BitLocker Drive Encryption-the Overview

A few years ago, Microsoft began a project called the Next Generation Secure Computing Base, and BitLocker is a direct result of that effort. In designing BitLocker, the System Integrity team in Windows wanted to come up with a solution that included laptop computers (note-books,) desktops, and servers, and provide a way to prevent thieves from using other operating systems or software hacking tools to break or bypass the protection provided by the Windows OS and the file system. That kind of prevention requires encryption.

BitLocker is also designed to provide a transparent user experience. In other words, unlike EFS or RMS, the user doesn't have to do anything complicated to configure and use the protection given by encryption, and the user (and you, the IT guru, and your colleagues in Legal Affairs) can be confident that everything is encrypted.

When Microsoft first started to talk about BitLocker (then called "secure startup"), it seemed like an interesting but impractical technology because it required a Trusted Platform Module (TPM) chip built-in to the computer. Thankfully, the Vista implementation of Bit-Locker, however, lets you encrypt any system so long as it's got a TPM chip, or else by using a compatible USB flash drive, USB port, and BIOS. (BIOS and USB compatibility is part of the testing done before a manufacturer can put a Vista logo on a computer.)

This allows BitLocker to be used on many existing computers. However, some incompatibilities will still be found. It's a good idea to test system, BIOS, and USB flash drive combinations before committing to a large roll-out.

Clearly, laptop computers are where you need to begin, because they are sometimes stolen and often lost. Desktops, too, are sometimes targeted for theft, or sometimes placed in less-than-secure environments (such as shared lobbies or offices without locked doors). BitLocker will also be included in Windows Server code-named "Longhorn" (and will actually offer additional supported features). Although I hope you don't misplace your server very often, servers are very high-value targets for theft. All of these types of computers contain sensitive data, such as IP and PII.

Source of Information : Administering Windows Vista Security The Big Surprises

No comments:

The inefficiencies and risks of backup processes

If cloud storage had existed decades ago, it’s unlikely that the industry would have developed the backup processes that are commonly used ...