400 Chapter 17 ■ Physical Security
destruction of these materials. In most cases, shredding or similar destructive methods can
be used prior to disposal in order to keep information out of thieves’ hands. Management
should also dictate how each of these approved forms of storage can be handled and
destroyed.
Some of the methods used for sanitation are as follows:Drive Wiping Drive wiping is the act of overwriting all information on the drive. As an
example, DoD.5200.28-STD specifies overwriting the drive with a special digital pattern
through seven passes. Drive wiping allows the drive to be reused.Zeroization This process is usually associated with cryptographic processes. The term
was originally used with mechanical cryptographic devices. These devices would be reset
to 0 to prevent anyone from recovering the key. In the electronic realm, zeroization involves
overwriting the data with zeroes. Zeroization is defined as a standard in ANSI X9.17.Degaussing This process is used to permanently destroy the contents of the hard drive
or magnetic media. Degaussing works by means of a powerful magnet that uses its field
strength to penetrate the media and reverse the polarity of the magnetic particles on the
tape or hard disk platters. After media has been degaussed, it cannot be reused. The only
method more secure than degaussing is physical destruction. Figure 17.1 shows an example
of a drive degausser.FIGURE 17.1 A drive degausserIn some cases the options we’ve listed here may not be something you can
use because the media may contain information that requires the media’s
physical destruction. This is even true in the case of hard drives, where the
physical destruction of the device may be required, up to and including
melting down the device.