Secure file deletion on an iSeries

40 pts.
Tags:
iSeries security
PCI compliance
How can I perform a secure file deletion on an iSeries system, as per a secure file deletion on a PC? The PCI police are chasing me for an answer, but I'm not convinced its possible/necessary.

Software/Hardware used:
iSeries systems
ASKED: February 1, 2010  1:46 PM
UPDATED: February 3, 2010  6:00 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

There is ‘undelete’ freeware for the iSeries, however everthing I have read only talks about record undelete not file undelete. I know if you did a reclaim storage it would get rid of the spaces marked deleted, but if your object level security is correct what difference does deleted objects make?

If they’re hitting you with this now, I’ll probably get it on our next PCI audit. One of us should download the software and do a test. If I get to it first I’ll put the results out here, but it will probably be several weeks before I can get to it.

Discuss This Question: 7  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    For a general discussion, see Secure File Deletion, Fact or Fiction? Translating some of this to i5/OS is tricky at best. Tom
    125,585 pointsBadges:
    report
  • DanTheDane
    Rpm, what is the purpose of this 'secure file deltion'? Do you want to delete files so that they are under no circomstances recoverable, OR do you want to delete like the 'bin' in windows, ie: with an option to recover after an Ooops.. ? Pls clarify.
    2,555 pointsBadges:
    report
  • Rpm
    Hi and Thanks for the feedback. I know that deleted records can be 'undeleted' from within a file that still exists on the iSeries. However, the PCI police need proof that a file that has been deleted (via command DLTF), cannot be 'undeleted' (as it can on a PC). I suspect that with single-level storage, this will not be possible... (?)
    40 pointsBadges:
    report
  • NullFields
    I don't know if there is some "hack" possible to retrieve a file after a DLTF. I would guess not, especially after a reclaim storage. What you might try doing is first clear the file, then reorganize it to make the records un-recoverable, then DLTF. But something to consider in your analysis is if the file is journalled. If it is, it's possible that a copy of the data and what actions were done to it are all available for retrieval. Also, was the file ever backed up before it was deleted?
    880 pointsBadges:
    report
  • mcl
    Never heard of any way to undelete a file after DLTF. The IBM documentation on the DLTF command states that the command frees the storage space allocated to the file which seems to me that your chance of recovering (without a backup) is nil. As to undeleting records - yes - if the file is not reorganized first. There is a reference on how to recover the deleted records on this message thread.. Regards Mike
    2,740 pointsBadges:
    report
  • mcl
    Oh.. that link didn't work.... Should be ths.. http://archive.midrange.com/midrange-l/200401/msg00247.html Regards Mike
    2,740 pointsBadges:
    report
  • DanD
    The iSeries works much like most OS(s). The link Tom provided goes into the non-iSeries considerations, but the iSeries is the same. When you delete a file the OS removes the table reference for the file but the data is still there until it is overwritten. I have used the freeware iSeries 'undelete' and if the files haven't been written over the data is retrievable. "Frees the storage space allocated to the file" means the space can be reused, but the bits are still there until they are written over. If you have a busy system there is a good chance that enough of the file will be overwritten quickly that the data can't be retrieved, but I don't know how to prove that happens every time. I'm going to call IBM and ask what processes are involved in the undelete and if an exit pgm exist for that process. If there is we should be able to block the undelete actions.
    2,865 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following