[Dataloss] hard drive destruction
DAIL, ANDY
ADAIL at sunocoinc.com
Wed Aug 16 10:58:15 EDT 2006
If you plan to dispose of the drive, a 10 lb sledge hammer works just
fine, and is much less of a hazard than having employees play with power
tools.
If you want the recycle the drive, the DoD Standards (below) of a 3-time
over-write will usually suffice.
National Industrial Security Program Operating Manual Description:
Section 5. Software and Data
Files........................................................8-5-1
Subsection 8-5-3:
1. Overwriting Media. Overwriting is a software procedure that replaces
the data previously stored on magnetic storage media with a predefined
set of meaningless data. Overwriting is an acceptable method for
clearing. Only approved overwriting software that is compatible with the
specific hardware intended for overwriting will be used. Use of such
software will be coordinated in advance with the Customer. The success
of the overwrite procedure will be verified through random sampling of
the overwritten media. The effectiveness of the overwrite procedure may
be reduced by several factors: ineffectiveness of the overwrite
procedures, equipment failure (e.g., misalignment of read/write heads),
or inability to overwrite bad sectors or tracks or information in
inter-record gaps. To clear magnetic disks, overwrite all locations
three (3) times (first time with a character, second time with its
complement, and the third time with a random character). Items which
have been cleared must remain at the previous level of classification
and remain in a secure, controlled environment.
3. Sanitizing Media. Sanitization removes information from media such
that data recovery using any known technique or analysis is prevented.
Sanitizing is a two-step process that includes removing data from the
media in accordance with Table 3 and removing all classified labels,
markings, and activity logs.
National Institute of Standards and Technology Description:
CSL BULLETIN
Advising users on computer systems technology
DISPOSITION OF SENSITIVE AUTOMATED INFORMATION
Sanitization means the removal of data from storage media so that, for
all practical purposes, the data cannot be retrieved. Some instances in
which sanitization must be considered include whenever media is
transferred from one organization to another, when equipment is declared
surplus, and when organizations dispose of media.
Sanitization: Why Be Concerned?
In the past, reports have surfaced that federal agencies have disposed
of surplus information technology (IT) equipment without taking
appropriate measures to erase the information stored on the system's
media. This can lead to the disclosure of sensitive information,
embarrassment to the agency, costly investigations, and other
consequences which could have been avoided.
Employees throw away old diskettes believing that "erasing" the files on
the diskette has made the data unretrievable. In reality, however,
"erasing" a file simply removes the "pointer" to that file. The pointer
tells the computer where the file is physically stored on the disk.
Without this pointer, the files will not appear on a directory listing
of the diskette's files. This does not mean that the file was removed
from the diskette. (Commonly available utility programs can often
retrieve information that is presumed "deleted.") Fortunately, with
foresight and appropriate planning, these situations can be avoided.
Techniques for Media Sanitization
Three techniques are commonly used for media sanitization: overwriting,
degaussing, and destruction. Overwriting and degaussing are the methods
recommended for disposition of sensitive automated information. (Users
of classified systems may also have to be concerned with data remanence.
This refers to the residual information left behind once media has been
in some way erased.) Security officers should be consulted for
appropriate guidance.
Overwriting
Overwriting is an effective method of clearing data from magnetic media.
As the name implies, overwriting utilizes a program to write (1s, 0s, or
a combination of both) onto the location of the media where the file to
be sanitized is located. The number of times that media is overwritten
depends on the level of sensitivity of the information. Overwriting
should not be confused with merely deleting the pointer to a file, as
discussed above.
Degaussing
Degaussing is a method to magnetically erase data from magnetic media.
Two types of degaussers exist: strong magnets and electric degaussers.
Degaussers are tested by the Department of Defense; those which meet
their requirements are placed on the Degausser Products List (DPL) of
the National Security Agency's (NSA) Information Systems Security
Products and Services Catalogue.
Destruction
The final method of sanitization is destruction of the media.
NCSC-TG-025 provides specifics on this method and its applicability.
Shredding diskettes, after removing the outer protective casing, is also
an option for unclassified media.
Employee Training and Awareness
Most employees who utilize IT systems also use, and in fact are often
the custodians of, magnetic media. It is therefore important for
agencies to give the issue of media sanitization appropriate attention
in the agency computer security training and awareness program.
Employees should understand the following essential elements:
1. Media containing sensitive information should not be released without
appropriate sanitization.
2. File deletion functions (e.g., the DEL command on MS-DOS) usually can
be expected to remove only the pointer to a file (i.e., the file is
often still recoverable).
3. When data is removed from storage media, every precaution should be
taken to remove duplicate versions that may exist on the same or other
storage media, back-up files, temporary files, hidden files, or extended
memory.
4. Media in surplus equipment should be sanitized.
Andy Dail
Sunoco PCI Project Manager
-----Original Message-----
From: dataloss-bounces at attrition.org
[mailto:dataloss-bounces at attrition.org] On Behalf Of George Toft
Sent: Wednesday, August 16, 2006 8:32 AM
To: dataloss at attrition.org
Subject: [Dataloss] hard drive destruction
Just wondering what the group feels is an adequate level of destruction
for a hard drive that contains personal financial information . . .
A. Using software to wipe the drive to DOD 5200.28 spec.
B. Cutting the platters in half (great big saw that essentially chops
the drive into two pieces).
C. Drilling out the center of the platter with a 2" drill bit.
D. Hard drive degausser.
E. Other - please specify.
--
George Toft, CISSP, MSIS
My IT Department
www.myITaz.com
480-544-1067
Confidential data protection experts for the financial industry.
_______________________________________________
Dataloss Mailing List (dataloss at attrition.org)
http://attrition.org/dataloss Tracking more than 142 million compromised
records in 303 incidents over 6 years.
This message and any files transmitted with it is intended solely for the designated recipient and may contain privileged, proprietary or otherwise private information. Unauthorized use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. If you have received it in error, please notify the sender immediately and delete the original and any attachments.
More information about the Dataloss
mailing list