Using BitLocker As Part Of A Customer Data Protection Program: Part 1

Size: px
Start display at page:

Download "Using BitLocker As Part Of A Customer Data Protection Program: Part 1"

Transcription

1 Using BitLocker As Part Of A Customer Data Protection Program: Part 1 Tech Tip by Philip Cox Source: searchsecuritychannel.com

2 As an information security consultant, one of my jobs is to help my clients protect their data, which often involves utilizing BitLocker, Encrypting File Systems, and NTFS file system permissions to protect data at rest. This tip will provide on an overall understanding of the three Windows technologies and how they complement each other to protect data at rest, as well as providing some details about BitLocker s particular functions. The goal of this tip is to establish a foundation to enable you, the security consultant, to use these technologies as part of your customer data protection services portfolio to help your clients in architecture designs or implementations. These technologies enable you to enhance your offerings by leveraging functionality you do not have to develop yourself. Underlying concepts The terms off-line and run-time are two critical concepts that must be understood and will be used heavily throughout the rest of this tip. For the purposes of this tip, off-line will mean not being actively used by the operating system for which it was intended. Think of an attacker pulling a disk out of a system, placing it into another system and attempting to attack it. For our purposes, that would be a disk that is off-line. Run-time will mean being used by the operating system it was originally meant for. This is when the system is booted and the disk is mounted, accessible, and operating normally. It will be important, because each of the technologies we talk about provide protection under those different modes. The pieces The following is a short introduction to each of the technologies and their primary role in protecting data at rest. BitLocker: Provides full-disk encryption. It is an integrated Windows feature (part of Enterprise and Ultimate editions of Windows Vista and Windows 7, as well as Windows Server 2008) that encrypts at the volume level, which can include part of a disk, the entire disk or multiple disks. BitLocker protection happens at a low level in the operating system and is effectively transparent to the user as well as any programs or applications being run on the system. To use BitLocker, you will just have to enable it on a volume. From a practical standpoint, BitLocker provides protection for off-line data, not run-time. Once the system is booted and running, BitLocker already has the keys it needs to encrypt and decrypt the drive. A quick note on BitLocker-To-Go (BTG). BTG takes the functionality of BitLocker and applies it to removable storage. In particular, BTG can and should be used to protect data that is stored on external USB drives, most notably USB thumb drives. Encrypting File System (EFS): Provides file and folder level encryption in Windows operating systems. Protection is enforced by EFS driver in the Windows operating system. Any user or program that wants to access the file/folder must have the appropriate key. A combination of public key and symmetric key cryptography make decrypting the files very difficult without the correct keys. EFS provides protection for both off-line and runtime modes. In off-line mode, the files/folders are encrypted as they sit on the disk. In run-time mode, the Windows operating system does not have the keys needed to decrypt the information; the user does in his profile. The protection is provided by operating system libraries as well as the use of cryptographic keys that a user must possess in order to access the data. NTFS (new technology file system): Provides is access control (i.e., permissions) for data at rest. NTFS is a file system first introduced in Windows NT and still supported on later versions of Windows. It provides the ability to protect data based on specifying individual user or group rights to specific files/folders. NTFS file permissions provide run-time protection in the form of access control on files and folders. NTFS does not provide any form of off-line protection of data. 2

3 There are a couple of other points that are important to understand: BitLocker: As long as data stays on the disk, wherever that disk goes, the data is protected. Encryption goes with the disk. EFS: Encryption of the file/folder is only on the system EFS is applied on. If you move or copy the file to another system (say a remote file share), the encryption is removed. Protection is specific to the system. NTFS permissions: When copying or moving a file or folder, the permissions may change depending on where you move the file or folder. For all intents and purposes protection is specific to the system. If used correctly, the combination of NTFS, EFS and BitLocker can provide comprehensive off-line and run-time data at rest protection. BitLocker details BitLocker basically sees volumes in two different flavors: operating system volumes and data volumes. Operating system volume can be secured using one or more of the following modes: Transparent: Uses the capabilities of the trusted platform module 1.2 or higher to store encryption keys, thus enabling a transparent system boot, and that the system boots normally to the user. The keys needed to access the data are pulled from the TPM. The TPM provides a hardware based mechanism to securely generate and store cryptographic keys, generate pseudo-random numbers, and provide remote attestation (cryptographic summary of the hardware and software/bios configuration) and sealed storage (encrypt data and specifies a state in which the TPM must be in order for the data to be decrypted). Use this mode when: You want minimal user interaction, and you trust the hardware the disk is inserted in. The primary protection this mode provides is if someone removes the disk from the device and tries to attack it in another off-line mode (i.e., plugging it into another system and attempting to access the data). User authentication: Requires that the user provide a PIN during the pre-boot, which will be used to decrypt the keys needed to access the data. This is used in conjunction with a TPM. Use this mode when: You don t trust the physical protection of the hardware (i.e., a laptop that can be stolen vice a system in a locked office) and want to require some type of user interaction for the additional protection it provides, and are satisfied with just the knowledge of the password/pin being entered at boot time as the additional security mechanism. This enhances the protection of the transparent mode by adding a layer of security that requires user interaction. USB key: Requires that the user insert a USB device that contains a startup key during the pre-boot. The USB key will then be used to decrypt the keys needed to access the data. This can be used standalone or in conjunction with PIN and/or TPM. Use this mode when: You don t trust the hardware and want to require some type of user interaction for the additional protection it provides, and are satisfied with just the knowledge of the password/ PIN being entered at boot time as the additional security mechanism. This enhances the protection of the transparent mode by adding a layer of security that requires user interaction. You can use the following different combinations of the above authentication mechanisms with BitLocker when enabling it for the volume that contains the currently running operating system: USB Key only TPM only PIN only TPM + PIN TPM + USB Key TPM + PIN + USB Key 3

4 For data volumes, you have 3 different options: Automatic: Will protect volume s encryption key with a key protected on the Widows disk (effectively the TPM or USB Key). To be able to automatically unlock fixed data drives, the drive that Windows is installed on must also be encrypted by BitLocker. Smartcard: A BitLocker certificate on the smartcard protects the volume s encryption key. To unlock the drive, you will insert the smart card and enter the smart card PIN. Password: The user s password secures the volume s encryption key. To unlock the drive, you ll enter the password. TPM validation By default, when the system starts, the TPM checks for a number of things to see if there are changes to a number of items, but the biggest ones I care about are: BIOS Master Boot Record Code and Partition Table NTFS Boot Sector and Boot Block Boot Manager BitLocker Access Control If any changes have been made to these while BitLocker protection has been enabled, the TPM will not release the volume s encryption key and the system will enter the BitLocker recovery mode. From there you will need to: Enter the 48-digit numerical recovery password (Note: This is not available in FIPS-compliance mode) Insert a USB flash drive containing a 256-bit recovery key Access to backup of keys in Active Directory Domain Services (if configured) Using BitLocker for customer data protection Getting back to our vantage point, here are my recommendations for using BitLocker as part of a resale offering or in a generic architecture for your client: Use a newer system with a compatible TPM chip, and use the following authentication modes Laptop: TPM + PIN I don t want a stolen laptop to only rely on the TPM for protection. General Desktop or Server in datacenter: Transparent Protection level seems to be commensurate with the risk. I want systems to be able to reboot automatically after maintenance. Secure Desktop, or Server not in datacenter: TPM + USB or TPM + PIN These are important systems, deserving of special consideration due to lack of more stringent physical controls. Print the recovery key and provide it with the physical machine if applicable Require a minimum 8 digit PIN Allow the use of passwords on removable drives (Passwords cannot be used if FIPS compliance is enabled) Using BitLocker and these three recommendations will give you the ability to provide your clients added security for their data without significant heartache. For example, if I were deploying a software package that needed secure storage of configuration files that may contain sensitive information or keys, I would configure the system to use BitLocker for off-line protection. Another example would be to ensure that any removable USB drive was encrypted prior to storing any sensitive data to it. 4

5 About The Author Philip Cox is Director, Security and Compliance at SystemExperts Corporation, a consulting firm that specializes in system security and management. He is a well-known authority in the areas of system integration and security. His experience includes Windows, UNIX, and IP-based networks integration, firewall design and implementation and ISO and PCI compliance. Phil frequently writes and lectures on issues dealing with heterogeneous system integration and compliance with PCI-DSS. He is the lead author of Windows 2000 Security Handbook Second Edition (Osborne McGraw-Hill) and contributing author for Windows NT/2000 Network Security (Macmillan Technical Publishing). 5

Encrypting with BitLocker for disk volumes under Windows 7

Encrypting with BitLocker for disk volumes under Windows 7 Encrypting with BitLocker for disk volumes under Windows 7 Summary of the contents 1 Introduction 2 Hardware requirements for BitLocker Driver Encryption 3 Encrypting drive 3.1 Operating System Drive 3.1.1

More information

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015 Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure Addressing the Concerns of the IT Professional Rob Weber February 2015 Page 2 Table of Contents What is BitLocker?... 3 What is

More information

How to Encrypt your Windows 7 SDS Machine with Bitlocker

How to Encrypt your Windows 7 SDS Machine with Bitlocker How to Encrypt your Windows 7 SDS Machine with Bitlocker ************************************ IMPORTANT ******************************************* Before encrypting your SDS Windows 7 Machine it is highly

More information

EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide

EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide BitLocker Deployment Guide Document Version 0.0.0.5 http://www.wave.com ERAS v 2.8 Wave Systems Corp. 2010 Contents Contents... 2

More information

Disk Encryption. Aaron Howard IT Security Office

Disk Encryption. Aaron Howard IT Security Office Disk Encryption Aaron Howard IT Security Office Types of Disk Encryption? Folder Encryption Volume or Full Disk Encryption OS / Boot Volume Data Volume Managed or Unmanaged Key Backup and Data Assurance

More information

In order to enable BitLocker, your hard drive must be partitioned in a particular manner.

In order to enable BitLocker, your hard drive must be partitioned in a particular manner. ENABLE BITLOCKER ON WINDOWS VISTA - WITHOUT A TPM Requirements: You must be running Vista Enterprise or Vista Ultimate to enable BitLocker. Any other version of Vista is not compatible. It is recommended

More information

Introduction to BitLocker FVE

Introduction to BitLocker FVE Introduction to BitLocker FVE (Understanding the Steps Required to enable BitLocker) Exploration of Windows 7 Advanced Forensic Topics Day 3 What is BitLocker? BitLocker Drive Encryption is a full disk

More information

Managing BitLocker Encryption

Managing BitLocker Encryption Managing BitLocker Encryption WWW.CREDANT.COM Introduction Organizations are facing a data security crisis. Despite decades of investment in security, breaches of sensitive information continue to dominate

More information

Windows 7 Backup and Restore

Windows 7 Backup and Restore Tech Tip by Philip Cox Introduction Everyone deals with the nightmare of lost data. We all know that having a reliable backup or restore mechanism is critical to any organization that relies on the data

More information

DriveLock and Windows 7

DriveLock and Windows 7 Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Windows BitLocker Drive Encryption Step-by-Step Guide

Windows BitLocker Drive Encryption Step-by-Step Guide Windows BitLocker Drive Encryption Step-by-Step Guide Microsoft Corporation Published: September 2006 Abstract Microsoft Windows BitLocker Drive Encryption is a new hardware-enhanced feature in the Microsoft

More information

DriveLock and Windows 8

DriveLock and Windows 8 Why alone is not enough CenterTools Software GmbH 2013 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security

More information

BitLocker/Active Directory Encryption Procedure Department: Information Security Office Version: 1.0 Last Revised: 09/26/2011

BitLocker/Active Directory Encryption Procedure Department: Information Security Office Version: 1.0 Last Revised: 09/26/2011 BitLocker/Active Directory Encryption Procedure Department: Information Security Office Version: 1.0 Last Revised: 09/26/2011 Purpose To provide a step-by-step procedure for encrypting installed laptop

More information

Configuring and Administering Windows 7

Configuring and Administering Windows 7 Configuring and Administering Windows 7 Length: 5 days Overview This five-day instructor-led course provides students with the knowledge and skills to configure and administer Microsoft Windows 7 as a

More information

Course 50322B: Configuring and Administering Windows 7

Course 50322B: Configuring and Administering Windows 7 Course 50322B: Configuring and Administering Windows 7 Length: Delivery Method: 5 Days Instructor-led (classroom) About this Course This five-day instructor-led course provides students with the knowledge

More information

Administering and Maintaining Windows 7 Course 50292C; 5 Days, Instructor-led

Administering and Maintaining Windows 7 Course 50292C; 5 Days, Instructor-led Administering and Maintaining Windows 7 Course 50292C; 5 Days, Instructor-led Course Description This five-day instructor-led course provides students with the knowledge and skills to successfully administer,

More information

Do "standard tools" meet your needs when it comes to providing security for mobile PCs and data media?

Do standard tools meet your needs when it comes to providing security for mobile PCs and data media? Product Insight Do "standard tools" meet your needs when it comes to providing security for mobile PCs and data media? Author Version Document Information Utimaco Product Management Device Security 4.30.00

More information

Course Outline. ttttttt

Course Outline. ttttttt 1300 86 87246 1300 TO TRAIN 50292 - Administering and Maintaining General Description This five-day instructor-led course provides students with the knowledge and skills to successfully administer, maintain,

More information

MS-50292: Administering and Maintaining Windows 7. Course Objectives. Required Exam(s) Price. Duration. Methods of Delivery.

MS-50292: Administering and Maintaining Windows 7. Course Objectives. Required Exam(s) Price. Duration. Methods of Delivery. MS-50292: Administering and Maintaining Windows 7 This five-day instructor-led course provides students with the knowledge and skills to successfully install, maintain, and troubleshoot Windows 7 computers.

More information

Mobile Device Security and Encryption Standard and Guidelines

Mobile Device Security and Encryption Standard and Guidelines Mobile Device Security and Encryption Standard and Guidelines University Mobile Computing and Device best practices are currently defined as follows: 1) The use of any sensitive or private data on mobile

More information

Introducing Windows 8

Introducing Windows 8 Introducing Windows 8 Introduction Very Aggressive Change Building block for the future and future of devices Biggest Obstacle: Where is!?!? The New User Experience Start Screen Full screen Start Menu

More information

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken Bypassing Local Windows Authentication to Defeat Full Disk Encryption Ian Haken Who Am I? Currently a security researcher at Synopsys, working on application security tools and Coverity s static analysis

More information

Why Endpoint Encryption Can Fail to Deliver

Why Endpoint Encryption Can Fail to Deliver Endpoint Data Encryption That Actually Works The Essentials Series Why Endpoint Encryption Can Fail to Deliver sponsored by W hy Endpoint Encryption Can Fail to Deliver... 1 Tr aditional Solutions... 1

More information

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10 Table Of Contents - - WINDOWS SERVER 2003 MAINTAINING AND MANAGING ENVIRONMENT...1 WINDOWS SERVER 2003 IMPLEMENTING, MANAGING & MAINTAINING...6 WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS

More information

ICT Professional Optional Programmes

ICT Professional Optional Programmes ICT Professional Optional Programmes Skills Team are a Microsoft Academy with new training rooms and IT labs in our purpose built training centre in Ealing, West London. We offer a range of year-long qualifications

More information

Guidelines on use of encryption to protect person identifiable and sensitive information

Guidelines on use of encryption to protect person identifiable and sensitive information Guidelines on use of encryption to protect person identifiable and sensitive information 1. Introduction David Nicholson, NHS Chief Executive, has directed that there should be no transfers of unencrypted

More information

Innovative Secure Boot System (SBS) with a smartcard.

Innovative Secure Boot System (SBS) with a smartcard. Managed Security Services Desktop Security Services Secure Notebook Desktop Security Services. Secure Notebook. Today s business environment demands mobility, and the notebook computer has become an indispensable

More information

Managing Applications, Services, Folders, and Libraries

Managing Applications, Services, Folders, and Libraries Lesson 4 Managing Applications, Services, Folders, and Libraries Learning Objectives Students will learn to: Understand Local versus Network Applications Remove or Uninstall an Application Understand Group

More information

70-685: Enterprise Desktop Support Technician

70-685: Enterprise Desktop Support Technician 70-685: Enterprise Desktop Support Technician Course Introduction Course Introduction Chapter 01 - Identifying Cause and Resolving Desktop Application Issues Identifying Cause and Resolving Desktop Application

More information

MS 50292: Administering and Maintaining Windows 7

MS 50292: Administering and Maintaining Windows 7 MS 50292: Administering and Maintaining Windows 7 Description: This five-day instructor-led course provides students with the knowledge and skills to successfully administer, maintain, and troubleshoot

More information

Protect Sensitive Data Using Encryption Technologies. Ravi Sankar Technology Evangelist Microsoft Corporation http://ravisankar.spaces.live.

Protect Sensitive Data Using Encryption Technologies. Ravi Sankar Technology Evangelist Microsoft Corporation http://ravisankar.spaces.live. Protect Sensitive Data Using Encryption Technologies Ravi Sankar Technology Evangelist Microsoft Corporation http://ravisankar.spaces.live.com/blog Where is the User Data Stored? Q: Where is the biggest

More information

Windows 7, Enterprise Desktop Support Technician

Windows 7, Enterprise Desktop Support Technician Windows 7, Enterprise Desktop Support Technician Course Number: 70-685 Certification Exam This course is preparation for the Microsoft Certified IT Professional (MCITP) Exam, Exam 70-685: Pro: Windows

More information

T21: Microsoft Windows Server and Client Security Donald E. Hester, Maze Associates

T21: Microsoft Windows Server and Client Security Donald E. Hester, Maze Associates T21: Microsoft Windows Server and Client Security Donald E. Hester, Maze Associates Microsoft Windows Server and Client Security Windows 7, Vista and Server 2008 R2 Donald E. Hester CISSP, CISA, CAP, MCT,

More information

Encrypting stored data. Tuomas Aura T-110.4206 Information security technology

Encrypting stored data. Tuomas Aura T-110.4206 Information security technology Encrypting stored data Tuomas Aura T-110.4206 Information security technology Outline 1. Scenarios 2. File encryption 3. Encrypting file system 4. Full disk encryption 5. Data recovery Simple applications

More information

Hiva-network.com. Microsoft_70-680_v2011-06-22_Kat. Exam A

Hiva-network.com. Microsoft_70-680_v2011-06-22_Kat. Exam A Exam A Microsoft_70-680_v2011-06-22_Kat QUESTION 1 You have a computer that runs Windows 7. The computer has a single volume. You install 15 applications and customize the environment. You complete the

More information

Secure Storage. Lost Laptops

Secure Storage. Lost Laptops Secure Storage 1 Lost Laptops Lost and stolen laptops are a common occurrence Estimated occurrences in US airports every week: 12,000 Average cost of a lost laptop for a corporation is $50K Costs include

More information

The safer, easier way to help you pass any IT exams. Exam : 70-688. Managing and Maintaining Windows 8. Title : 1 / 19

The safer, easier way to help you pass any IT exams. Exam : 70-688. Managing and Maintaining Windows 8. Title : 1 / 19 Exam : 70-688 Title : Managing and Maintaining Windows 8 Version : Demo 1 / 19 1.DRAG DROP Your company recently purchased 25 new laptops. All 25 laptops have the same hardware configuration and do not

More information

Windows BitLocker TM Drive Encryption Design Guide

Windows BitLocker TM Drive Encryption Design Guide Windows BitLocker TM Drive Encryption Design Guide Microsoft Corporation Published: August 2007 Abstract This document describes the various aspects of planning for deploying Windows BitLocker Drive Encryption

More information

Windows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org

Windows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org Windows 7 Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org 1 Overview 1. Financial Institution s Preliminary Steps 2. User Interface 3. Data Protection 4. User and Group Changes

More information

How to enable Disk Encryption on a laptop

How to enable Disk Encryption on a laptop How to enable Disk Encryption on a laptop Skills and pre-requisites Intermediate IT skills required. You need to: have access to, and know how to change settings in the BIOS be confident that your data

More information

Configuring Windows Server 2008 Active Directory

Configuring Windows Server 2008 Active Directory Configuring Windows Server 2008 Active Directory Course Number: 70-680 Certification Exam This course is preparation for the Microsoft Technical Specialist (TS) exam, Exam 70-680: TS: Windows 7, Configuring

More information

Encrypting the Private Files on Your Computer Presentation by Eric Moore, CUGG June 12, 2010

Encrypting the Private Files on Your Computer Presentation by Eric Moore, CUGG June 12, 2010 Encrypting the Private Files on Your Computer Presentation by Eric Moore, CUGG June 12, 2010 I. File Encryption Basics A. Encryption replaces data within a file with ciphertext which resembles random data

More information

Implementing and Supporting Microsoft Windows XP Professional

Implementing and Supporting Microsoft Windows XP Professional Implementing and Supporting Microsoft Windows XP Professional Key Data Course #: 2272C Number of Days: 5 Format: Instructor-led The purpose of this course is to address the implementation and desktop support

More information

Security Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation

Security Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Security Overview for Windows Vista Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Agenda User and group changes Encryption changes Audit changes User rights New and modified

More information

Safer. Simpler. Easier.

Safer. Simpler. Easier. Safer. Simpler. Easier. My technology ROI just got a boost. Software Assurance Benefit Windows Vista Enterprise an > New Version Rights > Spread Payments > Deploy > Desktop Deployment Planning Services

More information

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Tom Olzak October 2007 If your business is like mine, laptops regularly disappear. Until recently, centrally managed

More information

How Endpoint Encryption Works

How Endpoint Encryption Works WHITE PAPER: HOW ENDPOINT ENCRYPTION WORKS........................................ How Endpoint Encryption Works Who should read this paper Security and IT administrators Content Introduction to Endpoint

More information

Microsoft Windows Server 2008: Data Protection

Microsoft Windows Server 2008: Data Protection Chapter 5 Microsoft Windows Server 2008: Data Protection Solutions in this chapter: BitLocker Active Directory Rights Management Services Authorization Summary Solutions Fast Track Frequently Asked Questions

More information

HP ProtectTools Security Manager - v2.0

HP ProtectTools Security Manager - v2.0 HP ProtectTools Security Manager - v2.0 Introduction...2 The security dilemma...2 HP ProtectTools Security Manager...3 Security Software Modules for HP ProtectTools...4 Embedded Security for HP ProtectTools...5

More information

Technical Note. Installing Micron SEDs in Windows 8 and 10. Introduction. TN-FD-28: Installing Micron SEDs in Windows 8 and 10.

Technical Note. Installing Micron SEDs in Windows 8 and 10. Introduction. TN-FD-28: Installing Micron SEDs in Windows 8 and 10. Technical Note Installing Micron SEDs in Windows 8 and 10 TN-FD-28: Installing Micron SEDs in Windows 8 and 10 Introduction Introduction Self-encrypting drives (SEDs) can provide an effective way of protecting

More information

Training Guide: Configuring Windows8 8

Training Guide: Configuring Windows8 8 Training Guide: Configuring Windows8 8 Scott D. Lowe Derek Schauland Rick W. Vanover Introduction System requirements Practice setup instructions Acknowledgments Errata & book support We want to hear from

More information

SimplySecure TM Architecture & Security

SimplySecure TM Architecture & Security Technical Whitepaper SimplySecure TM Architecture & Security Specifications, compliance and certification considerations for the IT Professional Rob Weber November 2014 Foreward First-in-class web-managed

More information

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation BitLocker Drive Encryption Hardware Enhanced Data Protection Shon Eizenhoefer, Program Manager Microsoft Corporation Agenda Security Background BitLocker Drive Encryption TPM Overview Building a BitLocker

More information

GoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey

GoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey GoldKey Product Info Detailed Product Catalogue for GoldKey Do not leave your Information Assets at risk Read On... GoldKey: Reinventing the Security Strategy The Changing Landscape of Data Security With

More information

Designing and Deploying Connected Device Solutions for Small and Medium Business

Designing and Deploying Connected Device Solutions for Small and Medium Business Designing and Deploying Connected Device Solutions for Small and Medium Business HPATA Connected Devices Study Guide Rev 1.1 Table of Contents 1.1 Describe and recognize common desktop virtualization technologies

More information

ADMINISTERING WINDOWS VISTA SECURITY: THE BIG SURPRISES

ADMINISTERING WINDOWS VISTA SECURITY: THE BIG SURPRISES ADMINISTERING WINDOWS VISTA SECURITY: THE BIG SURPRISES Introduction. Chapter 1 Administering Vista Security: The Little Surprises. Restoring the Administrator. Making Your Own Administrator. Activating

More information

CRYPTAS it-security GmbH

CRYPTAS it-security GmbH Winmagic SecureDoc Enterprise Server 4.3.1 Common functionality CRYPTAS it-security GmbH Modecenterstrasse 22/B2 A-1030 Wien www.cryptas.com Knowlegde Guide Vienna, December 2007 Winmagic SecureDoc Enterprise

More information

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12 Course Page - Page 1 of 12 Windows 7 Enterprise Desktop Support Technician M-50331 Length: 5 days Price: $2,795.00 Course Description This five-day instructor-led course provides students with the knowledge

More information

Windows 7, Enterprise Desktop Support Technician

Windows 7, Enterprise Desktop Support Technician Course 50331D: Windows 7, Enterprise Desktop Support Technician Page 1 of 11 Windows 7, Enterprise Desktop Support Technician Course 50331D: 4 days; Instructor-Led Introduction This four-day instructor-ledcourse

More information

Check Point FDE integration with Digipass Key devices

Check Point FDE integration with Digipass Key devices INTEGRATION GUIDE Check Point FDE integration with Digipass Key devices 1 VASCO Data Security Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document

More information

Client side. DESlock + Data Encryption

Client side. DESlock + Data Encryption Data Encryption DESlock + is a simple-to-use encryption application for companies large and small. Take advantage of the optimized setup that speeds up the time to adoption for admins. The client side

More information

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

More information

How Drive Encryption Works

How Drive Encryption Works WHITE PAPER: HOW DRIVE ENCRYPTION WORKS........................................ How Drive Encryption Works Who should read this paper Security and IT administrators Content Introduction to Drive Encryption.........................................................................................

More information

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology 20140115 Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology TABLE OF CONTENTS What s at risk for your organization? 2 Is your business

More information

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016 ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference May 2016 Legal Notice For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government

More information

MS-50292 - MCITP: Windows 7 Enterprise Desktop Support Technician Boot Camp

MS-50292 - MCITP: Windows 7 Enterprise Desktop Support Technician Boot Camp MS-50292 - MCITP: Windows 7 Enterprise Desktop Support Technician Boot Camp Table of Contents Introduction Audience At Completion Prerequisites Microsoft Certified Professional Exams Student Materials

More information

Full Drive Encryption Security Problem Definition - Encryption Engine

Full Drive Encryption Security Problem Definition - Encryption Engine 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 Full Drive Encryption Security Problem Definition - Encryption Engine Introduction for the FDE Collaborative Protection Profiles

More information

BitLocker Encryption for non-tpm laptops

BitLocker Encryption for non-tpm laptops BitLocker Encryption for non-tpm laptops Contents 1.0 Introduction... 2 2.0 What is a TPM?... 2 3.0 Users of non-tpm University laptops... 2 3.1 Existing Windows 7 laptop users... 2 3.2 Existing Windows

More information

Using Microsoft Windows Encrypted File System (EFS)

Using Microsoft Windows Encrypted File System (EFS) Using Microsoft Windows Encrypted File System (EFS) Agenda Protecting our Data Types of Data What is EFS How to use EFS Best Practices Protecting our Data Two types of disk encryption: Full Disk Encryption

More information

"Charting the Course... ... to Your Success!" MOC 50331 D Windows 7 Enterprise Desktop Support Technician Course Summary

Charting the Course... ... to Your Success! MOC 50331 D Windows 7 Enterprise Desktop Support Technician Course Summary Description Course Summary This course provides students with the knowledge and skills needed to isolate, document and resolve problems on a Windows 7 desktop or laptop computer. It will also help test

More information

Introduction to Windows 7 (Brought to you by RMRoberts.com)

Introduction to Windows 7 (Brought to you by RMRoberts.com) Introduction to Windows 7 (Brought to you by RMRoberts.com) Note: Because of the number of screen captures needed to adequately explain this topic there have been some page breaks inserted to keep content

More information

Security. TestOut Modules 12.6 12.10

Security. TestOut Modules 12.6 12.10 Security TestOut Modules 12.6 12.10 Authentication Authentication is the process of submitting and checking credentials to validate or prove user identity. 1. Username 2. Credentials Password Smart card

More information

Get Success in Passing Your Certification Exam at first attempt!

Get Success in Passing Your Certification Exam at first attempt! Get Success in Passing Your Certification Exam at first attempt! Vendor: Microsoft Exam Code: 70-687 Exam Name: Microsoft Configuring Windows 8 Exam Version: Demo QUESTION: 1 A company has an Active Directory

More information

Course 20688A: Managing and Maintaining Windows 8

Course 20688A: Managing and Maintaining Windows 8 Course 20688A: Managing and Maintaining Windows 8 Length: 5 Days Audience(s): IT Professionals Level: 200 Delivery Method: Instructor-led (classroom) About this Course In this course, students learn how

More information

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is

TNC is an open architecture for network access control. If you re not sure what NAC is, we ll cover that in a second. For now, the main point here is 1 2 This slide shows the areas where TCG is developing standards. Each image corresponds to a TCG work group. In order to understand Trusted Network Connect, it s best to look at it in context with the

More information

Table of Contents. TPM Configuration Procedure... 2. 1. Configuring the System BIOS... 2

Table of Contents. TPM Configuration Procedure... 2. 1. Configuring the System BIOS... 2 Table of Contents TPM Configuration Procedure... 2 1. Configuring the System BIOS... 2 2. Installing the Infineon TPM Driver and the GIGABYTE Ultra TPM Utility... 3 3. Initializing the TPM Chip... 4 3.1.

More information

Excerpt of Cyber Security Policy/Standard S05-001. Information Security Standards

Excerpt of Cyber Security Policy/Standard S05-001. Information Security Standards Excerpt of Cyber Security Policy/Standard S05-001 Information Security Standards Issue Date: April 4, 2005 Publication Date: April 4, 2005 Revision Date: March 30, 2007 William F. Pelgrin Director New

More information

MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM)

MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM) MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM) MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM) Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative

More information

ACER ProShield. Table of Contents

ACER ProShield. Table of Contents ACER ProShield Table of Contents Revision History... 3 Legal Notices... 4 Executive Summary... 5 Introduction... 5 Protection against unauthorized access... 6 Why ACER ProShield... 7 ACER ProShield...

More information

Windows BitLocker and Paragon s Backup Solutions

Windows BitLocker and Paragon s Backup Solutions PARAGON Software GmbH Heinrich-von-Stephan-Str. 5c 79100 Freiburg, Germany Tel. +49 (0) 761 59018201 Fax +49 (0) 761 59018130 Internet www.paragon-software.com Email sales@paragon-software.com Windows

More information

HP ProtectTools Embedded Security Guide

HP ProtectTools Embedded Security Guide HP ProtectTools Embedded Security Guide Document Part Number: 364876-001 May 2004 This guide provides instructions for using the software that allows you to configure settings for the HP ProtectTools Embedded

More information

Understanding Northwestern University s contract with Symantec. Symantec Solutions for Cost Reduction & Optimization

Understanding Northwestern University s contract with Symantec. Symantec Solutions for Cost Reduction & Optimization Understanding Northwestern University s contract with Symantec Symantec Solutions for Cost Reduction & Optimization Chris Hagelin and Shane Scholes Symantec Account Manager and Symantec Sales Engineer

More information

SecureD Technical Overview

SecureD Technical Overview WHITEPAPER: SecureD Technical Overview WHITEPAPER: SecureD Technical Overview CONTENTS section page 1 The Challenge to Protect Data at Rest 3 2 Hardware Data Encryption Provides Maximum Security 3 3 SecureD

More information

Cautions When Using BitLocker Drive Encryption on PRIMERGY

Cautions When Using BitLocker Drive Encryption on PRIMERGY Cautions When Using BitLocker Drive Encryption on PRIMERGY July 2008 Fujitsu Limited Table of Contents Preface...3 1 Recovery mode...4 2 Changes in hardware configurations...5 3 Prior to hardware maintenance

More information

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Enhancing Organizational Security Through the Use of Virtual Smart Cards Enhancing Organizational Security Through the Use of Virtual Smart Cards Today s organizations, both large and small, are faced with the challenging task of securing a seemingly borderless domain of company

More information

Installing and Upgrading to Windows 7

Installing and Upgrading to Windows 7 Installing and Upgrading to Windows 7 Before you can install Windows 7 or upgrade to it, you first need to decide which version of 7 you will use. Then, you should check the computer s hardware to make

More information

Sending Files to a Social Security Laptop

Sending Files to a Social Security Laptop Sending Files to a Social Security Laptop Introduction There are multiple options to send files to your Social Security laptop. A couple of options are to encrypt files and then send them by email or transfer

More information

Course 6292A: Installing and Configuring Windows 7 Client. About this Course. Audience Profile

Course 6292A: Installing and Configuring Windows 7 Client. About this Course. Audience Profile Course 6292A: Installing and Configuring Windows 7 Client Length: 3 Days Language(s): English Audience(s): IT Professionals Level: 200 Technology: Windows 7 Type: Course Delivery Method: Instructor-led

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

Drive encryption with Microsoft BitLocker

Drive encryption with Microsoft BitLocker Drive encryption with Microsoft BitLocker 1 General informations... 2 1.1 What is BitLocker?... 2 1.2 For who is BitLocker?... 2 1.3 Possible authentication features... 2 1.4 Security features... 2 2 Configuration...

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows

A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows : Managing, Maintaining, and Troubleshooting, 5e Chapter 3 Installing Windows Objectives How to plan a Windows installation How to install Windows Vista How to install Windows XP How to install Windows

More information

YubiKey Integration for Full Disk Encryption

YubiKey Integration for Full Disk Encryption YubiKey Integration for Full Disk Encryption Pre-Boot Authentication Version 1.2 May 7, 2012 Introduction Disclaimer yubico Yubico is the leading provider of simple, open online identity protection. The

More information

Trustworthy Computing

Trustworthy Computing Stefan Thom Senior Software Development Engineer and Security Architect for IEB, Microsoft Rob Spiger, Senior Security Strategist Trustworthy Computing Agenda Windows 8 TPM Scenarios Hardware Choices with

More information

Module 3: Resolve Software Failure This module explains how to fix problems with applications that have problems after being installed.

Module 3: Resolve Software Failure This module explains how to fix problems with applications that have problems after being installed. CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! 50331 - Windows 7, Enterprise Desktop Support Technician Duration: 5 days About this Course This five-day

More information

White Paper: Whole Disk Encryption

White Paper: Whole Disk Encryption How Whole Disk Encryption Works White Paper: Whole Disk Encryption How Whole Disk Encryption Works Contents Introduction to Whole Disk Encryption.....................................................................

More information

Making Endpoint Encryption Work in the Real World

Making Endpoint Encryption Work in the Real World Endpoint Data Encryption That Actually Works The Essentials Series Making Endpoint Encryption Work in the Real World sponsored by Ma king Endpoint Encryption Work in the Real World... 1 Th e Key: Policy

More information

Acceptable Encryption Usage for UTHSC

Acceptable Encryption Usage for UTHSC This document explains the acceptable use of encryption for the UTHSC system. It includes: acceptable encryption software, techniques, algorithms and instructions. Encryption methods and software are arranged

More information

EMBASSY Remote Administration Server (ERAS) Administrator Manual

EMBASSY Remote Administration Server (ERAS) Administrator Manual EMBASSY Remote Administration Server (ERAS) Administrator Manual Part III BitLocker, Trusted Platform Module, SafeNet ProtectDrive and Dell BIOS & CV Management ERAS Version 2.8 Document Version 1.0.0.20

More information