September 2009
Intermediate to advanced
307 pages
7h 46m
English
Content preview from Unauthorised Access: Physical Penetration Testing For IT Security Teams
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
10.6. Data Destruction
If organizations formalized (and followed) the actions laid out in this section it would make the lives of criminals and social engineers (and penetration testers) a lot harder. Sadly, most don't. This leads to confidential data on paper, digital media or hard drives falling into the wrong hands on a regular basis. I won't repeat the points I made in Chapter 6 but I will lay out firm guidelines for each type of media.
10.6.1. Disposing of Data on Digital Media
Too many companies throw hard drives in the trash when they've reached the end of their life or there's no room left in the cupboard for old kit that no one's going to use again. Very few bother to erase the contents first, although a few might perform a cursory format (which erases little). Then there are the companies that sell their old storage media on EBay. This is not the wisest idea. If you really must sell old equipment, ensure that the drives are cryptographically scrubbed using a tool such as DBAN (see Chapter 6 for further details.)
The following policy statements can help protect discarded data:
Floppy disks, USB drives and magnetic tapes should be cryptographically scrubbed before reuse using [insert preferred tool]. If physically defective, the disks should be destroyed by incineration.
CDs and DVDs should be shredded or cut into quarters before disposal.
Hard drives should be cryptographically scrubbed before reuse using [insert preferred tool]. If physically defective, these disks should ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.