Security Basics mailing list archives
RE: Advice regarding servers and Wiping Drives after testing
From: "Robinson, Sonja" <Sonja.Robinson () fticonsulting com>
Date: Thu, 30 Aug 2007 14:10:19 -0400
Or you can use a hardware based machine to do your DoD wipes such as an ImageMasster for high volume wipes. Degaussers work as well for high volume. For total destruction there are destruction companies that specialize in absolute and total destruction (e.g.. shredding and melting), http://www.recyclepcs.com/hard_drive_destruction.html. Sonja Note: I am only offering alternative solutions. I am not endorsing any vendor, service, provider, software, etc. These are my opinions and should not be construed to be those of any former, current or potential employer. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of sec sam Sent: Monday, August 27, 2007 1:45 PM To: security-basics () securityfocus com Subject: Advice regarding servers and Wiping Drives after testing Group, I am concerned about an upcoming DR Test and only have a total of 32 consecutive hours to do the test. I am trying to find comfort in recommending option number 1 listed below. I am wondering if anyone has concerns about going with option 1 listed below. This option has risen to the top of the list because it meets the time constraints. 1) At the end of the test techs will remove the raid array from each of the 3 servers (striped). Disks will then be shuffled within the array and if possible between servers too. An array will then be re created on each of the 3 servers. Estimated time to complete task is 25-60 minutes. There is a lot I don't like about this scenario the biggest being that I cant find anything that discourages this practice for wiping data- I hear lots of different administrators say that is how they do it... I don't like to take that as proof that it is a good practice though. These would take more time than we can afford to spend but they might provide a higher degree of certainty that data has been effectively wiped out. 2) Use a drive wipe utility (there are many) and perform a wipe of the systems to dod standards (120Gigs would take Hours and the products do not seem to work in servers with Raid arrays-- At least that is what we are finding) 3) Encrypt the 3 servers using a harddrive encryption software. Not a bad option as AES128 encryption would encrypt the data but encrypting 120Gigs at 10 gigs per hour is about 12 hours of work. Thanks for providing your thoughts. Sam
Current thread:
- Advice regarding servers and Wiping Drives after testing sec sam (Aug 28)
- Re: Advice regarding servers and Wiping Drives after testing Ansgar -59cobalt- Wiechers (Aug 28)
- Message not available
- Re: Advice regarding servers and Wiping Drives after testing Ansgar -59cobalt- Wiechers (Aug 28)
- Re: Advice regarding servers and Wiping Drives after testing sec sam (Aug 29)
- Re: Advice regarding servers and Wiping Drives after testing gjgowey (Aug 30)
- RE: Advice regarding servers and Wiping Drives after testing ACE - Julius Turk (Aug 30)
- RE: Advice regarding servers and Wiping Drives after testing Dereck Martin (Aug 31)
- Message not available
- Re: Advice regarding servers and Wiping Drives after testing Ansgar -59cobalt- Wiechers (Aug 28)
- <Possible follow-ups>
- Re: Advice regarding servers and Wiping Drives after testing Jay (Aug 28)
- Re: Re: Advice regarding servers and Wiping Drives after testing someguy (Aug 30)
- Advice regarding servers and Wiping Drives after testing cosynmr (Aug 31)