Re: Hard Drive data security
From: Alessandro Bottonelli (a.bottonelli_at_axis-net.it)
Date: 10/02/04
- Previous message: Dell: "Re: Client End Firewalls"
- In reply to: Leong Kok Wah Kenneth: "RE: Hard Drive data security"
- Next in thread: Atom 'Smasher': "Re: Hard Drive data security"
- Reply: Atom 'Smasher': "Re: Hard Drive data security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <security-basics@securityfocus.com> Date: Sat, 2 Oct 2004 15:22:18 +0200
On Friday 01 October 2004 04:17, Leong Kok Wah Kenneth wrote:
> But questions are - 1. where do we get 'free'
> disk wiping program from the net?
>
Google for "bcwipe" for Microsoft environments.
Many Unix flavours come shipped with the "shred" utility. Or you
can overwrite data with other standard utilitues as already
mentioned in the thread.
> 2. what assurance that it will do a good job using the
> 'free' disk wiping program as they are compared commerical
> licensed ones?
>
Unless you have a well geared lab for actual testing, you'll
have to rely on others' testing. Personally, I'd trust more a
free utilty that maybe comes with sources that I can analyze,
rather than a commercial utility. But that's me.
Much also depends on the value of the data you want to shred vs.
the motivation and the tools for recovery of your "adversary"
(whoever he/she happens to be). If returning a drive with low to
mid-level classified data on it to the manufacturer is the
concern, then I would simply degauss the drive with a strong
magnet. I doubt a technician who is paid for refurbishing the
disk has motive, opportunity and means to scan it with
sophisticated devices.
If the drive contained high level classified data and I were
concerned that some "agency" (with motivation and tools) may be
interested in them, then probably I would trust no wiping tools
and I would simply pay the extra price for not returning the
drive to the manufacturer and take care personally of destroying
physically the drive before disposing of it. Many gray-scale
scenarios may lay in between those to extremes.
My 2 Eurocents worth :-)
-- Alessandro Bottonelli AXIS-NET Provacy & InfoSec Consulting http://www.axis-net.it http://www.axamonline.net
- Previous message: Dell: "Re: Client End Firewalls"
- In reply to: Leong Kok Wah Kenneth: "RE: Hard Drive data security"
- Next in thread: Atom 'Smasher': "Re: Hard Drive data security"
- Reply: Atom 'Smasher': "Re: Hard Drive data security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
