Educause Security Discussion mailing list archives
Re: Data Sanitization
From: "F.M. Taylor" <fmtaylor () PURDUE EDU>
Date: Tue, 7 Apr 2009 15:11:32 -0400
Since we have no "top secret" data on the administrative IT servers we do a multipass electronic wipe of hardisks. CD's and DVD's go to the shredder, and tapes are despooled into the trash after they start getting errors. Other departments do in fact use a drive shredder, but that is a contractual requirement of the research they are doing. I have never seen a degauser fail, but I have seen data recovered from a degaused drive. Not readable unless you know how, but still do-able. Don't destroy the hardware because it is fun, do it because there is a legal requirement to do so, and then comply with that requirement. Most requirement documents define what they deem is "adequately eliminated". Personally I put my drives in a box and let them die of dust bunny poisoning. On Tuesday 07 April 2009, Kamnab Keo formed electrons in this pattern:
We are trying to get a good feel of what methods other institutions are using to sanitize electronic storage devices (Hard disk drives, USB flash drives, CD, DVD, tapes). We are particularly interested if you are using a degausser, hard drive bending machine or some other physical destruction methods (drilling holes in the disk drive, hammers, drive shredder). One of our primary concerns is implementing a sanitizing process so that we can verify that data is adequately eliminated. For example, with a degaussing machine we would have to connect the disk drive to a computer in order to verify that it is no longer usable after the degaussing process. Has anyone experienced a failed degausser? Your feedback is greatly appreciated Kamnab Keo IT Risk Management Analyst Virginia Commonwealth University VCU Information Security - <http://infosecurity.vcu.edu/> http://infosecurity.vcu.edu/ Information Security News, Tips & More - <http://www.twitter.com/vcuinfosec> http://www.twitter.com/vcuinfosec Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, Social Security number or confidential personal information. For more details visit <http://infosecurity.vcu.edu/phishing.html> http://infosecurity.vcu.edu/phishing.html.
-- ......\\|//........^^^^^........)))((........%%%%%........,,,,,...... ......(- -)........(o o)........(- o)........(0-0)........(* *)...... +--ooO-(_)-Ooo--oo0-(_)-0oo--ooO-(_)-Ooo--oo0-(_)-0oo--ooO-(_)-Ooo--+ | F.M. (Mike) Taylor........'Recedite, plebes! Gero rem imperialem!'| | 'Ecce potestas casei'..............GIAC GSEC & GCFW Certified.....| | Desk: 765-494-1872.....................C: 765-409-8140............| +-------------------------------------------------------------------+
Current thread:
- Data Sanitization Kamnab Keo (Apr 07)
- <Possible follow-ups>
- Re: Data Sanitization Stanclift, Michael (Apr 07)
- Re: Data Sanitization Chris Green (Apr 07)
- Re: Data Sanitization F.M. Taylor (Apr 07)
- Re: Data Sanitization Spransy, Derek (Apr 07)
- Re: Data Sanitization Jason Testart (Apr 07)
- Re: Data Sanitization Stanclift, Michael (Apr 07)
- Re: Data Sanitization Dexter Caldwell (Apr 07)
- Re: Data Sanitization Ray Bruder (Apr 07)
- Re: Data Sanitization Wayne Samardzich (Apr 07)
- Re: Data Sanitization Ray Bruder (Apr 07)
- Re: Data Sanitization Cal Frye (Apr 07)
- Re: Data Sanitization Dexter Caldwell (Apr 08)
- Re: Data Sanitization Clifford Collins (Apr 09)
(Thread continues...)