{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Media Sanitization

Media Sanitization - VNSA220 Cyber Self Defense VNSA220...

Info icon This preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: VNSA220 Cyber Self Defense VNSA220 Cyber Self Defense What to do when you’re done with data! Media Sanitization Confidentiality Confidentiality – “Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information…” [44 U.S.C., Sec. 3542] – “A loss of confidentiality is the unauthorized disclosure of information.” [FIPS­199, (Standards for Security Categorization of Federal Information and Information Systems)] RIT Confidential Information RIT Confidential Information Information that: – is accessed or communicated on a need to know basis – could result in significant harm to the Institute if accessed by unauthorized individuals. RIT Confidential information may include documents, data, stored audio, or video NYS Disposal of Records NYS Disposal of Records Containing Personal Identifying Information Prior to disposal, unencrypted personal identifying information contained in print or electronic media is required to be – – – shredded, destroyed, or modified so that it is unreadable. What can someone do with my What can someone do with my Data • Students – Cheating – Grades – Financial – Stalking • Corporate – Competition – Investors – Legal – Financial Forms of data Forms of data • Hard Copy – Printed paper (bills, statements, letters,…) – Facsimile/typewriter ribbons (color copiers) – Copier drums – Hard drives – Removable media (floppy, cd, zip, jazz!) – Thumb drives – PDAs, digital camera, Cell phones, mp3 • Soft copy (Electronic) Sanitization Sanitization • “the general process of removing data from storage media, such that there is reasonable assurance that the data may not be easily retrieved and reconstructed” • NIST Data Sanitization Data Sanitization • When? – no longer correct/has become outdated – no longer needed – As soon as possible – Creator – Janitor – Designated party – Verification?! • Who? • How? Data Sanitization Methods Data Sanitization Methods • Disposal • Clearing • Purging • Destroying Disposal Disposal • • • • Tossing in trash can No special measures taken Yesterday’s newspaper Broken music CD Clearing Clearing • Removing the data such that robust efforts to recover are thwarted – For magnetic media • Simple deletion is insufficient • Deletion does not imply that data cannot be • – For paper media • Erasing pencil is inadequate • Crumpling is inadequate • Destruction is recommended recovered Overwriting is recommended Purging Purging • Eradication sufficient to defend against a laboratory attack – For Magnetic media • Degaussing – For Paper media • Destruction – For Optical media • Destruction Destroying Destroying • Media is no longer reusable for storage – Choices are: • Disintegration • Incineration • Pulverization • Melting • Shredding • Sanding • Chemical treatment NIST Paper Destruction Guide NIST Paper Destruction Guide • Destroy paper using cross cut shredders which produce particles that are 1 x 5 millimeters in size (reference devices on the NSA paper Shredder EPL), or to pulverize/disintegrate paper materials using disintegrator devices equipped with 3/32 inch security screen (reference NSA Disintegrator EPL.). Destroy microforms (microfilm, microfiche, or other reduced image photo negatives) by burning. When material is burned, residue must be reduced to white ash. • Shredders Shredders • Strip­cut shredders • Cross­cut shredders – use rotating knives to cut narrow strips as long as the original sheet of paper. These strips can be reassembled by a determined investigator, so this type of shredder is the least secure. It also creates the highest volume of waste. – use two contra­rotating drums to cut rectangular or parallelogram­ shaped shreds. – create tiny square or circular pieces. – repeatedly cut the paper at random until the particles are small enough to pass through a mesh. – pound the paper through a screen. – pierce the paper and then tear it apart. – A rotating shaft with cutting blades grinds the paper until it is small enough to fall through a screen. • http://en.wikipedia.org/wiki/Paper_shredder • Particle­cut shredders • Disintegrators and granulators • Hammermills • Grinders • Pierce and Tear Rotating blades NIST CD Destruction Guide NIST CD Destruction Guide • Destroy in order of recommendations: – Removing the Information bearing layers of CD media using a commercial optical disk grinding device. – Incinerate optical disk media (reduce to ash) using a licensed facility. – Use optical disk media shredders or disintegrator devices to reduce to particles that have a nominal edge dimension of five millimeters (5 mm) and surface area of twenty­five square millimeters (25 mm2). ** ** This is a current acceptable particle size. Any future disk media shredders obtained should reduce CD to surface area of .25mm². NIST SCSI HD Purge Guide NIST SCSI HD Purge Guide • Purge hard disk drives by either purging the hard disk drive in an NSA/CSS­approved automatic degausser or by disassembling the hard disk drive and purging the enclosed platters with an NSA/CSS­approved degaussing wand. ***Degaussing any current generation hard disk will render the drive permanently unusable. How do I choose the appropriate How do I choose the appropriate destruction method? • • • • • • • • • Appropriateness Level of sensitivity Reuse or recycle Media control Hazardous materials Cost Availability Volume Verification Tools Tools • Sdelete (windows) – http://www.sysinternals.com/Utilities/SDelete.html • Cross Cut CD Shredder • Degausser (careful) References References • NIST Special Publication 800­88 Guidelines for Media Sanitization • “Secure Deletion of Data from Magnetic and Solid­State Memory,” Peter Gutmann – http://csrc.nist.gov/publications/nistpubs/800­88/NISTSP80 – http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.h Shredded word doc Shredded word doc • Shredder document reassembly software • ShreddedLetter.doc – http://www.churchstreet­technology.com/SHRED_ ...
View Full Document

  • Fall '08
  • Golen
  • NIST, sanitization, Data erasure, Sanitization Data Sanitization, Data Sanitization Methods, NIST Paper Destruction

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern