Secure Hard Drive Deletion Appliance?

An anonymous reader asks "I am searching for a box into which I can plug a hard drive (IDE or SCSI of various flavors) and automatically begin a secure deletion process (DoD 2250 compliant or the like would be good). This is normally for dead drives which need to be RMA-ed. Because of various regulations (HIPAA for starters), we need to at least attempt to do a good job clearing the disk. I've heard from a number of places, including this Slashdot story, that degaussing isn't great. There are software solutions out there, but in general, I want to toss a replacement hard drive in and not have to hunt around for hardware to put the bad drive in in order to run the software. Given the right case, a solid state drive, some SCSI cards and one of various pieces of software, I can imagine such a beast. Has anyone seen someone selling something like this?" No case-opening is necessary to use a USB/IDE converter, which might be a good middle ground. Any other ideas?

Still Risky

[fembots]

If you have something so important, it might be best to destroy/keep the dead drives and pay for new ones, which aren't that expensive compared to the risk of someone finding out a way to recover your data even after it's been processed by the state-of-the-art secure deletion processor.

I believe the information is secured only if it's still in your hand.

Data destruction.

[BWJones]

It really depends upon what level of security you are talking about. Degaussing certainly does not do the job adequately enough for some purposes, but the issue of maintaining a box that has all the hardware to be backwards compatible can be cumbersome and expensive. I suspect you are not in a sensitive/classifed government position as they have protocols for this sort of thing, but if you truly have seriously data sensitive needs for hard drives you are going to retire, I would suggest first formatting the drive with multiple writes and reads of serial 1's and 0's which should prevent 99.9% of data recovery attempts. An older G4 tower running OS X, should allow you to recognize and mount drives formatted with a variety of operating systems. Stick a couple of SCSI cards in it and an ATA and SATA card (Sonnet makes a combined card) which should give you multiple SCSI formats, ATA, Firewire and USB depending upon your needs. If you are really paranoid, actually disassembling the drives, degaussing and physically destroying the platters will finish the job. Believe it or not, data can even be reconstructed at the microscopic level through the use of electron microscopy, so the more damage done to the physical media, the harder it is to extract information.

Uh, if the hard drive is dead

[drinkypoo]

Then you're not going to be writing anything to it anyway.

The best you can do is use a degausser, since you can't open the drive without voiding your warranty.

Two Ways

[BrynM]

The first is the standard degausser. This may render the drive inoperable, but will erase data securely with just a run through the machine. An example I found was this [datadev.com]. There are many [google.com] more out there.

The second method is to set up a *nix box with some hot swap drive bays and use that (I actually prefer this method). You can find removable bays all over the place and use *nix to format the drive writing all 0s to it.

I don't think anyone makes a machine exactly like you describe, but both of these methods will do the trick. Good luck!

Re:Question Mark ...

[silentbozo]

Overwriting only works if the drive is still capable of writing. I've dealt with drives so hosed after we got the data off, that we could barely wipe the partition map. There was still a lot of data left behind on the platter that we could no longer touch because the writing heads/drive electronics were in such bad shape, the drive refused to either be recognized, or to accept commands.

In these cases, you have to decide: is it more important that you RMA the drive (in which case, you really can't do any truely destructive to the drive physically - I think degaussing falls under that, as it wipes out the underlying sector info), or do you smash up the drive and forego the drive replacement?

BTW, if it turns out that degaussing is an accepted method of clearing the drive prior to RMA, please let me know...

Re:Data destruction.

[Dancing Primate]

If you're wiping the disk, you don't have to worry about what filesystem(s) it contains.

Re:Data destruction.

[Anonymous Coward]

An acetylene torch does a good job, and fast. Perhaps not as much fun as a sledgehammer, though.

Re:Still Risky

[Marty200]

Whenever somebody moves from one department to another, they need either a new PC, new HD, or a fresh setup on their old PC after a secure wipe. Every time somebody leaves the organisation, or a new person arrives. Every time a drive dies and the PC needs to get a new one under warranty.

Right now, I am probably doing a minimum of ten secure wipes every month. A new hard drive would cost roughly a hundred bucks. That's 12,000 dollars annually, minimum, just on hard drives, which would be wasted.

You are missing the point. You can wipe a fully function drive that is staying inside your organisation and be fairly sure no one will get to the deleted info. But if the drive is broken, you can't besure the drive has been fully erased. And then you are sending it off to someone outside your organisation who may decided to see what you left on it.

Also, you can always just dd /dev/random onto your disk a few times. Anybody know any good reason why that would be insuffiecient?

Because the drive is broken. Chances are you can't write to it.

Best bet is to keep the drives and destroy them yourselves. If you buy enough stuff you can probably get something worked out with your vendor so you get a deal on warranty replacements.

MG

The best hard-drive deletion device money can buy

[psykocrime]

Click Here [tool-net.co.uk]

Re:I say...

[BJZQ8]

My point is not that there are people out to "get" other people...my point is that, if there is a security hole, it was not in what they were expending most of their effort in combating. Did they shred, burn, atomize, and scatter every last recepit from the operation? Probably not. Did they make sure nobody was secretly recording Ms. Smith while she read off her personal information to the pharmacist? Probably not, too. It seems so much "security" these days is devoted to expending vast resources on things that make very little difference. As an example, a small airport near me recently built a $500,000 "security fence" to keep out "terrorists." Complete with flashy card readers for the gate and computer accounting. Of course, if you walk 50 feet to the south, you can walk right through a corn field onto the main runway, but hey, it looks good! If people were more intelligent in apportioning their security resources, rather than worrying about ABSOLUTELY atomizing somebody's hard drive, then we'd be money ahead. There's always going to be that .03% on either end of a 6-sigma bell curve...don't worry about it.

Re:Don't Destroy - Encrypt

[commrade]

Unless it's a one time pad or something similar, this only secures the drive for a limited time. Many modern ciphers will not be much of a challenge 10-20 years in the future. This is true not only because of increases in computing power. Advances in cryptography will almost certainly turn up weaknesses in contemporary ciphers.

Sandpaper

[Anonymous Coward]

Just sand the oxide off the platters. It's not that thick.