Reduce risks associated with computer hibernation

Bookmark This (opens in new window)

When a Windows system hibernates (or enters a similar power saving mode), the contents of system memory is written to a file on the hard drive (in Windows XP this file is C:\hiberfil.sys). The temporary storage for each running program is stored unencrypted in RAM and, therefore, unencrypted on the hard drive during hibernation. Even when you are using programs such as PGP or TrueCrypt to encrypt disk volumes, files that are open and in use may be stored unencrypted during hibernation. So while it may not be possible for an intruder to guess the password necessary to re-mount a PGP or TrueCrypt volume, the contents of open files may be present in the hibernation file.

Same goes for passwords and other sensitive information – passwords typed into programs before hibernation, if they are still running during hibernation, may also be stored in plaintext (unencrypted).

Hibernation is an operational reality (or at least a time-saving convenience) for many people, even those who work on highly sensitive information. If you must work on sensitive files and use hibernation mode, follow these steps:

1. Prior to hibernation, close sensitive files.
2. Exit programs that may have stored passwords in RAM. Examples are browsers, file editors, and encrypted volume managers such as PGP and TrueCrypt.
3. Dismount encrypted volumes.
4. Enter hibernation mode. It is arguably safer to just shut down the system rather than use hibernation. But your work patterns and the nature of your sensitive work may permit hibernation if you take the precautions listed above.

Read a similar tip about erasing your hibernation file when you shut down your computer.

Advertisements

2 thoughts on “Reduce risks associated with computer hibernation

  1. Joseph Belsanti

    All encryption software is not created equal. Winmagic’s SecureDoc product supports hibernation. The product will encrypt the entire physical hard drive and will not leave any files containing clear text unencrypted. Potential exposure to data security breaches can be eliminated by using superior encryption technologies like the one found with Winmagic’s SecureDoc.

    Reply
  2. Pingback: Erase your paging file at shutdown « Peter H Gregory, CISA, CISSP

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s