Data Erasure

Introduction

Because the computer systems we dispose of could potentially hold large volumes of confidential data we must ensure all sensitive data is removed. This will prevent the possibility of data being stolen and compromised, leading to identity theft, loss of reputation, threats to regulatory compliance and financial impacts.

Simply reformatting a drive is not sufficient. Reformatting a drive only removes the file allocation or address tables. The data still remains on the drive.

Disks must be wiped or scrubbed in some way. This usually involves multiple passes of writing 0s and 1s to the drive. The number of passes varies and is determined by how much security is needed. In CSE we will do 6 passes of random characters and one pass of 0 bits.

Methods

shred

The shred program comes standard on most linux distributions including RHEL5.

[kpcleary@repulse /dev]$ sudo shred -n 6 -z -v /dev/sda
Password:
shred: /dev/sda: pass 1/7 (random)...
shred: /dev/sda: pass 1/7 (random)...460MiB/19GiB 2%
shred: /dev/sda: pass 1/7 (random)...461MiB/19GiB 2%
shred: /dev/sda: pass 1/7 (random)...936MiB/19GiB 4%
In the example above the drive was a 20Gb IDE drive connected through a USB to IDE adapter.

scrubdisk

This is a program written by Ken. The attached source code can be compiled on FreeBSD systems. Ken has CDs with scrubdisk added to what is within the "Live FS" support so you can boot a machine using the CD, enter into "Fixit" mode, and then run scrubdisk to wipe out the contents of all the hard drives on that machine (in Fixit mode the operating system is running off the contents of the CD, not relying on the hard drives for anything). There is also a FreeBSD machine named blackhole in the back corner of the Davis 339A machine room that has an IDE swappable hard drive canister and a 6-bay SCSI Multipack chassis attached to it that can be used to wipe IDE and SCA-interface SCSI disks.

Usage:


% scrubdisk -rvFZ -p4 -P1 /dev/disk(s)

Options:


'r' alone would do one random pass but -p4 says do 4 instead.
'v' means verify (read back and compare to what was written) the passes
'F' means do two passes first writing all 0xaa, then writing 0x55
    which flips all the bits
'Z' means end with writing all 0's and verifying
'P1' means only verify one of the four random passes

Physical Damage

If a disk we are getting rid of is still in working order, we will surplus the disk in case it can be used by other state agencies, but only after successfully wiping the disk as described above. If for any reason the disk could not be wiped (usually because the drive failed and is no longer operational, though sometimes drive interfaces are of a type that make putting it into a computer and wiping it as described above inconvenient or impossible) we send the drive to CIT instead of surplussing it. They have a machine that magnetically erases the disks, and then physically shreds it.

Notes

  1. Pay attention to whether the drive is set to cable select, master or slave in the case of IDE. I had to set an IDE drive to master to get it to play nicely with my USB adapter.
  2. Do drives to be shredded now need to go to Bean hall?

People

  1. Ken Smith, scrubdisk author.

References

  1. http://www.digitalissues.co.uk/html/os/misc/shred.html
AttachmentSize
scrubdisk.c7.75 KB