Manage Storage

Managing Windows 10 BitLocker

Ratings: 10+5=15

BitLocker Basics:

• Encryption software like BitLocker war introduced in Windows 7 and revised in later Operating System version like Windows 8.1.
• The objective of Bitlocker is to encrypt data stored on Operating System and Data Volumes.
• BitLocker provides Offline and Start-Up Protection to the data stored on the volumes.
• BitLocker uses TPM Chip to protect the kyes used to encrypt your computer's data. TPM (Trusted Platform Module), TPM 1.2 supports a single "owner" authorization, with RSA 2048 Bits security standards.
• While, TPM 2.0 has the similar functionality, additionally it used for signing/attestation with unique "owner" authorization encryption.
• BitLocker To Go is a process in BitLocker used to encrypt the removable media.

BitLocker and Windows 10:

• BitLocker is supported on Windows 10 editions like Windows 10 Pro, Enterprise, Education, Mobile and Mobile Enterprise.
• BitLocker in Windows 10 supportd XTS-AES encryption algorithm. XTS stsnds for XEX-based tweaked-codebook mode with cipher text stealing, AES (Advanced Encryption Standard), to encrypt data on drives.
• Bitlocker can encrypt a drive and the recovery keys can be saved on Azure Active Directory.

1. Device Health Attestation, is introduced in Windows 10, it integrates with Windows 10 Mobile Device Management (MDM), framework for Open Mobile Alliance (OMA) standards.
2. Device Guard is ability to lockdown devices in a way that meets malware protection against new and unknown malware variants.
3. Credential Guard is the ability to store credentials (that is NTLM hashes and Kerberos tickets), credentials are stored in isolated containers which use Hyper-V and virtualization based security for additional protection.

BitLocker Deployment Options:

• Start-Up Key: In this method, no TPM chip is required. USB contains the start-up key. Computer BIOS must support USB drive access during system boot.
• TPM Chip Only: TPM is  a security chip on motherboard used to provide secure storage. TPM is activated in BIOS. It must be oted that if drives are moved to another system, it will no longer be protected.
• TPM with PIN: The encryption key is stored in TPM. The user needs to enter a pin to unlock this device.This option can be enabled through Group Policy.
• TPM with Start-Up Key: The TPM chip controls the Boot-Up process, the start-up key is stored in USB stick, it should be enabled through Group Policy.
• TPM+PIN+Start-Up Key: This is the most secure and potentially hardest to manage option. The start-up key is stored in the USB stick, encryption key is stored in TPM. This model supports the Multi-Factor Authentication. This method is enabled through Group Policy.

BitLocker To Go:

• BitLocker To Go, is used to support encryption for devices like:

1. Flash Drives
2. SD Cards

• The condition is removable drives must be formatted with NTFS or FAT file systems

1. You can Use Password Or Smartcard to unlock the BitLocker To Go Drives.
2. Note, in a Windows 10 Device, access conntrol panel, Navigate to BitLocker Drive Encryption, to access the features of "bitLocker To Go".

Name of Student : Harsh Tiwari
Faculty Name : Naresh
Roll No :  JK-ENR-SW-1621
Date :09-02-2018
Session Name : Manage Storage
Summary of learning : Learning about managing Windows 10 BitLocker