[nlug] Re: Data security?
This discussion came up on one of the SANS lists recently and unfortunately I didn't save the thread for the references but there is research showing that if you have a well funded advisory you are better off wiping the drive once than physical damage to a level less than than total shredding. This makes sense when you think about it. If you drill say three 1 holes in a 3.5 drive you have left most of the platter undamaged. Thus a data recovery house can recover all or most of the data in the undamaged area. Back in the days of floppies there used to be a company that had an advertising campaign showing a pencil shoved through a floppy and they bragged about how much of the data was recovered. It's expensive but it's also possible to recover from physical damage of hard disks. Current theory/tests hold that a single wipe is sufficient on modern hard drives. If I remember correctly this has to to with denser data and less room for error. DBAN is great for wipes as long as the disk doesn't not have errors that cause DBAN for die. In those cases I do physical damage and hope for the best and assume that no one really wants my data badly enough to go to the trouble of paying for recovery. Within a short period I will be starting to encrypt all my drives at work so this will be less of an issue but I'll still wipe when possible just to be safe. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -~--~~~~--~~--~--~---
[nlug] Re: Data security?
On Thu, Apr 2, 2009 at 8:13 AM, Drew cothar...@gmail.com wrote: Hello, Like the subject says, this pertains to data security, but not just on linux/bsd/*nix. What I'd like to know is if anyone has a tool they prefer for wiping hard drives in workstations. As we grow/upgrade systems, we frequently have old systems we'd like to get rid of, but data security is a concern. I would like to leave systems usable (ie not destroy or remove the hard drive) but clean. Ideally, we're talking about a bootable CD that has a utility that will format/overwrite/reformat/overwrite drives to a point where there is a reasonable expectation that data that was on the drive won't be able to be retrieved. So - favorites, recommendations? Input on this being a pointless task because data can always be recovered? Thanks for the input. Pretty much any bootable linux distro will do it as you can use DD or a lot of other tools to overwrite the data on the drive. If you actually want to a bootable that is designed for it, try http://www.dban.org/ (Darik's boot and nuke). I was going to reply with a link to this video: http://www.youtube.com/watch?v=UIRXh2oiqtA but you said you didn't want to destroy the drives. As to the security of the wipe. All the data recovery companies have stated that overwriting the drive once with zeros pretty much makes it unrecoverable, though better safe than sorry, so do the secure seven alteranating wipe. Andy --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -~--~~~~--~~--~--~---
[nlug] Re: Data security?
I agree with Sky. There used to be 'low level format' available on cheap IDE controllers that worked pretty well. The best I remember seeing that kept the drive useable was an old dos/windows program that did a 'distructive disk test' that I used several times on different disks that were otherwise un-recoverable anyway. I wish I could remember its name. You could build a small sh script to use dd to write some pattern till it filled up a drive using different patterns on various passes, but that is kind of a pain. If you are discarding a UNIX derivative, just do a fresh install with a different type of file system. A good way to physically demolish one is to take it to your local neighborhood blacksmith (I had one across the street when I lived in Houston) and go with him to his forge. Melt the drive to a nice pool of silicon and aluminum sludge. It is very satisfying. It is really hard to recover data after that. Pouring the sludge into a nice paper weight, door stop, etc is also fun. ... Actually a good coal fired BBQ of old disk drives behind the HC one weekend could be a nice community support project! :) ... Then cast them into trophies for 'worst security' to be handed out to folks at the next Phreaknic --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -~--~~~~--~~--~--~---
[nlug] Re: Data security?
I use DBAN (Darik's Boot And Nuke) for all my wipes. It uses the same algorithms that the DoD uses, as well as some other standards that are more thorough, though probably less useful as they take much, much longer to run. I trust DBAN enough to take care of our retired drives that have the library's financial data on them, though most of that is public record anyway. My $1.75 ($0.02, adjusted for tax increases) Jim Peterson Technology Coordinator Goodnight Memorial Library 203 S. Main St. Franklin, KY 42134 (270) 586-8397 www.gmpl.org Library Technology by jimmythegeek! On Thu, 2009-04-02 at 07:13 -0500, Drew wrote: Hello, Like the subject says, this pertains to data security, but not just on linux/bsd/*nix. What I'd like to know is if anyone has a tool they prefer for wiping hard drives in workstations. As we grow/upgrade systems, we frequently have old systems we'd like to get rid of, but data security is a concern. I would like to leave systems usable (ie not destroy or remove the hard drive) but clean. Ideally, we're talking about a bootable CD that has a utility that will format/overwrite/reformat/overwrite drives to a point where there is a reasonable expectation that data that was on the drive won't be able to be retrieved. So - favorites, recommendations? Input on this being a pointless task because data can always be recovered? Thanks for the input. Drew --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -~--~~~~--~~--~--~---
[nlug] Re: Data security?
My kids (the 12-yr-old boy 8-yr old girl) like to try and take turns with the sledgehammer. Of course, I usually end up doing the deed, but like Jack's idea, it is very satisfying and actually provides a great workout too! I also sight in my deer rifle with them, and use them for target practice when I'm shooting my .45. Fun! Jim On Thu, 2009-04-02 at 08:28 -0500, Jack Coats wrote: I agree with Sky. There used to be 'low level format' available on cheap IDE controllers that worked pretty well. The best I remember seeing that kept the drive useable was an old dos/windows program that did a 'distructive disk test' that I used several times on different disks that were otherwise un-recoverable anyway. I wish I could remember its name. You could build a small sh script to use dd to write some pattern till it filled up a drive using different patterns on various passes, but that is kind of a pain. If you are discarding a UNIX derivative, just do a fresh install with a different type of file system. A good way to physically demolish one is to take it to your local neighborhood blacksmith (I had one across the street when I lived in Houston) and go with him to his forge. Melt the drive to a nice pool of silicon and aluminum sludge. It is very satisfying. It is really hard to recover data after that. Pouring the sludge into a nice paper weight, door stop, etc is also fun. ... Actually a good coal fired BBQ of old disk drives behind the HC one weekend could be a nice community support project! :) ... Then cast them into trophies for 'worst security' to be handed out to folks at the next Phreaknic --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -~--~~~~--~~--~--~---
[nlug] Re: Data security?
I'll chime in with another vote for DBAN. The only thing I have to add is that DBAN (stable) supports most, but not all controllers. I have a second CD with DBAN beta that seems to support other (AHCI) controllers. Between the two of those CD's, I don't have any problem wiping drives. I actually have a really old server that just sits in the rack doing drive wipes (with DBAN) and drive testing (with SpinRite) of old drives (thanks to a couple hot-swap bays for SATA and IDE drives.) It takes so long to wipe and to test that I just make a habit of going in there once a day and swapping out the just wiped or tested drive with the next one in my stack. Chris On Thu, Apr 2, 2009 at 8:35 AM, Jim Peterson jim.sokytec...@gmail.comwrote: My kids (the 12-yr-old boy 8-yr old girl) like to try and take turns with the sledgehammer. Of course, I usually end up doing the deed, but like Jack's idea, it is very satisfying and actually provides a great workout too! I also sight in my deer rifle with them, and use them for target practice when I'm shooting my .45. Fun! Jim On Thu, 2009-04-02 at 08:28 -0500, Jack Coats wrote: I agree with Sky. There used to be 'low level format' available on cheap IDE controllers that worked pretty well. The best I remember seeing that kept the drive useable was an old dos/windows program that did a 'distructive disk test' that I used several times on different disks that were otherwise un-recoverable anyway. I wish I could remember its name. You could build a small sh script to use dd to write some pattern till it filled up a drive using different patterns on various passes, but that is kind of a pain. If you are discarding a UNIX derivative, just do a fresh install with a different type of file system. A good way to physically demolish one is to take it to your local neighborhood blacksmith (I had one across the street when I lived in Houston) and go with him to his forge. Melt the drive to a nice pool of silicon and aluminum sludge. It is very satisfying. It is really hard to recover data after that. Pouring the sludge into a nice paper weight, door stop, etc is also fun. ... Actually a good coal fired BBQ of old disk drives behind the HC one weekend could be a nice community support project! :) ... Then cast them into trophies for 'worst security' to be handed out to folks at the next Phreaknic --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -~--~~~~--~~--~--~---
[nlug] Re: Data security?
Interesting... I didn't know IDE did hot swap. On Thu, Apr 2, 2009 at 10:05 AM, Chris McQuistion cmcquist...@watkins.eduwrote: I'll chime in with another vote for DBAN. The only thing I have to add is that DBAN (stable) supports most, but not all controllers. I have a second CD with DBAN beta that seems to support other (AHCI) controllers. Between the two of those CD's, I don't have any problem wiping drives. I actually have a really old server that just sits in the rack doing drive wipes (with DBAN) and drive testing (with SpinRite) of old drives (thanks to a couple hot-swap bays for SATA and IDE drives.) It takes so long to wipe and to test that I just make a habit of going in there once a day and swapping out the just wiped or tested drive with the next one in my stack. Chris On Thu, Apr 2, 2009 at 8:35 AM, Jim Peterson jim.sokytec...@gmail.comwrote: My kids (the 12-yr-old boy 8-yr old girl) like to try and take turns with the sledgehammer. Of course, I usually end up doing the deed, but like Jack's idea, it is very satisfying and actually provides a great workout too! I also sight in my deer rifle with them, and use them for target practice when I'm shooting my .45. Fun! Jim On Thu, 2009-04-02 at 08:28 -0500, Jack Coats wrote: I agree with Sky. There used to be 'low level format' available on cheap IDE controllers that worked pretty well. The best I remember seeing that kept the drive useable was an old dos/windows program that did a 'distructive disk test' that I used several times on different disks that were otherwise un-recoverable anyway. I wish I could remember its name. You could build a small sh script to use dd to write some pattern till it filled up a drive using different patterns on various passes, but that is kind of a pain. If you are discarding a UNIX derivative, just do a fresh install with a different type of file system. A good way to physically demolish one is to take it to your local neighborhood blacksmith (I had one across the street when I lived in Houston) and go with him to his forge. Melt the drive to a nice pool of silicon and aluminum sludge. It is very satisfying. It is really hard to recover data after that. Pouring the sludge into a nice paper weight, door stop, etc is also fun. ... Actually a good coal fired BBQ of old disk drives behind the HC one weekend could be a nice community support project! :) ... Then cast them into trophies for 'worst security' to be handed out to folks at the next Phreaknic --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -~--~~~~--~~--~--~---
[nlug] Re: Data security?
- Andrew Farnsworth farn...@gmail.com wrote: Interesting... I didn't know IDE did hot swap. I don't know if that was originally intended to do it, but there are commands in hdparm for spinning down drives and such. Also commands for rescanning the IDE bus. Of course you have to have a decent enough IDE chipset to not get fully confused. -- Steven Critchfield cri...@basesys.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -~--~~~~--~~--~--~---
[nlug] Re: Data security?
I probably shouldn't have called it hot-swap. It is just a removable drive bay and I always shut down to swap the drives around, although I think there are some commands to do it, hot, I just don't really trust them. Chris On Thu, Apr 2, 2009 at 9:09 AM, Andrew Farnsworth farn...@gmail.com wrote: Interesting... I didn't know IDE did hot swap. On Thu, Apr 2, 2009 at 10:05 AM, Chris McQuistion cmcquist...@watkins.edu wrote: I'll chime in with another vote for DBAN. The only thing I have to add is that DBAN (stable) supports most, but not all controllers. I have a second CD with DBAN beta that seems to support other (AHCI) controllers. Between the two of those CD's, I don't have any problem wiping drives. I actually have a really old server that just sits in the rack doing drive wipes (with DBAN) and drive testing (with SpinRite) of old drives (thanks to a couple hot-swap bays for SATA and IDE drives.) It takes so long to wipe and to test that I just make a habit of going in there once a day and swapping out the just wiped or tested drive with the next one in my stack. Chris On Thu, Apr 2, 2009 at 8:35 AM, Jim Peterson jim.sokytec...@gmail.comwrote: My kids (the 12-yr-old boy 8-yr old girl) like to try and take turns with the sledgehammer. Of course, I usually end up doing the deed, but like Jack's idea, it is very satisfying and actually provides a great workout too! I also sight in my deer rifle with them, and use them for target practice when I'm shooting my .45. Fun! Jim On Thu, 2009-04-02 at 08:28 -0500, Jack Coats wrote: I agree with Sky. There used to be 'low level format' available on cheap IDE controllers that worked pretty well. The best I remember seeing that kept the drive useable was an old dos/windows program that did a 'distructive disk test' that I used several times on different disks that were otherwise un-recoverable anyway. I wish I could remember its name. You could build a small sh script to use dd to write some pattern till it filled up a drive using different patterns on various passes, but that is kind of a pain. If you are discarding a UNIX derivative, just do a fresh install with a different type of file system. A good way to physically demolish one is to take it to your local neighborhood blacksmith (I had one across the street when I lived in Houston) and go with him to his forge. Melt the drive to a nice pool of silicon and aluminum sludge. It is very satisfying. It is really hard to recover data after that. Pouring the sludge into a nice paper weight, door stop, etc is also fun. ... Actually a good coal fired BBQ of old disk drives behind the HC one weekend could be a nice community support project! :) ... Then cast them into trophies for 'worst security' to be handed out to folks at the next Phreaknic --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -~--~~~~--~~--~--~---
[nlug] Re: Data security?
Great information, great discussion. I agree that destroying the drive (the fire arm method is one I've used personally) is the surest form of data security, however our retired workstations tend to be better than many people's (especially our employees) home computers, so we first tend to sell off any old systems to them. While it's not that I don't *trust* the employees, for the sake of the company, I like to make all the best efforts to prevent any accidental disclosure of data. Sounds like I'll be giving dban a spin. Thanks again. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups NLUG group. To post to this group, send email to nlug-talk@googlegroups.com To unsubscribe from this group, send email to nlug-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -~--~~~~--~~--~--~---