Bugtraq: Re: RE: Peter Gutmann data deletion theaory?

[underwood-de () hotmail com]

I was in charge of a stand alone, 125 user, authorised to process up to and including secret, network for a number of  
years. Our cable infrastructure was fiber from server to the desktop with the only exposed piece of fiber being the LAN 
connection from PC to the box. The hard drives were removeable, were locked up every night and random patrols were done 
nightly as well.

We were not allowed to do a seven pass government wipe to dispose of the drives as our security people deemed it 
inadequate, we turned them over to our classified waste people who stored them until there were enough to justify 
having the platters removed and mechanicaly beaten into little lumps of metal.

It does come down to a proper Risk Threat Assesment, how valuable is your data and in our case how politicaly and 
militarily sensitive is it.

I personaly was quite happy that we were not responsible for ensuring the cleanliness of the drives when they went for 
disposal.