Global
Securely Deleting Data
March 8th, 2010 by Beau WoodsSecurely deleting data is a requirement of most regulatory requirements. But many organizations struggle with just how to do this in a way that is both secure and compliant. Some ways to do this include using software to overwrite the data, using a degaussing tool to electronically damage the drives, and physically destroying them.
Make sure you keep in mind that whatever method you use, the goal is risk mitigation rather than risk elimination. You’re trying to mitigate the most risk for the least money. So while DBAN and smash therapy aren’t perfect, they do the job pretty well for what you need them to do. If you’re the DOD or NSA then of course you need to do something else. But if you’re the DOD or NSA you already knew that.
Another part of the HIPAA and SOX requirements is auditable documentation. NIST has a guide (linked below) which gives you a generic form for the types of data you need to track, including method of sanitization, serial number, who performed the test, etc. It is also beneficial to document your methodology since the auditors will want to see that along with your wiping logs.
DBAN is one of the most useful tools out there; it does several forms of wiping to remove data from all types of drives, including SCSI and older hardware. If the drives are all ATA and manufactured within the last five years (erring on the side of caution), the SecureErase command is more thorough and faster. This command is implemented in a number of utilities, probably the best known one being put out by UCSD and called Secure Erase (linked below). Obviously physical destruction is an option too; it can be fun and cathartic to take a sledgehammer to the drives, and old platters can make a great mobile for the crib geek’s ceiling.
Wiping portable media is a different issue entirely. Backup tapes, thumb drives and portable hard drive storage are three such examples of portable media. Each has its own challenges. I’ve addressed the hard drive issue above, but probably the best way to wipe the other two is physical destruction. It’s an easy process for small USB drives but can be difficult to do safely with backup tapes. I’d suggest contacting your paper records disposal company and asking them if they can provide this service for you. You may find that their rates are low for this sort of thing.
NIST Special Publication 800-88 – Guidelines for Media Sanitization
http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf
DBAN
http://www.dban.org/
Secure Erase
http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml
National Industrial Security Program Operating Manual DoD 5220.22-M 2006 (Deprecated)
https://www.dss.mil/GW/ShowBinary/DSS/isp/odaa/documents/nispom2006-5220.pdf
Data Erasure
http://en.wikipedia.org/wiki/Data_erasure
Data Remanence
http://en.wikipedia.org/wiki/Data_remanence
Marcus Ranum’s method of physical destruction
http://www.ranum.com/security/computer_security/editorials/diskcrypt/index.html
Share This Information | Securely Deleting Data
|
| Other SecureWorks Blog Categories: |
Spam and the Changing Business Model of Cyber Crime
February 10th, 2010 by Beau WoodsIn the past couple of months, the Freakonomics blog asked why there has been such a downturn in the familiar Viagra and Nigerian prince Spam. The author attributed this to the cost of spamming not being worth the rates of return anymore. Most commentators pointed to better spam filtering software.
Continue Reading "Spam and the Changing Business Model of Cyber Crime" >>|
Share This Information | Spam and the Changing Business Model of Cyber Crime
|
| Other SecureWorks Blog Categories: |
New Banking Trojan Targeting ACH and Wire Payment Sites is Discovered
February 8th, 2010 by Jason MilletaryOver the past year, the SecureWorks Counter Threat Unit (CTU)(SM) has seen criminals continue to target Automated Clearing House (ACH) and wire transfer transactions for fraud activity, resulting in high-value losses. Small to midsized businesses (SMBs) and not-for-profits have been hit especially hard. Neustar has published an excellent overview (PDF) of this type of threat.
Continue Reading "New Banking Trojan Targeting ACH and Wire Payment Sites is Discovered" >>|
Share This Information | New Banking Trojan Targeting ACH and Wire Payment Sites is Discovered
|
| Other SecureWorks Blog Categories: |
Operation Aurora: Clues in the Code
January 20th, 2010 by Joe StewartWith the recently disclosed hacking incident inside Google and other major companies, much of the world has begun to wake up to what the infosec community has known for some time – there is a persistent campaign of "espionage-by-malware" emanating from the People’s Republic of China (PRC). Corporate and state secrets both have been shanghaied over a period of five or more years, and the activity becomes bolder over time with little public acknowledgement or response from the U.S. government.
Continue Reading "Operation Aurora: Clues in the Code" >>|
Share This Information | Operation Aurora: Clues in the Code
|
| Other SecureWorks Blog Categories: |
Publicly Disclosed GSM Attack Surface Expanding
December 29th, 2009 by Ben FeinsteinDuring the course of 2009, the amount of publicly available information on the security of GSM cellular networks and devices has steadily increased. GSM stands for the “Global System for Mobile communications” and is the world’s most popular standard for mobile handsets.
Continue Reading "Publicly Disclosed GSM Attack Surface Expanding" >>|
Share This Information | Publicly Disclosed GSM Attack Surface Expanding
|
| Other SecureWorks Blog Categories: |
SecureWorks Reports Increase in Email Scams and Advises Extra Caution While Shopping Online this Holiday Season
December 2nd, 2009 by The Counter Threat Unit ™In the last month, SecureWorks’ Counter Threat Unit(SM) (CTU) has seen a general increase in malicious email campaigns trying to infect online users with the Zeus Trojan (one of the most pervasive financial-credential stealing Trojan) on the market. In the last three weeks, the CTU has also monitored a large increase in the number of email lists being sold on the underground hacker forums, coinciding with the start of the holiday shopping season.
Continue Reading "SecureWorks Reports Increase in Email Scams and Advises Extra Caution While Shopping Online this Holiday Season" >>|
Share This Information | SecureWorks Reports Increase in Email Scams and Advises Extra Caution While Shopping Online this Holiday Season
|
| Other SecureWorks Blog Categories: |
SANS Incident Detection Summit
November 25th, 2009 by Jon RamseySecureWorks CTO Jon Ramsey will be participating on a panel at the SANS Incident Detection Summit December 9-10, 2009.
Continue Reading "SANS Incident Detection Summit" >>|
Share This Information | SANS Incident Detection Summit
|
| Other SecureWorks Blog Categories: |
ToorCon 11 a Success!
October 30th, 2009 by Dennis BrownThere are two things one can count on every year at ToorCon: the amazing San Diego weather and excellent presentations about new and emerging security research. This year’s ToorCon 11 did not disappoint, and delivered a lot of great content and new security research throughout the weekend.
Continue Reading "ToorCon 11 a Success!" >>|
Share This Information | ToorCon 11 a Success!
|
| Other SecureWorks Blog Categories: |
Monkif/DlKhora Botnet Hiding Its Commands as JPEG Images
September 29th, 2009 by Jason MilletaryThe SecureWorks Counter Threat Unit (CTU) has been carefully monitoring the activity of the Monkif/DlKhora botnet. This bot is an example of a Downloader trojan, in that its primary purpose is to receive instructions to download and execute other malware. The trojan also attempts to disable anti-virus and personal firewall software to maintain its foothold on the system.
Continue Reading "Monkif/DlKhora Botnet Hiding Its Commands as JPEG Images" >>|
Share This Information | Monkif/DlKhora Botnet Hiding Its Commands as JPEG Images
|
| Other SecureWorks Blog Categories: |
Skype Eavesdropping Trojan
September 25th, 2009 by Dennis DwyerRecently, programmer Ruben Unteregger released the source code for a Trojan that allows an attacker to listen in on a victim’s Skype conversations. For approximately seven years, Unteregger has worked as a software engineer for ERA IT Solutions AG where he developed the trojan. Skype traffic is encrypted using a 256-bit AES block cipher, the kind approved by the US Government to protect “TOP SECRET” information.
Continue Reading "Skype Eavesdropping Trojan" >>|
Share This Information | Skype Eavesdropping Trojan
|
| Other SecureWorks Blog Categories: |
