Best way to DOD wipe drives with sensitive data.

Steven Bucek · ‎09-15-2005

I have several C3000's coming out of production that need to have the drives wiped to DOD standards due to the data they contain. Normally for these standard SE drives I put them in an wintel machine and use a DOD tool, however, I am upgrading several hundred machines (with 2 drives ea) and this method will not be acceptable.

Anyone have a good method to bulk erase these to DOD standards with hpux??

--To go forward, you must backup

James R. Ferguson · ‎09-15-2005

Hi Steven:

If you are REALLY intent on reading what was once there, and acid-bath is about the only sure way to prevent this.

It *is* possible to read data written 10-15 (or more) passes ago with the proper technology.

A simple solution is to write zeros or some random pattern at least once over the disk. This is a "reasonable" attempt for most.

# dd if=/dev/zeros of=/dev/rdsk/cXtYdZ bs=1024k

or:

# dd if=/dev/urandom of=dev/rdsk/CxtYdZ bs=1024k

Note the use of the raw disk device to circumvent the LVM layer. Note, too, the use of a large blocksize for fast I/O.

Regards!

...JRF...

Raj D. · ‎09-15-2005

Hi Steven,

You can try :

# mediainit /dev/rdsk/c?t?d?

thogh it will take some long time.. u can try it.

And also :
# dd if=/dev/zero of=/dev/rdsk/c?t?d? bs=1024

Cheers,
Raj.

" If u think u can , If u think u cannot , - You are always Right . "

Devender Khatana · ‎09-15-2005

Hi Steven,

The use of dd is more appropriate. As mediainit in some case may destroy your physical drive and can leave it unusable.

If any of your workstation has more than one disk then it should be run on the non-bootable disk first. When that is finished you should do it for the OS disk.

HTH,
Devender

Impossible itself mentions "I m possible"

Steven E. Protter · ‎09-15-2005

dd will do the trick.

I've always used a complete system OS install including all disks.

Never asked the DOD what they thought about that though.

To be honest, unless someone above actually knows for certain(they might) you might ask if the DOD tool has been ported to HP-UX.

Its conceivable that you can boot off the Core OS and use the Unix version.

I'd ask the DOD. Thats the only way to be sure. Unless its not a DOD project.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Arunvijai_4 · ‎09-15-2005

FYI, you can take a look at this thread : http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=956898

-Arun

"A ship in the harbor is safe, but that is not what ships are built for"

Bill Hassell · ‎09-16-2005

I believe that there may be several DOD standards relating to the sensitivity of the data, one for confidential, another for secret, still another for top secret and so on. HP-UX does not provide a DOD compliant method, so you would first have to find the appropriate DOD spec, then use (or create) the appropriate tool to clean the disks.

Since this effort may be a lot more effort than the disks are worth, I would simply pull the disks and send them to an approved data/media destruction center (or use a bunch of wintel boxes to clean them).

Bill Hassell, sysadmin

Florian Heigl (new acc) · ‎09-16-2005

dd and mediainit are both not enough.

In one thread last year someone made a bit of c-code of the shifting pattern method which is quite ok, but I can't find it at the moment.

You need a program that will write the following over Your disks.
0111111
1011111
1101111
1110111
1111011
1111101
1111110
1111111

yesterday I stood at the edge. Today I'm one step ahead.

Rick Garland · ‎09-16-2005

As mentioned by Bill, there is going to be a DOD approved method of "sanitizing" the hardware.

This includes how to destroy such items.

Florian Heigl (new acc) · ‎09-16-2005

Oups... I must confess I missed one bit in my example ;))

yesterday I stood at the edge. Today I'm one step ahead.

Steven Bucek · ‎09-16-2005

Thanks for all the great input! This information should be enough for anyone to take care of their sensitive data. I have a few drives that I get to take to the drill press (fun fun fun), but otherwise dd seems the way to go for unix.

--To go forward, you must backup

Michael Roberts_3 · ‎09-16-2005

Attached is a description of how to use Ignite-UX to scrub disks. Some advantages of using this method are:
o many systems can be done at once from a single Ignite server.
o automated once you have done net-boot
o zero foot-print because it is done from RAM disk

It is a little dated, but the details are correct.

etouq ot hguone revelc ton m'i

melvyn burnard · ‎09-16-2005

If you REALLY want to be sure, and show compliance, there is a 3rd party product available from Los Altos Technologies.
It would mean having to pay, of course, but would give you the compliance.
http://www.lat.com

My house is the bank's, my money the wife's, But my opinions belong to me, not HP!

Michael Roberts_3 · ‎09-16-2005

You can view the DOD Green Book recommendations at:
http://www.secinf.net/rainbow_series/NCSCTG025_Green_book_.html

Section 5 talks about general proceedures.

etouq ot hguone revelc ton m'i

Raj D. · ‎09-17-2005

You can also try a software called "Secure Delete" , that is a pretty good program.

File name: secure_delete-3.1.tar.gz

You can google for it.
Cheers,
Raj.

" If u think u can , If u think u cannot , - You are always Right . "

Stuart Whitby · ‎09-17-2005

I like the 30lb mash hammer option for ensuring that data is never recovered from disk. Make sure you scramble all of the data from all of the disks and put the bits into the same bit bucket, just to make sure that anyone looking will have a *very* hard time trying to piece the data back together. It's also a good time to get a wild look in your eyes from all that violence, put the hammer over your shoulder, and go ask your boss for a raise because of the great job you're doing....

For extra security, magnetise the hammer.... ;)

What? Do all solutions have to involve a script? :p

A sysadmin should never cross his fingers in the hope commands will work. Makes for a lot of mistakes while typing.

Florian Heigl (new acc) · ‎09-21-2005

I found the C-Code in a file called wipe.txt in my windows home folder :)

Unfortunately I still haven't found the original thread, so the credit for it goes to whoever did take the effort that day...

yesterday I stood at the edge. Today I'm one step ahead.

Raj D. · ‎09-21-2005

Stuart ,
Though its a Good idea ..but Steven wants to destroy the data not the disk ....

And hopefully it wont work with the 30 lb Magnetised hammer.. ):-

Cheers,
Raj.

" If u think u can , If u think u cannot , - You are always Right . "

Steven Bucek · ‎09-21-2005

Wow what a great bunch of minds we have here. This thread needs to be in the 'best of' because the solution is here, in various ways to suit anyones data destroying needs.

Mega thanks to Mike Roberts for the ignite disk srubbing information, that is exactly what I was looking for. Thanks for the great info and a little humor :)

--To go forward, you must backup

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Best way to DOD wipe drives with sensitive data.

Best way to DOD wipe drives with sensitive data.

Re: Best way to DOD wipe drives with sensitive data.

Re: Best way to DOD wipe drives with sensitive data.

Re: Best way to DOD wipe drives with sensitive data.

Re: Best way to DOD wipe drives with sensitive data.

Re: Best way to DOD wipe drives with sensitive data.

Re: Best way to DOD wipe drives with sensitive data.

Re: Best way to DOD wipe drives with sensitive data.

Re: Best way to DOD wipe drives with sensitive data.

Re: Best way to DOD wipe drives with sensitive data.

Re: Best way to DOD wipe drives with sensitive data.

Re: Best way to DOD wipe drives with sensitive data.

Re: Best way to DOD wipe drives with sensitive data.

Re: Best way to DOD wipe drives with sensitive data.

Re: Best way to DOD wipe drives with sensitive data.

Re: Best way to DOD wipe drives with sensitive data.

Re: Best way to DOD wipe drives with sensitive data.

Re: Best way to DOD wipe drives with sensitive data.

Re: Best way to DOD wipe drives with sensitive data.