On 9 May 2018 at 11:52, John Hodrien <J.H.Hodrien at leeds.ac.uk>
wrote:> On Wed, 9 May 2018, m.roth at 5-cent.us wrote:
>
>> Federal contractor here, too. (I'm the OP). For disks that work,
shred or
>> DBAN is what we use. For dead disks, we do the paperwork, and get them
>> deGaussed. SSD's are a brand new issue. We haven't had to deal
with them
>> yet, but it's surely coming, so we might as well figure it out now.
>
>
> Does anyone use hdparm's enhanced security erase feature for wiping
working
> drives?
>
> Sounds more secure than DBAN/shred, and potentially faster too. It's
not
> something I've used.
>
It really depends on if the drive actually does what the commands say
it does. Most modern drives should do the reset/erase of
sectors/cells.. but if the drive manufacturer decides "well we could
short cut this by having it just read every sector as 0 until written"
and you think you have wiped the data, but it is still there for
physical audit. And we have all seen enough dodgy "well this is the
lowest end drive we are losing money on if we sell it.. unless we cut
corners" to know someone somewhere is going to do that. Which then
will make it probably just an additional step everyone has to do.
1. secure wipe drive
2. run dban/shred for 3-4 wipes.
3. fill out paperwork that you did 1 and 2.
4. secure wipe drive
5. send to industrial shredder.
> jh
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
--
Stephen J Smoogen.