3 ways to foil tech 'dumpster divers'
- By William Jackson
- Sep 10, 2012
Government IT equipment is recognized under federal law as a “vital national resource,” and wherever possible excess equipment should be made available to schools and to non-profit organizations. This is laudable, but sending functioning hardware and software out into the world opens the door to the possibility that sensitive information could go along with it.
It is not only equipment being donated to outside organizations that can create risks. Recycling, disposal and reuse also can be sources of data leakage.
“Even internal transfers require increased scrutiny, as legal and ethical obligations make it more important than ever to protect data such as Personally Identifiable Information,” the National Institute of Standards and Technology says in draft guidelines for media sanitization.
With improved data protection through encryption and access controls for devices in use, the threat of attackers stealing data directly from discarded equipment -- the technology equivalent of dumpster diving -- increases.
“No matter what the final intended destination of the media is, it is important that the organization ensure that no easily re-constructible residual representation of the data is stored on the media after it has left the control of the organization,” the guidelines say.
NIST is updating its recommendations on sanitization to reflect the proliferation of data across a growing number and variety of devices and platforms, from tradition PCs and servers to virtual machines and mobile smart phones. The recommendations include three common techniques of sanitizing equipment, with increasing levels of severity.
The method you choose should be based on the type of media, the information it contains and future plans for the equipment, as well as cost and environmental impact.
Clearing or overwriting: This is the lowest level of sanitizing and uses the device’s standard read and write commands to write over user-addressable storage space. The process should include all user-addressable locations rather than just the file allocation tables. This method cannot be used on media that is damaged or not rewriteable, and even when done correctly it can miss some areas where sensitive information is held.
Clearing will not be effective with some types of media, the guidelines warn. “For example, flash-based storage devices may contain spare cells and perform wear leveling, making it infeasible for a user to sanitize all previous data using this approach because the device may not support directly addressing all areas where sensitive data has been stored using the native read and write interface.”
Some devices, such as phones, might only support deleting file pointers, which could be adequate in some cases as long as the interface does not facilitate retrieval of the cleared data.
Purging: This can include overwriting, block erase and cryptographic erase through the use of dedicated, media-specific device sanitize commands. Log data might not be sanitized through these commands, however, and could remain accessible. Degaussing can effectively remove magnetically stored data if the degaussing device is matched carefully to the media being purged. “Degaussing should never be solely relied upon for flash-based storage devices or for magnetic storage devices that also contain non-volatile non-magnetic storage,” the guidelines say.
Degaussing also can render some devices unusable, which brings us to the final technique.
Destruction: This can be the last resort when clearing or purging does not work or is not practical. In addition to degaussing with extreme prejudice, there are a number of ways to destroy media. Although merely damaging a device might make it impractical to recover data, a device is not considered destroyed unless data recovery is infeasible even using state-of-the-art laboratory techniques.
Methods for destruction include disintegrating, pulverizing, melting and incinerating. These tasks usually are outsourced to specialists that are licensed and have the facilities to ensure destruction and proper disposal.
Paper shredders can be used on flexible media such as diskettes. They should be shredded into pieces small enough that reconstruction is not feasible, and reconstruction can be made more difficult by mixing in shredded non-sensitive material of the same type.
William Jackson is freelance writer and the author of the CyberEye blog.