This preview shows page 1. Sign up to view the full content.
Unformatted text preview: VNSA220 Cyber Self Defense VNSA220 Cyber Self Defense
What to do when you’re done with data! Media Sanitization Confidentiality Confidentiality
– “Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information…” [44 U.S.C., Sec. 3542] – “A loss of confidentiality is the unauthorized disclosure of information.” [FIPS199, (Standards for Security Categorization of Federal Information and Information Systems)] RIT Confidential Information RIT Confidential Information
Information that: – is accessed or communicated on a need to know basis – could result in significant harm to the Institute if accessed by unauthorized individuals. RIT Confidential information may include documents, data, stored audio, or video NYS Disposal of Records NYS Disposal of Records Containing Personal Identifying Information Prior to disposal, unencrypted personal identifying information contained in print or electronic media is required to be – – – shredded, destroyed, or modified so that it is unreadable. What can someone do with my What can someone do with my Data • Students – Cheating – Grades – Financial – Stalking • Corporate – Competition – Investors – Legal – Financial Forms of data Forms of data
• Hard Copy
– Printed paper (bills, statements, letters,…) – Facsimile/typewriter ribbons (color copiers) – Copier drums – Hard drives – Removable media (floppy, cd, zip, jazz!) – Thumb drives – PDAs, digital camera, Cell phones, mp3 • Soft copy (Electronic) Sanitization Sanitization
• “the general process of removing data from storage media, such that there is reasonable assurance that the data may not be easily retrieved and reconstructed” • NIST Data Sanitization Data Sanitization
– no longer correct/has become outdated – no longer needed – As soon as possible – Creator – Janitor – Designated party – Verification?! • Who? • How? Data Sanitization Methods Data Sanitization Methods
• Disposal • Clearing • Purging • Destroying Disposal Disposal
• • • •
Tossing in trash can No special measures taken Yesterday’s newspaper Broken music CD Clearing Clearing
• Removing the data such that robust efforts to recover are thwarted
– For magnetic media • Simple deletion is insufficient • Deletion does not imply that data cannot be • – For paper media • Erasing pencil is inadequate • Crumpling is inadequate • Destruction is recommended recovered Overwriting is recommended Purging Purging
• Eradication sufficient to defend against a laboratory attack
– For Magnetic media • Degaussing – For Paper media • Destruction – For Optical media • Destruction Destroying Destroying
• Media is no longer reusable for storage
– Choices are: • Disintegration • Incineration • Pulverization • Melting • Shredding • Sanding • Chemical treatment NIST Paper Destruction Guide NIST Paper Destruction Guide
• Destroy paper using cross cut shredders which produce particles that are 1 x 5 millimeters in size (reference devices on the NSA paper Shredder EPL), or to pulverize/disintegrate paper materials using disintegrator devices equipped with 3/32 inch security screen (reference NSA Disintegrator EPL.). Destroy microforms (microfilm, microfiche, or other reduced image photo negatives) by burning. When material is burned, residue must be reduced to white ash. • Shredders Shredders
• Stripcut shredders • Crosscut shredders – use rotating knives to cut narrow strips as long as the original sheet of paper. These strips can be reassembled by a determined investigator, so this type of shredder is the least secure. It also creates the highest volume of waste. – use two contrarotating drums to cut rectangular or parallelogram shaped shreds. – create tiny square or circular pieces. – repeatedly cut the paper at random until the particles are small enough to pass through a mesh. – pound the paper through a screen. – pierce the paper and then tear it apart. – A rotating shaft with cutting blades grinds the paper until it is small enough to fall through a screen. •
http://en.wikipedia.org/wiki/Paper_shredder • Particlecut shredders • Disintegrators and granulators • Hammermills • Grinders • Pierce and Tear Rotating blades NIST CD Destruction Guide NIST CD Destruction Guide
• Destroy in order of recommendations: – Removing the Information bearing layers of CD media using a commercial optical disk grinding device. – Incinerate optical disk media (reduce to ash) using a licensed facility. – Use optical disk media shredders or disintegrator devices to reduce to particles that have a nominal edge dimension of five millimeters (5 mm) and surface area of twentyfive square millimeters (25 mm2). ** ** This is a current acceptable particle size. Any future disk media shredders obtained should reduce CD to surface area of .25mm². NIST SCSI HD Purge Guide NIST SCSI HD Purge Guide
• Purge hard disk drives by either purging the hard disk drive in an NSA/CSSapproved automatic degausser or by disassembling the hard disk drive and purging the enclosed platters with an NSA/CSSapproved degaussing wand. ***Degaussing any current generation hard disk will render the drive permanently unusable. How do I choose the appropriate How do I choose the appropriate destruction method?
• • • • • • • • •
Appropriateness Level of sensitivity Reuse or recycle Media control Hazardous materials Cost Availability Volume Verification Tools Tools
• Sdelete (windows)
– http://www.sysinternals.com/Utilities/SDelete.html • Cross Cut CD Shredder • Degausser (careful) References References
• NIST Special Publication 80088 Guidelines for Media Sanitization • “Secure Deletion of Data from Magnetic and SolidState Memory,” Peter Gutmann – http://csrc.nist.gov/publications/nistpubs/80088/NISTSP80 – http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.h Shredded word doc Shredded word doc
• Shredder document reassembly software • ShreddedLetter.doc – http://www.churchstreettechnology.com/SHRED_ ...
View Full Document
This note was uploaded on 05/27/2009 for the course NSSA 4050-220 taught by Professor Golen during the Fall '08 term at RIT.
- Fall '08