Re: Quick Survey: How do you "dispose" of outbound hard drives??

["SCHALIP, MICHAEL" <mschalip () CNM EDU>]

I, too, used to work in the Fed R&D world - cybersecurity, actually.  Our director was always very clear - "Never 
overachieve!" - it may sound impressive, but it also gives auditors too much to scrutinize, and you too much to 
maintain.  Following State/Fed requirements as they pertain to higher ed will get you a long way......higher ed 
typically doesn't play in the "blinding white flash" arena, so I'd recommend AGAINST trying to apply those rules in 
this environment.

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Doty, 
Timothy T.
Sent: Wednesday, September 29, 2010 7:49 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Quick Survey: How do you "dispose" of outbound hard drives??

Oh, sorry, one other thing. You mention DOD and "nation's secrets". Speaking
as someone who has held a TS/SCI clearance: "secret" classification isn't
all that significant (and the material is often on the evening news). Now,
the DoD requirement for magnetic media that held *significant* secrets
(TS/SCI) is completely different -- physical destruction was the only
approved method and I have no reason to expect that to have changed.

Tim Doty

> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks
> Sent: Tuesday, September 28, 2010 1:32 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Quick Survey: How do you "dispose" of outbound
> hard drives??
>
> On Tue, 28 Sep 2010 08:54:53 CDT, "Doty, Timothy T." said:
>
> > Still, for anyone using DBAN it is IMO worth considering wiping with
> the ATA
> > secure erase command where possible. The drive I wiped had ~3600
> reallocated
> > sectors (and was still "good" according to SMART) which represents
> ~1.8MB of
> > data DBAN would not have erased.
>
> Something to keep in mind is that usually a drive won't reallocate a
> sector
> unless it encounters a write error - which means that physical block
> probably
> has a physical defect, and almost certainly will return a read error
> due to the
> aborted (and now short) write - and that's *if* you can convince the
> drive to
> read from the previous location of a reallocated block.  As a result,
> those
> blocks are not going to be uncovered by any sort of normal user-level
> snooping
> on the drive - in fact, it's going to take some heavy duty diagnostics
> simply
> to convince the drive to try to read the old block and not the
> reallocated
> location. (On most drives, it will be a challenge to even get the list
> of
> relocated blocks - SMART data usually only includes the total number
> of reallocated blocks).
>
> Still, I guess some sites might have "people will take apparently
> zero'ed
> disk drives and send them off to data recovery shops at $2K+ a pop
> hoping
> that something valuable will be recoverable off the relocated blocks
> that
> probably have physical defects which will prohibit recovery".
>
> For the record - the wording in DOD 5220-22M regarding sanitizing
> drives:
>
> "Non-Removable Rigid Disks" or hard drives must be sanitized for reuse
> by
> overwriting all addressable locations with a character, its complement,
> then a
> random character and verify."
>
> Remapped blocks are no longer addressable locations, and thus aren't
> covered.
> If the DoD isn't worried about national secrets leaking out on the bad
> blocks,
> I'm not going to lose sleep over it either...


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.