Re: ASM Secure Delete

From: MARK BRINSMEAD <mark.brinsmead_at_gmail.com>
Date: Thu, 9 Jul 2015 13:04:04 -0400
Message-ID: <CAAaXtLDwL=ZpUag-XbQ3J8RK7TtYqwzffetP2dGtGZtqkpEYNw_at_mail.gmail.com>

This is not a bad approach. If you want better assurances that the data is unrecoverable, you may want to repeat this exercise several times (maybe up to 16?) using different values each time. This improves the chances that a disk removed from the system will stand up to laboratory analysis without yielding (much) useful data.

Sadly, the method probably won't guarantee that you will scrub every byte in every block. Results ought to be better, though, if you take a few extra steps like setting PCTFREE to 0, and so on. If you go about it carefully, you should have a pretty high assurance that there will be little or no recoverable data left behind.

If you want to be absolutely certain, though, *replace the disks and physically destroy the old ones*. Depending on the security standard you are trying to satisfy, this might even be necessary. ASM can make this an online operation, but if you are running close to your physical storage capacity, you might find yourself spending a lot of time rebalancing to achieve this.

Disks are generally pretty cheap -- particularly in comparison to software licenses for TDE. Removing your old disks and destroying them may be more cost-effective than you would at first imagine it to be.

On Thu, Jul 9, 2015 at 12:36 PM, Powell, Mark <mark.powell2_at_hp.com> wrote:

> Not that I have ever heard of.
>
> For a purely Oracle approach to solving this issue If this is a critical
> function then after creating a new TDE encrypted tablespace and moving the
> data to the new tablespace allocate a new single varchar2 column table in
> the old tablespace. Populate the dummy table with a constant value till
> the table has filled the tablespace. Now you should be able to drop the
> tablespace including contents and know that no business information can be
> gleamed directly from the file contents.
>
>
> -----Original Message-----
> From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org]
> On Behalf Of Rob Lockard
> Sent: Thursday, July 09, 2015 11:19 AM
> To: oracle-l
> Subject: Re: ASM Secure Delete
>
> Is there an ASM utility to secure delete data files in ASM, such as the
> shred utility in linux? When moving data to encrypted tablespaces there is
> a need to make sure there are no ghost copies of the data. Thanks, -Rob
>
> --
> ================================
> "You can't hardware yourself out of a problem you softwared yourself into."
> Cary Millsap
> Robert P. Lockard
> www.oraclewizard.com
> (c) 571.276.4790
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Jul 09 2015 - 19:04:04 CEST

This message: [ Message body ]
Next message: Juan Carlos Reyes Pacheco: "Re: Large index creation speed up / issues with direct path read temp / direct path write temp"
Previous message: Steve Harville: "Re: ODA Interconnect for Listeners and DB Links"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message