BitLocker Drive Encryption-the Overview


Overview

BitLocker Drive Encryption is one of the most useful features found in Enterprise and Ultimate editions of Windows Vista. For many enterprises, BitLocker could be the single reason to upgrade from Windows XP. So, what could possibly be so important? Simply put: addressing the laptop security problem.

In a moment we'll examine what this problem is, and, of course, how BitLocker can help you solve it. But first, what is this BitLocker thing anyhow?

BitLocker does two main things:

  • It encrypts every sector on the Windows OS volume.

  • By using a Trusted Platform Module (TPM) hardware chip, it can check the integrity of early boot components.

This combination protects the operating system and your data from offline attacks-that is, the type of attack that is conducted by bypassing the operating system, or attacks that are attempted when the OS is offline. For example, say a particular laptop is joined to an Active Directory domain. Users must log onto the domain before they can use the laptop, and sensitive files are also protected with NTFS access control list (ACL) entries. But when the laptop is stolen, all the thief has to do is move the hard drive into another computer that is running a different OS. (This other OS could be a completely different OS like Linux, or even just a different installation of Windows.) Suddenly the user password and ACLs don't matter anymore! The thief can read any unencrypted data in an almost trivial exercise.

There are some existing mitigations today, most noticeably the Encrypting File System (EFS) and Rights Management Services (RMS), both of which are also improved in Vista, but both of which need effort and configuration to use and maintain and don't protect everything on the disk.

But, first, it is important to understand the scope of the laptop security problem.




Administering Windows Vista Security. The Big Surprises
Administering Windows Vista Security: The Big Surprises
ISBN: 0470108320
EAN: 2147483647
Year: 2004
Pages: 101

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net