Ask Slashdot: Datacenter HDD Wipe Policy?

← Back to Stories (view on slashdot.org)

Ask Slashdot: Datacenter HDD Wipe Policy?

Posted by timothy on Wednesday August 6, 2014 @09:23AM from the oh-just-a-bunch-of-16-digit-numbers-and-names dept.

New submitter socheres (1771002) writes I keep a Slackware server hosted at various datacenters on leased hardware for personal / freelance business use. I have been doing this for the last 10 years and during this time I moved my stuff to several datacenters, some small and some big name companies. No matter the hosting company, since I choose to install my own OS and not take a pre-installed machine, I always got the hardware delivered with the previous guys' data stored on the hard drives. It was also the case with spare drives, which were not installed new if I did not ask specifically for new ones. Has this happened to you? How often?

116 comments

Min score:

Reason:

Sort:

none by Anonymous Coward · 2014-08-06 09:26 · Score: 1

Seems like the policy is none
1. Re:none by Z00L00K · 2014-08-06 17:01 · Score: 1
  
  Datacenters are all about saving money as much as possible, so the re-use of hard disks and wiping/destruction of them is non-existent.
  Essentially this means that the data center owner takes a calculated risk that no sensitive data will be misused by another customer.
  Now this knowledge is out so we can expect front-ends for black hat hackers to purchase services at random trying to poach data.
  The end result will be that the price of "cloud" services will go up rendering them possibly as expensive as hosting the services yourself.
  
  --
  If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Physical destruction by BaronM · 2014-08-06 09:32 · Score: 2, Interesting

I've been in the IT infrastructure business for years, and have always relied on physical destruction (shredding) of hard drives when disposing of old systems.
I can see where that may not be cost effective with leased systems, but I would take your experience as a warning to clean up after yourself and secure-wipe hard drives when your lease is up and not count on the datacenter to do it for you.
IANAL, but I also wonder who owns the data on a leased hard drive when the lease is up? If you improve an apartment or build a building on leased land, those improvements typically become the property of the owner when the lease is up. I wonder if that has been addressed with data in the absence of relevant contractual language?
1. Re:Physical destruction by AbRASiON · 2014-08-06 10:14 · Score: 4, Insightful
  
  It's a stupid policy, if you've been in IT infrastructure for years, you should have a basic understanding of how to wipe a hard disk properly, it's a waste of money, it's creating environmental waste in disposing of it, it's wasting resources needing to purchase another one.
  When you start talking about tens or hundreds or even thousands of disks, you're pissing away good money, because you're either too lazy or too stupid to know how to wipe a disk.
  I've seen far too much of this idiocy over the past decade or so. ( http://hardware.slashdot.org/c... ) it needs to stop. Learn how to wipe a disk, if it's not faulty, re-use the thing. That old post from 2011 is even more applicable to server drives which are not even remotely cheap pieces of hardware.
2. Re:Physical destruction by LordLimecat · 2014-08-06 10:21 · Score: 0
  
  Whether or not data can be recovered off of wiped (overwritten) disks is a subject of great speculation. The answer seems to be "theoretically, but we dont know of anyone who's done it". If you're comfortable with that, fine.
3. Re:Physical destruction by Revek · 2014-08-06 10:21 · Score: 2
  
  foolish and wasteful. You don't believe that FBI fairy tale about getting data off a drive even if its been wiped do you?
  http://how-to.wikia.com/wiki/How_to_wipe_a_hard_drive_clean_in_Linux
4. Re: Physical destruction by Anonymous Coward · 2014-08-06 10:22 · Score: 0
  
  I would use full disk encryption for personal and small business use regardless of the hardware is leased or not.
  Big companies should have multiple layers of security.
5. Re:Physical destruction by jon3k · 2014-08-06 10:24 · Score: 1
  
  Same, per policy we destroy all hard drives.
6. Re: Physical destruction by Anonymous Coward · 2014-08-06 10:40 · Score: 0
  
  We know that when presented with a large cash prize, people chose to shut up instead of collecting the money.
  Theoretically your whole drive might be the next thing /dev/random produces. It's only neat in theory.
7. Re:Physical destruction by Charliemopps · 2014-08-06 10:41 · Score: 1
  
  I've been in the IT infrastructure business for years, and have always relied on physical destruction (shredding) of hard drives when disposing of old systems.
  I can see where that may not be cost effective with leased systems, but I would take your experience as a warning to clean up after yourself and secure-wipe hard drives when your lease is up and not count on the datacenter to do it for you.
  IANAL, but I also wonder who owns the data on a leased hard drive when the lease is up? If you improve an apartment or build a building on leased land, those improvements typically become the property of the owner when the lease is up. I wonder if that has been addressed with data in the absence of relevant contractual language?
  He's talking about a datacenter. He doesn't have physical access.
  Encrypt the drive. If, for some reason, the contract goes south or they go out of business, the data's garbage even if they sell the drive at auction. Our company policy is everything is encrypted outside our network. This includes portable devices like laptops, phones, and I even saw new USB sticks yesterday that will wipe themselves after a few invalid attempts.
8. Re:Physical destruction by AbRASiON · 2014-08-06 11:44 · Score: 4, Insightful
  
  No that's what security people and people speculating will tell you.
  You do a full single pass of 0's to a disk and recover a single word document for me, a single one - I'll give you $1,000 cash.
9. Re:Physical destruction by sjames · 2014-08-06 11:45 · Score: 1
  
  I would imagine it is equivalent to clothes in the closet. If you leave them behind, the apartment owner can dispose of them as he sees fit.
10. Re: Physical destruction by Anonymous Coward · 2014-08-06 12:10 · Score: 0
  
  Nope, reusing old hardware is a foolish economy, and a policy of wipe-and-resell is too prone to human error, not to mention labor intensive. Physical destruction of end-of-life drives is almost foolproof and economical of labor. Frankly, the residual value of a 5 to 7 year old HDD is negligible.
11. Re: Physical destruction by mcrbids · 2014-08-06 12:26 · Score: 2
  
  Actually, I have a physically secured, locked box full of hard drives that I haven't bothered to wipe or destroy. Our approximate policy is to use in house for other purposes if it makes sense, or throw into the box. HDDs just 3 to 5 years old are basically worthless. For storage in volume, anything smaller than about 2 or 3 TB is ready to be replaced, just because of the savings in electricity.
  
  --
  I have no problem with your religion until you decide it's reason to deprive others of the truth.
12. Re:Physical destruction by Fencepost · 2014-08-06 12:41 · Score: 1
  
  It's not worth my time to hook up old PCs or removed drives so I can wipe someone's 40/80/120/160 GB IDE drives for reuse. A nail punch in a few places makes it not feasible for someone to try to recover potential legally protected from possible temp files saved on an old desktop system. My concern is generally that I'm not sending used drives from medical offices out to end up "recycled" to Africa where someone might actually try to recover data from them.
  
  --
  fencepost
  just a little off
13. Re:Physical destruction by AbRASiON · 2014-08-06 12:58 · Score: 2
  
  Hang on what are we talking about here, let's be clear.
  Are we talking about a server inherited from someone else at a datacentre when leasing equipment?
  Are we talking about desktop computers?
  Are we talking about some kind of big SAN device loaded with disks and no OS?
  If it's the first 2, why would the disks be unhooked / removed? Presumably they are in the computer you want to use them in. Run DBAN on them, it's not particularly expensive.......
  You shouldn't even be in the habit of physically removing disks unless there's a need to. Reasons I can think of removing a disk would be:
  1, disk is faulty
  2, upgrading to a larger / faster drive.
  Faulty disk, not under warranty? Ok Drill it, fine.
  Upgrading to a larger and or faster drive though? Do you have another server which might have use of those disks? Would they make a good spare? What about some kind of dev / uat environment which could use them? Maybe you should've kicked off the dban before pulling the disks from the server in the first place?
  If you seriously have absoloutely no use for the disks and they are 'proper' old of low value? Ok maybe drill them, maybe - but recyclers pay money for old stuff and drilling disks happens far too often because it's cool to be overly security conscious.
14. Re: Physical destruction by Anonymous Coward · 2014-08-06 13:02 · Score: 0
  
  1000$ from me as well :P
15. Re:Physical destruction by Noah+Haders · 2014-08-06 13:07 · Score: 1
  
  as the data center person, I would offer clients the opportunity for an extra $50 to have their disks destroyed when they're done with them.
16. Re: Physical destruction by Anonymous Coward · 2014-08-06 13:15 · Score: 0
  
  The disks I'm disposing of these days are predominately 144GB SAS disks (Seagate savvios) from servers that are EOL. Sure, I could sell them, but one improperly wiped disk with sensitive data would note than offset any minimal amount of money they're worth.
  With leased gear, a security wipe is all you can do, and you are quite correct that it is secure as long as it is done for every disk, every time.
17. Re:Physical destruction by Anonymous Coward · 2014-08-06 13:24 · Score: 0
  
  Save yourself and yourself some time and your company some money.
  Get yourself one of the many livecds or usbdrives out there
  dd if=/dev/zero of=/dev/sda
  Come back in an hour or two and it is done. If you feel someone might be able to recover that then
  dd if=/dev/urandom of=/dev/sda
  Done.
  Name one company that can recover a harddrive from that. They do not exist. They would be making millions. If you find one post it here. I am sure there are many people here that would love to take advantage of that service.
18. Re:Physical destruction by Osgeld · 2014-08-06 15:12 · Score: 1
  
  my only beef with that is its getting harder to find old scsi drives for retro computers, IDE fuck it nail away
19. Re:Physical destruction by LordLimecat · 2014-08-06 15:25 · Score: 1
  
  You're talking about an attack that has never been publicly demonstrated, and you think a $1000 offer is sufficient to prove its infeasibility? Cute.
  
  No that's what security people...will tell you
  By all means dont ever listen to THOSE people.
20. Re:Physical destruction by AbRASiON · 2014-08-06 15:36 · Score: 2
  
  The _VAST_ and I mean _VASTTTTTTT_ majority of security people I've encountered have, what I'd be comfortable describing as "fuck all" technical knowledge regarding hardware (and in some ways software too) - they get concepts, fundamentals and then read dipshit theorising articles on retreiving data from a hard disk by analysing the "bits between the bits"
  Don't take my word for it, go to some googling, I've read at least 1 article by an actual storage guy (I can't recall if he was actually a physical media designer or what) but he laughed off the idiotic claims as presicely that.
21. Re:Physical destruction by chuckinator · 2014-08-06 15:39 · Score: 2
  
  Agreed. The rule of thumb for the paranoid is a write of semi-random data for 3-7 passes with a final pass of zeroes. The tool has been part of GNU coreutils for a long time. Easy to do with a simple:
  shred -z /dev/sda
  Just be careful. That's worse than `rm -rf /` if you mess up.
22. Re:Physical destruction by Anonymous Coward · 2014-08-06 18:12 · Score: 1
  
  No that's what security people and people speculating will tell you.
  You do a full single pass of 0's to a disk and recover a single word document for me, a single one - I'll give you $1,000 cash.
  I work as a data recovery technician and, for the most part I agree if you zero a drive you will not get any data from it unless someone is very cunning and knows about the glist (bad sector list) and if they release that they might be able to get something but usually only a few sectors. It makes me cry when I see people drilling or smashing hard drives... total waste.
23. Re:Physical destruction by Anonymous Coward · 2014-08-06 19:31 · Score: 0
  
  I charge a lot more than that for that kind of recovery, and the people who want it are quite willing to pay.
  Single pass is not even close to good enough for anything sensitive, and if it's not sensitive, just blow away the partitions and leave it.
24. Re:Physical destruction by Fencepost · 2014-08-06 19:43 · Score: 1
  
  Well, my customers have traditionally used servers until they're mostly beyond being repurposed, and the same with desktop PCs. The only ones with anything in datacenters are ones using hosted solutions, and we and they don't have any access to the vendor's setups. That said, for retired SATA drives they'll likely get scrubbed and shelved as possible future spares - an old enterprise 250GB SATA drive will work just fine for reimaging a local PC.
  
  For desktop machines, we don't image or wipe them before replacement, and we let them sit in a storeroom for a couple weeks just in case we need to retrieve something, but after that we're not hooking them back up just to wipe, we just yank the drive and send the machine out for recycling. This year they've tended to be old Pentium 4 boxes that were running XP acting as remote desktop terminals. It's very unlikely that there's anybody's medical data on any of the drives, but it's not a chance that we want to take and physical destruction of the drive is the quickest and therefore cheapest way to do it that I'll trust.
  
  One special situation here is that I'm part of a small enough group that we don't really have low-paid PFYs or interns to do this - if I had someone available being paid $10-15/hour for basic technical tasks it might change things, but right now any time spent wiping drives on obsolete PCs for donation could be much better spent on billable tasks.
  
  --
  fencepost
  just a little off
25. Re:Physical destruction by Anonymous Coward · 2014-08-06 19:51 · Score: 0
  
  It's not about being technically competent to securely wipe a disk. It's about being able to wipe a disk in a way that a non-technical observer can verify. Joe from Legal needs to *know* that those medical records are destroyed, and holding the trashed remains of the disk will do that. The hardware cost is trivial.
26. Re: Physical destruction by darkonc · 2014-08-06 22:11 · Score: 1
  
  physical destruction is only 'foolproof' if you're the fool doing it... Otherwise you're depending on the protocols of the people doing the destruction for you.
  If you've got a number of drives to go through, wiping drives is a pretty simple process. Get a USB drive enclosure (or 5)... then plug in a drive, turn it on. Run the wipe and wait for the drive to finish wiping. switch off, switch drives and repeat. physical destruction is only called for if the writes fail.
  Going beyond wiping a drive is only necessary if someone like the NSA is interested in your data.
  
  --
  Sometimes boldness is in fashion. Sometimes only the brave will be bold.
27. Re:Physical destruction by goarilla · 2014-08-06 23:06 · Score: 1
  
  And takes a very long time /dev/{u}random does not have a lot of bandwith. In my opinion a single dd if=/dev/zero suffices for drives going out of the company.
  But for a reinstallation of a system in the company I just format and reinstall again because a zero pass takes a long time as well.
28. Re:Physical destruction by sribe · 2014-08-07 00:40 · Score: 1
  
  Whether or not data can be recovered off of wiped (overwritten) disks is a subject of great speculation.
  No ,it's not. It's the subject of idle wild speculation by people who have no clue what the hell they're talking about.
29. Re:Physical destruction by pnutjam · 2014-08-07 00:47 · Score: 1
  
  Drilling or destroying is great for physically failing equipment that can't be wiped.
  
  --
  Cheap storage VM.
30. Re:Physical destruction by Anonymous Coward · 2014-08-07 01:02 · Score: 0
  
  We drill holes in old drives before we recycle them. It's really not worth the effort for us to try to do something with an old 500GB drive which is likely to fail soon. We know how to wipe, but once you've wiped them what do you do with a bunch of old SAS drives? Drill them, take them to the recycling center. If someone's feelingt like it, they'll pop it open for the magnets.
31. Re:Physical destruction by nerdbert · 2014-08-07 01:33 · Score: 2
  
  I do disk drives, and have for the last 20 years or so.
  Practically speaking, unless you have a government actor or someone with extremely deep pockets coming after you, just wiping a drive once is enough for privacy.
  Not practically speaking, and assuming you're worried about a government-grade attack on your drive, a single write of a constant value or a psuedorandom pattern that I can predict isn't enough to completely erase the data. Heads are always slightly misaligned from the servo track, so there's always some leakage at the edges that usually survives a wipe, although it's usually -20 dB or so down from the main signal and requires some finesse to get to. It's this misaligned head that's the most practical attack on erasures. Then you can go to more exotic things (transition modulation, etc) that are less likely to work.
  There's also a problem with abandoned sectors in your drive leaking data. What we do in modern drives is that we have multiple tracks that we use for backup data. When a sector starts to go bad and we have to do multiple retries to read the data (including some very, very weird read modes), we'll take the data and move it to a backup track, then mark the original sectors bad, while mapping the new sectors into the file system so that everything is transparent to the user. You'll never see this, it's all done behind the scenes in ways you can't detect. So the old sensitive data is still there, but hard to read, and nothing you do as a user can ever get to it.
  But all these weird modes are HARD to get to, and the data recovery is often pretty manual and extremely expensive so unless you're Edward Snowden it's not worth the time of the NSA or DoD to come after you.
  So my view is pretty simple: single pass erasure for normal business users or personal use, although I tend to do erasure and a reformat to a completely different filesystem type (e.g. to ntfs from ext4) if I'm giving an old drive to a friend/relative. Usually I take my old drives to the shooting range for destruction just because it's a lot more fun. If the data is really, really private where not one bit can afford to be found, then shred it. It's not like disks are super expensive.
32. Re:Physical destruction by LordLimecat · 2014-08-07 02:24 · Score: 1
  
  This discussion gets kicked around a lot, and it astonishes me how much assumptions are kicked around in a security-focused discussion.
  Superuser has a good write up on this.
  Heres the TL;DR:
  * It has been shown to be theoretically possible under the right conditions to recover data from "shadow bits"-- detectable differences in over all magnetic moment from a bit on the disk. This was demonstrated in 1995 by Peter Gutman.
  * It is widely believed that modern disk technologies and densities make such methods much more difficult. However, Heise Security demonstrated that it is still a theoretical possibility, at least for single bytes, though very difficult.
  * There are sector remapping technologies which throw all of this out the window. Blindly following the "multi-overwrite" mantra is also ineffective on non-magnetic media.
  * For reasons unknown, DoD, NSA, and NIST, as well as the UK's ICO all require varying degrees of overwrite and / or destruction. The NSA / DoD specifically indicate that overwrites are OK only when the disks will be repurposed in the same security area. I'll leave it to you to determine if you know more than they do.
  Security is highly based upon theory. That is, we trust encryption schemes like AES because there is a strong degree of confidence that it will remain very difficult to crack for many years to come. When "theoretical" holes are discovered, they are treated very seriously because the entire point of such security is to defeat a determined, well funded attacker. Security schemes which do not defeat determined attackers are little better than "do not burgle" signs on your door.
  With that in mind, it is incredible that people would suggest things like drilling a hole through a drive when it is clear that that would not prevent a determined attacker from recovering data Worst case, fill the hole with epoxy and sacrifice that quarter of the platter, you can still recover ~75% of the data. Appeals to the difficulty or expense of the recovery are not statements on security, and when a degausser can guarantee security in roughly the time it would take to drill press the drive, its astonishing that people would even suggest it.
  Some of the suggestions here are akin to recommending turning off WiFi beacons or using MAC security on your AP. They sound cool, they have the appearance of working, but they are in reality snake oil; a determined attacker will simply ignore them.
33. Re:Physical destruction by david_thornley · 2014-08-07 09:10 · Score: 1
  
  I've been told that modern disks store one bit per magnetic domain, meaning that one overwrite should be enough. Obviously, this doesn't apply to non-magnetic media.
  The NSA and DoD may well have policies that go well beyond what is necessary. It's really not much more hassle to do multiple overwrites than just one, and disks are cheap enough that they can be considered disposable. If you're really worried about security, spending a hundred dollars to replace a drive may be preferable to worrying about whether somebody, sometime, might be able to read it
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
34. Re: Physical destruction by toddestan · 2014-08-07 14:34 · Score: 2
  
  Well, you could donate the drives to the various charities that refurbish computers. They're always short on drives because they get so many computers donated to them that have had the drive pulled. They'd be really appreciative if someone showed up with a box full of drives. Size doesn't even matter so much as they are at least 80 GB or so.
35. Re:Physical destruction by toddestan · 2014-08-07 14:47 · Score: 1
  
  As long as the computer is functional it would seem that the quickest and easiest way would be wipe the drive. Hook up the computer quick, throw in the DBAN cd, let it crunch for a while, then you can throw the whole box into the recycle pile. With physical destruction you've got to have someone take the computer apart and remove the drive, then actually punch the holes in it (or whatever). Granted, getting the drive out can be easy with some cases, but others it can be a huge pain in the ass. Then you also have the problem that once the drive is separated from the rest of the computer it's a lot easier for it wander off too...
36. Re:Physical destruction by Anonymous Coward · 2014-08-08 16:57 · Score: 0
  
  That's because you're a fucking parasite
Breach by Anonymous Coward · 2014-08-06 09:32 · Score: 0

Thats actually a breach of Security between the Data Center Provider and the previous company... Especially if you can access files on those "new" hard drive.
I would submit a security complaint to the Data Center Provider, and if you can figure out the company, to the company's Infosec people as well. That shouldn't happen at all.
In the company I work, we use a DOD standard Wipe disk, and if anything needs to be decomissioned, we hire a company that will give us a certificate of destruction.
1. Re:Breach by Anonymous Coward · 2014-08-06 10:14 · Score: 1
  
  I have seen this so often, this is something I consider is assumed.
  First thing I do with any new machine is zero it out. SSDs... easy:
  blkdiscard /dev/sdx; dd if=/dev/zero of=/dev/sdx bs=1024 count=1024; blkdiscard /dev/sdx
  The reason I do a quick dd of the first part is to completely zero out the partition table. Some SSDs might have zapped all data, but it can't hurt to be safe and know that the partition table is ready to be initalized by a subsequent OS install.
  HDDs, I use /dev/zero, /dev/urandom, then /dev/zero again, alternating this a couple times. This is less for destroying data than to ensure that no drive errors come up.
  The main reason I erase a disk thoroughly before bringing it online, other than to check for disk errors, is so I don't have to deal with the previous owner's data and possible legal entanglements that may cause. Look how many years in prison a guy in Texas got because of Google's findings. It is easier to just zero out all incoming media to ensure that any data sitting on the drives is mine, and mine alone.
  Of course, the real question of zeroing out drives is when the server is being decommissioned. This is why I try to encrypt all partitions. With BitLocker, the Windows format command is smart enough to thoroughly zero out the metadata and the areas on the volume that hold the master key, making recovery pretty much impossible. So, a simple format command, and the machine is decommissioned. However, I much prefer to overwrite the drives completely (most server RAID controllers have this functionality, or if they don't, just delete the existing drive volume, and make a RAID 2 volume on pairs, let it complete, then delete the volume and go back to a RAID 5, which will end up overwriting all drives with unrecoverable garbage.)
  Of course, booting up a DBAN CD will also do the trick.
  Of course, the best way is to pull all drives and physically destroy them, but that usually isn't doable in a lot of cases, so having a volume encryption layer does help.
2. Re:Breach by jones_supa · 2014-08-06 10:28 · Score: 4, Informative
  
  Issuing the ATA Secure Erase command is the most professional way. The drive itself knows the most efficient way to nuke all data from the orbit. Especially useful for SSDs as it might also zero hidden wear leveled data and set all sectors into a TRIMmed state.
3. Re:Breach by Anonymous Coward · 2014-08-06 10:34 · Score: 0
  
  I have seen this so often, this is something I consider is assumed.
  First thing I do with any new machine is zero it out. SSDs... easy:
  blkdiscard /dev/sdx; dd if=/dev/zero of=/dev/sdx bs=1024 count=1024; blkdiscard /dev/sdx
  try sg_sanitize --block/--crypto instead of dd.
4. Re:Breach by Anonymous Coward · 2014-08-06 10:43 · Score: 0
  
  Dang, out of mod points.
5. Re:Breach by Anonymous Coward · 2014-08-06 13:30 · Score: 0
  
  so, this brings us to the question of how much we trust the drive vendor
  to have properly implemented this with no back door, and to have tested
  this feature properly.
6. Re:Breach by Anonymous Coward · 2014-08-06 20:03 · Score: 0
  
  Issuing the ATA Secure Erase command is the most professional way.
  How confident are you that such an infrequently-used command will be properly implemented in the firmware (rather than, say "/* implement this later, if there's time */")? HDD manufacturers make the basic read/write functionality work because every customer would raise hell if they didn't. But what incentive do they have to make sure that Secure Erase works as it should?
7. Re:Breach by jones_supa · 2014-08-06 20:35 · Score: 1
  
  Based on my empirical experience, I am fully confident that it is properly implemented in the firmware.
8. Re:Breach by Marillion · 2014-08-07 11:03 · Score: 1
  
  This technique works for data drives not boot drives: 100% full disk encryption. When you decommission the drive, decommission the encryption key. This technique also works with wear leveling SSD drives that might not always properly erase if you attempt to wipe the data.
  
  --
  This is a boring sig
IRS by Anonymous Coward · 2014-08-06 09:33 · Score: 0

Contract with them. They destroy everything.
1. Re:IRS by bobbied · 2014-08-06 10:03 · Score: 1
  
  Contract with them. They destroy everything.
  Oh no they don't destroy everything. They have tax records going back for a decade or more from both what you, your employer, and financial institutions reported and trust me they can pull these records out of the hat when it suits their purpose. (Such as when they decide to audit you.)
  
  --
  "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
2. Re:IRS by kelemvor4 · 2014-08-06 10:39 · Score: 1
  
  Contract with them. They destroy everything.
  Oh no they don't destroy everything. They have tax records going back for a decade or more from both what you, your employer, and financial institutions reported and trust me they can pull these records out of the hat when it suits their purpose. (Such as when they decide to audit you.)
  http://politics.slashdot.org/s...
3. Re:IRS by someSnarkyBastard · 2014-08-06 11:30 · Score: 1
  
  ...when it suits their purpose.
  
  Note the fine distinction made there.
4. Re:IRS by BVis · 2014-08-07 01:18 · Score: 1
  
  Take some personal responsibility. Pay your taxes like everyone else and that won't happen.
  
  --
  Never underestimate the power of stupid people in large groups.
Never happened to me because... by Jiggy · 2014-08-06 09:34 · Score: 1

...financial services degauss then physically shred the drives. You get a nice certificate too. It's extreme but cheaper than a data leak.
1. Re:Never happened to me because... by bobbied · 2014-08-06 10:12 · Score: 1
  
  So much for taking decommissioned drives home and putting them into the NAS to store my video archives....
  (No, I'm not serious about taking stuff home from work... Never a good idea, even out of the trash can...)
  
  --
  "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
2. Re:Never happened to me because... by Anonymous Coward · 2014-08-06 10:59 · Score: 0
  
  So much for taking decommissioned drives home and putting them into the NAS to store my video archives....
  (No, I'm not serious about taking stuff home from work... Never a good idea, even out of the trash can...)
  I agree, you want the new ones from the manufacturer's carton. Take those home. Leave the trash.
My policy by multimediavt · 2014-08-06 09:36 · Score: 0

Drill press. 'nuf said.
1. Re:My policy by the+eric+conspiracy · 2014-08-06 09:41 · Score: 1
  
  Thermite.
2. Re:My policy by Anonymous Coward · 2014-08-06 09:45 · Score: 0
  
  Plasma Cutter.
3. Re:My policy by bobbied · 2014-08-06 10:15 · Score: 1
  
  Drill press. 'nuf said.
  I was thinking that taking it apart followed by sanding off the oxide layer from the platters would be good enough, but if you have a drill press, to each their own.
  
  --
  "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
4. Re:My policy by LordLimecat · 2014-08-06 10:22 · Score: 1
  
  A drill press, while flashy, is simultaneously less secure, convenient, and available than a wipe, all while being more expensive.
5. Re:My policy by Anonymous Coward · 2014-08-06 10:35 · Score: 0
  
  Take off and nuke the entire site from orbit. It's the only way to be sure.
6. Re:My policy by gnu-sucks · 2014-08-06 10:53 · Score: 1
  
  Explain please how a drill press is not secure.
  Let's see...
  1) flashy: not really
  2) secure: definitely, no hard disk has ever been physically reconstructed that had holes in the platters. Short of a scanning electron microscope, you're not reconstructing that data
  3) available: go to home depot
  4) price: yes, more expensive than running dd if=/dev/random of=/dev/olddisk, but cheaper than an industrial-grade shredder and of course cheaper than any commercial "enterprise" data removing software. I think drill presses can be had for around $200.
7. Re:My policy by i.r.id10t · 2014-08-06 12:09 · Score: 1
  
  And, not nearly as fun as a FN-FAL or similar with milsurp ammo.
  
  --
  Don't blame me, I voted for Kodos
8. Re:My policy by Anonymous Coward · 2014-08-06 15:03 · Score: 0
  
  A drill press, while flashy, is simultaneously less secure, convenient, and available than a wipe, all while being more expensive.
  Huh? how is a 5 second punch less convenient than a wipe, especially considering that half of the drives in the box are dead or flaky.
  Getting a box of scsi drives mounted in IBM carriers maybe-good maybe-bad hot swapped by the server team for wiping is a nightmare. Oh, and some aren't scsi.
9. Re:My policy by Osgeld · 2014-08-06 15:14 · Score: 1
  
  Belt Sander
  hold it long enough you dont even have to take it apart lol
10. Re:My policy by LordLimecat · 2014-08-06 15:39 · Score: 2
  
  secure: definitely, no hard disk has ever been physically reconstructed that had holes in the platters
  Not correct, and its not even a little difficult. A contiguous multi-inch stripe of a modern HD platter contains gigs of data. The only challenge is going to be fragmentation, but with a single hole the file table is probably intact.
  You're basically relying on the high cost and inconvenience-- the hole through the disk renders the existing casing + chipset inoperable, but does nothing to affect 99% of the actual data on the disk. An attacker with the right sort of enclosure could simply read the data right off of the platters, very little reconstruction necessary.
  And while you you would be right to take any such self-interested claims with a grain of salt, its worth noting that several recovery companies (Kroll, Centrex) indicate that such recoveries are possible, and that a number of national regulations in both the US and the UK mandate very particular forms of physical destruction, notably where the entire surface of the drive is affected (shredding, grinding, degaussing).
  But hey-- if you want to argue with the DoD, NIST, Kroll, and the UK Information Commissioner's Office, all so that you can use a messy and non-compliant form of destruction-- go for it. Have fun explaining to federal regulators why you felt it was best to ignore both the experts and federal law regarding private information.
11. Re:My policy by LordLimecat · 2014-08-06 15:41 · Score: 2
  
  Because it cant be automated, it creates a huge mess, cant be done in office space (unless you like cleaning up fine bits of aluminum, epoxy, and steel), and requires a decent drill.
12. Re:My policy by Z00L00K · 2014-08-06 17:07 · Score: 1
  
  When in doubt - C4
  -- Jamie Hyneman
  
  --
  If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
SDD Policy by multimediavt · 2014-08-06 09:38 · Score: 0

Pulverisation, preferrably by hammer on concrete slab, in absence of a suitable anvil; maybe Acme brand.
refurb drives by Anonymous Coward · 2014-08-06 09:38 · Score: 0

I've worked for companies that sell Refurb drives. No effort is taken to clear drives, just a spin up test... I bought them a drive eraser and told them it would also let them know if the drive was bad, which should cut down on warranties. I'm not sure if they ever used it since they are a different department. In our Department drives were wiped using Boot and Nuke, then bad disks and small disks were physically destroyed then sold for scrap metal, good disks were reused but never left the site or used for other customers.
1. Re:refurb drives by davidwr · 2014-08-06 10:19 · Score: 1
  
  I've worked for companies that sell Refurb drives.
  Oh how I wish you could tell us who you used to work for. Unfortunately, as soon as you do, /. is going to get a subpeona for your IP address, and your ISP will get a supeona for your personal information, and... well, it could get ugly.
  
  --
  Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Before leaving the server by mrspoonsi · 2014-08-06 09:38 · Score: 1

Get an OS re-image then simply fill the hdds with random data. This works well on HDDs, but SSDs with their 10 or 20% wear space, perhaps not, they need pulling and disposing.
1. Re:Before leaving the server by Anonymous Coward · 2014-08-06 09:51 · Score: 0
  
  SSDs do not expose logically overwritten data to anyone without firmware or hardware level access. What you write to a logical block is what anyone else is going to see when they read that block, even if the data is actually still technically stored in flash memory somewhere. The standard interface level view of the SSD is the same as for HDDs: Overwritten data is gone.
2. Re:Before leaving the server by Anonymous Coward · 2014-08-06 09:57 · Score: 1
  
  SSDs do not expose logically overwritten data to anyone without firmware or hardware level access.
  SSDs may expose logically overwritten data to anyone with firmware or hardware level access.
  There, fixed that for you.
3. Re:Before leaving the server by Culture20 · 2014-08-06 10:04 · Score: 1
  
  An OS reimage with 'doze and use sdelete.exe from Sysinternals Suite. http://technet.microsoft.com/e...
  Or 'nix, dd a huge file and shred it (remember to restrict the passes with -n since the default is "a lot")
  Neither is perfect, but better than delivering your data to the next schmoe on a platter (pun intended).
  If you can request the specific OS image, send them a copy of a memory-resident linux installation configured to auto-wipe the HDDs with shred.
4. Re:Before leaving the server by silas_moeckel · 2014-08-06 10:08 · Score: 1
  
  You can skip the overwrite on a SSD just trim the whole thing reads will be all zero's as it's an unassigned block. If you need to protect the data that much you destroy the drive.
  
  --
  No sir I dont like it.
5. Re:Before leaving the server by Anonymous Coward · 2014-08-06 10:13 · Score: 0
  
  dd'ing the huge file is sufficient. There's no need to shred it. Just dd if=/dev/zero of=bigfile; rm bigfile. If you're paranoid, use /dev/urandom instead of /dev/zero, but that's really unnecessary. You can't recover data that's been overwritten.
6. Re:Before leaving the server by Anonymous Coward · 2014-08-06 10:28 · Score: 0
  
  Why do it to a file and not to the block device itself?
  dd if=/dev/zero of=/dev/sda
  (I can never remember the argument for setting the block size.)
7. Re:Before leaving the server by Culture20 · 2014-08-06 10:54 · Score: 1
  
  Why do it to a file and not to the block device itself?
  dd if=/dev/zero of=/dev/sda
  
  (I can never remember the argument for setting the block size.)
  the block size setting is a lot of bs. (bs=)
  You can't be guaranteed to escape a kernel panic or general screwiness when the system tries to use swap space or access a file. That's why I suggested a "run from RAM" distro.
  Also dd dead stops if it hits a bad block. You're better off using shred or ddrescue to overwrite stuff when going directly to device.
  You can target other partitions like say, /home , /data , /var , etc. if you've actually partitioned them separately. You can also turn swap off and target it. But like I said, you're best off nuking from RAM.
8. Re:Before leaving the server by mysidia · 2014-08-06 12:35 · Score: 1
  
  SSDs may expose logically overwritten data to anyone with firmware or hardware level access.
  Not if it's an encrypted SSD and you replace the crypto keys with new ones.
9. Re:Before leaving the server by Anonymous Coward · 2014-08-06 18:56 · Score: 0
  
  Irrelevant. Anyone with that kind of access could have your data already and doesn't need to wait until you decide that you don't need that disk anymore.
Use a drive eraser, then physically destroy by HunterZero · 2014-08-06 09:42 · Score: 1

For security purposes, I use a WiebeTech drive eraser to scrub the drive (DoD Sanitize standard), then send them to a physical destruction service.
Paranoid? Yes. Expensive? Yes. Worth it to my employers? Yes.

--
"They told me it was impossible. I replied with maniacal laughter." http://www.mydailyrant.com/
1. Re:Use a drive eraser, then physically destroy by LordLimecat · 2014-08-06 10:23 · Score: 1
  
  You'd be better off degaussing, if youre gonna shred it anyways. Doing 7 overwrites is gonna take longer than just tossing the drive in a degausser and being done with it.
Here is the corporate policy by thieh · 2014-08-06 09:46 · Score: 1

What I have learned from the news is that the policy has always been "If there has been nothing in the news, don't bother." It costs electricity and labour cost to do it. The previous story on /.
Art! by CanHasDIY · 2014-08-06 09:46 · Score: 1

https://www.google.com/search?...

--
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Depends on the DC by silas_moeckel · 2014-08-06 10:05 · Score: 1

I would never expect new drives on a leased box as it's a leased box. Nor would I expect them to sanitize my data before handing it to a new customer. I work with a lot of hosting companies and it's not very uniform. One dirt cheap place runs everything through dban before handing it back others not so much. If you need to insure this happens expect to pay for it.

--
No sir I dont like it.
Pick another hosting service by Anonymous Coward · 2014-08-06 10:16 · Score: 0

A good hosting service will either tell you up-front they don't wipe data when they reclaim the drive and that you shouldn't store anything on it you wouldn't want splattered across the front page of Google News (or Slashdot, or ...), OR they will tell you what their policy is.
For setups where you are leasing a dedicated drive, they should offer you the option of buying a brand new drive outright and pre-paying for either certified destruction or returning of the drive to you when it is no longer in service. For certain applications with legal or national-security implications if the data is recovered after you quit being a customer, this may be the only way to go.
For virtual systems, your "virtual machine's" data store should be encrypted using keys controlled by the data center. When you are no longer a customer, the file is deleted and the encryption keys destroyed. Ditto cases where you are the only user of the drive but you haven't bought it outright - destroy the keys and the drive is for all practical purposes sanitized.
For shared-login systems and "virtual hosting" that is not a true VM (e.g. jail-rooted "virtual machines"), "your" data should be encrypted somehow using keys controlled by the data center owner. When you are no longer a customer, your files are deleted and the keys destroyed. The loopback device is one way to accomplish this task.
This method has the added advantage that once the keys are truly destroyed (including all backup copies) any backups the data center may have made are rendered useless. It can also save the data center time in that they don't have to overwrite your data, they can just delete the "container file" and be done with it.
About the only time I can see where it doesn't make sense to erase the data would be if it's a free or nearly-free/dirt-cheap hosting provider where they tell you up front that the drive will not be sanitized and that a future customer may be able to "undelete" your data. This falls under the category of "you get what you pay for, but the vender still has an ethical obligation to tell you what you are getting."
Old Tech by Teun · 2014-08-06 10:16 · Score: 1

Some things require Old Tech.

--
"The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
most datacenters will do what they are paid for. by NemoinSpace · 2014-08-06 10:24 · Score: 1

Or what they are contracted to do. There is no use arguing with somebody who insists you spend 2 hours+ doing a D.O.D. wipe on a out of warranty drive if they are willing to pay you. Otherwise, 15s through a degausser will do the trick.
Something tells me you didn't make a copy of the last guy's data before you wiped it and installed your stuff. I'm betting no calls to the NSA,or even the local police were made. Nobody cares about this stuff except the people that need to. Finally, there is no machine in a datacenter that has both important data and Slackware on it. Hope you remove your own data before the next lease runs out, because nobody is going to do it for you.
Google by Anonymous Coward · 2014-08-06 10:26 · Score: 0

If I remember correctly, Google has a barcode on every HD to track its life. When a drive is to be decommissioned for whatever reason, they secure wipe it, degauss it, then put it through a shredder that mixes the left over of many drives together.
1. Re:Google by magarity · 2014-08-06 10:41 · Score: 1
  
  Someone was pulling your leg unless you mean their internal bookkeeping and H.R. records or internal research projects. But for the typical drive in a Google search engine node, well, all of its data is available to the entire public via Google's own web page. which is kinda the point. There's no need to shred those drives
2. Re:Google by danlip · 2014-08-06 11:09 · Score: 1
  
  The search-engine drive may contain stuff they'd rather not be public (for reasons of competition), like the software that manages all that data and the data structures it is stored in. Then there is Google Mail, which contains private emails and contacts. And I'm sure other examples.
3. Re:Google by dave420 · 2014-08-06 22:49 · Score: 1
  
  There is a lot more on those drives than simply one big folder called "Internets". It will most likely have keys, configurations, software, information about network structure, logs, and anything else you might be able to think of. It's rather weird to assume they don't have anything on there.
Encrypt your LUNs by Anonymous Coward · 2014-08-06 10:27 · Score: 0

No idea why this hasn't been mentioned yet, but if you don't have physical ownership / access of the media, you should be encrypting the LUNs (crypto-luks). Why are you trusting that the cloud-provider is going to wipe the drives when you are done with them (obviously you shouldn't be).
If you have physical ownership or the disks themselves (in your own DataCenter), then you should have policies in place to deal with the drives already.
Policy Varies by Anonymous Coward · 2014-08-06 10:40 · Score: 0

I work for a hosting company and we wipe all drives using DBAN when a server is canceled. Volumes for our cloud based VMs also go through a similar process when the server is destroyed. There isn't a universal policy regarding this in the hosting industry so your best option would be to ask your provider what they do with canceled/failed hardware.
1. Re:Policy Varies by mysidia · 2014-08-06 12:42 · Score: 1
  
  I work for a hosting company and we wipe all drives using DBAN when a server is canceled.
  That's one approach.... another is simply delete and re-create the hardware RAID10 (or RAID5), re-initialize, and install the new tenant's operating system. The data has not been explicitly wiped, but the new leassee is not going to get anything meaningful out of it without physical access and a lot of trouble, anyways.
Thre is really only one solution by WillAffleckUW · 2014-08-06 10:40 · Score: 1

If it's ceramic, wipe them three times with 1s and 0s and then smash them to bits with a large hammer, and then cast the resulting powder into a nice art sculpture.
If it's metal, do the same but melt it.
Have to agree - anything that went on the cloud should be assumed to have been copied.

--
-- Tigger warning: This post may contain tiggers! --
Easy, just send them to the IRS by Anonymous Coward · 2014-08-06 11:24 · Score: 0

Forget about seven pass wipes or sledgehammers. We just mail our old drives off to the Incriminating Record Shredders, where they are never heard from again.
Legal side of leased equipment by Karem+Lore · 2014-08-06 11:47 · Score: 1

One of the early comments alluded to this, but didn't quite take it far enough.
If userA leases a drive and fills it with illegal content (child pornography, Snowdon's files, whatever) and then leaves and the hosting company the re-leases the drive to userB without clearing out the drive properly, who gets arrested? Who should get arrested?
userA is long gone. Could potentially be tracked down. Need to prove they put the files there and not userB or hosting company.
userB has access (but potentially not ownership) of said files. This is still arrest-able offence.
Hosting company has ownership of files (possibly) in a leased environment??? If this is the case, should the hosting company be responsible not only for clearing the files from userA before putting userB in jeopardy from the law but also responsible for monitoring their drives for illegal activity and content.
Now we are on a slippery slope...

--
When all is said and done, nothing changes...
1. Re:Legal side of leased equipment by mysidia · 2014-08-06 12:56 · Score: 1
  
  If userA leases a drive and fills it with illegal content (child pornography, Snowdon's files, whatever) and then leaves and the hosting company the re-leases the drive to userB without clearing out the drive properly, who gets arrested? Who should get arrested?
  Possession of the hard drive containing illegal content is not a strict liability crime, meaning those accused of the crime have to be charged under due process.
  As long as userB is not aware of the content placed by userA and does not become aware of the inaccessible content placed by user A, then userA is the only party who has met both conditions, mens rea and actus rea, required for criminal liability.
  Therefore, it is userA who could and should be arrested.
  Neither userB nor the lease provider has any criminal liability, unless they became aware of the illegal material and committed a guilty act, such as illegally retaining the material and failing to report the matter.
2. Re:Legal side of leased equipment by Anonymous Coward · 2014-08-08 17:06 · Score: 0
  
  Good luck with that argument, because you're gonna need it.
  There's a reason that "possession is 9/10s of the law" exists as a sayinng, and being in possession of that material tends to be damning, especially in this era of law enforcement investigators who are more concerned with clearing cases and boosting numbers than they are with finding the truth.
  Holding on to romantic ideals is nice and all, but the real world simply doesn't work the way you want it to.
Well, yes... by Anonymous Coward · 2014-08-06 12:32 · Score: 0

Has this happened to you? How often?
Yes. At least once a year. And every time it happens I post a new torrent with the offending hard disk's contents.
1. Re:Well, yes... by Anonymous Coward · 2014-08-08 17:13 · Score: 0
  
  Links or it didn't happen.
  No links? Yeah, thats what I figured...
Re:most datacenters will do what they are paid for by mysidia · 2014-08-06 12:39 · Score: 1

Something tells me you didn't make a copy of the last guy's data before you wiped it and installed your stuff. I'm betting no calls to the NSA,or even the local police were made
These days he might care.... never know when one might find a Bitcoin wallet carelessly left lying around complete with private keys.
If he didn't at least take a deep look at the data to see if there was anything there that he could "use", then it's because he's an honest person, perhaps. Not everyone is like that.
Cheap drill press... by guevera · 2014-08-06 13:21 · Score: 2

I got a cheap drill press from Harbor Freight for $56 on sale.
My policy by Hamsterdan · 2014-08-06 13:57 · Score: 1

Dismantle, keep the magnets (the flat ones are really fun to play with, lots of projects) , and recycle the drive and platters (50 cents/pound), there's even a copper coil in there at 3$/pound
Not much, but once dismantled, data is gonna be pretty hard to recover.
If you really want it gone, Thermite...

--
I've got better things to do tonight than die.
Destruction is not waste and here is why. by Anonymous Coward · 2014-08-06 15:32 · Score: 0

Build the cost of destruction into the contract with the customer. Drives don't last forever so there is zero reason to try to save even thousands of them.
Ten thousand hard disks would easily fit into one, that's ONE, scrap rolloff container. Millions of cars are shredded every year for recycling so do not be impressed
by relatively tiny hard disks.
Shredding protects all concerned. Were it my tasking I'd give each removed hard disk a shot with a hand sledge on a workbench so it couldn't be recovered without
major expense (in practical reality, not at all), store them under lock and key, then bulk shred the lot.
Hard drives used to be expensive. Those days are over and the attitude that hardware is valuable needs to end. Information security is valuable, but hardware is scrap for the smelter.
So criminals should always buy used hard drives by Anonymous Coward · 2014-08-06 17:38 · Score: 0

Then they can say any illegal files on there were the previous owner's.
1. Re:So criminals should always buy used hard drives by darkonc · 2014-08-06 22:29 · Score: 1
  
  They can only say that about data that was clearly deleted.
  If I was a criminal, I'd buy used drives in bulk, and see if there was any data on them worth using (or ransom). Using a drive in a way that allowed plausible deniability would take some effort and technical knowledge ... Not the kine of thing that most thieves depend on.
  
  --
  Sometimes boldness is in fashion. Sometimes only the brave will be bold.
Work in a datacenter.... by Anonymous Coward · 2014-08-06 18:06 · Score: 0

I work in a datacenter and we wipe drives on a regular basis using the "secure wipe" feature built into modern drives to securely wipe previous customer data from the drives prior to reusing them, of course as long as the disks are not defective. Unless specifically requested to do a "DoD" wipe, this is how we wipe the drives as a standard.
Wipe by Anonymous Coward · 2014-08-07 00:40 · Score: 0

Some of that involves infrastructure and time. How long does it take to wipe one drive? It is measured in hours and possibly days depending upon capacity and speed (assuming a one time overwrite). A person does not need to sit there and watch it, but that person will need to have a place to store the obsolete computer while it is wiping. It also means that you will need some time to have the technician actually start the wipe. You will need to do something if the wipe failed for some reason (even if that something is declare close enough). You will also need to account for this in logistics. That is, it takes an extra day to dispose of a workstation or an extra week for a server (or whatever the time is). Furthermore, a used hard drive does not have the same level of reliability as a new one. So now you have an extra risk that must be accounted for in terms of cost.
If it's not written policy, it isn't done by kriston · 2014-08-07 08:04 · Score: 1

The rule of thumb here is:
If the process you are expecting is not written into your agreement or documented as a matter of company policy, then the process is not done.
Likely you're not using a data center certified under HIPAA, PCI, SOX, SSAE/SAS-70, otherwise it would be documented and you'd already know.

--
Kriston
Destruction by tengu1sd · 2014-08-07 14:04 · Score: 1

Encryption or physical destruction. Failed media replaced under vendor's field service is destroyed. Most vendors will add a surcharge to their service agreements that allow failed media to remain on site for destruction rather be be RMA'd. If not, well then bill me.