Data-Media destruction

From popdata
Jump to: navigation, search

Media Destruction

  • Hard Drive collection
    • Every decommissioned computer has it's Hard drive removed and the drives are stored in a drive collection area in the server room (purple zone).
    • The log of destroyed/wiped drives is kept in the purple zone. Information about the drives is entered here when the wipe is performed or when the drive destruction is scheduled.
    • In the event of drive destruction, the systems and security staff will oversee this process.
  • CDs and DVDs are also collected in a repository in the purple zone.
    • Their destruction is logged when they are shredded by S&S staff in house.

Data Destruction

  • Security Incidents
    • Data placed inappropriately in a project on SRE, upon review action may include: temporarily locking out users, inspecting files, archiving and/or destroying files.
    • Data exported to a user's machine: interview all involved individuals and identify where copies of data may have landed (ex: hard drive, email ...). Where possible we supervise secure erasing of data from all these devices, or where impractical have erasing done by someone else on location, and get attestations. Windows software "BCWIPE" thoroughly erases particular files or free space where residual copies might lurk.
  • Project Closure
    • Some projects stipulate that all data is to be destroyed at project closure. In this situation, the RLU would alert S&S staff as to when this should be done.
  • For archive-and-delete of an entire project: /usr/local/bin/sre-archive-project {PROJECT_NUM}
    • Will first do some sanity checks (project directory exists, warn if members still present, list sizes of each subdirectory tree (i.e. DATA, working, and users), then for each subdirectory tree archive, then prompt to delete.
      • S&S staff member that deletes the files will sign a document provided by the RLU - The Confirmation of Data Destruction (Section 2) in the project closure document.
    • Where appropriate an archive copy of all files will be kept, for example in TGZ compressed format on Fraser under /sredata/Archived/sre/{PROJECT#}/
  • Courses on SRTL cycle through a set of students about once per year. After end of each course session student files are archived to /sredata/Archive/srtl/{COURSE#} and deleted. Script srtl-archive-students produce for each student specified an archive named e.g. "akslaun-phda-03-131113.1.tgz", containing a copy of everything from personal, working and submit folders.
  • Miscellaneous requests for archive-and-delete
  • For straightforward archive-and-delete of a single directory, see OTRS ticket "SRE - files to be removed" at https://otrs.popdata.bc.ca/index.pl?Action=AgentTicketZoom;TicketID=2654#10998
  • Commands: (where {PP} is project-number, and {YYMMDD} is date of archiving.
    • mkdir -p /sredata/Archived/sre/{PP}/removed-{YYMMDD}
    • cd /data/sre/{PP}/DATA
    • sre-archive -n /sredata/Archived/sre/{PP}/removed-{YYMMDD} DATA/2013-02-20-cohort1/acg ("-n" is for "not-really". Omit "-n" to archive, then delete when prompted. )
  • The folder "acg" gets archived in /sredata/Archived/sre/{PP}/removed-{YYMMDD}/DATA/2013-02-20-cohort1/acg-140424.tgz , after which a prompt appears, and if answered "y" the folder "acg" gets deleted.
Sample: archive-and-delete personal files for one user, after listing all files by user and size.
root@noyon# cd /data/sre/12-017
# find *-12-017 working -type f -printf "%s\t%u\t%h/\t%f\n" >| ~/tmp/12-017-file-size-owner-2015.03.12.tab
# dts -2 -t9 *-12-017 working > ~/tmp/12-017-directory-size-summary-2015.03.12.txt

where:
for find:
"*-12-017 working" is the list of folders (everything except DATA) to work on
"-type f" skips directories
%s prints size in bytes
\t is TAB
%u prints owner
%h is directory (head?)
%f is filename (stripped of directories)

for dts:
 -2 means summarize 2 levels (merge levels 3... into 2)
 -t3 means truncate directory names longer than 3 as abc*xyz.

The archive command was:
mkdir /data/Archived/sre
cd /data/sre
sre-archive -n /data/Archived/sre 12-017/lball-12-017
#NOT# mkdir -pv /data/Archived/sre/12-017
#NOT# tar zcf /data/Archived/sre/12-017/lball-12-017-150312.tgz 12-017/lball-12-017
#NOT# rm -rf 12-017/lball-12-017

[examine the "not-really" output, then re-run without "-n"]
Note that sre-archive requires at least one "/" .  The last bit of the target being archived will be the source and name of the archive, and the directories on the way there will be created to match in the archive destination.

Secure Erase

  • Referred from Software-security#BCWipe_for_erasing
  • When contacting researcher FIRST TELL THEM TO DELETE NOTHING' before reading instructions.
  • Jetico makes commercial software BCWipe which overwrites before deleting, and can also overwrite empty disk space between files. "BC" probably comes from "BestCrypt", a Jetico product that first included BCWipe.
  • See "Eraser Procedure Document for Researchers.pdf" on \\Gilbert\Shoebox under "Project Closure/Active documents/". That version covers version 6, but lacks command-line instructions for Unix
    Note also that the default should be set for "1-pass random"; Jim and Denis agree that this is good enough ("DOD..." multiple passes is overkill).
  • In the case where PopData provided a download of data so researcher can work on their own computer, it is likely that multiple versions of files containing copies of data were made, replaced and/or deleted, so "Wipe Free Space" should always be done.

Secure Erase - Windows

  • BCwipe from Jetico.com is recommended by PopData, and it can provide a log.
  • See \\Gilbert\Alfresco\Privacy\Privacy and Security Events\Secure File Deletion Instructions for Researcher\
  • For wiping free space (after a file is deleted) see Jetico.com 6m video on wiping free space
    • Start "BCwipe task manager"; menu: task -> create new task -> wipe free space.
      Select drive; Schedule: once; Wipe options: skip "slacks" (unrecycled space at end of new files); skip MFT options (master file table can store tiny files. Log: specify a log file.
  • Command-line cipher /w:C overwrites free space on drive C: (NTFS)
  • Backup for Windows 7, 8 or 10 seem to be hard to selectively delete single files (as opposed to entire backup sets)

Secure Erase - MacOsX

  • BCwipe for Mac from Jetico.com is good. Version 1.1 needs to have default method changed to "1-pass random", check "increase logging", and uncheck "SSD warning"
  • Command-line srm (better than "rm -P", because simpler command reduces the risk of missing "-P")
    • Error creating thumbnail: Unable to save thumbnail to destination
    • Error creating thumbnail: Unable to save thumbnail to destination
    • Error creating thumbnail: Unable to save thumbnail to destination
  • Delete backup copies from Time Machine http://www.cnet.com/how-to/how-to-clear-unwanted-files-from-time-machine-backups/
    • go to the file's location and invoke the Time Machine interface (done from the Time Machine menu). When the star-field view of Time Machine appears, locate the file in the foremost window, right-click it, and choose the option to "Delete All Backups of [filename]" and confirm the action.

Secure Eraswe - Unix

  • For unix see https://www.jetico.com/linux/bcwipe-help/wu_using.htm
    • For 7-pass "DoD 5220-22M" single file: bcwipe -md -v file.txt
    • Use option "-r" to recurse into directories.
    • Use option -F to erase free space: bcwipe -F -md -v /
  • Option "-i" to ask confirmation; option "-I" to skip confirmation.

Secure Erase - Linux

  • shred (standard on Debian / Ubuntu) overwrites file(s). Options: --iterations=3 (default); -u (truncate and Unlink after overwriting) -z (final pass all zeroes); -f (override lack of write permission); -v (Verbose)

Destruction Logs

  • 2008-04-06: All old media brought to "Disintegrator".
  • 2013-05-33: Various old media (Floppy) destroyed (shredded) during office cleanup

Data archiving

  • The "sre-archive-project.sh" script makes an archive copy of data on the current SRE server.
  • Eventually this data should be moved to RedZone storage on server Defuca. See \\Gilbert\Alfresco\Policies\PopData Core Policies\Archival Storage\PopData_Archival Storage Policy and Process 2013 04 11_FINAL.pdf
  • Need to pick a location on Defuca:
  • Should delete intermediate files: original archive on server other than Fraser, copy on Fraser, copy on Franklin (?)
  • See TEMP/sre_archives-notes for some notes on archives accumulated in SRE (161G)