Data policies assist in the protection of data and help prevent data leakage. If you’re planning to take the Security+ exam, you should have a good understanding of the appropriate controls to ensure data security such as implementing methods to sanitize drives.
For example, can you answer this question?
Q. A user recently worked with classified data on an unclassified system. You need to sanitize all the reclaimed space on this system’s hard drives while keeping the system operational. Which of the following methods will BEST meet this goal?
A. Use a cluster tip wiping tool.
B. Use a file shredding tool.
C. Degauss the disk.
D. Physically destroy the disk.
More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.
Every company has secrets. Keeping these secrets can often make the difference between success and failure. A company can have valuable research and development data, customer databases, proprietary information on products, and much more. If the company cannot keep private and proprietary data secret, it can directly affect its bottom line. Wiping files and data wiping & disposing are two of different elements that may be contained in a data policy.
Data Wiping and Disposing
When computers reach the end of their life cycles, organizations donate them, recycle them, or sometimes just throw them away. From a security perspective, you need to ensure that the computers don’t include any data that may be useful to people outside your organization or damaging to your organization if unauthorized people receive it.
It’s common for organizations to have a checklist to ensure that personnel sanitize a system prior to disposing of it. The goal is to ensure that personnel remove all usable data from the system.
Hard drives represent the greatest risk because they hold the most information, so it’s important to take additional steps when decommissioning old hard drives. Simply deleting a file on a drive doesn’t actually delete it. Instead, it marks the file for deletion and makes the space available for use. Similarly, formatting a disk drive won’t erase the data. There are many recovery applications available to recover deleted data, file remnants, and data from formatted drives.
Instead, technicians use different methods to wipe all the data off drives before disposing of them. These methods sanitize the drives, ensuring that they do not contain any valuable information. Some methods used to sanitize drives are:
- Bit-level overwrite. Different programs are available that write patterns of 1s and 0s multiple times to ensure that data originally on the disk is unreadable. This process ensures that the disk doesn’t contain any data.
- Degauss the disks. A degausser is a very powerful electronic magnet. Passing a disk through a degaussing field renders the data on the disk unreadable, and it often destroys the motors of the disk. Degaussing of backup tapes sanitizes a tape without destroying it.
- Physical destruction. If the disk includes classified or proprietary data, simply overwriting it may not be enough. Instead, the computer disposal policy may require the destruction of the drive. For example, technicians can remove disk platters and sand them down to the bare metal.
The 601 Version of the Study Guide
The CompTIA Security+: Get Certified Get Ahead: SY0-601 Study GuideEach of the eleven chapters presents topics in an easy to understand manner and includes real-world examples of security principles in action.
You’ll understand the important and relevant security topics for the Security+ exam, without being overloaded with unnecessary details. Additionally, each chapter includes a comprehensive review section to help you focus on what’s important.
Over 300 realistic practice test questions with in-depth explanations will help you test your comprehension and readiness for the exam. The book includes:
- A 75 question pre-test
- A 75 question post-test
- Practice test questions at the end of every chapter.
Each practice test question includes a detailed explanation to help you understand the content and the reasoning behind the question. You’ll be ready to take and pass the exam the first time you take it.
If you plan to pursue any of the advanced security certifications, this guide will also help you lay a solid foundation of security knowledge. Learn this material, and you’ll be a step ahead for other exams. This SY0-601 study guide is for any IT or security professional interested in advancing in their field, and a must-read for anyone striving to master the basics of IT security.
It’s also worth mentioning that hard drives can be in other devices besides computers. For example, many copy machines include disk drives, and they can store files of anything that employees recently copied or printed. If personnel don’t sanitize the disk drives, it can also result in a loss of confidentiality.
Similarly, organizations often have a policy related to paper containing any type of proprietary or private data. Shredding or incinerating these papers prevents them from falling into the wrong hands. If personnel just throw this paper away, dumpster divers can sift through the trash and gain valuable information.
Wiping Files
In some cases, technicians want to erase specific files and ensure that a system doesn’t have any remnants of these files on it. Erasing a single file is typically done by overwriting it similar to a bit-level overwrite for an entire drive. Many antivirus programs have shredding tools, which ensure the file is no longer accessible.
There are some situations where you want to keep the files, but ensure that none of the files holds random data. As an example, imagine that someone inadvertently began working with a proprietary or secret file on a system that should only hold public or unclassified data. You can shred the file, but it’s still possible that the system holds remnants of data from the classified file. Cluster tip wiping tools help erase all remnants of the data. More specifically, these tools erase remnants contained at the end or tip of the last cluster of a file.
Files are stored in clusters and cluster sizes are typically about 4 KB. Files use as many clusters as they need, but the last cluster has some unused space that the operating system pads with random data. For example, imagine you are saving a 6 KB file. It will use two 4 KB clusters and the last 2 KB in the second cluster isn’t used to store information for your file. However, this last 2 KB isn’t empty. Instead, it contains random data pulled from memory. If someone was recently working with proprietary or secret data, the last 2 KB might hold some of that data. Cluster tip wiping tools can sanitize files stored on a system, and eliminate this issue.
Q. A user recently worked with classified data on an unclassified system. You need to sanitize all the reclaimed space on this system’s hard drives while keeping the system operational. Which of the following methods will BEST meet this goal?
A. Use a cluster tip wiping tool.
B. Use a file shredding tool.
C. Degauss the disk.
D. Physically destroy the disk.
Answer is A. A cluster tip wiping tool sanitizes reclaimed space on hard drives. The cluster tip is the extra space in the last cluster of a file, which can hold remnants of data.
A file shredding tool successfully erases a file, but does not affect clusters in reclaimed space.
Degaussing the disk magnetically erases it, and physically destroying the disk is the most secure method protecting its confidentiality, but both of these methods take the system out of operation.
