Protect your computer with BitLocker
BitLocker is a full volume encryption and system protection feature that is available on computers running the Enterprise and Ultimate editions of Windows 7. It protects data on your hard drive if this is connected to a foreign system or when your system is booted off an alternate operating system in an attempt to steal data. Remember, that without the BitLocker encryption key, the data stored on the volume is inaccessible.
BitLocker stores the encryption key for the volume in a separate safe location, and it releases the key only after it is able to verify the integrity of the boot environment. BitLocker main benefits are the following:
- It prevents an attacker from recovering data from a stolen computer unless that person manages to get the password too! Without the password the hard disk remains encrypted and inaccessible.
- Encryption can be used as a hard drive disposal tool. Instead of performing several formats when throwing away hard drives, you can be sure that without the accompanying password key, a BitLocker encrypted drive is irrecoverable. An encrypted hard drive has the additional benefit of secure disposal if it is physically damaged and there’s no possibility of formatting it!
- It protects the integrity of the boot environment against unauthorized modification by checking the boot environment each time you turn on the computer. If BitLocker detects any modifications to the boot environment, it forces the computer into BitLocker recovery mode.
It is important to note that BitLocker does not protect data when the computer is fully active. That is, if multiple users login to the same computer and BitLocker is enabled then users can read each other’s files, if file and folder permissions are not properly set.
BitLocker encrypts the hard disk when it is offline and hence, prevents offline attacks. It does not protect data from local or network attacks while the computer is operating normally. To protect data on a powered-up computer, configure NTFS permissions and use Encrypting File System (EFS).