Network Equipment Sanitization: Documenting Factory Resets with Revoke

When organizations think about data destruction, they think about servers and hard drives. They think about laptops and desktops. What they often overlook is the network infrastructure sitting in the same racks: switches, routers, firewalls, wireless controllers, and load balancers. These devices store sensitive data too, and they need to be sanitized before they leave your control.

This article covers what data exists on network equipment, why factory resets need to be documented, how the Revoke tool automates the process, and how it integrates with ExpungeData for tamper-evident certificate generation.

Why Network Equipment Needs Sanitization

Network devices are not just dumb pipes. Modern enterprise network equipment is a sophisticated computing platform running a full operating system with persistent storage. When an organization decommissions a switch, router, or firewall, that device may contain:

• Configuration files: Running and startup configurations that describe your entire network topology -- VLANs, subnets, ACLs, routing protocols, interface descriptions, and management IP addresses. This is a blueprint of your internal network.
• Authentication credentials: Local user accounts, RADIUS/TACACS+ shared secrets, SNMP community strings, SSH keys, and API tokens. Even hashed passwords can be cracked, and many devices still store credentials in reversible Type 7 encoding.
• VPN and encryption keys: IPsec pre-shared keys, SSL/TLS certificates, and WPA keys for wireless controllers. These could allow an attacker to decrypt intercepted traffic or establish unauthorized VPN tunnels.
• Routing tables and protocols: OSPF, BGP, and EIGRP configurations reveal internal routing architecture, autonomous system numbers, neighbor relationships, and route filtering policies.
• Firewall rules and ACLs: The complete security policy of the organization -- what is allowed, what is denied, and which hosts are considered trusted. This is an attacker's wishlist.
• Logs and session data: Syslog buffers, session tables, NAT translations, and DHCP lease records that reveal internal host activity, IP addresses, and traffic patterns.
• License keys and entitlements: Software licenses tied to the device serial number that may have value or contractual restrictions on transfer.

In 2023, ESET researchers published findings after purchasing used enterprise routers on the secondary market. Over 56% of the devices still contained full configuration data, including IPsec credentials, VPN configurations, and hashed passwords. Several devices belonged to organizations in regulated industries. The owners almost certainly did not intend for that data to leave their control.

The Problem with Manual Factory Resets

Most ITAD operators know they should factory-reset network equipment before resale or recycling. The problem is how it gets done. In a typical operation, a technician connects to the device via console cable, issues the appropriate reset command, and waits for the device to reboot. If everything goes well, the configuration is erased.

But "if everything goes well" is doing a lot of heavy lifting. Common failure modes include:

• Incomplete resets: On some platforms, a factory reset does not clear all storage locations. Cisco IOS devices, for example, may retain files on flash: or bootflash: that are not removed by write erase. Juniper devices may have data in alternate partitions.
• Forgotten storage locations: Many devices have multiple storage areas -- nvram, flash, USB slots, compact flash, or secondary boot partitions. A manual reset may clear the running configuration but miss backup configurations, crash dumps, or tech-support archives.
• Skipped devices: In a batch of 50 switches, it is easy to miss one. Without systematic tracking, there is no way to verify that every device was actually processed.
• No documentation: Even when the reset is performed correctly, there is typically no record beyond the technician's memory. No timestamp, no serial number log, no verification that the reset completed successfully.

This is the same documentation gap that plagues chain of custody in ITAD generally -- but for network equipment, the gap is even wider because most ITAD documentation platforms focus exclusively on storage drives and ignore network devices entirely.

What Revoke Does

Revoke is a network equipment sanitization tool built specifically for ITAD operations. It automates the factory reset process via serial console connection and produces structured documentation of every step.

Here is how it works:

Automated Device Detection

When a technician connects a device via serial console, Revoke detects the device vendor, platform, model, and firmware version automatically. It identifies the device's prompt style, command syntax, and storage layout without requiring the technician to know the specifics of each platform.

Vendor-Specific Sanitization

Revoke supports equipment from the major enterprise networking vendors:

• Cisco -- IOS, IOS-XE, NX-OS, and ASA platforms. Handles write erase, flash cleanup, NVRAM clearing, and license deregistration.
• Juniper -- Junos OS platforms. Performs request system zeroize with verification of both partitions.
• Arista -- EOS platforms. Executes full zeroing of startup-config, flash, and extensions.
• Dell -- OS6, OS9, and OS10 platforms. Clears startup configuration, crypto keys, and user accounts.
• HPE Aruba -- ArubaOS-Switch and ArubaOS-CX. Performs factory default restoration including management module flash.

For each vendor and platform, Revoke knows which storage locations need to be cleared, which commands to issue, and what the expected output looks like at each step. It does not rely on a single "factory reset" command -- it performs a comprehensive sanitization that covers all storage locations on the device.

Serial Console Verification

After issuing the sanitization commands, Revoke verifies that the reset completed successfully. It reboots the device (when supported) and confirms that it comes up in a factory-default state with no residual configuration. This verification step is captured in the documentation, providing evidence that the reset actually worked -- not just that it was attempted.

Structured Output

For every device processed, Revoke produces a structured record that includes:

• Device vendor, model, serial number, and firmware version
• Hostname and management IP (pre-reset, for identification)
• Timestamp of sanitization (start and completion)
• Commands issued and their output
• Verification result (pass or fail)
• Operator identity

Integration with ExpungeData

Revoke's structured output is designed to feed directly into ExpungeData for certificate generation. This integration bridges the gap between network equipment sanitization and the documentation platform, providing a complete chain of custody for all equipment types -- not just storage drives.

When Revoke processes a device, the sanitization record can be imported into ExpungeData and associated with the parent system or batch. From there, it receives the same treatment as any other sanitization record:

• Inclusion in tamper-evident certificates of data destruction with SHA-256 verification hashes
• QR code verification for printed certificates
• Audit-ready exports for compliance reviews
• Linkage to the broader batch or work order for the client

This means a single certificate can cover the complete sanitization of a data center decommission: servers, storage drives, and network equipment, all documented in one place with consistent formatting and verification.

The Value of Documented Network Sanitization

For ITAD operators, documenting network equipment sanitization provides several concrete benefits:

• Complete service offering: Clients increasingly expect their ITAD vendor to handle all equipment types, not just servers. Being able to provide certificates that include network equipment differentiates your service.
• Regulatory compliance: Frameworks like HIPAA and PCI DSS apply to all systems that store or process regulated data -- including network devices. A firewall that processed cardholder data is in scope for PCI DSS data destruction requirements.
• Resale value protection: Documented sanitization increases the resale value of used network equipment. Buyers in the secondary market are increasingly wary of devices with unknown provenance, and a sanitization certificate provides assurance that the device is clean.
• Liability reduction: If configuration data from a resold device is later used in a security incident, documented sanitization is your defense. Without documentation, you cannot prove the reset was performed.

Getting Started

Network equipment sanitization is a gap in most ITAD operations' documentation. The devices get reset -- usually -- but the process is manual, undocumented, and inconsistent. Revoke automates the sanitization process across Cisco, Juniper, Arista, Dell, and HPE Aruba equipment, and ExpungeData provides the documentation layer that turns a "trust us, we reset it" into a verifiable, tamper-evident record.

Your clients' network equipment contains the blueprint to their infrastructure. Treat it with the same rigor you apply to their storage drives.

If you are an ITAD operator looking to add documented network equipment sanitization to your service offering, or an enterprise that needs verifiable proof that your decommissioned network gear was properly sanitized, contact us to learn more about Revoke and ExpungeData.