Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Advice regarding servers and Wiping Drives after testing

from [sec sam] Network Security [Permanent Link]
Subject: Advice regarding servers and Wiping Drives after testing
Date: Mon, 27 Aug 2007 12:44:42 -0500 
Group,
I am concerned about an upcoming DR Test and only have a total of 32
consecutive hours to do the test.

I am trying to find comfort in recommending option number 1 listed
below. I am wondering if anyone has concerns about going with option 1
listed below.  This option has risen to the top of the list because it
meets the time constraints.

1) At the end of the test techs will remove the raid array from each
of the 3 servers (striped).
Disks will then be shuffled within the array and if possible between
servers too.
An array will then be re created on each of the 3 servers.
Estimated time to complete task is 25-60 minutes.
There is a lot I don't like about this scenario the biggest being that
I cant find anything that discourages this practice for wiping data- I
hear lots of different administrators say that is how they do it... I
don't like to take that as  proof that it is a good practice though.

These would take more time than we can afford to spend but they might
provide a higher degree of certainty that data has been effectively
wiped out.
2) Use a drive wipe utility (there are many) and perform a wipe of the
systems to dod standards (120Gigs would take Hours and the products do
not seem to work in servers with Raid arrays-- At least that is what
we are finding)

3) Encrypt the 3 servers using a harddrive encryption software.
Not a bad option as AES128 encryption would  encrypt the data but
encrypting 120Gigs at 10 gigs per hour is about 12 hours of work.

Thanks for providing your thoughts.
Sam
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: any recommendable anti-ddos solution?, Dereck Martin
Next by Date:  RE: HTTPS redirections, Sergii Khomenko
Previous by Thread:  Logging Archival Solutions?, jplee3
Next by Thread:  Re: Advice regarding servers and Wiping Drives after testing, Ansgar -59cobalt- Wiechers
Indexes:  [Date] [Thread] [Top] [All Lists]