Performing Additional Data Security Measures


There are other ways an attacker can obtain information that should be secret from your system, and Mac OS X is proactive in plugging these holes.

Securely Erasing Disks

Disk Utility and the diskutil command-line utility can erase either an entire volume or just the free (unused) space, with several different levels of security. Simply writing over the old data with zeros or random data might seem sufficient, but it can actually leave behind traces of magnetization from what used to be on the disk. These traces are very difficult to extract, but for security-critical data it's best to use a multipass erase to make sure all traces have been overwritten.

Note

Overwriting the disk takes time proportional to the number of times the disk is overwritten. If the disk is large and/or slow, it could take several hours per pass, so budget your time accordingly.


Under Disk Utility's Erase tab, clicking the Security Options button gives you the options shown in the following figure.

  • Don't Erase Data: This is the default setting. It leaves the disk's previous contents vulnerable to recovery.

  • Zero Out Data: This option writes zeros over the entire disk, rendering its previous contents safe from normal disk editing and data recovery tools. However, it may still be possible to recover data from the drive by removing the platters from the drive and using a highly sensitive read mechanism to pick up residual magnetism that the erasure did not completely wipe out.

  • 7-Pass Erase: This option writes data over the entire disk seven times, thus masking any residual magnetism behind multiple layers of new data, and making recovery extremely difficult. This mode is designed to comply with the United States Department of Defense's National Industrial Security Program Operating Manual (NISPOM, aka 5220.22-M).

  • 35-Pass Erase: This option writes data over the entire disk 35 times, making recovery even more difficult than with the 7-Pass option. This uses a sequence of patterns known as the Gutmann algorithm.

More Info

For additional information on the Gutmann algorithm, visit www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html.


If you are using diskutil to erase a disk or volume, the following command-line options are available:

  • sudo diskutil zeroDisk diskname: Equivalent to the Disk Utility Zero Out Data option, this writes zeros over the entire disk.

  • sudo diskutil secureErase 1 diskname: Writes random data over the disk once.

  • sudo diskutil secureErase 2 diskname: Equivalent to the Disk Utility 7-Pass Erase option.

  • sudo diskutil secureErase 3 diskname: Equivalent to the Disk Utility 35-Pass Erase option.

  • sudo diskutil randomDisk [times] diskname: Writes random data over the entire disk the specified number of times. Note that for the same number of passes, this will provide less security than the 7-pass or 35-pass options, as these use include patterns designed to make sure each bit gets thoroughly erased; the random data might or might not contain good patterns for every bit.

If you want to be doubly sure that all data has been erased, use the diskutil randomDisk or secureErase option, followed by the diskutil eraseDisk option, followed by the command

sudo od /dev/disk4s7


You will change the number (in this case, 4) and the slice (in this case, 7) to reflect the appropriate device you want to erase.

If the disk was zeroed successfully, the output should look something like this:

localhost:~ george$ sudo od /dev/disk1 0000000 000000 000000 000000 000000 000000 000000 000000 000000 * 356000000 localhost:~ george$


After verifying that the volume is truly zeroed, you can use Disk Utility or diskutil to partition it and create volumes.

Erasing Free Space

Erasing free space with either Disk Utility or diskutil is very similar to erasing an entire volume (although diskutil has fewer erasure options).

Under Disk Utility's Erase tab, the Erase Free Space button enables you to overwrite free space with zeros, perform a 7-Pass Erase, or perform a 35-Pass Erase. These are directly analogous to the options for full erasure listed in the previous section.

With diskutil's secureErase option, adding the freespace option restricts the erasure to just free blocks:

sudo diskutil secureErase freespace 1 diskname sudo diskutil secureErase freespace 2 diskname sudo diskutil secureErase freespace 3 diskname


Note

When using Disk Utility or diskutil, free space can be erased only from a mounted volume, not an entire disk.


Using Secure Empty Trash

When files are removed from a volume, either by taking out the Trash or by using the CLI rm command, the blocks on the volume are freed up for use by other files by unlinking the blocks. However, the content of those blocks is not modified, so potentially secret data may still be contained on the volume (and easily obtained by scouring the volume).

To prevent this from happening, a secure version of rm, called srm, may be used to not only free up the blocks by unlinking, but also overwrite those blocks with either all 0s, using seven U.S. DoDcompliant passes, or with a single pass of random data.

More Info

See the man page for srm to see how to enable these different options.


The Mac OS X Finder now has a GUI menu option called Secure Empty Trash, which uses srm to remove the Trash instead of using the default rm. To empty the Trash securely, choose Finder > Secure Empty Trash.

Using Encrypted Swap File

The built-in virtual memory system on Mac OS X functions by swapping out currently unused RAM memory to a file on the boot volume called a swap file. So, at least temporarily, memory that would otherwise be inaccessible if it was in RAM is stored on the boot volume in a well-known place that could be easily copied and then analyzed. Passwords, financial data from an Excel spreadsheet, or anything that the OS decides to temporarily swap out of RAM and onto the boot volume can potentially be stored here.

If you want this to happen in a secure way (it is not possible to disable virtual memory, and you really wouldn't want to), you can tell the operating system that you would like it to use an encrypted swap file. To do this, run System Preferences and navigate to the Security pane. Select the "Use secure virtual memory" box (if it is not already), and you will then have an encrypted swap file.

This may cause minor slowdowns in the swapping of virtual memory (since everything needs to be encrypted and decrypted now), so decide how important this is to you.

If you want to make a backward check of your swap files, you can boot into single-user mode and erase all of those older swap files (they may not be cleared automatically after crashes) by using the srm command on the swap files:

# srm /var/vm/swapfile*





Apple Training Series. Mac OS X System Administration Reference, Volume 1
Apple Training Series: Mac OS X System Administration Reference, Volume 1
ISBN: 032136984X
EAN: 2147483647
Year: 2005
Pages: 258
Authors: Schoun Regan

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net