I would like to amplify what Scott has said below. I think that it is a common misconception that drives which are used on servers in a secure location do not need FDE. In my research I have purchased thousands of hard drives on the secondary market and examined those drives for an indication of the data left on them by previous users. The most sensitive (and potentially damaging) data comes from drives that were used in servers, were taken out of service, and then ended up in my hands.
* In one case, I bought a RAID array. Most of the drives were wiped, but some were not. It looked like some drives had failed in service and the wiping wiped the logical RAID containers, not the physical drives. * In another case, drives were partially wiped. It looked like the power failed or the person just got bored. * In another case, the drives had disk errors. On the other side of the disk error there was valid data. * In another case, the company had called for the drives to be wiped, but the subcontractor "wiped" them by erasing the partition table. The drives were resold on eBay. You simply cannot assure that a drive will be physically wiped. If the drive will not be physically destroyed at the end of its life --- and it is hard to assure that a drive will be physically destroyed --- the drive should be encrypted with FDE. On Apr 14, 2009, at 11:41 AM, Scott S wrote: > There are Seagate FDE hard drives for server or network storage. But > as it > was pointed out if the hard drives are in a secure location, the > need for > security diminishes. However, in many situations, that is not the > case. > Also failing drives can be hotwapped out at any time, or drives need > to be > disposed off due to upgrade. These types of drives are still > carrying open > data that require protection. _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
