OT: Hardware: Sanitizing A Dead SSD?
Anyone have any clues about how to sanitize a dead SSD? We haven’t had it yet, but we’re sure it’s coming. Esp. since I’m a federal contractor, a dead disk gets deGaussed, but what the hell do you do with a SSD?
Anyone have any clues about how to sanitize a dead SSD? We haven’t had it yet, but we’re sure it’s coming. Esp. since I’m a federal contractor, a dead disk gets deGaussed, but what the hell do you do with a SSD?
19 thoughts on - OT: Hardware: Sanitizing A Dead SSD?
Most places I know shred them, even if they are not dead.
A five pound ball-peen hammer. Or if you’re feeling adventurous, a few seconds in a microwave oven, but set it up outside, so as not to set off the smoke alarms.
A drive grinding machine would do, but those are less fun for just a single drive.
SSD disks must be shredded as the data has been written over multiple sectors many times to ‘even the writes’. This allows for even a ‘dead’
disk to be disassembled with ‘off-the-shelf’ equipment to extract items from the dead places. Depending on the data involved, there may be different levels of shredding and destruction of shreds required.
If you don’t want to shred, use full-disk-encryption (laptop/pc).
In a server, shredding is probably the sanest option.
Do SSDs have an inbuilt destroy mechanism, like hard disks do ?
Like the others have mentioned, shredding is the best. Esp. since it is Federal. DoD spec only considers shredded destroyed afaik. SSD or not this was my normal practice for that same reason. HIH. Extreme is smelting the drive to molten but that is extremely sensitive data destruction.
Fred
What would someone use to do this? An industrial blender, circular saw …?
Am 2018-05-09 13:00, schrieb Leon Fauster:
Lot’s of specialized companies in that field.
Some of our customers require a protocol of destruction for disks, with serial numbers.
https://www.youtube.com/watch?v
Yes. Depending on the data type, the ‘dust’ at the other end may need to be ground through another machine so that all parts are less than some specified size ( I think it was below 0.5 cm x 0.5 cm x0.5cm.)
Then again depending on the data type, those bits are poured into concrete or taken to a specialized chemical incinerator.
Depending on your location, have you considered volcano? =)
Disclaimer: My $dayjob is with a government contractor, but I am speaking as private citizen.
Talk to your organization’s computer security people. They will have a standard procedure for getting rid of dead disks. We on the internet can’t know what they are. I’m betting it involves some degree of paperwork.
Around here, I give the disks to my local computer support who in turn give them the institutional disk destruction team. I also zero-fill the disk if possible, but that’s not an official requirement. The disk remains sensitive until the process is complete.
Jim
James Szinger wrote:
paperwork. disk Federal contractor here, too. (I’m the OP). For disks that work, shred or DBAN is what we use. For dead disks, we do the paperwork, and get them deGaussed. SSD’s are a brand new issue. We haven’t had to deal with them yet, but it’s surely coming, so we might as well figure it out now.
mark
Does anyone use hdparm’s enhanced security erase feature for wiping working drives?
Sounds more secure than DBAN/shred, and potentially faster too. It’s not something I’ve used.
jh
It really depends on if the drive actually does what the commands say it does. Most modern drives should do the reset/erase of sectors/cells.. but if the drive manufacturer decides “well we could short cut this by having it just read every sector as 0 until written”
and you think you have wiped the data, but it is still there for physical audit. And we have all seen enough dodgy “well this is the lowest end drive we are losing money on if we sell it.. unless we cut corners” to know someone somewhere is going to do that. Which then will make it probably just an additional step everyone has to do.
1. secure wipe drive
2. run dban/shred for 3-4 wipes.
3. fill out paperwork that you did 1 and 2.
4. secure wipe drive
5. send to industrial shredder.
Makes sense. I was thinking that some of the flash chips in the SSD could have survived that machine and would need to be further processed for some certainty of security.
Probably too late for consideration at this point, but there are Enterprise Class SSDs available with DoD/NSA certified/approved self encryption capability. The concept is that encryption is a hardware feature of the drive, when you want to dispose of it, you throw away the key. This allows vendors to receive broken drives back from GOV/MIL clients securely so that failure methods can be researched.
Dell and EMC have been presenting this to us at storage briefs for a couple of years now.
–Sean
Sean wrote:
encryption securely so On the one hand, it’s certainly not too late – we’re trying to figure out what to do *before* it happens, so we don’t run around like chickens with their head cut off when it does.
On the other hand… static, and unchanging, right, and how many minutes of Amazon S3 will it take to break the encryption?
mark
None. If it is NSA certified there will be a backdoor.