Hi there,Since I saw a lot of people here on the forum asking the same question; how can I securely erase, delete, wipe my hard disk before selling, RMA etc and all the suggestions led to one general solution; put the hard disks in a normal pc and boot with a utility like DBAN and also since the "Secure Erase option for RAIDar" isn't available for these older devices, I came up with a far more easy solution for the paranoid and/or the legally obligated ones when selling or disposing your ReadyNAS including hard disks.Some background info, this was done on an old NV+ (sparc processor) with a X-Raid setup, so just one volume. I used the srm utility, part of the secure delete package for Debian, for some background see the Wikipedia page about srm.Step 1: The EnableRootSSH addon. Again, install using the Frontview web UI under System -> Update -> Local Update. This will allow you to SSH in to the ReadyNAS and bring up a shell command prompt.Step 2: Login to your ReadyNAS as root via ssh.Step 3: Download the Sparc binary version of the Secure Delete package, I found a deb for Debian Sarge Sparc here.wget http://snapshot.debian.org/archive/debian/20050525T000000Z/pool/main/s/secure-delete/secure-delete_3.1-2_sparc.debStep 4: Install the package via this command:dpkg -i secure-delete_3.1-2_sparc.debStep 5: Either use this command if your volumes aren't empty yet:srm -rv /c/or this command if your volume was already cleaned out and there is only free space left:sfill -v /c/Step 6: Wait, depends on how fast your ReadyNAS is of course, but this could take days/weeks to finish. Alternatively you could use the -f (no urandom) and/or -l (less passes) option(s).Please let me know how this works out for you, hope this helps a bit for users who want to securely wipe their hard disks before sending them home or to a new owner.

RAIDar has secure erase built in (certainly with sparc platforms, and I think the others). It requires 4.1.7 or later firmware. Note sure if it uses 35-pass Gutmann or some other over-writing method. Note that the 35-pass Gutmann method referenced in the wiki link is no longer viewed as the best method. Simple scrubbing with random data is really about the best you can do with over-writing on a modern disk. You can theoretically do better with a degausser, however that makes the disk unusable.Since 2001, most ATA/SATA drives have included secure erase commands. There is a freeware utility you can download, though it requires a DOS boot disk to use it. (http://www.zdnet.com/blog/storage/how-t ... -drive/129 , and http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml). It runs quite a bit faster than normal over-write software, and is more secure.

Is the secure erase option available for Sparc? I didn't think it was.You might be meaning RAIDar 4.1.7 or later is needed? Or something like that?

mdgm wrote:Is the secure erase option available for Sparc? I didn't think it was.You might be meaning RAIDar 4.1.7 or later is needed? Or something like that?I think you're right. http://www.readynas.com/?cat=19 lists it for RAIDiator 4.2.7 and then says RAIDar 4.1.7 is also needed. I saw the 4.1.7 and jumped to the wrong conclusion.BTW, you can also just use the vendor diagnostic tools to write 0s to the drive. Though not as good as random writes, I think the security risk is extremely low.

In any case unless you are paranoid or have a legal requirement to do a secure wipe, doing an ordinary factory default should be sufficient. With a 3 or more disk array, disposing of disks separately would also be something that could be done. With e.g. a 3 disk X-RAID array two disks would be needed to recover data and even then if you got those two disks and a factory default had been done on those two disks to wipe them you wouldn't recover data. Other things like connecting the disk up to a PC and formatting it using NTFS could be done. If a disk is formatted with NTFS most people would assume it was taken from a Windows Machine.

mdgm wrote:In any case unless you are paranoid or have a legal requirement to do a secure wipe, doing an ordinary factory default should be sufficient. With a 3 or more disk array, disposing of disks separately would also be something that could be done. With e.g. a 3 disk X-RAID array two disks would be needed to recover data and even then if you got those two disks and a factory default had been done on those two disks to wipe them you wouldn't recover data. Other things like connecting the disk up to a PC and formatting it using NTFS could be done. If a disk is formatted with NTFS most people would assume it was taken from a Windows Machine.That "should" in your post was just the part I was trying to eliminate for myself, I just wanted to be sure without having to move hard disks out of the ReadyNAS and without having to sell them separately. I just wanted an easy solution where I can sell the complete ReadyNAS including disks without having doubts about anyone being able to recover data.

tristan1

Aspirant

Jul 16, 2012

How to securely wipe your ReadyNAS

Hi there,

Since I saw a lot of people here on the forum asking the same question; how can I securely erase, delete, wipe my hard disk before selling, RMA etc and all the suggestions led to one general solution; put the hard disks in a normal pc and boot with a utility like DBAN and also since the "Secure Erase option for RAIDar" isn't available for these older devices, I came up with a far more easy solution for the paranoid and/or the legally obligated ones when selling or disposing your ReadyNAS including hard disks.

Some background info, this was done on an old NV+ (sparc processor) with a X-Raid setup, so just one volume. I used the srm utility, part of the secure delete package for Debian, for some background see the Wikipedia page about srm.

Step 1:

The EnableRootSSH addon

Step 2:

Step 3:

Secure Delete

here

wget http://snapshot.debian.org/archive/debian/20050525T000000Z/pool/main/s/secure-delete/secure-delete_3.1-2_sparc.deb

Step 4:

dpkg -i secure-delete_3.1-2_sparc.deb

Step 5:

srm -rv /c/

sfill -v /c/

Step 6:

Please let me know how this works out for you, hope this helps a bit for users who want to securely wipe their hard disks before sending them home or to a new owner.

Tips from other users

18 Replies

Replies have been turned off for this discussion

StephenB
Guru - Experienced User
Mar 30, 2013
Vendor tools also allow you to write zeros to every sector of the drive.

xyxoxy

Aspirant

Mar 30, 2013

mdgm wrote:
If you do a secure delete of your files they would be gone. If you do a factory default with the drives in place that would make data recovery even more difficult (if it wasn't already impossible).

If you're wanting to sell your drives (not with your NAS) you could hook them up to your PC and format them to use NTFS as I suggested earlier. Most people would assume, that they were connected to a Windows PC and wouldn't suspect they were formatted using the EXT3 filesystem

mdgm wrote:
If you do a secure delete of your files they would be gone. If you do a factory default with the drives in place that would make data recovery even more difficult (if it wasn't already impossible). If you're wanting to sell your drives (not with your NAS) you could hook them up to your PC and format them to use NTFS as I suggested earlier. Most people would assume, that they were connected to a Windows PC and wouldn't suspect they were formatted using the EXT3 filesystem

Well I just did a normal delete of most of my files using a mapped drive from a PC. These were the files that I was most concerned with as they contained backups of several systems with potentially some sensitive information. The files that I am deleting now using srm are ones I'm not so concerned with. (so perhaps I did this backwards).

I'm not opposed to using a PC to format my drives but if I can avoid it I would prefer not to. And I was thinking that there may be other ReadyNAS users out there who bought the same drives that I did and are looking for some spares so trying to hide their history would not work in that case.

So my question is whether srm will have any impact on the available free space where my previously deleted files potentially still exist. If it does then I think that, along with a factory reset would put my mind at ease. But if the free space is not overwritten securely then I need to find a way to do that.

StephenB wrote:
Vendor tools also allow you to write zeros to every sector of the drive.

StephenB wrote:
Vendor tools also allow you to write zeros to every sector of the drive.

I'm not quite sure what you mean by Vendor Tools. How would I go about doing that?

mdgm-ntgr
NETGEAR Employee Retired
Mar 31, 2013
You would hook your drives up to an internal SATA port in your PC and say boot off the Ultimate Boot CD. You could then use disk wiping tools such as DBAN or vendor tools e.g. SeaTools for SeaGate disks to securely wipe the disks.
xyxoxy
Aspirant
Mar 31, 2013
OK I see... yes this is the step I'm trying to avoid if possible.
So I guess that means srm does not take care of the free space but just the actual files it deletes?
mdgm-ntgr
NETGEAR Employee Retired
Mar 31, 2013
srm would just delete files, I think. A factory default would wipe the partition table off the disks and create a new partition table and create a new volume.
xyxoxy
Aspirant
Mar 31, 2013
Update:
I realized that I was going to spend many hours or days waiting for srm to securely wipe several hundred GB of media files that I don't really care about. So I decided to abort that process after 6 hours. The files I care about are already deleted and just need to be wiped somehow. Of course there are many theories and opinions about this... but the idea of just overwriting the data blocks by filling the drive space with zeros makes sense to me. And I am not some secret government body with classified secrets to hide. I just don't want some stranger to be able to recover my personal info, photos, or passwords.

I just came across the following suggestion as a way to write zero filled files to every free block on the disk and then delete them:
dd if=/dev/zero of=hugefile; sync; rm hugefile; sync

So I could probably be happy with something like that... but then I noticed that the OP of this thread already addressed the free space question with the sfill command.
sfill -v /c/

That's running now with the full 38 passes using random data, so I expect that could run a while.
When that's done I believe I will run it a second time with the -l switch for 2 more passes... just for fun.
sfill -l -v /c/

Then I will do the factory reset. I think after that I'll feel pretty good about it without having to plug each drive into a PC and reformat etc.
And if I can sell each drive separately all the better. I will probably keep at least one for myself.

FYI - Here is some additional reading I came across on the subject of dd and sfill in case anyone is interested:
https://bbs.archlinux.org/viewtopic.php?id=83672
http://www.noah.org/wiki/Dd_-_Destroyer_of_Disks
http://www.ubuntugeek.com/tools-to-delete-files-securely-in-ubuntu-linux.html

I really appreciate the input mdgm and of course many thanks to Tristan for the detailed instructions.

tristan1

Aspirant

Apr 01, 2013

xyxoxy wrote:
OK I see... yes this is the step I'm trying to avoid if possible.
So I guess that means srm does not take care of the free space but just the actual files it deletes?

xyxoxy wrote:
OK I see... yes this is the step I'm trying to avoid if possible. So I guess that means srm does not take care of the free space but just the actual files it deletes?

From the srm man page:

Some of your data might have a temporary (deleted) copy
somewhere on the disk. You should use sfill which comes with the
secure_deletion package to ensure to wipe also the free
diskspace. However, If already a small file aquired a block with
your precious data, no tool known to me can help you here. For a
secure deletion of the swap space sswap is available.

xyxoxy
Aspirant
Apr 03, 2013
Thanks again tristan...

For anyone still following along - I can report that trying to use sfill in secure mode (full 38 wipes with random data) was going to quite literally take a couple of weeks to complete on my 1TB array. I think it had only completed something like 36GB after 24 hours. So I decided to abort it and go with a couple variations of the less secure options:
sfill -l -v -z /c/
sfill -f -l -v /c/

These took several hours each but at least hit the entire array with a few overwrites.

I did also erase the swap space using sswap as follows:
Identify your swap partitions
cat /proc/swaps

disable them
sudo swapoff /dv/hdc2
sudo swapoff /dv/hde2
sudo swapoff /dv/hdg2

wipe them
sudo sswap /dev/hdc2
sudo sswap /dev/hde2
sudo sswap /dev/hdg2

These only took maybe 10-15 minutes each to complete.

Now on to the factory reset and then finally install the new drives!

Forum Discussion

How to securely wipe your ReadyNAS

18 Replies

Related Content

how to format HDD and wipe all data

XR1000 settings get wiped on reset

ReadyNas 104 Constant Resync with wiped drives

Data wiped

Weak Security

NETGEAR Academy

ProSupport for Business