Re: Wipeout everything on the Cisco SNS-3495 running ISE 2.2 patch 14

adamscottmaster2013 · ‎09-06-2021

We are shutting down the ISE SNS-3495 and my task to erase everything on the hard drive. This is complicated by the fact we do NOT have remote hand assistance. Furthermore, the CIMC interface on the SNS-3495 is running Adobe Acrobat that is already end of support, and I can not access the CIMC anymore. I do, however, have console access to the appliance.

If I do "reset-config", will that wipeout all the data on the hard drive or it just merely reset the device. If it just reset the device, in theory, if someone can take the HD and mount the drive, they can retrieve data from the hard drive. Is that the correct assumption?

will "reset-config" be enough?

Marcelo Morais · ‎09-06-2021

Hi @adamscottmaster2013 ,

a Node after the application reset-config ise command become a "Standalone Node with basic configuration" (in other words: reset ISE back to factory defaults with out having to go through the process of assigning an IP Addr, FQDN and Domain).

Note: please take a look at the attached file: RESET-CONFIG.rtf for a better understand.

Hope this helps !!!

Greg Gibbs · ‎09-06-2021

Just an additional note... while the 'application reset-config' will reset the database to factory defaults, I'm not sure if you can be 100% sure that will make the data unrecoverable. If a threat actor gains physical access and can gain root access to the underlying OS, it's always possible that data might be recoverable. It would be safer to boot the appliance to Kali Linux or some other live distribution and write zeros across the disk as per this example.

If you cannot access the CIMC due to Adobe Flash EOL, you may check the options described in the following post.

Adobe Flash not working

adamscottmaster2013 · ‎09-07-2021

Talked to the data center people this morning and they will remove the HDs from the appliance and drill holes in them.

Greg Gibbs · ‎09-07-2021

That will work too. Mr Robot style