Embed Size (px)
Citation preview
Sanitizing Data from Storage Devices with a Live CD Brian Compton
College of Technology – University of Houston
Sanitizing Data from Storage Devices with a Live CD Brian Compton
College of Technology – University of Houston
Problem Statement
Organizations often fail to properly remove data prior to retiring and discarding storage devices. This data can be discovered by 3rd parties, leading to a breach of data confidentiality. This can be avoided by incorporating the use of utilities that securely remove data into polices that address hardware retirement.
Problem Statement
Organizations often fail to properly remove data prior to retiring and discarding storage devices. This data can be discovered by 3rd parties, leading to a breach of data confidentiality. This can be avoided by incorporating the use of utilities that securely remove data into polices that address hardware retirement.
Free Open Source Tools Sanitize Data
The question at hand is how to completely and permanently remove data from storage devices. There are a number of utilities available that have the ability to completely remove data from storage media. They range from simple open source tools freely available to enterprise security applications that have a hefty cost. A company can integrate the use of free open source software into their security polices. Utilities available on Live CDs, such as BackTrack 4, can fulfill the need to completely remove date from storage devices prior to removing them from the enterprise. This is important to companies that prefer to donate or sell used equipment rather than destroying old devices.
The utilities available on Live CDs can be used on any many systems. One can sanitize a hard disk that is attached to the PC booting the Live CD. This can be done because the hard drive is not needed to operate the Linux OS from the cd. One can also sanitize any storage device that can be connected to the PC that has booted the Live CD. An external hard drive enclosure, flash drive, or card reader plugged into the PC via a USB connection can be mounted within Linux and wiped of data. The use of a Live CD gives on the ability to erase a hard drive that is malfunctioning or has a non-functioning operating system. As one becomes more familiar with the use of Linux Live CDs, they can even begin to develop scripts and routines to automate the process of correctly removing data form storage devices.
Free Open Source Tools Sanitize Data
The question at hand is how to completely and permanently remove data from storage devices. There are a number of utilities available that have the ability to completely remove data from storage media. They range from simple open source tools freely available to enterprise security applications that have a hefty cost. A company can integrate the use of free open source software into their security polices. Utilities available on Live CDs, such as BackTrack 4, can fulfill the need to completely remove date from storage devices prior to removing them from the enterprise. This is important to companies that prefer to donate or sell used equipment rather than destroying old devices.
The utilities available on Live CDs can be used on any many systems. One can sanitize a hard disk that is attached to the PC booting the Live CD. This can be done because the hard drive is not needed to operate the Linux OS from the cd. One can also sanitize any storage device that can be connected to the PC that has booted the Live CD. An external hard drive enclosure, flash drive, or card reader plugged into the PC via a USB connection can be mounted within Linux and wiped of data. The use of a Live CD gives on the ability to erase a hard drive that is malfunctioning or has a non-functioning operating system. As one becomes more familiar with the use of Linux Live CDs, they can even begin to develop scripts and routines to automate the process of correctly removing data form storage devices.
ConclusionCompanies are allowing private and sensitive data to slip out of
their control by not properly sanitizing data prior to retiring hardware. This should be addressed by adopting policies that stipulate the use of utilities to completely and securely remove data from storage devices before they are eliminated from the corporate environment. By adopting a sound policy and using free open source data erasing utilities, an organization can mitigate the threat of breaking data confidentiality. In addition to mitigating this threat, companies can opt to donate or sell retired hardware that has been properly sanitized, rather than destroying aging but useful equipment.
ConclusionCompanies are allowing private and sensitive data to slip out of
their control by not properly sanitizing data prior to retiring hardware. This should be addressed by adopting policies that stipulate the use of utilities to completely and securely remove data from storage devices before they are eliminated from the corporate environment. By adopting a sound policy and using free open source data erasing utilities, an organization can mitigate the threat of breaking data confidentiality. In addition to mitigating this threat, companies can opt to donate or sell retired hardware that has been properly sanitized, rather than destroying aging but useful equipment.
References
1.Busting the Multipass Erasure Myth by Craig Ball. Law Technology News. http://www.law.com/jsp/article.jsp?id=12024293423392.Wiping Data from Hard Drives by Seth Fogie. informIT. http://www.informit.com/guides/content.aspx?g=security&seqNum=1993.Deleted Does Not Mean Gone by Joe Sauver, Ph.D. Computing News. http://cc.uoregon.edu/cnews/summer2005/purge.htm4.Sanitization Methods by Jayson Oertel. Intelligent Computer Solutions. http://www.storagesearch.com/ics-art1.html
Headlines
1.Sensitive Data Left on Old Hard Drives. Layers Magazine. http://www.layersmagazine.com/sensitive-data-left-on-old-hard-drives.html2.eBay Hard Drives Hold Data by Lucas Mearian. Computerworld.http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9127717&taxonomyId=19&intsrc=kc_top3.Skeletons on Your Hard Drive by Matt Hines. Cnet. http://news.cnet.com/Skeletons-on-your-hard-drive/2100-1029_3-5676995.html4.Arrest Over Data-Stuffed Hard Drive Bought on eBay by Out-Law.com http://www.theregister.co.uk/2008/09/02/ebay_laptop_arrest/
References
1.Busting the Multipass Erasure Myth by Craig Ball. Law Technology News. http://www.law.com/jsp/article.jsp?id=12024293423392.Wiping Data from Hard Drives by Seth Fogie. informIT. http://www.informit.com/guides/content.aspx?g=security&seqNum=1993.Deleted Does Not Mean Gone by Joe Sauver, Ph.D. Computing News. http://cc.uoregon.edu/cnews/summer2005/purge.htm4.Sanitization Methods by Jayson Oertel. Intelligent Computer Solutions. http://www.storagesearch.com/ics-art1.html
Headlines
1.Sensitive Data Left on Old Hard Drives. Layers Magazine. http://www.layersmagazine.com/sensitive-data-left-on-old-hard-drives.html2.eBay Hard Drives Hold Data by Lucas Mearian. Computerworld.http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9127717&taxonomyId=19&intsrc=kc_top3.Skeletons on Your Hard Drive by Matt Hines. Cnet. http://news.cnet.com/Skeletons-on-your-hard-drive/2100-1029_3-5676995.html4.Arrest Over Data-Stuffed Hard Drive Bought on eBay by Out-Law.com http://www.theregister.co.uk/2008/09/02/ebay_laptop_arrest/
Sanitizing Data From Storage Devices Using a Live CDThere are three utilities commonly included on Live CD distributions that can be used to fully remove data from storage devices: wipe, shred, and dcfldd. BackTrack 4 contains all three utilities.
Sanitizing Data From Storage Devices Using a Live CDThere are three utilities commonly included on Live CD distributions that can be used to fully remove data from storage devices: wipe, shred, and dcfldd. BackTrack 4 contains all three utilities.
Why is this an issue?It is a common misconception that once someone deletes a file form a storage media, whether it is a standard hard drive, compact flash card, or a USB flash drive, that the data is gone. In reality, that data has simply been marked by the OS as being “over writable.” This means that the data still resides on the storage device. Even when someone does a standard format of a hard drive the data remains. Because standard deletions and format operations do not completely remove data from storage devices, organizations release unknown amounts of data as they donate, sell, or discard old equipment. Research has shown that used hard drives and devices (including cell phones) can be purchased from any number of vendors and mined for left over data. From a corporate standpoint, allowing storage devices to be released from company control without properly sanitizing the data is a complete breach of data confidentiality.
Why is this an issue?It is a common misconception that once someone deletes a file form a storage media, whether it is a standard hard drive, compact flash card, or a USB flash drive, that the data is gone. In reality, that data has simply been marked by the OS as being “over writable.” This means that the data still resides on the storage device. Even when someone does a standard format of a hard drive the data remains. Because standard deletions and format operations do not completely remove data from storage devices, organizations release unknown amounts of data as they donate, sell, or discard old equipment. Research has shown that used hard drives and devices (including cell phones) can be purchased from any number of vendors and mined for left over data. From a corporate standpoint, allowing storage devices to be released from company control without properly sanitizing the data is a complete breach of data confidentiality.
Data “Left-overs” in the News
Figure 1. This figure divides the issues concerning the sanitization of data from corporate devices amongst the three security vulnerabilities: people, process, technology.
There are abundant news articles covering the issue of data left on storage devices.
Wipe: Utility that overwrites existing data with preset patterns to completely obscure old data so that it may not be accessed again. The utility can be set to overwrite the storage media any number of times. Current research suggests that a single overwrite pass is sufficient to thorough destroy old data, although many still recommend using three passes. Wipe can erase hard drives and any storage device that can be attached to the PC via a USB connection. This utility is thorough but can be time consuming.
Shred: Utility that overwrites existing data with random characters to completely obscure old data so that it may not be accessed again. The default
number of overwrites for shred is 25, but this can be reduced to improve run time. Shred is more commonly used to completely remove files and directories, although it can remove entire partitions. This means that attached devices may
be erased as long as they are mounted as partitions in the operating system. Shred also has the option to do a final pass, overwriting data using only zeroes
in order to mask its previous use.
dcfldd: An update to the dd utility, most often used to create exact copies of disk images. Dcfldd can do thorough and compete wipes of disks. This utility can overwrite data using a preset pattern and has the ability to verify that all readable data has been obscured. The quick wipe capability of dcfldd functions quicker than wipe and shred. This utility can sanitize hard drives and any other storage devices attached to the PC and mounted within the operating system.
