Sanitizing Data from Storage Devices with a Live CD Brian Compton College of Technology – University of Houston Sanitizing Data from Storage Devices with a Live CD Brian Compton College of Technology – University of Houston Problem Statement Organizations often fail to properly remove data prior to retiring and discarding storage devices. This data can be discovered by 3 rd parties, leading to a breach of data confidentiality. This can be avoided by incorporating the use of utilities that securely remove data into polices that address hardware retirement. Problem Statement Organizations often fail to properly remove data prior to retiring and discarding storage devices. This data can be discovered by 3 rd parties, leading to a breach of data confidentiality. This can be avoided by incorporating the use of utilities that securely remove data into polices that address hardware retirement. Free Open Source Tools Sanitize Data The question at hand is how to completely and permanently remove data from storage devices. There are a number of utilities available that have the ability to completely remove data from storage media. They range from simple open source tools freely available to enterprise security applications that have a hefty cost. A company can integrate the use of free open source software into their security polices. Utilities available on Live CDs, such as BackTrack 4, can fulfill the need to completely remove date from storage devices prior to removing them from the enterprise. This is important to companies that prefer to donate or sell used equipment rather than destroying old devices. The utilities available on Live CDs can be used on any many systems. One can sanitize a hard disk that is attached to the PC booting the Live CD. This can be done because the hard drive is not needed to operate the Linux OS from the cd. One can also sanitize any storage device that can be connected to the PC that has booted the Live CD. An external hard drive enclosure, flash drive, or card reader plugged into the PC via a USB connection can be mounted within Linux and wiped of data. The use of a Live CD gives on the ability to erase a hard drive that is malfunctioning or has a non- functioning operating system. As one becomes more familiar with the use of Linux Live CDs, they can even begin to develop scripts and routines to automate the process of correctly removing data form storage devices. Free Open Source Tools Sanitize Data The question at hand is how to completely and permanently remove data from storage devices. There are a number of utilities available that have the ability to completely remove data from storage media. They range from simple open source tools freely available to enterprise security applications that have a hefty cost. A company can integrate the use of free open source software into their security polices. Utilities available on Live CDs, such as BackTrack 4, can fulfill the need to completely remove date from storage devices prior to removing them from the enterprise. This is important to companies that prefer to donate or sell used equipment rather than destroying old devices. The utilities available on Live CDs can be used on any many systems. One can sanitize a hard disk that is attached to the PC booting the Live CD. This can be done because the hard drive is not needed to operate the Linux OS from the cd. One can also sanitize any storage device that can be connected to the PC that has booted the Live CD. An external hard drive enclosure, flash drive, or card reader plugged into the PC via a USB connection can be mounted within Linux and wiped of data. The use of a Live CD gives on the ability to erase a hard drive that is malfunctioning or has a non- functioning operating system. As one becomes more familiar with the use of Linux Live CDs, they can even begin to develop scripts and routines to automate the process of correctly removing data form storage devices. Conclusion Companies are allowing private and sensitive data to slip out of their control by not properly sanitizing data prior to retiring hardware. This should be addressed by adopting policies that stipulate the use of utilities to completely and securely remove data from storage devices before they are eliminated from the corporate environment. By adopting a sound policy and using free open source data erasing utilities, an organization can mitigate the threat of breaking data confidentiality. In addition to mitigating this threat, companies can opt to donate or sell retired hardware that has been properly sanitized, rather than destroying aging but useful equipment. Conclusion Companies are allowing private and sensitive data to slip out of their control by not properly sanitizing data prior to retiring hardware. This should be addressed by adopting policies that stipulate the use of utilities to completely and securely remove data from storage devices before they are eliminated from the corporate environment. By adopting a sound policy and using free open source data erasing utilities, an organization can mitigate the threat of breaking data confidentiality. In addition to mitigating this threat, companies can opt to donate or sell retired hardware that has been properly sanitized, rather than destroying aging but useful equipment. References 1.Busting the Multipass Erasure Myth by Craig Ball. Law Technology News Wiping Data from Hard Drives by Seth Fogie. informIT Deleted Does Not Mean Gone by Joe Sauver, Ph.D. Computing News Sanitization Methods by Jayson Oertel. Intelligent Computer Solutions. Headlines 1.Sensitive Data Left on Old Hard Drives. Layers Magazine eBay Hard Drives Hold Data by Lucas Mearian. Computerworld &taxonomyId=19&intsrc=kc_top &taxonomyId=19&intsrc=kc_top 3.Skeletons on Your Hard Drive by Matt Hines. Cnet Arrest Over Data-Stuffed Hard Drive Bought on eBay by Out-Law.com References 1.Busting the Multipass Erasure Myth by Craig Ball. Law Technology News Wiping Data from Hard Drives by Seth Fogie. informIT Deleted Does Not Mean Gone by Joe Sauver, Ph.D. Computing News Sanitization Methods by Jayson Oertel. Intelligent Computer Solutions. Headlines 1.Sensitive Data Left on Old Hard Drives. Layers Magazine eBay Hard Drives Hold Data by Lucas Mearian. Computerworld &taxonomyId=19&intsrc=kc_top &taxonomyId=19&intsrc=kc_top 3.Skeletons on Your Hard Drive by Matt Hines. Cnet Arrest Over Data-Stuffed Hard Drive Bought on eBay by Out-Law.com Sanitizing Data From Storage Devices Using a Live CD There are three utilities commonly included on Live CD distributions that can be used to fully remove data from storage devices: wipe, shred, and dcfldd. BackTrack 4 contains all three utilities. Sanitizing Data From Storage Devices Using a Live CD There are three utilities commonly included on Live CD distributions that can be used to fully remove data from storage devices: wipe, shred, and dcfldd. BackTrack 4 contains all three utilities. Why is this an issue? It is a common misconception that once someone deletes a file form a storage media, whether it is a standard hard drive, compact flash card, or a USB flash drive, that the data is gone. In reality, that data has simply been marked by the OS as being “over writable.” This means that the data still resides on the storage device. Even when someone does a standard format of a hard drive the data remains. Because standard deletions and format operations do not completely remove data from storage devices, organizations release unknown amounts of data as they donate, sell, or discard old equipment. Research has shown that used hard drives and devices (including cell phones) can be purchased from any number of vendors and mined for left over data. From a corporate standpoint, allowing storage devices to be released from company control without properly sanitizing the data is a complete breach of data confidentiality. Why is this an issue? It is a common misconception that once someone deletes a file form a storage media, whether it is a standard hard drive, compact flash card, or a USB flash drive, that the data is gone. In reality, that data has simply been marked by the OS as being “over writable.” This means that the data still resides on the storage device. Even when someone does a standard format of a hard drive the data remains. Because standard deletions and format operations do not completely remove data from storage devices, organizations release unknown amounts of data as they donate, sell, or discard old equipment. Research has shown that used hard drives and devices (including cell phones) can be purchased from any number of vendors and mined for left over data. From a corporate standpoint, allowing storage devices to be released from company control without properly sanitizing the data is a complete breach of data confidentiality. Data “Left-overs” in the News People Educate IT Staff about need for data sanitization Train how to use Live CD Tools Technology Choose a Live CD variety Adopt a utility or utilities to handle data removal Hard drives, flash drives, flash storage cards, tapes all need to be sanitized Processes Create / amend security policy concerning the use of Live CD tools for data sanitization. Create / amend procedure to sanitize data from devices upon retirement Figure 1. This figure divides the issues concerning the sanitization of data from corporate devices amongst the three security vulnerabilities: people, process, technology. There are abundant news articles covering the issue of data left on storage devices. Wipe: Utility that overwrites existing data with preset patterns to completely obscure old data so that it may not be accessed again. The utility can be set to overwrite the storage media any number of times. Current research suggests that a single overwrite pass is sufficient to thorough destroy old data, although many still recommend using three passes. Wipe can erase hard drives and any storage device that can be attached to the PC via a USB connection. This utility is thorough but can be time consuming. Shred: Utility that overwrites existing data with random characters to completely obscure old data so that it may not be accessed again. The default number of overwrites for shred is 25, but this can be reduced to improve run time. Shred is more commonly used to completely remove files and directories, although it can remove entire partitions. This means that attached devices may be erased as long as they are mounted as partitions in the operating system. Shred also has the option to do a final pass, overwriting data using only zeroes in order to mask its previous use. dcfldd: An update to the dd utility, most often used to create exact copies of disk images. Dcfldd can do thorough and compete wipes of disks. This utility can overwrite data using a preset pattern and has the ability to verify that all readable data has been obscured. The quick wipe capability of dcfldd functions quicker than wipe and shred. This utility can sanitize hard drives and any other storage devices attached to the PC and mounted within the operating system.