HPE Community
Operating System - HP-UX
1756404 Members
3088 Online
108847 Solutions
New Discussion юеВ

Re: Best way to DOD wipe drives with sensitive data.

 
SOLVED
Go to solution
Steven Bucek
Frequent Advisor

тАО09-15-2005 11:01 AM

тАО09-15-2005 11:01 AM

Best way to DOD wipe drives with sensitive data.

I have several C3000's coming out of production that need to have the drives wiped to DOD standards due to the data they contain. Normally for these standard SE drives I put them in an wintel machine and use a DOD tool, however, I am upgrading several hundred machines (with 2 drives ea) and this method will not be acceptable.

Anyone have a good method to bulk erase these to DOD standards with hpux??
--To go forward, you must backup
0 Kudos
18 REPLIES 18
James R. Ferguson
Acclaimed Contributor

тАО09-15-2005 11:06 AM

тАО09-15-2005 11:06 AM

Re: Best way to DOD wipe drives with sensitive data.

Hi Steven:

If you are REALLY intent on reading what was once there, and acid-bath is about the only sure way to prevent this.

It *is* possible to read data written 10-15 (or more) passes ago with the proper technology.

A simple solution is to write zeros or some random pattern at least once over the disk. This is a "reasonable" attempt for most.

# dd if=/dev/zeros of=/dev/rdsk/cXtYdZ bs=1024k

or:

# dd if=/dev/urandom of=dev/rdsk/CxtYdZ bs=1024k

Note the use of the raw disk device to circumvent the LVM layer. Note, too, the use of a large blocksize for fast I/O.

Regards!

...JRF...
0 Kudos
Raj D.
Honored Contributor

тАО09-15-2005 11:10 AM

тАО09-15-2005 11:10 AM

Re: Best way to DOD wipe drives with sensitive data.

Hi Steven,

You can try :

# mediainit /dev/rdsk/c?t?d?

thogh it will take some long time.. u can try it.

And also :
# dd if=/dev/zero of=/dev/rdsk/c?t?d? bs=1024

Cheers,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Devender Khatana
Honored Contributor

тАО09-15-2005 04:57 PM

тАО09-15-2005 04:57 PM

Re: Best way to DOD wipe drives with sensitive data.

Hi Steven,

The use of dd is more appropriate. As mediainit in some case may destroy your physical drive and can leave it unusable.

If any of your workstation has more than one disk then it should be run on the non-bootable disk first. When that is finished you should do it for the OS disk.

HTH,
Devender
Impossible itself mentions "I m possible"
0 Kudos
Steven E. Protter
Exalted Contributor

тАО09-15-2005 05:08 PM

тАО09-15-2005 05:08 PM

Re: Best way to DOD wipe drives with sensitive data.

dd will do the trick.

I've always used a complete system OS install including all disks.

Never asked the DOD what they thought about that though.

To be honest, unless someone above actually knows for certain(they might) you might ask if the DOD tool has been ported to HP-UX.

Its conceivable that you can boot off the Core OS and use the Unix version.

I'd ask the DOD. Thats the only way to be sure. Unless its not a DOD project.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Arunvijai_4
Honored Contributor

тАО09-15-2005 05:14 PM

тАО09-15-2005 05:14 PM

Re: Best way to DOD wipe drives with sensitive data.

FYI, you can take a look at this thread : http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=956898

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Bill Hassell
Honored Contributor

тАО09-16-2005 02:08 AM

тАО09-16-2005 02:08 AM

Re: Best way to DOD wipe drives with sensitive data.

I believe that there may be several DOD standards relating to the sensitivity of the data, one for confidential, another for secret, still another for top secret and so on. HP-UX does not provide a DOD compliant method, so you would first have to find the appropriate DOD spec, then use (or create) the appropriate tool to clean the disks.

Since this effort may be a lot more effort than the disks are worth, I would simply pull the disks and send them to an approved data/media destruction center (or use a bunch of wintel boxes to clean them).


Bill Hassell, sysadmin
Florian Heigl (new acc)
Honored Contributor

тАО09-16-2005 02:14 AM

тАО09-16-2005 02:14 AM

Re: Best way to DOD wipe drives with sensitive data.

dd and mediainit are both not enough.

In one thread last year someone made a bit of c-code of the shifting pattern method which is quite ok, but I can't find it at the moment.

You need a program that will write the following over Your disks.
0111111
1011111
1101111
1110111
1111011
1111101
1111110
1111111
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Rick Garland
Honored Contributor

тАО09-16-2005 02:19 AM

тАО09-16-2005 02:19 AM

Re: Best way to DOD wipe drives with sensitive data.

As mentioned by Bill, there is going to be a DOD approved method of "sanitizing" the hardware.

This includes how to destroy such items.
0 Kudos
Florian Heigl (new acc)
Honored Contributor

тАО09-16-2005 03:29 AM

тАО09-16-2005 03:29 AM

Re: Best way to DOD wipe drives with sensitive data.

Oups... I must confess I missed one bit in my example ;))
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.