[Faccus] [Sec-wg] Hard drive degausser

Colin Bell colin.bell at uwaterloo.ca
Tue Jan 31 11:37:43 EST 2012


So…

This thread is proving to be very informative.  If you are NOT using full disk encryption, you cannot expect to send your drives anywhere but to the shredder when they die.

I suggest everyone contemplate moving over to full disk encryption on drives containing ANY Policy 8 'Confidential' data ASAP[1].

Otherwise, from what we are seeing, kiss your warranty coverage goodbye.   If you can't wipe the drive through software and if degaussing voids your warranty, you have no redress.  If you do not have your Policy 8 "Confidential" data encrypted on the drive using whole disk encryption, your options appear limited-- the drives must be securely destroyed[2].

We are still evaluating this situation but, as most modern machines now have hardware accelerated AES, I think encrypting all your Confidential data is the best option.

References:
-----------------
[1] - http://ist.uwaterloo.ca/security/encryption/   OR   http://ist.uwaterloo.ca/cs/Truecrypt.html
[2] - http://strobe.uwaterloo.ca/ist/services/index.php?service=76

Cheers,
.cpb
--
Colin Bell, Systems Integration Specialist, IST
Information Security Services, University of Waterloo
+1-519-888-4567 x31245 / colin.bell at uwaterloo.ca

On 2012-01-31, at 10:24 AM, Kevin Rampersad wrote:

> It will void warranty with vendors (like HP):
> 
> "HP Customer Support (HPCS) strongly discourages the use of any degaussing process on hard disk drives (HDDs), which are then returned to HP against a warranty recovery claim. The process of degaussing HDDs, in fact, damages the internal mechanisms within the HDD thus rendering it un-repairable through the established OEM processes covered under HP/OEM warranty service agreements. This damage is classified as gross mishandling on the part of the customer and voids all warranty claims for defects against the effected HDDs."
> 
> http://bizsupport1.austin.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&taskId=125&prodSeriesId=32847&prodTypeId=12454&objectID=tis12547&printver=true
> 
> 
> -----Original Message-----
> From: sec-wg-bounces at lists.uwaterloo.ca [mailto:sec-wg-bounces at lists.uwaterloo.ca] On Behalf Of Peter Schepers
> Sent: Tuesday, January 31, 2012 10:23 AM
> To: Security Working Group
> Subject: Re: [Sec-wg] [Faccus] Hard drive degausser
> 
> 
>> Dell has a service, I'm guessing other vendors do as well:
>> 
>> http://content.dell.com/us/en/enterprise/d/services/support-services-k
>> eep-your-hard-drive.aspx?c=us&l=en&cs=555&redirect=1
> 
> Some do, some don't, but it is an extra cost. Given how simple it is to add features when configuring a new system on Dell's web site, I suspect those who feel they need this can buy this warranty option, but it must be bought before a failure.
> 
> Some points to consider about using an industrial degausser on a hard disk:
> 
> 1. I would think that _every_ part of the hard disk (except the
> platters) would have to be made of a non-ferrous metal so no part retains a magnetic field after a degauss.
> 
> 2. Didn't (or do) some hard disks store important info on one platter that is used in the drive initialization/POST sequence? Wouldn't a degauss also affect this info, rendering the drive useless, and possibly un-returnable by the vendor?
> 
> ==================================
> Peter Schepers
> University of Waterloo
> IST/Hardware Services, Shop Senior
> 200 University Ave West
> Waterloo, ON  N2L 3G1
> (519) 888-4567 x36347 Room MC1059
> _______________________________________________
> Sec-wg mailing list
> Sec-wg at lists.uwaterloo.ca
> https://lists.uwaterloo.ca/mailman/listinfo/sec-wg
> 
> _______________________________________________
> Sec-wg mailing list
> Sec-wg at lists.uwaterloo.ca
> https://lists.uwaterloo.ca/mailman/listinfo/sec-wg




More information about the Faccus mailing list