Re: Hmm...

On 9 Oct 2006, in the Usenet newsgroup comp.security.misc, in article
<1160441115.162699.303050@xxxxxxxxxxxxxxxxxxxxxxxxxxx>, James wrote:

So is it safer to say to never get rid of old hard drives no matter who
owns them or what is on them that is considered sensitive to them?

As in my other reply - hard drives today are cheap - and if the data is
sensitive - destruction is the only way to go. Who knows, that all
important *** of data may be on one of those swapped out "bad sectors"
and _MAY_ be recoverable. Is the risk worth it? On the other hand,
are you sure the "bad guys" are after you - or would a NISPROM wipe
handle things? For Joe/Jane Average, the answer is probably yes. But
you would need to check for company policies (or more specifically,
government requirements) to make sure nothing _else_ is required.

An how does this fit in with higher security systems like A or B class
systems (Orange book referenced these)?

Orange Book (DoD Trusted Computer Systems Evaluation Criteria = DoD
5200.28-STD - December 1985) is _long_ dead, but the only classes I
recall related to orders of trust. I can't find my copy of the book, but
a reference I have (Computer Security Basics by Russell and Gangemi,
O'Reilly, 1991, ISBN 0-937175-71-4) says that it mentions "clearing disk
blocks when a file is scratched, or before being allocated", and "degaussing
magnetic tapes when no longer needed". I'm sure the actual Orange Book
had specifics, but the current standard is the NISPROM.

If the drive has/had officially classified material on it, discuss the
_requirements_ with the appropriate government representative. Do EXACTLY
what is required. If the drive was not officially classified, there
are companies that will handle the problem - everything from a NISPROM
wipe, up to slagging the drive and shredding the residue. In the Phoenix
Arizona (USA) yellow pages, there are five listings under "Computer
Recycling" and two of the five list "Certified Destruction" as an
available product/service. Several others in the "Compters - Service and
Repair" category also mention this service.

Old guy
.

Quantcast