From the course: CompTIA Network+ (N10-009) Cert Prep

Lifecycle management

From the course: CompTIA Network+ (N10-009) Cert Prep

Start my 1-month free trial

Lifecycle management

- I have an old hard drive here, which I can easily identify as such because it's a 3 1/2 inch drive. Nowadays, we use solid-state drives with an M.2 interface. I need to dispose of this older drive, but what's the proper procedure? As a network technician or any technical professional, it's important to follow the correct procedures for disposing of outdated IT equipment. Simply discarding it is not advisable. Understanding the following proper disposal methods is essential. You can't simply discard old items because of two reasons. You need to check with your city ordinance for one, and it could be a security threat. In this episode, we'll discuss how to handle end-of-life devices and software. First is asset disposal. The process of properly retiring old equipment for removing is known as IT asset disposal, ITAD. To begin with, it is essential to establish an audit trail for devices within your organization. These devices can be located in various places, such as office cubicles or network closets, and they may occasionally need to be relocated, especially if they're going to be replaced. Ensure you maintain a detailed chain of custody to confirm all appropriate actions have been taken and that the information stored in the equipment has not been compromised at any point. Asset tags play a crucial role in this process. Additionally, it is important to secure these assets properly. Outdated devices should not be left in storage rooms indiscriminately until disposal. Instead, they should be placed in a secure location, tagged accordingly, and, depending on the type of device, locked away to ensure their safety. This information should be logged in an asset management system, which most companies with IT equipment have. The system will contain details such as the make, model, serial number, IP address if appropriate, and purchase date. Afterward, you need to arrange for secure disposal. A decision must be made to either update an entire generation of equipment to replace outdated ones or not. It is not a matter of selectively choosing certain devices for upgrade. For example, in educational institutions, when upgrading a computer lab, the entire lab is typically updated rather than just a few computers. Ultimately, it is important to find a reliable company to handle disposal. There are many options available, so thorough research is necessary. Additionally, some devices that are not too old can be repurposed or resold. It's super important to make sure any company offering IT asset disposal services is certified and you can get a certificate of destruction once that's accomplished. When it comes to data destruction, you've got to take it seriously, especially with hard drives. Just formatting isn't enough anymore. Forget the old DOS undelete command from back in the day. There are experts who can recover what's called remnants on your drive. To really wipe those drives clean, you need software that uses Department of Defense, otherwise known as DoD, 5220.22-M standards. Basically, this means that the drive has to go through at least three passes of a formatting process to be compliant with the standard. You can also shred disks with a heavy-duty shredder or use a strong magnetic field to completely wipe certain types of drives. For other devices like switches or routers, just make sure you do a factory reset. The last step is to update the IT equipment inventory with the disposal details to match it up with the accounting records. Your inventory should list everything about the device's end of life, like how and when it was disposed of and any value you got from it. So, basically, don't just toss devices out. That's a big no-no. Be sure to use asset tags. Almost every organization has some kind of system for managing inventory using these tags. Check your local rules because some devices can't just be thrown out with the trash. And definitely, follow all steps I mentioned. They'll be on the exam. Software can also be considered an asset, whether owned or licensed, and needs to be nearly the same handling as hardware. Before diving into end-of-life software, remember that software can also reach an end of license, but we'll talk about that later. End-of-life software usually isn't supported anymore, meaning no new updates or patches are being deployed. As everything else keeps advancing, including security threats, this old software becomes a major vulnerability. Managing software assets is almost the same as managing hardware and other assets. Most asset management systems can keep track of software that's been bought or licensed. Organizations should have a complete inventory of all software. Whether it's installed or not, as a single source of truth, you should have that in your software inventory. If any devices were used to install the software, they can be safely destroyed. But replacing end-of-life software should follow the same procedure used in the software development life-cycle, the SDLC. Getting rid of or destroying EOL software is usually covered by an end-user license agreement, otherwise known as an EULA, that came along with the physical media or as part of a contract. ELUA terms can vary from one provider to another, even if the company software is hosted on a cloud service, like a platform as a service or infrastructure as a service or is installed in a data center. Keeping it updated is important for both operations and security. Keeping software up to date after it's bought, developed, or licensed is called patch management. This includes managing and applying patches and fixes to software in production and deployment environments, including firmware for devices like computers, printers, scanners, and network gear. Patch management typically has different processes for an organization's production systems and networks compared to desktop and portable computers. Desktops and portable computers can usually be set to automatically check for updates and install them. Networks, including servers and network-attached devices, are managed by centralized software or patch management programs. Using third-party software, the software and firmware on network services and devices can be checked for missing updates and patches, which can be downloaded and applied as needed. When it's time to retire a system, whether it's a server, software, hardware, or anything network-related, the process is called decommissioning. This includes disposal, retirement, sunsetting, and phasing out. Decommissioning isn't just about shutting down or throwing out equipment. If it's owned by a government contractor or an agency, the process can be very detailed. Luckily, for the Network+ exam, you just need to know what decommissioning means and generally what it involves. So, let's dive in. There are five main types of system decommissioning. There's going to be partial, full, data, application, and infrastructure. Partial decommissioning gets rid of specific parts of a system. Full decommissioning retires or disposes of the entire system. Data decommissioning destroys all parts of databases and storage systems. Application decommissioning retires outdated or unneeded software. Infrastructure decommissioning is the retirement of an organization's computer services, like moving to the cloud. The decommissioning process involves checking dependencies and impacts of retiring a system or a device, ensuring any retired data is handled according to laws or regulations and documenting everything done, including results and verification of success. Getting rid of IT stuff needs some structure. No matter what the component is, it should be considered part of an organization's security policies.

Contents