For All Your Business Requirments - Call Us Now On 01274 588600

Latest News

60 days Credit Terms Available

Product of the Month

 

Latest IT News

Latest IT News Here

Coming Soon

 

Latest Virus Threats

ComputraceOne Questions and Answers - Data Delete

Computrace Data Delete Overview

What is Data Delete?

The remote data deletion function (“Data Delete”) of ComputraceOne enables customers to remotely delete sensitive data on target computers that have been stolen or lost.

If your computer goes missing, you can set up a Data Delete request so that sensitive data on the computer is deleted the next time the computer calls in to the Monitoring Centre.

It can also be used for lifecycle management to ensure that computers are left clean and free of sensitive data at the end of their life or lease.

How do I perform a Data Delete?

Data Delete is an optional service provided by Absolute Software. In order to use the Data Delete service, customers must first sign a Pre-Authorisation agreement and then purchase one or more RSA SecurID® tokens from Absolute Software. Customers who wish to use the data delete service must nominate a member of their own staff and complete a signed document to authorise control of this feature. This document and additional information on the feature can be obtained by contacting Absolute Software directly. Customers will need to contact Absolute Software whenever they require data deletion.

Once Data Delete is pre-authorised, how do I request a Data Delete?

When a computer is lost or stolen, or when it’s ready to be disposed of or returned to a leasing company, and you wish to delete data on the remote computer, you can initiate Data Delete as follows:

  1. An authorised Data Delete Administrator, with an RSA SecurID key, logs into the Customer Centre and selects the computer for deletion.
  2. When that computer next connects to the Internet, the Data Delete operation will be launched. When the Data Delete completes, a logfile, containing a list of deleted files and directories, is uploaded to the Customer Centre.

An authorised Data Delete Administrator logs into the Customer Centre, notes that the Data Delete is complete and views the logfile to confirm the deletion.

Can the data be recovered once it’s been deleted?

No. The data is not recoverable as the Data Delete operation uses an algorithm that exceeds the United States Department of Defence (DoD) deletion standard DOD5220.22-M and meets the NATO deletion standard.

DOD5220.22-M is a United States Department of Defence specification for wiping disk storage to guarantee that all data previously contained on that magnetic media is permanently erased. When most computers delete a file, the computer does not actually remove the contents of the file but rather simply unlinks the file from the file directory system, leaving the contents of the file in the disk sectors.

This data will remain there until the operating system uses those sectors when writing new data. Until the old data is overwritten (and this may take months or longer) it can be recovered by programs that readdisk sectors directly, such as forensic software. In addition, even if a sector is overwritten, the phenomenon of data remanence (the residual physical representation of data that has been in some way erased) can make deleted data forensically recoverable. In order to be sure that a deleted file really is deleted, it is necessary to overwrite the data sectors of that file.

This process is not simply “erasing” or “formatting” the drives; this is not sufficient, as there are numerous tools available to recover “lost” data on disk drives. This specification requires that every single location on a magnetic media device is written to three individual times, first by writing a fixed value (0x00) once, then its complement value (0xff) once, and finally random values once.

Absolute’s Data Delete algorithm exceeds this standard by overwriting the data 7 times (rather than 3) and by performing additional operations. The algorithm:

  • Overwrites the target area 7 times – the first 6 writes with an alternating pattern of 1s and 0s and the final write with a random value
  • Writes random data to the file
  • Changes the file attributes to “directory”
  • Changes file date/time stamp to a fixed value
  • Sets the file size to “0”
  • Changes the file name to a randomly-generated file name
  • Removes the new file name from the directory

Do I have to delete the whole drive or can I choose specific files or directories?

The Data Delete service is currently offered with 3 levels of Data Delete:

  1. File- or Directory-Specific Data Delete (PC Only) – User chooses specific files, filetypes and/or directories to be deleted – the computer will remain operational after the Data Delete process, assuming the user does not delete OS directories. For instance,you could choose to delete everything in the “My Documents” directory and all Word, Excel, Powerpoint and PDF documents, regardless of where they are on the drive. To use the File/Directory level option, you must first create a Data Delete policy from the Administration->Data Delete menu.

  2. Full Data Delete Excluding the Operating System (OS) – all files excluding the OS removed from the hard drive – the computer will remain operational after the Data Delete process

  3. Full Data Delete With Operating System (OS) – all non-OS files and some of the OS files removed from the hard drive. All user files (including programs and data) will be wiped and enough of the OS files to stop the computer from booting but some OS files will remain. The computer will not be operational when the Data Delete process completes.

In the case of a full deletion with OS, the Data Delete is a 2 phase operation – first all files except the OS are deleted, a logfile is uploaded listing all the files deleted and then the OS deletion is launched. As the ComputraceOne Agent will not be able to call once the OS deletion is in progress, the Data Delete is set to Complete after the non-OS deletion is complete.

Which operating systems is Data Delete compatible with?

The Data Delete service (and the ComputraceOne Agent) is currently offered on the 32-bit versions of Windows 2000, XP, Windows Server 2003 and all 32 and 64 bit editions of Windows Vista, and on Mac OSX10.2, 10.3 and 10.4. It is not supported on Windows ME,98 or 95. Furthermore, the computer must be running ComputraceOne Agent version 804or above.

Will Data Delete run on connected USB Drives, network drives or other external drives?

No. Data Delete will only run on local hard drives.

What if there are multiple partitions on the hard-drive?

Data Delete will delete multiple partitions depending on which level of Data Delete is selected.

How do I know if the Data Delete was successful?

The Data Delete process creates an audit log verifying which files have been deleted.This audit log will be uploaded to the Monitoring Server and will be available within the Customer Centre.

What safeguards are in place to ensure that only authorised users can launch Data Delete?

A number of checks and balances have been put in place to ensure only those personnel whom the organisation authorises are entitled to request the Data Delete service.

Firstly, the signing officers of the company specify, in the Data Delete pre-authorisation agreement, the Administrator-level Customer Centre users (“Data Delete Administrators”) who are authorised to request a Data Delete. Secondly, these Data Delete Administrators are provided with a physical RSA SecurID token

. To initiate the Data Delete from the Customer Centre, the Data Delete Administrator enters the value on the RSA SecurID token display (which changes every 60 seconds) and re-enters their Customer Centre password.

To sum up, the following safeguards are in place to prevent unauthorised Data Delete requests being performed:

  1. A Pre-Authorisation agreement must have been completed in full and signed, with originals sent to Absolute for the Data Delete request screen to be visible in the Customer Centre.
  2. The logged-in Customer Centre user must have been identified as an Authorised Data Delete administrator in the Pre-Authorisation agreement.
  3. The logged-in Customer Centre user must have Administrator-level access to the Customer Centre.
  4. The logged-in Customer Centre user must have obtained a physical RSA SecurID keychain token from Absolute. The token is linked to a specific Customer Centre user and is NOT interchangeable between different users in an account or between differentaccounts.
  5. The password entered by the Customer Centre user on the Data Delete Request screen must match the password for the current logged-in Customer e user.
  6. The RSA SecurID token value (time dependent) entered on the Data Delete Request screen matches that on Absolute’s SecurID server for that specific Customer Centre user.
  7. If all the above conditions are satisfied, Data Delete will be set to run for that computer on the next ComputraceOne Agent call. In addition to these safeguards, an email is sent to the signing officers on the Pre-Authorisation agreement when a Data Delete is requested, launched and completed.

What is an RSA SecurID Key and how does it work?

The RSA SecurID solution is the world’s leading two-factor user authentication system,relied on by thousands of organisations worldwide to protect valuable network resources. Used in conjunction with RSA Authentication Manager and RSA Authentication Agent software, an RSA SecurID Authenticator functions like an ATM card.

Network and desktop users must identify themselves with two unique factors—something they know, and something they have—before they are granted access. RSA SecurID Authenticators are as simple to use as entering a password, but much more secure. Each end user is assigned a token which generates a new, unpredictable code every 60 seconds. The user combines this number with a password/PIN to log into protected resources.

Each RSA SecurID Authenticator has a unique symmetric key that is combined with a powerful algorithm to generate each new time-based code. Only the RSA AuthenticationManager knows which number is valid at that precise moment for that specific user/ authenticator combination. See www.rsasecurity.com for more details.

Can Absolute run Data Delete on my computers without my permission?

No. Absolute cannot run Data Delete independently, as it requires both a Data Delete token and a login/password.

Is my data protected if the thief never logs onto the Internet?

Currently no, but the reality is that the vast majority of stolen computers find their way back onto the Internet fairly quickly, so Data Delete can usually be activated. Additionally, Absolute is currently looking into adding offline protection for data without the need for an Internet connection.

If you have specific security functionality you are interested in implementing, please provide your feedback to Absolute’s Sales department.

If a thief reloads the operating system, why do we need Data Delete, since the data will be deleted anyway?

Internal theft accounts for up to 70% of all laptop thefts. In such a scenario, the user will know all the passwords and will not need to reinstall the operating system. When an operating system is reinstalled, on the other hand, the sensitive data has not been fully removed and there are many widely available tools that can be used to recover the data.

Data Delete will remove the data to Department of Defence and NATO specifications, ensuring the data can not be recovered. Also, performing a Data Delete on a stolen computer also provides the customer with an audit of what files have been deleted. This verification is very important in terms of regulatory compliance.

Is the Data Delete feature mainly for internal theft?

Not necessarily. To many organisations, protecting the sensitive data on the computer is more important than recovering the actual computer. Data Delete will provide this data level protection even after a common thief reinstalls an operating system.

How long does it take to perform a Data Delete?

The time it takes to perform a Data Delete varies according to the amount of data to be deleted and the speed of the computer. Typically, a Data Delete can take anywhere from 2 minutes to 10 hours.

Can a Data Delete be stopped?

Once the Data Delete process has begun, it can’t be stopped. If a computer is rebooted during this time, the Data Delete process will continue where it left off. If Data Delete has been scheduled on a stolen computer, but has not yet been initiated, you can cancel the Data Delete process from the Customer Centre.

Can I purchase Data Delete on its own?

No – Data Delete is only available as part of ComputraceOne.

 

Want to know more?

if you have any further questions or would like to order this product please contact us or you can call 01275 588600 to discuss your requirements further.