SharePoint Security - ARB SEcurity Solutions
Site Blog Home About ARBBlog SharePoint Dev Center Security Labs Contact
SharePoint Scrubber


Purpose

To provide SharePoint Administrators a deletion tool that will ensure that data that needs to be properly disposed has available deletion algorithms with varying levels of passage ensuring compliance with certain business regulations and overall corporate security. The SharePoint Scrubber plays an intrinsic role in a SharePoint Backup / DRP (Disaster Recovery Policy), scrubbing files that are taken off site for backup.

Audience

  • SharePoint Administrators
  • Systems Administrators
  • Server Custodians
  • Disaster Recovery Analyst / Operators
Available Downloads
Download SharePoint Scrubber - Normal Installation
Download SharePoint Scrubber - Silent Installation

Application Overview

Often times, there is sensitive data that is stored on your SharePoint machines. This data can be stored at several levels in several formats, the most critical of which to delete when necessary is various backup packages, such as site template packages (.stp's), manifest and dump files (from the SharePoint backup utility), or SQL backups. Data that is stored, however later deleted, is subject to Data Remanence, which is certain fragments of data still existing, and recoverable by using utilities or skillful shell programming.

For proper disaster recovery and security measures, these files should be backed up and stored offsite (see the SharePoint Disaster Recovery Policy), and immediately removed and scrubbed from the machine. Most often, these are simplifying deleted using standard deletion techniques, which more often than not will just remove references to files or other deletion methods that still allow data retrieval by an interested party.

Wiping the data can leverage a variety of algorithms, the four that are currently supported by the SharePoint Scrubber are

Currently supported Algorithms (along with passing specifications)

  1. B. Schneiers / (typically will scrub with 7 data passes)
  2. Fill Zeros / (typically will scrub data with 1 pass)
  3. NAVSOP5239-26 (typically will scrub with 3 data passes)
  4. Peter Gutmann (typically will scrub with 35 data passes, read original research here)

If you want to use a method that is not listed here, please contact me and I will typically write it up and send you an addition to the methods binding.

The first screen that you will introduce to when starting the scrubber is the individual file and folder scrubbing screen, where you can select individual files and folders that will be erased according to your algorithm preferences set in the "Algorithm Preferences" menu.


Once the screen is up, you can add either or files or folders.

Once you select a file that you want to securely delete, it will appear in the que for files and folders that will be deleted.


If you have items that are in your recycle bin that you want to scrub with a deletion algorithm, you can simply go to the tab labeled "Scrub Recycle Bin" and it will list all of the items that are located in your recycle bin. You can choose to delete some or all of the items.


If you want, you can apply a segegrated deletion algorithm if you desired more data passes on your items by selecting it out of the algorithms button /menu.

If you have heavy activity on your server (example: since SharePoint is typically a production developed product, so besides playing the role of a webserver, your SharePoint environment is using the SharePoint Scrubber on machines with VS.NET, PS, FP, or other tools), you can view and scrub the MRU's (Most Recently Used Objects) on the server to cloak activities on the box.


This will only list the default MRU's that typically exist (at least, from my perspective), on a SharePoint server. If you want you can choose to query the registery for other MRU's or add a key that you know exists. If your registery query grows out of control, you can halt the process, and pick it up piece by piece.


The above shows some activity that wouldn't be listed with common MRU's. Programs that I have been using such as Flash 8 and Crystal Xcelsius for a current project are not typical for every SharePoint server.

Following, you can add a key that you know exists to add it to the scrubbing que.

On the last screen, you can begin to select preferences in regards to alogrithms that you want to apply as a deletion technique. There are currently only four written, however I am open to creating more if you email me at adam@sharepointsecurity.com.

You can apply different algorithms to different deletion types, on either files or folders, which will inherit from the first form for individual file and folder deletion. All of the settings you create are stored within the programs local .ini file. You can expand the decription if you want by using the arbitrary algorithm's appropriate .ini file.




[ Go Back ]
Content ©
 MVP Remote Development

 MVP -- WSS




 TechNet Article

Read my article "7 New Features That Enhance Security In SharePoint" published in the Janurary issue of TechNet magazine Read Now

 Steps To SharePoint Security

Implement Internal SharePoint Security Model

Harden Your Environment With Tools and Policies

Monitor and Supervise With Server Utilities

 SharePoint Security Articles
The Definitive Guide To MOSS Pluggable Authentication Providers
The Active Directory Membership Provider and SharePoint Introduction
Introduction to and Building an ASP.NET 2.0 Custom Session State Provider
Considerations for Security Relating To Configuration Elements
Introduction to Microsoft Office SharePoint Server and WSSv3 Trust Levels and Code Access Security
 Example Attack on SharePoint With Chunked Encodes and Overflow

© 2006 ARB Security Solutions, LLC
ARB Security Solutions is not affiliated with or endorsed by Microsoft Corporation.
SharePoint is a trademark of Microsoft Corporation.     Legal Notices | Privacy 		SharePointSecurityFooter