Notice in the output of the show access-list that line numbers are displayed and the extended parameter is also included, even though neither was included in the configuration statements.

You can deactivate an ACE without deleting it by appending the inactive option to the end of the line.

As with Cisco routers, there is an implicit "deny any" at the end of every ACL. Any traffic that is not explicitly permitted is implicitly denied.

**Editing ACLs and ACEs**

New ACEs are appended to the end of the ACL. If you want, however, to insert the new ACE at a particular location within the ACL, you can add the line number parameter to the ACE:

asa04(config)# access-list demo1 line 1 deny tcp host 10.1.0.2 any eq www

asa04(config)# show access-list demo1

access-list demo1; 3 elements

access-list demo1 line 1 extended deny tcp host 10.1.0.2 any eq www

access-list demo1 line 2 extended permit tcp 10.1.0.0 255.255.255.0 any eq www

access-list demo1 line 3 extended permit tcp 10.1.0.0 255.255.255.0 any eq https

Notice in the first line of the example above that an ACE is added at line one in the ACL. Notice in the output from the show access-list demo1 command that the new entry is added in the first position in the ACL and the former first entry becomes line number two.

You can remove an ACE from an ACL by preceding the ACE configuration statement with the modifier no, as in the following example:

Asa04(config)#no access-list demo1 deny tcp host 10.10.2 any eq www

In my next article, I'll show you how to use time-ranges to apply access-control lists only at certain times and/or on certain days. I'll also show you how to use object-groups with access-control lists to simplify ACL management by grouping similar components such as IP addresses or protocols together.

Time synchronisation in modern computer networks is essential. It not only provides the only frame of reference between all devices, it is critical in everything from securing, planning and debugging a network to providing a time stamp for applications such as data acquisition or email.

Microsoft Windows XP has a time synchronisation utility built into the operating system called Windows Time (w32time.exe) which can be configured to operate as a network time server. It can be configured to both synchronise a network using the internal clock or an external time source.

For many applications, an internal clock can be quite adequate, although, on a network, problems can arise with applications such as sharing network files or in some environments even fraud, so it is vital for security reasons to use an accurate timing source for your network.

NTP (Network Time Protocol) is a protocol already installed on Windows XP and is used by Windows Time to keep machines synchronised to the single time source. There are several timing sources available on the Internet but Microsoft and others strongly recommend that you configure a time server with a hardware source rather than from the Internet where there is no authentication.

Specialist NTP servers are available that can receive a reliable time source via the GPS signal or specialist radio transmissions that get their time from atomic clocks.

If you wish to configure Windows XP to operate as a time server then first thing is to locate the Windows Time subkey. To do this:

Run Regedit (Click start/run/then type REGEDIT/and click enter.

Note: editing your system registry can cause problems with your system. It is advisable to back up your system before editing the registry.

Now locate the following subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\parameters\
Right click the right-hand side and click Modify. In the Edit Value box, under Value Data, type NTP and then click OK.

Now go to the Config folder and right-click AnnounceFlags, Modify and in the Edit DWORD Value box, under Value Data, type 5, and then click OK.

Locate this subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\

Right-click in the right-side window and Modify. Edit the DWORD value box and type the number of seconds you want for each poll under Value data, i.e.: 900 will equal 15 minutes. The poll field represents the polling interval between NTP poll packets.

To enable the NTP server locate the subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer\
Right click enabled (in the right-hand window) then Modify. Edit the DWORD Value and type 1. Right-click NtpServer, then Modify and in the Edit DWORD Value under Value Data type Peers, then click OK.

Locate: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\config

In the right pane, right-click MaxPosPhaseCorrection, then Modify, in the Edit DWORD Value box, under Base, click Decimal, under Value Data, type a time in seconds such as 3600 (an hour) then click OK. This adjusts the connection settings.

Now go back and click:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\config

In the right pane, right-click MaxNegPhaseCorrection, then Modify.

In the Edit DWORD box under base, click Decimal, under value data type the time in seconds you want to poll such as 3600 (an hour).

Exit Registry then restart windows time service by clicking Start/Run then typing:

net stop w32time && net start w32time.

on each computer, other than the domain controller, type: W32tm/resync/rediscover.

The time server should be now up and running.

NTP (Network Time Protocol) synchronises networks to a single time source using timestamps to represent the current time of the day, this is essential for time sensitive transactions and many system applications such as email.

NTP is therefore vulnerable to security threats, whether from a malicious hacker who wants to alter the timestamp to commit fraud or a DDoS attack (Distributed Denial of Service - normally caused by malicious malware that floods a server with traffic) that blocks server access.

However, being one of the Internet's oldest protocols and having been developed for over 25 years, NTP is equipped with its own security measures in the form of authentication.

Authentication verifies that each timestamp has come from the intended time reference by analysing a set of agreed encryption keys that are sent along with the time information. NTP, using Message Digest encryption (MD5) to un-encrypt the key, analyses it and confirms whether it has come from the trusted time source by verifying it against a set of trusted keys.

Trusted authentication keys are listed in the NTP server configuration file (ntp.conf) and are normally stored in the ntp.keys file. The key file is normally very large but trusted keys tell the NTP server which set of subset of keys is currently active and which are not. Different subsets can be activated without editing the ntp.keys file using the trusted-keys config command.

Authentication is therefore highly important in protecting a NTP server from malicious attack; however there are many time references were authentication can't be trusted.

Microsoft, who has installed a version of NTP in their operating systems since Windows 2000, strongly recommends that a hardware source is used as a timing reference as Internet sources can't be authenticated.

NTP is vital in keeping networks synchronised but equally important is keeping systems secure. Whilst network administrators spend thousands in anti-viral/malware software many fail to spot the vulnerability in their time servers.

Many network administrators still entrust Internet sources for their time reference. Whilst many do provide a good source for UTC time (Coordinated Universal Time - the international standard of time), such as nist.gov, the lack of authentication means the network is open to abuse.

Other sources of UTC time are more secure and can be utilized with relatively low cost equipment. The easiest method is to use a specialist NTP GPS time server that can connect to a GPS antenna and receive an authenticated timestamp by satellite.

GPS time servers can provide accuracy to UTC time to within a few nanoseconds as long as the antenna has a good view of the sky. They are relatively cheap and the signal is authenticated providing a secure time reference.

Alternatively there are several national broadcasts that transmit a time reference. In the UK this is broadcast by the National Physics Laboratory (NPL) in Cumbria. Similar systems operate in Germany, France and the US. Whilst this signal is authenticated, these radio transmissions are vulnerable to interference and have a finite range.

Authentication for NTP has been developed to prevent malicious tampering with system synchronisation just as firewalls have been developed to protect networks from attack but as with any system of security it only works if it is utilised.