Secure Data Disposal

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Course
Time
8 hours 25 minutes
Difficulty
Advanced
CEU/CPE
9
Video Transcription
00:00
>> Now we're going to move into
00:00
discussing secure data disposal.
00:00
Often we're concerned with protecting
00:00
data at rest or in transit,
00:00
but we have to remember at the end of data's life cycle,
00:00
it's still may be valuable
00:00
to attackers or other entities.
00:00
We have to make sure that we remove
00:00
data from its location if it still has value.
00:00
We'll talk about some of the ways that we sanitize
00:00
our media to make sure we have removed all of our data.
00:00
Now, how we sanitize
00:00
our media is going to be driven
00:00
by the type of media we have.
00:00
We may have magnetic media,
00:00
we may have paper media,
00:00
we may have non-magnetic storage.
00:00
Ultimately, we have to figure out,
00:00
in a lot of times our classification strategy.
00:00
Not a lot of times our classification strategy
00:00
should dictate based on the value of the data,
00:00
how it's to be disposed.
00:00
For instance, with top secret data,
00:00
I can't just delete a file and reuse the disk,
00:00
I have to destroy the disk in which it was stored.
00:00
We need this to be part of
00:00
our classification strategy as well,
00:00
and we consider the classification of data,
00:00
the type of media,
00:00
where the media is located,
00:00
how much media there is to sanitize,
00:00
what type of availability
00:00
we have for tools and equipment.
00:00
Several strategies, and this
00:00
just gives you that visual idea.
00:00
Now, the strategies that we have,
00:00
we have clearing, purging, and destruction.
00:00
Quite honestly, a lot of people
00:00
use these terms interchangeably,
00:00
but technically they do have different meanings.
00:00
The first is called clearing.
00:00
That's the same as overwriting a disc.
00:00
There's sometimes you'll hear people
00:00
talk about the zeroization of a drive.
00:00
Which means we're going to take
00:00
this drive and we're going to
00:00
overwrite ones and zeros or just zeros, just ones.
00:00
We're going to overwrite the data.
00:00
We're generally going to do that multiple times so that
00:00
the data is inaccessible by normal means.
00:00
Meaning most casual attackers
00:00
are not going to be able to
00:00
access the data using traditional equipment.
00:00
Now, depending on how many times
00:00
you zeroize or you clear the drive,
00:00
you're going to make it incredibly
00:00
difficult to retrieve that data.
00:00
Some software zeroizes the drive
00:00
three times, some seven times.
00:00
However, it has been proven
00:00
that in the case of high-end forensic tools,
00:00
data can still be retrieved by
00:00
an electron microscope that's been
00:00
zeroized on a disk 16 times.
00:00
That's pretty significant.
00:00
Even stronger than clearing is purging.
00:00
Not only are we rendering the data inaccessible,
00:00
we're actually rendering the media inaccessible.
00:00
What we used to do when we primarily
00:00
had hard drives that stored using magnetic means,
00:00
is we would degauss those drives.
00:00
The way magnetic hard drives work
00:00
is they're made up of a series of disks.
00:00
On those disks magnetically created,
00:00
there are cylinders, tracks,
00:00
and sectors, and that's how data is stored.
00:00
Well, when we degauss,
00:00
we expose that drive to a very strong magnet,
00:00
and we actually remove the cylinders,
00:00
the tracks, and the sectors,
00:00
and so the drive becomes unusable by normal means.
00:00
Now technically though,
00:00
you could reuse that drive
00:00
by conducting what's called a low-level format.
00:00
Low-level formats are not common today.
00:00
They take a lot of time,
00:00
and even though you could recover the cylinders,
00:00
tracks and sectors, you're almost
00:00
assuredly not going to be able to access the data.
00:00
But two problems with that.
00:00
First problem is that today,
00:00
a lot of the hard drives we're using
00:00
are solid-state devices, SSDs.
00:00
Those do not use magnetic storage and
00:00
they are not going to be susceptible to degaussing.
00:00
Those are much more like RAM and
00:00
really you'll either need
00:00
to physically destroy those devices,
00:00
or often the disk will come with,
00:00
not a degaussing but
00:00
a TrueEraser program that
00:00
you could use to remove your data remnants,
00:00
but degaussing has no effect on a solid-state disk.
00:00
The other issue is that of the utmost sensitive material,
00:00
that's still not a strong enough assurance
00:00
that all remnants are removed.
00:00
Now, I'm not talking about your grocery list.
00:00
I'm talking about top secret data.
00:00
If we've got top secret data,
00:00
data of a national importance
00:00
with grave danger if it were harmed,
00:00
then we would really only be able
00:00
to choose in that instance, physical destruction.
00:00
I mean true physical destruction.
00:00
I don't mean putting a nail through a drive because that
00:00
just renders a small portion of the drive unavailable.
00:00
What I mean is shredding, pulverizing,
00:00
if we're talking about paper,
00:00
using chemical to remove the ink from the paper,
00:00
pulping it, making sure that
00:00
it's truly physically destroyed.
00:00
Then the other technique that I mentioned
00:00
a bit earlier was crypto shredding.
00:00
For drives that you don't have physical access to
00:00
encrypting the data with
00:00
a strong publicly known algorithm
00:00
than destroying the key.
00:00
We can't forget that throughout the data life cycle,
00:00
we provide protection for the data.
00:00
We can't forget at the end of its life,
00:00
it has to be treated with secure practices as well.
00:00
We can think about clearing, purging,
00:00
and physical destruction as good means of protecting
00:00
our data and making sure
00:00
there are no remnants left behind.
Up Next