|
Keeping your system safe
|
Previous Top Next |
| · | For windows XP, from http://www.nswc.navy.mil/ISSEC/Form/AccredForms/acc_part2_XP_help.html
|
| Wiping the System Page File during clean system shutdown
|
| Virtual Memory support of Windows XP uses a system page file to swap pages from memory of different processes onto disk when they are not being actively used. On a running system, this page file is opened exclusively by the operating system and hence is well-protected. However, systems that are configured to allow booting to other operating systems, may want to ensure that system page file is wiped clean when Windows XP shuts down. This ensures that sensitive information from process memory that may have made into the page file is not available to a snooping user. Click on Control Panel, Administrative Tools, Local Security Policy. Under Security Settings, Local Policies, Security Options. Choose "Shutdown: Clear virtual memory pagefile".
|
| · | For Windows NT, from http://is-it-true.org/nt/registry/rtips86.shtml
|
| Virtual memory support in Windows NT uses a system page file to swap pages from memory of different processes onto disk when they are not being actively used. On a running system, the page file is opened exclusively by the operating system and is well-protected. To ensure that any sensitive information from process memory is not left on the hard drive and thus not available to a user booting the PC with another operating system, apply the following Windows NT / Windows 2000 / Windows XP registry hack:
|
| Hive: HKEY_LOCAL_MACHINE
|
| Key: SYSTEM\CurrentControlSet\Control\SessionManager\Memory Management
|
| Name: ClearPageFileAtShutdown
|
| Type: REG_DWORD
|
| Value: 1
|
| Note that this protection only works with a clean shutdown. The ClearPageFileAtShutdown is part of the normal shutdown process when this value is set. Valuable for shared PCs or if you have something very valuable needing protection.
|
|
|
|
|