On Wed, June 11, 2014 18:31, Frank Cox wrote:
I decided that the next time I reformatted my main desktop computer (this one) I would have a ssd installed in it to use for the boot drive. Now that Centos 7 is on the horizon, I'm thinking that the time is approaching when I'll want to do that.
I have a question about SSD respecting security. Recently I have been investigating sanitizing these devices, together with 'smart-phones, tablets and pads which use flash memory persistent storage. Not to mention the ubiquitous USB 'memory stick'. I have come to the rather unsettling conclusion that it is effectively impossible to 'sanitize' these things short of complete and utter physical destruction, preferably by incineration. Is this in fact the case?
On Thu, Jun 12, 2014 at 10:35 AM, James B. Byrne byrnejb@harte-lyne.ca wrote:
On Wed, June 11, 2014 18:31, Frank Cox wrote:
I decided that the next time I reformatted my main desktop computer
(this one)
I would have a ssd installed in it to use for the boot drive. Now that
Centos
7 is on the horizon, I'm thinking that the time is approaching when I'll
want
to do that.
I have a question about SSD respecting security. Recently I have been investigating sanitizing these devices, together with 'smart-phones, tablets and pads which use flash memory persistent storage. Not to mention the ubiquitous USB 'memory stick'. I have come to the rather unsettling conclusion that it is effectively impossible to 'sanitize' these things short of complete and utter physical destruction, preferably by incineration. Is this in fact the case?
* Hopefully someone who is more of an expert on this matter will speak up.
I've come to the same conclusion. Due to controller wear leveling and TRIM, it is difficult to fully sanitize a flash memory (USB flash, SSD).
A former employer of mine contracts out destruction of conventional hard drives with a machine that has a hydraulic arm and a wedge. Effectively bending the platters and some of the drive. Hardware destruction (prior to recycling/disposal) in certain business sectors is common place.
On 6/12/2014 9:38 AM, SilverTip257 wrote:
A former employer of mine contracts out destruction of conventional hard drives with a machine that has a hydraulic arm and a wedge. Effectively bending the platters and some of the drive. Hardware destruction (prior to recycling/disposal) in certain business sectors is common place.
my employer uses a service that shows up monthly and has a metal chipper in the back of their truck. disks go in and are fully ground up into metal chips, under the supervision of our security people.
SilverTip257 wrote:
On Thu, Jun 12, 2014 at 10:35 AM, James B. Byrne byrnejb@harte-lyne.ca wrote:
On Wed, June 11, 2014 18:31, Frank Cox wrote:
<snip>
I have a question about SSD respecting security. Recently I have been investigating sanitizing these devices, together with 'smart-phones, tablets and pads which use flash memory persistent storage. Not to
mention the
ubiquitous USB 'memory stick'. I have come to the rather unsettling conclusion that it is effectively impossible to 'sanitize' these things short of complete and utter physical destruction, preferably by
incineration.
Is this in fact the case?
<snip>
I've come to the same conclusion. Due to controller wear leveling and TRIM, it is difficult to fully sanitize a flash memory (USB flash, SSD).
A former employer of mine contracts out destruction of conventional hard drives with a machine that has a hydraulic arm and a wedge. Effectively bending the platters and some of the drive. Hardware destruction (prior to recycling/disposal) in certain business sectors is common place.
Where I work, some of the systems (which are behind an *internal* firewall) have PII and HIPAA data - we're serious about protecting that stuff. When we surplus a server, the drive must be certified to be sanitized - that is, for the ones I do, which is most of them, I need to sign my name to a form that gets stuck on the outside that it's sanitized, making me *personally* responsible for that.
We use two methods: for the drives that are totally dead, or *sigh* the SCSI drives, they get deGaussed. For SATA that's still running, we use DBAN. *Great* software. From what I've read, one pass would probably be good enough, given how data's written these days. With my name certifying it, I do paranoid, and tell DBAN the full 7-pass, DoD 5220.22-M. I *really* don't think anyone's getting anything off that.
We don't have any SSDs, so I can't speak to that. Bet you could deGauss them, easily enough. Or maybe stick 'em on a burner on a stove to get over the Curie point....*
mark
* Techniques that a techie group I belong to refer to as "things to do in someone else's kitchen"
On 6/12/2014 10:12 AM, m.roth@5-cent.us wrote:
We use two methods: for the drives that are totally dead, or*sigh* the SCSI drives, they get deGaussed. For SATA that's still running, we use DBAN.*Great* software. From what I've read, one pass would probably be good enough, given how data's written these days. With my name certifying it, I do paranoid, and tell DBAN the full 7-pass, DoD 5220.22-M. I *really* don't think anyone's getting anything off that.
if the drive has remapped tracks, there's stale data on there you can't erase with DBAN.
We don't have any SSDs, so I can't speak to that. Bet you could deGauss them, easily enough. Or maybe stick 'em on a burner on a stove to get over the Curie point....*
degaussing would do nothing to flash memory, its semiconductor, not magnetic.
--On Thursday, June 12, 2014 10:35:26 AM -0400 "James B. Byrne" byrnejb@harte-lyne.ca wrote:
I have a question about SSD respecting security. [...] I have come to the rather unsettling conclusion that it is effectively impossible to 'sanitize' these things short of complete and utter physical destruction, preferably by incineration.
I would concur with that assessment. Similar to what others have mentioned, with spinning platters I use either DBAN for relatively insensitive disks and physical destruction for sensitive stuff (preferably after DBAN, if it is still a working disk). When it comes to SSD and other memory-based technologies, physical destruction only.
A couple of weeks ago I was buying some consumer-grade disks for a particular project. The sales guy was of course trying to up-sell me on their in-store replacement plan. I tried to explain to him that even if I thought such plans were actually worth something, it would be pointless because I *never* RMA a hard drive.
I think he was dense; he didn't seem to grasp the concept.
Devin
-
Devin Reade -
James B. Byrne -
John R Pierce -
m.roth@5-cent.us -
SilverTip257