Security Basics mailing list archives
RE: Advice regarding servers and Wiping Drives after testing
From: Dereck Martin <dmartin () packetdrivers com>
Date: Thu, 30 Aug 2007 15:17:25 -0700
Norton Used to have a disk wipe utility I think it is apart of ghost now. It is DOD compliant. http://wipe.sourceforge.net/ Peter Gutmann compliant (opensource) http://www.heidi.ie/eraser/ Peter Gutmann compliant (opensource) I however prefer the Peter Gutmann Disk Wiping Procedure. DOD only recommends 3-7 passes for disk wiping compliance. Gutmann recommends 35 passes. http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/ I have read articles where trained professionals have been able to recovers bits of data after as many as 26 multiple pattern wipes. I'm sure the data was miniscule, but nonetheless recovered. Some people do this manually with a linux boot disk and the dd commands by running a wipe of alternating between zeros and random data. #~> dd if=/dev/zero of=/dev/hda #~> dd if=/dev/random of=/dev/hda But it takes a lot longer. Dereck Martin Network Operations Engineer PacketDrivers IT Outsourcing, LLC http://www.packetdrivers.com ____ _ _ ____ _ | _ \ __ _ ___| | _____| |_| _ \ _ __(_)_ _____ _ __ ___ | |_) / _` |/ __| |/ / _ \ __| | | | '__| \ \ / / _ \ '__/ __| | __/ (_| | (__| < __/ |_| |_| | | | |\ V / __/ | \__ \ |_| \__,_|\___|_|\_\___|\__|____/|_| |_| \_/ \___|_| |___/ -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of ACE - Julius Turk Sent: Wednesday, August 29, 2007 3:55 PM To: 'sec sam'; security-basics () securityfocus com Subject: RE: Advice regarding servers and Wiping Drives after testing If you are looking at extracting the drives and wiping them to DOD specs, take a look at the deadondemand.com product, the Digital Shredder. 3 drives at a time. I have a question for those that are interested in this. Would a rental unit be of interest? I am looking into adding a rental unit as part of my arsenal of products that we might offer. Best Regards, Julius Turk Ace Computers (877) 223-2667 x-6916 -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of sec sam Sent: Wednesday, August 29, 2007 11:54 AM To: security-basics () securityfocus com Subject: Re: Advice regarding servers and Wiping Drives after testing Thanks everyone for the feedback on my options an your input. The data is "not public" which means I need to take reasonable steps make sure it is harder to recover than the data might be worth- and as far as risk goes it is not worth money as much as it would be a problem to the local agencies reputation and standing with its customers. So while removing the array and swapping drives around may be insufficient wiping to DOD specs, while nice, may be a bit over the top. Personally I can't believe the internationally known availability and disaster recovery company we are working with does not provide a service to its customers which address this. It could be a nice money maker for them, if they charged a few bucks extra I bet customers would jump on it. I am going to look into the rental units for about $600.00US/month some will degauss 9 drives simultaneously at about 3gb minute. I am not if I can bring this hardware into the facility though. I am also going to look into wiping several drives in parallel using software. I will try the Dban Boot/nuke mentioned by someone on a server here and see how long it takes and if it even works. In the past I have this on single disk PC's with software but not on HP MLxxx servers with Raid Arrays, and not under a time constraint. Regards, Sam On 8/28/07, Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net> wrote:
Marcia, please reply to the list, not to me personally. On 2007-08-28 Harris, Marcia wrote:I agree that #1 holds no garuantee that (some) data could not be recovered from the disk. #4 looks reasonable, but after what you said about drive wipe utilities not working well with raid arrays, what would you use, and could you do it within your time contraints?I don't recall having said anything about wipe-tools not working well with RAIDs. I said that just making disks into a RAID does not guarantee secure deletion of the data on said disks. Just make sure to wipe the raw device(s) instead of partitions/filesystems/whatever. Fact is, to wipe a disk you need to overwrite the entire disk at least once. That's the minimum timeframe required (unless you burn the disks), and there's no way to magically speed this up. You can, however, wipe several disks in parallel, if you have appropriate hardware, which will reduce the total amount of time you have to invest. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- Advice regarding servers and Wiping Drives after testing sec sam (Aug 28)
- Re: Advice regarding servers and Wiping Drives after testing Ansgar -59cobalt- Wiechers (Aug 28)
- Message not available
- Re: Advice regarding servers and Wiping Drives after testing Ansgar -59cobalt- Wiechers (Aug 28)
- Re: Advice regarding servers and Wiping Drives after testing sec sam (Aug 29)
- Re: Advice regarding servers and Wiping Drives after testing gjgowey (Aug 30)
- RE: Advice regarding servers and Wiping Drives after testing ACE - Julius Turk (Aug 30)
- RE: Advice regarding servers and Wiping Drives after testing Dereck Martin (Aug 31)
- Message not available
- Re: Advice regarding servers and Wiping Drives after testing Ansgar -59cobalt- Wiechers (Aug 28)
- <Possible follow-ups>
- Re: Advice regarding servers and Wiping Drives after testing Jay (Aug 28)
- Re: Re: Advice regarding servers and Wiping Drives after testing someguy (Aug 30)
- Advice regarding servers and Wiping Drives after testing cosynmr (Aug 31)