I want to a presentation by Robert Thibadeau on Thursday last week, who was talking at an ISSA UK Chapter meeting, relating to Advanced Persistent Threats (APT), specifically where an attacker is able to modify some part of the pre-boot code, prior to an Operating System being loaded. The thrust of the discussion was about encrypted hard drives being a part of the armoury against these types of attacks, along with Trusted Platform Modules (TPMs).

As we all know, the standard practise of secure erasure for hard disks is to overwrite every sector seven times.

And then there was this nugget of information that I found highly interesting: this won’t work on Solid State Drives (SSDs). The architecture of these drives is determined by the underlying memory technology. Each “sector” on an SSD can only be written to about 1,000 times. In order to deliver a decent lifespan on the more expensive drives, therefore, the drive actually contains significantly more storage than stated on the packaging, with all data going through a load-balancer, to distribute the “writes” across the drive.

This means that it is very difficult to use a process involving overwriting data as each sector may actually be in a completely different place each time you try to overwrite it.

Robert’s proposed solution to this is to encrypt all data on SSDs, regardless of whether they’re in mobile devices or not. This way, the data can be rendered unreadable simply by erasing the encryption key.

It’s worth considering and factoring in to asset disposal processes.

Advertisements