topic Re: INIT/ERASE in Operating System - OpenVMS

INIT/ERASE

Kevin Raven (UK) — Tue, 20 Mar 2007 10:51:51 GMT

I have some disk I need to destro data on.
I was thinking of booting from the OpenVMS CD and using INIT/ERASE ...Run it 7 times on each disk. After a few days ...Finished.

On my PC I have data shredders that conform to US DOD 7 pass erase standards etc etc ...

What does INIT/ERASE overwrite the disk with ?
Is it random 1's and 0's ?

The best solution I suppose is to send the disk to a disk destruction company.

Re: INIT/ERASE

Andy Bustamante — Tue, 20 Mar 2007 13:34:18 GMT

BAD LIVES

If you were around when PDPs roamed the datacenter and spent your nights running BAD from bootable tapes.

$ ANALYZE/MEDIA/EXERCISE=FULL (/pattern=)

I can point you at the utility, you need to review if this meets your requirements, possibily with an auditor or security person.

http://h71000.www7.hp.com/doc/73final/documentation/pdf/OVMS_BAD_BLK_UTIL.pdf

Andy Bustamante

Re: INIT/ERASE

Hoff — Tue, 20 Mar 2007 14:00:55 GMT

If you're even asking the question, erase (zeros or otherwise) and then slag the disk. Disks just aren't worth all that much on the used market, and certainly aren't worth the hassle.

On OpenVMS, you can load a pattern erasure via the $erapat mechanisms. The default is all zeros, but you can select a DoD pattern by loading an $erapat -- and the source code of one version is provided with various OpenVMS distributions.

For some existing discussions of disk data remanence and secure disk data erasure, start at:

http://h71000.www7.hp.com/wizard/wiz_4598.html

There's also a discussion of BAD (and low-level SCSI operations) over in the ATW area, at:

http://h71000.www7.hp.com/wizard/wiz_6926.html

The attached text is from the OpenVMS FAQ at www.hoffmanlabs.com/vmsfaq/ ... Other discussions are available, and can be reviewed by you or your site information security folks.

Stephen Hoffman
HoffmanLabs

--

5.42.6 How to perform a DoD security disk erasure?

Sometimes refered to as disk, tape, or media
declassification, as formatting, as pattern erasure,
or occasionally by the generic reference of data
remanence. Various references to the US Deparment of
Defence (DoD) or NCSC "Rainbow Books" documentation are
also seen in this context.

While this erasure task might initially appear quite
easy, basic characteristics of the storage media and
of the device error recovery and bad block handling
can make this effort far more difficult than it might
initially appear.

Obviously, data security and sensitivity, the costs
of exposure, applicable legal or administrative
requirements (DoD, HIPPA or otherwise), and the
intrinsic value of the data involved are all central
factors in this discussion and in the decision of the
appropriate resolution, as is the value of the storage
hardware involved.

With data of greater value or with data exposure
(sometimes far) more costly than the residual value
of the disk storage involved, the physical destruction
of the platters may well be the most expedient,
economical, and appropriate approach. The unintended
exposure of a bad block containing customer healthcare
data or of credit card numbers can quite be costly,
of course, both in terms of the direct loss, and the
longer-term and indirect costs of such exposures.

Other potential options include the Freeware RZDISK
package, the OpenVMS INITIALIZE/ERASE command (and
potentially in conjunction with the $erapat system
service) and OpenVMS Ask The Wizard (ATW) topics
including (841), (3926), (4286), (4598), and (7320).
For additional information on sys$erapat, see the
OpenVMS Programming Concepts manual and the OpenVMS
VAX examples module SYS$EXAMPLES:DOD_ERAPAT.MAR. Some
disk controllers and even a few disks contain support
for data erasure. Some DSSI Disk ISEs, for instance.

For the prevention of casual disk data exposures,
a generic INITIALIZE/ERASE operation is probably
sufficient. This is not completely reliable,
particularly if the data is valuable, or if legal,
administrative or contractual restrictions are
stringent-there may well be revectored blocks that
are not overwritten or not completely overwritten by
this erasure, as discussed above, and these blocks can
obviously contain at least part of most any data that
was stored on the disk - but this basic disk overwrite
operation is likely sufficient to prevent the typical
information disclosures.

You will want to consult with your site security
officer, your corporate security or legal office, with
HP Services or your prefered service organization,
or with a firm that specializes in erasure or data
declassification tasks. HP Services does traditionally
offer a secure disk declassification service.

Re: INIT/ERASE

John Gillings — Tue, 20 Mar 2007 23:12:31 GMT

Kevin,

>using INIT/ERASE ...Run it 7 times on each
>disk. After a few days ...Finished.

INIT/ERASE writes zeros (it has to so it can be used to init volumes to be put into a shadow set). That probably won't satisfy serious data erasure standards. It's fairly easy and fast to write a program which does block LOG_IO in a spiral write to hit every allocatable block on the disk with whatever you like. Even faster if you do multiple asynch streams. BUT you won't necessarily nuke ALL the data on the disk. There may be meta data, or replaced bad blocks, which the truly paranoid might consider a potential risk (of course if you actually WANT to recover the data, you often can't get it from a perfectly good disk, even without erasure attempts!)

>The best solution I suppose is to send
>the disk to a disk destruction company

How much does it cost? What about the risk of diversion? How do you know they don't just on sell them?

Might be simpler and cheaper just to bring a hammer to work so you and your colleagues to vent their cumulative frustrations against computers (you might even be able to charge a fee for the privilege ;-)

Re: INIT/ERASE

Robert_Boyd — Wed, 21 Mar 2007 08:50:53 GMT

It's still best to do some kind of data overwrite before physically damaging the drives. While there might be great personal satisfaction in taking a sledge hammer to a drive(a la TK50 Field Modification ECO, VAX Magic circa 1988?), simply whacking the drives doesn't guarantee that some clever person won't be able to examine fragments of a platter with the right kind of device to extract meaningful bits. A proper destruction will destroy the actual media substrate so there is actually nothing recognizable left.

Robert

Re: INIT/ERASE

Kevin Raven (UK) — Wed, 21 Mar 2007 09:22:08 GMT

Thanks everyone for the responses.
I have found a company that minces disc drives into dust. Our Audit department will verify their validity as a trusted company.

Cheers
Kevin