Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Clearing or Encrypting Page File?
New Posts  All Forums:Forum Nav:

Clearing or Encrypting Page File? - Page 2

post #11 of 34
Quote:
Originally Posted by LastBucsfan;13308049 
Also what about hiberfil.sys? It still appears right there with pagefile.sys even though I don't have hibernation enabled under my current power management...

EDIT: I figured out just disabling hibernation in the Control Panel, Power Options won't get rid of the actual hiberfil.sys that stores information. This can be removed with the DOS command prompt:

powercfg.exe -h off

if you got hibernation disabled then delete it or use a fileshredder to shred it
post #12 of 34
Quote:
Originally Posted by LastBucsfan View Post
Yes, but then that same data will be stored, unprotected on the RAM disk, right?

Would using the page file encryption method I posted + clearing the page file at shutdown with the regedit hack not be sufficient? I'm just curious if anyone else has tried these features.
didn't say it wouldn't work was just giving a added suggestion. overwrite at shutdown increase the shutdown time a huge amount and then do you have a ssd. Ram drive reboot its gone.

That's the fastest thing I can think of when the fbi is ramming your front door down
post #13 of 34
Quote:
Originally Posted by LastBucsfan View Post
Yes, but then that same data will be stored, unprotected on the RAM disk, right?

Would using the page file encryption method I posted + clearing the page file at shutdown with the regedit hack not be sufficient? I'm just curious if anyone else has tried these features.
that should be sufficient, again if that still doesn't satisfy your need increase your physical RAM and lower the actual page file.
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
The Raven
(16 items)
 
  
CPUMotherboardGraphicsGraphics
i7-2600K Gigabyte GA-P67A-UD5-B3 EVGA GTX 570 SC EVGA GTX 570 SC 
RAMHard DriveOptical DriveCooling
16GB G.SKILL Ripjaws X 1866 Samsung 840 Pro  iHAS324 - Lite-On DVD-RW Noctua NH-D14 
OSMonitorMonitorKeyboard
Windows 10 ASUS VN248 ASUS VN248 Logitech G510 
PowerCaseMouse
XFX 850W BE SILVERSTONE RV02B-EW Logitech MX518 
  hide details  
Reply
post #14 of 34
Thread Starter 
Well it's not really that I'm anticipating the FBI knocking down the door, lol.

The added shutdown time is not too excessive, my rig seems to handle it relatively quickly. If I were going to be doing alot of reboots (i.e. installing lots of software and rebooting) then I could always disable it and re enable it when I'm done. Other than that I don't shutdown completely too often to be annoyed by it.

Currently I'm not using an SSD. I would love to have one, but issues with secure erasure of data on them is a concern I have.
Desktop
(14 items)
 
   
CPUMotherboardGraphicsRAM
Intel Core i7-7700HQ [3.8 GHz turbo] ASUS GL753VD Nvidia GeForce GTX 1050 [4GB DDR5] 16GB DDR4 2400MHz [17-17-17-39-2T] 
Hard DriveOptical DriveOSMonitor
Hitatchi 1 TB 7200RPM DL DVD+-RW/CD-RW Windows 10 x64 17.3" LED 
  hide details  
Reply
Desktop
(14 items)
 
   
CPUMotherboardGraphicsRAM
Intel Core i7-7700HQ [3.8 GHz turbo] ASUS GL753VD Nvidia GeForce GTX 1050 [4GB DDR5] 16GB DDR4 2400MHz [17-17-17-39-2T] 
Hard DriveOptical DriveOSMonitor
Hitatchi 1 TB 7200RPM DL DVD+-RW/CD-RW Windows 10 x64 17.3" LED 
  hide details  
Reply
post #15 of 34
Quote:
Originally Posted by LastBucsfan View Post
Well it's not really that I'm anticipating the FBI knocking down the door, lol.

The added shutdown time is not too excessive, my rig seems to handle it relatively quickly. If I were going to be doing alot of reboots (i.e. installing lots of software and rebooting) then I could always disable it and re enable it when I'm done. Other than that I don't shutdown completely too often to be annoyed by it.

Currently I'm not using an SSD. I would love to have one, but issues with secure erasure of data on them is a concern I have.
just kidding bout the fbi lol
how many drives do you have? Just the raid config?

First determine the size of the pagefile you need. Use the Performance Monitor, which has two counters that you can use to determine your pagefile’s optimal size.
The % Usage counter tells you in real time what percentage of the pagefile is currently in use. The % Usage Peak counter tells you what percentage of the pagefile was in use during its peak usage (that is, the pagefile usage when the system made the greatest demand on the pagefile). The latter value is most useful in determining the best pagefile size.
Start by creating a pagefile that is 1.5 times the size of your physical RAM.
Then do the following
Click Start -> in the box enter perfmon.msc
Performance console, click -> (+) in the toolbar.
Add Counters dialog box
click -> Down Arrow in the Performance Object drop-down list box and select the Paging File object. Select the All Counters option. Select the Select Instances From List option and select the pagefile location. ClickAdd and then click Close.

Let the counters run for a day or two. You might want to set the interval to 15 seconds or longer (click the Properties button in the toolbarand adjust the Update Automatically field) to reduce the amount ofsystem resources dedicated to the monitoring. Then change to the Report View and examine the usage statistics.

If the usage is around 90 percent or under then its the right size. If its over 90 percent have a look to see if it gets close to 100. If it does you need to resize it. If its below 50 percent or around there you can shrink it.

Remember deleting page file at shutdown is only a security risk when your using two operating systems on the same machine. Otherwise its locked and cannot be accessed by anything else
Edited by Spooony - 4/28/11 at 1:14pm
post #16 of 34
Thread Starter 
Quote:
Originally Posted by Spooony View Post
just kidding bout the fbi lol
how many drives do you have? Just the raid config?

First determine the size of the pagefile you need. Use the Performance Monitor, which has two counters that you can use to determine your pagefile’s optimal size.
The % Usage counter tells you in real time what percentage of the pagefile is currently in use. The % Usage Peak counter tells you what percentage of the pagefile was in use during its peak usage (that is, the pagefile usage when the system made the greatest demand on the pagefile). The latter value is most useful in determining the best pagefile size.
Start by creating a pagefile that is 1.5 times the size of your physical RAM.
Then do the following
Click Start -> in the box enter perfmon.msc
Performance console, click -> (+) in the toolbar.
Add Counters dialog box
click -> Down Arrow in the Performance Object drop-down list box and select the Paging File object. Select the All Counters option. Select the Select Instances From List option and select the pagefile location. ClickAdd and then click Close.

Let the counters run for a day or two. You might want to set the interval to 15 seconds or longer (click the Properties button in the toolbarand adjust the Update Automatically field) to reduce the amount ofsystem resources dedicated to the monitoring. Then change to the Report View and examine the usage statistics.

If the usage is around 90 percent or under then its the right size. If its over 90 percent have a look to see if it gets close to 100. If it does you need to resize it. If its below 50 percent or around there you can shrink it.

Remember deleting page file at shutdown is only a security risk when your using two operating systems on the same machine. Otherwise its locked and cannot be accessed by anything else
I have a WD VelociRaptor 300GB single drive for the OS, 2 Samsung F3 1TB's in RAID 0 for storage, and a Samsung F4 2TB in a USB 3.0 external enclosure for backup images.

Ok, most of the post seems to be regarding the optimal page file size. I'm not really too worried about that in this post, my main concern is protecting the file from exposing passwords or other sensitive information. Right now I am allowing Windows to determine my page file size.

Regarding the last paragraph in your post, what do you mean it's only a risk when you are using two operating systems on the same machine? As far as I know Windows leaves the page file wide open on shutdown, unless maybe you use the encryption or have it cleared.
Desktop
(14 items)
 
   
CPUMotherboardGraphicsRAM
Intel Core i7-7700HQ [3.8 GHz turbo] ASUS GL753VD Nvidia GeForce GTX 1050 [4GB DDR5] 16GB DDR4 2400MHz [17-17-17-39-2T] 
Hard DriveOptical DriveOSMonitor
Hitatchi 1 TB 7200RPM DL DVD+-RW/CD-RW Windows 10 x64 17.3" LED 
  hide details  
Reply
Desktop
(14 items)
 
   
CPUMotherboardGraphicsRAM
Intel Core i7-7700HQ [3.8 GHz turbo] ASUS GL753VD Nvidia GeForce GTX 1050 [4GB DDR5] 16GB DDR4 2400MHz [17-17-17-39-2T] 
Hard DriveOptical DriveOSMonitor
Hitatchi 1 TB 7200RPM DL DVD+-RW/CD-RW Windows 10 x64 17.3" LED 
  hide details  
Reply
post #17 of 34
Quote:
Originally Posted by LastBucsfan View Post
Another security technique I've come across while researching this topic is that Windows has a built in feature called fsutil that can encrypt the page file. The process for doing this I've found here:

http://www.ghacks.net/2011/04/04/enc...rove-security/

My question about this is how good is the encryption? I don't have to generate my own password so that must mean that Windows is storing one somewhere? Seems like there may be some security holes here, but I'm looking for someone with more expertise in encryption.
This SHOULD be reasonably safe to use, as long as your threat model doesn't include governments or any other organized crime syndicates.
Underground
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 C0 ASUS P6T6 WS Revolution GTX 460 TR3X6G1600C8D 
Hard DriveOptical DriveCoolingOS
WD1001FALS SAMSUNG SH-S223F 22X DVD MULTI Corsair H50 Fedora 16 KDE x86_64 
MonitorKeyboardPowerCase
HP w19b Microsoft Comfort Curve Corsair CX600 Thermaltake Armor VA8003BWS 
MouseMouse Pad
Razer DeathAdder Black 
  hide details  
Reply
Underground
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 C0 ASUS P6T6 WS Revolution GTX 460 TR3X6G1600C8D 
Hard DriveOptical DriveCoolingOS
WD1001FALS SAMSUNG SH-S223F 22X DVD MULTI Corsair H50 Fedora 16 KDE x86_64 
MonitorKeyboardPowerCase
HP w19b Microsoft Comfort Curve Corsair CX600 Thermaltake Armor VA8003BWS 
MouseMouse Pad
Razer DeathAdder Black 
  hide details  
Reply
post #18 of 34
Thread Starter 
Quote:
Originally Posted by error10 View Post
This SHOULD be reasonably safe to use, as long as your threat model doesn't include governments or any other organized crime syndicates.
At which point the only other solution is full system disk encryption?
Desktop
(14 items)
 
   
CPUMotherboardGraphicsRAM
Intel Core i7-7700HQ [3.8 GHz turbo] ASUS GL753VD Nvidia GeForce GTX 1050 [4GB DDR5] 16GB DDR4 2400MHz [17-17-17-39-2T] 
Hard DriveOptical DriveOSMonitor
Hitatchi 1 TB 7200RPM DL DVD+-RW/CD-RW Windows 10 x64 17.3" LED 
  hide details  
Reply
Desktop
(14 items)
 
   
CPUMotherboardGraphicsRAM
Intel Core i7-7700HQ [3.8 GHz turbo] ASUS GL753VD Nvidia GeForce GTX 1050 [4GB DDR5] 16GB DDR4 2400MHz [17-17-17-39-2T] 
Hard DriveOptical DriveOSMonitor
Hitatchi 1 TB 7200RPM DL DVD+-RW/CD-RW Windows 10 x64 17.3" LED 
  hide details  
Reply
post #19 of 34
Quote:
Originally Posted by LastBucsfan View Post
At which point the only other solution is full system disk encryption?
That's not the problem. The problem is you have absolutely no idea what Microsoft is doing and no way to verify it. It could be full of security holes or backdoors which Microsoft would happily hand over to the right gunman.
Underground
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 C0 ASUS P6T6 WS Revolution GTX 460 TR3X6G1600C8D 
Hard DriveOptical DriveCoolingOS
WD1001FALS SAMSUNG SH-S223F 22X DVD MULTI Corsair H50 Fedora 16 KDE x86_64 
MonitorKeyboardPowerCase
HP w19b Microsoft Comfort Curve Corsair CX600 Thermaltake Armor VA8003BWS 
MouseMouse Pad
Razer DeathAdder Black 
  hide details  
Reply
Underground
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 C0 ASUS P6T6 WS Revolution GTX 460 TR3X6G1600C8D 
Hard DriveOptical DriveCoolingOS
WD1001FALS SAMSUNG SH-S223F 22X DVD MULTI Corsair H50 Fedora 16 KDE x86_64 
MonitorKeyboardPowerCase
HP w19b Microsoft Comfort Curve Corsair CX600 Thermaltake Armor VA8003BWS 
MouseMouse Pad
Razer DeathAdder Black 
  hide details  
Reply
post #20 of 34
Quote:
Originally Posted by LastBucsfan View Post
I have a WD VelociRaptor 300GB single drive for the OS, 2 Samsung F3 1TB's in RAID 0 for storage, and a Samsung F4 2TB in a USB 3.0 external enclosure for backup images.

Ok, most of the post seems to be regarding the optimal page file size. I'm not really too worried about that in this post, my main concern is protecting the file from exposing passwords or other sensitive information. Right now I am allowing Windows to determine my page file size.

Regarding the last paragraph in your post, what do you mean it's only a risk when you are using two operating systems on the same machine? As far as I know Windows leaves the page file wide open on shutdown, unless maybe you use the encryption or have it cleared.
getting the size optimal is better especially if you want to clear it at shutdown. Smaller the pagefile easier it is to manage and to wipe and mean it won't get fragmented. If your worried about the contents of the drive then use bitlocker.
I pagefile that's overwritten can still be unerased. Bitlocker would be your best bet and running windows in a limited users account with the admin account locked up. Use Lastpass firefox add on to store your passwords on its server. Its encrypted so no chance of it getting compromised. Even if you format your pc reinstalling the add on your passwords in not lost at all.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Clearing or Encrypting Page File?