Security Basics mailing list archives
Re: need to wipe a NAS and be DoD compliant
From: "Stephen John Smoogen" <smooge () gmail com>
Date: Mon, 26 Jun 2006 08:20:33 -0600
On 6/23/06, Lujan Sgt Pedro D <pedro.lujan () usmc mil> wrote:
SuttonP From the looks of your e-mail "aafes" the question would need to be asked if you are located on a military base. If so the local command would "direct" the use of specific tools that meet their own requirements. Also at what level of classification are you trying to wipe? (Unclass, Secret, TS.) There are very limited tools to use, that meet the DoD requirements, but proper use and prior approval of its use should be checked on first. One tool used when "authorized" is BCWipe. It meets the requirements of DoD 5200.28-STD. However, I strongly recommend checking with your local command and its policies before attempting to wipe any system. Normally if we need something wiped that meets DoD standards, it's because we are trying to remove some data of a higher classification level than the device is authorized to store. If this is the case than you should definitely seek out your IAM / IAO or data section to avoid getting thrown in jail or losing your job.
Also, SuttonP If you are just trying to wipe a system for 'reapplication' you will also need to work with the 'vendor' of the NAS hardware to see if they have a way to locally run bcwipe versus over the wire. In most cases, running a bcwipe or similar bit-remover remotely will not work in the way that makes 'bcwipe' valid. In most cases, we have had to either find commands that could be run locally... do an invasive reformat of the drives (eg 1/0/1/0/1/0/1/0 format if the NAS had that kind of burn-in format.) If those were not available, sending the drives off for appropriate destruction (10mm by 10mm I think) was the only option. However, all of these were items decided by the ISSO on what was required for that site. -- Stephen J Smoogen. CSIRT/Linux System Administrator --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- need to wipe a NAS and be DoD compliant suttonp (Jun 23)
- RE: need to wipe a NAS and be DoD compliant Lujan Sgt Pedro D (Jun 26)
- Re: need to wipe a NAS and be DoD compliant Stephen John Smoogen (Jun 26)
- Re: need to wipe a NAS and be DoD compliant Louis Lerman (Jun 26)
- Re: need to wipe a NAS and be DoD compliant Charles Fraser (Jun 26)
- Re: need to wipe a NAS and be DoD compliant Gethin Jones (Jun 26)
- Re: need to wipe a NAS and be DoD compliant Neil (Jun 26)
- <Possible follow-ups>
- RE: need to wipe a NAS and be DoD compliant Jasun Tate (Jun 26)
- Re: need to wipe a NAS and be DoD compliant roescue (Jun 27)
- RE: need to wipe a NAS and be DoD compliant Lujan Sgt Pedro D (Jun 26)