cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Factory Reset: Erasing/Wiping out user data from disk memory on IOS-XR

1986
Views
5
Helpful
0
Comments

Factory Reset - Erasing and Wiping out user data from disk memory on IOS-XR routers

Typically, user data on a router or a switch could be the router configurations [ip addresses and login credentials], process core, debug logs, show tech-support, images, etc. Users care a lot about the user credentials and these days type 5 or above secure & encrypted secret is being used than just a non-encrypted password.

Erasing and wiping out user data from disk memory may be required in certain scenarios. A typical condition - a company’s privacy policy mandates data destruction before sending a faulty unit to the vendor for repair OR when the user wants to execute factory reset of the unit.

A system management reference guide is available here for Cisco’s 64-bit ASR9000 routers on XR version 7.0.x onwards to erase and wipe out disk memory data from the hardware.

For Cisco’s 64-bit IOS-XR OS devices, where the software/hardware doesn’t support commands in the above reference, the below steps can be executed to erase and wipe out user data.

  1. Erase all data from the non-temp file system, e.g., /misc/disk/ [ mapped to the harddisk:]

Execute from shell prompt [for shell prompt, execute “run” on the command prompt] -

[xr-vm_node0_RP0_CPU0:~]$rm -rf /misc/disk1/*
  1. Wipe all data by zeroing the filesystem using Unix utility dd. Reference on dd here.  

Execute after step 1 in the shell prompt –

[xr-vm_node0_RP0_CPU0:~]$dd if=/dev/zero of=/misc/disk1/xyz; rm /misc/disk1/xyz
  • For other directories - replace /misc/disk1/ with another non-temp filesystem directories;  xyz is just a reference name, you can use any word.
  • dd overwrites every bit of unallocated data, e.g., data that was previously allocated to a file with potential private content.

Notes:

For VM-based platforms, execute the above steps from the sysadmin-vm shell prompt too.

Other directories where erase and wipe activities may be performed- /var/log/ and /apphost

  1. Remove running-config. From config mode -
RP/0/RP0/CPU0:ios(config)#commit replace force

Note: for VM-based platforms, remove the username from sysadmin-config.

sysadmin-vm:0_RP0(config)# no aaa authentication users user <any>
  1. Shut down the router or the specific unit/card which is being replaced.

Another option would be to reload the router and boot using iPXE to wipe out all user data from the disks. Those steps are available here.

To reassure Cisco customers, The repair depot follows a protocol to load a fresh image on the faulty card during repair as a first step, which overwrites all previous user data.

The brute-force method [neither encouraged nor advised] - Disk damage/breakage/recycling requires technical skill and special tools when removing the disk physically from the Route Processor or Line cards. It may cause irreparable damage to the hardware components and result in the card's destruction; also, not all disks on our cards are user-accessible.