This is A beginner's guide to BitLocker, Windows' built-in encryption tool
What is BitLocker?
BitLocker is Microsoft's easy-to-use, proprietary encryption program
for Windows that can encrypt your entire drive as well as help protect
against unauthorized changes to your system such as firmware-level
malware.
Who can use BitLocker
BitLocker is available to anyone who has a machine running Windows
Vista or 7 Ultimate, Windows Vista or 7 Enterprise, Windows 8.1 Pro, or
Windows 8.1 Enterprise. If you're running an Enterprise edition chances
are your PC belongs to a large company so you should discuss enabling
BitLocker encryption with your company's IT department.
System requirements
To run BitLocker you'll need a Windows PC running one of the OS
flavors mentioned above, plus a PC with at least two partitions and a
Trusted Platform Module (TPM).
A TPM is a special chip that runs an authentication check on your
hardware, software, and firmware. If the TPM detects an unauthorized
change your PC will boot in a restricted mode to deter potential
attackers.
If you don't know whether your computer has a TPM or multiple
partitions, don't sweat it. BitLocker will run a system check when you
start it up to see if your PC can use BitLocker.
Who should use BitLocker?
Here's the thing about BitLocker: It's a closed source program.
That's problematic for extremely privacy-minded folks, since users have
no way of knowing if Microsoft was coerced into putting some kind of
backdoor into the program under pressure from the U.S. government.
The company says there are no back doors, but how can we be certain?
We can't. Sure, if BitLocker was open source most of us wouldn't be able
to read the code to determine if there was a backdoor anyway. But
somebody out there would be able to meaning there would be a much higher
chance of any faults with the program being discovered.
So with BitLocker's closed source nature in mind, I wouldn't count on
this encryption program defending your data against a government actor
such as border agents or intelligence services. But if you're looking to
protect your data in case your PC is stolen or other situations where
petty criminals and non-government types might mess with your hardware
then BitLocker should be just fine.
Getting ready to go,
Here's how I got BitLocker running on a Windows 8.1 Pro machine. The
first thing you'll need to do is fire up the Control Panel.
When the Control Panel opens, type BitLocker into the search box in the upper right corner and press Enter. Next, click Manage BitLocker, and on the next screen click Turn on BitLocker.
Now BitLocker will check your PC's configuration to make sure your device supports Microsoft's encryption method.
If you're approved for BitLocker, Windows will show you a message
like this one. If your TPM module is off then Windows will turn it on
automatically for you, and then it will encrypt your drive.
TPM
To activate your TPM security hardware Windows has to shut down
completely. Then you will have to manually turn your PC back on. Before
you go ahead with this process make sure any flash drives, CDs, or DVDs
are ejected from your PC. Then hit Shutdown.
Once you restart your PC, you may see a warning that your system was changed. In my case I had to hit F10 to confirm the change or press Esc to cancel. After that, your computer should boot back up and once you login again you'll see the BitLocker window.
Recovery key and encryption
After a few minutes, you should see a window with a green check mark
next to "Turn on the TPM security hardware." We're almost at the point
where we'll encrypt the drive! When you're ready, click Next.
Before you encrypt your drive, however, you have to save a recovery
key just in case you have problems unlocking your PC. Windows gives you
three choices for saving this key in Windows 8.1: save the file to your
Microsoft account, save to a file, or print the recovery key. You are
able to choose as many of these options as you like, and you should
choose at least two.
In my case, I chose to save the file to a USB key and print the key
on paper. I decided against saving the file to my Microsoft account,
because I don't know who has access to the company's servers. That said,
saving your key to Microsoft's servers will make it possible to decrypt
your files if you ever lose the flash drive or paper containing your
recovery key code.
Once you've created two different instances of the recovery key and removed any USB drives, click Next.
On the following screen, you have to decide whether to encrypt only
the disk space used so for or encrypt your PC's entire drive. If you are
encrypting a brand new PC without any files then the option to encrypt
only the used disk space is best for you since new files will be
encrypted as they're added. If you have an old PC with a few more miles
on the hard drive you should choose to encrypt the entire drive.
Once you've chosen your encryption scheme click Next. We're almost there.
Make sure the box next to "Run BitLocker system check" is clicked so
that Windows will run a system check before encrypting your drive. Once
the box is checked click Continue...and nothing happens.
You'll see an alert balloon in the system tray telling you that encryption will begin after you restart the PC. Restart your PC.
When you log in this final time you should see another system tray alert telling you that the encryption is in progress.
You can continue to work on your PC during the encryption phase, but
things may be working a little more slowly than usual. Consider holding
back on anything that might tax your system during initial encryption,
such as graphics-intensive programs.
After all those clicks, that's it!
Just leave Windows to do its thing and in a few hours you'll have a
BitLocker-encrypted drive. The length of time it takes BitLocker to
fully encrypt your files depends on the size of your drive, or how much
data you're encrypting if you're only encrypting existing data on a new
PC.
ENjoy!!!
Also you may like An Introduction To Encryption
Recovery key and encryption
After a few minutes, you should see a window with a green check mark next to "Turn on the TPM security hardware." We're almost at the point where we'll encrypt the drive! When you're ready, click Next.Before you encrypt your drive, however, you have to save a recovery key just in case you have problems unlocking your PC. Windows gives you three choices for saving this key in Windows 8.1: save the file to your Microsoft account, save to a file, or print the recovery key. You are able to choose as many of these options as you like, and you should choose at least two.
In my case, I chose to save the file to a USB key and print the key on paper. I decided against saving the file to my Microsoft account, because I don't know who has access to the company's servers. That said, saving your key to Microsoft's servers will make it possible to decrypt your files if you ever lose the flash drive or paper containing your recovery key code.
Once you've created two different instances of the recovery key and removed any USB drives, click Next.
On the following screen, you have to decide whether to encrypt only the disk space used so for or encrypt your PC's entire drive. If you are encrypting a brand new PC without any files then the option to encrypt only the used disk space is best for you since new files will be encrypted as they're added. If you have an old PC with a few more miles on the hard drive you should choose to encrypt the entire drive.
Once you've chosen your encryption scheme click Next. We're almost there.
Make sure the box next to "Run BitLocker system check" is clicked so that Windows will run a system check before encrypting your drive. Once the box is checked click Continue...and nothing happens.
You'll see an alert balloon in the system tray telling you that encryption will begin after you restart the PC. Restart your PC.
When you log in this final time you should see another system tray alert telling you that the encryption is in progress.
You can continue to work on your PC during the encryption phase, but things may be working a little more slowly than usual. Consider holding back on anything that might tax your system during initial encryption, such as graphics-intensive programs.
After all those clicks, that's it! Just leave Windows to do its thing and in a few hours you'll have a BitLocker-encrypted drive. The length of time it takes BitLocker to fully encrypt your files depends on the size of your drive, or how much data you're encrypting if you're only encrypting existing data on a new PC.
ENjoy!!!
Also you may like An Introduction To Encryption
0 comments:
Post a Comment