Best practice: Wipe drives before shipping them or returning them to FireEye

Version 15

    FireEye recommends wiping hard drives before you ship them to another location or return them to FireEye. Because FireEye serves many industries with a wide variety of data protection compliance needs, the appliance owner is responsible for wiping the drives in accordance with their corporate policies or preferred best practice. FireEye can not guarantee the security of any data remaining on hard drives returned to us.


    Hard drives from FireEye Appliances


    To wipe and/or return drives from FireEye Appliances, use the method that best complies your corporate policy or preferred best practice:


    • Use the 'Wipe Appliance Media' option available in the Tools menu of the Grub bootloader in version 8.0 and later
      • Available on x500 models only.
      • Only accessible via serial console or direct video/keyboard connection.
      • Password for Tools menu must be set from CLI:

        (config) # boot bootmgr tools password <0|7> <password>

    • Use the RAID controller to low-level format the drives.

    Caution: This is neither a recommended nor secure method.

    • Remove the drives from the FireEye appliance and use an external method to securely wipe them. Your external method must accommodate SAS disks mounted in drive caddies.
      • All 3xxx and higher appliances have swappable disks; removing these disks does not void the warranty
      • Removing the disks from the 1310, 1400, 2310 and 2400 series appliances will void the warranty
    • Keep the drives and dispose of them by your preferred method.
      • You will incur the full cost for the replacement drive.



    Legacy MIR controllers


    Legacy Mandiant MIR controllers have optical drives, enabled USB ports and are PXE-bootable. The optical drive can be used to boot from a bootable ISO allowing you to wipe the drive.

    You may use any third party software which provides a bootable disc to wipe the drive.


    Example: DBAN

    Instructions for creating a DBAN* CD are in the Readme.txt file included in the DBAN download. Once you have created a bootable DBAN CD:

    1. Place the DBAN CD into the MIR appliance CD drive and reboot the machine.
    2. Use the console to access the DBAN menu for starting and monitoring the wiping process.
    3. FireEye recommends using the autonuke option.