|
|
comp.security.misc
Discussion complète de l'article :
DoD Harddrive Secure Erase Wipe
|
Article :
31768
Date :
03-04-2008
From :
oktokie
Sujet :
DoD Harddrive Secure Erase Wipe
DoD Harddrive Secure Erase Wipe
I have a project which I need to DoD harddrives for the company. I
have large raid-scsi enclosure which I can use.
I have access Quad/Octa Xeon P4 servers with 3 dual channel LVE/SE
ultra scsi 160 cards. With these, I would be able to drive 4 x 14 scsi
drive (IBM EXP300 / 3531-1RU) units.
What are my options?
I was thinking about doing following.
1. for i in 1 2 3 4 5 6 7; do time dd /dev/random of=/dev/sda
bs=1048576; done
Use the random bits into drive 7 times.
I think with 14 x 36GB scsi in raid5 setup would take approximately
18 x 7pass = 5 days.
This is pretty bad.
2. I could setup stripped version of gentoo with proper raid
controller driver(here IBM ServeRaid 4Mx and run DBAN from boot drive.
I've got a question, does anyone have working knowledge of DoD5200.28-
STD & DoD5200.22-M? I need to know how it's supposed to work, then I
could just write simple c program to erase drive instead of relying on
other tools for speed.
I need fastest solution available.
Thanks.
Posez vos questions, réponses et remarques sur
les forums de FrameIP
|
|
Article :
31769
Date :
03-04-2008
From :
Walter Roberson
Sujet :
Re: DoD Harddrive Secure Erase Wipe
In article <2c114aec-04ba-4579-ae1b-5389bc17cf5b@u10g2000prn.googlegroups.com>,
oktokie wrote:
>I have a project which I need to DoD harddrives for the company. I
>have large raid-scsi enclosure which I can use.
>I've got a question, does anyone have working knowledge of DoD5200.28-
>STD & DoD5200.22-M? I need to know how it's supposed to work, then I
>could just write simple c program to erase drive instead of relying on
>other tools for speed.
As best I understand, there -are- no "simple" programs that do DoD
approved wipes. Multiple passes with random data is not enough:
you have to ensure that you get at all the spared sectors and at
any left-over data clusters that don't happen to fit clusters with
the current sector length. You mentioned RAID, and RAID tends to
use sector lengths a little above 512, so if there was ever a time
when an individual drive was formated for use outside of the RAID,
the left-over clusters could occur (and if you are working to DoD
specs then you had best assume that the drives might have had
different uses before they made it to the present RAID.)
>I need fastest solution available.
Hardware destruction such as triggered thermite, or an
artificial EMP. Oh, and consider only writing encrypted data on
to the RAID in the first place (including only using encrypted
swap.)
If you really *need* DoD level wiping, then you will have a
contact either within your company or within the DoD who will
guide you through the requirements. Counting on anything that *I*
say on the matter could be a serious mistake: after all, I might
work for a foreign government and thus have an interest in ensuring
that your wipe is *not* thorough.
(And as a matter of fact, I do work for a foreign government...)
Posez vos questions, réponses et remarques sur
les forums de FrameIP
|
|
Article :
31770
Date :
03-04-2008
From :
Christoph Hanle
Sujet :
Re: DoD Harddrive Secure Erase Wipe
oktokie schrieb:
> DoD Harddrive Secure Erase Wipe
>
> I have a project which I need to DoD harddrives for the company. I
> have large raid-scsi enclosure which I can use.
>
> I have access Quad/Octa Xeon P4 servers with 3 dual channel LVE/SE
> ultra scsi 160 cards. With these, I would be able to drive 4 x 14 scsi
> drive (IBM EXP300 / 3531-1RU) units.
>
> What are my options?
Use commercial software, or search for a company, who wipes onsite.
Wiping of HDDs with a special standard is not only writing some pattern
onto the Disks. It also includes e.g. reporting of sucessfull /
unsucessfull wiping, detection of bad or remapped sectors, processing
these parts etc.
If you need more info or contacts, please PM to me, with indication of
your contry / address.
bye Christoph
> I need fastest solution available.
B********
>
> Thanks.
Posez vos questions, réponses et remarques sur
les forums de FrameIP
|
|
Article :
31771
Date :
03-04-2008
From :
Moe Trin
Sujet :
Re: DoD Harddrive Secure Erase Wipe
On Wed, 2 Apr 2008, in the Usenet newsgroup comp.security.misc, in article
<2c114aec-04ba-4579-ae1b-5389bc17cf5b@u10g2000prn.googlegroups.com>,
oktokie wrote:
NOTE: Posting from groups.google.com (or some web-forums) dramatically
reduces the chance of your post being seen. Find a real news server.
>I have a project which I need to DoD harddrives for the company. I
>have large raid-scsi enclosure which I can use.
"need to" or "want to" - If you are required by a DoD contract to wipe
the drives, talk to your Contracting Officer, and do _EXACTLY_ what
the officer requires. If you want to scrub the drives for some
reason, it's going to be a lot simpler to destroy the drive media.
Drives are cheap, your time isn't.
>I was thinking about doing following.
>
>1. for i in 1 2 3 4 5 6 7; do time dd /dev/random of=/dev/sda
>bs=1048576; done
>
>Use the random bits into drive 7 times.
man random and then find a dictionary and look up the word "entropy".
>I think with 14 x 36GB scsi in raid5 setup would take approximately
>18 x 7pass = 5 days.
>This is pretty bad.
That is one shitload of entropy - are you using an external noise
generator to create it? Or do you think your built-in random
number generator is infinitely fast and endless?
>2. I could setup stripped version of gentoo with proper raid
>controller driver(here IBM ServeRaid 4Mx and run DBAN from boot drive.
Sounds imaginative - but you are better served by opening up each drive,
removing the platters, and physically destroying them, which means down
to a blob of slag, or a bag full of dust particles (none of which are
larger than one half the width of an individual track). If you take
the platters out, chuck a bunch of them using a large nut and bolt into
a drill-press, and then take a file to the stack as it's spinning, do
remember to wear eye protection at the very least, as the platter MAY
shatter (many are now built on a ceramic substrate).
>I've got a question, does anyone have working knowledge of DoD5200.28-
>STD & DoD5200.22-M? I need to know how it's supposed to work, then I
>could just write simple c program to erase drive instead of relying on
>other tools for speed.
Repeating - if you have a government requirement to sanitize the drives,
then you follow EXACTLY what the Contracting Officer tells you to do. No
exceptions. If this is NOT a government requirement, then simply
physically destroy the media. If all you are trying to do is destroy
the evidence to keep your ass out of jail, make a single pass on each
drive writing zeros (/dev/zero) and a second pass writing ones (/dev/one)
and while that is taking several hours to complete, look in the New York
area telephone book and look in the Yellow Pages under "Computers - Data
Recovery" as most of those companies also offer data destruction services
as well. Or you _could_ use the search engine you are posting from...
>I need fastest solution available.
Physically destroy the media.
Old guy
Posez vos questions, réponses et remarques sur
les forums de FrameIP
|
|
Article :
31774
Date :
03-04-2008
From :
Christoph Hanle
Sujet :
Re: DoD Harddrive Secure Erase Wipe
oktokie wrote:
>
> Use the random bits into drive 7 times.
> I think with 14 x 36GB scsi in raid5 setup would take approximately
> 18 x 7pass = 5 days.
> This is pretty bad.
Sorry, i had not read this.
You are talking about 36GB, this is scrap.
Wiping with software is senseless.
Destroying will be the quickest and cheapest.
In our process we would degauss an shredder them, no reuse.
bye
Christoph
> Thanks.
Posez vos questions, réponses et remarques sur
les forums de FrameIP
|
|
|