Unique security problem - data security under fire

[nihil]

Hmmm,

If you find that an easy task, go ahead and try to convince me that you could easily go and wipe the HDD(s?) your yahoo geocities* website is on in less than 3 hours in the event of a country-wide blackout. No, go right ahead, I'm listening.

I do hope that you are joking there? if you are storing these data on a public domain computer you have already lost.

Firstly, you would not be able to wipe the drive(s) as you wouldn't even know which they were, let alone have admin rights to them. That is sysadmin rather than webadmin of course. And they keep backups as well, so it would be a waste of time.

Three hours seems rather excessive for a computer under your own control, and for which you would have backup power. Anyways that's why I suggested a distributed relational database. All you need to wipe is the sensitive data, not all the usual website crap, which shouldn't be anywhere near your sensitive data systems.

Also, just how much sensitive data do you have.........a while back a UK insurance company lost a laptop with about a million personal records on it..........do you have a million members? I doubt it And a laptop of that era probably had no more than a 250MB HDD......which would have the OS, Apps, recovery partition and whatever on it as well.

I think that you guys should really start with some serious contingency planning, or you will end up with the tail wagging the dog.

In all probability you will see that the excrement is about to hit the Venturi propeller long before it happens. You should have days rather than hours to implement "plan A" which is to erase the sensitive data in an orderly fashion.

A good product for this would be DBAN (Darik's Boot And Nuke) which wipes whole drives or "Eraser" which lets you create a DBAN medium and allows selective wiping as well. I would suggest both, so that you wipe obsolete data as you go along.

OK, there is no real security issue with obsolete data (or it wouldn't be obsolete) but if it is in the same tables as current (sensitive) data, then it prolongs the wiping process. LINKS:

http://www.dban.org/
http://eraser.heidi.ie/

I would recommend that you conduct some testing to see just how long it would take to wipe your sensitive data.

I suppose that "plan B" is the scenario where you are not warned in advance? I that case you want rapid destruction I suppose? There are a variety of methods that have been discussed, and I don't see legality coming into it if your nation is now in the hands of a hostile regime. In that situation legality comes in 9mm Parabellum, not from the statute books.

There is an intermediate strategy in which you remove the HDDs and get them offsite to dispose of at your leisure. Do replace them with encrypted drives full of garbage...........it would take anyone some time to spot the switch

Also, don't underestimate the enemy..............a standard military dogma I would have thought. If they have people smart enough to pull data from the RAM they WILL bring the right equipment to get into the case A lot of servers have locks, metal hoops and stuff, If only to stop people stealing them or their components, so it will hardly be a surprise, and might only serve to slow down your disposal process.

And the $64,000 question comes in two parts:

1. What makes you lot think that you are important enough to bother about, over and above the vastly greater number of regular and reserve personnel?

2. If any of you actually have a military background other than a dishonourable discharge that you have somehow managed to keep quiet, your information will be with employers, employment agents, military records and God knows where else. In the scenario you seem to be suggesting, anybody with a military background is going to be suspect, or none at all. I would guess that the only people with increased risk would be your members with no military background, and hence, no record.

In other words, what makes you think that a "hostile force" would be in the least bit interested, particularly as their most pressing requirement would be how to deal with your allies, NATO, the UN or whoever.............we're not talking about Atlantis here are we?


It would seem to me that the only plausible threat would be from your own law enforcement and/or national security forces, as only they would be in a position and capability to mount any viable form of surprise attack. As I suggested, I doubt if they would need to. If they saw you as a threat they would have infiltrated and mounted surveillance long before.

Are you really suggesting that your intel is that poor that you would not have sufficient warning to wipe, destroy, or remove your drives if the attack were external. If that were the case then you would be doing your nation a favour as your regular forces and agencies would be forwarned.

Incidentally, it takes me about 20 seconds to remove two 1TB drives from a computer..................without "special screws" of course..............speaking of which, what are you going to do about the screwdriver?

BTW, I have a tube of stuff called "liquid metal".............it sets in a few minutes to 80% of the strength of mild steel, I would just use something like that to "pad" the fit to a tool that I did have.