Home page logo
/

basics logo Security Basics mailing list archives

Re: Advice regarding servers and Wiping Drives after testing
From: "Jay" <jay.tomas () infosecguru com>
Date: Tue, 28 Aug 2007 16:31:45 -0400

It may be helpful to know the data classifcation of the date prior to suggesting a solution.

If you are a goverment or intelligence agency /  consultant it would be greatly different than if you were a 
Landscaping company keeping track of how much sh*t you had left.

If speed is of great important you may look at renting a degausser. (about $600 a week)

Its about Risk Management = How much time and money you are going to use is determined on the value of the data and 
outcome if there is exposure.

Jay

----- Original Message -----
From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net]
To: security-basics () securityfocus com
Sent: Tue, 28 Aug 2007 20:01:47 +0200
Subject: Re: Advice regarding servers and Wiping Drives after testing

On 2007-08-27 sec sam wrote:
I am concerned about an upcoming DR Test and only have a total of 32
consecutive hours to do the test.

I am trying to find comfort in recommending option number 1 listed
below. I am wondering if anyone has concerns about going with option 1
listed below.  This option has risen to the top of the list because it
meets the time constraints.

1) At the end of the test techs will remove the raid array from each
of the 3 servers (striped).
Disks will then be shuffled within the array and if possible between
servers too.
An array will then be re created on each of the 3 servers.
Estimated time to complete task is 25-60 minutes.
There is a lot I don't like about this scenario the biggest being that
I cant find anything that discourages this practice for wiping data- I
hear lots of different administrators say that is how they do it... I
don't like to take that as  proof that it is a good practice though.

That's most definitely insufficient, because most of the disks will
remain untouched, and therefore data on them may still be recoverable.

These would take more time than we can afford to spend but they might
provide a higher degree of certainty that data has been effectively
wiped out.
2) Use a drive wipe utility (there are many) and perform a wipe of the
systems to dod standards (120Gigs would take Hours and the products do
not seem to work in servers with Raid arrays-- At least that is what
we are finding)

3) Encrypt the 3 servers using a harddrive encryption software.
Not a bad option as AES128 encryption would  encrypt the data but
encrypting 120Gigs at 10 gigs per hour is about 12 hours of work.

4) Wipe all drives in a single pass with random data. I have yet to see
anyone being able to recover data from modern harddisks after that
procedure.

Regards
Ansgar Wiechers
--
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]