Re: Best way to wipe data with AIX ?

From: BRUCE HARVEY (btharvey_at_MANDTBANK.COM)
Date: 09/14/05

  • Next message: Yves Dorfsman: "problem running custom scripts on NIM server and AIX 5.3 ML2" 
    Date:         Wed, 14 Sep 2005 10:35:32 -0400
To: aix-l@Princeton.EDU

    Hmm ... I suggest repeating Galileo's experiments with gravity from a
    local university ivory tower ... similar to the tower in Pisa? A sledge
    hammer is, of course, directed and can be manipulated to provide only a
    glancing blow. Gravity with concrete on the receiving end (assuming the
    concrete is set and the height is sufficient) can not be easily
    avoided.
     
    But I agree -- if the organization with little funding is to be held to
    highest evaluation, then the program to perform this wiping should be
    provided.
     
    Bruce

    >>> rmiller@SMUD.ORG 09/14/05 9:58 AM >>>

    I always find it amusing (or sad...) when the places that have the
    least
    amount of funding (university computing services, for instance) are
    required to do tasks the most expensive and time-consuming way
    possible
    (getting 12 bids and evaluating each on a point system, wiping drives
    at
    a milspec level...). I say use a sledgehammer and call it good ;P

    All hail bureauracracy...

    --rm

    -----Original Message-----
    From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU]On Behalf Of
    Roger Deschner
    Sent: Wednesday, September 14, 2005 12:27 AM
    To: aix-l@Princeton.EDU
    Subject: Re: Best way to wipe data with AIX ?

    I've been following this, hoping for a good idea. I'm facing the same
    problem, and our auditors say none of that is acceptable. Allocating a
    big filesystem and running dd to write
    "Supercalifragilisticexpialidocious!" 10 zillion times on it will not
    do. Formatting with diag -> format is inadequate. Not even doing it
    many
    times. They want me to REALLY wipe the data out, using an
    Officially(tm)
    Certified(tm) Government Standard Compliant Disk-Wipe(tm) program,
    witnessed by two different people, each of whom must sign a printed
    log
    of the session. Only then will the auditors permit us to return a disk
    which has ever contained either personal or University-Owned data to
    any
    vendor.

    The only alternative they give us is to physically destroy the drives,
    and they give us alternatives for that ranging from the bizarre to the
    almost fun. Think David Letterman tricks with hydraulic punch presses.
    We could also degauss the drives, but a magnetic field that would be
    strong enough to satisfy their data destruction requirements, would
    also
    destroy the drive electronics, making them worthless to the vendor we
    will be sending them back to.

    Although they have basically invalidated every warranty and service
    contract on disk subsystems we have, there is no arguing with
    auditors.
    It's the law in Illinois, and we're a state agency. You do what they
    say, even though it is extremely time consuming. We are evaluating if,
    considering the personnel cost of wiping, it is more cost advantageous
    to simply destroy the drives.

    Disk-wipe programs exist in the Windows environment. (e.g. Stellar
    Wipe,
    Active@ Eraser) One Unix program I've found is the free Gnu-licensed
    wipe program, at http://wipe.sourceforge.net. Be sure to read the
    detailed academic paper that explains why all those other methods,
    from
    writing "Supercalifragilisticexpialidocious!" until the disk is full,
    to
    reformatting, are all inadequate, at
    http://wipe.sourceforge.net/secure_del.html

    However, even the government says that the only sure way to destroy
    data
    on magnetic media is to physically destroy the media.

    Roger Deschner University of Illinois at Chicago
    rogerd@uic.edu

    On Wed, 14 Sep 2005, Jim McD wrote:

    >Hi
    >
    >Always overwrite the entire disk, best do it several times.
    >
    >Using the deleting and formatting are just small alterations to the
    disk.
    >Data is still left on the disk and still accessible using non
    traditional
    >methods
    >
    >Regards Jim
    >

  • Next message: Yves Dorfsman: "problem running custom scripts on NIM server and AIX 5.3 ML2"

    Relevant Pages

    • Re: Best way to wipe data with AIX ?
      ... They want me to REALLY wipe the data out, ... The only alternative they give us is to physically destroy the drives, ... contract on disk subsystems we have, there is no arguing with auditors. ...
      (AIX-L)
    • Re: Best way to wipe data with AIX ?
      ... Best way to wipe data with AIX? ... The only alternative they give us is to physically destroy the drives, ... contract on disk subsystems we have, there is no arguing with auditors. ...
      (AIX-L)
    • Re: Best way to wipe data with AIX ?
      ... and our auditors say none of that is acceptable. ... The only alternative they give us is to physically destroy the drives, ... contract on disk subsystems we have, there is no arguing with auditors. ...
      (AIX-L)
    • Re: Permanent data removal
      ... > trivial then do NOT erase the disk; DESTROY it instead. ... I still have a number of old 10GB drives that are hardly ... puppy to dust or use a cutting torch and cut those platters to itty ...
      (alt.computer.security)
    • Re: OT-True Image Backup
      ... Make sure the USB drives file system is NTFS and not FAT32.. ... Jaymon is correct in that the disk image you create and save to the D: ... partition of your USB external HDD will have no effect on the other ... Step-by-Step Instructions for Using the Acronis True Image Program to Backup ...
      (microsoft.public.windowsxp.help_and_support)