× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2013

Re: DISK Sanitizer Help

Software-encrypted drives are potentially vulnerable as the keys are
contained in system memory and can potentially be retrieved through various
techniques. Some of those are software-based attacks that do memory dumps
to look for the keys; others methods are hardware based and involve tricks
like freezing the RAM so it can be removed and put into another machine
where the contents can be read. Systems that use DDR3 are immune to the
frozen RAM attack method.

Perhaps it is more accurate to say the systems housing software-encrypted
drives can be attacked; the encrypted drive itself is fine.


Regardless, Self-Encrypting Drives (SEDs) are different and are always
encrypted (they ship that way from the factory). The encryption key is
stored on the drive itself and cannot be revealed to the firmware or OS.
The drive firmware relies on several optional techniques to authenticate
access, at which time it releases the key to the part of the drive
electronics that needs it to decrypt the contents.

To wipe a SED, just tell the drive to generate a new key. Contents are
instantly lost forever. Imagine replacing your car key with a different
one without replacing the car door's lock with a matching unit. Access
denied.


If you have links to SEDs being vulnerable I'd love to read them.



On Fri, Feb 22, 2013 at 12:37 PM, Mark D <mdlkml@xxxxxxxxxxxxxxxx> wrote:

Speaking strictly from a security practicality perspective:

On 2/22/2013 1:27 PM, Matt Olson wrote:
In the future, when you replace these disks you may want to opt for the
new self-encrypting disk drives. It makes these discussions of disk wiping
a thing of the past.

Instead you simple change the drive encryption key before handing them
in for warranty replacement or for sale and all data on the drive is
rendered useless.

These have been proven to be pretty vulnerable, at least PC oriented
ones. I don't know if there are IBM i specific ones.

-----Original Message-----
From: brad.lovelady@xxxxxxxxxxxxxx [mailto:brad.lovelady@xxxxxxxxxxxxxx]
Sent: Friday, February 22, 2013 12:21 PM
To: midrange-l@xxxxxxxxxxxx
Subject: RE: DISK Sanitizer Help

Rogers,

If management is dead set on re-selling these used disks, then Rob's
option would be the path of least resistance. However, as a fellow "banker"
I would not recommend you attempt to wholesale the disks. The cheaper
option in my case would be to destroy the disk and refurbish the system and
I/O. When you factor in the opportunity costs of your time, plus cost of
Disk Sanitizer, plus the time and cost of all the CYA paperwork, plus the
perceived risk of selling disk that once contained restricted company
data.....it's just not worth it. (Note: I said perceived risk, not actual
risk.) Those of you who deal with auditors should understand my point.

If I had to guess that 2.5TB is comprised of 140GB drives which works
out to about 20 or so disk units. Used market price per unit would be about
$300-500, meaning the most you could expect from a reseller would be $200
per unit. All that said....if management asked me to do this I would turn
around and ask them if all that trouble and perceived risk was worth
$4000-5000?

***********************************
Bradford Lovelady


Maybe not for you but for me and hopefully the OP, the disk wiping is a
sunk cost. The alternative to dealing with the drives is putting them
in storage where they will sit for a long time until everyone forgets
what they are. Then they will get sold without being wiped. If you're
being responsible the disks must be wiped no matter what the outcome.
I've acquired many systems of all sorts where the original owner held
onto it for a long time to avoid cleaning the system and eventually they
got rid of the system through some other means anyway. Either through
termination of employees who know the risks or office moves or something
else. The best bet is to always deal with the risk sooner than later.

Thanks,
Mark

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.





As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.