BitLocker Drive Encryption
Windows BitLocker Drive Encryption is a new security feature that provides better data protection for your computer, by encrypting all data stored on the Windows operating system volume.
BitLocker uses the TPM to help protect the Windows operating system and user data and helps to ensure that a computer is not tampered with, even if it is left unattended, lost, or stolen.
To use BitLocker on a computer without a TPM, you must change the default behavior of the BitLocker setup wizard by using Group Policy, or configure BitLocker by using a script.
NOTE:
When BitLocker is used without a TPM, the required encryption keys are stored on a USB flash drive that must be presented to unlock the data stored on a volume.
How does BitLocker Drive Encryption work?
During the startup process, the TPM releases the key that unlocks the encrypted partition only after comparing a hash of important operating system configuration values with a snapshot taken earlier.
This verifies the integrity of the Windows startup process. The key is not released if the TPM detects that your Windows installation has been tampered with.
For enhanced security, you can combine the use of a TPM with either a PIN entered by the user or a startup key stored on a USB flash drive.
What is a TPM ?
A TPM is a microchip designed to provide basic security-related functions, primarily involving encryption keys. The TPM is usually installed on the motherboard of a desktop or portable computer, and communicates with the rest of the system by using a hardware bus.
Additional References
•Windows BitLocker™ Drive Encryption Step by Step Guide (http://go.microsoft.com/fwlink/?LinkId=53779)
• Windows Trusted Platform Module Services Step by Step Guide (http://go.microsoft.com/fwlink/?linkid=67232)
-Thanks
@Roshan
No comments:
Post a Comment