|
|
| Author |
Message |
| 25 new of 547 responses total. |
polytarp
|
|
response 210 of 547:
| 
May 13 04:46 UTC 2003 |
WE SHOUYLD HAVE OLDGRAX USEABLE EVEN AFTER NEWGREx, YOu're saying?
|
janc
|
|
response 211 of 547:
|
May 13 13:22 UTC 2003 |
We, I guess. No parts from old grex will be used in newgrex. However, I
can't, off hand, think of any use for old grex, and don't think we have any
plans to keep it running.
|
other
|
|
response 212 of 547:
|
May 13 13:30 UTC 2003 |
And, before anyone asks, once the user partitions are successfully copied to
nextgrex, the disks will be destroyed to insure the privacy of Grex's users.
As far as I'm concerned, anyone willing to cart away the current machine after
the new machine takes over (with appropriate transition period) is welcome
to it. (Minus the user disks, of course.)
|
janc
|
|
response 213 of 547:
|
May 13 13:40 UTC 2003 |
I can't imagine why we'd destroy the disks, and I can't imagine Marcus
and STeve agreeing that we don't need the old Grex anymore.
|
gelinas
|
|
response 214 of 547:
|
May 13 13:48 UTC 2003 |
Sufficiently sophisticated disk-recovery tools can do some amazing things.
The only way to ensure these tools don't work is physical destruction of the
disks. I can see an argument that nothing on grex should be that sensitive,
but we aren't talking about *my* data on grex. As long as we retain physical
possession, there is no need to destroy the disks.
|
cross
|
|
response 215 of 547:
|
May 13 14:13 UTC 2003 |
I can't imagine anyone being that interested in grex's user disks,
despite what some folks think. I'd say scrub them and give them
away.
|
scott
|
|
response 216 of 547:
|
May 13 14:39 UTC 2003 |
I can't imagine there being any real value in the old Grex hardware.
|
keesan
|
|
response 217 of 547:
|
May 13 15:26 UTC 2003 |
What is it that is supposed to be kept private, the passwords?
|
scott
|
|
response 218 of 547:
|
May 13 16:00 UTC 2003 |
Files in home directory, email, staff conference.
|
drew
|
|
response 219 of 547:
|
May 13 18:24 UTC 2003 |
If you can get good enough random numbers, it might suffice to do a
dd if=/dev/random of=/dev/sdx.
|
hal9
|
|
response 220 of 547:
|
May 13 20:25 UTC 2003 |
`shred' (a GNU coreutils software) announces that it can prevent
recovery of erased data by writing sucessively several different
bit patterns over the files. More details on the paper "Secure
Deletion of Data from Magnetic and Solid-State Memory", by Peter
Gutmann. (http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html).
The only drawback is that, since it overwrits the disk several times,
it is extremely slow. But, after the transition, I don't think time
will be a problem for oldgrex.
Also note that nothing is 100% effective, of course. Physical destruction
is the only guaranteed way of safeguarding the disk contents. shred's
info page goes to the extreme of telling that the /only/ 100% way is
melting the disk on *-acid.
|
other
|
|
response 221 of 547:
|
May 13 22:26 UTC 2003 |
Why the heck would we KEEP the current Grex one we complete the migration
to the next Grex?
Do we still need the first Grex? Or the second? So why not give it away
to someone else who might actually put it to use? Including Marcus or
STeve, if they want to take it away.
And, if we're not going to use the current disks on the new system, then
why should we keep them? And if we're not going to keep them, then we
damn well ought to destroy them because it is the only way to absolutely
insure that their contents are unrecoverable.
I don't think my comment was radical, and I DO think it was logically
sound and consistent with both our past practices and our current
philosophies.
|
keesan
|
|
response 222 of 547:
|
May 13 22:45 UTC 2003 |
Can't you simply overwrite the entire disk with 0's?
|
other
|
|
response 223 of 547:
|
May 13 23:08 UTC 2003 |
There are a lot of levels of sophistication of data recovery tools
available, and I don't know how available products of any particular
level are, but it is quite possible that no reasonable amount of
overwriting with 1s, 0s and/or random ASCII values would entirely
obliterate and render irretrievable someone's personal data on these
disks.
|
styles
|
|
response 224 of 547:
|
May 13 23:11 UTC 2003 |
/dev/zero is your friend.
dd if=/dev/zero of=/dev/whatever bs=8192 (blocksize on grex is probably lower)
there may be some concern about the disks being magnetic and the zero's not
doing enough.
|
gelinas
|
|
response 225 of 547:
|
May 14 00:34 UTC 2003 |
(The question is not, "Who would be interested in the data on the disks?"
The question is, "Who would be interested in _their_ data on the disks being
released or revealed?" We've too many users to get ALL of them to answer that
question negatively.)
|
lk
|
|
response 226 of 547:
|
May 14 01:26 UTC 2003 |
The question I'd ask: is it easier to (potentially) crack root and see the
data on the disks or to actually recover the data once reasonable precautions
are taken to erase it. The point being that no one should ever expect that
their data on a public access system is 100% secure.
Of course, if STeve or mdw are interested in the old machine, that would
solve the problem given that the scrubbed disks would be in safe hands (for
some time to come).
|
cross
|
|
response 227 of 547:
|
May 14 02:01 UTC 2003 |
I agree with #226; no one on grex has any sort of guarantee about the
safety of their data. Indeed, grex is planning on using a password system
on next grex that inherently compromises the data of all users if someone
has managed to crack root. Going and getting the disks from someone in
Michigan after they've been scrubbed is a lot more work than just getting
the data off the disks now or after the transition to the next grex.
I sympathize with Joe's sentiment about wanting to keep user data secure,
not it's not going to be any less secure on a scrubbed disk as it is on
grex now or in the future.
|
i
|
|
response 228 of 547:
|
May 14 02:03 UTC 2003 |
With a clean room for disecting disk drives, some millions of dollars worth
of exotic high-tech instruments, and skilled staff to match, it should be
presumed that supposedly-totally-erased data can be recovered from drives.
Anyone *that* interested in the data could get it far faster, sooner, and
cheaper in a host of other ways, starting with simple physical break-in.
Thus, it's reasonable to assume that any data on grex worthy of such
efforts has already been stolen, and giving the hypothetical hostiles an
extra copy is actually *good* tactics - they waste resources to read it.
|
other
|
|
response 229 of 547:
|
May 14 02:17 UTC 2003 |
Well. I guess I'M the one being anal about security this time. It's a
rotating responsibility. Someone else take over, 'cause it looks like
I'm done.
|
polytarp
|
|
response 230 of 547:
|
May 14 02:40 UTC 2003 |
WE NEED TO STOP THE SUBVERSIVEs... SQUIRRLEy-Group?
|
scg
|
|
response 231 of 547:
|
May 14 04:58 UTC 2003 |
The first Grex is (or at least was the last time I saw it) in Marcus's
basement. As of a couple years ago, when I was last in the Pumpkin, Grex 3
was still there. I think Grex 2 may have been as well, but Grex 2 may have
been harvested for parts (2 and 3 were similar enough for some hardware to
be interchangable.
|
cross
|
|
response 232 of 547:
|
May 14 13:08 UTC 2003 |
Regarding #229; There's nothing wrong with being anal; but if you're
going to be anal about one thing, it's best to be anal about everything
else, as well. For instance, not just merging the existing contents of
/etc/shadow into a Kerberos KDC for use as keys....
Security is all about tradeoffs. If people really wanted their data to
be secure, they'd encrypt it, put it on some sort of tramper-resistant
media, enclose that in a cube of lead with two foot walls, enclose that
in a block of concrete, booby trap it so that if anyone tries to open it,
they die, and dump it into the Mariana's trench; all in secret so that
nobody knew they'd done it. Even then, it wouldn't be totally secure.
One has to do a risk analysis, and determine whether the cost of
protecting the data from prying eyes is worth the value of the data.
If it is; great, do whatever you need to to make sure no one gets access
to it. If not, then take some reasonable precautions, but don't lose
sleep over it. Data from grex definately falls in the latter category.
|
jep
|
|
response 233 of 547:
|
May 14 14:47 UTC 2003 |
Oh, I'd say para 2 in ersp:232 describes "total security" in real-world
terms. There's no way to recover anything 7 miles into the ocean.
Leeron in resp:226 and the next several comments describe my opinion
about the need for disk security. Grex needs to reasonably match the
security presently given to that data. That's all anyone has any right
to expect. A good formatting of those drives ought to be easily
sufficient to keep the data as secure as it is now.
My goodness, how difficult would it be for someone to break into the
Pumpkin right now and steal tapes, hard drives, or even all of Grex?
Where else are backups kept? Any of those places could be breached by
someone with such sophisticated specialized training as we probably all
got from our parents when taught how to use a screwdriver. It'd be a
lot easier to steal the data (and cheaper, and much more reliable) than
to recover data from a formatted hard disk.
|
cross
|
|
response 234 of 547:
|
May 14 16:21 UTC 2003 |
Yes, but one might throw out one's back trying to steal the current
grex.
|
