RE: MS Vista BitLocker - volume or drive?
- From: "Honer, Lance" <lhoner@xxxxxxxxxxxx>
- Date: Fri, 23 Mar 2007 21:51:09 -0400
Refer to the NOTE section under 'BitLocker Drive Encryption'
http://www.microsoft.com/technet/windowsvista/security/protect_sensitive
_data.mspx
Note: BitLocker provides protection for the Windows partition and is
not a replacement for EFS. BitLocker does not encrypt data stored
outside the Windows partition, but it does provide an added security
layer for EFS by encrypting the EFS keys within the Windows partition.
It seems to me that any way you look at it BitLocker can only encrypt
the volume that Windows is installed on. You must have at least 2
volumes to use BitLocker, one for the startup files & BitLocker engine
which won't be encrypted and one for Windows which will be encrypted. If
you have a 3rd volume, even if it's part of the same logical partition
as the Windows volume, you would need to use EFS on it if you wanted it
encrypted.
Lance
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Ali, Saqib
Sent: Friday, March 23, 2007 6:23 PM
To: spencerforhire
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: MS Vista BitLocker - volume or drive?
it depends on how you set it up.....
If you don't have TPM on your computer, and DON'T want to use a USB
Drive for a Startup key, then you are limited to volume encryption.
i.e. you partition your drive in 2, and encrypt one of the volume. The
unencrypted volume contains the start-up files.
Three alternatives for using BitLocker are:
1) Partition the HDD in 2, and encrypt one volume. This is useful if
you don't have TPM.
2) Use TPM to wrap + bind + store the encryption key
3) Use USB Drive to store the encryption key and startup files.
saqib
http://www.full-disk-encryption.net
--------------------------------------------------------
SMART Business Advisory and Consulting, LLC and SMART and Associates, LLP have an alternative practice structure. The two companies are separate and independent legal entities that work together to meet clients' business needs. SMART Business Advisory and Consulting, LLC is not a licensed CPA firm.
This message may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient (or authorized to act on behalf of the intended recipient) of this message, you may not disclose, forward, distribute, copy, or use this message or its contents. If you have received this communication in error, please notify us immediately by return e-mail and delete the original message from your e-mail system.
- References:
- MS Vista BitLocker - volume or drive?
- From: spencerforhire
- Re: MS Vista BitLocker - volume or drive?
- From: Ali, Saqib
- MS Vista BitLocker - volume or drive?
- Prev by Date: RE: The Value of GIAC/GSEC Certification
- Next by Date: RE: Secure FTP
- Previous by thread: Re: MS Vista BitLocker - volume or drive?
- Next by thread: Re: MS Vista BitLocker - volume or drive?
- Index(es):
Relevant Pages
|
