Data wipe-out strategy

When your servers get retired, you can give them to universities or any other charities etc.
But your data must not be reachable by new owners.
If your disks are from SAN, they dont have the data when they only received server hardware.
But if your server hardware has local disks, data on those local disks are also important.
Securely erasing data is wipe-out mechanism.

Best wipe-out method is using special hardwares for that. But If you dont have hardware and disk can be formatted, you can implement this strategy. This is just an advice, you can of course choose your own different method. We used Linux machine here but you can use any other Solaris or AIX server in the implementation, process logic is the important part.

 

-       Connect that local disk to our Linux wipe-out server. (It does not matter if it was a Solaris/Linux/AIX OS or Data disk.)

 

-       Format the disk at first.

 

-       Write random data with SHRED command for 10 times.

 

-       Then implement LUKS encyription with AES 256 bit key size and with a random complex passphrase.

Below command can be used for that.
NSA also uses AES 256 bit keys for their TOP SECRET docs. So we think it is enough secure.
( reference is è https://wiki.archlinux.org/index.php/Disk_encryption)

 

cryptsetup --verbose --verify-passphrase luksFormat --cipher aes-cbc-essiv:sha256 --key-size 256 /dev/mapper/mpathap1

 

-       We think that data cant be decrypted, if they can, we already wrote random data 10 times at the beginning. This would be what they can get, we are still safe.

 

Please feel free to communicate by bulent.yucesoy@gmail.com