mailing list archives
RE: Interesting One
From: <Leonard.Ong () nokia com>
Date: Fri, 1 Nov 2002 11:07:12 +0800
I hope I am not repeated a post in this tread. IMHO, we should look at the confidentiality level of the data contained
inside the harddrive. Theoritically, based on Bell-Lapadula model, once the harddrive cleaned or purged, it can be
safely used by higher clearance personnel, not but lower or the same level.
However, if the intention is to wipe out the disk completely, destruction will certainly work the best. Few things you
can do this, either by using chemical or others. Since harddrive is cheap, and information has a high value, destroying
it would be logical.
The art is to find the balance, when to destroy and when to reuse. If reuse, at what level of purging it should be
I share Tim Donahue perspective below.
Network Security Specialist, APAC
Email. Leonard.Ong () nokia com
Mobile. +65 9431 6184
Phone. +65 6723 1724
Fax. +65 6723 1596
From: ext Tim Donahue [mailto:TDonahue () haynesconstruction com]
Sent: Friday, November 01, 2002 2:15 AM
To: 'Chris Chandler'; thomas () northernsecurity net; 'Dave Adams';
security-basics () security-focus com
Subject: RE: Interesting One
You are using software to try and recover information. If you can recover
files after filling the platter with zeros 4 or 5 times and recover it
without a direct attack on the platters (ie,using a SEM), then why is it so
hard to believe that specialized HARDWARE can recover it after 30 times?
At this point, I think it has been determined that the best way (and
possibly the only way in the near future) to prevent the recovery of
information is the complete and total destruction of the drive.
Here is a good question for you though, at what point is it worth just
destroying the drive? My guess would be we are at that point now, because
we have to use so many resources to be reasonably sure that the data is
unrecoverable, that is is cost effective to just destroy the drive and
purchase a replacement for it.
- RE: Interesting One, (continued)