HPE Community
Operating System - HP-UX
1833386 Members
3166 Online
110052 Solutions
New Discussion

Methods to securely delete data from tape

 
SOLVED
Go to solution
erics_1
Honored Contributor

‎10-30-2006 06:31 AM

‎10-30-2006 06:31 AM

Methods to securely delete data from tape

All,

I'm researching ways that we can safely delete contents on tape media we have before it is reused. Now, LTT offers a 3 level 'erase' function for DDS and LTO which is helpful but DLT is not supported by that function for some reason. I offered several options for degaussers to management but was turned down because of the cost involved. I know I can run dd against the tape but that ties up a drive for over a day before completing. This interferes with nightly backups. I'd like your input as to any solutions you may have implemented.

Thanks,
Eric
0 Kudos
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎10-30-2006 06:36 AM

‎10-30-2006 06:36 AM

Re: Methods to securely delete data from tape

Shalom,

A very powerful magnet has always done us well, at least in my prior job.

Where I work now, we're so security conscious that we simply won't resell old tapes no matter what their dollar/shekel value.

All old tapes and disks are physically destroyed at end of life.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Peter Nikitka
Honored Contributor

‎10-30-2006 07:37 AM

‎10-30-2006 07:37 AM

Re: Methods to securely delete data from tape

Hi,

I think ou to set priority first:
- low costs
=> reuse of tapes
=> no physical destroying
- high security
=> buy degauss equipment
OR
=> destroy tapes physically

Both aspects could be done via
dd if=/dev/random of=/dev/lto bs=5k

but since you have another one:
- no availability (time to erase or additional drive)

... you have to decide!

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Steven Schweda
Honored Contributor

‎10-30-2006 07:40 AM

‎10-30-2006 07:40 AM

Re: Methods to securely delete data from tape

Do I have this right? A bulk tape eraser
costs too much, but doubling the
wear-and-tear on the actual tape drive is OK?
Yikes.

For erasing a tape well, fire is good. If you
plan to do anything less effective than that,
then a large permanent magnet is probably
about as good as anything. It all depends
on what's good enough, that is, whom you are
trying to stop from reading the tape.
0 Kudos
Bill Hassell
Honored Contributor

‎10-30-2006 08:20 AM

‎10-30-2006 08:20 AM

Solution

Re: Methods to securely delete data from tape

You have to define the level of security you need. For instance, you can remove all access to DDS tapes by simply writing a 1-line file at the beginning of the tape. Now, none of the trailing data is accessible. The DDS standard defines the last write that occurs before closing and rewinding the tape as the end of the media. No amount of mt positioning commands will move past the last record on the tape. This limitation is in the firmware so tinkering with the drive electronics won't get past the end-of-data marker.

Now this is where the importance of protecting the old data comes in. A very determined hacker can try positioning the tape and powering the drive off under certain conditions. Or the tape can be sent to a data recovery company where they have special firmware to recover unreadable data .

And note that degaussing modern tapes can create problems with the tape. If the tape is to be thrown away, then a simple degausser will work just fine. Only companies with enormous budgets can afford the equipment needed to read data that has been overwritten or degaussed.

So how important is the data and what is your company's exposure should the data be stolen? Generally speaking, the importance and liability is far more than the cost of the tapes -- which means destruction (crushed, chipped or incinerated) is by far the safest and cheapest method. I would not waste the time and wear using some program to erase the tapes.


Bill Hassell, sysadmin
0 Kudos
erics_1
Honored Contributor

‎10-30-2006 08:27 AM

‎10-30-2006 08:27 AM

Re: Methods to securely delete data from tape

All,

Thanks for your input and insight. I think I'll make another push for a degausser.

Thanks again,
Eric
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.