System Drive Encryption with BitLocker

written by: Pablo Martinez; article published: year 2007, month 03;

Bookmark and Share this Article

In: Root » Computers and technology » Windows » System Drive Encryption with BitLocker

 Dutch | French | Spanish | Portuguese | Italian | German | Danish | Norwegian | Japanese | Chinese | Korean | Russian | Arabic


Take new Vista technologies such as the bidirectional Windows Firewall, Windows Defender, and Windows Service Hardening; throw in good patch-management policies (that is, applying security patches as soon as they're available); and add a dash of common sense, and your computer should never be compromised by malware while Vista is running.

However, what about when Vista is not running? If your computer is stolen or if an attacker breaks into your home or office, your machine can be compromised in a couple of different ways:

  • By booting to a floppy disk and using command-line utilities to reset the Administrator password.

  • By using a CD-based operating system to access your hard disk and reset folder and file permissions.

Either exploit gives the attacker access to the contents of your computer. If you have sensitive data on your machinefinancial data, company secrets, and so onthe results could be disastrous.

To help you prevent a malicious user from accessing your sensitive data, Windows Vista comes with a new technology called BitLocker that encrypts the entire system drive. That way, even if a malicious user gains physical access to your computer, he or she won't be able to read the system drive contents. BitLocker works by storing the keys that encrypt and decrypt the sectors on a system drive in a Trusted Platform Module (TPM) 1.2 chip, which is a hardware component available on many newer machines.

To enable BitLockerwhich is available only in the Enterprise and Ultimate editions of Windows Vistaopen the Control Panel and select Security, BitLocker Drive Encryption (or just open the BitLocker Drive Encryption icon directly if you're using Classic view). In the BitLocker Drive Encryption window, click Turn On BitLocker.

This launches the Turn On BitLocker Drive Encryption Wizard, which takes you through the following tasks:

  • Save a startup key on a removable USB device. You need to insert this device each time you start your computer to decrypt the system drive.

  • Creating, displaying, printing, or saving the recovery password. You need this password if BitLocker blocks access to your computer. (BitLocker blocks access if it detects that one or more system files have been tampered with.) You can either enter the 48-digit(!) password by hand or use the recovery key you save to a USB device in the next step.

  • Encrypt the system volume. After this is done, you must insert the device with the startup key each time you want to load Vista.

Note

You can also use the Trusted Platform Module (TPM) Management snap-in to work with the TPM chip on your computer. Press Windows Logo+R, type tpm.msc, and click OK. This snap-in enables you to view the current status of the TPM chip, view information about the chip manufacturer, and perform chip-management functions.

Disclaimer

1) E-articles is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringement, please read the terms of service and contact us to investigate the problem.
2) E-articles is not responsible for inaccuracies, falsehoods, or any other types of misinformation this article may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here.

link to this article