EFT Server's HS-PCI module (Payment Card Industry Data Security Standard High Security Module; add on to EFT Server to facilitate ongoing compliance with PCI DSS v1.1.) provides a data sanitation option. If you do not activate the HS-PCI module, this feature is disabled after the 30-day trial expires.
When EFT Server deletes a file, it can optionally securely delete or purge the file by writing over the initial data using encrypted and/or pseudorandom data. A menu of purging methods is available; available options depend on the library used.
The 3-pass DoD method (based on the National Industrial Security Program manual DoD 5220.22-M and the DSS Clearing and Sanitization Matrix) overwrites all addressable locations with a character, its complement, then a random character, and does this three times.
The pseudorandom data wiping method does the following:
Initializes the wincrypt library
Fills the file with randomly generated data from the wincrypt library
Flushes the data to disk
Deletes the file from file system calling the standard function DeleteFile()
*.pgp files are automatically excluded from the wipe process. When the wipe is enabled, ANY EFT Server delete operation also includes the wipe (sanitization) process. |
You can specify which files EFT Server is to purge, including client-initiated delete commands, source files after successful OpenPGP encrypt operation, source file after move command across partition/drive, and others.
To specify a delete method
In EFT Administrator, connect to EFT Server and click the Server tab.
In the left pane, click the Site that you want to configure.
In the right pane, click the Advanced tab.
In the Data Sanitation area, click the down arrow to specify the Delete method. The following methods are available:
Windows standard (fastest)
Pseudorandom data (medium)
3 pass DoD 5220.22-m (slow)
Click Apply to save the changes on EFT Server.
The following message appears when the purging mechanism is changed to anything other than the Windows standard delete method:
"Sanitizing deleted disk sectors is a CPU- and disk-intensive operation and can be quite time consuming. Run performance monitors before and after making this change to determine whether hardware upgrades are necessary to maintain prior levels of performance."
(These links are outside of GlobalSCAPE's domain.)
Data remanence: http://en.wikipedia.org/wiki/Data_remanence,
specifically the section titled "Standard Patterns for Purging":
http://en.wikipedia.org/wiki/Data_remanence#Standard_patterns_for_purging
US DoD 5220.22-M Standard, defined in the US National
Industrial Security Program Operating Manual of the US Department of Defense
(January
1995; chapter 8, section 3, 8-306. Maintenance): http://www.dtic.mil/whs/directives/corres/html/522022m.htm
"Secure Deletion of Data from Magnetic and Solid-State Memory": http://www.usenix.org/publications/library/proceedings/sec96/full_papers/gutmann/