[freegeek-startup] Re: Secure data erasing/wipe... certified ?

[Billings John]

This is a basic process I've performed in the past erasing drives with DBAN,
not for any FREE GEEK, but as a consultant.  DBAN will save a log file with
a lot of information at the end of the erasure process. This includes
hardware start and stop times, and if the process succeeded or not.

The logs are saved in a tar archive, I save that archive and use sneakernet
to transfer to a folder on a file server renaming it to match the asset tag
number of the computer.  I then copy data from a file called dwipe.txt into
a report on each unit, and save all the log file archives on a cd if the
dwipe.txt file is not enough.  I'm sure this could be automated with a
lessdisks or ltsp setup, I've just started to experiment with this.

I've had many occasions where for one reason or another the log file would
not save to the floppy, usually a defective floppy drive, so I'd have to
remove the drive from the computer and run dban again at a workstation I
have dedicated to erase drives in order to get a copy of all the logs.
These days some computers don't even have floppy drives so coming up with an
alternate way to save the logs files is a good idea.

If you erase the drives while they are still installed in each computer you
received, you have to explain that the dates on the log file can be wrong
since this is dependent on a good battery on the motherboard, and even then,
the clock could be off.  The start and stop times just allow you to do a
sanity check, a 120 gb drive will take about 4 hours where a 40 gb drive
will usually take about 1 hour or so depending on a multitude of other
factors like processor and bus speed I assume.  If the times are off you
have an indicator something went wrong.

Also you can use a hex editor, to show the customer what the hard drive
looks like before the erasure process and what one looks like after.   There
is one called lde that is pretty good, and there are some dos based ones as
well.   This is usually a pretty good convincer, and have seen peoples eyes
light up when I show them this simple test.   Still some people will be more
paranoid than others and will want the drives to be destroyed no matter
what.

I've found that w/ DoD short wipe:
1ghz cpu with 40 GB: approx 1 hrs
1.6ghz cpu with 60 GB: approx 2 hrs
2ghz cpu with 80 GB: approx 3 hrs
2.4 ghz cpu  with 120 GB: approx 4hrs

This should give the customer SOX or HIPPA compliant reporting or make any
auditors see they have done their due diligence in protecting data.   Don't
quote me on that though, as I've never really studied those regulations in
depth, but it's made the Quality Assurance people I've worked with happy.

Geekishly,
John

On 9/9/06, Iain Davidson <davidson.iain at gmail.com> wrote:
>
> As a followup,  in the meanwhile, we are using DBAN as a good tool to
> wipe/erase/test harddrives which we are receiving....  here's some wiki
> notes which I just created about 10 minutes ago. :)
>
> -------------------------- wiki code cut here
> ----------------------------------
> (this process includes standard secure erasing the data from the drive)
>
> = Steps for Process =
> (for any PC with CD-ROM, and 3 available Power connectors)
> * Connect 1 to 3 Hard drive (HD) into the PC.
> ** Double check Master/Slave jumpers, power connections, and ribbon
> cables.
> * Put DBAN (bootable) CD into drive.
> * Bootup PC
> * Check BIOS boot sequence, CDROM is listed first.
> * Check/watch detection for HD's.
> * Check/watch CD is loading correctly.
> * Type "'''autonuke'''" at the prompt.
> * Review that correct Harddrives are being erased.
> ** (You can now use the CD-ROM in another PC for erasing.)
> * Wait 40 to 55 minutes for process to complete.
> * Power down and remove HD's.
> * Mark down that erasing has been completed.
>
> = Background =
>
> Currently, using [http://dban.sourceforge.net/|Darik's<http://dban.sourceforge.net/%7CDarik%27s>Boot and Nuke
> 1.0.7 (DBAN)] with the following results.
>
> Method (DoD Short, 1 round)
> * 2 , 6 GB drives on same cable = 33 minutes
> * 2 , 6 GB drives on seperate cables = 52 minutes
> * 3 , 6 GB (Quantum Fireballs) across two cables = 52 minutes.
>
> ----
>
> ------------------------- wiki code cut here
> -----------------------------------
>
> I had heard that a few folks are using 'badblocks' Unix tool to check/zap
> HD's.  Anyone have a good bootable ISO which is a nice and easy "BadBlock
> Bootup-and-Zap" CD setup ???
>
> Thanks, -Iain
>
>
> On 9/8/06, Iain (FreeGeek) Davidson <iain at freegeek.org> wrote:
> >
> > ok,
> >    we have recently established a great relationship with a locally
> > owned bank with a few county branches.
> >
> > They are donating piles of PC's, monitors, mice, keyboards, and other
> > misc computer stuff.   yeah!
> >
> > Unfortunately, they are concerned about data security and information
> > which was stored on the hard drives.  So they are removing the hard drives
> > and keeping them.... due to the fact they have no way to securely erase the
> > data.
> >
> > We've been working with them on recommending both OpenSource and
> > commercial software.... which clearly state that data erasing is up to
> > government standards.  But still they feel uncomfortable sending us the hard
> > drives.  (they are 10, 20, and sometimes 40 GB !!!)
> >
> > Does anyone have experience working with businesses which are concerned
> > about data security ?  Especially banks or financial institutions ?
> > Has a FG worked out a relationship with a data-erasing company/business
> > to certify that their processes are secure ?
> >
> > What process do others do, to securely erase the data?
> >
> > -Iain 'hard drive less' Davidson
> > p.s.  Luckily, a previous grant of hard drives from PDX, is helping us
> > survive the deficit for awhile.
> >
>
>
> _______________________________________________
> Making new Free Geeks outside of PDX mailing list
> http://lists.freegeek.org/mailman/listinfo/startup
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freegeek.org/pipermail/startup/attachments/20060910/30c19468/attachment.htm