Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Datacenter HDD Wipe Policy?

Posted by timothy on from the oh-just-a-bunch-of-16-digit-numbers-and-names dept.

New submitter socheres (1771002) writes I keep a Slackware server hosted at various datacenters on leased hardware for personal / freelance business use. I have been doing this for the last 10 years and during this time I moved my stuff to several datacenters, some small and some big name companies. No matter the hosting company, since I choose to install my own OS and not take a pre-installed machine, I always got the hardware delivered with the previous guys' data stored on the hard drives. It was also the case with spare drives, which were not installed new if I did not ask specifically for new ones. Has this happened to you? How often?

14 of 116 comments (clear)

  1. Physical destruction by BaronM · · Score: 2, Interesting

    I've been in the IT infrastructure business for years, and have always relied on physical destruction (shredding) of hard drives when disposing of old systems.

    I can see where that may not be cost effective with leased systems, but I would take your experience as a warning to clean up after yourself and secure-wipe hard drives when your lease is up and not count on the datacenter to do it for you.

    IANAL, but I also wonder who owns the data on a leased hard drive when the lease is up? If you improve an apartment or build a building on leased land, those improvements typically become the property of the owner when the lease is up. I wonder if that has been addressed with data in the absence of relevant contractual language?

    1. Re:Physical destruction by AbRASiON · · Score: 4, Insightful

      It's a stupid policy, if you've been in IT infrastructure for years, you should have a basic understanding of how to wipe a hard disk properly, it's a waste of money, it's creating environmental waste in disposing of it, it's wasting resources needing to purchase another one.

      When you start talking about tens or hundreds or even thousands of disks, you're pissing away good money, because you're either too lazy or too stupid to know how to wipe a disk.

      I've seen far too much of this idiocy over the past decade or so. ( http://hardware.slashdot.org/c... ) it needs to stop. Learn how to wipe a disk, if it's not faulty, re-use the thing. That old post from 2011 is even more applicable to server drives which are not even remotely cheap pieces of hardware.

    2. Re:Physical destruction by Revek · · Score: 2

      foolish and wasteful. You don't believe that FBI fairy tale about getting data off a drive even if its been wiped do you?
      http://how-to.wikia.com/wiki/How_to_wipe_a_hard_drive_clean_in_Linux

    3. Re:Physical destruction by AbRASiON · · Score: 4, Insightful

      No that's what security people and people speculating will tell you.
      You do a full single pass of 0's to a disk and recover a single word document for me, a single one - I'll give you $1,000 cash.

    4. Re: Physical destruction by mcrbids · · Score: 2

      Actually, I have a physically secured, locked box full of hard drives that I haven't bothered to wipe or destroy. Our approximate policy is to use in house for other purposes if it makes sense, or throw into the box. HDDs just 3 to 5 years old are basically worthless. For storage in volume, anything smaller than about 2 or 3 TB is ready to be replaced, just because of the savings in electricity.

      --
      I have no problem with your religion until you decide it's reason to deprive others of the truth.
    5. Re:Physical destruction by AbRASiON · · Score: 2

      Hang on what are we talking about here, let's be clear.

      Are we talking about a server inherited from someone else at a datacentre when leasing equipment?
      Are we talking about desktop computers?
      Are we talking about some kind of big SAN device loaded with disks and no OS?

      If it's the first 2, why would the disks be unhooked / removed? Presumably they are in the computer you want to use them in. Run DBAN on them, it's not particularly expensive.......
      You shouldn't even be in the habit of physically removing disks unless there's a need to. Reasons I can think of removing a disk would be:
      1, disk is faulty
      2, upgrading to a larger / faster drive.

      Faulty disk, not under warranty? Ok Drill it, fine.
      Upgrading to a larger and or faster drive though? Do you have another server which might have use of those disks? Would they make a good spare? What about some kind of dev / uat environment which could use them? Maybe you should've kicked off the dban before pulling the disks from the server in the first place?
      If you seriously have absoloutely no use for the disks and they are 'proper' old of low value? Ok maybe drill them, maybe - but recyclers pay money for old stuff and drilling disks happens far too often because it's cool to be overly security conscious.

    6. Re:Physical destruction by AbRASiON · · Score: 2

      The _VAST_ and I mean _VASTTTTTTT_ majority of security people I've encountered have, what I'd be comfortable describing as "fuck all" technical knowledge regarding hardware (and in some ways software too) - they get concepts, fundamentals and then read dipshit theorising articles on retreiving data from a hard disk by analysing the "bits between the bits"

      Don't take my word for it, go to some googling, I've read at least 1 article by an actual storage guy (I can't recall if he was actually a physical media designer or what) but he laughed off the idiotic claims as presicely that.

    7. Re:Physical destruction by chuckinator · · Score: 2

      Agreed. The rule of thumb for the paranoid is a write of semi-random data for 3-7 passes with a final pass of zeroes. The tool has been part of GNU coreutils for a long time. Easy to do with a simple:

      shred -z /dev/sda

      Just be careful. That's worse than `rm -rf /` if you mess up.

    8. Re:Physical destruction by nerdbert · · Score: 2

      I do disk drives, and have for the last 20 years or so.

      Practically speaking, unless you have a government actor or someone with extremely deep pockets coming after you, just wiping a drive once is enough for privacy.

      Not practically speaking, and assuming you're worried about a government-grade attack on your drive, a single write of a constant value or a psuedorandom pattern that I can predict isn't enough to completely erase the data. Heads are always slightly misaligned from the servo track, so there's always some leakage at the edges that usually survives a wipe, although it's usually -20 dB or so down from the main signal and requires some finesse to get to. It's this misaligned head that's the most practical attack on erasures. Then you can go to more exotic things (transition modulation, etc) that are less likely to work.

      There's also a problem with abandoned sectors in your drive leaking data. What we do in modern drives is that we have multiple tracks that we use for backup data. When a sector starts to go bad and we have to do multiple retries to read the data (including some very, very weird read modes), we'll take the data and move it to a backup track, then mark the original sectors bad, while mapping the new sectors into the file system so that everything is transparent to the user. You'll never see this, it's all done behind the scenes in ways you can't detect. So the old sensitive data is still there, but hard to read, and nothing you do as a user can ever get to it.

      But all these weird modes are HARD to get to, and the data recovery is often pretty manual and extremely expensive so unless you're Edward Snowden it's not worth the time of the NSA or DoD to come after you.

      So my view is pretty simple: single pass erasure for normal business users or personal use, although I tend to do erasure and a reformat to a completely different filesystem type (e.g. to ntfs from ext4) if I'm giving an old drive to a friend/relative. Usually I take my old drives to the shooting range for destruction just because it's a lot more fun. If the data is really, really private where not one bit can afford to be found, then shred it. It's not like disks are super expensive.

    9. Re: Physical destruction by toddestan · · Score: 2

      Well, you could donate the drives to the various charities that refurbish computers. They're always short on drives because they get so many computers donated to them that have had the drive pulled. They'd be really appreciative if someone showed up with a box full of drives. Size doesn't even matter so much as they are at least 80 GB or so.

  2. Re:Breach by jones_supa · · Score: 4, Informative

    Issuing the ATA Secure Erase command is the most professional way. The drive itself knows the most efficient way to nuke all data from the orbit. Especially useful for SSDs as it might also zero hidden wear leveled data and set all sectors into a TRIMmed state.

  3. Cheap drill press... by guevera · · Score: 2

    I got a cheap drill press from Harbor Freight for $56 on sale.

  4. Re:My policy by LordLimecat · · Score: 2

    secure: definitely, no hard disk has ever been physically reconstructed that had holes in the platters

    Not correct, and its not even a little difficult. A contiguous multi-inch stripe of a modern HD platter contains gigs of data. The only challenge is going to be fragmentation, but with a single hole the file table is probably intact.

    You're basically relying on the high cost and inconvenience-- the hole through the disk renders the existing casing + chipset inoperable, but does nothing to affect 99% of the actual data on the disk. An attacker with the right sort of enclosure could simply read the data right off of the platters, very little reconstruction necessary.

    And while you you would be right to take any such self-interested claims with a grain of salt, its worth noting that several recovery companies (Kroll, Centrex) indicate that such recoveries are possible, and that a number of national regulations in both the US and the UK mandate very particular forms of physical destruction, notably where the entire surface of the drive is affected (shredding, grinding, degaussing).

    But hey-- if you want to argue with the DoD, NIST, Kroll, and the UK Information Commissioner's Office, all so that you can use a messy and non-compliant form of destruction-- go for it. Have fun explaining to federal regulators why you felt it was best to ignore both the experts and federal law regarding private information.

  5. Re:My policy by LordLimecat · · Score: 2

    Because it cant be automated, it creates a huge mess, cant be done in office space (unless you like cleaning up fine bits of aluminum, epoxy, and steel), and requires a decent drill.