Windows 7 Security Features
Data Security
BitLocker Drive Encryption
- BitLocker Drive Encryption as a data encryption feature included with Windows 7. An entire volume is encrypted when you use BitLocker Drive Encryption. It also protects the operating system.
- BitLocker Drive Encryption is designed to be used with a Trusted Platform Module (TPM). TPM is a part of the motherboard in your computer and is used to store encryption keys and certificates.
- The BitLocker Drive Encryption modes, including:
- The hard drive must be divided into two partitions. One encrypted partition is used as the operating system volume. One not encrypted system partition contains the necessary files to boot the operating system.
- Volume Master Key (VMK)
- Full Volume Encryption Key (FVEK)
- When you activate BitLocker Drive Encryption, a recovery password is generated automatically. You can save it to a USB drive or folder, display on the screen, or print.
- The recovery password is required when the normal decryption process is unable to function. Describe the most common reasons when recovery passwords are required, including:
- Modified boot files
- Lost encryption keys
- Lost or forgotten startup PIN
- Disabling BitLocker Drive Encryption decrypts all of the data on the hard drive and makes it readable again.
Read more about BitLocker Drive Encryption at:
http://technet.microsoft.com/en-us/library/ee449438(WS.10).aspx.
- BitLocker To Go as a new feature in Windows 7 that allows you to protects data on removable storage such as USB drives.
- The options for unlocking removable storage, including:
- Use a password to unlock the drive
- Use my smart card to unlock the drive.