Security Basics mailing list archives
Re: Advice regarding servers and Wiping Drives after testing
From: "Jay" <jay.tomas () infosecguru com>
Date: Tue, 28 Aug 2007 16:31:45 -0400
It may be helpful to know the data classifcation of the date prior to suggesting a solution. If you are a goverment or intelligence agency / consultant it would be greatly different than if you were a Landscaping company keeping track of how much sh*t you had left. If speed is of great important you may look at renting a degausser. (about $600 a week) Its about Risk Management = How much time and money you are going to use is determined on the value of the data and outcome if there is exposure. Jay ----- Original Message ----- From: Ansgar -59cobalt- Wiechers [mailto:bugtraq () planetcobalt net] To: security-basics () securityfocus com Sent: Tue, 28 Aug 2007 20:01:47 +0200 Subject: Re: Advice regarding servers and Wiping Drives after testing On 2007-08-27 sec sam wrote:
I am concerned about an upcoming DR Test and only have a total of 32 consecutive hours to do the test. I am trying to find comfort in recommending option number 1 listed below. I am wondering if anyone has concerns about going with option 1 listed below. This option has risen to the top of the list because it meets the time constraints. 1) At the end of the test techs will remove the raid array from each of the 3 servers (striped). Disks will then be shuffled within the array and if possible between servers too. An array will then be re created on each of the 3 servers. Estimated time to complete task is 25-60 minutes. There is a lot I don't like about this scenario the biggest being that I cant find anything that discourages this practice for wiping data- I hear lots of different administrators say that is how they do it... I don't like to take that as proof that it is a good practice though.
That's most definitely insufficient, because most of the disks will remain untouched, and therefore data on them may still be recoverable.
These would take more time than we can afford to spend but they might provide a higher degree of certainty that data has been effectively wiped out. 2) Use a drive wipe utility (there are many) and perform a wipe of the systems to dod standards (120Gigs would take Hours and the products do not seem to work in servers with Raid arrays-- At least that is what we are finding) 3) Encrypt the 3 servers using a harddrive encryption software. Not a bad option as AES128 encryption would encrypt the data but encrypting 120Gigs at 10 gigs per hour is about 12 hours of work.
4) Wipe all drives in a single pass with random data. I have yet to see anyone being able to recover data from modern harddisks after that procedure. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- Advice regarding servers and Wiping Drives after testing sec sam (Aug 28)
- Re: Advice regarding servers and Wiping Drives after testing Ansgar -59cobalt- Wiechers (Aug 28)
- Message not available
- Re: Advice regarding servers and Wiping Drives after testing Ansgar -59cobalt- Wiechers (Aug 28)
- Re: Advice regarding servers and Wiping Drives after testing sec sam (Aug 29)
- Re: Advice regarding servers and Wiping Drives after testing gjgowey (Aug 30)
- RE: Advice regarding servers and Wiping Drives after testing ACE - Julius Turk (Aug 30)
- RE: Advice regarding servers and Wiping Drives after testing Dereck Martin (Aug 31)
- Message not available
- Re: Advice regarding servers and Wiping Drives after testing Ansgar -59cobalt- Wiechers (Aug 28)
- <Possible follow-ups>
- Re: Advice regarding servers and Wiping Drives after testing Jay (Aug 28)
- Re: Re: Advice regarding servers and Wiping Drives after testing someguy (Aug 30)
- Advice regarding servers and Wiping Drives after testing cosynmr (Aug 31)