Data shredding hides purged files by overwriting them with random patterns of hexadecimal characters. This prevents unauthorized users from using a disk editor to access purged files.
If the Data Shredding attribute for an NSS volume is disabled, unauthorized access to data is possible. An individual can extend a file, LSEEK to the end of the existing file data, and then read the data. This returns the decrypted leftover data that is in the block.
You can place up to seven data shred patterns over deleted data. Data shredding truly erases files. Only files that have been purged are shredded. If Salvage is enabled, there remains a purge delay between when the file is deleted and purged during which users can still salvage deleted files.
Data shredding consumes a great deal of disk connection bandwidth, resulting in a performance penalty for using the disk and system resources needed to overwrite the shredded file. Unless you must use data shredding for security reasons, the Data Shredding attribute for your NSS volume can be disabled or set to a lower number of shredding passes.
This section describes the following:
When you create a volume, simply select the check box and specify the number of shredding cycles with an integer number between 1 and 7 times (or specify 0 to indicate no shredding capability) when you set the volume’s attributes. For more information, see Section 19.3, Creating Unencrypted NSS Volumes.
In iManager, click to open the Volumes page.
For instructions, see Section 9.1.3, Accessing Roles and Tasks in iManager.
Select a server to manage.
For instructions, see Section 9.1.4, Selecting a Server to Manage.
Wait until the page refreshes with a list of volumes in the list.
From the list, select the volume that you want to manage.
Click .
This opens the page to the tab.
Select the check box.
Specify the number of shredding cycles, where 0 is no shredding and 1 to 7 are the valid number of cycles to shred data.
Click or to save the change, or click to back out of the process.
If you click , iManager saves the change and remains on the device page. If you click , iManager saves the change and takes you to the main Storage page. If you do not click or , the setting is not implemented.
WARNING:If you disable data shredding, an individual can recover leftover data on the drive and secure data might be exposed.
At the server console, enter
nss /nodatashredding=volumename
where volumename is the name of the volume where you want to prevent the shredding capability.