?
Solved

Securely erasing files on AS/400

Posted on 2013-11-28
4
Medium Priority
?
937 Views
Last Modified: 2013-11-29
We are going through a PCI audit and they are asking us to ensure that when we delete any file that contains Card Holder Data (CC Number, Name, Exp Date, Etc) it is deleted in such a way the operating system or utility can not recover it - basically we need to delete the file and have it overwritten multiple times on our AS/400. This would be like the SRM (Secure Remove) in UNIX, Shred in Linux, and PGPShred in Windows.

How could I accomplish this on our AS/400 - both in a standard library and on the IFS?

Here is the PCI-DSS 2.0 section that we are trying to comply with:

9.10.2 Render cardholder data on electronic media unrecoverable so that cardholder data cannot be reconstructed.

Verify that cardholder data on electronic media is rendered unrecoverable via a secure wipe program in accordance with industry-accepted standards for secure deletion, or otherwise physically destroying the media (for example, degaussing).
0
Comment
Question by:SamSchulman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 64

Expert Comment

by:btan
ID: 39684610
0
 
LVL 35

Accepted Solution

by:
Gary Patterson earned 1000 total points
ID: 39684636
Just so we are on the same page - this part of section 9 deals with decommissioning media that is no longer needed:

9.10 Destroy media containing cardholder data when it is no longer needed for business or legal reasons as follows:

9.10.1 Cross-cut shred, incinerate, or pulp hardcopy materials

9.10.2 Purge, degauss, shred, or otherwise destroy electronic media so that cardholder data cannot be reconstructed

http://www.pcisecuritystandards.org/documents/pci_dss_v2.pdf (Page 54)

So this section applies, for example, to disk units that are removed from the system due to maintenance or upgrades- not to "live" systems.  

IBM offers a "disk sanitize" tool that is adequate for this purpose:

http://www-01.ibm.com/support/docview.wss?uid=nas8N1014286

Of course, this only works with disk units that are functional.   Nonfunctional disks need to be physically destroyed in order to be in compliance.

Decommissioned backup tapes need to be securely erased, too.  The only practical way to to this in any volume is using a degausser.

Destroy optical media.  Larger shredders can handle optical disks.

- Gary Patterson
0
 
LVL 14

Assisted Solution

by:daveslater
daveslater earned 1000 total points
ID: 39684835
Also remember that the system i stores data in a completely different way to other systems. Data is scattered across multiple disks therefore one disk with-out the fully array is useless.
When we are deleting records from a Credit Card files we use a two phase approach.
1. Read the record; then update the details with *Hival
2. Physically delete the record
This takes a bit longer but we only delete about 200 CC details per day so the overhead is not an issue - any undelete utilits can then only pick up *Hival and not the actual data.
Dave
0
 
LVL 35

Expert Comment

by:Gary Patterson
ID: 39686046
@daveslater - A couple of comments:

1) Even with single level store architecture and block-level RAID (including all of the the most common levels - 0,1,5,6,10) full blocks of contiguous data still get written out to physical disk units.  So it is certainly possible to recover full rows or groups of rows, or small IFS files or chunks of larger files from a single decommissioned IBM i / iSeries / AS/400 drive (or from a SAN connected to the same) out of a RAID set that uses any of the block striping RAID methods.

RAID 2 & 3 use bit-level and byte-level striping.  To recover usable data from these sets, all but one disk unit in the set is required.

IBM i and Midrange External Storage Redbook has some good diagrams:

http://www.redbooks.ibm.com/abstracts/SG247668.html?Open

2) Row-level data destruction doesn't apply to PCI DSS-2 9.10.2 compliance, which was the question, so I'm going a little off-topic here - apologies in advance.  

Our DB2 row-level data destruction process is similar to yours, except we don't overwrite with ones (*HIVAL).  Instead we use one of two selectable patterns:  a randomly-generated overwrite pattern and the triple-pass method (zeros, then ones, then a random pattern).  

In real world situations, anything more than a simple overwrite in my opinion is overkill (and a potential performance nightmare), but security people (and yes, that's one of the hats I wear) often write "conservative" specifications, since reducing risk is the name of the security game.  So by enabling use of a single-pass of random data and the triple-pass method, you've got options available that cover most of the "soft" data destruction requirements that you are likely to get hit with.

Here's an interesting paper on the subject of data recovery from overwritten disks - it changed my mind about the need for complex or "multi-pass" drive wiping procedures.

http://privazer.com/overwriting_hard_drive_data.The_great_controversy.pdf

- Gary Patterson
0

Featured Post

Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses
Course of the Month11 days, 3 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question