Permanently Remove Purged NetWare Files with Novell Data Shredder v1.52
Articles and Tips: tip
01 Aug 1998
One of the niftiest features of NetWare, especially for accident-prone users, is that it saves files on the volume after they are deleted. This is a lifesaver for users who suddenly realize they've accidentally deleted some important files. As long as the files haven't been purged yet, the user can salvage the deleted files with the SALVAGE command (in NetWare 3.x) or with the FILER utility (NetWare 4.x).
But even after you run the PURGE command on deleted files, they really aren't gone. When a file is purged, NetWare simply returns the disk area that the data occupies to the free space list. The data in that area is still intact (until it is overwritten by other data) and it can still be read with a disk editor, which in some environments is considered a security risk.
To permanently delete files from the system, you can use a new program from Novell Consulting called Data Shredder. Now in version 1.52, Data Shredder (a NetWare Loadable Module) overwrites disk blocks that contain data from purged files multiple times with random patterns of hexadecimal characters. In effect, this "shreds" the information and prevents the files from being "undeleted" by prying eyes behind a disk editor. Even if the snoop manages to find the location of the deleted file, there will be nothing but random data where the file used to be.
Customizing the Utility
Data Shredder has several load parameters to customize its operation to meet the differing needs of each organization. For example, you can load the NLM with the ability to be unloaded, safely unloaded, or not unloaded. You can also specify up to 5 "shred" passes.
Data Shredder works on NetWare 4.1x networks and requires write access to the SYS:PUBLIC directory of the server to be protected.
The Data Shredder installation process copies the SHREDDER.NLM file to a directory on your hard drive which you specify (/Programs/NConsult/Data Shredder/ is the default directory.) All you have to do then is copy SHREDDER.NLM to the SYS:PUBLIC directory of the server you want to secure.
To activate Data Shredder, type the LOAD command at the console prompt using the following command syntax:
LOAD SHREDDER [parameters 1 - 7]
The first parameter specifies the unload method. The options are:
NU- Specifies that the NLM cannot be unloaded (default).
UL- Allows the NLM to be unloaded by anyone having access to the console. (Be careful; if SHREDDER.NLM is unloaded while file data is being overwritten, file system corruption will occur and it could be extensive. Use this option only in test environments.)
UD- If the NLM is unloaded, it will gracefully bring down the entire server. Data Shredder displays a warning message and gives you a chance to reverse your decision before it downs the server
The second parameter specifies the number of times you want Data Shredder to overwrite the data. You can specify 1, 2, 3, 4, or 5 times (the default is 1). Keep in mind that multiple passes will effect server performance.
In parameters 3 through 7, you can specify up to five hexadecimal characters to be used by Data Shredder for each pass. The first character is used in the first pass, the second character in the second pass, and so on. If you specify three passes and give four characters, only your first three characters will be used. If you specify three passes and give only two characters, the characters you specify will be used for the first two passes and the default characters will be used for the third pass. The default characters for parameters 3 through 7 are 35 CA 97 68 FF.
To better illustrate how Data Shredder can be configured, here are some sample commands with descriptions.
Loads Data Shredder with the ability to unload, make one pass with hex value 35 (all default settings).
LOAD SHREDDER UD
Loads Data Shredder so that if it is unloaded, it will down the server. It will make one pass using the default hex value 35.
LOAD SHREDDER UL 2
Loads Data Shredder with the ability to unload. It will make two passes using the default hex values 35 and CA.
LOAD SHREDDER UL 1 FF
Loads Data Shredder with the ability to unload. It will make one pass using the hex value FF.
LOAD SHREDDER NU 3 00 FF 00
Loads Data Shredder so it cannot be unloaded. It will make three passes using hex values 00, FF, and 00, respectively.
Remember that Data Shredder is activated whenever a file is purged, not when it is deleted. This allows deleted files to still be salvageable. For secure directories, you can use FILER or the FLAGDIR command to set the Purge Immediate attribute. To have the server automatically purge all files upon deletion, type the "SET Immediate Purge Of Deleted Files = On" command at the console prompt. This setting should only be used on an extremely secure system.
Data Shredder works with NetWare 4.1 and 4.11 and supports DOS, MAC, OS2, and NFS name spaces. It meets the United States Green Book file security standard.
For more information on Novell Consulting's Data Shredder utility, visit their Web site at http://www.novell.com/programs/ncs/or send e-mail to Novell_consulting@novell.com.
* Originally published in Novell AppNotes
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.