In high-secure environments the Windows system pagefile may pose a risk to confidentiality and integrity of sensitive data. Sensitive data may still reside in the system pagefile which can be exfiltrated by attackers with the help of specialized tools. In such high-security scenarios, one would need to take the proper measures to safeguard systems pagefiles.
Encrypting File System (EFS) allows you to encrypt and decrypt files and directories transparently. Like its predecessor, Windows 7 supports EFS and it is very simple to apply. By just marking a directory to use EFS, any file created in that directory is encrypted. Read more…
If your search for content in encrypted files is failing then you may need to enable the Index Encrypted Files option available in Windows 7. Windows uses the index to perform very fast searches on your computer. Unlike the previous versions of Windows, Windows 7 supports indexing the contents of encrypted files. This makes searching encrypted content as easy as searching unencrypted content. By default, non-encrypted content (even non-encrypted properties of encrypted files) are always indexed. Indexing of encrypted files is possible on local file systems and an index rebuilt is required when you enable or disable this function. Read more…
Using BitLocker in Windows 7 Enterprise and Ultimate editions to encrypt your data and then uploading it to the cloud (such as, Windows Live SkyDrive, Dropbox, etc.) can provide you with a secure online backup solution at no costs. The only caveat is that you need to perform some manual tasks before uploading the encrypted data to cloud storage. If you simply upload encrypted data from an active drive protected with BitLocker to cloud storage, it will be stored in the cloud in unencrypted form, which means it could be read by whoever has administrative access to the cloud where data is stored. In order to retain encryption of your uploaded data, the encrypted drive has to be dismounted and uploaded as a raw file. You could achieve this by creating a virtual hard drive, copy your sensitive files, encrypt it using BitLocker, and upload the vhd file to the cloud as described below:
To enable BitLocker on your computer you need administrator privileges and your computer has to have the appropriate TPM hardware or the appropriate Group Policy if TPM is not present. A check is performed after you enable BitLocker and an error is displayed in case your computer does not support BitLocker. Go here for more information.
BitLocker can function in different modes which provide different levels of security. Which mode you choose depends on whether you have a Trusted Platform Module (TPM) on your computer and the level of security you want to achieve. The TPM is a secure device built into the hardware of the computer to store cryptographic (encryption) keys. Different security modes can combine the usage of a TPM, a PIN number and a startup key. A startup key is a cryptographic file that is stored on a separate USB file. Go here for more info about the security levels of BitLocker.
BitLocker is a full volume encryption and system protection feature that is available on computers running the Enterprise and Ultimate editions of Windows 7. It protects data on your hard drive if this is connected to a foreign system or when your system is booted off an alternate operating system in an attempt to steal data. Remember, that without the BitLocker encryption key, the data stored on the volume is inaccessible.