Server Equipment Disposal

Introduction

Server hard drives should be wiped before disposal. If they are not, Virginia Tech data may be exposed to whomever obtains the server. Servers will have at least one physical hard drive and possibly more drives configured in a logical RAID array. This procedure covers how to wipe each physical hard drive. Before following this procedure, you must know how many hard drives are in the server.

Procedure

1. Make sure to copy all the files that you wish to keep from the server.
2. Download the latest Debian ISO image and copy it onto a CD, DVD or USB stick. Follow the Debian instructions on how to do this.
3. Set the server to boot from CD, DVD or USB.
4. After booting Debian, wipe each physical hard drive using this command.

   $ dd if=/dev/urandom of=/dev/YOUR-HARD-DRIVE-LABEL bs=1M
   

5. The process may take anywhere from several hours to several days (depending on the size of the hard drives).
6. Once the process is complete, remove the CD, DVD or USB Drive, run this command, wait for it to finish, then power off the server.

   $ sync
   

7. Install Debian on the device. Use full disk encryption to encrypt all the drives. Be sure to select a long, random encryption password.
8. Surplus the server by following the instructions on the Surplus Procedures web page.

Other

If you have questions that are not covered in this procedure, please contact the Virginia Tech IT Security Office at itso@vt.edu for a consultation.