Online resources for whole disk and full volume encryption

Microsoft System Integrity Team blog: Protecting BitLocker from cold boot and direct memory access attacks
Ed Felten’s research team uncovered the cold boot attack, which can be used to recover encrypted information from RAM in the clear. This is Microsoft’s explanation of how to protect BitLocker users from the threat as an administrator, by enforcing PINs or USB tokens.
http://blogs.msdn.com/si_team/archive/2008/02/25/protecting-bitLocker-from-cold-attacks-and-other-threats.aspx

Configuring AD to backup BitLocker recovery keys
http://go.microsoft.com/fwlink/?LinkId=67438
BitLocker keys should be backed up so that they can be recovered in the event of a lost key or damaged storage media. This article explains how it’s done.


Recovering BitLocker keys from AD
http://thelazyadmin.com/blogs/thelazyadmin/archive/2008/07/23/recovering-bitlocker-keys-from-the-active-directory.aspx
In the event that a BitLocker user needs to recover their password, an administrator can retrieve it from Active Directory, (as long as you’ve set the system up to store it there – see above). This article is a guide to using the BitLocker Recovery Password Viewer for retrieving passwords more easily.

Recovery with the BitLocker Repair Tool
http://support.microsoft.com/kb/928201/en-us
Should a user’s hard drive become damaged, it may be necessary to use the BitLocker Repair Tool to help recover the encrypted data. This article explains how, step by step.


Using Bitlocker with a USB key
http://www.hackszine.com/blog/archive/2007/02/use_vistas_bitlocker_with_a_us.html
BitLocker is designed to work with a Trusted Platform Module (TPM) and that gives you the best security (combined with a secondary PIN or USB token). If you have users with Vista and an older system that can doesn’t have a TPM, they can still take advantage of the Vista feature, by using a USB key alone. This is a clear step-by-step to the slightly obscure settings you need to enable to set this up.


BitLocker Drive Preparation Tool
http://support.microsoft.com/kb/930063
The BitLocker Drive Preparation tool simplifies getting a hard drive ready for encryption. This article describes how to access and use the tool, and outlines basic system requirements.


SANS Institute webcast on full disk encryption
https://www.sans.org/webcasts/show.php?webcastid=91216
The SANS Institute provides education and training in various security fields. In this webcast its experts used to explain the basic concepts behind full disk encryption, so it’s a good primer for getting up to speed on the subject.


Configuring BitLocker on Windows Server 2008
http://www.techotopia.com/index.php/Configuring_BitLocker_Drive_Encryption_on_Windows_Server_2008
BitLocker isn’t just for client PCs; in Windows Server 2008 you can protect servers too, which is particularly useful for small offices that are hard to secure physically. This walkthrough takes you through enabling and deploying BitLocker, step by step.


Manage BitLocker with the CLI
http://thelazyadmin.com/blogs/thelazyadmin/archive/2007/08/27/manage-bitlocker-via-the-cli.aspx
Managing BitLocker via the command line interface opens up the possibility of customised, scripted tasks. This article explains basic BitLocker commands for those that prefer CLI management.


BitLocker drive encryption design and deployment guides
http://www.microsoft.com/downloads/details.aspx?familyid=41BA0CF0-57D6-4C38-9743-B7F4DDBE25CD&displaylang=en
These official Microsoft guides to BitLocker are broken down into two documents – designing a BitLocker configuration to suit your infrastructure, and then deploying it.

Building a dual boot system with Windows Vista BitLocker protection with TPM support
http://blogs.technet.com/voy/archive/2006/10/13/building-a-dual-boot-system-with-windows-vista-bitlocker-protection-with-tpm-support.aspx
Even though it encrypts a whole volume, BitLocker doesn’t stop users from dual-booting between Vista and other operating systems. This article explains how to configure a BitLocker-protected system for that purpose.


BitLocker Drive Encryption Technical Overview
http://technet2.microsoft.com/WindowsVista/en/library/ce4d5a2e-59a5-4742-89cc-ef9f5908b4731033.mspx?mfr=true
This online guide to BitLocker goes into intricate detail on its workings and architecture.


Microsoft Encrypting File System Assistant
http://www.microsoft.com/technet/security/guidance/clientsecurity/dataencryption/efsassistant/default.mspx
If your users haven’t moved to Vista, Microsoft’s Encrypting File System lets them f3d2d1encrypt their information at a file system level, but it can be difficult to administer centrally. The EFS Assistant is a tool to make that management easier, and this document covers how to deploy it.


Best practices for the Encrypting File System
http://support.microsoft.com/kb/223316
This article provides some tips for easing the adoption of EFS in an organisation, alongside some practical steps for deployment.


PGP Whole Disk Encryption quick start guide
https://supportimg.pgp.com/guides/PGP_WholeDisk_9.6.3_QuickStart_eng.pdf
This PDF document explains how to set up and configure PGP Corp’s disk encryption system.

Share |

Download


Subscribe and get the magazine in the post before it's online

Subscribe and get access to all of the back issues

To read a sample eMagazine - March 2010

 
FREE SUBSCRIPTION!
Banner

IT EXPERT TOP TIP

advisor Got a client who wants to make their own Blu-ray discs and needs to know which office PCs they can check them on? (or is honest enough to say they want to watch movies on a plane?) Check what discs they can watch and whether advanced features will work with this Cyberlink utility.
http://www.cyberlink.com/english/support/blu-ray_support/diagnosis.jsp read more

TAKE THE POLL

Unified communications

Banner

The #1 Bestseller for Only 77p

RECENT COMMENTS