From: cwright@bdosyd.com.au
Date: Mon Sep 17 2007 - 15:35:12 EDT
-----Original Message-----
Bill,
I know your task may be fun and have good intentions, but unless you
opened the drive and verified that the platters are destroyed to the
point where nobody can put it back together, then you are just doing the
same thing as someone who formats a drive.
>From an audit point of view, I think they would have the same question.
With Sarbox and other audit requirements, I have to provide proof that
the task was completed.
<<got the wrong person before>> Robert works for the govt. I am sure he
can tell you that per dod and audit standards, he will not be allowed to
just drop a drive on the pavement and not verify that it was destroyed.
Anyway.. as I mentioned before, the Solaris format/purge command is free
and does do the job. (I think it also follows dod standards)
-----Original Message-----
From: Bill Stout [mailto:billbrietstout@yahoo.com]
Sent: Monday, September 17, 2007 12:39 PM
To: Levenglick, Jeff; Holstein, Robert - BLS CTR;
pen-test@securityfocus.com
Subject: Re: Wiping Solaris Servers
I think pebbles of glass are equivalent to shredding, especially for a
commercial environment. Slamming a hard drive against pavement does
meet the "so easy a monkey could perform the task" requirement. Plus
it's fun.
What I was inferring to was the value of the hard drives themselves, and
if they needed to be included with the system. It's faster and easier
to verify a physically destroyed disk or just not ship it, than trust
that a warehouse monkey run through a boot/wipe/verify process. Does
the warehouse have the right power connector? Do they have the right
keyboard and monitor? Is the system complete or have all the parts
needed to wipe the disk?
Near-future or existing unknown recovery techniques might be able to
recover from wiped disks. For example, recorded encrypted conversations
from 10 years ago (and newer) are easily decrypted these days, and back
then the decryption techniques of the day were thought to take up to
30years.
Bill Stout
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:07 EDT