Guide for Data Sanitization
Hello everyone, hope you've been doing great! @Phoenix750 recently said that we should post articles about something that we are learning, both to help us study and maybe to introduce other people to new subjects. That's what this article is, so forgive (and please correct) me if I say something that's wrong, as I'm still learning.
So I've recently been tasked with selling a used desktop computer, which means I have to properly clean it, both physically (case, internal components, etc...) and logically (securely erase all data - in other words, sanitize it).
This got me reading a lot of articles on Data Sanitization Methods to better comprehend it and learn more about it, which made me stumble upon a very good and interesting 64-page document about this subject (the purpose of this article is to summarize this document).
The document is called "Guidelines for Media Sanitization" and it's written by NIST - National Institute of Standards and Technology.
According to their website, "NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life". Whatever that's means...
What matters is that they make some fine ass documents (like really good, all freely available), on pretty much every field of science, and the field of Cybersecurity and Computer Security is no exception. They have a website called CSRC - Computer Security Resource Center, "which facilitates broad sharing of information security tools and practices, provides a resource for information security standards and guidelines, and identifies key security web resources to support users in industry, government, and academia."
There, they have metric shit-tons of documents related to Cyber & Computer Security, and it's where you'll find the "Guidelines for Media Sanitization" document we'll be talking about (in the Special Publications section).
Like I previously said, I'll try to summarize this document because most of the government related or goverment-produced documents tend to have too many unnecessary redundancies (see what I did there?).
Now that we've got that intro out of the way, let's get to it.
The document is written in a way that kinda focuses more on big bussinesses or organizations where confidentiality is a big deal, but the same concepts apply to people like us, home users.
It has a few pages going on about how technology is constantly evolving, making some of the techniques described obsolete on future technologies and why one might be concerned with Media Sanitization or why it's important, but I'll leave that for you to read, if you're interested.
- What is Data / Media Sanitization?
"Media Sanitization" is just a fancy expression for "securely deleting data on some type of media thus preventing unauthorized access, therefore increasing confidentiality" or just, you know, deleting stuff, period.
- Types of Media
Primarly, there are two types of media involved in our daily routines:
Hard Copy - these are most commonly paper printouts. However, most printer parts and supplies are also a good example of hard copy media, and often overlooked. This tends to leave organizations and bussinesses rather vulnerable to dumpster-divers or anyone looking for information really.
Electronic / Soft Copy - these are the devices that contain bits and bytes of information. Hard drives, flash memory devices, mobile devices, networking and office equipment are all good examples.
- Types of Sanitization
There are three main types of sanitization. These are:
Clear - uses logical techniques (software based) to delete data in a storage device. Generally applies Read & Write commands, meaning in overwrites existing data with new values (basically replacing sensitive or classified data with non-sensative data). This action is most commonly achieved using software like DBAN (or it's more complete brother Blancco 5), Eraser, with "a cloth or something" or even the standard 'Factory Reset' function. However, this method may not be very effective when state of the art data recovery techniques are applied.
Purge - Similar to 'Clear' except it uses state of the art techniques and equipment (both physical and logical) to sanitize data, making it even more difficult to apply recovery techniques (i.e degaussers).
Destroy - renders data inacessible by using techniques that prevent future use of the storage device. These include incinerating, shredding, disintegrating, degaussing, pulverizing or melting the storage media.
EDIT : Reading the comments, I remembered a Sanitization Method that I forgot to cover. I'ts called Cryptographic Erase (CE for short). What this means is that you encrypt all the sensitive data, but instead of deleting it, you sanitize the decryption key, meaning that nobody will have access to the target data (basically the same as storing something in a vault and then forgeting the combination to open it).
What to consider when sanitizing data?
When the time comes to sanitize media, you might be faced with choice of what type of sanitization you should apply or what is the most adequate (this question is most commonly found in a bussiness / organization environment, as home users mostly apply the "Clear" method).
There are a few things to consider when making that decision:
What type of media are we dealing with - hard copy or electronic (if electronic, specify)
Security Category - Early on the document, they talk about how security categorization is important to assure that a proper media sanitization technique is applied (basically, you have to determine if the target data is non-sensitive, if it reveals Personally Identifiable Information, if it's classified / confidential, etc) (don't worry, they have a special doc just for that!).
Reuse of Media - wether the storage media is planned for reuse (either within or outside the organization) or recycle.
Control of Media & Data Protection Level - these are closely related to Security Categorization. Control of Media refers to who has had control and access to said media (mostly discussed when leaving organizational control); Data Protection Level refers to the different data protection policies that exist within an organization (like data clearence, some people are authorized to access some information, others are not; mostly discussed when there's internal reuse).
Environmental Impact - some methods are more harmful to the environment than others.
Cost - some methods may be more cost-friendly than others.
Here's a decision flow chart that may help you:
From page 35-48 in the document, there are a great deal of tables that tell you what type of sanitization you shoud consider, depending on the type of media (again, it may help you a lot).
That's it for today. If you made it to the bottom, I hope you've enjoyed reading this article and that it helped you in some way.
In the next post maybe I'll cover software sanitization methods (gutmann method, schneier, DoD, etc..)
Thank you all for reading and I'll see you all later.