Re: Hard Drive data security

[Kirk Schafer <infosec-capital () rainswept com>]

Given the nature of business, sometimes all you have to be is "good 
enough" to make someone look elsewhere. For media not protected by a 
metal shell (like a hard drive), a strong magnet will work. A permanent 
ceramic with sunspot strength can be obtained for about $15. A have one 
in my office, and a few swipes with one of these and data evaporates. If 
you're interested in this, I'll refer you to a good supplier.

Darik's Book and Nuke (DBAN) is a hard drive overwriter that can be 
burned to a bootable CD or floppy. It will boot Linux, and will wipe ALL 
mass media it finds in a computer. With today's hard drive sizes, plan 
on it taking all night.

Referral link: http://dban.sourceforge.net/

When you consider that usually all that necessary to prevent identity 
theft is to shred your documents, shredding your drive this way is 
usually "good enough". Just be better than average, but keep in mind 
that you can't wipe a disk that won't start up. At this point, someone 
with enough initiative could recover data you consider too expensive to 
wipe. A product like Utimaco SafeGuard Easy encrypts your data on disk, 
and a stolen laptop, or even a failed, unwipable disk would not expose 
you to capital risk, because the data is always encrypted on the media. 
Failed drive? Just give it back. No wiping necessary.

Referral link: http://www.utimaco.com

Best regards,

Kirk Schafer
Infosec Capital

D. Weiss wrote:

> The only real way to destroy the data is either to sand the platters off or
> melt the whole thing down. Sanding is easier and if you use a nice fine
> grade sand paper as the last sanding, you can get the disks engraved for IT
> awards and whatnot.
>
> -----Original Message-----
> From: tony tony [mailto:tonytorri () yahoo com]
> Sent: Tuesday, October 12, 2004 12:43 AM
> To: Jonathan Loh; Paul Kurczaba; security-basics () securityfocus com
> Subject: Re: Hard Drive data security
>
>
> Paul,
>
> Try the non-techie approach....after they verify that your hard drive is
> bad...then take a hammer to the disk...pound on it a few dozen times...then
> give it to them.
>
> Why do they want your bad hard drive anyway?
>
>
>
> --- Jonathan Loh <kj6loh () yahoo com> wrote:
>
>  
>
> > Use eraser, or norton wipe, or some other tool to erase the whole thing.
> > Eraser is a free utility.  But note this only works if the company uses
> >    
> just
>  
>
> > another computer to try to recover your data.  If they use scanning
> > microscopy
> > well then......  but that's expensive.
> > That's if you can access the drive.  If you can't powerful magnets work
> > really
> > well.   Just make sure the harddrive is out of the computer when you do
> >    
> that.
>  
>
> > --- Paul Kurczaba <paul () myipis com> wrote:
> >
> >    
> >
> > > Hi,
> > >   I have a question about hard drive data security. The hard drive on
> > >      
> my
>  
>
> > > notebook is failing and Dell is going to replace it. They are going to
> > >      
> take
>  
>
> > > the old one with them. How can I securely remove the data from the hard
> > > drive?
> > >
> > > Thanks,
> > > Paul
> > >
> > >
> > >      
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Yahoo! Mail - 50x more storage than other providers!
> > http://promotions.yahoo.com/new_mail
> >
> >    
>
>
> =====
> Tony T. CISSP, CISA, CDP, CIA
> Senior IS Security & Risk Manager
> 360.906.7893 (Work)
> Northern Telecom LLP
>
>
>
>
>
>
>
>  


--
___________________________________________________
Kirk Schafer

Infosec Capital - Your Information Security Asset
308 East Broadway Ave, PO Box 1851
Fairfield, IA 52556
641-919-1783 (mobile)

http://www.infosec-capital.com