BitLocker Drive Encryption is a data protection feature available Windows Server2008R2 and in some editions of Windows7. Having BitLocker integrated with the operating system addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software-attack tool against it or by transferring the computer's hard disk to a different computer. BitLocker helps mitigate unauthorized data access by enhancing file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled.
BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version1.2. The TPM is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to help protect user data and to ensure that a computer has not been tampered with while the system was offline.
On computers that do not have a TPM version1.2, you can still use BitLocker to encrypt the Windows operating system drive. However, this implementation will require the user to insert a USB startup key to start the computer or resume from hibernation, and it does not provide the pre-startup system integrity verification offered by BitLocker with a TPM.
In addition to the TPM, BitLocker offers the option to lock the normal startup process until the user supplies a personal identification number (PIN) or inserts a removable device, such as a USB flash drive, that contains a startup key. These additional security measures provide multifactor authentication and assurance that the computer will not start or resume from hibernation until the correct PIN or startup key is presented.
BitLocker can use a TPM to verify the integrity of early boot components and boot configuration data. This helps ensure that BitLocker makes the encrypted drive accessible only if those components have not been tampered with and the encrypted drive is located in the original computer.
BitLocker helps ensure the integrity of the startup process by taking the following actions:
To use BitLocker, a computer must satisfy certain requirements:
BitLocker is installed automatically as part of the operating system installation. However, BitLocker is not enabled until it is turned on by using the BitLocker setup wizard, which can be accessed from either the Control Panel or by right-clicking the drive in Windows Explorer.
At any time after installation and initial operating system setup, the system administrator can use the BitLocker setup wizard to initialize BitLocker. There are two steps in the initialization process:
When a local administrator initializes BitLocker, the administrator should also create a recovery password or a recovery key. Without a recovery key or recovery password, all data on the encrypted drive may be inaccessible and unrecoverable if there is a problem with the BitLocker-protected drive.
For detailed information about configuring and deploying BitLocker, see the Windows BitLocker Drive Encryption Step-by-Step Guide (http://go.microsoft.com/fwlink/?LinkID=140225).
BitLocker can use an enterprise's existing Active Directory Domain Services (ADDS) infrastructure to remotely store recovery keys. BitLocker provides a wizard for setup and management, as well as extensibility and manageability through a Windows Management Instrumentation (WMI) interface with scripting support. BitLocker also has a recovery console integrated into the early boot process to enable the user or helpdesk personnel to regain access to a locked computer.
For more information about writing scripts for BitLocker, see Win32_EncryptableVolume (http://go.microsoft.com/fwlink/?LinkId=85983).
Many personal computers today are reused by people other than the computer's initial owner or user. In enterprise scenarios, computers may be redeployed to other departments, or they might be recycled as part of a standard computer hardware refresh cycle.
On unencrypted drives, data may remain readable even after the drive has been formatted. Enterprises often make use of multiple overwrites or physical destruction to reduce the risk of exposing data on decommissioned drives.
BitLocker can help create a simple, cost-effective decommissioning process. By leaving data encrypted by BitLocker and then removing the keys, an enterprise can permanently reduce the risk of exposing this data. It becomes nearly impossible to access BitLocker-encrypted data after removing all BitLocker keys because this would require cracking 128-bit or 256-bit AES encryption.
BitLocker cannot protect a computer against all possible attacks. For example, if malicious users, or programs such as viruses or rootkits, have access to the computer before it is lost or stolen, they might be able to introduce weaknesses through which they can later access encrypted data. And BitLocker protection can be compromised if the USB startup key is left in the computer, or if the PIN or Windows logon password are not kept secret.
The TPM-only authentication mode is easiest to deploy, manage, and use. It might also be more appropriate for computers that are unattended or must restart while unattended. However, the TPM-only mode offers the least amount of data protection. If parts of your organization have data that is considered highly sensitive on mobile computers, consider deploying BitLocker with multifactor authentication on those computers.
For more information about BitLocker security considerations, see Data Encryption Toolkit for Mobile PCs (http://go.microsoft.com/fwlink/?LinkId=85982).
For servers in a shared or potentially non-secure environment, such as a branch office location, BitLocker can be used to encrypt the operating system drive and additional data drives on the same server.
By default, BitLocker is not installed with Windows Server2008R2. Add BitLocker from the Windows Server2008R2 Server Manager page. You must restart after installing BitLocker on a server. Using WMI, you can enable BitLocker remotely.
BitLocker is supported on Extensible Firmware Interface (EFI) servers that use a 64-bit processor architecture.
After the drive has been encrypted and protected with BitLocker, local and domain administrators can use the Manage BitLocker page in the BitLocker Drive Encryption item in Control Panel to change the password to unlock the drive, remove the password from the drive, add a smart card to unlock the drive, save or print the recovery key again, automatically unlock the drive, duplicate keys, and reset the PIN.
An administrator may want to temporarily disable BitLocker in certain scenarios, such as:
These scenarios are collectively referred to as the computer upgrade scenario. BitLocker can be enabled or disabled through the BitLocker Drive Encryption item in Control Panel.
The following steps are necessary to upgrade a BitLocker-protected computer:
Forcing BitLocker into disabled mode will keep the drive encrypted, but the drive master key will be encrypted with a symmetric key stored unencrypted on the hard disk. The availability of this unencrypted key disables the data protection offered by BitLocker but ensures that subsequent computer startups succeed without further user input. When BitLocker is enabled again, the unencrypted key is removed from the disk and BitLocker protection is turned back on. Additionally, the drive master key is keyed and encrypted again.
Moving the encrypted drive (that is, the physical disk) to another BitLocker-protected computer does not require any additional steps because the key protecting the drive master key is stored unencrypted on the disk.
For detailed information about disabling BitLocker, see Windows BitLocker Drive Encryption Step-by-Step Guide (http://go.microsoft.com/fwlink/?LinkID=140225).
A number of scenarios can trigger a recovery process, for example:
An administrator can also trigger recovery as an access control mechanism (for example, during computer redeployment). An administrator may decide to lock an encrypted drive and require that users obtain BitLocker recovery information to unlock the drive.
Using Group Policy, an IT administrator can choose which recovery methods to require, deny, or make optional for users who enable BitLocker. The recovery password can be stored in ADDS, and the administrator can make this option mandatory, prohibited, or optional for each user of the computer. Additionally, the recovery data can be stored on a USB flash drive.
The recovery password is a 48-digit, randomly generated number that can be created during BitLocker setup. If the computer enters recovery mode, the user will be prompted to type this password by using the function keys (F0 through F9). The recovery password can be managed and copied after BitLocker is enabled. Using the Manage BitLocker page in the BitLocker Drive Encryption item in Control Panel, the recovery password can be printed or saved to a file for future use.
A domain administrator can configure Group Policy to generate recovery passwords automatically and back them up to ADDS as soon as BitLocker is enabled. The domain administrator can also choose to prevent BitLocker from encrypting a drive unless the computer is connected to the network and ADDS backup of the recovery password is successful.
The recovery key can be created and saved to a USB flash drive during BitLocker setup; it can also be managed and copied after BitLocker is enabled. If the computer enters recovery mode, the user will be prompted to insert the recovery key into the computer.
Read the original here:
BitLocker Drive Encryption Overview - technet.microsoft.com
- Ring plans to offer end-to-end encryption by the end of the year - The Verge - September 29th, 2020
- Encryption Software Market Comprehensive Study With Key Trends, Major Drivers And Challenges 2020-2026 - The Market Records - September 29th, 2020
- Ring to offer opt-in end-to-end encryption for videos beginning later this year - TechCrunch - September 29th, 2020
- WhatsApp Encryption Is Not Foolproof; Chats Can Be Accessed In These Ways - Yahoo India News - September 29th, 2020
- Hardware-based Full Disk Encryption (FDE) Market Forecast to 2027 Covid-19 Impact and Global Analysis by Type, Deployment Type and Industry Vertical... - September 29th, 2020
- EU Still Asking For The Impossible (And The Unnecessary): 'Lawful Access' To Encrypted Material That Doesn't Break Encryption - Techdirt - September 29th, 2020
- Encryption Software Market Report Examines Growth Overview And Predictions On Size, Share And Trend Through 2025 - The Daily Chronicle - September 29th, 2020
- Russia Is Trying Something New to Isolate Its Internet From the Rest of the World - Slate - September 29th, 2020
- Network Encryption Market From 2020-2026: Growth Analysis By Manufacturers, Regions, Types And Applications - The Daily Chronicle - September 29th, 2020
- Encryption Software Market Size, Analytical Overview, Key Players, Growth Factors, Demand, Trends And Forecast to 2027 - The Daily Chronicle - September 29th, 2020
- Top Technologies To Achieve Security And Privacy Of Sensitive Data In AI Models - Analytics India Magazine - September 29th, 2020
- Database Encryption Market Analysis and the Impact of COVID-19 Key Vendors, Growth Rate and Forecast To 2028 - The Daily Chronicle - September 29th, 2020
- Cloud Encryption Technology Market Size, Analytical Overview, Key Players, Growth Factors, Demand, Trends And Forecast to 2027 - The Daily Chronicle - September 29th, 2020
- Cloud Encryption Market 2020 Global Share, Growth, Size, Opportunities, Trends, Regional Overview, Leading Company Analysis And Forecast To 2026 |... - September 29th, 2020
- WhatsApp says end-to-end encryption to protects chats among app however not cloud backups - Stanford Arts Review - September 29th, 2020
- Cloud Encryption Market 2020-2028 Research Report| Know The Growth Factors and Future Scope - The Daily Chronicle - September 25th, 2020
- Cloud Encryption Market to Witness Astonishing Growth by 2026 | Ciphercloud, Gemalto, Hytrust and more - Crypto Daily - September 25th, 2020
- One Way to Prevent Police From Surveilling Your Phone - The Intercept - September 25th, 2020
- COVID-19 Impact on Global Encryption Software Market Report to Share Key Aspects of the Industry with the details of Influence Factors - Scientect - September 4th, 2020
- Encryption Software Market: Regional Overview and Trends Evaluation to 2026 - Fractovia News - September 4th, 2020
- Encryption Software Market is Expected to reach $2.16 billion by 2020| Growing at a CAGR (compounded annual growth rate) of CAGR of 14.27% from 2014... - September 4th, 2020
- WD unveils encrypted ArmorLock SSD that unlocks using your smartphone - 9to5Toys - September 4th, 2020
- Encryption Software Market report, upcoming trends, share report, growth size, industry players and global forecast to 2025 - Galus Australis - September 4th, 2020
- COVID-19 Impact on Global Encryption Software Market: Global Industry Analysis by Size, Share, Growth, Trends and Forecast 2020 2025 - The Daily... - September 4th, 2020
- Hardware Encryption Technology Steady Growth to be Witnessed by 2019-2029 - The News Brok - September 4th, 2020
- Encryption Software Market to Witness Astonishing Growth by 2026 | Dell , Eset , Gemalto and more - The Daily Chronicle - September 4th, 2020
- IIT Guwahati Research team working towards protecting data from cyber attacks - India Today - September 4th, 2020
- Five Security Blind Spots You Might Not Realize You Have - Government Technology - September 4th, 2020
- Cloud Encryption MARKET 2020 BY MANUFACTURERS, REGIONS, TYPE AND APPLICATION, FORECAST TO 2027 - Scientect - September 4th, 2020
- Network Encryption Market Trends, Outlook and Forecasts to 2025 by: Gemalto, Riverbed Technology, IBM Corporation, SolarWinds Inc., Juniper Networks... - September 4th, 2020
- What is the Importance of Encryption in the Business Network - Enterprise Security Mag - September 2nd, 2020
- How to enable end-to-end encryption for the Nextcloud app - TechRepublic - September 2nd, 2020
- The Feds Need to Listen in on Your Encrypted Knowledge. It is "for the Youngsters." - The Shepherd of the Hills Gazette - September 2nd, 2020
- NordVPN review: An encryption powerhouse with the best VPN bang for your buck - CNET - September 2nd, 2020
- Homomorphic encryption: Deriving analytics and insights from encrypted data - CSO Online - September 2nd, 2020
- Encryption Key Management 2020-2025 | Global Market Trends, Applications, Size, Types, Key Manufacturers and Forecast Research - The Daily Chronicle - September 2nd, 2020
- AES Encryption Software Market : Global Strategies and Insight driven transformation 2020 2026 - SG Research Sphere - September 2nd, 2020
- IIT Guwahati researchers develop algorithms to protect information like health data from cyberattacks - EdexLive - September 2nd, 2020
- Global Cloud Encryption Market- Industry Analysis and forecast 2020 2027: By Industrial verticals, Services, and Region. - Galus Australis - September 2nd, 2020
- Data Encryption Market Size 2020 By Global Business Trends, Share, Future Demand, Leading Players Updates and Forecast to 2026 (Based on 2020 COVID-19... - September 2nd, 2020
- Mobile Encryption Technology Market : Global Trends, Analysis and Forecast 2025 - The Daily Chronicle - September 2nd, 2020
- How to Encrypt Files with gocryptfs on Linux - How-To Geek - September 2nd, 2020
- GlobeX Data launches Sekur, its secure, encrypted email and messaging solution - Proactive Investors USA & Canada - September 2nd, 2020
- What to do in the event of a ransomware attack - Charity Digital News - September 2nd, 2020
- Activate these 4 WhatsApp settings NOW to stop snoopers including face-lock and encryption - The Sun - September 2nd, 2020
- TLS Is Only as Strong as Its Weakest Link - Hashed Out by The SSL Store - Hashed Out by The SSL Store - September 2nd, 2020
- Encryption Management Solutions Market Trends, Size, Share, Status, Analysis And Forecast To 2025 - The News Brok - September 2nd, 2020
- Cloud Encryption Market Insights Business Opportunities, Current Trends And Restraints Forecast 2026 - Reports Watch - September 2nd, 2020
- 9 ways to build privacy into cloud applications - Reseller News - September 2nd, 2020
- Russia's New Blockchain Voting System Isn't Ready, but It'll Be Used This Month Anyway - Business Blockchain HQ - September 2nd, 2020
- Encryption and endpoint control: the heroes of post-lockdown data security - TEISS - August 20th, 2020
- Global Encryption Software Market 2020: Industry Analysis by Size, Share, Demand, Growth rate and Forecasts Till 2025 - The News Brok - August 20th, 2020
- Techdirt Podcast Episode 252: The Key To Encryption - Techdirt - August 20th, 2020
- Researchers Develop Attacks Targeting End-to-End Encryption in Emails - Decipher - August 20th, 2020
- Encryption Software Market- Global Outlook and Forecast 2018-2026 - Kentucky Journal 24 - August 20th, 2020
- Analyzing Impacts Of COVID-19 On Data Encryption Market Effects, Aftermath And Forecast To 2026 - The Daily Chronicle - August 20th, 2020
- Commercial Encryption Software Market Analysis And Demand With Forecast Overvie - News by aeresearch - August 20th, 2020
- Cloud Encryption Market Estimated to Experience a Hike in Growth by 2026 - Scientect - August 20th, 2020
- Why it's important to encrypt everything, everywhere, all the time - SecurityBrief Asia - August 20th, 2020
- Optical Encryption Market with Brief Introduction, Industry Overview, Scope, Size and Forecast Analysis 2025 - Scientect - August 20th, 2020
- What is On-the-Fly Memory Encryption? - Electropages - August 8th, 2020
- AFP says it made three requests for assistance in breaking encryption in 2019-20 - iTWire - August 8th, 2020
- Blue Canyon Technologies Tapped to Build QETSSat Encryption Satellite - Via Satellite - August 8th, 2020
- Encryption Software Market Report to Share Key Aspects of the Industry with the Details of Influence Factors- 2024 - Owned - August 8th, 2020
- Exorcist Ransomware and CIS Exclusion - Security Boulevard - August 8th, 2020
- Beyond Krk: Even more WiFi chips vulnerable to eavesdropping - We Live Security - August 8th, 2020
- Comprehensive Analysis on Endpoint Encryption Software Market based on types and application - The Daily Chronicle - August 8th, 2020
- This hardware-encrypted USB-C drive is rugged, inexpensive, and can run Windows - TechRadar UK - August 8th, 2020
- Zoom's COO is not concerned by app bans in India, says end-to-end encryption for all by year end - Economic Times - August 8th, 2020
- Jihadi Use Of Bots On The Encrypted Messaging Platform Telegram - Middle East Media Research Institute - August 8th, 2020
- Thoughts on encryption legislation - and the real 'link' between 5G and coronavirus - Cloud Tech - July 21st, 2020
- Twitter Urged To Beef Up Encryption 07/20/2020 - MediaPost Communications - July 21st, 2020
- Encryption Software - Market Share Analysis and Research Report by 2025 - CueReport - July 21st, 2020
- Encryption Management Solutions Market 2020 Global Share, Growth, Size, Opportunities, Trends, Regional Overview, Leading Company Analysis And... - July 21st, 2020
- Research Report on Data Encryption Service Market by Current Industry Status, Growth Opportunities, Top Key Players, and Forecast to 2025 -... - July 21st, 2020
- Bill That Mandates Cyber Backdoors Will Leave Front Doors Wide Open - CPO Magazine - July 21st, 2020
- These encrypted iStorage hard drives and flash drives are the ultimate peace of mind for your data - Boing Boing - July 21st, 2020
- Virtual and face-to-face connect to coexist: Zoom COO - Fortune India - July 21st, 2020
- Facebook's Rolling Out Touch ID and Face ID Lock Options for Messenger - Social Media Today - July 21st, 2020
- Global Cloud Encryption Technology Market Expeted To Reach xx.xx mn USD With growth Rate of xx by 2025| Pandamic Impact Analysis : Gemalto, Sophos,... - July 21st, 2020