Storage

10 things you should do to securely dispose of computers

The need for good security practices doesn't go away just because a system has outlived its usefulness. These tips will help ensure that decommissioned equipment doesn't pose a threat.

Even in the best of times, computers are rotated out of use and we have to figure out how we should dispose of them. In a recession economy, people get laid off, systems running software with high licensing costs are decommissioned, and system breakdowns lead to consolidation of functionality rather than repairs. This may increase the rate at which we dispose of computer equipment -- and it can increase the expose us to security threats if we aren't careful about how we do it. Take the following list of tips for secure equipment disposal to heart.

Note: This article originally appeared as an entry in our IT Security blog. It is also available as a PDF download.

1: Eliminate access

Ensure that you eliminate any accounts or other access control facilities that are associated with the decommissioned equipment. You don't want an ex-employee still getting into his old workstation after he's not supposed to have access to it any longer, and you don't want lingering network access accounts used to remotely connect to the computer providing more "target surface" for security crackers when you don't need the account at all any longer. You should generally do this first.

2: Destroy the data

Don't assume that taking hard drives to the landfill is secure. If there's sensitive data on your drives, you need to get rid of it before taking it away. Even if you don't think there is any sensitive data on the drive, consider whether you're willing to bet the business on that -- and if not, do more than just chuck the drive in the trash. Even reformatting or repartitioning a drive to "erase" the data it stores isn't good enough these days (if it ever was); tools such as the shred utility can help you delete files more securely. Encrypting the data on the drive before doing any deletion can help make data even more difficult to recover later.

3: Destroy the device

In the most extreme cases, storage devices may need to be physically destroyed to ensure that sensitive data isn't leaked to whoever gets the drives next, even within your own organization. In such cases, you probably shouldn't destroy them yourself. There are experts who can do this, and they're probably a lot better at safely and effectively rendering any data on your drives unrecoverable than you would be. If your needs are so stringent that you can't trust this to an outside agency that specializes in secure destruction of storage devices, you should have a specialized team within your organization that has the same equipment and skills as outside contractors.

4: Be methodical

Keep a checklist for the decommissioning process to make sure you don't forget a step at any point. This can be especially important when dealing with many, many computers at once, such as when an entire department is shut down -- but it's important the rest of the time, too. Don't rely on the checklist to do your thinking for you, though. Consider every detail of the system in question, its uses, and any potential dangers for security that come to mind. Add new measures to the checklist when you come up with a threat you have to deal with that may be relevant again at a later date; not everything on the checklist has to apply in every case for it to be a valuable addition to the checklist.

5: Keep track of which systems have been decommissioned

Make sure you have clear, physical indicators of whether a system has been fully decommissioned in a secure manner and that they don't consist of something easily misplaced or overlooked like a sticky note. It's best if computers that haven't been fully decommissioned are kept in a specific location, while decommissioned equipment goes somewhere else, so that habits you develop will help you avoid making mistakes. For instance, perhaps workstations should be kept on desks and servers in racks until they're cleared (and they should probably stay there until they've had their drive contents shredded, at least, because they're already set up with power and whatever interface is normal for that system). Doing so can lend a sense of urgency to the need to securely decommission the equipment, too, because you'll feel the pressure of wanting to clear the space for other uses.

6: Keep careful records

Whoever is responsible for decommissioning a machine should sign off on the completion of the process if more than one person might be assigned such a responsibility. That way, if something goes wrong, you know who to talk to when it comes time to find out what happened and how bad the mistake really is. Log the time and date of completion, too. Just keep meticulous records in general, including the specifics of equipment components that have been processed, where they're going from here, and (when appropriate) their depreciated value and replacement cost.

7: Don't wait

Don't store equipment in need of secure decommissioning. Make it a priority to get it done, so the equipment doesn't end up being neglected for weeks, months, or years, until someone gets an opportunity to compromise your security by making use of sensitive data stored on it. Don't leave it running unnecessarily, either; you don't want yet another system running on your network, waiting to get compromised by a security cracker or malware, when you don't actually have any use for the system.

8: Eliminate potential clues

Clear configuration settings on networking equipment. Managed switches, authenticating serial console servers, and other "smart" network infrastructure devices can provide clues to a clever security cracker on how best to break into your network and the systems that reside on it.

9: Keep systems secure until disposal

Establish clear guidelines for who should have access to any equipment in need of secure disposal and track a "chain of custody" so you'll be better able to ensure nobody who shouldn't have access to it before disposal won't get his or her hands on it.

10: Inventory all equipment

Track the physical contents of every computer and piece of network infrastructure equipment in your organization so you won't make the mistake of overlooking a storage device. Remember that even volatile RAM can serve as a "storage device" for sensitive data under limited conditions. Ultimately, you should just adopt an attitude of practical paranoia about sensitive data storage and act accordingly.

Don't fall into the trap of meticulously securing your running systems, then getting compromised or having sensitive data recovered because you didn't put any thought into securing the systems slated for disposal. The need for good security practice doesn't go away when you turn off the computer.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

26 comments
wizard_of_oz
wizard_of_oz

I'm going to draw a distinction here. Ordinary garden-variety sensitive data can be safely removed by overwriting the drive. Chances are, nobody is going to spend tens of thousands of dollars or more to get last years sales projection for this year. This applies to much more dangerous secrets, that in the wrong hands will cause irrevocable damage. Usually, machines holding information like this are never recycled to they public. Not even an option. Policy usually prevents it. The computers should already have a difficult-to-remove ID/inventory tag as well as stickers indicating how sensitive the information on them is. The stickers should also be on any storage devices in the machines. Typically all the storage devices are removed and destroyed. This may include flash chips physically desoldered from boards. Think chucking circuit boards into an oven until the solder melts and the chips fall off. Given how much can be recovered even from physically damaged hard drive platters, the only way to be really sure is to remove and physically destroy the platters. This might involve smelting, acid, turning them into metal dust, etc. Storage devices that are chips are heated to their destruction point, then possibly ground up. Optical disks have the optical layer ground off into something resembling glitter. Paper is shredded into needle-sized confetti, smaller than a typical cross shredder, and then sometimes incinerated. All of this is dirty, hot, smelly work. You really do want to have someone do it for you. Of course, you want that someone to not have any incentive to find out and sell the secrets on the equipment you're decomissioning...

malcolmgoodman
malcolmgoodman

What is wrong in erasing / eliminating / removing as much of the registry as possible ??

peter
peter

Most people in the UK are aware of the Data Protection Act, a law which is frequently misquoted and misinterpreted, usually by organisations to suit their own ends. But IT professionals responsible for any data bearing assets absolutely must be mindful of the Act's seventh principle, which is "Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data." So if you dispose of an item from which personal data under your responsibility can be read, you're committing an offence. Don't waste time looking at the penalties - the tariffs are quite draconian. Just take the advice of the other contributors and get a secure erase utility, not a criminal record!

BigIve
BigIve

Nothing to do with supermodels or Alpine children. Gives some great options - allows individual files to be erased as well as clearing out the white space on drives and even adding in plausible data. Good option if you are happy to remove data in a partition instead of nuking the drive. http://eraser.heidi.ie/ Generally you would encrypt a drive that contained even slightly sensitive data so data deletion is less critical - i.e. it should be impossible to access the data even if it was recovered.

Ebyau
Ebyau

Nice treatise! I personally use Tune Up Utilities for secure erasing of my old PC's hardrive before disposing it of. If the PC is un usable again, I remove usable parts for later re-use, such as memory chips, modems, graphics cards, sound cards, even the processor!,,

jsargent
jsargent

Most manufacturers have a downloadable utility that can destroy the data completely on their drives. Following that why don't drive manufacturers recycle their drives? Just by the process of recycling they destroy all traces of the data.

jack6666
jack6666

... a prudent and wise person would take heed of what you are laying down with such grace and distinction here! Outdoor Lights | Landscape Lighting Ideas

fvazquez
fvazquez

I was thinking of a full pound of C4, but I guess it's too much :)

jayohem
jayohem

Good info. On the landfill issue: I understand there are incinerator plants now that handle plastic, metal, noxious vapors, and recycle these as well as create usuable electric power from the incineration process. We need to encourage the government to fund these; it's another way to put America back to work while cutting back on the landfill problem and its cousins the ocean gyres.

cclark536
cclark536

If you're working with a reputable disposal vendor, please make sure they are using the DOD 3 wipe process and providing the Certs of Destruction. btw........Don't forget to let IT Finance know that captial expenditure is no longer physically in the organization, so that the property tax payment is discontinued and the maintenance is removed from any SW/HW Contracts and also reharvest any SW licenses. Just Saying

edward.keating
edward.keating

Doing it once is sufficient. Drive erase/wipe is built into several backup utilities. Think of it this way, have you ever been able to recover even one document that was truely overwritten (not just updated, but the disk block was overwritten)? If that was so, you could always recover older information on a hard drive. The last time you could even remotely see what bits may have been written were from old double sided 5 1/4 floppy disks that were exchanged betweeen double density and high density drives where the read width was half the width of the double sided drives. This only made the data unreadable with parity errors unless it was read in the last drive that wrote the information and that was usually a cr@p shoot. Most of this is paranoia and urban legend material. Makes for a mediocre scifi flick, but try and recover anything from a erased/wiped disk, you won't be able to...

n4aof
n4aof

(With appologies to Buffalo Springfield:) Paranoia Runs Deep Into your heart it will creep It starts when you're always afraid.

bullmoose62
bullmoose62

If your going to take a bunch of units out of service try and find a local non-profit that can use the units for computer labs or placements to low-income and disabled individuals. Most non-profits today have software and means by which they are bonded to remove data, inventory tags, and take on the personal liability of making sure the unit does not end up in a landfill. By all means, DO NOT DESTROY THE HARD DRIVES!!! There is many programs that can safely remove your data and wipe the drive clean for you that meets or exceed DOD standards. Articles like this cause people to panic and they take laptops with the lids close and try to drill press through the hard drive. In most cases they have destroyed the unit to total trash and missed the hard drive in the process. Have been in the this field for over 25 yrs, I can tell you that even Fortune 500 companies destroy the units and give non-profits trash thinking they have spared their data and did someone a favor. Until we remove the CD/DVD Rom Drive and find a disk in there that is a complete backup copy of their work files. If you are that nervous, then pay the company you are buying the units from to enter into a buy-back program with you. It is really a shame what some people will do in the name of security to units that could really make a difference in the lives of other far less fortunate if only the companies had people trained in sanitizing the units at the time they replace them.

Gis Bun
Gis Bun

I prefer to wipe the info of a hard disk using GDisk from Symantec's Ghost [the corporate version, not the retail]. It has a hidden switch to use the DOD approved [I think] wiping mechanism. After that, I usually take a hammer to it - when no drill is available. IOf dumping many computers at a time, destroy the HDDs [from above but don't include them in the same dumping as the other parts of the computer. If some garbage collectors/theives see that there is no hard in them, they will know not to come back. Note that if the computers are leased, then just do the DOD part. :-)

ammar_zaatreh
ammar_zaatreh

"...you should have a specialized team within your organization that has the same equipment and skills as outside contractors." So you suggest a team of specialists whose mission is demolition of physical equipment? I'd sooo work there!!

jasonemmg
jasonemmg

If the drive is never needed again and total erasing of data is required.... Why not take multiple size drill bits and a sledgehammer to the HDD ??? Then dispose of the aftermath through proper recycling over a period of several days so that the pieces are scattered through the landfill,etc...

Old Timer 8080
Old Timer 8080

For TRUE security, you also need to eliminate ( KILL ) all the techs who ever worked on the system.... The HUMAN part is and always been the weakest link when it comes to securing data... DoD overwrite protocols take care of the MACHINE part of the problem... When it came to security on the DD-19s and 29s on the Cray, a special top was designed that had a WELDED IN 45 caliber pistol pointed straight down through the platters. The duty officer on site was to pull these triggers if there was an actual overrun of the military site by the OPFOR....

gechurch
gechurch

Thanks Chad, I appreciated the article. Most points are probably fairly obvious, but can easily get lost in the busy-ness of daily work life. I particularly like the ideas of checklists, signing off and having separate areas for equipment in need of decomissioning. The only point I didn't agree with is #3. I don't know why people have this idea the physically destroying hard disks is more effective than overwriting the data. There have been examples in the past where data has been recovered from drives that were bashed with a hammer or otherwise physically beaten. I guess witnessing the destruction with our own eyes gives us a (misplaced) confidence that the data is unrecoverable. The only proper way to be rid of data is to overwrite it lots of times. I believe there are no known cases of data being recovered when overwritten (I think it was ) three times. The paranoid can of course do it more often.

tiger48
tiger48

How about real physical indicators, such as drill a hole in the case at a specific location, hot brand the case, a Red dummy plug in the video port, a heavy duty zip tie thru the case lock tab. The idea is that anybody can tell it's cleared, even if it's not in the right storage room. First thoughts I'm sure there are better ideas out there. Speaking of youth in the computer biz, my first class was in PL/I a year before IBM released it.

jsargent
jsargent

Unless you write zeros or all ones you can recover most of the information and even recover credit card information from a old hard drive. A number of universities bought hard disks from ebay and managed to recover useful data (card information etc) as a simple exercise just to prove the point.

gechurch
gechurch

maj37 is spot on that it is possible, but not with the hard drive's read head. You need something like a scanning tunneling microscope, that gets 1000 times closer to the platters (or something like that!). I absolutely agree with your sentiment though. People get carried away with "Can it *possibly* be recovered?". The more relevant question is "Is it worth anyone's time to actually recover the file?". As much as some company's would like to believe it, their data probably isn't important enough that someone would buy a several-hundred-thousand dollar machine to attempt a recovery. And even if your data is that important, why would someone go to the bother and expense of trying to recover the data this way. It would be a lot easier to hack in, guess passwords, use social engineering to trick someone into giving you their password, get hired as a cleaner and have access to the server room, blackmail/bribe an employee to steal the data for you etc etc etc.

maj37
maj37

It is possible to recover some of the data even if the data blocks have been over written once. You can't do it with the controller in the drive you have to remove the platters and use other equipment. What happens is because of head wobble ghost bits are created and a single over write doesn't erase all of them. That is why to really wipe it you need to write multiple bit patterns. I am not saying anyone can recover an entire hard drive with these methods but if you have only overwritten once they can get some data. Physically destroying the drive after you have used multiple bit patterns overwrites is overkill in my opinion. If you haven???t used multiple erase patterns then drilling or shooting holes won???t stop data theft either you have to shred the platters. maj

ron.dondelinger
ron.dondelinger

I wipe hard drives utilizing Darik's Boot 'n Nuke (DBAN) utility, which can erase per DOD standards, but the "management" in my organization feels it necessary to physically destroy the hard drives. Try as I may to educate, my opinion and my influence is limited. Case in point: Years back, I sent a hard drive to OnTrack Data Recovery with the hope of recovering some MS Word documents, after the drive had been re-imaged. Just being overwritten ONE TIME was sufficient to render the {partially} recovered documents useless. My opinion is to recycle and reuse whenever possible. Hard drive data can be sufficiently scrubbed by software, and the economic payback is considerable as compared to the alternatives.

bullmoose62
bullmoose62

Well clearly you have never met the people at BASIL and I suggest you look them up. I am sure they would love to talk to any IT people putting electronic waste into their local landfills. In the state of Illinois, as of 2012, it will be illegal for any form of electronics to enter the local landfills and many other states are adopting similar laws. If you deal with professional recyclers and non-profits, they are more than qualified to handle the disposal of your items and in most cases are insured and bonded against your information getting out or the unit landing up in a landfill. Think Green Geeks, this rock is the only place to live for time being.

Gis Bun
Gis Bun

Sledgehammer and a drill? That's a bit overkill especially if you are dumping 50 systems. :-)

boomchuck1
boomchuck1

Our city landfill has an area to off load any electronic equipment - computers, microwave, TV, etc. No cost to you to drop your stuff off there so that is real convenient for the home user. But, before doing that you really need to run a Killdisk type utility, at least 3 times, to wipe your hard drive clean. We do this with our office computers before sending them off to surplus. (We don't bother putting an OS back on them either. The lucky person who buys them dirt cheap can do that.) Just deleting the files, or even writing over them with other files, just isn't enough.