Slashdot Mirror
Secure Hard Drive Deletion Appliance?
An anonymous reader asks "I am searching for a box into which I can plug a hard drive (IDE or SCSI of various flavors) and automatically begin a secure deletion process (DoD 2250 compliant or the like would be good). This is normally for dead drives which need to be RMA-ed. Because of various regulations (HIPAA for starters), we need to at least attempt to do a good job clearing the disk. I've heard from a number of places, including this Slashdot story, that degaussing isn't great. There are software solutions out there, but in general, I want to toss a replacement hard drive in and not have to hunt around for hardware to put the bad drive in in order to run the software. Given the right case, a solid state drive, some SCSI cards and one of various pieces of software, I can imagine such a beast. Has anyone seen someone selling something like this?" No case-opening is necessary to use a USB/IDE converter, which might be a good middle ground. Any other ideas?
dban.sourceforge.net
http://dban.sourceforge.net/
Good hardware detection, GPL.
Use good old Norton Diskreet (DOS version) and automate it with a batch file running on a tired old PC set out to pasture. All supplies are available on Ebay.
I am becoming gerund, destroyer of verbs.
These guys will have a solution for you. They know how to recover the data. They know how to erase it past any hope of recovery.
Disclaimer: Affiliations from past work experience.
See http://www.g4tv.com/unscrewed/features/45707/Dark_ Tip_Destroy_All_Data.html
have a few pieces of s/w and h/w mentioned there. use the floppy method on a standalone machine to plug your disk into and wipe it. try Darik's Boot and Nuke method: http://dban.sourceforge.net/
It basically means that everyone who works in the medical industry has to jump through hoops to make sure that anything that could compromise your privacy doesn't get out without your permission. This goes to the extent that when working with MRI images for cross-site study, we have to use custom face-removing software so that someone can't reconstruct what your face looks like from the 3d data. And even then, there are debates about how much skull needs to be removed...
sed "s/SJW.*$/... never mind. I was about to say something stupid, and also, I'm a troglodyte./Ig"
http://www.driveduplicators.com/124.html
:)
Its primarily a hard drive duplicator but it also has DoD 5220.22-M level wipe. Sorry to plug a specific product
what the heck is HIPAA?
Try the Health & Human Services - Office for Civil Right - HIPAA for some information. HIPAA is relevant to the article because it strengthened medical privacy laws.
You must have seen Shred mentioned in the previous discussion. It's GNU coreutils so comes as standard with most Linux (ahem: GNU/Linux) distributions, and deals with file references in your filesystem.
/dev/blah" to the device. The man pages say that this will write random data 25 times across the device before zeroing it, making a mess of the filesystem and the files too, whether or not they're stored with journaling data.
Shred is not complicated enough to waste files that has been stored on a journaled filesystem, which includes NTFS, ext3, ReiserFS and friends. This doesn't stand in the way of you plugging in a device, for example by USB/Firewire enoclosure), having it automount, according to your distribution's setup, before running "shred -z
Slashdot already covered the best method of data destruction.
Drive Slagging!
"You never know when some crazed rodent with cold feet might be running loose in your pants."
-Calvin
There is no substitute for heat.
Cook the drive past the Curie Point with a
blowtorch. You'd be amazed what folks can recover
from drives even if they've been "destroyed."
>I would suggest first formatting the drive with
/dev/hda
:-)
>multiple writes and reads of serial 1's and 0's
>which should prevent 99.9% of data recovery
>attempts.
from the manpage of badblocks(8) I saw that:
# badblocks -w
does just this and better
But it's not an hardware solution and in the case of bad hardware could take a lot of time.
If you prize so much the confidentiality of the date to go to very extreme measures like high level gear just for that, as cheap as the HDs are now, I would just throw them inside a furnace.
Scientia est Potentia
OS X does not support Linux's ext2/3 and Reiser right now to my knolwedge, but there is an open source implementation of ext2 available for OS X. That said, OS X can at least boot ext2 filesystems. proc is also not supported, but the following are supported natively in OS X: volfs, union, synthfs, specfs, ramfs, nullfs, loop*, fdesc, devfs, deadfs, cddafs, WebDAV, SMB/CIFS, NFS, FTP, AFP, UFS, UDF, NTFS, MSDOS, ISO9660, HFS+ and HFS. Pretty impressive for an out of the box OS that is also easy to use and implement.
Also, I am not sure what you mean by having a hard drive "kill" a computer. Unless you are talking weird power flux issues, running a HD off of a PCI card should protect you from just about anything.
Visit Jonesblog and say hello.
The general rule of thumb for data security sensitive industries is to never return the platters.
Most governments have arrangements to either get a discount up front, or to get the manufacturer to accept the top cover as proof the drive is destroyed, and then provide a warranty replacement.
For everyone else it is the cost of doing business. Depending on your business the risk is measured in years in court, 7+ digit claims and real impacts on stock price. Replacing failed harddrives out of pocket is cheap.
Best thing to do is remove the platters and store them as they take up less space, and once you have enough pay a degauss service to blast the entire box. Even then, get an artist to turn them into a piece of art for your front lobby.
As I recall, you're better off using a string of alternating 1s and 0s, followed by a string of 0s and 1s, like so: 10101010 followed by 01010101. This maximises the ``change'' you're making on each pass, and so it messes up the traces of the old information the fastest.
Back when we were still using Western Digital RLL boards, we used to write (and then read, of course) those patterns to a HD to stress-test it. If it could do that all night, always reading back what it had just written, it would probably save your data fro a while.
See what I've been reading.
It may be easier to pay extra for a warranty that lets you keep the failed hard drive. Dell has one. Others probably do too. Or considering how cheap hard drives are, just buy a few spare drives for the whole office and don't RMA the failed drives. The risk there is if you get a batch of bum drives. It happened at my office. Every single Maxtor drive from one order of Dells failed in less than a year. It was just bad sectors so we could still wipe them.
Actually, you may have been intending humor, but there are cases where the drive's mechanisms (spindle motor, controller board) may be dead but the platters intact and full of data.
I agree with my grandparent post. If the drive isn't spinning up or recognized by BIOS (technically "dead"), how are you going to wipe the data besides destroying the platters or at least degaussing.
I deal with this all the time. There are a few methods that have been approved. You can format with a writting a complete random 0's, 1's across the entire disk 3 times (this includes the protected area where the MBR sits and is hidden from normal usage). Or you can destroy the disk completely. Typically destruction of the disk entails dismantaling the enclosure, removing the platters and then emmersion in a acid or burning in furnace to melt the platters. Hammers are not recommended as the broken pieces can still contain data which given enough resources can be extracted.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
WARNING: Following through on the screwdriver suggestion may shatter your hard drive platters while spinning at high speed causing little glass shards to go everywhere, including into your face. A friend of mine made this mistake once...
We have done a few of these setups. Essentially we set up a rack at your location that has several slots for ide or scsi drives, you plug the disk in and it wipes it and reports the serial number of the disk as wiped. You can also have a barcode sticker on the hard drives and scan it with a barcode reader(optional) during erasure. Check out our site. And tell em Mike sent ya ;)
http://www.blancco.us
Uhhh... I disagree. I work at an organisation which falls under HIPAA. All the money we would spend on new hard drives for no apparent reason would mean that developmentally delayed persons in the community would be unable to get access to the resources we exist to provide.
/dev/random onto your disk a few times. Anybody know any good reason why that would be insuffiecient?
Whenever somebody moves from one department to another, they need either a new PC, new HD, or a fresh setup on their old PC after a secure wipe. Every time somebody leaves the organisation, or a new person arrives. Every time a drive dies and the PC needs to get a new one under warranty.
Right now, I am probably doing a minimum of ten secure wipes every month. A new hard drive would cost roughly a hundred bucks. That's 12,000 dollars annually, minimum, just on hard drives, which would be wasted. That's a certain number of hours we would need to cut back the day program, leaving mentally retarded people roaming the streets without any help. Including the mentally retarded people who aren't allowed near children because they have sexually assaulted them in the past. That's a certain number of winter coats that can't be bought for people who can't work a steady job.
So, we use a utility called DBAN, Darik's Boot And Nuke. It's part of a free x86 rescue CD I downloaded. It comes with a bootable linux live CD, which includes an ntfs resizer, and memtest86. I usually just run it in teh machine where the HD is, rather than pulling the HDD out. In particular, this is much handier for laptops than a special device would be. OTOH, it would be easy enough to get an external hot swap caddy, and use it as your appliance, just plug it into any machine.
Also, you can always just dd
While this may seem at first to be just a one off joke, there is really alot to be said for torching a drive. In addition to the massive physical damage, you will heat the magnetic layers past their Curie point, so their magnetic orientation won't matter: they won't be magnetic anymore.
Happy torching!
Phus. Sysiphus.
Army spec is 5 holes equadistant holes drilled through the platters.
Sounds like a good job could be done automatically by changing the application code for the Linksys NSLU2 which as we know has complete Linux source available and also has a substantial following.
http://www.nslu2-linux.org/
1) Format to EXT3 deleting all partions.
2) DOD wipe. Format to Desired End state.
Mail if you are interested. Cheers!
Vista, the single biggest argument for Desktop Linux! It doesn't "Just Work"(TM).
just to be pedantic... its usually "return materials authorization"
but, whatever.
Is BCWipe legally authorized for that use though?
That's easy...
NO.
BCWipe and other such applications will allow you to use a classified (up to SECRET only, nothing more sensitive) harddrive in an unclassified computer/network, but you must STILL track that harddrive, and physically destroy it when you excess the computer. The utility is approved for re-purposing the drive, but it must still be disposed of as any other classified storage, i.e., physically destroyed.
TS and higher drives may NOT be re-purposed like this, they must be physically destroyed.
Generally, "physically destroyed" means the drive must be disassembled, and the individual platters wiped with a magnet of a gauranteed minimum field strength. (Sorry, I'd tell you the required field strength, but I don't remember off hand.) After this, the platters can be disposed of just like shredded classified documents would be.
10 years ago using BCWipe-style software was approved in DOD for declassifying harddrives. This is not the case any more. Pay attention to how harddrives work. They've gotten too smart for this to be guaranteed to wipe data now. They ship with "excess" sectors, and can internally remap any bad sectors to these excess sectors, reading data from them and copying it when the sector is internally detected as "going bad but still accessible". Data in these "bad" remapped sectors can be accessed when the drive is connected in diagnostic mode. If you have a classified storage device, within certain boundaries, you won't know if the drive has performed such a remapping and hidden classified data that could be recovered by an intelligent operator. Therefor, BCWipe-style software is only approved for re-purposing where you maintain physical control of the harddrive. To dispose of the harddrive, you must physically destroy it, basically because the drives have gotten too smart.
This is my sig. There are many like it but this one is... Oops. Frank, I've got your sig again! Where's mine?
To wipe the drive insert a knoppix disk, once booted mount your partitions. Cd to a partition and type
# shred [options] *
man shred for specifics but shred does NSA style wipes of HDD with as many overwrites as you want (25 is stock) then follow it up with rm -Rf * (since shred destroys the data not the "name") then once all files on all partitions are "wiped" fdisk it, one big partition and put a new file system on it.
This can be done to NSA standards with a little bit of effort.
shred is beyond any doubt the most overlooked utility in Linux/Unix.
I'm sorry, I'm to tired to be witty at the moment so this message will have to do.
you can always just dd /dev/random onto your disk
/dev/urandom. /dev/random blocks waiting for entropy and will take almost forever. /dev/urandom is less secure in a certain highly technical sense that isn't relevant to this application; for drive wiping, it is nonetheless the correct one to use.
Don't do that. Use
Sorry folks, I'd rather rely on my community there than a bunch of fellow /.'s (grin). Elitist? Yar!
"[I]t is a wise man who admits the limits of his knowledge or skill, and that pretending either causes harm." --Terry Go
I agree. Get something like ABIT SecureIDE and install it in every machine. Then you kill 2 birds with one stone. 1) you can be sure that only authorised personel can use the machine and 2) if the drive dies, you unplug it and you can be sure that no one can read the data on it.
double penetration;