DoD Harddrive Secure Erase Wipe
in [Solaris]
|
Prev: cdrecord and large files.
Next: ILOM interface and NTP
From: Richard B. Gilbert on 2 Apr 2008 22:11 oktokie wrote: > DoD Harddrive Secure Erase Wipe > > I have a project which I need to DoD harddrives for the company. I > have large raid-scsi enclosure which I can use. > > I have access Quad/Octa Xeon P4 servers with 3 dual channel LVE/SE > ultra scsi 160 cards. With these, I would be able to drive 4 x 14 scsi > drive (IBM EXP300 / 3531-1RU) units. > > What are my options? > > I was thinking about doing following. > > 1. for i in 1 2 3 4 5 6 7; do time dd /dev/random of=/dev/sda > bs=1048576; done > > Use the random bits into drive 7 times. > I think with 14 x 36GB scsi in raid5 setup would take approximately > 18 x 7pass = 5 days. > This is pretty bad. > > 2. I could setup stripped version of gentoo with proper raid > controller driver(here IBM ServeRaid 4Mx and run DBAN from boot drive. > > I've got a question, does anyone have working knowledge of DoD5200.28- > STD & DoD5200.22-M? I need to know how it's supposed to work, then I > could just write simple c program to erase drive instead of relying on > other tools for speed. > I need fastest solution available. > > Thanks. I am not, by any means, an expert on DOD erase. Having said that, I believe that there are specific bit patterns to be used, rather than random numbers. It goes something like write pattern A, write pattern B, . . . . A little research on Google might be productive of exact details for the procedure. You might even find that someone has already written the program or a script that does the job by employing standard utilities.
From: ITguy on 2 Apr 2008 22:14 On Apr 2, 8:38 pm, oktokie <okto...(a)yahoo.com> wrote: > DoD Harddrive Secure Erase Wipe > > I have a project which I need to DoD harddrives for the company. I > have large raid-scsi enclosure which I can use. > > I have access Quad/Octa Xeon P4 servers with 3 dual channel LVE/SE > ultra scsi 160 cards. With these, I would be able to drive 4 x 14 scsi > drive (IBM EXP300 / 3531-1RU) units. > > What are my options? > > I was thinking about doing following. > > 1. for i in 1 2 3 4 5 6 7; do time dd /dev/random of=/dev/sda > bs=1048576; done > > Use the random bits into drive 7 times. > I think with 14 x 36GB scsi in raid5 setup would take approximately > 18 x 7pass = 5 days. > This is pretty bad. > > 2. I could setup stripped version of gentoo with proper raid > controller driver(here IBM ServeRaid 4Mx and run DBAN from boot drive. > > I've got a question, does anyone have working knowledge of DoD5200.28- > STD & DoD5200.22-M? I need to know how it's supposed to work, then I > could just write simple c program to erase drive instead of relying on > other tools for speed. > I need fastest solution available. > > Thanks. Use the Solaris "analyze" and "purge" options to the format command. I believe you're correct about the 7 passes requirement, and there's no getting around it - it just takes forever. Fire up all disks in parallel and let it go.
From: Andrew Gabriel on 3 Apr 2008 05:13 In article <4d43e3f3-9140-4764-a9e6-d738d486c5ab(a)i36g2000prf.googlegroups.com>, oktokie <oktokie(a)yahoo.com> writes: > DoD Harddrive Secure Erase Wipe > > I have a project which I need to DoD harddrives for the company. I > have large raid-scsi enclosure which I can use. This will be defined in your DoD contract and depend on the level of the data. Most likely it will require physical destruction of the disks and any NVRAM in the RAID array and embedded disk controllers. Writing to the disks through standard OS mechanisms is very unlikely to be acceptable unless the data was only of the lowest level commercial interest. Degaussing used to be acceptable and allowed disks to be reused, but no modern disks are reusable after degaussing nowadays, so I suspect you are looking at physical destruction at a level which assures there is no chance of repair for data recovery. -- Andrew Gabriel [email address is not usable -- followup in the newsgroup]
From: Atro Tossavainen on 3 Apr 2008 06:20 oktokie <oktokie(a)yahoo.com> writes: > What are my options? > > I was thinking about doing following. > > 1. for i in 1 2 3 4 5 6 7; do time dd /dev/random of=/dev/sda > bs=1048576; done You'll still be here in 2040, and it won't be very effective. > 2. I could setup stripped version of gentoo with proper raid > controller driver(here IBM ServeRaid 4Mx and run DBAN from boot drive. No, you run DBAN from standalone boot media. Don't try to mix a Linux distribution into the mess. Quoting from the ever-famous Wikipedia (the article is on "Data remanence") "As of Nov 2007, overwriting is no longer a DoD-acceptable sanitization method for magnetic media. Only degaussing or physical destruction is acceptable." The reference for this claim is https://www.dss.mil/portal/ShowBinary/BEA%20Repository/new_dss_internet/isp/odaa/documents/clear_n_san_matrix_06282007_rev_11122007.pdf > I need fastest solution available. Utter destruction of the disks is pretty fast if you've got the right tools. A jackhammer comes to mind :-) Certainly faster than seven passes on DBAN. -- Atro Tossavainen (Mr.) / The Institute of Biotechnology at Systems Analyst, Techno-Amish & / the University of Helsinki, Finland, +358-9-19158939 UNIX Dinosaur / employs me, but my opinions are my own. < URL : http : / / www . helsinki . fi / %7E atossava / > NO FILE ATTACHMENTS
From: Tim Bradshaw on 3 Apr 2008 08:51
On Apr 3, 2:38 am, oktokie <okto...(a)yahoo.com> wrote: > DoD Harddrive Secure Erase Wipe > > I have a project which I need to DoD harddrives for the company. I > have large raid-scsi enclosure which I can use. The siolution to this is some combination of a degausser and a hammer. used a degausser recently I'm reasonably sure you don't need the hammer as well judging by the noise it made, but it can't hurt. This is a serious answer: it will be cheaper to buy new drives and destroy the old ones. |