Home > Enterprise Desktop Tips > > How to secure BitLocker configurations
Enterprise Desktop Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 


How to secure BitLocker configurations


Joel Scambray
04.08.2008
Rating: -3.00- (out of 5)


Advice for securing Windows
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


[TABLE]

With the introduction of Windows Server and Windows Vista came an additional security feature, BitLocker Drive Encryption (BDE, or BitLocker), which protects the confidentiality and integrity of the operating system volume during the boot sequence and while the operating system is not loaded. Windows Server will also extend this capability to protect data volumes as well. BitLocker was designed to mitigate offline attacks, such as removing the physical drive from a lost or stolen laptop and accessing the data from an attacker controlled operating system. In the following section we discuss the various configuration options for BitLocker and their prerequisites.

BitLocker configurations

As mentioned, BitLocker can be configured in a variety of ways. In this section we discuss each, along with its strengths, weaknesses and prerequisites. BitLocker can be configured to operate in the following modes:

Tip: Microsoft provides an excellent step-by-step procedure for configuring your system in each of these scenarios.

Depending on the desired configuration for BitLocker, your system must also satisfy other hardware and software prerequisites. To determine whether your Windows Vista computer meets these


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Windows Vista security issues, updates and alerts
Ten ways to sell security to management
Improve Windows security with our top 10 tips
Windows Vista management tutorial
Minasi says Vista SP1 solves problems, adds new ones
Does Vista's strong security make it better than XP?
Are Windows Vista's features silencing critics?
Managing single sign-on security burdens in Windows
Top 10 ways to improve Windows Vista security
A Windows security checklist for IT managers
Unauthenticated vs. authenticated security testing

Windows desktop security tips
How Windows 7 stands up to security tests
Securing sensitive data on Windows-based laptops
Gathering and documenting your Windows desktop security policies
Windows desktop security standards documentation best practices
Desktop security preparation for a new wave of Windows apps
Four Internet Explorer 8 group policy security settings
The state of enterprise security and emerging threats in 2009
Why should Windows shops use Microsoft Baseline Security Analyzer?
A first look at Windows 7 security enhancements
Using Sysinternals tools in security management scenarios

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
drive-by download  (SearchEnterpriseDesktop.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


requirements, perform the following steps:

If your computer configuration meets all prerequisites, you will see the screen shown in Figure 12-1.

At a high level, these configuration options represent different combinations of the following:

Of these, the most secure configuration is a system that has a TPM and utilizes two-factor authentication, for this reason: The TPM provides BitLocker with the ability to validate each component of the boot process. This ensures the platform is in a known secure state before decrypting the volume.

With most authentication systems, barring implementation flaws, the degree of difficulty to authenticate as another principal increases with the number of "factors" -- each factor introduces an additional test that must be passed by the entity attempting to authenticate. Common authentication factors include the following:

[IMAGE]
Figure 12-1: system that satisfies BitLocker prerequisites

Currently, BitLocker supports two of these: something you have (a USB or TPM) and something you know (a PIN). In the next section, we take a deeper look at the desired solution -- BitLocker equipped with a TPM and an additional form of authentication, such as a PIN or USB token.


Rate this Tip
To rate tips, you must be a member of SearchEnterpriseDesktop.com.
Register now to start rating these tips. Log in if you are already a member.




DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Enterprise Desktop Security - Virus Protection, Malware Protection, Intrusion Detection
HomeTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2008 - 2009, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts