Summary


Secure Decommissioning

There comes a time in every computer's life cycle where it needs to be decommissioned. It may be being returned at the end of a lease, or being passed on to a different department, donated to a nonprofit, or just tossed in the recycling system. By now, you should realize that you need to remove any trace of confidential data from the drives in that system.

A number of schemes and tools exist to do this. In software, writing random and fixed values over the disk space hundreds of times is commonly proposed, but to do so is time consuming and expensive. From a hardware standpoint, crushing a disk, drilling through it, melting it, or shredding it are all options. In addition to being time consuming and expensive, these also guarantee that the hardware is wasted and cannot be passed on.

With BitLocker, a new option exists: don't worry about destroying the disk or even clearing the data, just render it permanently inaccessible.

There are two ways to do this: the "I think I want to" way, and the "Yes, Regis, that's my final answer" way. In the first case, by deleting all of the key protectors except the recovery keys from the disk (deleting them all from the volume metadata) you ensure that the system will enter recovery mode every time it starts up. There is no other source of information left that will allow BitLocker to unlock the volume. This lets you be sure that someone buying the computer at a garage sale won't be able to fire it up and read their wife's prescription drug history (no, I am not making that up), but that an authorized user-with a recovery password or USB recovery key-could still get the data back.

If you are sure, and you are sure you're sure, you can take this a step further by deleting all recovery information from Active Directory, and deleting all of the key protectors from the volume metadata. Even if someone still has a USB startup key in their pocket, it won't matter-it would be unusable. Now, BitLocker won't actually let you have no keys in the volume metadata, so instead, you replace the recovery key with a random key and don't write it down or save it. Then, remove all of the others.

Now, your disk is a brick.

Another very handy option is the Vista format utility. In Vista, format has been written so that it deletes all BitLocker key structures, overwrites that space to ensure their removal, and then formats the drive, so using format with the /Q (for quick) option allows a quick but secure decommissioning.

Is BitLocker secure decommissioning "secure enough"? Well, it's not as secure as wiping the disk with random strings 1,000 times, then drilling holes through the disk, then pulverizing it, sweeping up the shards, melting them down, and shaping them into a metal plaque sent on a spaceship to greet other civilizations-but on the other hand, it costs a lot less.

Each situation is different. If you trust AES 256-bit encryption with an added diffusion algorithm-and you should-then you can be reasonably confident that your computer has been adequately decommissioned.




Administering Windows Vista Security. The Big Surprises
Administering Windows Vista Security: The Big Surprises
ISBN: 0470108320
EAN: 2147483647
Year: 2004
Pages: 101

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net