Home page logo

basics logo Security Basics mailing list archives

Re: Advice regarding servers and Wiping Drives after testing
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Tue, 28 Aug 2007 20:01:47 +0200

On 2007-08-27 sec sam wrote:
I am concerned about an upcoming DR Test and only have a total of 32
consecutive hours to do the test.

I am trying to find comfort in recommending option number 1 listed
below. I am wondering if anyone has concerns about going with option 1
listed below.  This option has risen to the top of the list because it
meets the time constraints.

1) At the end of the test techs will remove the raid array from each
of the 3 servers (striped).
Disks will then be shuffled within the array and if possible between
servers too.
An array will then be re created on each of the 3 servers.
Estimated time to complete task is 25-60 minutes.
There is a lot I don't like about this scenario the biggest being that
I cant find anything that discourages this practice for wiping data- I
hear lots of different administrators say that is how they do it... I
don't like to take that as  proof that it is a good practice though.

That's most definitely insufficient, because most of the disks will
remain untouched, and therefore data on them may still be recoverable.

These would take more time than we can afford to spend but they might
provide a higher degree of certainty that data has been effectively
wiped out.
2) Use a drive wipe utility (there are many) and perform a wipe of the
systems to dod standards (120Gigs would take Hours and the products do
not seem to work in servers with Raid arrays-- At least that is what
we are finding)

3) Encrypt the 3 servers using a harddrive encryption software.
Not a bad option as AES128 encryption would  encrypt the data but
encrypting 120Gigs at 10 gigs per hour is about 12 hours of work.

4) Wipe all drives in a single pass with random data. I have yet to see
anyone being able to recover data from modern harddisks after that

Ansgar Wiechers
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]