Solved

Anything special to be done to securely erase a raid 1 array?

Posted on 2011-03-18
10
1,331 Views
Last Modified: 2012-05-11
Hi Experts,

Can anyone recommend a particular application to run on servers with a Raid1 array to completely and securely erase the data they held before disposing and/or donating them?  Not sure if something like the UBCD will have the drivers to see the array to run one of it's normal apps.

Thanks!  
0
Comment
Question by:Jsmply
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 12

Accepted Solution

by:
antony_kibble<!-8D58D5C365651885FB5A77A120C8C8C6--> earned 100 total points
ID: 35165070
Darik's Boot and Nuke.

http://www.dban.org/

Make sure you read the documentation regarding erasing RAID drives.
0
 

Author Comment

by:Jsmply
ID: 35165090
Thanks.  Used dban on single drives.  So the raid array would have to be disassembled and the individual disks wiped one at a time instead of wiping the array?
0
 
LVL 9

Assisted Solution

by:rsoly777
rsoly777 earned 100 total points
ID: 35166651
Grab a copy of Eraser

Freeware under the GNU public license - http://eraser.heidi.ie/

You can configure how many passes and what level of wipe you require.
The one caveat is that Eraser works through the file system, so Eraser will not access any space the RAID sub-system has not made available to the file system.
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 

Author Comment

by:Jsmply
ID: 35172757
Rsoly, would dban have that same caveat?  Turning them to normal disks through the raid manager and running dban?
0
 
LVL 64

Assisted Solution

by:btan
btan earned 200 total points
ID: 35174383
My understanding is that DBAN uses Linux to boot up, and can wipe IDE, SATA, XT, and SCSI hard drives. For RAID devices, if it is hardware RAID then DBAN may see one drive and wipe it without any problems (provided it recognised the controller). For software RAID, it gets tricky because when you boot from DBAN CD, the OS where the software RAID is installed does not start - therefore DBAN may not see your disks. Maybe you can try wiping each hard drive individually. You can't wipe if you can't see :)

For Eraser it attempts to write files to wipe free space, the RAID array presumably sees them as files and will do with them what it does with any other files. The caveat for Eraser stands though

Not only the RAID aspects we may also need to consider the HPA (Host Protected Area). These are areas where would be specific by vendor to store recovery information or tool or even for RAID controller to contain some details. If really going for clean wipe, these area should be erased as well. But typically there will be no user data though, so it is not a major concern. If it were of a concern, suggested in Eraser forum, you can always reset the HPA using Linux tools (e.g. hdparm) and then do a free space erase (or a partition erase found in Eraser 6.2).

Overall, do look at this forum which has vast information and helper folks in the secure wipe using Eraser and DBAN. Most of the information above is from the forum advices
@ http://www.heidi.ie/forum3/viewforum.php?f=30

Also good to note that
a) the effectiveness of the overwrite procedure may be reduced by several factors: ineffectiveness of the overwrite procedures, equipment failure (e.g., misalignment of read/write heads), or inability to overwrite bad sectors or tracks or information in inter-record gaps.

b) Three techniques are commonly used for media sanitization: overwriting, degaussing, and destruction. Overwriting and degaussing are the methods recommended for disposition of sensitive automated information.

It is always best to confirm with forensic recovery tool such as getdataback, encase etc after the erasing (this is always neglected especially when there is log of such task to complete, do not compromise :p)

0
 

Author Comment

by:Jsmply
ID: 35175881
Thanks. Dropped the disks out of raid and dban sees them both separately and wiped them. Is there still a concern of the hpa?
0
 
LVL 64

Assisted Solution

by:btan
btan earned 200 total points
ID: 35177332
actually will not matter as much as mentioned it is not used for user access. the primary function of the HPA is to store diagnostic utilities as well as a boot record.

more info on hpa and dco in this link
http://www.datarecoverytools.co.uk/2010/01/15/hpa-host-protected-area/

but if you want to trust but verify, check out this using the hdparam command. would be better to check with vendor of existence of hpa or dco too

http://www.forensicswiki.org/wiki/DCO_and_HPA
0
 
LVL 4

Assisted Solution

by:JohnDecker
JohnDecker earned 100 total points
ID: 35185449
Take a large hammer to them. Seriously.

If you don't need them and are disposing them, break them.
0
 

Author Comment

by:Jsmply
ID: 35186580
Thanks.  In some situations they would be re-used though.
0
 

Author Closing Comment

by:Jsmply
ID: 35186585
Thx all.
0

Featured Post

Is Your DevOps Pipeline Leaking?

Is your CI/CD pipeline a hodge-podge of randomly connected tools? You’ve likely got a tool to fix one problem & then a different tool to fix another, resulting in a cluster of tools with overlapping functionality. Learn how to optimize your pipeline with Gartner's recommendations

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Moving your enterprise fax infrastructure from in-house fax machines and servers to the cloud makes sense — from both an efficiency and productivity standpoint. But does migrating to a cloud fax solution mean you will no longer be able to send or re…
Finding original email is quite difficult due to their duplicates. From this article, you will come to know why multiple duplicates of same emails appear and how to delete duplicate emails from Outlook securely and instantly while vital emails remai…
This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question