Educause Security Discussion mailing list archives
Re: [External] Re: [SECURITY] Fully Erase Hard and Flash Drives
From: Tim Doty <tdoty () MST EDU>
Date: Tue, 1 Oct 2019 12:58:49 -0500
On 9/30/19 11:54 AM, John McCabe wrote: [snip]
I have yet to see anyone report that Secure Erase is implemented poorly from any SSD manufacturer but that doesn't give me confidence that these manufacturers are or will continue to implement Secure Erase correctly.
Well, I have[1]. Secure Erase was not supported on five units, failed on three units and was a success on four. Only those same four supported enhanced secure erase.
After various fiascos (Seagate and their handling of botched firmware comes to mind) I would not trust any drive manufacturer for a particular drive unless and until I had tested it.
1) https://www.usenix.org/legacy/events/fast11/tech/full_papers/Wei.pdf Tim Doty
On Mon, Sep 30, 2019 at 11:26 AM Robert Freeman-Day <rmday () iu edu <mailto:rmday () iu edu>> wrote:I am new to the list, so I don't know if this was ever mentioned. There is an SSD secure erase option that does not require physical destruction. https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase Hope that helps. Robert On 9/30/19 10:24 AM, Brad Judy wrote: > This message was sent from a non-IU address. Please exercise caution when clicking links or opening attachments from external sources. > ------- > > While it goes deep into the high security/paranoia realm, single punch destruction isn’t the standard when it comes to solid state devices. Full physical destruction of an SSD using a press should be a “bed of nails” approach to ensure that all of the chips are broken. Of course, you’re talking about a pretty high security environment if you’re worried about people pulling data off of individual chips, but those in high value research might consider it. > > Brad Judy > > Information Security Officer > Office of Information Security > University of Colorado > 1800 Grant Street, Suite 300 > Denver, CO 80203 > Office: (303) 860-4293 > Fax: (303) 860-4302 > www.cu.edu <http://www.cu.edu><http://www.cu.edu/> > > [cu-logo_fl] > > > From: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of Michael Hart <mhart20 () MSUDENVER EDU <mailto:mhart20 () MSUDENVER EDU>> > Reply-To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU>> > Date: Thursday, September 26, 2019 at 10:33 AM > To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU>> > Subject: Re: [SECURITY] Fully Erase Hard and Flash Drives > > We have an arbor press with a punch. See attached results: > > > > From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Rob Milman > Sent: Thursday, September 26, 2019 10:30 AM > To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> > Subject: Re: [SECURITY] Fully Erase Hard and Flash Drives > > Our team uses a 5-ton press. It’s become a stress relief exercise, similar to the Office Space printer smashing scene. > > > [cid:image004.png@01D18F19.9217E950] > > Rob Milman > Associate Director, Information Security > Information Technology Services > > Southern Alberta Institute of Technology > EH Crandell Building, GA 214 > 1301 – 16 Avenue NW, Calgary AB, T2M 0L4 > > (Office) 403.774.5401 (Cell) 403.606.3173 > rob.milman () sait ca <mailto:rob.milman () sait ca><mailto:rob.milman () sait ca <mailto:rob.milman () sait ca>> > > > > > > From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU><mailto:SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU>>> On Behalf Of Todd Watson > Sent: Thursday, September 26, 2019 10:27 AM > To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU><mailto:SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU>> > Subject: Re: [SECURITY] Fully Erase Hard and Flash Drives > > Agreed, Kevin. > > Because of the variations in hardware design, complete deletion of flash drives may not be possible based on the factors to which you alluded. We shred before discarding. > > Regards, > --- > Dr. W. Todd Watson, CISSP > Information Security Officer > University System of Georgia > Cybersecurity > 706-583-2400 > todd () usg edu <mailto:todd () usg edu><mailto:todd () usg edu <mailto:todd () usg edu>> > > From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU><mailto:SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU>>> on behalf of Kevin Wilcox <wilcoxkm () APPSTATE EDU <mailto:wilcoxkm () APPSTATE EDU><mailto:wilcoxkm () APPSTATE EDU <mailto:wilcoxkm () APPSTATE EDU>>> > Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU><mailto:SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU>>> > Date: Thursday, September 26, 2019 at 12:10 PM > To: "SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU><mailto:SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU>>" <SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU><mailto:SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU>>> > Subject: Re: [SECURITY] Fully Erase Hard and Flash Drives > > On Thu, 26 Sep 2019 at 11:58, White, Ryan <Whitery () bhc edu <mailto:Whitery () bhc edu><mailto:Whitery () bhc edu <mailto:Whitery () bhc edu>>> wrote: > > BHC is looking for a program to erase hard drives and flash drives. What programs do you recommend to completely wipe USB and Hard Drives? We are currently using an open source program when the need arises but that doesn’t erase flash drive and Solid State Drives. Any input would be appreciated! > > My short answer is, "it depends". > > My longer answer is, "generally speaking, I'm happy with encrypting a drive with BitLocker and then formatting it or using Secure Erase in the ATA standard". > > My long answer is "cue folks talking about wear levelling and how you can't trust the drive to *actually* remove that data and what about the areas of the drive where data may be stored that you can't overwrite and a bonded destruction company is the only acceptable method and ..." > > That's a big ol' can of worms, I hope you're ready to do some fishin'. > > kmw > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cmhart20%40MSUDENVER.EDU%7C6f5fcb1e54b54d23cbcb08d7429ed562%7C03309ca417334af9a73cf18cc841325c%7C1%7C0%7C637051122285805098&sdata=eHRJQ0ajDCvQI1IirIB1%2B%2BaWr0VJe6%2FLSDdqBbaZwXE%3D&reserved=0> > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cmhart20%40MSUDENVER.EDU%7C6f5fcb1e54b54d23cbcb08d7429ed562%7C03309ca417334af9a73cf18cc841325c%7C1%7C0%7C637051122285815106&sdata=QIIMZUOjnnQNg5AyLd9R6hVgcY4YTA3oBT5f4xqAoPA%3D&reserved=0> > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cmhart20%40MSUDENVER.EDU%7C6f5fcb1e54b54d23cbcb08d7429ed562%7C03309ca417334af9a73cf18cc841325c%7C1%7C0%7C637051122285815106&sdata=QIIMZUOjnnQNg5AyLd9R6hVgcY4YTA3oBT5f4xqAoPA%3D&reserved=0> > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community > > ********** > Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community >-- ________Robert Freeman-Day Indiana University UITS LSERV - System Administrator - Linux 2709 E. 10th St. Bloomington, IN 47405 Pronoun: He or E/Em - https://pronoun.is/he?or=e GPG Public Key: https://keybase.io/robertfreemanday/pgp_keys.asc ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community -- *John McCabe * /Senior Information Security Manager & Data Protection Officer Information Technology Services/ Manhattan College Logo/Shield Riverdale, NY 10471 Phone: 718-862-6217 john.mccabe01 () manhattan edu <mailto:john.mccabe01 () manhattan edu> www.manhattan.edu <http://www.manhattan.edu/> **********Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: [External] Re: [SECURITY] Fully Erase Hard and Flash Drives Tim Doty (Oct 01)