1 / 12

Windows BitLocker Overview

darryl
Download Presentation

Windows BitLocker Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Windows BitLocker Overview Nguyen An Que Microsoft Vietnam Que.Nguyen@microsoft.com

    2. Why Data Protection is important?

    3. The Solution: BitLocker and BitLocker To-Go Supported OS: Windows 7 Enterprise Windows Server 2008 R2 Windows 7 Ultimate

    4. BitLocker Drive Encryption values Protect against offline attacks Laptop stolen Hard drives being serviced Safe to recycle or to decommission Without BitLocker, hard drives need to be properly wiped or shredded BitLocker cannot protect if The PC is virus-infected before Startup key USB is left in the PC Startup PIN or Windows logon password is disclosed

    5. Technical Architecture

    6. System Integrity verification using TPM BitLocker uses the TPM to verify the integrity of early boot components and boot configuration data. BitLocker Integrity Verification values: Check early boot file integrity with no modifications such as with boot sector viruses or rootkits. Prevent offline software-based attacks. Lock the system when it is tampered with.

    7. Installation & Initialization BitLocker is installed automatically but not enabled Initialize using Control Panel when needed BitLocker initialization process: Initialize the TPM Set up BitLocker (encryption process) Should also create a recovery key/password 3 options: save to USB, save to remote file location, print Without a recovery key/password, all data may be inaccessible if there is a problem with the drive. Automation: command line or WMI script Enterprise Implementation Use AD to store recovery keys & TPM PIN

    8. Use AD to store recovery key & TPM PIN

    9. Disabling BitLocker temporarily Temporarily disabling BitLocker scenarios: Updating the BIOS. Upgrading critical early boot components: Installing an additional OS, which might change the master boot record (MBR). Repartitioning the disk, which might change the partition table. Upgrading the motherboard to replace or remove the TPM Moving a BitLocker-protected drive to another computer Use Control Panel to disable

    10. Data Recovery BitLocker Data Recovery Mode An error related to TPM validation occurs on an OS drive. The PIN is forgotten. The smart card used to encrypt is lost. Data Recovery Agents (DRA) Persons whose PKI certificates are used to create BitLocker key protector DRAs are added to the drive when it is encrypted DRAs can recover OS & data drives, removable drives BitLocker Active Directory Recovery Password Viewer tool An optional feature in Windows Server 2008 R2 Locate and view BitLocker recovery passwords that are stored in AD BitLocker Repair Tool

    11. BitLocker Recovery Password Viewer

More Related