Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Advice regarding servers and Wiping Drives after testing

from [Robinson, Sonja] Network Security [Permanent Link]
Subject: RE: Advice regarding servers and Wiping Drives after testing
Date: Thu, 30 Aug 2007 14:10:19 -0400 
Or you can use a hardware based machine to do your DoD wipes such as an
ImageMasster for high volume wipes. Degaussers work as well for high
volume.  For total destruction there are destruction companies that
specialize in absolute and total destruction (e.g.. shredding and
melting), http://www.recyclepcs.com/hard_drive_destruction.html.


Sonja 

Note:  I am only offering alternative solutions.  I am not endorsing any
vendor, service, provider, software, etc.  These are my opinions and
should not be construed to be those of any former, current or potential
employer.

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of sec sam
Sent: Monday, August 27, 2007 1:45 PM
To: security-basics@securityfocus.com
Subject: Advice regarding servers and Wiping Drives after testing

Group,
I am concerned about an upcoming DR Test and only have a total of 32
consecutive hours to do the test.

I am trying to find comfort in recommending option number 1 listed
below. I am wondering if anyone has concerns about going with option 1
listed below.  This option has risen to the top of the list because it
meets the time constraints.

1) At the end of the test techs will remove the raid array from each of
the 3 servers (striped).
Disks will then be shuffled within the array and if possible between
servers too.
An array will then be re created on each of the 3 servers.
Estimated time to complete task is 25-60 minutes.
There is a lot I don't like about this scenario the biggest being that I
cant find anything that discourages this practice for wiping data- I
hear lots of different administrators say that is how they do it... I
don't like to take that as  proof that it is a good practice though.

These would take more time than we can afford to spend but they might
provide a higher degree of certainty that data has been effectively
wiped out.
2) Use a drive wipe utility (there are many) and perform a wipe of the
systems to dod standards (120Gigs would take Hours and the products do
not seem to work in servers with Raid arrays-- At least that is what we
are finding)

3) Encrypt the 3 servers using a harddrive encryption software.
Not a bad option as AES128 encryption would  encrypt the data but
encrypting 120Gigs at 10 gigs per hour is about 12 hours of work.

Thanks for providing your thoughts.
Sam
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Securing Development in a production environment, Anthony Cogan
Next by Date:  RE: NAC solutions?, marc
Previous by Thread:  RE: Advice regarding servers and Wiping Drives after testing, Dereck Martin
Next by Thread:  Re: Advice regarding servers and Wiping Drives after testing, Jay
Indexes:  [Date] [Thread] [Top] [All Lists]