adam's notes

Secure Erase

Decommissioning is the policies and procedures that govern the removal of devices and software from production networks, and their subsequent disposal through sale, donation, or as waste.

  • if asset is disposed of by resale, gift, or recycling, there is a risk that:
    • software licenses could be misused
    • or configuration information valuable to an attacker could be leaked
  • risks mitigated by invoking the built-in factory reset
    • wipes any custom configuration settings
  • factory reset may leave data remnants
    • data remnant removal refers to ensuring that no data is recoverable from assets
      • critical to prevent confidential data being compromised
      • do so by:
        • destroying the media
        • sanitizing it
          • removing confidential information but leaving media intact for reuse
          • sanitizing and HDD is called overwriting
            • performed using the drive’s firmware tools, or a utility program
            • basic type is called zero filling
              • sets each bit to zero
              • single-pass zero filling can leave patterns that can be read with specialist tools
              • more secure method is:
                • overwrite with one pass of all zeros
                • then pass of all ones
                • then 1 or more passes in a pseudorandom pattern

Secure Erase

SATA and Serial Attached SCSI (SAS) specifications include a Secure Erase (SE) command.

  • since 2001
  • invoked using a drive/array utility or the hdparm Linux utility
  • on HDDs, performs a single pass of zero filling
  • for SSDs, hybrid drives, and some USB flash drives,
    • overwriting methods are not reliable
      • devices use wear-leveling routines in the drive controller to communicate which locations are available for use to any software process accessing the device
  • on SSDs SE command marks all blocks as empty
    • block is the smallest unit on flash media that can be given an erase command
    • firmware’s automatic garbage collectors then perform the actual erase of each block over time
    • if process is not completed, there is a risk of remnant recovery
      • requires removing the chips from the device to analyze in specialist hardware

Instant Secure Erase

  • HDDs and SSDs that are self-encrypting drives (SEDs) support a crypto erase
    • invoke a SANITIZE command set in SATA and SAS standards
      • from 2012
    • implemented as Instant Secure Erase (ISE)
    • with an SED, all data on the drive is encrypted using a media encryption key (MEK)
      • when erase command is issued, the MEK is erased
      • renders data unrecoverable

Graph View

Backlinks