Using BitLocker Drive Encryption

File History and System Protection ensure the availability of your files, in that they allow you to restore lost or damaged files by restoring from a backup copy. BitLocker drive encryption isn’t about availability. It’s about confidentiality. If your notebook computer is lost or stolen, that’s certainly a bad thing. But if it contains confidential personal, client, or patient information, that’s even worse. BitLocker drive encryption ensures that lost or stolen data can’t be read by prying eyes.

Tip
BitLocker differs from the Encrypting File System (EFS) in that EFS encrypts individual folders and files, whereas BitLocker encrypts the whole disk.

BitLocker drive encryption works by encrypting all the data on a hard drive. With BitLocker drive encryption active, you can still use the computer normally. All the necessary encryption and decryption takes place automatically behind the scenes. But a thief would be unable to access data, passwords, or confidential information on the drive.

Tip
BitLocker drive encryption ensures the confidentiality of data stored in portable computers.

BitLocker hardware requirements

BitLocker drive encryption uses an encryption key to encrypt and decrypt data. That key must be stored in a Trusted Platform Module (TPM) Version 1.2 microchip and compatible BIOS. Only newer computers come with the appropriate hardware preinstalled. You’ll also need a USB flash drive to store a copy of the password.

Caution, Caution, and More Caution
BitLocker drive encryption is primarily designed for organizations that have sensitive data stored on notebooks and PCs. Theft of that data could have a negative impact on the organization, its customers, or its shareholders. While transparent to the user, the act of setting up BitLocker would normally be entrusted to IT professionals within the organization.
If you’re not an IT professional, you need to be aware of the risks involved, especially if you plan to set up BitLocker on a hard drive that already contains files. First, always back up your data before re-partitioning a drive. Although many programs on the market allow you to repartition a disk without losing data, there’s always a risk involved. A backup is your only real insurance. More important, you should understand that BitLocker is not for the technologically faint-of-heart. There is no way to undo any bad guesses or mistakes. If not handled with the utmost care, BitLocker can render your computer useless and your data unrecoverable. If you’re not technologically inclined, but have a serious need for drive encryption, consider getting professional support in setting up BitLocker for your system.
Note
The first time you open the BitLocker task page, you’ll see a message indicating whether you do, or don’t, have a TPM Version 1.2 chip installed. If you’re certain that you have such a chip, but Windows 8 fails to recognize it, check with your computer manufacturer for instructions on making it available to Windows 8.

In addition to a TPM chip, your hard drive must contain at least two volumes (also called partitions). One volume, called the system volume, must be at least 1.5GB in size. That one contains some startup files and cannot be encrypted. The other volume, called the operating system volume, will contain Windows 8, your installed programs, and user account folders. Both volumes must be formatted with NTFS.

Encrypting the volume

When all the necessary hardware is in place, setting up BitLocker drive encryption is a relatively easy task:

1. Display the Charms Bar, choose Search, and type BitLocker. Click Settings and then click BitLocker Drive Encryption on the Settings window.
If your hardware setup doesn’t support BitLocker, you’ll see messages to that effect. You cannot continue without appropriate hardware and disk partitions.
2. If all systems are go, the BitLocker Drive Encryption window appears (see Figure 31.22).

FIGURE 31.22 The BitLocker Drive Encryption window

image
3. Click Turn On BitLocker. If your TPM isn’t initialized, a wizard takes you through the steps to initialize it. Follow the onscreen instructions to complete the initialization.
4. When prompted, choose your preferred password storage method, store the password, and click Next.
5. On the encryption page, select (check) the Run BitLocker system check and click Continue.
6. Insert the password recovery USB flash drive (or whatever medium you used for password recovery) and click Restart Now.
7. Follow the onscreen instructions.

The wizard will ensure that all systems are working and it’s safe to encrypt the drive. Just follow the instructions to the end to complete the procedure.

Make sure you password-protect all user accounts to prevent unauthorized access to the system. Otherwise a thief can get at the encrypted data just by logging in to a user account that requires no password!

When the computer won’t start

Once BitLocker is enabled, you should be able to start the computer and log in to it normally. BitLocker will only prevent normal startup if it detects changes that could indicate tampering. For example, putting the drive in a different computer, or even making BIOS changes that look like tampering, will cause BitLocker to prevent bootup. To get past the block, you’ll need to supply the appropriate password.

Turning off BitLocker

Should you ever change your mind about using BitLocker, repeat the steps in the section “Encrypting the volume” and choose the option to turn off BitLocker drive encryption.

More info on BitLocker

The setup wizard for BitLocker drive encryption is designed to simplify the process as much as possible for people using computers with TPM 1.2. Other scenarios are possible, but go beyond the scope of this book. For more information, search Windows Help for BitLocker. Or better yet, browse to www.TechNet.com and search for BitLocker.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.191.165.62