1 / 1

Sanitizing Data from Storage Devices with a Live CD Brian Compton

Sanitizing Data from Storage Devices with a Live CD Brian Compton College of Technology – University of Houston. Problem Statement

Download Presentation

Sanitizing Data from Storage Devices with a Live CD Brian Compton

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Sanitizing Data from Storage Devices with a Live CD Brian Compton College of Technology – University of Houston Problem Statement Organizations often fail to properly remove data prior to retiring and discarding storage devices. This data can be discovered by 3rd parties, leading to a breach of data confidentiality. This can be avoided by incorporating the use of utilities that securely remove data into polices that address hardware retirement. Free Open Source Tools Sanitize Data The question at hand is how to completely and permanently remove data from storage devices. There are a number of utilities available that have the ability to completely remove data from storage media. They range from simple open source tools freely available to enterprise security applications that have a hefty cost. A company can integrate the use of free open source software into their security polices. Utilities available on Live CDs, such as BackTrack 4, can fulfill the need to completely remove date from storage devices prior to removing them from the enterprise. This is important to companies that prefer to donate or sell used equipment rather than destroying old devices. The utilities available on Live CDs can be used on any many systems. One can sanitize a hard disk that is attached to the PC booting the Live CD. This can be done because the hard drive is not needed to operate the Linux OS from the cd. One can also sanitize any storage device that can be connected to the PC that has booted the Live CD. An external hard drive enclosure, flash drive, or card reader plugged into the PC via a USB connection can be mounted within Linux and wiped of data. The use of a Live CD gives on the ability to erase a hard drive that is malfunctioning or has a non-functioning operating system. As one becomes more familiar with the use of Linux Live CDs, they can even begin to develop scripts and routines to automate the process of correctly removing data form storage devices. Why is this an issue? It is a common misconception that once someone deletes a file form a storage media, whether it is a standard hard drive, compact flash card, or a USB flash drive, that the data is gone. In reality, that data has simply been marked by the OS as being “over writable.” This means that the data still resides on the storage device. Even when someone does a standard format of a hard drive the data remains. Because standard deletions and format operations do not completely remove data from storage devices, organizations release unknown amounts of data as they donate, sell, or discard old equipment. Research has shown that used hard drives and devices (including cell phones) can be purchased from any number of vendors and mined for left over data. From a corporate standpoint, allowing storage devices to be released from company control without properly sanitizing the data is a complete breach of data confidentiality. Sanitizing Data From Storage Devices Using a Live CD There are three utilities commonly included on Live CD distributions that can be used to fully remove data from storage devices: wipe, shred, and dcfldd. BackTrack 4 contains all three utilities. Figure 1. This figure divides the issues concerning the sanitization of data from corporate devices amongst the three security vulnerabilities: people, process, technology. Wipe: Utility that overwrites existing data with preset patterns to completely obscure old data so that it may not be accessed again. The utility can be set to overwrite the storage media any number of times. Current research suggests that a single overwrite pass is sufficient to thorough destroy old data, although many still recommend using three passes. Wipe can erase hard drives and any storage device that can be attached to the PC via a USB connection. This utility is thorough but can be time consuming. Conclusion Companies are allowing private and sensitive data to slip out of their control by not properly sanitizing data prior to retiring hardware. This should be addressed by adopting policies that stipulate the use of utilities to completely and securely remove data from storage devices before they are eliminated from the corporate environment. By adopting a sound policy and using free open source data erasing utilities, an organization can mitigate the threat of breaking data confidentiality. In addition to mitigating this threat, companies can opt to donate or sell retired hardware that has been properly sanitized, rather than destroying aging but useful equipment. Data “Left-overs” in the News Shred: Utility that overwrites existing data with random characters to completely obscure old data so that it may not be accessed again. The default number of overwrites for shred is 25, but this can be reduced to improve run time. Shred is more commonly used to completely remove files and directories, although it can remove entire partitions. This means that attached devices may be erased as long as they are mounted as partitions in the operating system. Shred also has the option to do a final pass, overwriting data using only zeroes in order to mask its previous use. There are abundant news articles covering the issue of data left on storage devices. References Busting the Multipass Erasure Myth by Craig Ball. Law Technology News. http://www.law.com/jsp/article.jsp?id=1202429342339 Wiping Data from Hard Drives by Seth Fogie. informIT. http://www.informit.com/guides/content.aspx?g=security&seqNum=199 Deleted Does Not Mean Gone by Joe Sauver, Ph.D. Computing News. http://cc.uoregon.edu/cnews/summer2005/purge.htm Sanitization Methods by Jayson Oertel. Intelligent Computer Solutions. http://www.storagesearch.com/ics-art1.html Headlines Sensitive Data Left on Old Hard Drives. Layers Magazine. http://www.layersmagazine.com/sensitive-data-left-on-old-hard-drives.html eBay Hard Drives Hold Data by Lucas Mearian. Computerworld.http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=storage&articleId=9127717&taxonomyId=19&intsrc=kc_top Skeletons on Your Hard Drive by Matt Hines. Cnet. http://news.cnet.com/Skeletons-on-your-hard-drive/2100-1029_3-5676995.html Arrest Over Data-Stuffed Hard Drive Bought on eBay by Out-Law.com http://www.theregister.co.uk/2008/09/02/ebay_laptop_arrest/ dcfldd: An update to the dd utility, most often used to create exact copies of disk images. Dcfldd can do thorough and compete wipes of disks. This utility can overwrite data using a preset pattern and has the ability to verify that all readable data has been obscured. The quick wipe capability of dcfldd functions quicker than wipe and shred. This utility can sanitize hard drives and any other storage devices attached to the PC and mounted within the operating system.

More Related