Dod also has another way of destroying drives (for inoperable systems): a 1
inch hole through the drive (drilling them was a pain so I'd suggest something
with a flame).
Geoff
Sent from my BlackBerry wireless handheld.
-----Original Message-----
From: "sec sam" <secsam@gmail.com>
Date: Wed, 29 Aug 2007 11:54:03
To:security-basics@securityfocus.com
Subject: Re: Advice regarding servers and Wiping Drives after testing
Thanks everyone for the feedback on my options an your input.
The data is "not public" which means I need to take reasonable steps
make sure it is harder to recover than the data might be worth- and as
far as risk goes it is not worth money as much as it would be a
problem to the local agencies reputation and standing with its
customers. So while removing the array and swapping drives around may
be insufficient wiping to DOD specs, while nice, may be a bit over the
top.
Personally I can't believe the internationally known availability and
disaster recovery company we are working with does not provide a
service to its customers which address this. It could be a nice money
maker for them, if they charged a few bucks extra I bet customers
would jump on it.
I am going to look into the rental units for about $600.00US/month
some will degauss 9 drives simultaneously at about 3gb minute. I am
not if I can bring this hardware into the facility though.
I am also going to look into wiping several drives in parallel using
software. I will try the Dban Boot/nuke mentioned by someone on a
server here and see how long it takes and if it even works. In the
past I have this on single disk PC's with software but not on HP MLxxx
servers with Raid Arrays, and not under a time constraint.
Regards,
Sam
On 8/28/07, Ansgar -59cobalt- Wiechers <bugtraq@planetcobalt.net> wrote:
Marcia,
please reply to the list, not to me personally.
On 2007-08-28 Harris, Marcia wrote:
I agree that #1 holds no garuantee that (some) data could not be
recovered from the disk. #4 looks reasonable, but after what you said
about drive wipe utilities not working well with raid arrays, what
would you use, and could you do it within your time contraints?
I don't recall having said anything about wipe-tools not working well
with RAIDs. I said that just making disks into a RAID does not guarantee
secure deletion of the data on said disks. Just make sure to wipe the
raw device(s) instead of partitions/filesystems/whatever.
Fact is, to wipe a disk you need to overwrite the entire disk at least
once. That's the minimum timeframe required (unless you burn the disks),
and there's no way to magically speed this up. You can, however, wipe
several disks in parallel, if you have appropriate hardware, which will
reduce the total amount of time you have to invest.
Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq
