Difference between revisions of "Talk:Data Security"
(New page: I don't think this system/explanation is in a place to promote quite yet. We're on the way, but we're not there yet. What about our chain of custody? What about flash media/phones/mp3s? ...) |
(added info about our current process to work from.) |
||
| (9 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
| + | First stab at writing out "our process:" | ||
| + | #When Donor X donates a system, it is brought to the stacks of systems in System Eval to be processed. Laptops are locked up in a rolling safe and are brought to a locked room at the end of each shift. | ||
| + | #Volunteers going through the Build program remove hard drives from all systems as part of the process. | ||
| + | #Once the hard drive has been removed it is brought from a bin in System Eval to a locked box in a locked room (the TARDIS). Only staff members have access to this locked box. | ||
| + | #Staff members take drives from the locked box to our hard drive wipers, plug them in, and commence wiping the data. If the drives fail in this process, they are physically destroyed. If they pass, they are reused in our programs. | ||
| + | [[User:Meredith|Meredith]] | ||
| + | ---- | ||
| + | I struck the line about telling them to physically destroy the drives. I'd prefer to offer them tools for data destruction, and telling them we physically destroy drives may be enough to plant the seed to the truly paranoid. I just give these away, maybe ask for a $1 donation. When they do come back, we should shred the disk and send the case (with sticker) to the store for reuse. Creating a step to verify the disk has not been altered would be more work than just burning a new one (spoke with Vagrant and Michael about this). [[User:Tonyc|Tonyc]] 20:43, 19 May 2009 (UTC) | ||
| + | |||
| + | this page only applies to our practices with hdds. It does not yet address media, phones, pdas or other data-containing gizmos. Would be good to eventually umbrella the specifics of hdds under a more general discussion on data destruction. | ||
| + | |||
| + | The best wording on the subject i've found has been on vancouver's website. [[http://freegeekvancouver.org/en/data_destruction| Link here]].[[User:Tonyc|Tonyc]] 23:54, 20 May 2009 (UTC) | ||
| + | |||
| + | ---- | ||
| + | |||
I don't think this system/explanation is in a place to promote quite yet. We're on the way, but we're not there yet. | I don't think this system/explanation is in a place to promote quite yet. We're on the way, but we're not there yet. | ||
| − | + | I feel we're about a month out from having a system we can really brag about, once we have our chain of custody and physical security end in shape, And even then, part of that system will involve wording that shields us from liability and offers tools for a donor to take matters into their own hands. We have Dban disks available. Would be good to have a video tutorial as to how to use the disk on the web (or written explan.). Also need a plan for donors of Macs (dban doesn't work). | |
| + | |||
| + | Good to detail other steps donors can take, such as bringing drives and other data-containing devices in separately (meaning removed from cases, not buried in a box full of stuff, allow them to drop phones, etc. into the box themselves). | ||
| + | |||
| + | I think working toward a brochure (for tabling, fd, receiving) to accompany dban discs, a revision of web page on the subject, and possibly a video tutorial on the web would be good steps. [[User:Tonyc|Tonyc]] 05:26, 26 April 2009 (UTC) | ||
| + | |||
| + | ---- | ||
| + | |||
| + | |||
| + | Isnt DD enough to wipe any drive. I'm pretty sure one or 2 passes of /dev/random would be fine. see: [http://16systems.com/zero.php here] for info on this. If we do anything beyond Zeroing we are already beyond whats needed. | ||
| + | |||
| + | Also all ATA hard drives made since about 2001 have a built in feature called "secure erase" which we (or the user) can run from a boot disk. This is also impossible to recover data from after its been used. See: [http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml here] | ||
| + | |||
| + | Both of these methods are more then enough to prevent any identity thief from recovery data. | ||
| + | |||
| + | I will look into making video and text tutorials on all of these methods including dban.([[User:Evilgold|Evilgold]] 20:52, 26 April 2009 (UTC)) | ||
| + | |||
| + | ---- | ||
| + | |||
| + | The procedure for actually wiping the hdds is solid, for sure. It's the physical security of the drives before they are wiped that is the weak point. | ||
| + | With other devices, such as mp3s/cameras/phones/pdas, the physical security is fine, but the process of wiping is still dicey. Any thoughts on advice for mac people? The procedure I'd heard of involved using the system disc, which some people may not have.[[User:Tonyc|Tonyc]] 00:11, 27 April 2009 (UTC) | ||
| + | |||
| + | |||
| + | ---- | ||
| + | |||
| + | My main suggestion is for speeding up the process. Also if we're going to encourage people to wipe data themselves we should maybe have something for them to sign off on when donating to state they already wipe the drive. This would also speed things up a bit, even if it just means we do a quick zero pass on the drives to be sure. | ||
| + | |||
| + | There is dban for PowerPC macs available at dban.org. Its a "preview release", but it should work the same. I dont have a way to test it here, but i'll try it out next time i'm at the mothership. | ||
| + | |||
| + | |||
| + | ---- | ||
| + | |||
| + | This was the text up until today 5.19.09. New version created by Dave, Vagrant, MK with Laurel 1.0's help, too. | ||
| + | |||
| + | <s>At Free Geek we put the utmost care in ensuring complete data destruction of '''All''' user data that is donated to us. | ||
| + | |||
| + | Hard drives that meet our specifications for reuse are removed from their systems and wiped in our hard drive sanitation banks. The process we use to '''ensure total data destruction''' complies to DOD ( Department of Defense ) 5220-22.M standards for data destruction. Every sector of the Hard Drive is overwritten 3 times using a destructive write which ensures that '''ALL''' data on the drive is completely destroyed and totally unrecoverable. | ||
| − | + | Hard drives that are below our specifications for reuse are physically destroyed on site. | |
| − | + | Magnetic media such as floppy disks and backup tapes are disassembled in our recycling area and the plastic components are shredded by our plastics recycling vendor. | |
| − | + | Optical media such as cd-rw discs are physically destroyed as soon as we receive them</s> | |
Latest revision as of 18:12, 7 April 2011
First stab at writing out "our process:"
- When Donor X donates a system, it is brought to the stacks of systems in System Eval to be processed. Laptops are locked up in a rolling safe and are brought to a locked room at the end of each shift.
- Volunteers going through the Build program remove hard drives from all systems as part of the process.
- Once the hard drive has been removed it is brought from a bin in System Eval to a locked box in a locked room (the TARDIS). Only staff members have access to this locked box.
- Staff members take drives from the locked box to our hard drive wipers, plug them in, and commence wiping the data. If the drives fail in this process, they are physically destroyed. If they pass, they are reused in our programs.
I struck the line about telling them to physically destroy the drives. I'd prefer to offer them tools for data destruction, and telling them we physically destroy drives may be enough to plant the seed to the truly paranoid. I just give these away, maybe ask for a $1 donation. When they do come back, we should shred the disk and send the case (with sticker) to the store for reuse. Creating a step to verify the disk has not been altered would be more work than just burning a new one (spoke with Vagrant and Michael about this). Tonyc 20:43, 19 May 2009 (UTC)
this page only applies to our practices with hdds. It does not yet address media, phones, pdas or other data-containing gizmos. Would be good to eventually umbrella the specifics of hdds under a more general discussion on data destruction.
The best wording on the subject i've found has been on vancouver's website. [Link here].Tonyc 23:54, 20 May 2009 (UTC)
I don't think this system/explanation is in a place to promote quite yet. We're on the way, but we're not there yet.
I feel we're about a month out from having a system we can really brag about, once we have our chain of custody and physical security end in shape, And even then, part of that system will involve wording that shields us from liability and offers tools for a donor to take matters into their own hands. We have Dban disks available. Would be good to have a video tutorial as to how to use the disk on the web (or written explan.). Also need a plan for donors of Macs (dban doesn't work).
Good to detail other steps donors can take, such as bringing drives and other data-containing devices in separately (meaning removed from cases, not buried in a box full of stuff, allow them to drop phones, etc. into the box themselves).
I think working toward a brochure (for tabling, fd, receiving) to accompany dban discs, a revision of web page on the subject, and possibly a video tutorial on the web would be good steps. Tonyc 05:26, 26 April 2009 (UTC)
Isnt DD enough to wipe any drive. I'm pretty sure one or 2 passes of /dev/random would be fine. see: here for info on this. If we do anything beyond Zeroing we are already beyond whats needed.
Also all ATA hard drives made since about 2001 have a built in feature called "secure erase" which we (or the user) can run from a boot disk. This is also impossible to recover data from after its been used. See: here
Both of these methods are more then enough to prevent any identity thief from recovery data.
I will look into making video and text tutorials on all of these methods including dban.(Evilgold 20:52, 26 April 2009 (UTC))
The procedure for actually wiping the hdds is solid, for sure. It's the physical security of the drives before they are wiped that is the weak point. With other devices, such as mp3s/cameras/phones/pdas, the physical security is fine, but the process of wiping is still dicey. Any thoughts on advice for mac people? The procedure I'd heard of involved using the system disc, which some people may not have.Tonyc 00:11, 27 April 2009 (UTC)
My main suggestion is for speeding up the process. Also if we're going to encourage people to wipe data themselves we should maybe have something for them to sign off on when donating to state they already wipe the drive. This would also speed things up a bit, even if it just means we do a quick zero pass on the drives to be sure.
There is dban for PowerPC macs available at dban.org. Its a "preview release", but it should work the same. I dont have a way to test it here, but i'll try it out next time i'm at the mothership.
This was the text up until today 5.19.09. New version created by Dave, Vagrant, MK with Laurel 1.0's help, too.
At Free Geek we put the utmost care in ensuring complete data destruction of All user data that is donated to us.
Hard drives that meet our specifications for reuse are removed from their systems and wiped in our hard drive sanitation banks. The process we use to ensure total data destruction complies to DOD ( Department of Defense ) 5220-22.M standards for data destruction. Every sector of the Hard Drive is overwritten 3 times using a destructive write which ensures that ALL data on the drive is completely destroyed and totally unrecoverable.
Hard drives that are below our specifications for reuse are physically destroyed on site.
Magnetic media such as floppy disks and backup tapes are disassembled in our recycling area and the plastic components are shredded by our plastics recycling vendor.
Optical media such as cd-rw discs are physically destroyed as soon as we receive them