Data policies assist in the protection of data and help prevent data leakage. If you’re planning to take the Security+ exam, you should have a good understanding of the appropriate controls to ensure data security such as implementing methods to sanitize drives.
For example, can you answer this question?
Q. A user recently worked with classified data on an unclassified system. You need to sanitize all the reclaimed space on this system’s hard drives while keeping the system operational. Which of the following methods will BEST meet this goal?
A. Use a cluster tip wiping tool.
B. Use a file shredding tool.
C. Degauss the disk.
D. Physically destroy the disk.
More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation is available at the end of this post.
Every company has secrets. Keeping these secrets can often make the difference between success and failure. A company can have valuable research and development data, customer databases, proprietary information on products, and much more. If the company cannot keep private and proprietary data secret, it can directly affect its bottom line. Wiping files and data wiping & disposing are two of different elements that may be contained in a data policy.
Data Wiping and Disposing
When computers reach the end of their life cycles, organizations donate them, recycle them, or sometimes just throw them away. From a security perspective, you need to ensure that the computers don’t include any data that may be useful to people outside your organization or damaging to your organization if unauthorized people receive it.
It’s common for organizations to have a checklist to ensure that personnel sanitize a system prior to disposing of it. The goal is to ensure that personnel remove all usable data from the system.
Hard drives represent the greatest risk because they hold the most information, so it’s important to take additional steps when decommissioning old hard drives. Simply deleting a file on a drive doesn’t actually delete it. Instead, it marks the file for deletion and makes the space available for use. Similarly, formatting a disk drive won’t erase the data. There are many recovery applications available to recover deleted data, file remnants, and data from formatted drives.
Instead, technicians use different methods to wipe all the data off drives before disposing of them. These methods sanitize the drives, ensuring that they do not contain any valuable information. Some methods used to sanitize drives are:
- Bit-level overwrite. Different programs are available that write patterns of 1s and 0s multiple times to ensure that data originally on the disk is unreadable. This process ensures that the disk doesn’t contain any data.
- Degauss the disks. A degausser is a very powerful electronic magnet. Passing a disk through a degaussing field renders the data on the disk unreadable, and it often destroys the motors of the disk. Degaussing of backup tapes sanitizes a tape without destroying it.
- Physical destruction. If the disk includes classified or proprietary data, simply overwriting it may not be enough. Instead, the computer disposal policy may require the destruction of the drive. For example, technicians can remove disk platters and sand them down to the bare metal.
It’s also worth mentioning that hard drives can be in other devices besides computers. For example, many copy machines include disk drives, and they can store files of anything that employees recently copied or printed. If personnel don’t sanitize the disk drives, it can also result in a loss of confidentiality.
Similarly, organizations often have a policy related to paper containing any type of proprietary or private data. Shredding or incinerating these papers prevents them from falling into the wrong hands. If personnel just throw this paper away, dumpster divers can sift through the trash and gain valuable information.
Wiping Files
In some cases, technicians want to erase specific files and ensure that a system doesn’t have any remnants of these files on it. Erasing a single file is typically done by overwriting it similar to a bit-level overwrite for an entire drive. Many antivirus programs have shredding tools, which ensure the file is no longer accessible.
There are some situations where you want to keep the files, but ensure that none of the files holds random data. As an example, imagine that someone inadvertently began working with a proprietary or secret file on a system that should only hold public or unclassified data. You can shred the file, but it’s still possible that the system holds remnants of data from the classified file. Cluster tip wiping tools help erase all remnants of the data. More specifically, these tools erase remnants contained at the end or tip of the last cluster of a file.
Files are stored in clusters and cluster sizes are typically about 4 KB. Files use as many clusters as they need, but the last cluster has some unused space that the operating system pads with random data. For example, imagine you are saving a 6 KB file. It will use two 4 KB clusters and the last 2 KB in the second cluster isn’t used to store information for your file. However, this last 2 KB isn’t empty. Instead, it contains random data pulled from memory. If someone was recently working with proprietary or secret data, the last 2 KB might hold some of that data. Cluster tip wiping tools can sanitize files stored on a system, and eliminate this issue.
Q. A user recently worked with classified data on an unclassified system. You need to sanitize all the reclaimed space on this system’s hard drives while keeping the system operational. Which of the following methods will BEST meet this goal?
A. Use a cluster tip wiping tool.
B. Use a file shredding tool.
C. Degauss the disk.
D. Physically destroy the disk.
Answer is A. A cluster tip wiping tool sanitizes reclaimed space on hard drives. The cluster tip is the extra space in the last cluster of a file, which can hold remnants of data.
A file shredding tool successfully erases a file, but does not affect clusters in reclaimed space.
Degaussing the disk magnetically erases it, and physically destroying the disk is the most secure method protecting its confidentiality, but both of these methods take the system out of operation.