How to Secure Erase on Synology NAS via USB

Secure erasing a drive is always a topic of certain nuance. Different organizations have different policies. And some of these rules are as archaic as useless or redundant. The rule of the thumb in current time and age is to encrypt your drive with powerful password, (read: use completely random password) and simply rewrite your drive in random sequences of zeroes and ones. But what if you are dealing with household or small office NAS? Wouldn’t you prefer to wipe a drive on the NAS and toss it out?

Preface

I am writing this from my experiences with Synology NAS, specifically DS1520 model. Synology branded NAS shares the same OS across the board, a customized flavor of Linux, which means the system does have some software limitations. If you are running your own DIY NAS or any other brand of NAS, this will be merely a guideline on what you could do to make life easier.

That being said, I am writing this how-to with several assumptions about the NAS setup. First, it would be running a certain flavor of Linux. Not that it must, but if it is running different OS or firmware, you’ll need to find an equivalent utility for that environment. Second, it would not be running full-blown Linux. It might be contradictory to the first statement, but an operating system for NAS does not necessarily need to be general purpose. Utilities I am using in this how-to may not be the most popular one in the Linux community for this reason, or it could be not part of Synology DSM (e.g. tmux). In such case, I will do my best to explain what it’s supposed to achieve and other utilities you can use.

Instructions

Once a USB to SATA device is plugged-in, go ahead and test if the NAS recognize the external drive as it’s supposed to. DSM does not support Secure Erase on external drives, but it is still capable of using the drive to house a shared folder. My recommendation for one such USB device, by the way, is one with external power, especially for 3.5 inches hard drives.

Once the hardware part of the business is taken care of, first we need to identify the drive we would like to erase from the long list of other working drives and logical volumes. This is where the USB comes in handy. Connect via SSH to the NAS, and run following command:

sudo fdisk -l

The long list of drives could be overwhelming, but if there is one USB drive physically attached to the NAS, then there should be only one USB drive showing up on the list.

Next, we would want to securely erase the drive. I’ll discuss more in detail about the actual practice, but if yours had been encrypted while plugged in to the NAS, one random-pass (i.e. overwriting everything with random zeroes and ones) will do. Also, with today’s drives usually going into TBs territory quite easily, wiping a drive via USB could easily take several hours. We wouldn’t want, at least I don’t, to keep a SSH session alive overnight just for one job. As far as I know, Synology DSM does not offer tmux, but third-party package easily lets you install one. Remember tmux is indeed optional. Run following command:

tmux
sudo shred -v -n1 /path/to/hdd

With verbose mode enabled, we can see the progress made via SSH.

Conclusions and some Thoughts on Secure Erase

From the information and documentations I could find on Synology’s implementation of Secure Erase on DSM, the company decided to implement what is called “ATA Secure Erase”, a function that is independently implemented by different HDD manufacturers. If what I understand is correct, the consensus seems to fall on the side of caution on ATA Secure Erase, as each implementations on each models need to be tested individually.

As for practically of wiping the drive multitude of times, encryption is your best friend was the expert opinion I could find. The idea is a sound one. Brute forcing data encryption will likely take more time and effort for the attackers than to restore unencrypted drive. That being said, an encrypted drive does not need 7 or 9 wipes as mandated in the early 2000s. Again, the documentations I found suggest the security policies from different organizations and agencies did change since then: 1-3 wipes with encryption in place seems to be the new standard.

I know the ‘safest’ option is always to physically destroy the drive. About half the discussions I’ve read online either devolved into stone age solution to security in cynicism, or genuinely suggested Paleolithic naturalism in data science for security. The choice is always yours. If you can afford the equipment and space to physically destroy a hard drive, perhaps it should be on the list of the options. However, if you happen to live in a state with any sense of environmental regulation, I wouldn’t get my hopes up on creating more e-waste.

Leave a comment