Re: Degausser recommendations

[Alan Amesbury <amesbury () OITSEC UMN EDU>]

InfoSec wrote:

> In most cases the HDD is damage beyond usage, especially if a 8000+ gauss
> (industrial strength) is used.  De-Gaussing is definitely for "destroying" -
> key word destroying...
>
> Wanting to reuse or return an HDD warrants another technology, like "data
> shredder".  We use it to assure HIPAA, FERPA, GLBA and PCI compliance.

We generally recommend physical destruction of the drive if it is
inoperable and contained non-public data.  Vendors that comply with NAID
destruction guidelines are generally acceptable.  Standard NAID
procedure is (I believe) to scan the serial number of each drive as it's
shredded for reporting purposes.  Anyway, an NAID-certified shredding
company should be able to help with questions on this pretty easily.

As for magnetic destruction, I asked Seagate about this back in
November.  Here's their response:

>   Seagate disc drives are specified to operate in 10 Gauss free air spec
>  without error and are tested non-operating up to 30 Gauss. This
>  specification is to insure the drive is not affected by stray magnetic
>  fields that may be given off by adjacent drives within a computer system,
>  and typically not considered for magnetic fields outside a computer
>  system.
>
>  Seagate has performed testing on some products to failure, while being
>  subjected to steady state field. During operating conditions, they did not
>  fail until approximately 2x the 1600 A/m spec. But the drive failed
>  significantly under the 16000 A/m spec. Both test were performed in a
>  steady state field.
>
>  Where: 1 Oe = 1000/4xpi Am, in air H=B
>
>  Note: This information is for Seagate's SCSI drives.  ATA drives are not
>  currently tested for magnetic interference.

Note:  10,000 gauss is 1 tesla.

So, their static field tests of their drives in a 0.16T field showed the
drives could handle it, but that the drives failed in a 1.6T field.
Alas, when I asked what "failed significantly" meant, they didn't have
an answer.

Anecdotal evidence suggests that a field >=4T *does* do serious damage
to a drive and render it unusable.  At least the drive that I waved
through the force lines surrounding such a magnet fared poorly; it
wasn't even detectable by a PC's BIOS after that.  The magnet I used is
a large bore, helium-cooled supermagnet, comparable to (but somewhat
more powerful than) a run-of-the-mill MRI unit.  I couldn't put the
drive through the bore, but I got as close as I could using a two-handed
grip to keep the drive from flying out of my hands.  (I think magnetic
field strength drops with the cube of the distance.)  My "erasure
method" consisted of waving the drive repeatedly through the force lines.

Anyway, I'm not sure if an 8kG degausser is strong enough for guaranteed
erasure.  However, shredding the drive certainly is.


--
Alan Amesbury
OIT Security and Assurance
University of Minnesota