.

News

Technology

Do I have to Erase a Network Switch?

Do I have to Erase a Network Switch? It’s a good question, why erase a Network Switch, a router, a firewall or even an access point? They’re not data-bearing devices like a Hard Drive or Mobile Phone. Surely a factory reset or a format or deleting the config will do the trick?

A Hackers potential delight!

Unfortunately, not. Networking devices are data-bearing devices, not in the true sense of the word, in terms of user GDPR-type personal data, but they contain extremely precious and sensitive information. The config data can include passwords, IP Addresses, and Domain Names. If you can determine the device’s original location, it’s like leaving your keys hanging outside your front door. It could be a hacker’s delight.

Hang on; surely an IT Manager would change the passwords and config data when removing an asset from their network. You’ll be surprised to hear it’s not always the case. I recall a conversation from a few months back of a scenario where an IT Operator was tasked with upgrading the Firewall on their Network. To save time and effort, the simplest method to swap the device was to back up the data on the old firewall and restore the config to the new device. Hey, presto! Job done! However, the old appliance, now on its way to their trusty ITAD, had the same security credentials & passwords as the live device in the Network. Whoops!

OK, so how do you Erase a device?

So, how do you erase a Networking Device? Sadly, it’s not as simple as it should or could be. The Networking device manufacturers should have focused more on effective & safe data erasure than they have. There is now a ‘Write Erase’ command on some of the newer products, which does as it says on the tin. For everything else… it depends. The first issue is to find where the data is stored. Devices have multiple internal data storage media, including; NVRAM, Flash, and SSD, to name a few.

The challenge continues; identify all the storage within the product, and you must safely remove the data. We are all familiar that to erase data from a Hard Drive or SSD, deleting or formatting doesn’t remove data. It just informs the device that you can use that part of the media for storing new data; eventually, the old data will be over-written. The same theory can be applied to the storage media on a Networking device. As with an HDD or SSD, the only effective method to safely remove data is performing a complete overwrite of the media. Typically, this is done by writing a random data pattern to fill up the media, therefore overwriting any data that was previously there.

Is there a Solution available?

The market has reacted slowly, and even some of the largest Data Erasure Software providers have struggled to provide a reliable solution. The issue is that to perform this overwrite, you need to take control of the device. A compelling blend of hardware & software is the only reliable approach.

Ultratest offers a powerful solution named Nemesis, the only ADISA-certified Network Erasure Solution available. We invite you to learn how Nemesis can benefit you; read on…

Corporate

Genesis recertified ADISA Product Assurance

Genesis recertified ADISA Product Assurance, including NIST 800-88

We are excited to announce that Genesis, the leading solution for repairing, testing, and wiping Hard Drives & SSDs, has successfully recertified through the ADISA Product Assurance Scheme.

Genesis was the first product certified under the Product Assurance scheme in 2019.  The scheme has been enhanced to now include NIST 800-88 compliance verification.

Genesis, the most advanced solution

Over many years, Genesis has earned a reputation as the leading solution for processing used Hard Drives & SSD. Unlike other products that merely test and erase devices before resale, Genesis utilises advanced techniques and processes, typically reserved for the drive manufacturers, to restore health and ensure the highest quality. Furthermore, Genesis boasts a remarkable yield rate thanks to its superior ability to unlock drives that other solutions cannot.

Over many years, Genesis has earned a reputation as the leading solution for processing used Hard Drives & SSD. Unlike other products that merely test and erase devices before resale, Genesis utilises advanced techniques and processes, typically reserved for the drive manufacturers, to restore health and ensure the highest quality. Furthermore, Genesis boasts a remarkable yield rate thanks to its superior ability to unlock drives that other solutions cannot.

Who is ADISA Certification, and what is Product Assurance

ADISA Certification is the go-to organisation for product and service certification. Their ADISA Research Centre (ARC) is an independent certification body that conducts product certification. The certification schemes’ purpose is to evaluate sanitisation software’s effectiveness using the Product Assurance (PA) scheme provided by ARC. This scheme scrutinises whether data sanitisation products can comply with sanitisation standards and guidelines, specifically NIST Special Publication 800-88 Revision 1 and/or IEEE Std 2882-2022, by assessing if the product can issue standard-compliant commands to storage media.

What is NIST 800-88?

NIST 800-88, also known as NIST Special Publication 800-88 (NIST SP 800-88), has become the industry standard for data erasure and provides comprehensive guidance on safely & effectively erasing data from storage media. The standard was initially created for the US government use but has since been adopted by companies and governments worldwide to ensure secure media sanitisation. 

The NIST guidelines cover all types of storage media, including magnetic, flash-based, and other technologies, and outline three sanitisation techniques: Clear, Purge, and Destroy. The ultimate goal is to ensure that all data stored on the media is permanently erased and cannot be retrieved.

ADISA ARC Test Conclusions

The Product Assurance tests include 14 separate examinations of compliance with the NIST SP 800-88r1 guidelines. To be considered compliant, the laboratory must verify the commands sent to the device in either Table A-5 or Table A-8 of NIST SP 800-88r1.

During the tests that required verification of NIST SP 800-88r1 CLEAR, the ARC determined that all tested devices were compliant because the software’s commands matched the specifications in NIST SP 800-88r1.

Similarly, during the tests that required NIST SP 800-88r1 PURGE verification, the ARC found that all tested devices were compliant because the software’s commands matched the specifications in NIST SP 800-88r1.

Steve Mellings, Founder & CEO of ADISA Group, commented…

“Compliance to NIST 800-88 guidelines means much more than having a dropdown on the software; the sanitisation engine must issue specific commands to drives based on their type and interface. The software must also react to the drive if the command is not supported again, issuing a different command to achieve the desired outcome. Our testing of Genesis was done over several weeks. It involved many combinations to ensure we are confident that it complies with the sanitisation requirements as listed in NIST 800-88”.

Thomas Gardner, Product Sales Specialist at Ultratest Solutions, continued…

“Certifications genuinely reflect the hard work, dedication, research, and investment it takes to create a market-leading product. Our solution has been endorsed by ADISA, the reputable certification organisation recognised worldwide. This endorsement assures our customers that our product meets all industry standards, such as NIST, giving them the utmost confidence in our solution”.

For further information, please get in touch with us here, or contact ADISA Certification at https://adisarc.com.

Product Update

Expand your Hard Drive production with GenesisXP

Increase throughput, reduce cost and grow revenue.

Margins in the Hard Drive processing sector have been under pressure for some time. As a result, we have designed GenesisXP to reduce operating costs, increase revenue, and ensure compliance.

How does it work?

Genesis provides industry-leading technology and repair capabilities, not seen in any other solution. Uniquely, the functionality delivers unparalleled results with the highest possible yield. GenesisXP enables the expansion of your Genesis infrastructure by attaching additional Disk Enclosures (JBODs) for Test, Erasure & Grading.

What is equally important, failed drives from GenesisXP or passes at Grade B or C, maybe repairable. Genesis can recover and refurbish many of these devices. In essence; Increased throughput, reduced cost and revenue growth.

GenesisXP Server

All Genesis Systems (8, 16, 32, 64 & 96-Port) are compatible with GenesisXP.  The XP solution is connected through a dedicated Server with four SAS/SATA (SAS 3G/6G/12G) outputs attaching to your chosen Disk Enclosures.  The Server can be installed neatly in the Genesis cabinet, likewise externally in a Disk Enclosure cabinet of your choice.  GenesisXP is compatible with all the major enclosure brands, except IBM StorWize.

GenesisXP Screenshot
GenesisXP JBOD Selection Screen

Integrated Solution & GUI

GenesisXP seamlessly integrates into the Aurora GUI/TouchScreen.  Simply toggle through the enclosures to view individual drives on test.  The Ultratest Online Web Portal is used to manage all test/erasure processes.

View individual drives & test logs

Licencing options

GenesisXP licensing is available for all Genesis configurations, providing additional concurrent active ports, of; 32, 64, 96 or 120+. Testing of over 120 drives is possible with potential performance deficits. Installation of additional servers will provide maximum test speeds. We would advise running additional GenesisXP servers to retain the highest possible speed.

Contact us for further information and pricing.

Technology

ITAD’S, ARE YOU SURE YOU’RE PROCESSING YOUR NETWORK PRODUCTS…

Written By Adam Burrett (Network Engineer, Nemesis Designer)

Introduction

When networking hardware is in use, network engineers are conscious to make sure they can always get back to a working configuration without having to redo the whole thing.  Especially if it is remote.

So they tend to make a backup of the running / start-up config onto flash (I know, I used to).  They may also carry out packet traces on the device, and store these in the flash and not delete it once finished.  If this is a device that carries voice traffic that could include voice calls.  With the right knowledge, you can download that file and listen to the call.

When that device becomes end of life the following need to happen:

  1. The startup configuration is erased
  2. Any backup configs are erased
  3. Any traces are erased
  4. Any file, that is not an operating system, is erased

You will notice that I have bolded the word erased.  This is because erased data is not the same thing as deleted data.

If you delete a file from flash, you have not deleted it.  You have removed the pointers to that file, and marked it to be overwritten when more storage is needed. 

Flash tends to only allow you the option to format to totally clear it.  This again, does not delete any of the data.

This data can be recovered using the right tools, in some instances just a compact flash card reader and a Hex editor.

The challenges

Maintaining Value

The main problem when processing networking equipment is that there are so many different types, each with their own unique processing method and varying levels of erasure commands.

The second major problem is maintaining the value of the asset.  One wrong command and you can turn a £2000 switch into a £200 switch, or a piece of scrap.

A large number of ITAD companies currently sell their networking devices in bulk to upstream vendors for a much reduced value, potentially losing thousands of pounds on each batch they sell.

Complete Data Erasure

To date ITAD company’s process networking equipment follows the NIST Clear standard.  This is the only standard that has been available to them.  Using the NIST clear, and manual deletion options has a high risk of missing user data and sending devices out with confidential customer data (i.e. passwords, customer names etc.).

There is a NIST Purge standard for network equipment, but this is vendor and product specific and does not lend itself to the objective of maximising the retained value of the asset as it will clear all software and licenses at the same time.  If the ITAD is not careful, this may not be recoverable to an operational system and will result in loss of revenue for them.  In time, this will then increase the costs of those services to you the disposal customer.

Processing Time

To process a device to NIST Purge can take time to ensure that all user data is cleared, depending on the device.  This also requires a reasonable knowledge of networking hardware to either know the commands, or know how to get the commands. 

Staff resource

The majority of companies that process their own networking equipment rely on a single member of staff, so when that person is absent no networking equipment is processed.

The Solution

The new Nemesis Network Erasure product from Ultratest Solutions marks a revolutionary step forward in the processing of networking equipment collected by ITAD companies.

By utilising the Nemesis you gain the following:

  1. Simple to use, reliable and repeatable erasure process

Your Teams do not need to understand every device they are erasing.  The solution detects the type of device, and processes it accordingly.  It is just point and click.

  • Allows erasure of products even if the OS has been deleted by the customer before the ITAD collected the devices.
  • Utilises the VIP (Vendor Independent Purge) standard developed by Ultratest engineers to ensure that all data is fully erased.
  • Confidence in providing erasure certificates that can be complimented by a full erasure report that can be provided to the customer.
  • Maximise the value of any asset by bringing the device fully into an operation condition at the end of the erasure process.

To find out more, as to how Nemesis can benefit your operation, please get in contact and we will be happy to arrange a time for a consultative call to discuss your individual needs and challenges.

Corporate

Ultratest joins ASCDI

Ultratest are excited to of joined ASCDI, one of the leading & most established trade association in the ICT sector.

We are looking forward to proactively contributing, along with our fellow members, to help create a safer and more sustainable industry, by promoting more secure and ecologically sound processes and practices.

Announcement – ASCDI Website

Technology

“Let’s not focus on the ‘r’ word, within a…

When discussing key attributes and intricacies within a Circular Economy the word that is bounded around more than any other is ‘Recycling’.  While recycling is a component of the Circular Economy, it should be by default the last and final by-product, and thus its status should be very much last in the conversation.

The dialogue that should precede the ‘R’ word should include such topics as; ‘Circular Design’, ‘Reuse’, ‘Rental’ and ‘as a Service’ or ‘subscription’.  Thankfully, global manufacturers are starting to consider these key objectives when developing products and services.  Questions such as; how can product design best compliment a circular economy and deliver sustainability with minimal impact on the environment are paramount.

As a smaller manufacturer, at Ultratest Solutions we still asked ourselves that very same question.  Let us look at how this steered our product development and philosophy when designing Genesis.

By the nature of our solution, Genesis is designed to enable the reuse of millions of Hard Drives & SSDs, rather than condemning them to the shredder and subsequently the waste stream.  All-be-that fantastic, we are still talking about the ‘R’ word or at best reuse & product upcycling.

We took the decision to develop our solution based on a ‘Rental’ and ‘Subscription’ model, so why?  Typically, one-off sales of product tend to be linear.  Products are sold and when no longer needed tend to be scrapped or hopefully repurposed.  Therefore, by working on a rental and subscription basis, we as the manufacturer, have understanding of where our products are and when a customer no longer requires the solution we have the ability to recall the hardware so that we can refurbish, update and re-deploy with a new client.  The subscription element is also crucial, as without it the product has no function, even should the product fall into the wrong hands, without our knowledge or consent, they would have to contact us enable functionality and bring any value back to the solution.  Thus enabling us to keep control of it use and lifespan.

Initial design and production methods are taken into account when developing solutions.  Genesis is designed in a modular format.  Where possible, non-proprietary products have been utilised, so that in the event a particular piece of equipment being no longer required, it can be repurposed for general use, outside of our intended application.

Initial design and production methods are taken into account when developing solutions.  Genesis is designed in a modular format.  Where possible, non-proprietary products have been utilised, so that in the event a particular piece of equipment being no longer required, it can be repurposed for general use, outside of our intended application.

Proprietary components of the solution have been designed in a method whereby individual components can be upgraded while retaining the highest number of standard components, such as metal chassis and drive load bays etc.

Since we lease our solutions and the customer is not the owner of the equipment, it is very easy to run client upgrade programs when required, as we have knowledge of the locations and ownership of the product.

This approach is far from being unique, but is generally rare for a small to medium size manufacturer.  However, it is a model that can be adopted by many and would greatly support the achievement a more sustainable existence.

We are happy to talk about our experiences and challenges, so please do feel free to make contact.

Media

How a processor brought drive wiping and repair to…

Read the latest article on Genesis, from E-Scrap News’s Jarod Paben

Amid growing data security concerns, U.K.-based Ultratec has seen greater reluctance among its customers to ship unwiped drives to Ultratec’s plants for data sanitization. Bringing drive processing capabilities to customers’ sites alleviates those concerns.

Ultratec, a group of U.K. companies specializing in wiping, repairing and testing HDDs and SDDs, launched a product called Genesis this year. A hardware and software platform, Genesis erases, tests and repairs drives.

Read the full article here.

Technology

‘Can I make my ITAD process more profitable’?

Absolutely you can, let us explain how & why. We fully understand that End-User clients will stipulate which Data Erasure methods and certifications (CPA, Common Criteria, DIPCOG, TUV, NATO, ADISA etc.) to be used. Some may even demand a specific software vendor. It’s a minefield for customers, understanding what is current or historic, best practice or not and what is legally required. OK, so let’s see how ITAD’s can compliment or in some cases replace some of today’s model with innovative & clever technology.

ADISA is the only body to certify erasure on Solid State Drives (SSD) as part of their accreditations .

All ITAD’s have a existing method for ‘in-situ’ data erasure (wipe-in-device), for laptops, desktops & servers, as well as ad-hoc solutions for loose drives. We’ll explore how adding a complimentary technology, like Genesis, can add value to the process .

How do things operate today? In the traditional ITAD model (as per the fig. 1), if the drive fails the data wipe it would need to be physically destroyed to meet contractual obligations.

ITAD’s may also use an independent health-check software to test and verify the quality of storage devices prior to re-purposing. Any devices that have low heath may also be condemned to the shredder.

The enhanced model demonstrates… (see fig. 2) two huge advantages. Firstly, failed drives are recovered usually at a rate of over 60% allowing them to be repurposed & reused. Secondly, when processing loose drives there is no need for the use of additional third-party health-checking software.

Ultimately, the “Enhanced Recovery Model” provides; better sustainability through reduced waste, higher quality of products (with less RMA’s!) and an increased revenue stream by yielding more product for resale.

BEWARE… “An erased drive is not a fully tested drive”.

Not only does Genesis test, repair and erase a drive, it also runs a complex health-check algorithm to provide you with an accurate Guardian Score (% health). Delivering the highest confidence in product quality.

Don’t just take our word for it… The unique ability to repair, erase & test a drive has been fully verified and certified by ADISA. After a thorough examination and data forensics analysis, ADISA awarded Genesis with their ‘Product Assurance’ certification. More information can be found here on the ADISA website.

Taking it to the next level, you can use Genesis as your ‘one-stop-solution’ for repair & data erasure, providing even stronger financial gains, with reduced labour and licencing fees.

We’re confident of our technology… but, rather than taking our word for it, we’d be happy for you to trial our solution. Contact us and we’ll be happy to discuss your requirements.

Genesis is available in a range configurations to meet everyone’s needs. To find out more please click here.

*Yield figures are based on data from typical usage from devices that are not deemed as physically faulty or damaged.

Product Update

Genesis Guardian – Health Check your Hard Drives

Guardian is an integral bench-marking tool built into the Genesis software to enable users to easily check the health of drives in ‘real-time’. The score is presented as a simple percentage of health. This also provides confidence when buying and selling drives, knowing the health of a drive in an easy to understand way. The score can be viewed on the Aurora GUI or reported via the Genesis Portal.

Streamlined solution

Guardian is configured as a standalone solution across all Genesis models, with no need for any ‘third-party software’. The Guardian health score is automatically displayed on the Aurora GUI on your Genesis display in both the drive cell and the status panel on the right of the screen during the repair process. Full report generation and DUT level analysis is available via the Genesis Online Portal.

The Guardian algorithm

Guardian uses a number of complex algorithms across a number of key attributes within the device to accurately calculate the health of a drive. By providing a ‘before & after’ score, customers are able to precisely measure the improvement & reliability of product produced by their Genesis.

Maximising the value of drives

Genesis’s sophisticated & industry leading repair techniques have the unique ability to regenerate & fix unhealthy drives. Guardian benchmarks the level of health, both prior and post repair. Enabling customers to maximise the financial return on the resale of product by selling more grade A drives.
Corporate

Ultratest’s Genesis first to pass ADISA product assurance test

Proud to announce…

Ultratec Group, the leading provider of data security services and solutions, announces that Ultratest Solutions, a division of Ultratec, is the world’s first successful applicant to pass the ADISA Product Assurance Test on its new Genesis Hard Drive Repair & Data Sanitisation product.

The Asset Disposal and Information Security Alliance (ADISA) launched its Product Assurance service in 2020, to provide a higher level of accreditation to the internationally recognised ADISA Product Claims Test that assesses the capabilities and development of software overwriting products.

Ultratest’s Genesis product is a fully automated, standalone solution for volume Data Erasure, Drive Test & Repair on SSD and Hard Drives. Genesis has been born out of more than 20 years of knowledge and experience in data wiping & servicing hard drives. The technology has been designed with the aim of providing an easy-to-use automated platform for data sanitisation, with unique features including the repair of drives to a Grade A zero-defect standard.

Genesis was submitted to the ADISA Research Centre under test reference ADPC0064 and underwent significant forensic testing on a sample of magnetic and solid-state drives. During the laboratory tests, destructive forensic methods were applied to the test media to attempt to recover data with those attempts being unsuccessful.  In addition to the Product Assurance assessments, a Penetration Test was carried out positively to ensure secure online use.

Jon Woodward, Managing Director at UltraTest said,

“We are delighted to be the first to be granted the ADISA Product Assurance accreditation. This certification is a clear endorsement of Ultratest’s ability to meet the highest standards of data erasure and test solutions in the Hard Drive & Data Storage sector.

“Genesis represents a substantial market opportunity for Ultratest and is a key component in Ultratec Group’s strategy to expand the suite of quality services we can provide our customers and enhance shareholder value.”

Dr Andrew Blyth, head of the ADISA test lab commented,

“The Product Assurance checks not only ability of the software to successful overwrite data but also checks the competence of the software developer to create a consistent and viable product moving forward. It is the most comprehensive test worldwide for software overwriting tools on all media types.”