Educause Security Discussion mailing list archives
Re: Degausser recommendations
From: Alan Amesbury <amesbury () OITSEC UMN EDU>
Date: Fri, 4 May 2007 14:55:13 -0500
InfoSec wrote:
In most cases the HDD is damage beyond usage, especially if a 8000+ gauss (industrial strength) is used. De-Gaussing is definitely for "destroying" - key word destroying... Wanting to reuse or return an HDD warrants another technology, like "data shredder". We use it to assure HIPAA, FERPA, GLBA and PCI compliance.
We generally recommend physical destruction of the drive if it is inoperable and contained non-public data. Vendors that comply with NAID destruction guidelines are generally acceptable. Standard NAID procedure is (I believe) to scan the serial number of each drive as it's shredded for reporting purposes. Anyway, an NAID-certified shredding company should be able to help with questions on this pretty easily. As for magnetic destruction, I asked Seagate about this back in November. Here's their response:
Seagate disc drives are specified to operate in 10 Gauss free air spec without error and are tested non-operating up to 30 Gauss. This specification is to insure the drive is not affected by stray magnetic fields that may be given off by adjacent drives within a computer system, and typically not considered for magnetic fields outside a computer system. Seagate has performed testing on some products to failure, while being subjected to steady state field. During operating conditions, they did not fail until approximately 2x the 1600 A/m spec. But the drive failed significantly under the 16000 A/m spec. Both test were performed in a steady state field. Where: 1 Oe = 1000/4xpi Am, in air H=B Note: This information is for Seagate's SCSI drives. ATA drives are not currently tested for magnetic interference.
Note: 10,000 gauss is 1 tesla. So, their static field tests of their drives in a 0.16T field showed the drives could handle it, but that the drives failed in a 1.6T field. Alas, when I asked what "failed significantly" meant, they didn't have an answer. Anecdotal evidence suggests that a field >=4T *does* do serious damage to a drive and render it unusable. At least the drive that I waved through the force lines surrounding such a magnet fared poorly; it wasn't even detectable by a PC's BIOS after that. The magnet I used is a large bore, helium-cooled supermagnet, comparable to (but somewhat more powerful than) a run-of-the-mill MRI unit. I couldn't put the drive through the bore, but I got as close as I could using a two-handed grip to keep the drive from flying out of my hands. (I think magnetic field strength drops with the cube of the distance.) My "erasure method" consisted of waving the drive repeatedly through the force lines. Anyway, I'm not sure if an 8kG degausser is strong enough for guaranteed erasure. However, shredding the drive certainly is. -- Alan Amesbury OIT Security and Assurance University of Minnesota
Current thread:
- Re: Degausser recommendations, (continued)
- Re: Degausser recommendations InfoSec (May 02)
- Re: Degausser recommendations Chris Steele (May 02)
- Re: Degausser recommendations Kevin Shalla (May 02)
- Re: Degausser recommendations Jeff Kell (May 02)
- Re: Degausser recommendations Ben Woelk (May 03)
- Re: Degausser recommendations Chris Edwards (May 03)
- Re: Degausser recommendations Ken Connelly (May 03)
- Re: Degausser recommendations InfoSec (May 03)
- Re: Degausser recommendations Chris Edwards (May 03)
- Re: Degausser recommendations Ben Woelk (May 04)
- Re: Degausser recommendations Alan Amesbury (May 04)