Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [External] Re: [SECURITY] Fully Erase Hard and Flash Drives

From: Tim Doty <tdoty () MST EDU>
Date: Tue, 1 Oct 2019 12:58:49 -0500
On 9/30/19 11:54 AM, John McCabe wrote:
[snip]
I have yet to see anyone report that Secure Erase is implemented poorly from any SSD manufacturer but that doesn't give me confidence that these manufacturers are or will continue to implement Secure Erase correctly.
Well, I have[1]. Secure Erase was not supported on five units, failed on three units and was a success on four. Only those same four supported enhanced secure erase.
After various fiascos (Seagate and their handling of botched firmware comes to mind) I would not trust any drive manufacturer for a particular drive unless and until I had tested it. 

1) https://www.usenix.org/legacy/events/fast11/tech/full_papers/Wei.pdf

Tim Doty
On Mon, Sep 30, 2019 at 11:26 AM Robert Freeman-Day <rmday () iu edu <mailto:rmday () iu edu>> wrote: 

    I am new to the list, so I don't know if this was ever mentioned. There
    is an SSD secure erase option that does not require physical
    destruction.

    https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase

    Hope that helps.

    Robert

    On 9/30/19 10:24 AM, Brad Judy wrote:
     > This message was sent from a non-IU address. Please exercise
    caution when clicking links or opening attachments from external
    sources.
     > -------
     >
     > While it goes deep into the high security/paranoia realm, single
    punch destruction isn’t the standard when it comes to solid state
    devices. Full physical destruction of an SSD using a press should be
    a “bed of nails” approach to ensure that all of the chips are
    broken. Of course, you’re talking about a pretty high security
    environment if you’re worried about people pulling data off of
    individual chips, but those in high value research might consider it.
     >
     > Brad Judy
     >
     > Information Security Officer
     > Office of Information Security
     > University of Colorado
     > 1800 Grant Street, Suite 300
     > Denver, CO  80203
     > Office: (303) 860-4293
     > Fax: (303) 860-4302
     > www.cu.edu <http://www.cu.edu><http://www.cu.edu/>
     >
     > [cu-logo_fl]
     >
     >
     > From: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU
    <mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of Michael Hart
    <mhart20 () MSUDENVER EDU <mailto:mhart20 () MSUDENVER EDU>>
     > Reply-To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU
    <mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
     > Date: Thursday, September 26, 2019 at 10:33 AM
     > To: EDUCAUSE Listserv <SECURITY () LISTSERV EDUCAUSE EDU
    <mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
     > Subject: Re: [SECURITY] Fully Erase Hard and Flash Drives
     >
     > We have an arbor press with a punch.  See attached results:
     >
     >
     >
     > From: The EDUCAUSE Security Community Group Listserv
    <SECURITY () LISTSERV EDUCAUSE EDU
    <mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Rob Milman
     > Sent: Thursday, September 26, 2019 10:30 AM
     > To: SECURITY () LISTSERV EDUCAUSE EDU
    <mailto:SECURITY () LISTSERV EDUCAUSE EDU>
     > Subject: Re: [SECURITY] Fully Erase Hard and Flash Drives
     >
     > Our team uses a 5-ton press. It’s become a stress relief
    exercise, similar to the Office Space printer smashing scene.
     >
     >
     > [cid:image004.png@01D18F19.9217E950]
     >
     > Rob Milman
     > Associate Director, Information Security
     > Information Technology Services
     >
     > Southern Alberta Institute of Technology
     > EH Crandell Building, GA 214
     > 1301 – 16 Avenue NW, Calgary AB, T2M 0L4
     >
     > (Office) 403.774.5401  (Cell) 403.606.3173
     > rob.milman () sait ca
    <mailto:rob.milman () sait ca><mailto:rob.milman () sait ca
    <mailto:rob.milman () sait ca>>
     >
     >
     >
     >
     >
     > From: The EDUCAUSE Security Community Group Listserv
    <SECURITY () LISTSERV EDUCAUSE EDU
    <mailto:SECURITY () LISTSERV EDUCAUSE EDU><mailto:SECURITY () LISTSERV EDUCAUSE EDU
    <mailto:SECURITY () LISTSERV EDUCAUSE EDU>>> On Behalf Of Todd Watson
     > Sent: Thursday, September 26, 2019 10:27 AM
     > To: SECURITY () LISTSERV EDUCAUSE EDU
    <mailto:SECURITY () LISTSERV EDUCAUSE EDU><mailto:SECURITY () LISTSERV EDUCAUSE EDU
    <mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
     > Subject: Re: [SECURITY] Fully Erase Hard and Flash Drives
     >
     > Agreed, Kevin.
     >
     > Because of the variations in hardware design, complete deletion
    of flash drives may not be possible based on the factors to which
    you alluded. We shred before discarding.
     >
     > Regards,
     > ---
     > Dr. W. Todd Watson, CISSP
     > Information Security Officer
     > University System of Georgia
     > Cybersecurity
     > 706-583-2400
     > todd () usg edu <mailto:todd () usg edu><mailto:todd () usg edu
    <mailto:todd () usg edu>>
     >
     > From: The EDUCAUSE Security Community Group Listserv
    <SECURITY () LISTSERV EDUCAUSE EDU
    <mailto:SECURITY () LISTSERV EDUCAUSE EDU><mailto:SECURITY () LISTSERV EDUCAUSE EDU
    <mailto:SECURITY () LISTSERV EDUCAUSE EDU>>> on behalf of Kevin Wilcox
    <wilcoxkm () APPSTATE EDU
    <mailto:wilcoxkm () APPSTATE EDU><mailto:wilcoxkm () APPSTATE EDU
    <mailto:wilcoxkm () APPSTATE EDU>>>
     > Reply-To: The EDUCAUSE Security Community Group Listserv
    <SECURITY () LISTSERV EDUCAUSE EDU
    <mailto:SECURITY () LISTSERV EDUCAUSE EDU><mailto:SECURITY () LISTSERV EDUCAUSE EDU
    <mailto:SECURITY () LISTSERV EDUCAUSE EDU>>>
     > Date: Thursday, September 26, 2019 at 12:10 PM
     > To: "SECURITY () LISTSERV EDUCAUSE EDU
    <mailto:SECURITY () LISTSERV EDUCAUSE EDU><mailto:SECURITY () LISTSERV EDUCAUSE EDU
    <mailto:SECURITY () LISTSERV EDUCAUSE EDU>>"
    <SECURITY () LISTSERV EDUCAUSE EDU
    <mailto:SECURITY () LISTSERV EDUCAUSE EDU><mailto:SECURITY () LISTSERV EDUCAUSE EDU
    <mailto:SECURITY () LISTSERV EDUCAUSE EDU>>>
     > Subject: Re: [SECURITY] Fully Erase Hard and Flash Drives
     >
     > On Thu, 26 Sep 2019 at 11:58, White, Ryan <Whitery () bhc edu
    <mailto:Whitery () bhc edu><mailto:Whitery () bhc edu
    <mailto:Whitery () bhc edu>>> wrote:
     >
     > BHC is looking for a program to erase hard drives and flash
    drives.  What programs do you recommend to completely wipe USB and
    Hard Drives?  We are currently using an open source program when the
    need arises but that doesn’t erase flash drive and Solid State
    Drives.  Any input would be appreciated!
     >
     > My short answer is, "it depends".
     >
     > My longer answer is, "generally speaking, I'm happy with
    encrypting a drive with BitLocker and then formatting it or using
    Secure Erase in the ATA standard".
     >
     > My long answer is "cue folks talking about wear levelling and how
    you can't trust the drive to *actually* remove that data and what
    about the areas of the drive where data may be stored that you can't
    overwrite and a bonded destruction company is the only acceptable
    method and ..."
     >
     > That's a big ol' can of worms, I hope you're ready to do some
    fishin'.
     >
     > kmw
     >
     > **********
     > Replies to EDUCAUSE Community Group emails are sent to the entire
    community list. If you want to reply only to the person who sent the
    message, copy and paste their email address and forward the email
    reply. Additional participation and subscription information can be
    found at
    
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cmhart20%40MSUDENVER.EDU%7C6f5fcb1e54b54d23cbcb08d7429ed562%7C03309ca417334af9a73cf18cc841325c%7C1%7C0%7C637051122285805098&sdata=eHRJQ0ajDCvQI1IirIB1%2B%2BaWr0VJe6%2FLSDdqBbaZwXE%3D&reserved=0>
     >
     > **********
     > Replies to EDUCAUSE Community Group emails are sent to the entire
    community list. If you want to reply only to the person who sent the
    message, copy and paste their email address and forward the email
    reply. Additional participation and subscription information can be
    found at
    
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cmhart20%40MSUDENVER.EDU%7C6f5fcb1e54b54d23cbcb08d7429ed562%7C03309ca417334af9a73cf18cc841325c%7C1%7C0%7C637051122285815106&sdata=QIIMZUOjnnQNg5AyLd9R6hVgcY4YTA3oBT5f4xqAoPA%3D&reserved=0>
     >
     > **********
     > Replies to EDUCAUSE Community Group emails are sent to the entire
    community list. If you want to reply only to the person who sent the
    message, copy and paste their email address and forward the email
    reply. Additional participation and subscription information can be
    found at
    
https://www.educause.edu/community<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cmhart20%40MSUDENVER.EDU%7C6f5fcb1e54b54d23cbcb08d7429ed562%7C03309ca417334af9a73cf18cc841325c%7C1%7C0%7C637051122285815106&sdata=QIIMZUOjnnQNg5AyLd9R6hVgcY4YTA3oBT5f4xqAoPA%3D&reserved=0>
     >
     > **********
     > Replies to EDUCAUSE Community Group emails are sent to the entire
    community list. If you want to reply only to the person who sent the
    message, copy and paste their email address and forward the email
    reply. Additional participation and subscription information can be
    found at https://www.educause.edu/community
     >
     > **********
     > Replies to EDUCAUSE Community Group emails are sent to the entire
    community list. If you want to reply only to the person who sent the
    message, copy and paste their email address and forward the email
    reply. Additional participation and subscription information can be
    found at https://www.educause.edu/community
     >
-- ________ 

    Robert Freeman-Day
    Indiana University UITS
    LSERV - System Administrator - Linux
    2709 E. 10th St.
    Bloomington, IN 47405

    Pronoun: He or E/Em - https://pronoun.is/he?or=e

    GPG Public Key:
    https://keybase.io/robertfreemanday/pgp_keys.asc


    **********
    Replies to EDUCAUSE Community Group emails are sent to the entire
    community list. If you want to reply only to the person who sent the
    message, copy and paste their email address and forward the email
    reply. Additional participation and subscription information can be
    found at https://www.educause.edu/community



--
*John McCabe *
/Senior Information Security Manager & Data Protection Officer
Information Technology Services/
Manhattan College Logo/Shield
Riverdale, NY 10471
Phone: 718-862-6217
john.mccabe01 () manhattan edu <mailto:john.mccabe01 () manhattan edu>
www.manhattan.edu <http://www.manhattan.edu/>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community 




**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Previous By Date Next
Previous By Thread Next

Current thread: