MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » March 2014

Re: DOD erase



fixed

On 04-Mar-2014 18:30 -0800, DrFranken wrote:
On 3/4/2014 9:00 PM, Jerome Draper wrote:

Suggestions for doing a DOD erase of an IBMi?

1. PRPQ Disk Sanitizer
2. Map a drive and use a Windows disk clean pgm
3. Boot Linux and use a Linux disk clean pgm
4. Other solution?

I Used this logic to clean up a few different systems now.

Delete all user identifiable information:
<<SNIP list>>

The theory here being you still have on the system ONLY the stuff
that is IBM and it was on the disk before so the places it occupies
are not critical to a data wipe.

The theory is, unfortunately, flawed. There is a significant amount of potential for "user" information to remain in inconspicuous places. Essentially, ensuring all of the tasks required to literally "delete all user identifiable information" is exhaustive, is very difficult and certainly requires an even more extensive list; and I even expect, that a much more extensive list might still miss some. If there is a true requirement to ensure user information is not on the disks, I recommend against trying to RYO process.

Now use a small program to write records of 1K Bytes using binary
pattern '11111111'. Fill up the system until the disks are full
99.9%. I used multiple copies of the file in different libraries and
ran as many as possible until the disks were all being hammered
pretty good.

Now clear the files (Faster to clear and re-write than to overwrite
the records.)

Now write pattern 01010101.
Repeat with pattern 10101010.
Repeat with pattern 0000000.

When you think you've written enough patterns, manual IPL to an i
7.1 DVD and install the LIC. Then add all disks to the ASP to write
a final pattern of 0's to all of them.

Specifically a scratch install of the LIC and OS prior to running that program would be much more appropriate, to ensure at least one overwrite of all information. Much simpler than trying to devise a truly comprehensive list of tasks to eliminate user information which is IMO a fool's errand.

Alternatively you could instead do:

D-IPL from DVD.
Install the LIC.
Stop all RAID
Add all units to ASP
This step will make one pass over the disks writing 0's. So that's
pretty much got it there already as we know but not DOD level.

I infer that implies a scratch-install, whereby the LIC is actually being installed after the disks are initialized. Otherwise, part of the issue regarding user information never being overwritten remains.

Then run the program as listed above.
<<SNIP>>

... requiring that the install continued, to include the OS.






Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact