Talk about security parinoia..

Grimlaking

2[H]4U
Joined
May 9, 2006
Messages
3,245
So our main servers where I work were running on dedicated CX4-120's. Running about 8 TB of data across multiple raid 10's spread across different cabinets. We are finally retiring these workhorses.. and of course we are doing this securely.

But my team is EXTRA secure... we do a military wipe.. THEN we shred the drives.

Yes... that's right.. not only do we wipe them.. we shred them too...

Oddly enough nobody has managed to get one of our dead drives to recover data off of. ;) Yea we shred the ones that go bad too.

Fun times.. just had to share as I sit here and watch drives be wiped...
 
Damn, that an old ass array! I can tell you, your company isn't the only one that does this. I know big banks that do this for everything that data traverses.
 
Damn, that an old ass array! I can tell you, your company isn't the only one that does this. I know big banks that do this for everything that data traverses.


Thankfully that array is being retired in exchange for VNX 5400's.
 
Yes... that's right.. not only do we wipe them.. we shred them too...

Oddly enough nobody has managed to get one of our dead drives to recover data off of. ;) Yea we shred the ones that go bad too.

Fun times.. just had to share as I sit here and watch drives be wiped...

It's probably because (hopefully) everyone knows for sure you could get by with much much less (and actually save the drives), but no ones wants to put their ass on the line for confidential company information.
 
It's probably because (hopefully) everyone knows for sure you could get by with much much less (and actually save the drives), but no ones wants to put their ass on the line for confidential company information.

It's a double bluff so to speak. We wipe them then shred them just for our own peace of mind because they sit in the stack to be shredded before they are actually shredded. So we wipe them first out of an abundance of caution and value we place on protecting our customers data.
 
i always like the insanity in this. have any of you guys ever actually tried assembling info off of a drive that was in a RAID subsystem? don't get me wrong, i do the standard DOD wipe, then i move disks all over so they are not attached to the system where they were written sensitive data, then i build a new array. but after that everything ends up on a pallet and gets auctioned off in a local auction. and i do not lose sleep over it.

remember how easy it is to get access to sensitive data, rebuilding and trying to recover data off of a disk array is not high on the list of processes black/red hats go after. heck most of the time we just call up places and ask, totally not needed to even touch equipment. (oooh did i say that out loud???)
 
I've worked in the financial sector for a little over 7 years at this point.. that kind of stuff is normal. you can actually do the drive wipe yourself with the messner switch and the zerodisk option. If you want, pm and i'll send you the naviseccli command.
 
I know the navi command I looked it up while I was doing it the OS based way. It's all good. :)
 
It's a double bluff so to speak. We wipe them then shred them just for our own peace of mind because they sit in the stack to be shredded before they are actually shredded. So we wipe them first out of an abundance of caution and value we place on protecting our customers data.
That's actually pretty smart. In a sense you are protecting against a rogue employee that might take a disk before shredding and try to recover info.
 
taking 1 disk out of an array is about as useful as taking 1 strip of paper out of the local shredded paper bin. not to mention you would have to know the stripe and block type to be of ANY use at all. now if this is standard practice on desktop and laptop drives, fine. but destroying 1000$ of SAS drives from retired disk arrays would get me fired.
 
Just encrypt the drives (crypto-shredding), arguably more secure than writing 1's and 0's and should take less time then the multi writes of DOD wiping, it also removes the possibility of data remanence. With that said, it's been shown time and time again that a single wipe is all that is needed, the time and ability to recover data wiped just once is urban legend level, no one is just going to be able to pick up a drive and get the data off while waiting to physically destroy the drive, if they have physical access to the drive at this point its safe to assume they had access to the drive in production. A good example being the Watergate tapes, erased once and on a medium that should be easier to recover than drives of today and yet no one has been able to. And if security is that big of a concern, it should be encrypted to begin with and none of this would need to be done, outside of physical destruction if still needed.
 
The drives would only bring pennies on the dollar at a surplus sale. And the entire cost of the drives were likely written off on the corporate tax returns. Any money from the drives would have to be counted as profit and screw up the depreciation tables. Easier and cheaper just to destroy them. Corporate accounting is often weird to normal folk.
 
taking 1 disk out of an array is about as useful as taking 1 strip of paper out of the local shredded paper bin. not to mention you would have to know the stripe and block type to be of ANY use at all. now if this is standard practice on desktop and laptop drives, fine. but destroying 1000$ of SAS drives from retired disk arrays would get me fired.
Who said they had to be from a RAID array? They could just as easily be single disks from an individual's workstation or laptop.
 
taking 1 disk out of an array is about as useful as taking 1 strip of paper out of the local shredded paper bin. not to mention you would have to know the stripe and block type to be of ANY use at all. now if this is standard practice on desktop and laptop drives, fine. but destroying 1000$ of SAS drives from retired disk arrays would get me fired.

100% agree. With as many disks backing a pool? Yep. 100% agree on desktops and laptops. Also destroying the drives? Depends on how the contract is written. Depending on your sector, its a pretty normal thing to do. Wasteful? Totally. In my previous org, we owned the arrays, no lease, and would shred the drives after the array was retired. I actually changed that policy because it was a waste, and instead of shredding the drives, turning them in for credit was better then nothing.
 
Back
Top