Data shredding hides purged files by overwriting them with random patterns of hexadecimal characters. This prevents unauthorized users from using a disk editor to access purged files.
If the Data Shredding attribute for an NSS volume is disabled, unauthorized access to data is possible. An individual can extend a file, LSEEK to the end of the existing file data, and then read the data. This returns the decrypted leftover data that is in the block.
You can place up to seven data shred patterns over deleted data. Data shredding truly erases files. Only files that have been purged are shredded. If Salvage is enabled, there remains a purge delay between when the file is deleted and purged during which users can still salvage deleted files.
Data shredding consumes a great deal of disk connection bandwidth, resulting in a performance penalty for using the disk and system resources needed to overwrite the shredded file. Unless you must use data shredding for security reasons, the Data Shredding attribute for your NSS volume can be disabled or set to a lower number of shredding passes.
This section describes the following:
When you create a volume, simply select the Data Shredding check box and specify the number of shredding cycles with an integer number between 1 and 7 times (or specify 0 to indicate no shredding capability) when you set the volume’s attributes. For more information, see Section 19.3, Creating Unencrypted NSS Volumes.
In iManager, click Storage > Volumes to open the Volumes page.
For instructions, see Section 10.1.5, Accessing Roles and Tasks in iManager.
Select a server to manage.
For instructions, see Section 10.1.6, Selecting a Server to Manage.
Wait until the page refreshes with a list of volumes in the Volumes list.
From the Volumes list, select the volume that you want to manage.
Click Properties > Attributes.
This opens the Volume Properties page to the Attributes tab.
Select the Data Shredding check box.
Specify the number of shredding cycles, where 0 is no shredding and 1 to 7 are the valid number of cycles to shred data.
Click Apply or OK to save the change, or click Cancel to back out of the process.
If you click Apply, iManager saves the change and remains on the device page. If you click OK, iManager saves the change and takes you to the main Storage page. If you do not click Apply or OK, the setting is not implemented.
WARNING:If you disable data shredding, an individual can recover leftover data on the drive and secure data might be exposed.
At the NSS console (nsscon), enter
nss /nodatashredding=volumename
where volumename is the name of the volume where you want to prevent the shredding capability.