Discussion on:
View:
Show:
Do you have a secure disposal policy in place? Have you ever been bitten by unsecured data left on equipment you decommissioned when it fell into someone else's hands?
All we really do with PC/Laptops is run Wipedrive 3.0 with the D.O.D. three time option. Then off to the recycler.
We physically destroy the HDDs before letting them out of our control. That means hammer and drill types of things.
With a 1/8" kerf does wonders when drives are brought to me now and again.
We take drives apart and use the platters and spacers to make mobiles, the dangling, artsy-craftsy things. They're pretty cool.
Neat thing is how we build/hang them. We take the magnets out of the drive, run them over the surface of the platters (inside a piece of cloth to avoid scratches) then build the mobile on the frame of an old 6-8 inch speaker.
The speaker has a magnet, of course, and the magnets from the hard drive almost always have a couple holes in the metal they're attached to. You nail or screw the hard drive magnet into the ceiling or wherever you want to hang the mobile, then just plunk the speaker magnet end up onto the HD magnet... Only thing to be careful about is some if not all these magnets are ceramic and can crumble apart if you hit them too hard.
But with the strength of these speaker and hard drive magnets (and being careful) I've yet to hear of one of these falling down, even with repeated attacks from curious cats.
I'm looking at one right now, (mobile, not cat) very nice how light is randomly reflected around, like sitting beside a swimming pool.
The one I have at home is a never ending source of entertainment for the cats, when they get in the mood they attack the reflections. The way the platters spin and twist randomly, the reflections will often move to a point, come to a rapid halt and reverse course, drives 'em nuts.
Now I hope someone doesn't tell me data can still be retrieved off these platters exposed to a strong magnetic field, fat human fingers, a good buffing and then the dust-laden air...
BTW the top flange (screw plate) makes a great key ring. IBM drives below 100 GB often have the best, actually machined, not stamped.
PS we usually rip the cone, spider and any wiring off the speaker, gives you more attach points.
Neat thing is how we build/hang them. We take the magnets out of the drive, run them over the surface of the platters (inside a piece of cloth to avoid scratches) then build the mobile on the frame of an old 6-8 inch speaker.
The speaker has a magnet, of course, and the magnets from the hard drive almost always have a couple holes in the metal they're attached to. You nail or screw the hard drive magnet into the ceiling or wherever you want to hang the mobile, then just plunk the speaker magnet end up onto the HD magnet... Only thing to be careful about is some if not all these magnets are ceramic and can crumble apart if you hit them too hard.
But with the strength of these speaker and hard drive magnets (and being careful) I've yet to hear of one of these falling down, even with repeated attacks from curious cats.
I'm looking at one right now, (mobile, not cat) very nice how light is randomly reflected around, like sitting beside a swimming pool.
The one I have at home is a never ending source of entertainment for the cats, when they get in the mood they attack the reflections. The way the platters spin and twist randomly, the reflections will often move to a point, come to a rapid halt and reverse course, drives 'em nuts.
Now I hope someone doesn't tell me data can still be retrieved off these platters exposed to a strong magnetic field, fat human fingers, a good buffing and then the dust-laden air...
BTW the top flange (screw plate) makes a great key ring. IBM drives below 100 GB often have the best, actually machined, not stamped.
PS we usually rip the cone, spider and any wiring off the speaker, gives you more attach points.
When you need something important done correctly...DO IT YOURSELF !!!
I've used screw drivers, drills and the good old hammer to destroy HDD's.
Crack the case open and smash the circuit boards,etc...
Then dispose of pieces on separate days to avoid a jigsaw puzzle rebuild!
I've used screw drivers, drills and the good old hammer to destroy HDD's.
Crack the case open and smash the circuit boards,etc...
Then dispose of pieces on separate days to avoid a jigsaw puzzle rebuild!
BALTHOR would disagree. He has me thinking the solder is imbued with intelligence.
I really like the option of using the AK47 in full auto mode to remove any remaining data.
Has the added effect of reducing excess stress as well, after turning a drive into so much wasted metal you kinda feel good about everything.
Has the added effect of reducing excess stress as well, after turning a drive into so much wasted metal you kinda feel good about everything.
I use a company in Massachusetts called CDS. They arrive at my loading dock and totally shred the hard drives in about 3 seconds. The total process is recorded and they provide a certificate of destruction.
Also I have them shred our dlt tapes and all our cellphones.
www.corpdestructsolutions.com
Also I have them shred our dlt tapes and all our cellphones.
www.corpdestructsolutions.com
Asset every device that stores data. PDA's, mobiles, laptops, desktops, etc.
Every asset must have an assigned owner.
That owner has an assigned manager.
Charge yearly fee for any managed asset until it is handed to IT.
The owner is primary person responsible for the device.
The manager is the secondary owner of the device.
If any device goes missing they still pay for it and if it's intentionally not reported, fire the person responsible or drop their pay, etc. If the primary person goes and the manager does not follow up by informing IT and checking all devices are still with the company, fire or demote them instead, etc.
Likewise with data disposal, every asset should have a field in its CMDB with the last known location (e.g DISPOSED) and IT Technician who disposed it. Anything goes wrong you know who disposed of it. CMDB is updated by someone else other then the IT techs doing the data wipes, who then send off forms or emails or something to say "yes I wiped it securely I'm sure and I bothered to check there wasn't a 2nd HDD in the PC", etc.
When the items go off for disposal (or auction) they should still have their serial numbers (probably no company identifiable markings though) so you should still be able to look them up in your CMDB even if they turn up in a police investigation a year later.
Following the above, the users will make sure that assets are passed on to IT for secure disposal because they're jobs are on the line and they'll also continue paying for it until it's returned to IT. It's taking years but my place of employment is slowly changing their processes to follow similar path. Suddenly all the managers are going around asking their staff where their PDA's and laptops are and getting pissed when they get blank stares. I love it. No-one cares about data security except IT but mix it with money and suddenly all the managers are listening.
Every asset must have an assigned owner.
That owner has an assigned manager.
Charge yearly fee for any managed asset until it is handed to IT.
The owner is primary person responsible for the device.
The manager is the secondary owner of the device.
If any device goes missing they still pay for it and if it's intentionally not reported, fire the person responsible or drop their pay, etc. If the primary person goes and the manager does not follow up by informing IT and checking all devices are still with the company, fire or demote them instead, etc.
Likewise with data disposal, every asset should have a field in its CMDB with the last known location (e.g DISPOSED) and IT Technician who disposed it. Anything goes wrong you know who disposed of it. CMDB is updated by someone else other then the IT techs doing the data wipes, who then send off forms or emails or something to say "yes I wiped it securely I'm sure and I bothered to check there wasn't a 2nd HDD in the PC", etc.
When the items go off for disposal (or auction) they should still have their serial numbers (probably no company identifiable markings though) so you should still be able to look them up in your CMDB even if they turn up in a police investigation a year later.
Following the above, the users will make sure that assets are passed on to IT for secure disposal because they're jobs are on the line and they'll also continue paying for it until it's returned to IT. It's taking years but my place of employment is slowly changing their processes to follow similar path. Suddenly all the managers are going around asking their staff where their PDA's and laptops are and getting pissed when they get blank stares. I love it. No-one cares about data security except IT but mix it with money and suddenly all the managers are listening.
Drop it into a water barrel while its running, dry it off, then throw it into a fire. Data is irreparable now.
Bon fires are awesome
Bon fires are awesome
There is a lovely dumpster in Orange County, NY that I regularly visit on Sundays and often find a few little gems thrown out among all the tons of printer parts, and often computers that startup live - I use them for parts and toss the rest. Then I regularly visit another dumpster in Ramsey, NJ where I often find genuine good stuff, such as a Dell Server, once a flat panel display, computers sometimes and other trivia.
Many firms do not properly conduct equipment disposal and the most secure way is to contact any reputable disposal firm - see PROCESSOR.COM for names and have your old equipment carried out in a professional manner.
But I am not going to make too big of an issue on that.
Another good way to dispose of current IT equipment is to outsource your IT staff and give them 30 days notice before shipping jobs off to Bangalore. You would be amazed how many laptops magically go offsite for intense testing by the departing technicians.
Many firms do not properly conduct equipment disposal and the most secure way is to contact any reputable disposal firm - see PROCESSOR.COM for names and have your old equipment carried out in a professional manner.
But I am not going to make too big of an issue on that.
Another good way to dispose of current IT equipment is to outsource your IT staff and give them 30 days notice before shipping jobs off to Bangalore. You would be amazed how many laptops magically go offsite for intense testing by the departing technicians.
Another good way to dispose of current IT equipment is to outsource your IT staff and give them 30 days notice before shipping jobs off to Bangalore. You would be amazed how many laptops magically go offsite for intense testing by the departing technicians.
I wouldn't exactly call that "secure" disposal. You seem to have a very interesting definition of the word "good" in that statement.
I wouldn't exactly call that "secure" disposal. You seem to have a very interesting definition of the word "good" in that statement.
I would not call this a good way to do it, but it was certainly a period of extreme anger. Organizations would do well not to anger their IT professionals too much. The outsourcing experience = being sold down the river and when one realizes that, despite your best work - and I was closing 1,200 tickets per year - that the firm doesn't give a tinker's damn about you ... well, take your choice.
The asset register is a great idea provided it is kept up to date. ie New hardware needs to be added or removed to the list and repositioning of workstations requires the list to be updated as well.
"In a timely fashion"
"In a timely fashion"
Excellent article. However, the most effective and cheapest method for hard drive disposal involves no file "shredding" or outside contractor. No technolgical advancements have yet to trump the handy sledge hammer and chisel.
1 refer to the NIST 8088 - encrption of hard drive is not safe and is easily cracked. 2. There is a difference between Purging a drive and clearing a hard drive According to the NIST. The only proper way for a hard drive to be PURGED is to initiate The Secure Erase Command that is installed into the hard drive firmware and is activated by special equipment. Secure erase will erase the hard drive beyond forensic recovery. Developed for the National Security Agency by Gordon B Hughes of the University of California .Most ATA hard drives since 2001 have this firmware and some SCSI units. Also it apparently the software cannot erase hard drives beyond Forensic recovery. Software cannot erase info on the bad sectors of the hard drive.
Robo
Robo
Find out more about the disposal of computers in a secure and environmentally friendly way - Remploy are experts in recycling computer equipment
Make sure to use a reputable IT recycling company, it's worth spending a bit of extra foot-work or money and finding one who can securely AND ethically dispose of your equipment.
Even with the strict WEEE legislation in the UK, many companies are falling victim to man-in-a-van outfits. Do your research and make sure your old equipment and data is disposed of correctly.
http://www.uk-computer-recycling.co.uk
Even with the strict WEEE legislation in the UK, many companies are falling victim to man-in-a-van outfits. Do your research and make sure your old equipment and data is disposed of correctly.
http://www.uk-computer-recycling.co.uk
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
