Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Ask Slashdot: Datacenter HDD Wipe Policy?

timothy posted about 4 months ago | from the oh-just-a-bunch-of-16-digit-numbers-and-names dept.

Data Storage 116

New submitter socheres (1771002) writes I keep a Slackware server hosted at various datacenters on leased hardware for personal / freelance business use. I have been doing this for the last 10 years and during this time I moved my stuff to several datacenters, some small and some big name companies. No matter the hosting company, since I choose to install my own OS and not take a pre-installed machine, I always got the hardware delivered with the previous guys' data stored on the hard drives. It was also the case with spare drives, which were not installed new if I did not ask specifically for new ones. Has this happened to you? How often?

Sorry! There are no comments related to the filter you selected.

none (1)

Anonymous Coward | about 4 months ago | (#47617415)

Seems like the policy is none

Re:none (1)

Z00L00K (682162) | about 4 months ago | (#47620175)

Datacenters are all about saving money as much as possible, so the re-use of hard disks and wiping/destruction of them is non-existent.

Essentially this means that the data center owner takes a calculated risk that no sensitive data will be misused by another customer.

Now this knowledge is out so we can expect front-ends for black hat hackers to purchase services at random trying to poach data.

The end result will be that the price of "cloud" services will go up rendering them possibly as expensive as hosting the services yourself.

LOL (-1)

Anonymous Coward | about 4 months ago | (#47617467)

My policy is to stick the throbbing, purple mushroom head of my penis in your ass. Then you'd squeal like a stuck piggy.

Physical destruction (2, Interesting)

BaronM (122102) | about 4 months ago | (#47617473)

I've been in the IT infrastructure business for years, and have always relied on physical destruction (shredding) of hard drives when disposing of old systems.

I can see where that may not be cost effective with leased systems, but I would take your experience as a warning to clean up after yourself and secure-wipe hard drives when your lease is up and not count on the datacenter to do it for you.

IANAL, but I also wonder who owns the data on a leased hard drive when the lease is up? If you improve an apartment or build a building on leased land, those improvements typically become the property of the owner when the lease is up. I wonder if that has been addressed with data in the absence of relevant contractual language?

Re:Physical destruction (4, Insightful)

AbRASiON (589899) | about 4 months ago | (#47617921)

It's a stupid policy, if you've been in IT infrastructure for years, you should have a basic understanding of how to wipe a hard disk properly, it's a waste of money, it's creating environmental waste in disposing of it, it's wasting resources needing to purchase another one.

When you start talking about tens or hundreds or even thousands of disks, you're pissing away good money, because you're either too lazy or too stupid to know how to wipe a disk.

I've seen far too much of this idiocy over the past decade or so. ( http://hardware.slashdot.org/c... [slashdot.org] ) it needs to stop. Learn how to wipe a disk, if it's not faulty, re-use the thing. That old post from 2011 is even more applicable to server drives which are not even remotely cheap pieces of hardware.

Re:Physical destruction (0)

LordLimecat (1103839) | about 4 months ago | (#47617959)

Whether or not data can be recovered off of wiped (overwritten) disks is a subject of great speculation. The answer seems to be "theoretically, but we dont know of anyone who's done it". If you're comfortable with that, fine.

Re: Physical destruction (0)

Anonymous Coward | about 4 months ago | (#47618127)

We know that when presented with a large cash prize, people chose to shut up instead of collecting the money.

Theoretically your whole drive might be the next thing /dev/random produces. It's only neat in theory.

Re:Physical destruction (4, Insightful)

AbRASiON (589899) | about 4 months ago | (#47618475)

No that's what security people and people speculating will tell you.
You do a full single pass of 0's to a disk and recover a single word document for me, a single one - I'll give you $1,000 cash.

Re: Physical destruction (0)

Anonymous Coward | about 4 months ago | (#47619033)

1000$ from me as well :P

Re:Physical destruction (1)

LordLimecat (1103839) | about 4 months ago | (#47619817)

You're talking about an attack that has never been publicly demonstrated, and you think a $1000 offer is sufficient to prove its infeasibility? Cute.

No that's what security people...will tell you

By all means dont ever listen to THOSE people.

Re:Physical destruction (2)

AbRASiON (589899) | about 4 months ago | (#47619863)

The _VAST_ and I mean _VASTTTTTTT_ majority of security people I've encountered have, what I'd be comfortable describing as "fuck all" technical knowledge regarding hardware (and in some ways software too) - they get concepts, fundamentals and then read dipshit theorising articles on retreiving data from a hard disk by analysing the "bits between the bits"

Don't take my word for it, go to some googling, I've read at least 1 article by an actual storage guy (I can't recall if he was actually a physical media designer or what) but he laughed off the idiotic claims as presicely that.

Re:Physical destruction (2)

chuckinator (2409512) | about 4 months ago | (#47619883)

Agreed. The rule of thumb for the paranoid is a write of semi-random data for 3-7 passes with a final pass of zeroes. The tool has been part of GNU coreutils for a long time. Easy to do with a simple:

shred -z /dev/sda

Just be careful. That's worse than `rm -rf /` if you mess up.

Re:Physical destruction (1)

goarilla (908067) | about 4 months ago | (#47621345)

And takes a very long time /dev/{u}random does not have a lot of bandwith. In my opinion a single dd if=/dev/zero suffices for drives going out of the company.
But for a reinstallation of a system in the company I just format and reinstall again because a zero pass takes a long time as well.

Re:Physical destruction (1)

Anonymous Coward | about 4 months ago | (#47620471)

No that's what security people and people speculating will tell you.
You do a full single pass of 0's to a disk and recover a single word document for me, a single one - I'll give you $1,000 cash.

I work as a data recovery technician and, for the most part I agree if you zero a drive you will not get any data from it unless someone is very cunning and knows about the glist (bad sector list) and if they release that they might be able to get something but usually only a few sectors. It makes me cry when I see people drilling or smashing hard drives... total waste.

Re:Physical destruction (0)

Anonymous Coward | about 4 months ago | (#47620705)

I charge a lot more than that for that kind of recovery, and the people who want it are quite willing to pay.

Single pass is not even close to good enough for anything sensitive, and if it's not sensitive, just blow away the partitions and leave it.

Re: Physical destruction (0)

Anonymous Coward | about 4 months ago | (#47618681)

Nope, reusing old hardware is a foolish economy, and a policy of wipe-and-resell is too prone to human error, not to mention labor intensive. Physical destruction of end-of-life drives is almost foolproof and economical of labor. Frankly, the residual value of a 5 to 7 year old HDD is negligible.

Re: Physical destruction (2)

mcrbids (148650) | about 4 months ago | (#47618781)

Actually, I have a physically secured, locked box full of hard drives that I haven't bothered to wipe or destroy. Our approximate policy is to use in house for other purposes if it makes sense, or throw into the box. HDDs just 3 to 5 years old are basically worthless. For storage in volume, anything smaller than about 2 or 3 TB is ready to be replaced, just because of the savings in electricity.

Re: Physical destruction (1)

darkonc (47285) | about 4 months ago | (#47621201)

physical destruction is only 'foolproof' if you're the fool doing it... Otherwise you're depending on the protocols of the people doing the destruction for you.

If you've got a number of drives to go through, wiping drives is a pretty simple process. Get a USB drive enclosure (or 5)... then plug in a drive, turn it on. Run the wipe and wait for the drive to finish wiping. switch off, switch drives and repeat. physical destruction is only called for if the writes fail.

Going beyond wiping a drive is only necessary if someone like the NSA is interested in your data.

Re:Physical destruction (1)

Fencepost (107992) | about 4 months ago | (#47618889)

It's not worth my time to hook up old PCs or removed drives so I can wipe someone's 40/80/120/160 GB IDE drives for reuse. A nail punch in a few places makes it not feasible for someone to try to recover potential legally protected from possible temp files saved on an old desktop system. My concern is generally that I'm not sending used drives from medical offices out to end up "recycled" to Africa where someone might actually try to recover data from them.

Re:Physical destruction (2)

AbRASiON (589899) | about 4 months ago | (#47619011)

Hang on what are we talking about here, let's be clear.

Are we talking about a server inherited from someone else at a datacentre when leasing equipment?
Are we talking about desktop computers?
Are we talking about some kind of big SAN device loaded with disks and no OS?

If it's the first 2, why would the disks be unhooked / removed? Presumably they are in the computer you want to use them in. Run DBAN on them, it's not particularly expensive.......
You shouldn't even be in the habit of physically removing disks unless there's a need to. Reasons I can think of removing a disk would be:
1, disk is faulty
2, upgrading to a larger / faster drive.

Faulty disk, not under warranty? Ok Drill it, fine.
Upgrading to a larger and or faster drive though? Do you have another server which might have use of those disks? Would they make a good spare? What about some kind of dev / uat environment which could use them? Maybe you should've kicked off the dban before pulling the disks from the server in the first place?
If you seriously have absoloutely no use for the disks and they are 'proper' old of low value? Ok maybe drill them, maybe - but recyclers pay money for old stuff and drilling disks happens far too often because it's cool to be overly security conscious.

Re:Physical destruction (1)

Noah Haders (3621429) | about 4 months ago | (#47619057)

as the data center person, I would offer clients the opportunity for an extra $50 to have their disks destroyed when they're done with them.

Re: Physical destruction (0)

Anonymous Coward | about 4 months ago | (#47619101)

The disks I'm disposing of these days are predominately 144GB SAS disks (Seagate savvios) from servers that are EOL. Sure, I could sell them, but one improperly wiped disk with sensitive data would note than offset any minimal amount of money they're worth.

With leased gear, a security wipe is all you can do, and you are quite correct that it is secure as long as it is done for every disk, every time.

Re:Physical destruction (1)

Fencepost (107992) | about 4 months ago | (#47620751)

Well, my customers have traditionally used servers until they're mostly beyond being repurposed, and the same with desktop PCs. The only ones with anything in datacenters are ones using hosted solutions, and we and they don't have any access to the vendor's setups. That said, for retired SATA drives they'll likely get scrubbed and shelved as possible future spares - an old enterprise 250GB SATA drive will work just fine for reimaging a local PC.

For desktop machines, we don't image or wipe them before replacement, and we let them sit in a storeroom for a couple weeks just in case we need to retrieve something, but after that we're not hooking them back up just to wipe, we just yank the drive and send the machine out for recycling. This year they've tended to be old Pentium 4 boxes that were running XP acting as remote desktop terminals. It's very unlikely that there's anybody's medical data on any of the drives, but it's not a chance that we want to take and physical destruction of the drive is the quickest and therefore cheapest way to do it that I'll trust.

One special situation here is that I'm part of a small enough group that we don't really have low-paid PFYs or interns to do this - if I had someone available being paid $10-15/hour for basic technical tasks it might change things, but right now any time spent wiping drives on obsolete PCs for donation could be much better spent on billable tasks.

Re:Physical destruction (1)

Osgeld (1900440) | about 4 months ago | (#47619733)

my only beef with that is its getting harder to find old scsi drives for retro computers, IDE fuck it nail away

Re:Physical destruction (0)

Anonymous Coward | about 4 months ago | (#47620771)

It's not about being technically competent to securely wipe a disk. It's about being able to wipe a disk in a way that a non-technical observer can verify. Joe from Legal needs to *know* that those medical records are destroyed, and holding the trashed remains of the disk will do that. The hardware cost is trivial.

Re:Physical destruction (2)

Revek (133289) | about 4 months ago | (#47617961)

foolish and wasteful. You don't believe that FBI fairy tale about getting data off a drive even if its been wiped do you?
http://how-to.wikia.com/wiki/How_to_wipe_a_hard_drive_clean_in_Linux

Re: Physical destruction (0)

Anonymous Coward | about 4 months ago | (#47617969)

I would use full disk encryption for personal and small business use regardless of the hardware is leased or not.
Big companies should have multiple layers of security.

Re:Physical destruction (1)

jon3k (691256) | about 4 months ago | (#47617993)

Same, per policy we destroy all hard drives.

Re:Physical destruction (1)

Charliemopps (1157495) | about 4 months ago | (#47618139)

I've been in the IT infrastructure business for years, and have always relied on physical destruction (shredding) of hard drives when disposing of old systems.

I can see where that may not be cost effective with leased systems, but I would take your experience as a warning to clean up after yourself and secure-wipe hard drives when your lease is up and not count on the datacenter to do it for you.

IANAL, but I also wonder who owns the data on a leased hard drive when the lease is up? If you improve an apartment or build a building on leased land, those improvements typically become the property of the owner when the lease is up. I wonder if that has been addressed with data in the absence of relevant contractual language?

He's talking about a datacenter. He doesn't have physical access.

Encrypt the drive. If, for some reason, the contract goes south or they go out of business, the data's garbage even if they sell the drive at auction. Our company policy is everything is encrypted outside our network. This includes portable devices like laptops, phones, and I even saw new USB sticks yesterday that will wipe themselves after a few invalid attempts.

Re:Physical destruction (1)

sjames (1099) | about 4 months ago | (#47618481)

I would imagine it is equivalent to clothes in the closet. If you leave them behind, the apartment owner can dispose of them as he sees fit.

Re:Physical destruction (0)

Anonymous Coward | about 4 months ago | (#47619159)

Save yourself and yourself some time and your company some money.

Get yourself one of the many livecds or usbdrives out there

dd if=/dev/zero of=/dev/sda

Come back in an hour or two and it is done. If you feel someone might be able to recover that then

dd if=/dev/urandom of=/dev/sda

Done.

Name one company that can recover a harddrive from that. They do not exist. They would be making millions. If you find one post it here. I am sure there are many people here that would love to take advantage of that service.

Breach (0)

Anonymous Coward | about 4 months ago | (#47617479)

Thats actually a breach of Security between the Data Center Provider and the previous company... Especially if you can access files on those "new" hard drive.

I would submit a security complaint to the Data Center Provider, and if you can figure out the company, to the company's Infosec people as well. That shouldn't happen at all.

In the company I work, we use a DOD standard Wipe disk, and if anything needs to be decomissioned, we hire a company that will give us a certificate of destruction.

Re:Breach (1)

Anonymous Coward | about 4 months ago | (#47617925)

I have seen this so often, this is something I consider is assumed.

First thing I do with any new machine is zero it out. SSDs... easy:

blkdiscard /dev/sdx; dd if=/dev/zero of=/dev/sdx bs=1024 count=1024; blkdiscard /dev/sdx

The reason I do a quick dd of the first part is to completely zero out the partition table. Some SSDs might have zapped all data, but it can't hurt to be safe and know that the partition table is ready to be initalized by a subsequent OS install.

HDDs, I use /dev/zero, /dev/urandom, then /dev/zero again, alternating this a couple times. This is less for destroying data than to ensure that no drive errors come up.

The main reason I erase a disk thoroughly before bringing it online, other than to check for disk errors, is so I don't have to deal with the previous owner's data and possible legal entanglements that may cause. Look how many years in prison a guy in Texas got because of Google's findings. It is easier to just zero out all incoming media to ensure that any data sitting on the drives is mine, and mine alone.

Of course, the real question of zeroing out drives is when the server is being decommissioned. This is why I try to encrypt all partitions. With BitLocker, the Windows format command is smart enough to thoroughly zero out the metadata and the areas on the volume that hold the master key, making recovery pretty much impossible. So, a simple format command, and the machine is decommissioned. However, I much prefer to overwrite the drives completely (most server RAID controllers have this functionality, or if they don't, just delete the existing drive volume, and make a RAID 2 volume on pairs, let it complete, then delete the volume and go back to a RAID 5, which will end up overwriting all drives with unrecoverable garbage.)

Of course, booting up a DBAN CD will also do the trick.

Of course, the best way is to pull all drives and physically destroy them, but that usually isn't doable in a lot of cases, so having a volume encryption layer does help.

Re:Breach (4, Informative)

jones_supa (887896) | about 4 months ago | (#47618041)

Issuing the ATA Secure Erase command is the most professional way. The drive itself knows the most efficient way to nuke all data from the orbit. Especially useful for SSDs as it might also zero hidden wear leveled data and set all sectors into a TRIMmed state.

Re:Breach (0)

Anonymous Coward | about 4 months ago | (#47618165)

Dang, out of mod points.

Re:Breach (0)

Anonymous Coward | about 4 months ago | (#47619195)

so, this brings us to the question of how much we trust the drive vendor
to have properly implemented this with no back door, and to have tested
this feature properly.

Re:Breach (0)

Anonymous Coward | about 4 months ago | (#47620805)

Issuing the ATA Secure Erase command is the most professional way.

How confident are you that such an infrequently-used command will be properly implemented in the firmware (rather than, say "/* implement this later, if there's time */")? HDD manufacturers make the basic read/write functionality work because every customer would raise hell if they didn't. But what incentive do they have to make sure that Secure Erase works as it should?

Re:Breach (1)

jones_supa (887896) | about 4 months ago | (#47620915)

Based on my empirical experience, I am fully confident that it is properly implemented in the firmware.

Re:Breach (0)

Anonymous Coward | about 4 months ago | (#47618079)

I have seen this so often, this is something I consider is assumed.

First thing I do with any new machine is zero it out. SSDs... easy:

blkdiscard /dev/sdx; dd if=/dev/zero of=/dev/sdx bs=1024 count=1024; blkdiscard /dev/sdx

try sg_sanitize --block/--crypto instead of dd.

IRS (0)

Anonymous Coward | about 4 months ago | (#47617493)

Contract with them. They destroy everything.

Re:IRS (-1)

Anonymous Coward | about 4 months ago | (#47617531)

Especially people's lives. All Hail Obama's America!

Re:IRS (1)

bobbied (2522392) | about 4 months ago | (#47617827)

Contract with them. They destroy everything.

Oh no they don't destroy everything. They have tax records going back for a decade or more from both what you, your employer, and financial institutions reported and trust me they can pull these records out of the hat when it suits their purpose. (Such as when they decide to audit you.)

Re:IRS (1)

kelemvor4 (1980226) | about 4 months ago | (#47618119)

Contract with them. They destroy everything.

Oh no they don't destroy everything. They have tax records going back for a decade or more from both what you, your employer, and financial institutions reported and trust me they can pull these records out of the hat when it suits their purpose. (Such as when they decide to audit you.)

http://politics.slashdot.org/s... [slashdot.org]

Re:IRS (1)

someSnarkyBastard (1521235) | about 4 months ago | (#47618375)

...when it suits their purpose.

Note the fine distinction made there.

Never happened to me because... (1)

Jiggy (114468) | about 4 months ago | (#47617521)

...financial services degauss then physically shred the drives. You get a nice certificate too. It's extreme but cheaper than a data leak.

Re:Never happened to me because... (1)

bobbied (2522392) | about 4 months ago | (#47617893)

So much for taking decommissioned drives home and putting them into the NAS to store my video archives....

(No, I'm not serious about taking stuff home from work... Never a good idea, even out of the trash can...)

Re:Never happened to me because... (0)

Anonymous Coward | about 4 months ago | (#47618247)

So much for taking decommissioned drives home and putting them into the NAS to store my video archives....

(No, I'm not serious about taking stuff home from work... Never a good idea, even out of the trash can...)

I agree, you want the new ones from the manufacturer's carton. Take those home. Leave the trash.

My policy (0)

multimediavt (965608) | about 4 months ago | (#47617541)

Drill press. 'nuf said.

SDD Policy (0)

multimediavt (965608) | about 4 months ago | (#47617551)

Pulverisation, preferrably by hammer on concrete slab, in absence of a suitable anvil; maybe Acme brand.

Re:My policy (1)

the eric conspiracy (20178) | about 4 months ago | (#47617589)

Thermite.

Re:My policy (1)

Z00L00K (682162) | about 4 months ago | (#47620213)

When in doubt - C4 [youtube.com]
  -- Jamie Hyneman

Re:My policy (0)

Anonymous Coward | about 4 months ago | (#47617637)

Plasma Cutter.

Re:My policy (1)

bobbied (2522392) | about 4 months ago | (#47617931)

Drill press. 'nuf said.

I was thinking that taking it apart followed by sanding off the oxide layer from the platters would be good enough, but if you have a drill press, to each their own.

Re:My policy (1)

LordLimecat (1103839) | about 4 months ago | (#47617971)

A drill press, while flashy, is simultaneously less secure, convenient, and available than a wipe, all while being more expensive.

Re:My policy (1)

gnu-sucks (561404) | about 4 months ago | (#47618207)

Explain please how a drill press is not secure.

Let's see...

1) flashy: not really
2) secure: definitely, no hard disk has ever been physically reconstructed that had holes in the platters. Short of a scanning electron microscope, you're not reconstructing that data
3) available: go to home depot
4) price: yes, more expensive than running dd if=/dev/random of=/dev/olddisk, but cheaper than an industrial-grade shredder and of course cheaper than any commercial "enterprise" data removing software. I think drill presses can be had for around $200.

Cheap drill press... (2)

guevera (2796207) | about 4 months ago | (#47619139)

I got a cheap drill press from Harbor Freight for $56 on sale.

Re:My policy (2)

LordLimecat (1103839) | about 4 months ago | (#47619881)

secure: definitely, no hard disk has ever been physically reconstructed that had holes in the platters

Not correct, and its not even a little difficult. A contiguous multi-inch stripe of a modern HD platter contains gigs of data. The only challenge is going to be fragmentation, but with a single hole the file table is probably intact.

You're basically relying on the high cost and inconvenience-- the hole through the disk renders the existing casing + chipset inoperable, but does nothing to affect 99% of the actual data on the disk. An attacker with the right sort of enclosure could simply read the data right off of the platters, very little reconstruction necessary.

And while you you would be right to take any such self-interested claims with a grain of salt, its worth noting that several recovery companies (Kroll, Centrex) indicate that such recoveries are possible, and that a number of national regulations in both the US and the UK mandate very particular forms of physical destruction, notably where the entire surface of the drive is affected (shredding, grinding, degaussing).

But hey-- if you want to argue with the DoD, NIST, Kroll, and the UK Information Commissioner's Office, all so that you can use a messy and non-compliant form of destruction-- go for it. Have fun explaining to federal regulators why you felt it was best to ignore both the experts and federal law regarding private information.

Re:My policy (1)

i.r.id10t (595143) | about 4 months ago | (#47618677)

And, not nearly as fun as a FN-FAL or similar with milsurp ammo.

Re:My policy (0)

Anonymous Coward | about 4 months ago | (#47619701)

A drill press, while flashy, is simultaneously less secure, convenient, and available than a wipe, all while being more expensive.

Huh? how is a 5 second punch less convenient than a wipe, especially considering that half of the drives in the box are dead or flaky.
Getting a box of scsi drives mounted in IBM carriers maybe-good maybe-bad hot swapped by the server team for wiping is a nightmare. Oh, and some aren't scsi.

Re:My policy (2)

LordLimecat (1103839) | about 4 months ago | (#47619891)

Because it cant be automated, it creates a huge mess, cant be done in office space (unless you like cleaning up fine bits of aluminum, epoxy, and steel), and requires a decent drill.

Re:My policy (0)

Anonymous Coward | about 4 months ago | (#47618083)

Take off and nuke the entire site from orbit. It's the only way to be sure.

Re:My policy (1)

Osgeld (1900440) | about 4 months ago | (#47619741)

Belt Sander

hold it long enough you dont even have to take it apart lol

refurb drives (0)

Anonymous Coward | about 4 months ago | (#47617553)

I've worked for companies that sell Refurb drives. No effort is taken to clear drives, just a spin up test... I bought them a drive eraser and told them it would also let them know if the drive was bad, which should cut down on warranties. I'm not sure if they ever used it since they are a different department. In our Department drives were wiped using Boot and Nuke, then bad disks and small disks were physically destroyed then sold for scrap metal, good disks were reused but never left the site or used for other customers.

Re:refurb drives (1)

davidwr (791652) | about 4 months ago | (#47617953)

I've worked for companies that sell Refurb drives.

Oh how I wish you could tell us who you used to work for. Unfortunately, as soon as you do, /. is going to get a subpeona for your IP address, and your ISP will get a supeona for your personal information, and... well, it could get ugly.

Before leaving the server (1)

mrspoonsi (2955715) | about 4 months ago | (#47617555)

Get an OS re-image then simply fill the hdds with random data. This works well on HDDs, but SSDs with their 10 or 20% wear space, perhaps not, they need pulling and disposing.

Re:Before leaving the server (0)

Anonymous Coward | about 4 months ago | (#47617703)

SSDs do not expose logically overwritten data to anyone without firmware or hardware level access. What you write to a logical block is what anyone else is going to see when they read that block, even if the data is actually still technically stored in flash memory somewhere. The standard interface level view of the SSD is the same as for HDDs: Overwritten data is gone.

Re:Before leaving the server (1)

Anonymous Coward | about 4 months ago | (#47617765)

SSDs do not expose logically overwritten data to anyone without firmware or hardware level access.

SSDs may expose logically overwritten data to anyone with firmware or hardware level access.

There, fixed that for you.

Re:Before leaving the server (1)

mysidia (191772) | about 4 months ago | (#47618851)

SSDs may expose logically overwritten data to anyone with firmware or hardware level access.

Not if it's an encrypted SSD and you replace the crypto keys with new ones.

Re:Before leaving the server (0)

Anonymous Coward | about 4 months ago | (#47620609)

Irrelevant. Anyone with that kind of access could have your data already and doesn't need to wait until you decide that you don't need that disk anymore.

Re:Before leaving the server (1)

silas_moeckel (234313) | about 4 months ago | (#47617871)

You can skip the overwrite on a SSD just trim the whole thing reads will be all zero's as it's an unassigned block. If you need to protect the data that much you destroy the drive.

Re:Before leaving the server (1)

Culture20 (968837) | about 4 months ago | (#47617831)

An OS reimage with 'doze and use sdelete.exe from Sysinternals Suite. http://technet.microsoft.com/e... [microsoft.com]
Or 'nix, dd a huge file and shred it (remember to restrict the passes with -n since the default is "a lot")
Neither is perfect, but better than delivering your data to the next schmoe on a platter (pun intended).
If you can request the specific OS image, send them a copy of a memory-resident linux installation [wikipedia.org] configured to auto-wipe the HDDs with shred.

Re:Before leaving the server (0)

Anonymous Coward | about 4 months ago | (#47617911)

dd'ing the huge file is sufficient. There's no need to shred it. Just dd if=/dev/zero of=bigfile; rm bigfile. If you're paranoid, use /dev/urandom instead of /dev/zero, but that's really unnecessary. You can't recover data that's been overwritten.

Re:Before leaving the server (0)

Anonymous Coward | about 4 months ago | (#47618039)

Why do it to a file and not to the block device itself?
dd if=/dev/zero of=/dev/sda

(I can never remember the argument for setting the block size.)

Re:Before leaving the server (1)

Culture20 (968837) | about 4 months ago | (#47618217)

Why do it to a file and not to the block device itself?
dd if=/dev/zero of=/dev/sda

(I can never remember the argument for setting the block size.)

the block size setting is a lot of bs. (bs=)
You can't be guaranteed to escape a kernel panic or general screwiness when the system tries to use swap space or access a file. That's why I suggested a "run from RAM" distro.
Also dd dead stops if it hits a bad block. You're better off using shred or ddrescue to overwrite stuff when going directly to device.
You can target other partitions like say, /home , /data , /var , etc. if you've actually partitioned them separately. You can also turn swap off and target it. But like I said, you're best off nuking from RAM.

Use a drive eraser, then physically destroy (1)

HunterZero (102709) | about 4 months ago | (#47617603)

For security purposes, I use a WiebeTech drive eraser to scrub the drive (DoD Sanitize standard), then send them to a physical destruction service.

Paranoid? Yes. Expensive? Yes. Worth it to my employers? Yes.

Re:Use a drive eraser, then physically destroy (1)

LordLimecat (1103839) | about 4 months ago | (#47617983)

You'd be better off degaussing, if youre gonna shred it anyways. Doing 7 overwrites is gonna take longer than just tossing the drive in a degausser and being done with it.

Here is the corporate policy (1)

thieh (3654731) | about 4 months ago | (#47617645)

What I have learned from the news is that the policy has always been "If there has been nothing in the news, don't bother." It costs electricity and labour cost to do it. The previous story on /. [slashdot.org]

Depends on the DC (1)

silas_moeckel (234313) | about 4 months ago | (#47617841)

I would never expect new drives on a leased box as it's a leased box. Nor would I expect them to sanitize my data before handing it to a new customer. I work with a lot of hosting companies and it's not very uniform. One dirt cheap place runs everything through dban before handing it back others not so much. If you need to insure this happens expect to pay for it.

Pick another hosting service (0)

Anonymous Coward | about 4 months ago | (#47617935)

A good hosting service will either tell you up-front they don't wipe data when they reclaim the drive and that you shouldn't store anything on it you wouldn't want splattered across the front page of Google News (or Slashdot, or ...), OR they will tell you what their policy is.

For setups where you are leasing a dedicated drive, they should offer you the option of buying a brand new drive outright and pre-paying for either certified destruction or returning of the drive to you when it is no longer in service. For certain applications with legal or national-security implications if the data is recovered after you quit being a customer, this may be the only way to go.

For virtual systems, your "virtual machine's" data store should be encrypted using keys controlled by the data center. When you are no longer a customer, the file is deleted and the encryption keys destroyed. Ditto cases where you are the only user of the drive but you haven't bought it outright - destroy the keys and the drive is for all practical purposes sanitized.

For shared-login systems and "virtual hosting" that is not a true VM (e.g. jail-rooted "virtual machines"), "your" data should be encrypted somehow using keys controlled by the data center owner. When you are no longer a customer, your files are deleted and the keys destroyed. The loopback device is one way to accomplish this task.

This method has the added advantage that once the keys are truly destroyed (including all backup copies) any backups the data center may have made are rendered useless. It can also save the data center time in that they don't have to overwrite your data, they can just delete the "container file" and be done with it.

About the only time I can see where it doesn't make sense to erase the data would be if it's a free or nearly-free/dirt-cheap hosting provider where they tell you up front that the drive will not be sanitized and that a future customer may be able to "undelete" your data. This falls under the category of "you get what you pay for, but the vender still has an ethical obligation to tell you what you are getting."

Old Tech (1)

Teun (17872) | about 4 months ago | (#47617943)

Some things require Old Tech [photobucket.com] .

most datacenters will do what they are paid for. (1)

NemoinSpace (1118137) | about 4 months ago | (#47617997)

Or what they are contracted to do. There is no use arguing with somebody who insists you spend 2 hours+ doing a D.O.D. wipe on a out of warranty drive if they are willing to pay you. Otherwise, 15s through a degausser will do the trick.
Something tells me you didn't make a copy of the last guy's data before you wiped it and installed your stuff. I'm betting no calls to the NSA,or even the local police were made. Nobody cares about this stuff except the people that need to. Finally, there is no machine in a datacenter that has both important data and Slackware on it. Hope you remove your own data before the next lease runs out, because nobody is going to do it for you.

Re:most datacenters will do what they are paid for (1)

mysidia (191772) | about 4 months ago | (#47618879)

Something tells me you didn't make a copy of the last guy's data before you wiped it and installed your stuff. I'm betting no calls to the NSA,or even the local police were made

These days he might care.... never know when one might find a Bitcoin wallet carelessly left lying around complete with private keys.

If he didn't at least take a deep look at the data to see if there was anything there that he could "use", then it's because he's an honest person, perhaps. Not everyone is like that.

Google (0)

Anonymous Coward | about 4 months ago | (#47618005)

If I remember correctly, Google has a barcode on every HD to track its life. When a drive is to be decommissioned for whatever reason, they secure wipe it, degauss it, then put it through a shredder that mixes the left over of many drives together.

Re:Google (1)

magarity (164372) | about 4 months ago | (#47618131)

Someone was pulling your leg unless you mean their internal bookkeeping and H.R. records or internal research projects. But for the typical drive in a Google search engine node, well, all of its data is available to the entire public via Google's own web page. which is kinda the point. There's no need to shred those drives

Re:Google (1)

danlip (737336) | about 4 months ago | (#47618291)

The search-engine drive may contain stuff they'd rather not be public (for reasons of competition), like the software that manages all that data and the data structures it is stored in. Then there is Google Mail, which contains private emails and contacts. And I'm sure other examples.

Re:Google (1)

dave420 (699308) | about 4 months ago | (#47621295)

There is a lot more on those drives than simply one big folder called "Internets". It will most likely have keys, configurations, software, information about network structure, logs, and anything else you might be able to think of. It's rather weird to assume they don't have anything on there.

Encrypt your LUNs (0)

Anonymous Coward | about 4 months ago | (#47618025)

No idea why this hasn't been mentioned yet, but if you don't have physical ownership / access of the media, you should be encrypting the LUNs (crypto-luks). Why are you trusting that the cloud-provider is going to wipe the drives when you are done with them (obviously you shouldn't be).

If you have physical ownership or the disks themselves (in your own DataCenter), then you should have policies in place to deal with the drives already.

Policy Varies (0)

Anonymous Coward | about 4 months ago | (#47618123)

I work for a hosting company and we wipe all drives using DBAN when a server is canceled. Volumes for our cloud based VMs also go through a similar process when the server is destroyed. There isn't a universal policy regarding this in the hosting industry so your best option would be to ask your provider what they do with canceled/failed hardware.

Re:Policy Varies (1)

mysidia (191772) | about 4 months ago | (#47618893)

I work for a hosting company and we wipe all drives using DBAN when a server is canceled.

That's one approach.... another is simply delete and re-create the hardware RAID10 (or RAID5), re-initialize, and install the new tenant's operating system. The data has not been explicitly wiped, but the new leassee is not going to get anything meaningful out of it without physical access and a lot of trouble, anyways.

Thre is really only one solution (1)

WillAffleckUW (858324) | about 4 months ago | (#47618125)

If it's ceramic, wipe them three times with 1s and 0s and then smash them to bits with a large hammer, and then cast the resulting powder into a nice art sculpture.

If it's metal, do the same but melt it.

Have to agree - anything that went on the cloud should be assumed to have been copied.

Easy, just send them to the IRS (0)

Anonymous Coward | about 4 months ago | (#47618349)

Forget about seven pass wipes or sledgehammers. We just mail our old drives off to the Incriminating Record Shredders, where they are never heard from again.

Legal side of leased equipment (1)

Karem Lore (649920) | about 4 months ago | (#47618511)

One of the early comments alluded to this, but didn't quite take it far enough.

If userA leases a drive and fills it with illegal content (child pornography, Snowdon's files, whatever) and then leaves and the hosting company the re-leases the drive to userB without clearing out the drive properly, who gets arrested? Who should get arrested?

userA is long gone. Could potentially be tracked down. Need to prove they put the files there and not userB or hosting company.
userB has access (but potentially not ownership) of said files. This is still arrest-able offence.
Hosting company has ownership of files (possibly) in a leased environment??? If this is the case, should the hosting company be responsible not only for clearing the files from userA before putting userB in jeopardy from the law but also responsible for monitoring their drives for illegal activity and content.

Now we are on a slippery slope...

Re:Legal side of leased equipment (1)

mysidia (191772) | about 4 months ago | (#47619001)

If userA leases a drive and fills it with illegal content (child pornography, Snowdon's files, whatever) and then leaves and the hosting company the re-leases the drive to userB without clearing out the drive properly, who gets arrested? Who should get arrested?

Possession of the hard drive containing illegal content is not a strict liability crime, meaning those accused of the crime have to be charged under due process.

As long as userB is not aware of the content placed by userA and does not become aware of the inaccessible content placed by user A, then userA is the only party who has met both conditions, mens rea and actus rea, required for criminal liability.

Therefore, it is userA who could and should be arrested.

Neither userB nor the lease provider has any criminal liability, unless they became aware of the illegal material and committed a guilty act, such as illegally retaining the material and failing to report the matter.

Well, yes... (0)

Anonymous Coward | about 4 months ago | (#47618817)

Has this happened to you? How often?

Yes. At least once a year. And every time it happens I post a new torrent with the offending hard disk's contents.

My policy (1)

Hamsterdan (815291) | about 4 months ago | (#47619341)

Dismantle, keep the magnets (the flat ones are really fun to play with, lots of projects) , and recycle the drive and platters (50 cents/pound), there's even a copper coil in there at 3$/pound

Not much, but once dismantled, data is gonna be pretty hard to recover.

If you really want it gone, Thermite...

Destruction is not waste and here is why. (0)

Anonymous Coward | about 4 months ago | (#47619851)

Build the cost of destruction into the contract with the customer. Drives don't last forever so there is zero reason to try to save even thousands of them.
Ten thousand hard disks would easily fit into one, that's ONE, scrap rolloff container. Millions of cars are shredded every year for recycling so do not be impressed
by relatively tiny hard disks.

Shredding protects all concerned. Were it my tasking I'd give each removed hard disk a shot with a hand sledge on a workbench so it couldn't be recovered without
major expense (in practical reality, not at all), store them under lock and key, then bulk shred the lot.

Hard drives used to be expensive. Those days are over and the attitude that hardware is valuable needs to end. Information security is valuable, but hardware is scrap for the smelter.

So criminals should always buy used hard drives (0)

Anonymous Coward | about 4 months ago | (#47620347)

Then they can say any illegal files on there were the previous owner's.

Re:So criminals should always buy used hard drives (1)

darkonc (47285) | about 4 months ago | (#47621251)

They can only say that about data that was clearly deleted.

If I was a criminal, I'd buy used drives in bulk, and see if there was any data on them worth using (or ransom). Using a drive in a way that allowed plausible deniability would take some effort and technical knowledge ... Not the kine of thing that most thieves depend on.

Work in a datacenter.... (0)

Anonymous Coward | about 4 months ago | (#47620453)

I work in a datacenter and we wipe drives on a regular basis using the "secure wipe" feature built into modern drives to securely wipe previous customer data from the drives prior to reusing them, of course as long as the disks are not defective. Unless specifically requested to do a "DoD" wipe, this is how we wipe the drives as a standard.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?