[Faccus] [Sec-wg] Hard drive degausser

Jason Testart jatestart at uwaterloo.ca
Tue Jan 31 14:13:32 EST 2012


I just consulted with my colleagues at other institutions.  The approach
taken is:

  Rule #1. Hard disks don't leave campus unless they are encrypted or to
be destroyed (at a Government shredding facility).

In the case of warranty returns, they tell the vendor "just trust us, but
the disk is not leaving".  Some vendors are agreeable, others take more
time to deal with. The university eats the cost if they have to.


jt




On 12-01-31 2:00 PM, "Paul Ludwig" <pludwig at uwaterloo.ca> wrote:

>Do not believe that from WD. We just got a replacement drive from WD for
>a dead
>drive. The drive was a 2TB hard drive. It was full of movies and data
>files from the
>last client, not a UW person. It was not the drive we sent them.
>
>We in ECE open each hard drive we are getting rid of and scratch the
>drives platters.
>This is the only way we can guarantee the data does not flow off campus.
>
>Thanks
>Paul James Ludwig 
>Computer Support Manager
>Electrical and Computer Engineering
>Room: EIT 4176 
>University of Waterloo
>200 University Avenue
>Waterloo, Ontario, Canada, N2L 3G1
>Phone: (519) 888-4567 ext. 32847
>Fax: (519) 746-7260
>
>
>-----Original Message-----
>From: sec-wg-bounces at lists.uwaterloo.ca
>[mailto:sec-wg-bounces at lists.uwaterloo.ca] On Behalf Of Matt Cooper
>Sent: January-31-12 12:25 PM
>To: Robyn Landers; sec-wg at lists.uwaterloo.ca
>Cc: faccus at mailman.uwaterloo.ca
>Subject: Re: [Sec-wg] [Faccus] Hard drive degausser
>
>The claim from WD is that when you return a drive, the device they use to
>check the drive actually wipes it clean as they're testing it.
>http://community.wdc.com/t5/Desktop/Data-on-returned-hard-drive/td-p/1959
>
>Are there other Universities that people have contacts with who have had
>similar incidents?  Maybe reaching out can provide some sense of proper
>protocol.
>
>Matt Cooper
>
>Client Support Specialist
>Institute for Quantum Computing
>University of Waterloo
>
>RAC 1004
>519-888-4567 x38607
>
>
>-----Original Message-----
>From: faccus-bounces at lists.uwaterloo.ca
>[mailto:faccus-bounces at lists.uwaterloo.ca] On Behalf Of Robyn Landers
>Sent: January-31-12 11:45 AM
>To: sec-wg at lists.uwaterloo.ca
>Cc: faccus at mailman.uwaterloo.ca
>Subject: Re: [Faccus] [Sec-wg] Hard drive degausser
>
>> Otherwise, from what we are seeing, kiss your warranty coverage
>> goodbye.   If you can't wipe the drive through software and if
>> degaussing voids your warranty, you have no redress.  If you do not
>> have your Policy 8 "Confidential" data encrypted on the drive using
>> whole disk encryption, your options appear limited-- the drives must
>> be securely destroyed[2].
>
>
>So now I have to tell researchers that they will not be allowed to use
>the hardware maintenance contracts they buy for their RAID arrays to
>cover disk failures, they have to buy new disks.
>Who is going to pay for those?
>
>And internally we will not be allowed to use our hardware maintenance
>contracts with NetApp to replace failed drives, we'll have to buy
>new ones.   Who's going to pay for those?
>
>
>Robyn
>_______________________________________________
>Faccus mailing list
>Faccus at lists.uwaterloo.ca
>https://lists.uwaterloo.ca/mailman/listinfo/faccus
>
>_______________________________________________
>Sec-wg mailing list
>Sec-wg at lists.uwaterloo.ca
>https://lists.uwaterloo.ca/mailman/listinfo/sec-wg
>
>_______________________________________________
>Sec-wg mailing list
>Sec-wg at lists.uwaterloo.ca
>https://lists.uwaterloo.ca/mailman/listinfo/sec-wg




More information about the Faccus mailing list