BitLocker overview
BitLocker is a Windows security feature that provides encryption for entire volumes, addressing the threat of data theft or leakage due to device loss, theft, or improper deactivation.
Practical application: Data on a lost or stolen device is vulnerable to unauthorized access by running a software attack tool or by transferring the device's hard drive to another device. BitLocker helps reduce unauthorized data access by enhancing file and system protection by rendering data inaccessible when disarming or reclaiming BitLocker-protected devices.
BitLocker history
1. The Debut of BitLocker Encryption - Windows Vista (2007)
Release date: January 30, 2007
Key features:
BitLocker debuted in Windows Vista Enterprise and Windows Vista Ultimate editions.
It provides full-disk encryption to protect data from unauthorized access to operating system drives and data drives.
BitLocker primarily relies on TPM (Trusted Platform Module) hardware for enhanced security. TPM allows keys to be stored in hardware, increasing the level of protection for encryption.
In addition to the TPM, users can also use USB keys as a means of authentication at startup.
BitLocker in Vista only supports encrypting system drives, and encryption of data drives (non-system disks) requires additional software support.
2. BitLocker Improvements in Windows 7 (2009)
Release date: October 22, 2009
Key features:
BitLocker To Go: Windows 7 introduces BitLocker To Go functionality, which supports encryption of external storage devices such as USB flash drives, external hard drives, etc., enhancing the protection of mobile data.
Performance Optimization: In Windows 7, BitLocker's performance has been optimized, with a more efficient operating system and encryption process.
It supports encryption of the entire hard disk (including system disks and data disks) and more flexible authentication methods.
3. BitLocker in Windows 8 (2012)
Release date: October 26, 2012
Key features:
Enhanced BitLocker To Go: Windows 8 offers more features for encrypting external devices, including automatic encryption of external drives.
BitLocker Network Unlock: Windows 8 introduced the BitLocker Network Unlock feature, which allows protected computers to be unlocked over the network at boot, simplifying business management.
Improved User Interface: BitLocker's management interface has been simplified, making it easier for users to manage encrypted disks and devices.
It also supports TPM + PIN two-factor authentication for further security.
4. BitLocker in Windows 10 (2015)
Release date: July 29, 2015
Key features:
Support for device encryption: Windows 10 Home and Windows 10 Pro editions began to support device encryption (if supported by hardware), making it possible to encrypt stored data even on lower versions of the operating system.
Stronger recovery key management: Windows 10 enhances the management of recovery keys, which can be automatically backed up to a Microsoft account, making it easy for users to retrieve encrypted devices.
BitLocker Group Policy Enhancements: Users in Enterprise and Education editions can configure BitLocker settings at more granular levels, such as enforcing encryption, managing encryption policies, and more.
Support for stronger hardware acceleration: In Windows 10, BitLocker supports optimizations for modern hardware, such as hardware acceleration with AES support, to improve encryption and decryption performance.
5. BitLocker in Windows 11 (2021)
Release date: October 5, 2021
Key features:
Support for Windows Hello: Windows 11 introduces support for Windows Hello, where users can use facial recognition or fingerprint recognition as an authentication method for encrypted drives.
BitLocker Integration with Microsoft Defender: Windows 11 offers enhanced integration between BitLocker and Microsoft Defender, allowing for more unified security management in enterprise environments.
Stronger Encryption Key Protection: With further enhancements to hardware and operating systems, BitLocker continues to enhance key storage and protection mechanisms in Windows 11, ensuring greater security.
Device encryption enabled by default: Windows 11 automatically enables device encryption on devices that meet hardware requirements, enhancing security.
6. Continuous improvement and updates
BitLocker Automatic Repair and Updates: BitLocker continues to optimize its recovery process as versions of Windows update. Windows Update provides regular fixes and security patches for BitLocker to ensure its continued effectiveness.
Enterprise management and support: BitLocker has always been a focus area in Windows Enterprise, and Microsoft has provided IT administrators with more BitLocker management tools and policy support, such as Intune and Group Policy management.
BitLocker and TPM
BitLocker provides maximum protection when used in conjunction with a trusted platform module (TPM), a common hardware component installed on Windows devices. The TPM works with BitLocker to ensure that the device has not been tampered with when the system is offline.
In addition to the TPM, BitLocker can lock the normal boot process until the user provides a personal identification number (PIN) or inserts a removable device that contains the boot key. These security measures provide multi-factor authentication and assurance, and devices cannot boot or recover from hibernation until the correct PIN or boot key is provided.
On devices without a TPM, BitLocker encryption can still be used as a system drive. This implementation requires users to:
- With a boot key, this file is stored on a removable drive to boot the device, or used when recovering from hibernation.
- Use a password. This option is not secure because it is subject to brute force attacks because there is no password lock logic. Therefore, the password option is not recommended, and the password option is disabled by default.
Neither option provides BitLocker pre-boot system integrity verification through the TPM.
Configure BitLocker
Turn on the BitLocker drive encryption method, open the Control Panel, and click:Control Panel - > System & Security - > BitLocker Drive Encryption, as shown in the figure below:
Restart your computer and turn on encryption, as shown below:
Once done, there will be a small lock on the disk, as shown in the image below:
For "Pinned data drivesTo enable BitLocker, it is recommended to choose the following:
BitLocker pre-activated personal identification number (PIN) (Not tested)
Open Group Policy (gpedit.msc) and find Computer Configuration - > Administrative Templates - > Windows Components - > BitLocker Drive Encryption - > OS Drives - > Preboot Authentication. Select Enabled and select ⌈Boot PIN required when TPM is available in ⌋ ⌈ Configure TPM ⌋.
Open the command prompt with administrator privileges and enter the following command:
Then follow the prompts to set a PIN. After restarting your computer, you'll see BitLocker ask for a PIN to boot the system.
The process of entering the PIN does not work with the Bluetooth keyboard. If your computer doesn't have a built-in keyboard, have a wired keyboard or a wireless keyboard with a USB receiver.
Reference:
The hyperlink login is visible.
The hyperlink login is visible.
The hyperlink login is visible.
The hyperlink login is visible. |
Posted on 2025-6-2 21:16:00
|
|
|
|
Landlord|
Posted on 2025-11-24 10:32:37
|
