What's New at u1.net

back to top

Featured Client

Carolina Turkey

In 1986, two of North Carolina's leading family-owned businesses, Goldsboro Milling Company and Carroll's Foods, joined forces to form Carolina Turkeys. From the start, the new company recognized a strategic need for diversification, integration and total quality control in every aspect of its operations.

Smithfield Foods purchased Carroll's Foods' partnership interest in Carolina Turkeys in May 1999. Goldsboro Milling Company and Smithfield Foods have been very supportive of Carolina Turkeys' needs for capital to grow, and provide the services to be the customer preferred supplier of better value turkey products.

Today, Carolina Turkeys is the world's largest turkey processing plant. Based in Mt. Olive, North Carolina, Carolina Turkeys' fully integrated operation combines diagnostic labs, research farms, breeder farms, hatcheries, growing farms and feed mills. Production runs around the clock, with more than 550 million pounds of turkey currently processed each year for distribution throughout the U.S. and overseas.

u1.net teamed up with Carolina Turkey to launch a web initiative for this world class food producer. u1.net created a new look and feel for the web site and added many ground breaking world-class enhancements: an interactive nutritional information, a product line and an "EZ menu" ideas feature. These interactive tools are all XML driven and allow the client to update the content themselves. The u1 team also created separate logins for subscribers, sales and administrators, each with their own functions and permissions in order to optimize customer service.

Click Here if you would like your organization to experience the same success as Carolina Turkey.

back to top

Affinity Health Plan

Originally known as The Bronx Health Plan (TBHP), Affinity was founded in 1986 by several community health centers, based on the belief that a managed care plan . . . built on a foundation of comprehensive, community-based primary care . . . could improve the quality and cost-effectiveness of health care provided to the poor.

TBHP began by offering a managed care program to Medicaid beneficiaries. In 1990 and 1991, it opened its UniCare and Child Health Plus programs, thus providing affordable health care coverage for low-income, uninsured individuals and families. In the Fall of 2001, it further expanded coverage for the uninsured with the introduction of New York State's Family Health Plus program.

While expanding its program offerings, TBHP also expanded its geographic reach. In the early 1990's, the company expanded from the Bronx into Manhattan. Then, in 1999, it acquired GENESIS Healthplan, thus expanding its service area to include all of New York City and the surrounding counties of Nassau, Suffolk, Westchester, Rockland and Orange.

TBHP continued to operate GENESIS Healthplan as a separate company until the end of 2001. Effective January 1, 2002, all of the GENESIS business migrated under TBHP's operating license to form a single entity . . . Affinity Health Plan.

u1 and AHP partnered up in Febrary, 2002 to deliver web based services to the health services market.

Click Here if you would like your organization to experience the same success as Affinity Health Plan.

back to top

Employee Profiles

Kevin Van Horn - Web Artistry at its Best....

That is what goes into every website produced by u1.net. The person behind Web artistry at its best is Kevin Van Horn, the graphics team leader at u1.net. Kevin brings with him years of skills, experience, and expertise which he applies to each and every client. Kevin always wanted to be an artist and dreamed of becoming a great painter. As he grew up, economic reality steered him toward being a graphic artist. When computers came around, "I was bitten by the tech bug. Doing computer graphics lets me keep a hand in each." He attended and graduated the Art Institute of Philadelphia and earned his degree in Commercial Art in 1985. Upon graduation, he worked designing ads that appeared in the New York Yellow Pages telephone directories. From there, he moved on to Xerox where he designed color slides for sales, training and presentations. After Xerox, Kevin moved on to creating computer-generated signs for Signs Tomorrow.

Kevin joined the ranks of u1.net in the summer of 1998. He has risen to the role of graphics team leader with responsibilities such as disseminating team tasks and assignments. Kevin not only conceptualizes, designs, and creates websites, but also maintains both client and u1.net websites individually and as part of u1.net's development teams. As if that wasn't enough, he also designs and creates web and print advertising and promotional pieces. How does he ever get it all done?

Some of Kevin's best work is featured on the ALL-STATE Legal website that the u1.net team created and which won an "Outstanding Achievement in Website Design" web award for 4 years running. The University of Delaware Department of Chemical Engineering website also features Kevin's skills, who along with the u1.net team, helped create an outstanding and very user-friendly site. In addition, u1.net has just rolled out a new implementation of our home site that has been well received, thanks in part to Kevin and his creativity.

When Kevin is not working, he can be found spending time with his family (his wife Mary, and two children Elisabeth and Seth). Kevin also likes playing guitar, reading, and being a team parent for his children's little league team. He also plans to take up painting again soon.

Click Here if your company can benefit from someone like Kevin.

Click Here if you would like to join the u1.net team.

back to top

Community Work

City of Hope

Workout for Hope is a fitness fund-raiser that supports HIV/AIDS and cancer research at City of Hope National Medical Center and Beckman Research Institute, a National Cancer Institute-designated Comprehensive Cancer Center.

The City of Hope National Medical Center and Beckman Research Institute is one of the most advanced medical centers in the world, and was the first federally-funded medical center to receive a project grant from the National Cancer Institute for the development of gene therapy. Our recent discoveries in molecular biology, virology, immunology and other fields have helped stimulate further research into the treatment of HIV/AIDS and related cancers. New highlights include:

• In 1997, City of Hope researchers began human trials of gene therapy using bone marrow transplanations to delay - or perhaps one day prevent - AIDS. Approved by the Food and Drug Administration, the treatment is designed to make the immune cells of HIV-infected patients resistant to the virus. Stem cells, which originate in bone marrow and produce the cells that comprise the human immune system, are a focus of the treatment.

• In 1996, the National Institutes of Health awarded a three-year, $500,000 grant to a City of Hope scientist to study a potential gene therapy tool for the treatment of AIDS, which, if proven successful, could mean the creation of HIV-resistant immune systems.

• In 1995, a $4.5 million grant from the National Institute for Allergy and Infectious Diseases was awarded to City of Hope to test its innovative theory about how HIV might be controlled. The gene therapy study is in its preclinical safety phase with HIV-infected patients.

Register online with a credit card or call the regional office closest to you for more information.

If you can not attend but would like to make a donation, please contact your regional office.

Working out as a team can make even more of a difference. Teams should have at least five members and are eligible for special team challenge prizes. Please call your City of Hope regional office to register a team. Click here for a list of regional offices or call the Workout for Hope hotline at 800-266-7920.

back to top

Tech Tips

What's on that Hard Drive?

By John Mallery
Security Technology & Design

Deleting files and formatting hard drives does not remove all your important proprietary information from the hard drive.

Imagine this scenario: A large corporation replaces its computers every three years. In a good-faith gesture, it donates some of its old computers to various local charities. Some are given to current employees to use at home. Everyone is happy, and the company gets an image boost and a tax break. But within a month, the firm's major competitor wins every bid and proposal it submits. And then a controversial internal memo appears on the local news. What happened? The firm did not realize what was contained on the hard drives it donated, and sensitive corporate information was revealed.

Proprietary information can also be leaked through the selling or recycling of used computers. Some computer forensic analysts will purchase used hard drives to test their data recovery skills. They are always amazed at what they are able to recover. Imagine if a terrorist were able to purcase the used home computer of the CEO of a utility company or refinery.

Stolen computers can cause losses greater than the replacement cost of the computer. Safeware, an insurance company that insures computers, lists loss statistics for the year 2000 (http://www.safeware.come/losscharts.htm) and states that 387,000 notebook computers and 16,000 desktops were stolen for the year. What else was lost?

Deleting files and formatting hard drives does not remove data from the hard drive. What most users (and many security directors) don't realize is that there is more going on in their computers than what they see on their monitors. This column will outline some of the files that are created on the background suring use and some methods to securely remove these files from a hard drive.

Windows Swap and Page Files
When Microsoft Windows-bases operating systems need additional random access memory, they utilize "virtual memory" by using the hard drive as a memory area. In Windows, Windows 95 and Windows 98, this storage area is called the swap file. In Windows NT and 2000 this file is called the page file, but it functions the same as the swap file. Swap files can range in size from 20 million bytes to more than 200 million bytes and can contain an incredible amount of information. Anything from a Windows session can be contained in a swap file. Remnants from any application - word processing, databases, spreadsheets, Internet activity - can be found in a Windows swap file.

What makes the swap file such a dangerous source for losing proprietary information is that it is dynamic, and every time Windows is started, a new swap file is created. Because of this, multiple swap files could still exist on a hard drive or, more accurately, the data comtained on previous swap files could still exist on the drive. This is valuble information for a computer forensics analyst looking for evidence of a crime, but it is frightening to a corporate security professional trying to prevent the loss of proprietary data. There are ways to minimize the risk created by Windows swap and page files, and we will discuss those later in the article.

Temporary Files
In an effort to improve performance and efficience, many applications create temporary files. Microsoft Knowledge Base Article Q211632 accurately describes temporary files: "A temporary file is a file that is created to temporarily store information in order to free memory for other purposes, or to act as a safety net to prevent data loss wha a program performs certain functions." These temporary files remain open as long as the application needs them. When the application is shut down, these files are deleted, but the data they contained still remains on the hard drive. How many temporary files are created by an application? This depends on the application, but Microsoft states that both Word 97 and Word 2000 create 15 temporary files during use. An important concept to remember about temporary files is that the data they contain remains on the hard drive (until it is overwritten), even if the original file is not saved to the drive.

Printer Spool Files
In Microsoft Windows, the default setting for printers is to "Soppl print jobs so program finishes printing faster." Spool is an acronym and stands for "simultaneous peripheral operations online." The significance of spooling is that the application sends the file to the hard drive first and then to the printer. Because the file is copied to teh hard drive, the data it contains will remain on the drive until it is overwritten. A key security concept to remember is that even if the file is never saved, but only printed, it may be possible to recover the data in the original document. These files can be recovered using forensics tools and then viewed using an image viewer that supports enhanced metafiles.

Metadata
Metadata can be described simply as "data about data." Though metadata is not a separate file, the data it contains is created automatically by Microsoft Office products. Understanding what is contained in metadata provides another reason to verify that sensitive files are completely removed from a drive. From a security standpoint, metadata may contain information that should not be shared outside of an organization. What can be found within metadata? According to Microsoft Knowledge Base article Q223790, the following are examples of metadata that can be stored in documents:

• Your name


• Your initials


• Your company or organization name


• The name of your computer


• The name of the network server or hard disk where you saved the document


• Other file properties and summary information


• Non-visible portions of embedded OLE objects


• The names of previous document authors


• Document revisions


• Document versions


• Template information


• Hidden Text


• Comments

If metadata is not controlled, sensitive internal information can be disseminated outside of an organization. The previously mentioned Knowledge Base article, Q223790, mentions steps used to minimize metadata.

Deleted Files
It has become common knowledge that delete does not mean delete; however, what really happens when a file is deleted? When a file is created, a directory entry for that file is also created. When a file is deleted and not sent to the recycle bin, the first letter of the file name in the directory entry is changed to a special character (Hexadecimal E5&341;. All entries for that file in the File Allocation Table are then cleared. The data contained on the file remains on the hard drive until it is overwritten. What this means is that the pointers to the data are gone, but the data remains on the hard drive. Theoretically, this data could remain on the hard drive forever.

Ways to Eliminate Proprietary Data
Deleted files become difficult, if not impossible, to recover once they are overwritten. (This is a highly debated topic. It is reported that some government agencies can recover data that has been overwritten more than 10 times. However, this is only an issue for organizations that deal with top secret information or criminals intent on removing evidence of illegal activities. Recovering data that has been overwritten requires knowledge of Magnetic Force Microscopy. For additional information, read Mike Anderson's article, "Shadow Data," at http://www.forensics-intel.com/art15.html.)

There are many tools available to overwrite data on a hard drive. These tools are called disk wiping utilities and are designed to overwrite data in slack space, free space and the swap file; they do not impact any other files. Disk scrubbing utilities overwrite the entire data area of a hard drive. Only disk wiping utilities will be discussed here. These tools utilize one of the three methods to overwrite the drive: Simple, DoD and Guttman. A simple overwrite overwrites data only once using 1s, 0s or pseudo-random data. A DoD overwrite complies with the specifications set forth in the National Industrial Security Program Operating Manual (NISPOM, 5220.22M). This manual specifies that to clear a disk you must "Overwrite all addressable locations with a character, its completment, then a random character and verify." (It also states that this method is not recommended to clear top secret information.) The last method, the Guttman method, overwrites the data areas 35 times, taking into account the encoding algorithms used by various hard drive manufacturers. When deciding what method to use, remember thatt the more overwrites that are performed, the longer the process will take. A Guttman overwrite of 8GB of free space could take as long as 10 hours.

Some of the more popular tools for disk wiping include:

BC Wipe:
http://www.jetico.com/index.htm#/bcwipe.htm
Eraser: http://www.tolvanen.com/eraser
WipePro+: http://www.marcompress.com
MsSweepPro:
http://www.secure-data.com/ms.html

Some programs include wiping utilities as part of their functionality:

PGP: web.mit.edu/network/pgp.html
Norton Utilities: http://www.symantec.com
Directory Snoop: http://www.briggsoft.com

The majority of these tools are Windows-based tools. It is important to remember several things if you want to securely remove data from a drive. Microsoft Windows holds some files open while operating; these files will not be overwritten. It is also not possible to effectively overwrite a swap file from within Windows, but all they do is try to overfill the memory so the operating system starts writingto the swap file.

Tools such as WipePro+ provide a DOS-based tool to overwrite the swap file. MsweepPro allows you to use a script file to specify the overwriting of specific files, including the swap file. It is also important that you create a static as opposed to a dynamicswap file. Steps to do this can be found at ZDNet REVIEWS. In Windows NT/2000 the registry can be modified so the page file (swap file) will be overwritten at shutdown. See the Microsoft Knowledge Base article Q182086, "How to Clear the Windows NT Paging File at Shutdown" for directions.

Disk Wiping Steps:

1. Select disk wiping method based on the value of the data on the hard drive. Be careful; most companies undervalue their data.


2. Delete files. Use the "Shift + Delete" method so the files are deleted, not just sent to the Recycle Bin.


3. Empty Recycle Bin. Be sure to disable any additional third-party tools that prevent emptying of the Recycle Bin


4. Delete temporary Internet files and "cookies." Internet files can reveal the activity of the user, and could release proprietary information if the user visits internal corporate Web sites.


5. Defrag hard drive. This will overwrite some data area and will improve the efficiency of the computer.


6. Wipe free space and slack space using tool of choice.


7. Wipe swap file using a DOS-based utility. This utility should be run from a bootable floppy, not run from within a DOS Window.

Other Considerations
How often you wipe a drive depends on how often its is used, the types of information it contains and how easily it could be stolen. Wiping a desktop computer once a week might be sufficient, but the laptop computer of a traveling user might need to be wiped more frequently. Remember, too, that the easier a tool is to use, the more likely it will used. A tool like MsweepPro can be made to run automatically from a bootable floppy. It is easy to use and quick, and requires no user intervention. Some other tools require more effort on the part of the user.

Some individuals have recognized that they need to protect their proprietary data, so they encrypt files or use a file shredding utility. Because of this, they feel they do not need to use disk wiping utilities. Although this is a good start, these steps do not remove or encrypt associated temporary files or the swap file.

By using disk wiping utilities, you can greatly reduce the risk of losing proprietary data when a computer is donated, sold or stolen.

back to top