What is BitLocker and How Does It Work? Steve Lamb IT Pro Evangelist, Microsoft Ltd

Slides:

Advertisements

Similar presentations

Ljubomir Ivaniš CPU d.o.o.

Advertisements

Rambling on the Private Data Security

Rodney Buike IT Pro Advisor, Microsoft Canada

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

BitLocker™ Drive Encryption A look under the covers Steve Lamb Technical Security Advisor, Microsoft UK

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Hardware Security: Trusted Platform Module Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources.

SECCT10: BitLocker™ Drive Encryption Deployment

SEC325 BitLocker™ Drive Encryption Deployment

BitLocker: deep details, improvements and benifits

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.

Unified Logs and Reporting for Hybrid Centralized Management

Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.

Security and Policy Enforcement Mark Gibson Dave Northey

Michael Kleef Technology Advisor | Microsoft Australia

SEC316: BitLocker™ Drive Encryption

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Three.

Kalpesh Patel Ramprabhu Rathnam

BitLocker™ Drive Encryption Hardware Enhanced Data Protection

Mobility for the Enterprise

MDOP 2010: Diagnostic and Recovery Toolset (DaRT) Speaker Fabrizio Grossi

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Windows 7 Windows Server 2008 R2 VirtualizationVirtualization Heterogeneous Server Environment Inventory Linux, Unix & VMware Windows 7 & Server 2008.

File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.

Secure Startup Hardware-Enhanced Security Peter Biddle Product Unit Manager Windows Security Microsoft Corporation Stacy Stonich Program Manager Windows.

Virtual techdays Desktop Security with Windows 7 AppLocker & BitLocker to Go Aviraj Ajgekar│ Technology Evangelist │Microsoft Corporation Blog:

Windows ® Powered NAS. Agenda Windows Powered NAS Windows Powered NAS Key Technologies in Windows Powered NAS Key Technologies in Windows Powered NAS.

Windows Vista: Volume Activation 2.0

Chapter 5 Roles and features. objectives Performing management tasks using the Server Manager console Understanding the Windows Server 2008 roles Understanding.

Free, online, technical courses Take a free online course. Microsoft Virtual Academy.

Microsoft ® Official Course Module 8 Securing Windows 8 Desktops.

Deploying PKI Inside Microsoft The experience of Microsoft in deploying its own corporate PKI Published: December 2003.

Trusted Computing BY: Sam Ranjbari Billy J. Garcia.

Week #7 Objectives: Secure Windows 7 Desktop

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Extending user controlled security domain.

David Smith | Windows Client | Microsoft Canada Security Primer.

Cosc 4765 Trusted Platform Module. What is TPM The TPM hardware along with its supporting software and firmware provides the platform root of trust. –It.

Initial Tiger Team Briefing New Dells with TPM Peter Leight Richard Hammer May 2006.

An Introduction to Trusted Platform Technology Siani Pearson Hewlett Packard Laboratories, UK

Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)

Trusted Computing and the Trusted Platform Module Bruce Maggs (with some slides from Bryan Parno)

Web Services Security Patterns Alex Mackman CM Group Ltd

Hosting Websites and Web Applications with Microsoft ® SQL Server ® 2008.

Understand Encryption LESSON 2.5_A Security Fundamentals.

May 25 – June 15, Technical Overview Bruce Cowper IT Pro Advisor Microsoft Canada Damir Bersinic IT Pro Advisor Microsoft.

Lesson 18: Configuring Security for Mobile Devices MOAC : Configuring Windows 8.1.

MICROSOFT AZURE ISV: CloudLink WEB SITE: LOCATION: Ottawa, Canada ORG SIZE: 35+ MICROSOFT AZURE ISV PROFILE:

Delivering Assured Services John Weigelt National Technology Officer Microsoft Canada.

Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.

UNM Encryption Services in Development

Trusted Computing and the Trusted Platform Module

Hardware security: The use of a Trusted Platform Module

Trusted Computing and the Trusted Platform Module

Hardware Cryptographic Coprocessor

Threat Management Gateway

תרגול 9 – Windows Security

The Microsoft 365 Powered Device

Building hardware-based security with a Trusted Platform Module (TPM)

Data Security for Microsoft Azure

Modern Windows 10 device 12/2/2018 E3 E3 P E3 P P P P E3 E3 P P P P P

Microsoft Virtual Academy

Deploying and Managing Windows To Go

Bruce Maggs (with some slides from Bryan Parno)

Microsoft Virtual Academy

Bruce Maggs (with some slides from Bryan Parno)

{ How to Deploy and Manage the Desktop & What’s in SP1}

Microsoft Virtual Academy

Presentation transcript:

What is BitLocker and How Does It Work? Steve Lamb IT Pro Evangelist, Microsoft Ltd

What is IT Pro Momentum? A program to recruit early adopters Provides you with free support and training Share your story and influence the next wave of early adopters Rewards you with a free TechNet Direct subscription

More information? For more information on the IT Pro Momentum Program or to nominate someone Steve Lamb

“BitLocker Drive Encryption provides stronger protection for data stored on your Windows Vista ™ systems – even when the system is in unauthorized hands or is running a different or attacking OS. BitLocker does this by utilizing full volume encryption; this prevents a thief who boots another OS or runs a software disk inspection tool from breaking Vista file and system protections or even the offline viewing of data files.”

BitLocker Drive Encryption BitLocker Drive Encryption fully encrypts the entire Windows Vista volume. Designed specifically to prevent the unauthorized disclosure of data when it is at rest. Provides data protection on your Windows client systems, even when the system is in unauthorized hands. Designed to utilize a v1.2 Trusted Platform Module (TPM) for secure key storage and boot environment authentication BitLocker BitLocker

Protects secrets Performs cryptographic functions RSA, SHA-1, RNG Meets encryption export requirements Can create, store and manage keys Provides a unique Endorsement Key (EK) Provides a unique Storage Root Key (SRK) Performs digital signature operations Holds Platform Measurements (hashes) Anchors chain of trust for keys and credentials Protects itself against attacks TPM 1.2 spec: What is a Trusted Platform Module? It’s a Smartcard-like module on the motherboard

Why use a TPM 1.2 chip? The TPM solves the ‘where do we put the encryption key?’ problem Hardware can be made to be robust against attacks Certified to be tamper resistant Provides anti-hammering capabilities A TPM is an implementation of a Root-of-Trust Enables implementation of the Static Root of Trust Measurement Hardware based solution more secure than software one Difficult to root trust in software that has to validate itself

Static Root of Trust Measurement

BitLocker disk layout

Spectrum of Protection BitLocker offers a spectrum of protection allowing customers to balance ease-of-use against the threats they are most concerned with.

An integrated solution BitLocker is integrated in WMI and Group Policy Enables customizable, automated deployment BitLocker automatically escrow keys and passwords into AD Centralized storage/management keys Recovery console built into the new Vista boot architecture Recovery can occur “in the field” Windows operation can continue as normal after a recovery

Further information? Web Resources: Specs & Whitepapers: TCG: BitLocker™ Questions or Ideas:

©2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.