Secure Encrypted Environment

[+Xinok Subscriber²]

Protecting your data can be a difficult task. There are many solutions available, but many of these solutions are flawed in some way. I'll explain some of these methods and the issues involved.

File Shredders

Overwriting a file, possibly several times, to cover the data that was in that file.

• You must shred the file before it's deleted or overwritten by another file.
  
• Defragmenters move files around. Because of this, copies of the data in that file may still exist elsewhere on the drive.
  
• Shredders don't erase information about that file stored by other programs, ex. Windows Search, System Restore.
  

Wiping Free Space

Erasing all unused space on the drive, cleaning any of trace of previously deleted files.

• This method is slow, possibly taking an hour or more.
  
• It has to be done frequently to ensure nothing important is on the drive.
  
• It doesn't erase information about deleted files that may still be stored by other programs.
  

Encrypted Archives

Storing files in an encrypted format.

• Requires extracting the files first to an unsafe location, unencrypted, so it can be viewed by another program.
  
• The data in that file is accessible by all running programs running on the system.
  
• As mentioned above, shredding the file afterwards isn't always 100% effective.
  

Encrypted Virtual Drives

Files are transparently decrypted in RAM. They don't need to be extracted to a drive first.

• While the drive is mounted, any program running can access the files on the drive.
  
• Running programs can leak information about the files stored on the drive.
  
• Even if a portable program is stored on an encrypted drive, there's no guarantee that portable software won't leave traces behind.
  

Full Drive Encryption

Encrypting the entire drive, including all programs and the OS. Good way to protect your data against theft.

• Only protects your data when your PC is off. Your data is vulnerable as soon as you turn on your PC and type in your password.
  
• All programs running on your system can access the data.
  

Wiping Paging File

Overwriting the paging file when you shut down your PC.

• Only happens when you shut down your PC. In case of a system crash or power outage, the paging file is vulnerable.
  

System Cleaners

Programs designed to erase history items, like recent files, browser history and cache, etc.

• No program will eliminate 100% of the usage tracks on your PC.
  

Step 1 - Encrypt the Paging File

The paging file is used as an extension to your system RAM, stored on the hard drive. Most programs will store information in RAM, unencrypted. Because of this, anything in RAM can be stored to the paging file unencrypted, including passwords.

For Windows Vista and Windows 7 users, the solution is simple: Encrypt the paging file!

Sorry, but Windows XP users are out of luck.

Everytime you start your PC, Windows will generate a random key and use it to encrypt your paging file. This key is always stored in RAM, so when you shut down your PC, or in the case of a system crash or power outage, the key is lost forever and your paging file is protected.

To do this, you'll have to open the command prompt with administrative privileges.

Open your Start Menu >> All Programs >> Accessories >> Right click Command Prompt and select "Run as Administrator".

Once you have the command prompt open, type in the following command:

fsutil behavior set encryptpagingfile 1

You'll have to reboot your system for the changes to take effect.

After rebooting, to confirm your paging file is encrypted, open command prompt again and type in the following command:

fsutil behavior query encryptpagingfile

Step 2 - Never Use Hibernate

Hibernating your PC will store everything in RAM to a file on your hard drive, unencrypted.

However, if you use full drive encryption, then the hibernation file will be encrypted. Unlike the paging file, the hibernate file is not encrypted using a random key, which means all the data is still accessible when your PC is running.

Step 3 - Encrypted Virtual Machine!

This is my solution. It's still not perfect, but I believe it's better than any of the solutions I mentioned earlier.

Virtual machines allow you to run an entire operating system and all it's programs in an isolated environment. This means no programs outside of the virtual machine can access the data contained within (to a certain extent, of course). Also, the programs running in the virtual machine cannot leak information since they're isolated.

It's a virtual machine, which means you can configure them to use full drive encryption. This way, every last bit of information is encrypted.

So you need a virtual machine. Any of these should work well. I prefer VirtualBox Portable myself.

VirtualBox - http://www.virtualbox.org/

VirtualBox Portable - http://www.vbox.me/

VMWare Server - http://www.vmware.com/products/server/

Windows Virtual PC - http://www.microsoft.com/windows/virtual-pc/

Then you need a program that can encrypt your virtual machine. If possible, you can just use BitLocker on Windows.

TrueCrypt - http://www.truecrypt.org/

There are already plenty of tutorials available on how to setup a virtual machine and setup full drive encryption. So I suggest you use one of those instead.

Tips for Configuring VirtualBox

• Disable the Shared Clipboard. When this feature is on, everything stored in the clipboard is shared with the host operating system.
  
• Make sure all shared folders are read only. Shared folders are an easy way for information to leak out of the virtual machine.
  
• Never use snapshots! Snapshots are unencrypted and contain important information, including the key used to encrypt the drive. It is safe to hibernate the guest operating system, because the hibernate file is stored in the encrypted drive.
  
• Use a strong password!
  

It wasn't my intention to make this guide much of a tutorial. The idea is simple enough: Install a virtual machine and encrypt it. Instead, I decided to concentrate on the reasons why this is better than other security solutions.

To summarize:

• Encrypt the paging file.
  
• Don't hibernate your PC, unless your entire drive is encrypted.
  
• Install a guest operating system and encrypt it.
  
• Disable the shared clipboard.
  
• Make sure all shared folders are read only.
  
• Don't ever save snapshots of your virtual machine. Hibernate the guest operating system instead.
  

Edited August 5, 2009 by Xinok

[DrunkenMaster]

Are you suggesting using a Read-Only virtual machine with an encrypted file system visible only to the virtual machine? Interesting. I think I can see a use for a BSD or SE Linux install now. :)

My only concern is, and maybe you can add this to the tutorial, is when you have encrypted data and you need the data for work in a non-secured space. Say you have an Excel database with business records in Windows. You have the data on a tru-cypt partition (say a mounted D: drive) and normal excel is on the C: drive. What would you suggest?

Or maybe dual-boot windows - one on a tru-crypt partiton with no Internet setup and another plain-ol' Windows?

[+Xinok Subscriber²]

Dual-boot is a good idea. I suggest using Disk Management to remove the drive letter of the unencrypted partition. As long as there's no drive letter, any software is unlikely to leak information onto that parititon.

As for updating the article, I'll consider it if more people show interest. As of now, yours is the first reply since I posted this a month ago.

[neudera]

Excellent guide. More people need to learn that encrypting your information can be more vital than having a lock on the front door of your house.