1 00:00:00,180 --> 00:00:01,610 Once your system has fulfilled 2 00:00:01,610 --> 00:00:03,370 its operational useful life, 3 00:00:03,370 --> 00:00:04,890 what are you going to do with it? 4 00:00:04,890 --> 00:00:06,330 Should you reuse the asset? 5 00:00:06,330 --> 00:00:07,470 Should you resell it? 6 00:00:07,470 --> 00:00:09,090 Or should you throw it away? 7 00:00:09,090 --> 00:00:10,430 Well, this is really a question 8 00:00:10,430 --> 00:00:11,263 you have to think about 9 00:00:11,263 --> 00:00:12,580 in terms of risk tolerance 10 00:00:12,580 --> 00:00:13,920 and how your organization 11 00:00:13,920 --> 00:00:15,780 views its security posture. 12 00:00:15,780 --> 00:00:17,900 Which method you decide is going to be documented 13 00:00:17,900 --> 00:00:20,170 inside your organization's disposal policy 14 00:00:20,170 --> 00:00:22,300 and it's something you need to think through. 15 00:00:22,300 --> 00:00:24,160 Asset disposal occurs whenever a system 16 00:00:24,160 --> 00:00:26,420 is no longer needed by an organization. 17 00:00:26,420 --> 00:00:27,720 And it doesn't mean it has to be some 18 00:00:27,720 --> 00:00:29,970 old worn out piece of junk computer. 19 00:00:29,970 --> 00:00:32,160 It may be that you have a new iPhone 20 00:00:32,160 --> 00:00:34,380 and you just got a brand new one three weeks later. 21 00:00:34,380 --> 00:00:35,213 What are you going to do with that one 22 00:00:35,213 --> 00:00:36,780 that was there three weeks earlier? 23 00:00:36,780 --> 00:00:38,630 Well, you're going to have to dispose of it somehow, 24 00:00:38,630 --> 00:00:42,710 and it can be reused, resold, or completely thrown away. 25 00:00:42,710 --> 00:00:45,400 This disposal might require the system to be destroyed, 26 00:00:45,400 --> 00:00:46,320 it could be that the assets 27 00:00:46,320 --> 00:00:47,910 can be reused for another purpose, 28 00:00:47,910 --> 00:00:50,230 or it's resold to get you some money back. 29 00:00:50,230 --> 00:00:51,810 Now in organizations that require 30 00:00:51,810 --> 00:00:53,750 a high level of security for their data, 31 00:00:53,750 --> 00:00:55,790 it's commonplace for data storage devices 32 00:00:55,790 --> 00:00:58,740 to be electronically or physically destroyed first. 33 00:00:58,740 --> 00:01:00,370 Now if you were going to use tapes 34 00:01:00,370 --> 00:01:01,780 for your backups for example, 35 00:01:01,780 --> 00:01:03,750 these tapes might be shredded or burned 36 00:01:03,750 --> 00:01:05,270 when you no longer need them. 37 00:01:05,270 --> 00:01:07,580 If your organization is using hard drives for storage, 38 00:01:07,580 --> 00:01:10,070 these can be destroyed through a degaussing process. 39 00:01:10,070 --> 00:01:11,660 Degaussing exposes the hard drive 40 00:01:11,660 --> 00:01:13,290 to a powerful magnetic field, 41 00:01:13,290 --> 00:01:15,460 and this causes the previously written data 42 00:01:15,460 --> 00:01:16,800 to be wiped from the drive, 43 00:01:16,800 --> 00:01:19,730 and the drive to become a blank slate once again. 44 00:01:19,730 --> 00:01:22,360 Now I have seen organizations that take this step further 45 00:01:22,360 --> 00:01:24,240 and they physically destroy those hard drives 46 00:01:24,240 --> 00:01:25,890 to prevent the data from being exposed, 47 00:01:25,890 --> 00:01:27,810 and they do this by hitting them with axes, 48 00:01:27,810 --> 00:01:29,120 smashing them with hammers, 49 00:01:29,120 --> 00:01:31,030 or even using industrial shredders 50 00:01:31,030 --> 00:01:34,120 to turn that hard disk into tiny little pieces. 51 00:01:34,120 --> 00:01:36,770 Now if all of that sounds a little too violent for you, 52 00:01:36,770 --> 00:01:39,710 that's okay, there's electronic mechanisms to do this too. 53 00:01:39,710 --> 00:01:41,430 This is known as purging. 54 00:01:41,430 --> 00:01:43,620 Purging, also known as sanitizing, 55 00:01:43,620 --> 00:01:45,870 is the act of removing data in such a way 56 00:01:45,870 --> 00:01:47,670 that it cannot be reconstructed 57 00:01:47,670 --> 00:01:49,930 using any known forensic techniques. 58 00:01:49,930 --> 00:01:53,040 This includes using special bit-by-bit erasing software 59 00:01:53,040 --> 00:01:54,760 that can allow you to rewrite the hard drive 60 00:01:54,760 --> 00:01:57,380 many times over with a series of ones and zeros. 61 00:01:57,380 --> 00:02:00,650 And if you do this at least seven times or even 35 times 62 00:02:00,650 --> 00:02:02,580 for real high security applications, 63 00:02:02,580 --> 00:02:04,280 you can actually erase that drive 64 00:02:04,280 --> 00:02:05,860 and then reuse it again. 65 00:02:05,860 --> 00:02:07,160 Another technique you can use 66 00:02:07,160 --> 00:02:08,490 is to encrypt the drive, 67 00:02:08,490 --> 00:02:10,440 and if you destroy the encryption key, 68 00:02:10,440 --> 00:02:13,370 this again makes the data on it impossible to read, 69 00:02:13,370 --> 00:02:16,530 and this is another way to basically sanitize your drive. 70 00:02:16,530 --> 00:02:19,250 Now if you want to reuse that hard drive more easily though, 71 00:02:19,250 --> 00:02:21,350 you would use a clearing technique. 72 00:02:21,350 --> 00:02:23,600 A clearing technique is the removal of data 73 00:02:23,600 --> 00:02:25,060 with a certain amount of assurance 74 00:02:25,060 --> 00:02:26,800 that it can't be reconstructed. 75 00:02:26,800 --> 00:02:28,430 For example if you delete a file 76 00:02:28,430 --> 00:02:29,720 or a folder from your hard disk, 77 00:02:29,720 --> 00:02:30,800 and then you replace the area 78 00:02:30,800 --> 00:02:31,633 that was stored on it 79 00:02:31,633 --> 00:02:32,840 with a series of zeros, 80 00:02:32,840 --> 00:02:34,720 this would constitute clearing. 81 00:02:34,720 --> 00:02:37,310 This is also used to do a secure erase function 82 00:02:37,310 --> 00:02:39,310 inside of some operating systems. 83 00:02:39,310 --> 00:02:41,560 Now unfortunately the data is actually recoverable 84 00:02:41,560 --> 00:02:44,030 with special techniques and forensic procedures though. 85 00:02:44,030 --> 00:02:45,400 And so if you want to conduct something 86 00:02:45,400 --> 00:02:47,620 like a low level format of the hard disk, 87 00:02:47,620 --> 00:02:50,410 this would be categorized as clearing as well. 88 00:02:50,410 --> 00:02:52,010 The bottom line if you're working 89 00:02:52,010 --> 00:02:53,520 in a high security environment, 90 00:02:53,520 --> 00:02:54,660 you shouldn't use clearing. 91 00:02:54,660 --> 00:02:56,360 Instead you should opt for purging 92 00:02:56,360 --> 00:02:58,140 or physical destruction. 93 00:02:58,140 --> 00:02:59,440 Now when it comes down to it, 94 00:02:59,440 --> 00:03:00,820 the major security concern here 95 00:03:00,820 --> 00:03:02,730 is the idea of data remnants. 96 00:03:02,730 --> 00:03:04,460 It's those leftover pieces of data 97 00:03:04,460 --> 00:03:05,640 that may exist in the hard drive 98 00:03:05,640 --> 00:03:07,140 and we no longer need it. 99 00:03:07,140 --> 00:03:09,060 For example let's say I took my old laptop 100 00:03:09,060 --> 00:03:10,810 and I wanted to sell it to another person, 101 00:03:10,810 --> 00:03:12,640 I would want to ensure that they can't access 102 00:03:12,640 --> 00:03:14,810 any of the data that was previously stored on there 103 00:03:14,810 --> 00:03:16,280 like my bank account information 104 00:03:16,280 --> 00:03:17,920 or my social security number. 105 00:03:17,920 --> 00:03:18,860 In order to do this, 106 00:03:18,860 --> 00:03:20,410 I can remove the hard drive, 107 00:03:20,410 --> 00:03:21,430 but this would make the laptop 108 00:03:21,430 --> 00:03:23,540 essentially unusable or unsellable. 109 00:03:23,540 --> 00:03:26,400 So instead I can purge or sanitize the hard drive 110 00:03:26,400 --> 00:03:28,040 using these overwrite procedures 111 00:03:28,040 --> 00:03:30,500 and then install a brand new operating system. 112 00:03:30,500 --> 00:03:31,610 As long as I overwrote 113 00:03:31,610 --> 00:03:33,590 every single sector of that hard drive, 114 00:03:33,590 --> 00:03:35,590 the fear of the data being recovered 115 00:03:35,590 --> 00:03:36,940 would be mitigated. 116 00:03:36,940 --> 00:03:38,780 Now as an organization, 117 00:03:38,780 --> 00:03:40,260 we might want to reuse an asset 118 00:03:40,260 --> 00:03:43,060 such as a server, a router, or another system, 119 00:03:43,060 --> 00:03:45,000 again the idea of data remnants here 120 00:03:45,000 --> 00:03:46,260 must be addressed though. 121 00:03:46,260 --> 00:03:47,400 So if I was going to take a server 122 00:03:47,400 --> 00:03:49,070 that was previously used by accounting, 123 00:03:49,070 --> 00:03:50,890 and provide it to the marketing department, 124 00:03:50,890 --> 00:03:52,980 I probably want to ensure that all of the data remnants 125 00:03:52,980 --> 00:03:55,670 have been removed using overwriting procedures. 126 00:03:55,670 --> 00:03:57,210 But if a system was being used 127 00:03:57,210 --> 00:03:58,860 in a test lab by web developers 128 00:03:58,860 --> 00:04:00,010 and they wanted to reuse it again 129 00:04:00,010 --> 00:04:02,100 for a new project testing another website, 130 00:04:02,100 --> 00:04:04,060 it may only be necessary to do clearing 131 00:04:04,060 --> 00:04:05,640 and just simply delete the files 132 00:04:05,640 --> 00:04:07,700 or some of the applications that were on there. 133 00:04:07,700 --> 00:04:09,510 Now there is no right or wrong answer 134 00:04:09,510 --> 00:04:11,190 when you're deciding if an asset 135 00:04:11,190 --> 00:04:13,500 should be physically destroyed or reused. 136 00:04:13,500 --> 00:04:15,020 This is a decision that you have to make 137 00:04:15,020 --> 00:04:16,300 as a security professional 138 00:04:16,300 --> 00:04:18,310 based on the cost, the business case, 139 00:04:18,310 --> 00:04:19,830 and the security issues involved 140 00:04:19,830 --> 00:04:21,720 when you're writing your disposal policies. 141 00:04:21,720 --> 00:04:23,870 Now when you're writing those disposal policies, 142 00:04:23,870 --> 00:04:26,300 you should cover five steps in those policies. 143 00:04:26,300 --> 00:04:27,700 First, you need to define 144 00:04:27,700 --> 00:04:29,700 what equipment will be disposed of. 145 00:04:29,700 --> 00:04:31,240 Second, you need to determine 146 00:04:31,240 --> 00:04:32,080 where that old equipment 147 00:04:32,080 --> 00:04:33,780 will be stored until disposal, 148 00:04:33,780 --> 00:04:35,490 because if I took that server 149 00:04:35,490 --> 00:04:36,580 and I just left it out, 150 00:04:36,580 --> 00:04:37,890 people could access the data. 151 00:04:37,890 --> 00:04:39,110 So I want to make sure it's locked up 152 00:04:39,110 --> 00:04:40,710 in a server room or in a closet 153 00:04:40,710 --> 00:04:41,780 where people can't access it 154 00:04:41,780 --> 00:04:43,920 until I dispose of the information. 155 00:04:43,920 --> 00:04:45,170 Third, you need to ensure 156 00:04:45,170 --> 00:04:46,220 that your security personnel 157 00:04:46,220 --> 00:04:47,270 analyze the equipment 158 00:04:47,270 --> 00:04:48,320 and determine if it should be 159 00:04:48,320 --> 00:04:51,100 disposed of, reused, or resold. 160 00:04:51,100 --> 00:04:53,300 Fourth, you need to sanitize the device 161 00:04:53,300 --> 00:04:55,730 and remove all of the data from that machine. 162 00:04:55,730 --> 00:04:57,700 You can do this through clearing, purging, 163 00:04:57,700 --> 00:04:59,390 or physical destruction. 164 00:04:59,390 --> 00:05:01,160 And fifth, you want to throw away, 165 00:05:01,160 --> 00:05:02,750 recycle, or resell the device 166 00:05:02,750 --> 00:05:04,143 now that the data is gone.