Understanding BitLocker Drive Encryption

Microsoft added Windows BitLocker Drive Encryption to Windows Server 2008 mostly as a result of organizations demanding protection not only for their operating systems in remote locations, but also for the vital data stored on the system volume, data volumes, and USB flash drives that were used in these locations. BitLocker Drive Encryption, commonly referred to as just BitLocker, is a software-based Full Disk Encryption (FDE) dataprotection security feature included in all versions of Windows Server 2008 and Windows Server 2008 R2, as well as in the Ultimate and Enterprise Editions of Windows Vista and Windows 7. It is an optional component that must be installed if you choose to use it.

BitLocker increases data at rest protection for an operating system by merging two concepts together: encrypting a volume and guaranteeing the integrity of the operating system’s boot components. The first component, drive encryption, safeguards data residing on the system volume and configured data volumes by preventing unauthorized users from compromising Windows system files encrypted with BitLocker. The second component provides integrity verifications of the early boot components, which essentially refers to components used during the startup process, by validating that the hard disk has not been tampered with or removed from its original server. Equally important, when you use BitLocker, confidential data on a protected server cannot be viewed even if the hard disks are transferred to another operating system. If these two conditions are met, only then will data on a BitLocker volume be accessible and the system allowed to boot.

If you have worked with previous versions of Windows Server, you will recognize immediately that BitLocker is a great addition to Windows Server 2008 R2 as it protects all of the data residing on a server’s hard disks because everything written to the disk including the operating system is encrypted. In previous versions of Windows Server, encryption based on integration with integrity controls was not supported, which meant personal information could be compromised. In addition, with BitLocker now on the map, branch offices concerned over the physical security and theft of their domain controllers stand to benefit the greatest from leveraging BitLocker because this feature further bolsters security and ensures confidential data is not disclosed without authorization.
Many professionals are posing questions as they wonder about the differences between BitLocker and Encrypting File System (EFS). Both technologies offer tools for encryption; however, BitLocker is intended to protect all personal and system files on a system and after it is enabled, it is transparent as well as automatic. EFS, on the other hand, encrypts individual files based on an administrator’s judgment call.

Source of Information : Sams - Windows Server 2008 R2 Unleashed

No comments:

Cloud storage is for blocks too, not just files

One of the misconceptions about cloud storage is that it is only useful for storing files. This assumption comes from the popularity of file...