Home page logo

basics logo Security Basics mailing list archives

RE: Interesting One
From: <Leonard.Ong () nokia com>
Date: Fri, 1 Nov 2002 11:07:12 +0800


I hope I am not repeated a post in this tread.  IMHO, we should look at the confidentiality level of the data contained 
inside the harddrive.  Theoritically, based on Bell-Lapadula model, once the harddrive cleaned or purged, it can be 
safely used by higher clearance personnel, not but lower or the same level.

However, if the intention is to wipe out the disk completely, destruction will certainly work the best.  Few things you 
can do this, either by using chemical or others. Since harddrive is cheap, and information has a high value, destroying 
it would be logical.

The art is to find the balance, when to destroy and when to reuse.  If reuse, at what level of purging it should be 

I share Tim Donahue perspective below.

Leonard Ong
Network Security Specialist, APAC

Email.  Leonard.Ong () nokia com
Mobile. +65 9431 6184
Phone.  +65 6723 1724
Fax.    +65 6723 1596

-----Original Message-----
From: ext Tim Donahue [mailto:TDonahue () haynesconstruction com]
Sent: Friday, November 01, 2002 2:15 AM
To: 'Chris Chandler'; thomas () northernsecurity net; 'Dave Adams';
security-basics () security-focus com
Subject: RE: Interesting One

You are using software to try and recover information.  If you can recover
files after filling the platter with zeros 4 or 5 times and recover it
without a direct attack on the platters (ie,using a SEM), then why is it so
hard to believe that specialized HARDWARE can recover it after 30 times?  

At this point, I think it has been determined that the best way (and
possibly the only way in the near future) to prevent the recovery of
information is the complete and total destruction of the drive.  

Here is a good question for you though, at what point is it worth just
destroying the drive?  My guess would be we are at that point now, because
we have to use so many resources to be reasonably sure that the data is
unrecoverable, that is is cost effective to just destroy the drive and
purchase a replacement for it.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]