This makes it necessary to rethink how the information on data carriers should be erased before they leave the organization. In addition to the traditional hard drive, we increasingly use SSD's, USB drives, memory cards, mobile phones, etc. Where in the past everything was written on magnetic media, this is no longer the case. the lavabit operators over the last weeks.The amount of data we store continues to grow. Yes, I might have watched a few talks from e.g. Thermite can be started using rocket motors, and you can't recover data from slag. Afterwards, high temperature fire is a final good measure. In the case of SSDs, you want to look for a good shredder. Given that, you should generally destroy multiple drives at once and mix up the storage parts - like pladders - to render reconstruction infeasible. Encryption makes it harder to recover, but depending on the attacker, there are vectors. For example, SSDs are extremely hard to wipe properly from a software (read: above firmware) level. If you do security? You cannot rely on any kind of software deletion. Ideally, still do encryption on the drives to increase security somewhat. Either encrypt, wipe keys and get someone to accept the risk. The first question, I've learned, is: Are you looking for compliance, or security?Ĭompliance, there is two ways depending on the scope. 1 (PDF) states, “For storage devices containing magnetic media, a single overwrite pass with a fixed pattern such as binary zeros typically hinders recovery of data even if state of the art laboratory techniques are applied to attempt to retrieve the data.” (It noted, however, that hidden areas of the drive should also be addressed.)" National Institute of Standards and Technology (NIST), in its Guidelines for Media Sanitization of 2006 (PDF), stated that “for ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media.” When NIST revised its guidelines in late 2014, it reaffirmed that stance. it never actually specified any method/pattern/number of passes/etc)Īnd from - How Many Times Must You Overwrite a Hard Disk? - Blancco
Myth of the DOD 3 Pass - Let it go ()ĭoD 5220.22-M: The Data Wipe Myth - Garner Products () (this talks about the NIPSOM order that established the "dod wipe" myth. That, or cryptographic erasure - destroying the keys that can unlock the encryption on the drive.ĭoD wipe is a huge, huge, outdated myth - outmodded since 15GB ATA drives came out, in fact. Single pass is sufficient in DoD and NISTs eyes to prevent nation-state level attacks on intercepted drives. Unclassified, single pass depending on usage/reuse/disposal.
DoD spec for drives re-used in the same classification level is a single 0-pass.Ĭross classification levels, physical destruction (unless going up).
0 kommentar(er)
