The system supports two levels of data wipe-out, compliant with the document NIST Special Publication 800-88 Revision 1:
|CLEAR method||SATA||SATA SSD||SAS|
|Overwriting the medium||X||X||X|
|ATA SECURITY ERASE UNIT||X|
|ATA SANITIZE DEVICE (BLOCK ERASE)||X|
|ATA SANITIZE DEVICE (CRYPTO SCRAMBLE)||X||X|
|ATA SECURITY ERASE UNIT||X|
|SCSI SANITIZE (OVERWRITE)||X|
|SCSI SANITIZE (CRYPTOGRAPHIC ERASE)||X|
WIPERAPP system algorithm matching the right method of data removal operates as shown in the table above. So, for example in case of SATA drives, the system checks whether drive supports the ATA SANITIZE DEVICE (CRYPTO SCRAMBLE) method first, and if so, it will use this method for data erasing. If the method is not available, the next step for the system is to check if ATA SECURITY ERASE UNIT method can be used. If the drive does not support any of the methods stated, its status will change to PURGE UNAVAILABLE, that means it is not possible to erase data at the Purge level, recommended by NIST.
As a result, the person responsible for the data wipe-out in the organization may decide on the further allocation of the hard drive containing data impossible to erase on the required level. Particularly, such disk may be submitted for overall mechanical destruction.
In case of SATA interface disks, before the commencement of wiping the system detects whether the drive supports Device Configuration Overlay (DCO) mechanism and follows ATA DEVICE CONFIGURATION RESTORE instruction. Additionally, the system checks whether the Host Protected Area (HPA) mechanism was used in the disk and when it’s detected, the system resets the available addressable sectors to default settings.
As for SAS disks, before data removal, a command which resets the amount of sectors available to default settings is sent to the disk.
The system operator can choose among particular options of the pattern being used:
the pattern (only zeros, only ones, random number from the range 0x01-0xFE)
quantity of run (from 1 to 16)
reversing the sequence in subsequent runs
Detailed configuration of the way to erase data with this method, optimal for securing the required level of safety, should be established procedurally inside the organization.
The default password set by WIPERAPP system is single lowercase “p” letter.
The process of data wipe-out conducted with this method should not be disrupted – especially the loss of power supply will cause the drive to remain with the password set.
ATTENTION: This method cannot be disrupted. According to the ATA standard cut-off of power supply from the drive being erased with this method does not cause the interruption of wiping. After the re-connection to the power source, drive’s firmware will restore operation and continue wiping until the process is completed.
ATTENTION: This method cannot be disrupted. According to the ATA standard the cut-off of power supply from the drive being erased with this method does not interrupt wiping. After the re-connection to the power source, drive’s firmware will restore operation and continue wiping until the process is completed.