Bitlocker Encription (PC)

From WSU Technology Knowledge Base
Jump to: navigation, search
Bitlocker logo.jpg

Audience: Faculty, Staff, Grad Assistants

Windows BitLocker Drive Encryption is a new non-public data security feature that has been mandated by MNSCU.

Windows BitLocker Drive Encryption is a new data security feature that was rolled out fall 2009 to all faculty and staff that have access to non-public data. This is being done to ensure that Winona State adheres to MNScu security guidelines. It provides better data protection for your computer by encrypting all data stored on your computer’s hard drive.

A TPM microchip is built into your computer. It is used to store cryptographic information, such as encryption keys. Information stored on the TPM is more secure from external software attacks and physical theft. BitLocker uses the TPM to help protect the Windows operating system and user data and helps to ensure that a computer is not tampered with, even if it is left unattended, lost, or stolen.

Faculty and staff machines will use Bitlocker to protect sensitive data. Bitlocker will be enabled when the computer is first configured. The end user will have nothing to be concerned with and will notice nothing out of the ordinary while using the computer.

A TPM microchip is built into your computer. It is used to store cryptographic information, such as encryption keys. Information stored on the TPM is more secure from external software attacks and physical theft. BitLocker uses the TPM to help protect the Windows operating system and user data and helps to ensure that a computer is not tampered with, even if it is left unattended, lost, or stolen.

Faculty and staff machines will use Bitlocker to protect sensitive data. Bitlocker will be enabled when the computer is first configured. The end user will have nothing to be concerned with and will notice nothing out of the ordinary while using the computer.

Features of Windows BitLocker Drive Encryption

  • BitLocker prevents a thief who boots another operating system or runs a software hacking tool from breaking Windows Vista file and system protections or performing offline viewing of the files stored on the protected drive.
  • The feature ideally uses a Trusted Platform Module (TPM 1.2) to protect user data and to ensure that a PC running Windows Vista has not been tampered with while the system was offline. BitLocker provides both mobile and office enterprise information workers with enhanced data protection should their systems be lost or stolen and secure data deletion when it comes time to decommission those assets.
  • BitLocker enhances data protection by bringing together two major sub-functions: drive encryption and the integrity checking of early boot components.
  • Drive encryption protects data by preventing unauthorized users from breaking Windows file and system protection on lost, stolen or inappropriately decommissioned computers. This protection is achieved by encrypting the entire Windows volume; with BitLocker all user and system files are encrypted including the swap and hibernation files.
  • Integrity checking the early boot components helps to ensure that data decryption is performed only if those components appear unmolested and that the encrypted drive is located in the original computer.