Secure Data Disposal

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
15 hours 43 minutes
Difficulty
Advanced
CEU/CPE
16
Video Transcription
00:00
>> We've just discussed legal considerations,
00:00
and now we're going to move into
00:00
discussing secure data disposal.
00:00
Often we're concerned with protecting
00:00
data at rest or in transit,
00:00
but we have to remember at the end of data's life cycle,
00:00
it still may be valuable to
00:00
>> attackers or other entities.
00:00
>> We have to make sure that we remove
00:00
data from its location if it still has value.
00:00
We'll talk about some of the ways that we sanitize
00:00
our media to make sure we have removed all of our data.
00:00
Now, how we sanitize
00:00
our media is going to be driven
00:00
by the type of media we have.
00:00
We may have magnetic media,
00:00
we may have paper media,
00:00
we may have non-magnetic storage.
00:00
Ultimately we have to figure out,
00:00
in a lot of times our classification strategy.
00:00
Well, not a lot of times our classification strategy
00:00
should dictate based on the value of the data,
00:00
how it's to be disposed.
00:00
For instance, with top-secret data,
00:00
I can't just delete a file,
00:00
and reuse the disk.
00:00
I have to destroy the disk in which it was stored.
00:00
We need this to be part of
00:00
our classification strategy as well,
00:00
and we consider the classification of data,
00:00
the type of media,
00:00
where the media is located,
00:00
how much media there is to sanitize,
00:00
what type of availability
00:00
we have for tools and equipment.
00:00
Several strategies and this
00:00
just gives you that visual idea.
00:00
Now the strategies that we have,
00:00
we have clearing, purging, and destruction.
00:00
Quite honestly, a lot of people will
00:00
use these terms interchangeably,
00:00
but technically they do have different meanings.
00:00
The first is called clearing.
00:00
That's the same as overwriting a disc.
00:00
Sometimes you'll hear people talk
00:00
about the zeroization of a drive.
00:00
Which means we're going to take this drive,
00:00
and we're going to overwrite,
00:00
ones and zeros or just zeros, just ones.
00:00
We're going to overwrite the data.
00:00
We're generally going to do that multiple times so that
00:00
the data is inaccessible by normal means.
00:00
Meaning most casual attackers,
00:00
I'll say casual attackers,
00:00
are not going to be able to access
00:00
the data using traditional equipment.
00:00
Now, depending on how many times your zeroize was,
00:00
or you clear the drive,
00:00
you're going to make it incredibly
00:00
difficult to retrieve that data.
00:00
Some software zeroizes
00:00
the drive three times, some seven times.
00:00
However, it has been proven that,
00:00
in the case of high-end forensic tools,
00:00
data can still be
00:00
retrieved by an electron microscope that's been
00:00
zeroized on a disk 16 times, that's pretty significant.
00:00
Even stronger than clearing is purging.
00:00
Not only are we rendering the data inaccessible,
00:00
we're actually rendering the media inaccessible.
00:00
What we used to do when we primarily
00:00
had hard drives that stored using magnetic means,
00:00
is we would degauss those drives.
00:00
The way magnetic hard drives work
00:00
is they're made up of a series of disks,
00:00
and on those disks magnetically created,
00:00
there are cylinders, tracks, and sectors.
00:00
That's how data is stored.
00:00
Well, when we degauss,
00:00
we expose that drive to a very strong magnet,
00:00
and we actually remove the cylinders,
00:00
the tracks, and the sectors.
00:00
The drive becomes unusable by normal means.
00:00
Now technically though, you could reuse that drive
00:00
by conducting what's called a low-level format.
00:00
Low-level formats are not common
00:00
today, they take a lot of time,
00:00
and even though you could recover the cylinders,
00:00
tracks, and sectors, you're almost
00:00
assuredly not going to be able to access the data.
00:00
But two problems with that.
00:00
First problem is that today,
00:00
a lot of the hard drives we're using
00:00
our solid state devices, SSDs.
00:00
Those do not use magnetic storage,
00:00
and they are not going to be susceptible to degaussing.
00:00
Those are much more like RAM, and really,
00:00
you either need to physically destroy
00:00
those devices or often the disk will come
00:00
with not a degaussing but
00:00
a true eraser program
00:00
that you could use to remove your data remnants,
00:00
but degaussing has no effect on a solid state disk.
00:00
The other issue is that,
00:00
of the utmost sensitive material,
00:00
that's still not a strong enough assurance
00:00
that all remnants are removed.
00:00
Now, I'm not talking about your grocery list,
00:00
I'm talking about top-secret data.
00:00
If we've got top-secret data,
00:00
data of a national importance
00:00
with grave danger if it were harmed,
00:00
then we would really
00:00
only be able to choose in that instance,
00:00
physical destruction, and
00:00
I mean true physical destruction.
00:00
I don't mean putting a nail through drive because that
00:00
just renders a small portion of the drive unavailable.
00:00
What I mean, is shredding, pulverizing.
00:00
If we're talking about paper,
00:00
using chemical to remove the ink from the paper,
00:00
pulping it, making sure that
00:00
it's truly physically destroyed.
00:00
Then the other technique that I mentioned a
00:00
bit earlier was crypto-shredding
00:00
for drives that you don't have physical access to
00:00
encrypting the data with
00:00
a strong publicly known algorithm
00:00
then destroying the key.
00:00
We can't forget that throughout the data life cycle,
00:00
we provide protection for the data,
00:00
we can't forget at the end of its life,
00:00
it has to be treated with secure practices as well.
00:00
We can think about clearing, purging,
00:00
and physical destruction as
00:00
good means of protecting our data,
00:00
and making sure there are no remnants left behind.
Up Next