WHS Secure Hard Drive Removal Option RRS feed

  • General discussion

  • It would be nice if WHS implemented a secure hard drive removal option when removing a hard drive from WHS as it would provide a way to protect data from malicious recovery when a drive is out of the control WHS.

    Best option would be issuing an ATA Secure Erase command to the hard drive and letting it handle the destruction of data by itself. The advantage here is that it’s an approved method for purging data from an ATA hard drive that is on par with degaussing a hard drive according to the NIST 800-88 standard and it’s 1/8 times faster than the Department of Defense 5220 block overwrite (the usual ATA secure erase averages about 15-45 minutes according to the Center for Magnetic Recording Research at UCSD) which programs like DBAN use to secure erase data. Downside is that a modern computer BIOS will usually issue the ATA security freeze command to an ATA hard drive to prevent abuse of the ATA security commands and bypassing the security freeze would not be something the average computer user would not know or want to do.

    Next option might be including full on the fly hard drive encryption using AES encryption similar to Vista’s BitLocker feature. The advantage here is that a hard can be “Securely Decommissioned” in seconds by securely deleting the encryption key that was used in the encryption process to encrypt the stored data. Downside is that it would raise the hardware specifications needed to run WHS as well as incur a significant performance penalty.

    Last option might be just running a block overwrite over the entire drive to erase data. Downside is that it’s very time consuming and may not erase everything  since hard drives redirect writes from bad data sectors at the firmware level, this means that the overwrite may not get to the data stored in those sectors. Granted, worrying about potential data stored in bad sectors may be a bit overkill for the average user but then again you never know….

    The justification for this level of security for WHS is that WHS is being positioned as a way for the average home user to back up and protect ALL their data that is stored on all the computers in a home network. Just think about all the potentially sensitive data that could be stored on WHS either through a backup image of a computer or on a network share; personal financial records from money or quicken, confidential documents brought home work on a notebook, and private family photos, just to name a few. Granted, some of that stuff may be encrypted with a password already but don’t forget WHS will be dealing with a target audience that tend not to choose the best passwords to protect their data, which is the reason WHS implements strong password constraints on WHS accounts in the first place. While the advance user may know how to use a program like DBAN or HDDerase to erase data on a hard drive before letting leave their control you can bet that the majority target audience for WHS won’t even know that their suppose to take those kinds of precautions to protect their data let alone know how to do it. I believe that something should be implemented in WHS as part of its duty of protecting user data, protecting data from being lost while under the users control and protecting data from be accessed when the data is no longer under the control of the user.

    Sunday, May 27, 2007 6:50 AM