Ask Slashdot: Datacenter HDD Wipe Policy? 116
New submitter socheres (1771002) writes I keep a Slackware server hosted at various datacenters on leased hardware for personal / freelance business use. I have been doing this for the last 10 years and during this time I moved my stuff to several datacenters, some small and some big name companies. No matter the hosting company, since I choose to install my own OS and not take a pre-installed machine, I always got the hardware delivered with the previous guys' data stored on the hard drives. It was also the case with spare drives, which were not installed new if I did not ask specifically for new ones. Has this happened to you? How often?
none (Score:1)
Seems like the policy is none
Re: (Score:2)
Datacenters are all about saving money as much as possible, so the re-use of hard disks and wiping/destruction of them is non-existent.
Essentially this means that the data center owner takes a calculated risk that no sensitive data will be misused by another customer.
Now this knowledge is out so we can expect front-ends for black hat hackers to purchase services at random trying to poach data.
The end result will be that the price of "cloud" services will go up rendering them possibly as expensive as hosting
Physical destruction (Score:3, Interesting)
I've been in the IT infrastructure business for years, and have always relied on physical destruction (shredding) of hard drives when disposing of old systems.
I can see where that may not be cost effective with leased systems, but I would take your experience as a warning to clean up after yourself and secure-wipe hard drives when your lease is up and not count on the datacenter to do it for you.
IANAL, but I also wonder who owns the data on a leased hard drive when the lease is up? If you improve an apartment or build a building on leased land, those improvements typically become the property of the owner when the lease is up. I wonder if that has been addressed with data in the absence of relevant contractual language?
Re:Physical destruction (Score:5, Insightful)
It's a stupid policy, if you've been in IT infrastructure for years, you should have a basic understanding of how to wipe a hard disk properly, it's a waste of money, it's creating environmental waste in disposing of it, it's wasting resources needing to purchase another one.
When you start talking about tens or hundreds or even thousands of disks, you're pissing away good money, because you're either too lazy or too stupid to know how to wipe a disk.
I've seen far too much of this idiocy over the past decade or so. ( http://hardware.slashdot.org/c... [slashdot.org] ) it needs to stop. Learn how to wipe a disk, if it's not faulty, re-use the thing. That old post from 2011 is even more applicable to server drives which are not even remotely cheap pieces of hardware.
Re: (Score:1)
Whether or not data can be recovered off of wiped (overwritten) disks is a subject of great speculation. The answer seems to be "theoretically, but we dont know of anyone who's done it". If you're comfortable with that, fine.
Re:Physical destruction (Score:5, Insightful)
No that's what security people and people speculating will tell you.
You do a full single pass of 0's to a disk and recover a single word document for me, a single one - I'll give you $1,000 cash.
Re: (Score:2)
You're talking about an attack that has never been publicly demonstrated, and you think a $1000 offer is sufficient to prove its infeasibility? Cute.
No that's what security people...will tell you
By all means dont ever listen to THOSE people.
Re: (Score:3)
The _VAST_ and I mean _VASTTTTTTT_ majority of security people I've encountered have, what I'd be comfortable describing as "fuck all" technical knowledge regarding hardware (and in some ways software too) - they get concepts, fundamentals and then read dipshit theorising articles on retreiving data from a hard disk by analysing the "bits between the bits"
Don't take my word for it, go to some googling, I've read at least 1 article by an actual storage guy (I can't recall if he was actually a physical media
Re: (Score:3)
I do disk drives, and have for the last 20 years or so.
Practically speaking, unless you have a government actor or someone with extremely deep pockets coming after you, just wiping a drive once is enough for privacy.
Not practically speaking, and assuming you're worried about a government-grade attack on your drive, a single write of a constant value or a psuedorandom pattern that I can predict isn't enough to completely erase the data. Heads are always slightly misaligned from the servo track, so there's al
Re: (Score:2)
This discussion gets kicked around a lot, and it astonishes me how much assumptions are kicked around in a security-focused discussion.
Superuser has a good write up on this. [stackexchange.com]
Heres the TL;DR:
* It has been shown to be theoretically possible under the right conditions to recover data from "shadow bits"-- detectable differences in over all magnetic moment from a bit on the disk. This was demonstrated in 1995 by Peter Gutman.
* It is widely believed that modern disk technologies and densities make
Re: (Score:2)
I've been told that modern disks store one bit per magnetic domain, meaning that one overwrite should be enough. Obviously, this doesn't apply to non-magnetic media.
The NSA and DoD may well have policies that go well beyond what is necessary. It's really not much more hassle to do multiple overwrites than just one, and disks are cheap enough that they can be considered disposable. If you're really worried about security, spending a hundred dollars to replace a drive may be preferable to worrying about
Re: (Score:3)
Agreed. The rule of thumb for the paranoid is a write of semi-random data for 3-7 passes with a final pass of zeroes. The tool has been part of GNU coreutils for a long time. Easy to do with a simple:
shred -z /dev/sda
Just be careful. That's worse than `rm -rf /` if you mess up.
Re: (Score:1)
But for a reinstallation of a system in the company I just format and reinstall again because a zero pass takes a long time as well.
Re: (Score:1)
No that's what security people and people speculating will tell you.
You do a full single pass of 0's to a disk and recover a single word document for me, a single one - I'll give you $1,000 cash.
I work as a data recovery technician and, for the most part I agree if you zero a drive you will not get any data from it unless someone is very cunning and knows about the glist (bad sector list) and if they release that they might be able to get something but usually only a few sectors. It makes me cry when I see people drilling or smashing hard drives... total waste.
Re: (Score:2)
Re: (Score:2)
Whether or not data can be recovered off of wiped (overwritten) disks is a subject of great speculation.
No ,it's not. It's the subject of idle wild speculation by people who have no clue what the hell they're talking about.
Re: (Score:3)
Actually, I have a physically secured, locked box full of hard drives that I haven't bothered to wipe or destroy. Our approximate policy is to use in house for other purposes if it makes sense, or throw into the box. HDDs just 3 to 5 years old are basically worthless. For storage in volume, anything smaller than about 2 or 3 TB is ready to be replaced, just because of the savings in electricity.
Re: (Score:3)
Well, you could donate the drives to the various charities that refurbish computers. They're always short on drives because they get so many computers donated to them that have had the drive pulled. They'd be really appreciative if someone showed up with a box full of drives. Size doesn't even matter so much as they are at least 80 GB or so.
Re: (Score:2)
If you've got a number of drives to go through, wiping drives is a pretty simple process. Get a USB drive enclosure (or 5)... then plug in a drive, turn it on. Run the wipe and wait for the drive to finish wiping. switch off, switch drives and repeat. physical destruction is only called for if the writes fail.
Going beyond wiping a drive is only
Re: (Score:2)
Re: (Score:3)
Hang on what are we talking about here, let's be clear.
Are we talking about a server inherited from someone else at a datacentre when leasing equipment?
Are we talking about desktop computers?
Are we talking about some kind of big SAN device loaded with disks and no OS?
If it's the first 2, why would the disks be unhooked / removed? Presumably they are in the computer you want to use them in. Run DBAN on them, it's not particularly expensive.......
You shouldn't even be in the habit of physically removing di
Re: (Score:2)
Re: (Score:2)
For desktop machines, we don't image or wipe them before replac
Re: (Score:2)
As long as the computer is functional it would seem that the quickest and easiest way would be wipe the drive. Hook up the computer quick, throw in the DBAN cd, let it crunch for a while, then you can throw the whole box into the recycle pile. With physical destruction you've got to have someone take the computer apart and remove the drive, then actually punch the holes in it (or whatever). Granted, getting the drive out can be easy with some cases, but others it can be a huge pain in the ass. Then you
Re: (Score:2)
my only beef with that is its getting harder to find old scsi drives for retro computers, IDE fuck it nail away
Re: (Score:3)
foolish and wasteful. You don't believe that FBI fairy tale about getting data off a drive even if its been wiped do you?
http://how-to.wikia.com/wiki/How_to_wipe_a_hard_drive_clean_in_Linux
Re: (Score:2)
Re: (Score:2)
I've been in the IT infrastructure business for years, and have always relied on physical destruction (shredding) of hard drives when disposing of old systems.
I can see where that may not be cost effective with leased systems, but I would take your experience as a warning to clean up after yourself and secure-wipe hard drives when your lease is up and not count on the datacenter to do it for you.
IANAL, but I also wonder who owns the data on a leased hard drive when the lease is up? If you improve an apartment or build a building on leased land, those improvements typically become the property of the owner when the lease is up. I wonder if that has been addressed with data in the absence of relevant contractual language?
He's talking about a datacenter. He doesn't have physical access.
Encrypt the drive. If, for some reason, the contract goes south or they go out of business, the data's garbage even if they sell the drive at auction. Our company policy is everything is encrypted outside our network. This includes portable devices like laptops, phones, and I even saw new USB sticks yesterday that will wipe themselves after a few invalid attempts.
Re: (Score:2)
I would imagine it is equivalent to clothes in the closet. If you leave them behind, the apartment owner can dispose of them as he sees fit.
Re: (Score:1)
I have seen this so often, this is something I consider is assumed.
First thing I do with any new machine is zero it out. SSDs... easy:
blkdiscard /dev/sdx; dd if=/dev/zero of=/dev/sdx bs=1024 count=1024; blkdiscard /dev/sdx
The reason I do a quick dd of the first part is to completely zero out the partition table. Some SSDs might have zapped all data, but it can't hurt to be safe and know that the partition table is ready to be initalized by a subsequent OS install.
HDDs, I use /dev/zero, /dev/urandom, then
Re:Breach (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Contract with them. They destroy everything.
Oh no they don't destroy everything. They have tax records going back for a decade or more from both what you, your employer, and financial institutions reported and trust me they can pull these records out of the hat when it suits their purpose. (Such as when they decide to audit you.)
Re: (Score:2)
Contract with them. They destroy everything.
Oh no they don't destroy everything. They have tax records going back for a decade or more from both what you, your employer, and financial institutions reported and trust me they can pull these records out of the hat when it suits their purpose. (Such as when they decide to audit you.)
http://politics.slashdot.org/s... [slashdot.org]
Re: (Score:2)
Note the fine distinction made there.
Re: (Score:2)
Take some personal responsibility. Pay your taxes like everyone else and that won't happen.
Never happened to me because... (Score:1)
Re: (Score:2)
So much for taking decommissioned drives home and putting them into the NAS to store my video archives....
(No, I'm not serious about taking stuff home from work... Never a good idea, even out of the trash can...)
My policy (Score:1)
SDD Policy (Score:1)
Re: (Score:2)
Thermite.
Re: (Score:2)
When in doubt - C4 [youtube.com]
-- Jamie Hyneman
Re: (Score:2)
Drill press. 'nuf said.
I was thinking that taking it apart followed by sanding off the oxide layer from the platters would be good enough, but if you have a drill press, to each their own.
Re: (Score:2)
A drill press, while flashy, is simultaneously less secure, convenient, and available than a wipe, all while being more expensive.
Re: (Score:2)
Explain please how a drill press is not secure.
Let's see...
1) flashy: not really
2) secure: definitely, no hard disk has ever been physically reconstructed that had holes in the platters. Short of a scanning electron microscope, you're not reconstructing that data
3) available: go to home depot
4) price: yes, more expensive than running dd if=/dev/random of=/dev/olddisk, but cheaper than an industrial-grade shredder and of course cheaper than any commercial "enterprise" data removing software. I think drill pr
Cheap drill press... (Score:3)
Re: (Score:3)
secure: definitely, no hard disk has ever been physically reconstructed that had holes in the platters
Not correct, and its not even a little difficult. A contiguous multi-inch stripe of a modern HD platter contains gigs of data. The only challenge is going to be fragmentation, but with a single hole the file table is probably intact.
You're basically relying on the high cost and inconvenience-- the hole through the disk renders the existing casing + chipset inoperable, but does nothing to affect 99% of the actual data on the disk. An attacker with the right sort of enclosure could simply read the data rig
Re: (Score:2)
And, not nearly as fun as a FN-FAL or similar with milsurp ammo.
Re: (Score:3)
Because it cant be automated, it creates a huge mess, cant be done in office space (unless you like cleaning up fine bits of aluminum, epoxy, and steel), and requires a decent drill.
Re: (Score:2)
Belt Sander
hold it long enough you dont even have to take it apart lol
Re: (Score:1)
I've worked for companies that sell Refurb drives.
Oh how I wish you could tell us who you used to work for. Unfortunately, as soon as you do, /. is going to get a subpeona for your IP address, and your ISP will get a supeona for your personal information, and... well, it could get ugly.
Before leaving the server (Score:2)
Re: (Score:1)
SSDs do not expose logically overwritten data to anyone without firmware or hardware level access.
SSDs may expose logically overwritten data to anyone with firmware or hardware level access.
There, fixed that for you.
Re: (Score:2)
SSDs may expose logically overwritten data to anyone with firmware or hardware level access.
Not if it's an encrypted SSD and you replace the crypto keys with new ones.
Re: (Score:2)
You can skip the overwrite on a SSD just trim the whole thing reads will be all zero's as it's an unassigned block. If you need to protect the data that much you destroy the drive.
Re: (Score:2)
Or 'nix, dd a huge file and shred it (remember to restrict the passes with -n since the default is "a lot")
Neither is perfect, but better than delivering your data to the next schmoe on a platter (pun intended).
If you can request the specific OS image, send them a copy of a memory-resident linux installation [wikipedia.org] configured to auto-wipe the HDDs with shred.
Re: (Score:2)
Why do it to a file and not to the block device itself?
dd if=/dev/zero of=/dev/sda
(I can never remember the argument for setting the block size.)
the block size setting is a lot of bs. (bs=) /home , /data , /var , etc. if you've actually partitioned them separately. You can also turn swap off and tar
You can't be guaranteed to escape a kernel panic or general screwiness when the system tries to use swap space or access a file. That's why I suggested a "run from RAM" distro.
Also dd dead stops if it hits a bad block. You're better off using shred or ddrescue to overwrite stuff when going directly to device.
You can target other partitions like say,
Use a drive eraser, then physically destroy (Score:1)
For security purposes, I use a WiebeTech drive eraser to scrub the drive (DoD Sanitize standard), then send them to a physical destruction service.
Paranoid? Yes. Expensive? Yes. Worth it to my employers? Yes.
Re: (Score:2)
You'd be better off degaussing, if youre gonna shred it anyways. Doing 7 overwrites is gonna take longer than just tossing the drive in a degausser and being done with it.
Here is the corporate policy (Score:1)
Art! (Score:2)
https://www.google.com/search?... [google.com]
Depends on the DC (Score:2)
I would never expect new drives on a leased box as it's a leased box. Nor would I expect them to sanitize my data before handing it to a new customer. I work with a lot of hosting companies and it's not very uniform. One dirt cheap place runs everything through dban before handing it back others not so much. If you need to insure this happens expect to pay for it.
Old Tech (Score:2)
most datacenters will do what they are paid for. (Score:1)
Something tells me you didn't make a copy of the last guy's data before you wiped it and installed your stuff. I'm betting no calls to the NSA,or even the local police were made. Nobody cares about this stuff except the people that need to. Finally, there is no machine in a
Re: (Score:2)
Something tells me you didn't make a copy of the last guy's data before you wiped it and installed your stuff. I'm betting no calls to the NSA,or even the local police were made
These days he might care.... never know when one might find a Bitcoin wallet carelessly left lying around complete with private keys.
If he didn't at least take a deep look at the data to see if there was anything there that he could "use", then it's because he's an honest person, perhaps. Not everyone is like that.
Re: (Score:2)
Someone was pulling your leg unless you mean their internal bookkeeping and H.R. records or internal research projects. But for the typical drive in a Google search engine node, well, all of its data is available to the entire public via Google's own web page. which is kinda the point. There's no need to shred those drives
Re: (Score:2)
The search-engine drive may contain stuff they'd rather not be public (for reasons of competition), like the software that manages all that data and the data structures it is stored in. Then there is Google Mail, which contains private emails and contacts. And I'm sure other examples.
Re: (Score:2)
Re: (Score:2)
I work for a hosting company and we wipe all drives using DBAN when a server is canceled.
That's one approach.... another is simply delete and re-create the hardware RAID10 (or RAID5), re-initialize, and install the new tenant's operating system. The data has not been explicitly wiped, but the new leassee is not going to get anything meaningful out of it without physical access and a lot of trouble, anyways.
Thre is really only one solution (Score:1)
If it's ceramic, wipe them three times with 1s and 0s and then smash them to bits with a large hammer, and then cast the resulting powder into a nice art sculpture.
If it's metal, do the same but melt it.
Have to agree - anything that went on the cloud should be assumed to have been copied.
Legal side of leased equipment (Score:2)
One of the early comments alluded to this, but didn't quite take it far enough.
If userA leases a drive and fills it with illegal content (child pornography, Snowdon's files, whatever) and then leaves and the hosting company the re-leases the drive to userB without clearing out the drive properly, who gets arrested? Who should get arrested?
userA is long gone. Could potentially be tracked down. Need to prove they put the files there and not userB or hosting company.
userB has access (but potentially not owne
Re: (Score:2)
If userA leases a drive and fills it with illegal content (child pornography, Snowdon's files, whatever) and then leaves and the hosting company the re-leases the drive to userB without clearing out the drive properly, who gets arrested? Who should get arrested?
Possession of the hard drive containing illegal content is not a strict liability crime, meaning those accused of the crime have to be charged under due process.
As long as userB is not aware of the content placed by userA and does not become a
My policy (Score:2)
Dismantle, keep the magnets (the flat ones are really fun to play with, lots of projects) , and recycle the drive and platters (50 cents/pound), there's even a copper coil in there at 3$/pound
Not much, but once dismantled, data is gonna be pretty hard to recover.
If you really want it gone, Thermite...
If it's not written policy, it isn't done (Score:2)
The rule of thumb here is:
If the process you are expecting is not written into your agreement or documented as a matter of company policy, then the process is not done.
Likely you're not using a data center certified under HIPAA, PCI, SOX, SSAE/SAS-70, otherwise it would be documented and you'd already know.
Destruction (Score:2)
Encryption or physical destruction. Failed media replaced under vendor's field service is destroyed. Most vendors will add a surcharge to their service agreements that allow failed media to remain on site for destruction rather be be RMA'd. If not, well then bill me.
Re: (Score:2)
If I was a criminal, I'd buy used drives in bulk, and see if there was any data on them worth using (or ransom). Using a drive in a way that allowed plausible deniability would take some effort and technical knowledge ... Not the kine of thing that most thieves depend on.