Does anyone have a resource for hard drive sanitation tools. We are

[warmongr]

Does anyone have a resource for hard drive sanitation tools. We are <br>
using wipedisk from Symantec, however it doesn't support drives with partitions <br>
bigger than 2 Gb, so if we sanitize a disk 10 gig it takes forever +1 to sanitize. Due <br>
to the work that we do for the gov't it has to be sanctioned by them, however all the <br>
documentation that we get from DSS seems to have been written during the DOS <br>
days when 10 Mb harddrives were the sh?t.<br>
<br>

 

[cloudy]

I've heard others complain about this situation. So I can recall having searched for tools for others and came up short Perhaps a company such as

http://www.ontrack.com

could help you out with some resources. I know they would do the work for you, but I also know you wanna do it yourself.

 

[warmongr]

There is a product called UNISHRED PRO which us an excellent tool, however the licensing is a nightmare and I don't know if it is tested tried and true to gov't standards. Any idea where I can find out?<br>
<br>

 

[cloudy]

I've read that Unishred Pro is very tried and true to gov't standards. From info I have read, I quote, "The program's advanced overwriting methods are complete, flexible and thorough - meeting the regulatory requirements of the Department of Defense, National Computer Security Center and the Departments of the Navy, Air Force and Army. <br>
UniShred Pro is on the Assessed Products Lists of the Navy and the Air Force and on the In- USE Products List of the<br>
Defense Investigative Service."<br>
<br>
I found this information on the following site, which you might visit to find out other pertinenet information. I couldn't verify their claims, but I don't think what looks like a well established company would make such claims if it were not true. Good luck to you and your company <br>
<br>

http://www.lat.com/usp_main.htm<br>

<br>
<br>

 

[warmongr]

Again,<br>
<br>
Thanks. More questions coming I'm sure.<br>
<br>
war...

 

[warmongr]

Checked into UNI-Shred Pro: Licensing is ridiculous. 30.00 for each workstation? I want it on one machine. Oh that's ok, we have packets that you can by for only 10,000.00 dollars. They don't support linux, or even IDE. I'm happy with my old Symantec tools and fx (Irix 6.xxx).<br>
<br>
Gotta run.

 

[cloudy]

ok...best of luck to ya warmongr...always good chatting witha problem solvers cyaround

 

[warmongr]

New one. Does a low-level format destroy the bad-blocks table on a SCSI drive?<br>
<br>
war...

 

[robherc]

War-<br>
<br>
&nbsp;&nbsp;&nbsp;&nbsp;Refer to my answer in the other thread you posted, starting with this question: low-level _will_ do the job, but is *not* necessary in _most_ cases. Though I'm not quite sure which OS(s) you are using.....that might help.<br>
<br>
<br>
-Robherc<br>
robherc@netzero.net

 

[Mal]

The Aust Defence Department uses Nortons Govt Wipe. Dont know how effective thought

 

[pfp]

<A HREF="

http://www.itsec.gov.uk"

TARGET="_new">

http://www.itsec.gov.uk</A>

has a listed of currently accredited products and their assurance level.<br>
<br>
I presume that this is for use on drives containing nothing higher than 'restricted' data as otherwise they should be destroyed by a GCHQ approved agency. <br>
<br>
The CESG rules for restricted data say it should be deleted in such a manner that the user can confirm that it has been physically deleted. This implies that it is the process of confirmation that must be accredited rather than the deletion tool.

 

[warmongr]

These drives have a classification of Secret and DSS has standard procedures for santizing drives under different operating systems. IRIS and fx, Solaris and Format, and DOS and Wipedisk are examples. Procedures are documented tested and approved by DSS Lab rats. So we do not have to destroy the disks. Yours is economically feasible if I were dealing strictly with IDE drives, however I am using several older systems such as SGI ONYX systems and some antiquated HW and SW the Navy and Air Force are using where drive prices are phenominal due to proprietary purchasing, several hundred years ago. (ie. 1000.00 for a 2Gb full height SCSI drive)<br>
<br>
I have been to your reference and my concerns still stand. Most of the tools listed work great on IDE drives &lt;=2Gb. I am working with mostly newer technology (with the exception of my note above) in a research and development field. Drives must be sanitized after most projects. A project may involve 1 machine or 100 machines. Drives &gt;= 13Gb sometimes require repartitioning and formatting into 2Gb partitions before I can run my sanitization procedures. I am merely in search of an economical, current solution. I get the feeling that people (industry) does not take sanitization seriously anymore due to low drive cost.

 

[pfp]

I made the assumption that the disks were to be de-classified, as you are going to re-use them on other classified projects you are quite right (assuming that US and UK secret squirrel rules are the same).<br>
<br>
I think your last point is correct, and the problem is that users like us are rare compared to the great unwashed commercial community - hence high prices as in UNIshred pro 'cause clef evaluation lab rats have to be paid (usually lots). <br>
<br>
Sounds like this should be a gov. financed project to produce a simple product to enable us to meet their assurance requirements.

 

[warmongr]

Thanks php. I totally agree with you. When I go to security conferences for the governement organizations, I am completely turned-off on their technical prowess. They are great about showing what they are technically able to pull off of a harddrive, then go on to tell you that you must ensure you are compliant and use the correct tools. Ask them to supply you with what they use to santize drives and you get the same response. <br>
<br>
&quot;uhhh!! Well we just destroy the dirves and replace them with new ones&quot;<br>
<br>
Thanks again Gov.<br>
And thank you pfp. Now I'm pissed again. <br>
<br>
war...

 

[1bemlr]

If you can manage where your sensitive data is stored on your hard disk you can wipe these individual files using bcwipe.exe. It also cleans the swapfile. This may be useful to some of you. Check it out....<br>
BCWipe - Wipe Utility for Windows 95/98 and Windows NT 4.0<br>
(freeware part of BestCrypt Data Protection system)<br>
Jetico, Inc., 1993-1998<br>
<br>
<br>

 

[warmongr]

Boy, this sure is a long lived thread. Here is update 2000:<br><br>I have been using a product to called Norton Ghost to image drives and create a standard baseline for my windows weenies.&nbsp;&nbsp;(I'm a Linux guy)&nbsp;&nbsp;Well much to my amazement there is a utility that shipped with my version of GHOST (Enterprise Edition 6.0) called Gdisk this is a ramped up version of fdisk and wipedisk/wipeinfo in one.&nbsp;&nbsp;(Don't use it to wipe files)<br><br>Using gdisk c: /DOD will wipe the contents of the entire disk 3 passes and is conformant with DoD 5200.28-STD.&nbsp;&nbsp;I have tested it on drives no larger than 6 Gb and have found that it does the entire disk without the need to repartition into 2 Gb. segments.&nbsp;&nbsp;I have been unable to recover any data off of the drive.&nbsp;&nbsp;I am in the process now of drafting a paper to send to DSS for approval of this tool at our facility.<br><br>Summary:<br><br>While I am somewhat dissatisfied with the quality of products from Symantec with respect to that virus they made called Crash Guard, it is nice to see some good old fashion Peter Norton code.&nbsp;&nbsp;Pete saved the day.&nbsp;&nbsp;(probably had nothing to do with it but, I can dream right?)&nbsp;&nbsp;I am not sure how licensing works, however I suspect it to be like wipedisk.&nbsp;&nbsp;Go forth, declassify and save your company/organization/command some money and make yourself look good.<br><br>war...&nbsp;&nbsp;

 

[dydavid]

DataEraser -

http://www.ontrack.com/dataeraser/

Overcomes bios limits,

http://www.ontrack.com/dataeraser/comparison.asp

Dave Y

 

[brianpaterson]

You should use WipeInfo which can be made into a bootable disk and has switches available to select the level of scrubbing. The switch you need is funnily enough DOD. You can get a copy from the INFOSEC section at SHAPE. If you work for the Gov this should pose no probs.

Cheers

Brian B-)
Brian
brianpaterson@freeuk.com