Operating System - HP-UX
1833875 Members
2960 Online
110063 Solutions
New Discussion

Best way to DOD wipe drives with sensitive data.

 
SOLVED
Go to solution
Steven  Bucek
Frequent Advisor

Best way to DOD wipe drives with sensitive data.

I have several C3000's coming out of production that need to have the drives wiped to DOD standards due to the data they contain. Normally for these standard SE drives I put them in an wintel machine and use a DOD tool, however, I am upgrading several hundred machines (with 2 drives ea) and this method will not be acceptable.

Anyone have a good method to bulk erase these to DOD standards with hpux??
--To go forward, you must backup
18 REPLIES 18
James R. Ferguson
Acclaimed Contributor

Re: Best way to DOD wipe drives with sensitive data.

Hi Steven:

If you are REALLY intent on reading what was once there, and acid-bath is about the only sure way to prevent this.

It *is* possible to read data written 10-15 (or more) passes ago with the proper technology.

A simple solution is to write zeros or some random pattern at least once over the disk. This is a "reasonable" attempt for most.

# dd if=/dev/zeros of=/dev/rdsk/cXtYdZ bs=1024k

or:

# dd if=/dev/urandom of=dev/rdsk/CxtYdZ bs=1024k

Note the use of the raw disk device to circumvent the LVM layer. Note, too, the use of a large blocksize for fast I/O.

Regards!

...JRF...
Raj D.
Honored Contributor

Re: Best way to DOD wipe drives with sensitive data.

Hi Steven,

You can try :

# mediainit /dev/rdsk/c?t?d?

thogh it will take some long time.. u can try it.

And also :
# dd if=/dev/zero of=/dev/rdsk/c?t?d? bs=1024

Cheers,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
Devender Khatana
Honored Contributor

Re: Best way to DOD wipe drives with sensitive data.

Hi Steven,

The use of dd is more appropriate. As mediainit in some case may destroy your physical drive and can leave it unusable.

If any of your workstation has more than one disk then it should be run on the non-bootable disk first. When that is finished you should do it for the OS disk.

HTH,
Devender
Impossible itself mentions "I m possible"
Steven E. Protter
Exalted Contributor

Re: Best way to DOD wipe drives with sensitive data.

dd will do the trick.

I've always used a complete system OS install including all disks.

Never asked the DOD what they thought about that though.

To be honest, unless someone above actually knows for certain(they might) you might ask if the DOD tool has been ported to HP-UX.

Its conceivable that you can boot off the Core OS and use the Unix version.

I'd ask the DOD. Thats the only way to be sure. Unless its not a DOD project.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Arunvijai_4
Honored Contributor

Re: Best way to DOD wipe drives with sensitive data.

FYI, you can take a look at this thread : http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=956898

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
Bill Hassell
Honored Contributor

Re: Best way to DOD wipe drives with sensitive data.

I believe that there may be several DOD standards relating to the sensitivity of the data, one for confidential, another for secret, still another for top secret and so on. HP-UX does not provide a DOD compliant method, so you would first have to find the appropriate DOD spec, then use (or create) the appropriate tool to clean the disks.

Since this effort may be a lot more effort than the disks are worth, I would simply pull the disks and send them to an approved data/media destruction center (or use a bunch of wintel boxes to clean them).


Bill Hassell, sysadmin
Florian Heigl (new acc)
Honored Contributor

Re: Best way to DOD wipe drives with sensitive data.

dd and mediainit are both not enough.

In one thread last year someone made a bit of c-code of the shifting pattern method which is quite ok, but I can't find it at the moment.

You need a program that will write the following over Your disks.
0111111
1011111
1101111
1110111
1111011
1111101
1111110
1111111
yesterday I stood at the edge. Today I'm one step ahead.
Rick Garland
Honored Contributor

Re: Best way to DOD wipe drives with sensitive data.

As mentioned by Bill, there is going to be a DOD approved method of "sanitizing" the hardware.

This includes how to destroy such items.
Florian Heigl (new acc)
Honored Contributor

Re: Best way to DOD wipe drives with sensitive data.

Oups... I must confess I missed one bit in my example ;))
yesterday I stood at the edge. Today I'm one step ahead.
Steven  Bucek
Frequent Advisor

Re: Best way to DOD wipe drives with sensitive data.

Thanks for all the great input! This information should be enough for anyone to take care of their sensitive data. I have a few drives that I get to take to the drill press (fun fun fun), but otherwise dd seems the way to go for unix.
--To go forward, you must backup
Michael Roberts_3
Honored Contributor
Solution

Re: Best way to DOD wipe drives with sensitive data.

Attached is a description of how to use Ignite-UX to scrub disks. Some advantages of using this method are:
o many systems can be done at once from a single Ignite server.
o automated once you have done net-boot
o zero foot-print because it is done from RAM disk

It is a little dated, but the details are correct.

etouq ot hguone revelc ton m'i
melvyn burnard
Honored Contributor

Re: Best way to DOD wipe drives with sensitive data.

If you REALLY want to be sure, and show compliance, there is a 3rd party product available from Los Altos Technologies.
It would mean having to pay, of course, but would give you the compliance.
http://www.lat.com
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
Michael Roberts_3
Honored Contributor

Re: Best way to DOD wipe drives with sensitive data.

You can view the DOD Green Book recommendations at:
http://www.secinf.net/rainbow_series/NCSCTG025_Green_book_.html

Section 5 talks about general proceedures.
etouq ot hguone revelc ton m'i
Raj D.
Honored Contributor

Re: Best way to DOD wipe drives with sensitive data.

You can also try a software called "Secure Delete" , that is a pretty good program.

File name: secure_delete-3.1.tar.gz

You can google for it.
Cheers,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
Stuart Whitby
Trusted Contributor

Re: Best way to DOD wipe drives with sensitive data.

I like the 30lb mash hammer option for ensuring that data is never recovered from disk. Make sure you scramble all of the data from all of the disks and put the bits into the same bit bucket, just to make sure that anyone looking will have a *very* hard time trying to piece the data back together. It's also a good time to get a wild look in your eyes from all that violence, put the hammer over your shoulder, and go ask your boss for a raise because of the great job you're doing....

For extra security, magnetise the hammer.... ;)

What? Do all solutions have to involve a script? :p
A sysadmin should never cross his fingers in the hope commands will work. Makes for a lot of mistakes while typing.
Florian Heigl (new acc)
Honored Contributor

Re: Best way to DOD wipe drives with sensitive data.

I found the C-Code in a file called wipe.txt in my windows home folder :)

Unfortunately I still haven't found the original thread, so the credit for it goes to whoever did take the effort that day...
yesterday I stood at the edge. Today I'm one step ahead.
Raj D.
Honored Contributor

Re: Best way to DOD wipe drives with sensitive data.

Stuart ,
Though its a Good idea ..but Steven wants to destroy the data not the disk ....

And hopefully it wont work with the 30 lb Magnetised hammer.. ):-

Cheers,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
Steven  Bucek
Frequent Advisor

Re: Best way to DOD wipe drives with sensitive data.

Wow what a great bunch of minds we have here. This thread needs to be in the 'best of' because the solution is here, in various ways to suit anyones data destroying needs.

Mega thanks to Mike Roberts for the ignite disk srubbing information, that is exactly what I was looking for. Thanks for the great info and a little humor :)

--To go forward, you must backup