RAID array, wiping 'defunct' drive?

[RayMan!]

Hi all, I have been asked by my paranoid management to wipe a failed
drive on an IBM RAID array that was marked 'defunct' before replacing
it.
I'm not sure if this is possible with the drive being marked 'defunct'
regardless where it is inserted, let alone necessary since the data on
it is already striped.
This disk is part of a 14 disk RAID 5 array, configured as one large
drive, further split into 2 logical drives in the operating system.

My question is: is it possible for a hacker (could be the disgruntled
service guy) to get any type of usable data off one hard disk from such
a complex configuration? According to the BIOS, the data is striped
into 8K segments, and the drive still spins powered up.

Thanks guys.

Ray!

 

[Arno Wagner]

Hi all, I have been asked by my paranoid management to wipe a failed
drive on an IBM RAID array that was marked 'defunct' before replacing
it.
I'm not sure if this is possible with the drive being marked 'defunct'
regardless where it is inserted, let alone necessary since the data on
it is already striped.

Good point. For many applications, that can be counted as reasonably
secure. Still, if the stripe size is larger than that of a
file, the file may be comletely on the disk.

This disk is part of a 14 disk RAID 5 array, configured as one large
drive, further split into 2 logical drives in the operating system.

My question is: is it possible for a hacker (could be the disgruntled
service guy) to get any type of usable data off one hard disk from such
a complex configuration?
Yes.

According to the BIOS, the data is striped
into 8K segments, and the drive still spins powered up.

So all files <8kB are at risk.

If the drive spins, then you should be able to overwrite it.
Remove it from the array and wipe it as a single drive. Typical
scenario is to connect it to a PC with this as only drive
and the PC bootet with Knoppix. Then do a

dd_rescue -w /dev/zero /dev/<youdrishere>

There is a remote possibility that data may be in reallocated
sectors. It would be hard but possible to get at them, I think.
This would require hacking the firmware. Protect against this
with physical destruction. Also, depending on what your
time and the defect disk is worth, that may be the ceapest
way to ''wipe'' the disk anyways. For physical destruction,
open the dive, remove the platters and bend them. Any data
recovery will be extremely expensive after that.

Arno

 

[Rod Speed]

I have been asked by my paranoid management to wipe a
failed drive on an IBM RAID array that was marked 'defunct'
before replacing it. I'm not sure if this is possible with the
drive being marked 'defunct' regardless where it is inserted,

Corse its possible to wipe it as a stand alone drive in some
other system, at least at the level of the sectors the drive
still presents and which havent been mapped away as bad.

let alone necessary since the data on it is already striped.

Its always possible to get access to the fragments and
its possible that there may be some useful data in those.

This disk is part of a 14 disk RAID 5 array, configured as one large
drive, further split into 2 logical drives in the operating system.

My question is: is it possible for a hacker (could be the
disgruntled service guy) to get any type of usable data
off one hard disk from such a complex configuration?

Yes, most obviously with those 8K fragments.

According to the BIOS, the data is striped into
8K segments, and the drive still spins powered up.

Simplest to physically destroy the drive.

 

[Odie Ferrous]

Hi all, I have been asked by my paranoid management to wipe a failed
drive on an IBM RAID array that was marked 'defunct' before replacing
it.
I'm not sure if this is possible with the drive being marked 'defunct'
regardless where it is inserted, let alone necessary since the data on
it is already striped.
This disk is part of a 14 disk RAID 5 array, configured as one large
drive, further split into 2 logical drives in the operating system.

My question is: is it possible for a hacker (could be the disgruntled
service guy) to get any type of usable data off one hard disk from such
a complex configuration? According to the BIOS, the data is striped
into 8K segments, and the drive still spins powered up.

Thanks guys.

Ray!

Give "management" a large hammer and ask them to smash the drive to
bits.

If they're that paranoid about it, the loss of a single drive can't be
an issue.

Especially if the drive is suspect in the first case.



Odie

 

[Folkert Rienstra]

Good point. For many applications, that can be counted as reasonably
secure. Still, if the stripe size is larger than that of a file, the file may
be comletely on the disk.

Files don't have to be complete to be of interest. It's whatever the stripe
size is that is chunks of readable data, whether complete or incomplete.

So all files

1 in 13, actually.

<8kB are at risk.

If the drive spins, then you should be able to overwrite it.

Clueless babblebot, as always.

Remove it from the array and wipe it as a single drive.

Typical

As with all babblebot bullshit.