This post will illustrate how a hard disk on a remote system can be wiped using existing DASH applications.
Most companies, before discarding or re-using their desktops & laptops after end-of-life, require the wiping of hard disks to prevent files from being recoverable using undelete applications. Wiping will ensure corporate data or employee personal data is not compromised. In many instances, this is required by law or for compliance to standards with which the organization is affiliated. There are many wiping standards, examples including US DoD 5220.22-M, US Navy standards NAVSO P-5239-26, Peter Gutmann's algorithm, British HMG Infosec Standard No.5, German VSItR Standard, among others. Companies can choose any of these standards ensuring they are meeting their regulatory requirements. In large companies, 100s of disks may be required to be wiped at any given time. To this end, an IT administrator needs a solution which complies with law, satisfies privacy needs, requires little to no investment in hardware and is flexible enough to support the various drive wiping standards.
DASH Technology Capabilities
With the DMTF DASH standard, it is possible to map a remote ISO image as a local USB drive (USB Redirection profile). It is also possible to change the boot order remotely (Boot Control profile). Additionally, it is possible to view the BIOS screen remotely (Text Redirection profile) and change the power state remotely (Power Control Profile). The AMD Management Console (AMC) is one of many DASH consoles which support these capabilities, including Microsoft SCCM with the AMD AMPS plug-in, available here, amongst others. AMC can be downloaded here - www.amd.com/DASH
There are many disk wiping applications available in the market. A specific wiping software might support certain sets of hardware and certain wiping standards. The first step is to check your hardware & wiping policy and select a suitable wiping software. For this illustration, we will use the free version of DBAN bootable ISO -DBAN Download | Darik's Boot And Nuke, with the default wiping options. The enterprise variant of DBAN and many other utilities are also supported.
Note that any text based wiping software can be used. If the customer already has software for wiping, it can be used in text mode.
- Download the bootable ISO from http://www.dban.org/download. Save this ISO to a web url accessible ISO server.
- Launch AMD Management Console (AMC) and discover the remote DASH capable system. AMC usage information is available in AMC User Guide document, which is available in the AMC installation folder.
- Map the ISO image as a USB drive on the remote system using USB redirection.
- Set this USB drive as the first boot option on remote system using boot control.
- Launch SSH, which is a text console session to the managed system.
- Reboot the remote system using power option.
- The system will reboot into DBAN interface, type 'autonuke' and hit “enter” to wipe the hard disk.
Advantages of disk wipe with DASH
- No additional hardware investment required. Existing DASH framework will support the wiping use-case
- Mass wiping (1:n operation) possible
- Can be integrated into existing management consoles
- This DASH application and solution provides additional value to adopting the industry standard DASH manageability solution.
So, try it out and share your feedback !