Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Data Storage Privacy

Ask Slashdot: Datacenter HDD Wipe Policy? 116

Posted by timothy
from the oh-just-a-bunch-of-16-digit-numbers-and-names dept.
New submitter socheres (1771002) writes I keep a Slackware server hosted at various datacenters on leased hardware for personal / freelance business use. I have been doing this for the last 10 years and during this time I moved my stuff to several datacenters, some small and some big name companies. No matter the hosting company, since I choose to install my own OS and not take a pre-installed machine, I always got the hardware delivered with the previous guys' data stored on the hard drives. It was also the case with spare drives, which were not installed new if I did not ask specifically for new ones. Has this happened to you? How often?
This discussion has been archived. No new comments can be posted.

Ask Slashdot: Datacenter HDD Wipe Policy?

Comments Filter:
  • by Anonymous Coward

    Seems like the policy is none

    • by Z00L00K (682162)

      Datacenters are all about saving money as much as possible, so the re-use of hard disks and wiping/destruction of them is non-existent.

      Essentially this means that the data center owner takes a calculated risk that no sensitive data will be misused by another customer.

      Now this knowledge is out so we can expect front-ends for black hat hackers to purchase services at random trying to poach data.

      The end result will be that the price of "cloud" services will go up rendering them possibly as expensive as hosting

  • Physical destruction (Score:3, Interesting)

    by BaronM (122102) on Wednesday August 06, 2014 @04:32PM (#47617473)

    I've been in the IT infrastructure business for years, and have always relied on physical destruction (shredding) of hard drives when disposing of old systems.

    I can see where that may not be cost effective with leased systems, but I would take your experience as a warning to clean up after yourself and secure-wipe hard drives when your lease is up and not count on the datacenter to do it for you.

    IANAL, but I also wonder who owns the data on a leased hard drive when the lease is up? If you improve an apartment or build a building on leased land, those improvements typically become the property of the owner when the lease is up. I wonder if that has been addressed with data in the absence of relevant contractual language?

    • by AbRASiON (589899) * on Wednesday August 06, 2014 @05:14PM (#47617921) Journal

      It's a stupid policy, if you've been in IT infrastructure for years, you should have a basic understanding of how to wipe a hard disk properly, it's a waste of money, it's creating environmental waste in disposing of it, it's wasting resources needing to purchase another one.

      When you start talking about tens or hundreds or even thousands of disks, you're pissing away good money, because you're either too lazy or too stupid to know how to wipe a disk.

      I've seen far too much of this idiocy over the past decade or so. ( http://hardware.slashdot.org/c... [slashdot.org] ) it needs to stop. Learn how to wipe a disk, if it's not faulty, re-use the thing. That old post from 2011 is even more applicable to server drives which are not even remotely cheap pieces of hardware.

      • Whether or not data can be recovered off of wiped (overwritten) disks is a subject of great speculation. The answer seems to be "theoretically, but we dont know of anyone who's done it". If you're comfortable with that, fine.

        • by AbRASiON (589899) * on Wednesday August 06, 2014 @06:44PM (#47618475) Journal

          No that's what security people and people speculating will tell you.
          You do a full single pass of 0's to a disk and recover a single word document for me, a single one - I'll give you $1,000 cash.

          • You're talking about an attack that has never been publicly demonstrated, and you think a $1000 offer is sufficient to prove its infeasibility? Cute.

            No that's what security people...will tell you

            By all means dont ever listen to THOSE people.

            • by AbRASiON (589899) *

              The _VAST_ and I mean _VASTTTTTTT_ majority of security people I've encountered have, what I'd be comfortable describing as "fuck all" technical knowledge regarding hardware (and in some ways software too) - they get concepts, fundamentals and then read dipshit theorising articles on retreiving data from a hard disk by analysing the "bits between the bits"

              Don't take my word for it, go to some googling, I've read at least 1 article by an actual storage guy (I can't recall if he was actually a physical media

              • by nerdbert (71656)

                I do disk drives, and have for the last 20 years or so.

                Practically speaking, unless you have a government actor or someone with extremely deep pockets coming after you, just wiping a drive once is enough for privacy.

                Not practically speaking, and assuming you're worried about a government-grade attack on your drive, a single write of a constant value or a psuedorandom pattern that I can predict isn't enough to completely erase the data. Heads are always slightly misaligned from the servo track, so there's al

                • This discussion gets kicked around a lot, and it astonishes me how much assumptions are kicked around in a security-focused discussion.

                  Superuser has a good write up on this. [stackexchange.com]

                  Heres the TL;DR:

                  * It has been shown to be theoretically possible under the right conditions to recover data from "shadow bits"-- detectable differences in over all magnetic moment from a bit on the disk. This was demonstrated in 1995 by Peter Gutman.
                  * It is widely believed that modern disk technologies and densities make

                  • I've been told that modern disks store one bit per magnetic domain, meaning that one overwrite should be enough. Obviously, this doesn't apply to non-magnetic media.

                    The NSA and DoD may well have policies that go well beyond what is necessary. It's really not much more hassle to do multiple overwrites than just one, and disks are cheap enough that they can be considered disposable. If you're really worried about security, spending a hundred dollars to replace a drive may be preferable to worrying about

            • Agreed. The rule of thumb for the paranoid is a write of semi-random data for 3-7 passes with a final pass of zeroes. The tool has been part of GNU coreutils for a long time. Easy to do with a simple:

              shred -z /dev/sda

              Just be careful. That's worse than `rm -rf /` if you mess up.

              • by goarilla (908067)
                And takes a very long time /dev/{u}random does not have a lot of bandwith. In my opinion a single dd if=/dev/zero suffices for drives going out of the company.
                But for a reinstallation of a system in the company I just format and reinstall again because a zero pass takes a long time as well.
          • by Anonymous Coward

            No that's what security people and people speculating will tell you.
            You do a full single pass of 0's to a disk and recover a single word document for me, a single one - I'll give you $1,000 cash.

            I work as a data recovery technician and, for the most part I agree if you zero a drive you will not get any data from it unless someone is very cunning and knows about the glist (bad sector list) and if they release that they might be able to get something but usually only a few sectors. It makes me cry when I see people drilling or smashing hard drives... total waste.

            • by pnutjam (523990)
              Drilling or destroying is great for physically failing equipment that can't be wiped.
        • by sribe (304414)

          Whether or not data can be recovered off of wiped (overwritten) disks is a subject of great speculation.

          No ,it's not. It's the subject of idle wild speculation by people who have no clue what the hell they're talking about.

      • by Fencepost (107992)
        It's not worth my time to hook up old PCs or removed drives so I can wipe someone's 40/80/120/160 GB IDE drives for reuse. A nail punch in a few places makes it not feasible for someone to try to recover potential legally protected from possible temp files saved on an old desktop system. My concern is generally that I'm not sending used drives from medical offices out to end up "recycled" to Africa where someone might actually try to recover data from them.
        • by AbRASiON (589899) *

          Hang on what are we talking about here, let's be clear.

          Are we talking about a server inherited from someone else at a datacentre when leasing equipment?
          Are we talking about desktop computers?
          Are we talking about some kind of big SAN device loaded with disks and no OS?

          If it's the first 2, why would the disks be unhooked / removed? Presumably they are in the computer you want to use them in. Run DBAN on them, it's not particularly expensive.......
          You shouldn't even be in the habit of physically removing di

          • as the data center person, I would offer clients the opportunity for an extra $50 to have their disks destroyed when they're done with them.
          • by Fencepost (107992)
            Well, my customers have traditionally used servers until they're mostly beyond being repurposed, and the same with desktop PCs. The only ones with anything in datacenters are ones using hosted solutions, and we and they don't have any access to the vendor's setups. That said, for retired SATA drives they'll likely get scrubbed and shelved as possible future spares - an old enterprise 250GB SATA drive will work just fine for reimaging a local PC.

            For desktop machines, we don't image or wipe them before replac
            • by toddestan (632714)

              As long as the computer is functional it would seem that the quickest and easiest way would be wipe the drive. Hook up the computer quick, throw in the DBAN cd, let it crunch for a while, then you can throw the whole box into the recycle pile. With physical destruction you've got to have someone take the computer apart and remove the drive, then actually punch the holes in it (or whatever). Granted, getting the drive out can be easy with some cases, but others it can be a huge pain in the ass. Then you

        • by Osgeld (1900440)

          my only beef with that is its getting harder to find old scsi drives for retro computers, IDE fuck it nail away

    • by Revek (133289)

      foolish and wasteful. You don't believe that FBI fairy tale about getting data off a drive even if its been wiped do you?
      http://how-to.wikia.com/wiki/How_to_wipe_a_hard_drive_clean_in_Linux

    • by jon3k (691256)
      Same, per policy we destroy all hard drives.
    • I've been in the IT infrastructure business for years, and have always relied on physical destruction (shredding) of hard drives when disposing of old systems.

      I can see where that may not be cost effective with leased systems, but I would take your experience as a warning to clean up after yourself and secure-wipe hard drives when your lease is up and not count on the datacenter to do it for you.

      IANAL, but I also wonder who owns the data on a leased hard drive when the lease is up? If you improve an apartment or build a building on leased land, those improvements typically become the property of the owner when the lease is up. I wonder if that has been addressed with data in the absence of relevant contractual language?

      He's talking about a datacenter. He doesn't have physical access.

      Encrypt the drive. If, for some reason, the contract goes south or they go out of business, the data's garbage even if they sell the drive at auction. Our company policy is everything is encrypted outside our network. This includes portable devices like laptops, phones, and I even saw new USB sticks yesterday that will wipe themselves after a few invalid attempts.

    • by sjames (1099)

      I would imagine it is equivalent to clothes in the closet. If you leave them behind, the apartment owner can dispose of them as he sees fit.

  • ...financial services degauss then physically shred the drives. You get a nice certificate too. It's extreme but cheaper than a data leak.
    • by bobbied (2522392)

      So much for taking decommissioned drives home and putting them into the NAS to store my video archives....

      (No, I'm not serious about taking stuff home from work... Never a good idea, even out of the trash can...)

  • Drill press. 'nuf said.
    • Pulverisation, preferrably by hammer on concrete slab, in absence of a suitable anvil; maybe Acme brand.
    • Thermite.

    • by bobbied (2522392)

      Drill press. 'nuf said.

      I was thinking that taking it apart followed by sanding off the oxide layer from the platters would be good enough, but if you have a drill press, to each their own.

    • A drill press, while flashy, is simultaneously less secure, convenient, and available than a wipe, all while being more expensive.

      • by gnu-sucks (561404)

        Explain please how a drill press is not secure.

        Let's see...

        1) flashy: not really
        2) secure: definitely, no hard disk has ever been physically reconstructed that had holes in the platters. Short of a scanning electron microscope, you're not reconstructing that data
        3) available: go to home depot
        4) price: yes, more expensive than running dd if=/dev/random of=/dev/olddisk, but cheaper than an industrial-grade shredder and of course cheaper than any commercial "enterprise" data removing software. I think drill pr

        • I got a cheap drill press from Harbor Freight for $56 on sale.
        • secure: definitely, no hard disk has ever been physically reconstructed that had holes in the platters

          Not correct, and its not even a little difficult. A contiguous multi-inch stripe of a modern HD platter contains gigs of data. The only challenge is going to be fragmentation, but with a single hole the file table is probably intact.

          You're basically relying on the high cost and inconvenience-- the hole through the disk renders the existing casing + chipset inoperable, but does nothing to affect 99% of the actual data on the disk. An attacker with the right sort of enclosure could simply read the data rig

      • by i.r.id10t (595143)

        And, not nearly as fun as a FN-FAL or similar with milsurp ammo.

    • by Osgeld (1900440)

      Belt Sander

      hold it long enough you dont even have to take it apart lol

  • Get an OS re-image then simply fill the hdds with random data. This works well on HDDs, but SSDs with their 10 or 20% wear space, perhaps not, they need pulling and disposing.
    • by Culture20 (968837)
      An OS reimage with 'doze and use sdelete.exe from Sysinternals Suite. http://technet.microsoft.com/e... [microsoft.com]
      Or 'nix, dd a huge file and shred it (remember to restrict the passes with -n since the default is "a lot")
      Neither is perfect, but better than delivering your data to the next schmoe on a platter (pun intended).
      If you can request the specific OS image, send them a copy of a memory-resident linux installation [wikipedia.org] configured to auto-wipe the HDDs with shred.
  • For security purposes, I use a WiebeTech drive eraser to scrub the drive (DoD Sanitize standard), then send them to a physical destruction service.

    Paranoid? Yes. Expensive? Yes. Worth it to my employers? Yes.

    • You'd be better off degaussing, if youre gonna shred it anyways. Doing 7 overwrites is gonna take longer than just tossing the drive in a degausser and being done with it.

  • What I have learned from the news is that the policy has always been "If there has been nothing in the news, don't bother." It costs electricity and labour cost to do it. The previous story on /. [slashdot.org]
  • I would never expect new drives on a leased box as it's a leased box. Nor would I expect them to sanitize my data before handing it to a new customer. I work with a lot of hosting companies and it's not very uniform. One dirt cheap place runs everything through dban before handing it back others not so much. If you need to insure this happens expect to pay for it.

  • by Teun (17872)
    Some things require Old Tech [photobucket.com].
  • Or what they are contracted to do. There is no use arguing with somebody who insists you spend 2 hours+ doing a D.O.D. wipe on a out of warranty drive if they are willing to pay you. Otherwise, 15s through a degausser will do the trick.
    Something tells me you didn't make a copy of the last guy's data before you wiped it and installed your stuff. I'm betting no calls to the NSA,or even the local police were made. Nobody cares about this stuff except the people that need to. Finally, there is no machine in a
    • by mysidia (191772)

      Something tells me you didn't make a copy of the last guy's data before you wiped it and installed your stuff. I'm betting no calls to the NSA,or even the local police were made

      These days he might care.... never know when one might find a Bitcoin wallet carelessly left lying around complete with private keys.

      If he didn't at least take a deep look at the data to see if there was anything there that he could "use", then it's because he's an honest person, perhaps. Not everyone is like that.

  • If it's ceramic, wipe them three times with 1s and 0s and then smash them to bits with a large hammer, and then cast the resulting powder into a nice art sculpture.

    If it's metal, do the same but melt it.

    Have to agree - anything that went on the cloud should be assumed to have been copied.

  • One of the early comments alluded to this, but didn't quite take it far enough.

    If userA leases a drive and fills it with illegal content (child pornography, Snowdon's files, whatever) and then leaves and the hosting company the re-leases the drive to userB without clearing out the drive properly, who gets arrested? Who should get arrested?

    userA is long gone. Could potentially be tracked down. Need to prove they put the files there and not userB or hosting company.
    userB has access (but potentially not owne

    • by mysidia (191772)

      If userA leases a drive and fills it with illegal content (child pornography, Snowdon's files, whatever) and then leaves and the hosting company the re-leases the drive to userB without clearing out the drive properly, who gets arrested? Who should get arrested?

      Possession of the hard drive containing illegal content is not a strict liability crime, meaning those accused of the crime have to be charged under due process.

      As long as userB is not aware of the content placed by userA and does not become a

  • Dismantle, keep the magnets (the flat ones are really fun to play with, lots of projects) , and recycle the drive and platters (50 cents/pound), there's even a copper coil in there at 3$/pound

    Not much, but once dismantled, data is gonna be pretty hard to recover.

    If you really want it gone, Thermite...

  • The rule of thumb here is:
    If the process you are expecting is not written into your agreement or documented as a matter of company policy, then the process is not done.

    Likely you're not using a data center certified under HIPAA, PCI, SOX, SSAE/SAS-70, otherwise it would be documented and you'd already know.

  • Encryption or physical destruction. Failed media replaced under vendor's field service is destroyed. Most vendors will add a surcharge to their service agreements that allow failed media to remain on site for destruction rather be be RMA'd. If not, well then bill me.

Loose bits sink chips.

Working...