21.3 Using Data Shredding to Prevent Access to Purged Files

Data shredding hides purged files by overwriting them with random patterns of hexadecimal characters. This prevents unauthorized users from using a disk editor to access purged files.

If the Data Shredding attribute for an NSS volume is disabled, unauthorized access to data is possible. An individual can extend a file, LSEEK to the end of the existing file data, and then read the data. This returns the decrypted leftover data that is in the block.

You can place up to seven data shred patterns over deleted data. Data shredding truly erases files. Only files that have been purged are shredded. If Salvage is enabled, there remains a purge delay between when the file is deleted and purged during which users can still salvage deleted files.

Data shredding consumes a great deal of disk connection bandwidth, resulting in a performance penalty for using the disk and system resources needed to overwrite the shredded file. Unless you must use data shredding for security reasons, the Data Shredding attribute for your NSS volume can be disabled or set to a lower number of shredding passes.

This section describes the following:

21.3.1 Setting the Data Shredding Attribute When You Create a Volume

When you create a volume, simply select the Data Shredding check box and specify the number of shredding cycles with an integer number between 1 and 7 times (or specify 0 to indicate no shredding capability) when you set the volume’s attributes. For more information, see Section 19.4.1, Creating Unencrypted NSS Volumes using iManager.

21.3.2 Setting the Data Shredding Attribute for an Existing Volume using iManager

  1. In iManager, click Storage > Volumes to open the Volumes page.

    For instructions, see Section 10.2.5, Accessing Roles and Tasks in iManager.

  2. Select a server to manage.

    For instructions, see Section 10.2.6, Selecting a Server to Manage.

    Wait until the page refreshes with a list of volumes in the Volumes list.

  3. From the Volumes list, select the volume that you want to manage.

  4. Click Properties > Attributes.

    This opens the Volume Properties page to the Attributes tab.

  5. Select the Data Shredding check box.

  6. Specify the number of shredding cycles, where 0 is no shredding and 1 to 7 are the valid number of cycles to shred data.

  7. Click Apply or OK to save the change, or click Cancel to back out of the process.

    If you click Apply, iManager saves the change and remains on the device page. If you click OK, iManager saves the change and takes you to the main Storage page. If you do not click Apply or OK, the setting is not implemented.

21.3.3 Disabling Data Shredding for an Existing Volume

WARNING:If you disable data shredding, an individual can recover leftover data on the drive and secure data might be exposed.

  1. At the NSS console (nsscon), enter

                  nss /nodatashredding=volumename
                

    where volumename is the name of the volume where you want to prevent the shredding capability.