Best practice: Wipe drives before shipping them or returning them to FireEye

Version 13

    DOC-3086

     

    FireEye recommends wiping hard drives before you ship them to another location or return them to FireEye. Because FireEye serves many industries with a wide variety of data protection compliance needs, the appliance owner is responsible for wiping the drives in accordance with their corporate policies or preferred best practice. FireEye can not guarantee the security of any data remaining on hard drives returned to us.

     

    Hard drives from FireEye Appliances

    FireEye NX, EX, FX and AX appliances at this time do not have optical drives nor enabled USB ports that allow for use of popular third-party software such as DBAN for wiping drives. A secure data scrub feature is requested in COM-5346 and anticipated in a late 2017/early 2018 release.

    To wipe and/or return drives from FireEye Appliances, use the method that best complies your corporate policy or preferred best practice:

     

    • Use the RAID controller to low-level format the drives.

    Caution: This is neither a recommended nor secure method.

    • Remove the drives from the FireEye appliance and use an external method to securely wipe them. Your external method must accommodate SAS disks mounted in drive caddies.
      • All 3xxx and higher appliances have swappable disks; removing these disks does not void the warranty
      • Removing the disks from the 1310, 1400, 2310 and 2400 series appliances will void the warranty
    • Keep the drives and dispose of them by your preferred method.
      • You will incur the full cost for the replacement drive.

     

     

    Legacy MIR controllers

     

    Legacy Mandiant MIR controllers have optical drives, enabled USB ports and are PXE-bootable. The optical drive can be used to boot from a bootable ISO allowing you to wipe the drive.

    You may use any third party software which provides a bootable disc to wipe the drive.

     

    Example: DBAN

    Instructions for creating a DBAN* CD are in the Readme.txt file included in the DBAN download. Once you have created a bootable DBAN CD:

    1. Place the DBAN CD into the MIR appliance CD drive and reboot the machine.
    2. Use the console to access the DBAN menu for starting and monitoring the wiping process.
    3. FireEye recommends using the autonuke option.