Research

Securely Deleting Data

March 8th, 2010 by Beau Woods

Securely deleting data is a requirement of most regulatory requirements. But many organizations struggle with just how to do this in a way that is both secure and compliant. Some ways to do this include using software to overwrite the data, using a degaussing tool to electronically damage the drives, and physically destroying them.

Make sure you keep in mind that whatever method you use, the goal is risk mitigation rather than risk elimination. You’re trying to mitigate the most risk for the least money. So while DBAN and smash therapy aren’t perfect, they do the job pretty well for what you need them to do. If you’re the DOD or NSA then of course you need to do something else. But if you’re the DOD or NSA you already knew that.

Another part of the HIPAA and SOX requirements is auditable documentation. NIST has a guide (linked below) which gives you a generic form for the types of data you need to track, including method of sanitization, serial number, who performed the test, etc. It is also beneficial to document your methodology since the auditors will want to see that along with your wiping logs.

DBAN is one of the most useful tools out there; it does several forms of wiping to remove data from all types of drives, including SCSI and older hardware. If the drives are all ATA and manufactured within the last five years (erring on the side of caution), the SecureErase command is more thorough and faster. This command is implemented in a number of utilities, probably the best known one being put out by UCSD and called Secure Erase (linked below). Obviously physical destruction is an option too; it can be fun and cathartic to take a sledgehammer to the drives, and old platters can make a great mobile for the crib geek’s ceiling.

Wiping portable media is a different issue entirely. Backup tapes, thumb drives and portable hard drive storage are three such examples of portable media. Each has its own challenges. I’ve addressed the hard drive issue above, but probably the best way to wipe the other two is physical destruction. It’s an easy process for small USB drives but can be difficult to do safely with backup tapes. I’d suggest contacting your paper records disposal company and asking them if they can provide this service for you. You may find that their rates are low for this sort of thing.

NIST Special Publication 800-88 – Guidelines for Media Sanitization
http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf

DBAN
http://www.dban.org/

Secure Erase
http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml

National Industrial Security Program Operating Manual DoD 5220.22-M 2006 (Deprecated)
https://www.dss.mil/GW/ShowBinary/DSS/isp/odaa/documents/nispom2006-5220.pdf

Data Erasure
http://en.wikipedia.org/wiki/Data_erasure

Data Remanence
http://en.wikipedia.org/wiki/Data_remanence

Marcus Ranum’s method of physical destruction
http://www.ranum.com/security/computer_security/editorials/diskcrypt/index.html

Share This Information | Securely Deleting Data

Slash Dot Del.icou.us Digg it Technorati Reddit Furl Spurl StumbleUpon Facebook
Other SecureWorks Blog Categories:
  • Events (1)
  • General (27)
  • Links (7)
  • Phishing (3)
  • Research (90)
  • Spam (1)
  • Trojans (5)

  • Spam and the Changing Business Model of Cyber Crime

    February 10th, 2010 by Beau Woods

    In the past couple of months, the Freakonomics blog asked why there has been such a downturn in the familiar Viagra and Nigerian prince Spam. The author attributed this to the cost of spamming not being worth the rates of return anymore. Most commentators pointed to better spam filtering software.

    Continue Reading "Spam and the Changing Business Model of Cyber Crime" >>
    Share This Information | Spam and the Changing Business Model of Cyber Crime

    Slash Dot Del.icou.us Digg it Technorati Reddit Furl Spurl StumbleUpon Facebook
    Other SecureWorks Blog Categories:
  • Events (1)
  • General (27)
  • Links (7)
  • Phishing (3)
  • Research (90)
  • Spam (1)
  • Trojans (5)
  • New Banking Trojan Targeting ACH and Wire Payment Sites is Discovered

    February 8th, 2010 by Jason Milletary

    Over the past year, the SecureWorks Counter Threat Unit (CTU)(SM) has seen criminals continue to target Automated Clearing House (ACH) and wire transfer transactions for fraud activity, resulting in high-value losses. Small to midsized businesses (SMBs) and not-for-profits have been hit especially hard. Neustar has published an excellent overview (PDF) of this type of threat.

    Continue Reading "New Banking Trojan Targeting ACH and Wire Payment Sites is Discovered" >>
    Share This Information | New Banking Trojan Targeting ACH and Wire Payment Sites is Discovered

    Slash Dot Del.icou.us Digg it Technorati Reddit Furl Spurl StumbleUpon Facebook
    Other SecureWorks Blog Categories:
  • Events (1)
  • General (27)
  • Links (7)
  • Phishing (3)
  • Research (90)
  • Spam (1)
  • Trojans (5)
  • Operation Aurora: Clues in the Code

    January 20th, 2010 by Joe Stewart

    With the recently disclosed hacking incident inside Google and other major companies, much of the world has begun to wake up to what the infosec community has known for some time – there is a persistent campaign of "espionage-by-malware" emanating from the People’s Republic of China (PRC). Corporate and state secrets both have been shanghaied over a period of five or more years, and the activity becomes bolder over time with little public acknowledgement or response from the U.S. government.

    Continue Reading "Operation Aurora: Clues in the Code" >>
    Share This Information | Operation Aurora: Clues in the Code

    Slash Dot Del.icou.us Digg it Technorati Reddit Furl Spurl StumbleUpon Facebook
    Other SecureWorks Blog Categories:
  • Events (1)
  • General (27)
  • Links (7)
  • Phishing (3)
  • Research (90)
  • Spam (1)
  • Trojans (5)
  • Publicly Disclosed GSM Attack Surface Expanding

    December 29th, 2009 by Ben Feinstein

    During the course of 2009, the amount of publicly available information on the security of GSM cellular networks and devices has steadily increased. GSM stands for the “Global System for Mobile communications” and is the world’s most popular standard for mobile handsets.

    Continue Reading "Publicly Disclosed GSM Attack Surface Expanding" >>
    Share This Information | Publicly Disclosed GSM Attack Surface Expanding

    Slash Dot Del.icou.us Digg it Technorati Reddit Furl Spurl StumbleUpon Facebook
    Other SecureWorks Blog Categories:
  • Events (1)
  • General (27)
  • Links (7)
  • Phishing (3)
  • Research (90)
  • Spam (1)
  • Trojans (5)
  • SecureWorks Reports Increase in Email Scams and Advises Extra Caution While Shopping Online this Holiday Season

    December 2nd, 2009 by The Counter Threat Unit ™

    In the last month, SecureWorks’ Counter Threat Unit(SM) (CTU) has seen a general increase in malicious email campaigns trying to infect online users with the Zeus Trojan (one of the most pervasive financial-credential stealing Trojan) on the market. In the last three weeks, the CTU has also monitored a large increase in the number of email lists being sold on the underground hacker forums, coinciding with the start of the holiday shopping season.

    Continue Reading "SecureWorks Reports Increase in Email Scams and Advises Extra Caution While Shopping Online this Holiday Season" >>
    Share This Information | SecureWorks Reports Increase in Email Scams and Advises Extra Caution While Shopping Online this Holiday Season

    Slash Dot Del.icou.us Digg it Technorati Reddit Furl Spurl StumbleUpon Facebook
    Other SecureWorks Blog Categories:
  • Events (1)
  • General (27)
  • Links (7)
  • Phishing (3)
  • Research (90)
  • Spam (1)
  • Trojans (5)
  • SANS Incident Detection Summit

    November 25th, 2009 by Jon Ramsey

    SecureWorks CTO Jon Ramsey will be participating on a panel at the SANS Incident Detection Summit December 9-10, 2009.

    Continue Reading "SANS Incident Detection Summit" >>
    Share This Information | SANS Incident Detection Summit

    Slash Dot Del.icou.us Digg it Technorati Reddit Furl Spurl StumbleUpon Facebook
    Other SecureWorks Blog Categories:
  • Events (1)
  • General (27)
  • Links (7)
  • Phishing (3)
  • Research (90)
  • Spam (1)
  • Trojans (5)
  • ToorCon 11 a Success!

    October 30th, 2009 by Dennis Brown

    There are two things one can count on every year at ToorCon: the amazing San Diego weather and excellent presentations about new and emerging security research. This year’s ToorCon 11 did not disappoint, and delivered a lot of great content and new security research throughout the weekend.

    Continue Reading "ToorCon 11 a Success!" >>
    Share This Information | ToorCon 11 a Success!

    Slash Dot Del.icou.us Digg it Technorati Reddit Furl Spurl StumbleUpon Facebook
    Other SecureWorks Blog Categories:
  • Events (1)
  • General (27)
  • Links (7)
  • Phishing (3)
  • Research (90)
  • Spam (1)
  • Trojans (5)
  • Monkif/DlKhora Botnet Hiding Its Commands as JPEG Images

    September 29th, 2009 by Jason Milletary

    The SecureWorks Counter Threat Unit (CTU) has been carefully monitoring the activity of the Monkif/DlKhora botnet. This bot is an example of a Downloader trojan, in that its primary purpose is to receive instructions to download and execute other malware. The trojan also attempts to disable anti-virus and personal firewall software to maintain its foothold on the system.

    Continue Reading "Monkif/DlKhora Botnet Hiding Its Commands as JPEG Images" >>
    Share This Information | Monkif/DlKhora Botnet Hiding Its Commands as JPEG Images

    Slash Dot Del.icou.us Digg it Technorati Reddit Furl Spurl StumbleUpon Facebook
    Other SecureWorks Blog Categories:
  • Events (1)
  • General (27)
  • Links (7)
  • Phishing (3)
  • Research (90)
  • Spam (1)
  • Trojans (5)
  • Skype Eavesdropping Trojan

    September 25th, 2009 by Dennis Dwyer

    Recently, programmer Ruben Unteregger released the source code for a Trojan that allows an attacker to listen in on a victim’s Skype conversations. For approximately seven years, Unteregger has worked as a software engineer for ERA IT Solutions AG where he developed the trojan. Skype traffic is encrypted using a 256-bit AES block cipher, the kind approved by the US Government to protect “TOP SECRET” information.

    Continue Reading "Skype Eavesdropping Trojan" >>
    Share This Information | Skype Eavesdropping Trojan

    Slash Dot Del.icou.us Digg it Technorati Reddit Furl Spurl StumbleUpon Facebook
    Other SecureWorks Blog Categories:
  • Events (1)
  • General (27)
  • Links (7)
  • Phishing (3)
  • Research (90)
  • Spam (1)
  • Trojans (5)
  • Next Steps

    Start With SecureWorks Request More Information Now
    Call SecureWorks Call Us Today
    877-905-6661

    Info Request




    Newsletter Signup

    * First Name:
    * Last Name:
    * Email Address:


    SecureWorks Authors
    SecureWorks Blog Topics