Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
dcc:itsol:veracrypt:precautions [2024/07/22 14:03] – added step-by-step guide on memory dump file and further precautions giuliodcc:itsol:veracrypt:precautions [2025/04/01 11:56] (current) – removed reference to Lv4 protection giulio
Line 2: Line 2:
 ===== Security requirements and precautions ===== ===== Security requirements and precautions =====
  
-**IMPORTANT**: Please take into account that you can use VeraCrypt yourself up to what we call Lvl 3 Protection without the risk of losing important data or access to your system. As long as you follow the encryption guide provided here and are careful about the things we warn you about, you should not need assistance in setting this up.+**IMPORTANT**: Please take into account that you can use VeraCrypt yourself at any level of protection suggested in this guide. The risk of losing important data is mainly linked to losing your password or your keyfiles. As long as you follow the encryption guide provided here and are careful about the things we warn you about, you should not need assistance in setting this up.
  
-From Lvl 4 Protection onwards, we suggest that you **talk to someone at the DCC** for assistance. These higher levels of protection ensure that your data is harder to find and leaves less traces, but they also carry the risk of **losing data by overwriting it** or **losing access to your operating system, IF THEY ARE SET UP INCORRECTLY**. You will also have to be told about clear practices that you need to follow in order to ensure **plausible deniability and the best level of protection**. +This guide advises you on a level of protection that is ultimately just a suggestion. You can decide to get higher protection for your data, of course. Be aware, once again, that in getting a higher protection level the risk you face shifts from data leakage to actual data loss. We would ask that you follow our guidelines unless you really need a higher level of protection for your data, in which case you should request a consultation with us.
- +
-In our consultation with you we have advised you on a level of protection that is ultimately just a suggestion. You can decide to get higher protection for your data, of course. Be aware, once again, that in getting a higher protection level the risk you face shifts from data leakage to actual data loss. We would ask that you follow our guidelines unless you really need a higher level of protection for your data, in which case you should request a follow up consultation with us.+
  
 In order for VeraCrypt to provide effective security, the user needs to be aware and follow a number of guidelines that are listed here in short form and in their entirety in the VeraCrypt manual. Please refer to the VeraCrypt manual (pp.90-99 in the pdf or the [[https://www.veracrypt.fr/en/Security%20Requirements%20and%20Precautions.html| Security requirements and precautions]] section of the online documentation) for a more detailed explanation. In order for VeraCrypt to provide effective security, the user needs to be aware and follow a number of guidelines that are listed here in short form and in their entirety in the VeraCrypt manual. Please refer to the VeraCrypt manual (pp.90-99 in the pdf or the [[https://www.veracrypt.fr/en/Security%20Requirements%20and%20Precautions.html| Security requirements and precautions]] section of the online documentation) for a more detailed explanation.
Line 26: Line 24:
 ++++ Click to display step-by-step guide | ++++ Click to display step-by-step guide |
  
-  - Mount your VeraCrypt volume on an unoccupied drive. {{ :dcc:itsol:veracrypt:new_page_step_1.png?direct&800 | }} +  - Mount your VeraCrypt volume on an unoccupied drive. {{ :dcc:itsol:veracrypt:new_page_step_1.png?direct&650 | }} 
-  - Navigate to the //My Computer/My PC// icon, right-click and select //Properties// from the drop-down Menu. {{ :dcc:itsol:veracrypt:new_page_step_2.png?direct&800 | }}+  - Navigate to the //My Computer/My PC// icon, right-click and select //Properties// from the drop-down Menu. {{ :dcc:itsol:veracrypt:new_page_step_2.png?direct&700 | }}
   - This will open up the //About// section of the //Settings// Menu. Select //Advanced system settings//. Windows will ask you for permission to change system settings. Select //Yes//. {{ :dcc:itsol:veracrypt:new_page_step_3.png?direct&800 | }}   - This will open up the //About// section of the //Settings// Menu. Select //Advanced system settings//. Windows will ask you for permission to change system settings. Select //Yes//. {{ :dcc:itsol:veracrypt:new_page_step_3.png?direct&800 | }}
-  - The System Properties window will open on the //Advanced// tab, as shown in the picture. Under //Performance//, click the //Settings// button. {{ :dcc:itsol:veracrypt:new_page_step_4.png?direct&800 | }} +  - The System Properties window will open on the //Advanced// tab, as shown in the picture. Under //Performance//, click the //Settings// button. {{ :dcc:itsol:veracrypt:new_page_step_4.png?direct&400 | }} 
-  - Navigate to the //Advanced// tab once again and under //Virtual memory// click on the //Change// button. {{ :dcc:itsol:veracrypt:new_page_step_5.png?direct&800 | }} +  - Navigate to the //Advanced// tab once again and under //Virtual memory// click on the //Change// button. {{ :dcc:itsol:veracrypt:new_page_step_5.png?direct&400 | }} 
-  - In the //Virtual Memory// window, first deselect //Automatically manage paging file size for all drives//, then select the drive you mounted the VeraCrypt volume on, select //No paging file// and click the //Set// button. {{ :dcc:itsol:veracrypt:new_page_step_6.png?direct&800 | }}+  - In the //Virtual Memory// window, first deselect //Automatically manage paging file size for all drives//, then select the drive you mounted the VeraCrypt volume on, select //No paging file// and click the //Set// button. {{ :dcc:itsol:veracrypt:new_page_step_6.png?direct&400 | }}
  ​  ​
 ++++ ++++
Line 42: Line 40:
  
   - Navigate to the //About// section of the //Settings// menu again and select //Advanced system settings//   - Navigate to the //About// section of the //Settings// menu again and select //Advanced system settings//
-  - In the //Advanced// tab, which opens automatically from the previous step, click the //Settings// button in the //Startup and Recovery// section. {{ :dcc:itsol:veracrypt:new_memdump_step_2.png?direct&800 | }} +  - In the //Advanced// tab, which opens automatically from the previous step, click the //Settings// button in the //Startup and Recovery// section. {{ :dcc:itsol:veracrypt:new_memdump_step_2.png?direct&400 | }} 
-  - In the resulting window, select //(none)// under the //Write debugging information// section. Then click //Ok//. {{ :dcc:itsol:veracrypt:new_memdump_step_3.png?direct&800 | }}+  - In the resulting window, select //(none)// under the //Write debugging information// section. Then click //Ok//. {{ :dcc:itsol:veracrypt:new_memdump_step_3.png?direct&400 | }} 
 + 
 +++++ 
 + 
 +==== Disabling hibernation files ==== 
 + 
 +Hibernation files are files that Windows creates when entering power saving mode. These files contain information that Windows uses to restore all processes once it exits power saving mode. This means that information stored on a VeraCrypt volume you were working with, the master key of the mounted volume and/or other information contained in your VeraCrypt volume might be written on disk unencrypted by Windows. To avoid this occurrence, follow these steps. **Warning: Keep in mind that the best way to avoid this, is to manually dismount all VeraCrypt volumes when done and shut down the computer for a few minutes (the longer, the better) before turning it on again**. 
 + 
 +++++ Click to display step-by-step guide | 
 + 
 +  - Open VeraCrypt and select the //Settings// Menu {{ :dcc:itsol:veracrypt:new_hiber_step_1.png?direct&650 | }} 
 +  - Select the //Preferences// Menu {{ :dcc:itsol:veracrypt:new_hiber_step_2.png?direct&650 | }} 
 +  - Tick the //Entering power saving mode// choice (red box), then confirm your selection by clicking //Ok//. {{ :dcc:itsol:veracrypt:new_hiber_step_3.png?direct&650 | }} 
 + 
 +++++ 
 + 
 +==== Ensuring proper synchronization ==== 
 + 
 +In order to give as little as possible information away to an unauthorized user, VeraCrypt preserves the date of creation of the files contained in a volume. This means that if you modify a file after it was created, VeraCrypt will not update the date of the last change done to the file. This is not a problem, unless you want to synchronize your VeraCrypt folder (once encrypted and dismounted) with a cloud service. The cloud service performs its synchronization by checking the modification date of the data contained in the volume and the volume itself. As VeraCrypt does not update the date of last modification, the cloud service will assume that no work has been done on the file and will skip the synchronization.  
 + 
 +To prevent this from happening, there are two easy steps you can follow: 
 + 
 +++++ Click to display step-by-step guide | 
 + 
 +  - Click on //Settings//, as shown in the figure, then select //Preferences...//. {{ :dcc:itsol:veracrypt:tmstamp_1.png?direct&650 | }} 
 +  - A new window will appear. You can then deselect the option in the red box, then click //OK//. VeraCrypt will now update the date the file was modified, intead of preserving the original date. {{ :dcc:itsol:veracrypt:tmstamp_2.png?direct&650 | }} 
 + 
 +**IMPORTANT**: Please make sure to regularly check whether your synchronized files are indeed what you have been working on. Please do this even if you have followed this guide on how to disable this option.
  
 ++++ ++++