SUMMARY: CLEAN DISK

From: Jim Redpath SRI Ft Bragg (jredpath@ags.ga.erg.sri.com)
Date: Wed Aug 10 1994 - 22:37:07 CDT


Sum Managers:

ORIGINAL QUESTION:

We have some Suns that need their disks to be completely cleaned of all
data for security reasons. I mean wipe it out so nobody can read any
of the secret data on these disks. Is there a program that is available
to do this? or method. Oh yeh, I need something better than formatting -
not acceptable.

SOLUTIONS:

The best response came from Dave Hightower <hightowr@afwc.af.mil> listed
below:

From: tkevans@eplrx7.es.duPont.com (Tim Evans)
----------------------------------------------
HOw about:

dd if=/dev/null of=/dev/rsd0c <- change "0" to the SCSI target of choice

From: rao@hobbes.crc.com (Randy Olsson)
----------------------------------------------
 
I'm not trying to be dense, but in formatting your disks, have you tried enabling
the physical-surface verification?

Verifying your disk surfaces destructively after a format does a real number
on any data that might have been there.

You don't even have to format your disks to run a destructive physical surface
check.

From: lcollera@amgen.com (Lori Colleran)
----------------------------------------------

You should just be able to newfs the partitions.

From: satmb@gauss.med.harvard.edu (Timothy Baum 432-2765)
----------------------------------------------

Sorry if this suggestion sounds obvious, expecially since you
said not to use format, but ...

Using format, under analyze menu, with "random bit patterns" selected
from setup, wouldn't several passes of "purge" be sufficient? This would
write over every block with random bit patterns. Or is it still possible
somehow to retrieve the original data after that?

Alternatively, you could write a simple C program to write random
bytes to the raw disk device. End when you get a write error (indicating
you came to the end of disk), then re-open the raw file and start over.
I suspect a few passes of that would be as good as any other program
or technique using regular UNIX I/O that is not specific to the particular
drive hardware.

I will be interested in your summary of replies, and am especially curious
as to how many such passes are regarded as adequate to make sure data
can't be retrieved.

From: Dave Hightower <hightowr@afwc.af.mil>
----------------------------------------------

OK, here's the deal. There are a lot of "free" packages on the net which
claim to do this kind of wiping.

BEWARE! I noticed from your address that you are on Fort Bragg, I'm a
Computer Systems Security Officer (and a 1st LT) at Maxwell AFB.

You probably need to check your regs, but here at Maxwell we have to use
a package that is accepted to DOD 5200 and USAF AFSSM 5020 standards.
Being in the Army, I would imagine that you have to meet AR 380-19 and AR
380-5 standards, as well as DOD 5200.

There is only one package for UNIX that I know of that meets all these
standards, and that is UniShred Pro from Los Altos Technologies (2111
Grant Road, Suite 100, Los Altos, CA 94024; 415.988.4848 (voice)
415.988.4860 (fax) email info@lat.com).

Please note that I am in no way associated with Los Altos Technologies.
I just remember the weeks spent trying to find an approved scrub utility,
and perhaps I can spare you.

Any questions, please let me know.

From: sjk@snowleopard.KaPRE.COM (Scott Kamin)
----------------------------------------------

Actually, the format program is what you want. Use the
analyze option which claims to be completely destructive (purge)
which will write a data pattern in every sector of the disk.

Date: Tue, 09 Aug 1994 12:30:47 -0600
From: Roger Spaulding <ras@loveland.ramtron.com>
----------------------------------------------

        Jim,

        Would you cc me on anything you learn?

        Also, BTW, what is the name of your organization, that is, what
        does SRI stand for?

        Roger "Entropy isn't what it used to be" Spaulding
        Network System Administrator
        Ramtron International Corporation
        1850 Ramtron Drive
        Colorado Springs, CO 80921
        ras@ramtron.com
        (719) 481-7049

From: russ@issi.com
----------------------------------------------

After deleting all files from the disk, use the mkfile(8) command
to create a file exactly the same size as the disk.

mkfile will pad the file with zeroes by default, thus completely
overwriting any data that was left behind.

      _________________________________________________________
 ____/\ \____
/\ \ \ Russ Walsh -- Junior Systems Administrator \ \
\ \ \ \ International Software Systems, Inc. \ \
 \ \ \ \ 9430 Research Blvd., \ \
  \ \ \ \ Echelon IV, Suite 250 Off:(512)338-5786 \ \
   \ \ \ \ Austin, TX 78759 Fax:(512)338-5757 \ \
    \ \ \ \ <russ@issi.com> \ \
     \ \ \ \________________________________________________________\ \
      \ \___\/ /____\
       \/__________________________________________________________________/

From: Daniel Pommert <daniel@lternet.edu>
----------------------------------------------

By not telling us why formatting is not acceptible, it is hard to come up
with alternatives.

I would just do a write/read/write surface analsys in format. It is
specifically designed to clean disks.

On Tue, 9 Aug 1994, Jim Redpath SRI Ft Bragg wrote:

From: "Henry Mensch" <HMENSCH@us.oracle.com>
----------------------------------------------

your DIS rep should be able to recommend software and procedures for this
purpose. for TS and SCI data, you cannot do this; you generally must destroy
the disk.
  
From: pam@fimad1.lanl.gov (Pat Max)
----------------------------------------------

I believe the only method is to degauss them.

Pat Max
Los Alamos National Laboratory
Los Alamos, NM 87545

From: Derik.Jarne@osi.com (Derik Jarne x353-2490)
----------------------------------------------

Ask NSA...They have always had this problem...You might have opened
up a can of worms. There are different standards of a "CLEAN" disk
DOD, NSA...etc and then there are people that claim it can
be reclaimed by sneaky spys. black bag stuff.. The worms begin!!

From: Gregory Bond <gnb@melba.bby.com.au>
----------------------------------------------

If you have fair-dinkum security needs for this sort of thing, then you will
probably have a security officer who can tell you the approved method of
dealing with this problem. I would suggest you contact the secutiry people,
becuase doing it in a non-approved manner will probably get you into a fair
bit of strife.

From: ericb@telecnnct.com (Eric William Burger)
----------------------------------------------

You need to write a series of zero's & one's & repeat, if I remember...
You can always "dd if=/dev/zero of=/dev/rsdNc" which will write zeros
to the device, and "while(1) ; echo ^A > /dev/rsdNc ; end" to write
ones.

I'm sure there's a $12,000 security package out there, however :-)

From: William Rhea <wrhea@spd.dsccc.com>
----------------------------------------------

Having been on a few "black" projects I find that security has
some well defined procedures for data removal from disks. Often
your customer (DoD or other) can provided you with sw/methods to clean
the disk.

Some organization require the disk to be overwritten several times,
degaused and then have the platters removed, polished clean with
abrasives and then burned (I'm very serious).

If your "secret" data is of a goverment nature be very careful
about making the descision yourself. Releasing data classified
"Secret" or above is a felony!

Sorry I don't have a real answer.

From: mcneill@ngt.sungard.com (Keith McNeill)
----------------------------------------------

My understanding was (or at least used to be) that the only approved Gov't
method to do this was the old hammer to the disk approach (i.e. destroy it).

From: blymn@awadi.com.AU (Brett Lymn)
----------------------------------------------

Well if your security people are anything like the ones here in Aus
then you have no hope at all. Not exactly true, it really depends on
the classification of the data but if it is even moderately classified
then about the only thing we are able to do is physically destroy the
hard disks as nothing we could do to the disk will satisfy our Defence
Security Branch apart from destroying it. That's life in a secure
environment.

From: owens@xylan.com (Mark Owens)
----------------------------------------------

HP had a program that was certified by NSA to do this. It worked with
most SCSI drives, but required an HP series 300 (375 ish).
Marc Yuen of TRW (yuen@sp.trw.com perhaps) should have a copy, if HP can't
find one. (barring Marc, try karenat@donald.sp.trw.com)

We found that tossing the drive into the burn bag was cheeper (and easier)
sigh..... :( (the security guys returned the disk as sand....)

From: "Jeffrey A. Stuart" <ncoast!tdi3!jstuart@usenet.INS.CWRU.Edu>
----------------------------------------------

What about a program which simply writes some byte value to the disk or file.
As I remember, the old Norton Wipedisk/Wipefile did something similar. They
also had a "DES" option which would write binary 1 followed by a binary 0
followed by a binary 234 followed by a user specified value. This way you are
completely positive that the file/disk was erased. If you want, we can
discuss this in email further.

From: Gautam Das <gautam@bwc.org>
----------------------------------------------

Do a destructive scan, that writes a pattern and reads back.

Gautam

On Tue, 9 Aug 1994, Jim Redpath SRI Ft Bragg wrote:

From: Gautam Das <gautam@bwc.org>
----------------------------------------------

I have an idea.

Format the disk, newfs it, mount it. Then write 0s allover the disk till
it gets full -

        while (true)
        do
                echo 0 >> file
        done.

You can repeat above with other random patterns instead of 0 to feel safer.

From: perryh@pluto.rain.com (Perry Hutchison)
----------------------------------------------

The Norton Utilities can wipe a DOS disk to government standards, and
there is a Unix version which may also have such an ability. If not,
the DOS version could be used: attach the drive to a PC with SCSI
controller that can map the SCSI drive as a DOS drive, boot DOS from
floppy, use DOS fdisk to define the entire disk as a DOS partition,
then use Norton "wipedisk" to clean it.

From: ruupoe@thijssen.nl (Ruud van Poelgeest)
----------------------------------------------

i looked at a product (never tested) which is goverment proof. It looks
good to me.

The product is IniShred from Los Altos Technologies (LAT)

From: bernards@ECN.NL (Marcel Bernards)
----------------------------------------------

what about dd if=/dev/zero of=/dev/rsd3c count=<nr of max disk blocks> ?

This leaves you a disk with only $00 on 512 byte sectors.
However, it seems to be possible to read several levels of wiped out data.
I've read a story about a company specialized in recovering data on crashed or wiped out
hard disks.

From: Peter Allott <peter@essex.ac.uk>
----------------------------------------------

One suggestion
(1) format the disk - always good for a start.
(2) newfs the whole disk - (c partition on sunos 4.1.3 )
(3) mount the disk and cd to it
(4) Try dd if=/dev/zero of=a bs=20k

Item 4 will cause 0's to be writen to a file on the disk until it is full

You don't need to use 20k you may find a high number is better.

I guess you are on Solaris 2, as the best idea on 4.1.3 is to write a
very short c program to do writes until it fills the disk

From: Calum Mackay <calum.mackay@mrc-biostatistics.cambridge.ac.uk>
----------------------------------------------

Whats wrong with a low-level format? ie analyze, write test

alternatively you might try

dd if=/dev/zero of=/dev/rsd1c bs=56k

a few times...

From: wayne.sibley@aea.orgn.uk (Wayne Sibley 233/A32 x2230)
----------------------------------------------

        This may not be a suitable solution as I understand your
need for security is high but here's a couple of ideas:

        a. Write a small program that repeatedly write characters
           to a file until the disk is full (how elegant... NOT!)

        b. Use the analyze option of the format program to wipe
           out the disk.

Remember, you need to do this at least 5 times to be sure that your
data is irretrievable.

From: Dan Stromberg - OAC-DCS <strombrg@bingy.acs.uci.edu>
----------------------------------------------
Content-Length: 1159

There may be a program for it, but "dd if=/dev/zero of=/dev/sd0c",
should wipe out a system disk Pretty Thoroughly. You may get better
speeds by specifying a block size, and using the raw device.

From: gordoja@mcsunx.gs.com (Jeffrey Gordon)
----------------------------------------------

dd if=/dev/null of=/dev/rsd1c ?

From: zegarac@gdls.com (Dan Zegarac)
----------------------------------------------

Jim,
        If you get into format and go to analyse and then purge, it will wipe
the disk.

                                ////
                               (. .)
+--------------------------oOO--(_)--OOo--------------------------+
  Jim Redpath SRI International, Menlo Park CA
  jredpath@erg.sri.com Center for Technology Transfer
  Software Engineer and Integration
                               Fort Gordon, GA Field Site
                               Phone: (706) 798-3111
+-----------------------------------------------------------------+



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:07 CDT