Expert Reference Series of White Papers. BitLocker: Is It Really Secure? COURSES.
|
|
- Octavia Garrett
- 5 years ago
- Views:
Transcription
1 Expert Reference Series of White Papers BitLocker: Is It Really Secure? COURSES
2 BitLocker: Is It Really Secure? Mark Mizrahi, Global Knowledge Instructor, MCSE, MCT, CEH Introduction: What Is It? BitLocker, whose full name is Windows BitLocker Full Drive Encryption, is a new technology available in Windows Vista Enterprise and Windows Vista Ultimate and also available in Windows Server It is one of the new security features for both Business and Personal Users designed to address the threat of unauthorized access to data as well as illegitimate booting of the operating system. BitLocker addresses a previously long history of vulnerability, such as data theft by inappropriately booting a computer through stolen credentials, using external attack tools such as bootable operating systems on CD-ROM or USB boot devices, or transferring a computer s hard drive and reading it in a foreign system. Another security concern is obtaining unauthorized access into a stolen laptop or mainstream computer, and accessing a recycled or decommissioned computer. BitLocker effectively encrypts the volume that runs the operating system, while Windows Server 2008 can additionally encrypt other volumes. By design, BitLocker encrypts the entire Windows operating system volume on the hard-drive, including the operating system files, user data, hibernation files, page file, and temporary files. Any applications installed on the system volume will benefit from this form of protection. BitLocker verifies the integrity of the early stages of the boot components and boot configuration data so that any alteration of the boot process will prevent the operating system from starting. It is as valuable for servers as it is for laptops and desktops, especially those machines that are off-site at remote or branch offices where these machines are less physically protected. The possibility exists that BitLocker-protected machines might be physically compromised and possibly stolen. The result will be that access of data on the system disk will be protected. These features are extremely important to owners and users of laptops, who benefit from the safety and comfort of knowing that the information cannot be accessed. This is extremely reassuring. What Is Needed Not all versions of Windows Vista have the BitLocker feature. The only Windows Vista versions that come with BitLocker are the higher priced versions of Windows Vista Enterprise and Windows Vista Ultimate. Upgrade paths are in place that will allow owners of other versions of Windows Vista to easily upgrade to either Enterprise or Ultimate. The most secure way to implement BitLocker is to have a computer with a cryptographic hardware microchip called the Trusted Platform Module (TPM) version 1.2 or later, along with a Trusted Computing Group (TCG) compliant BIOS. The TPM is a hardware component pre-installed on newer computers to protect data and ensure that the computer has not been tampered with while the system was offline or shutdown. This component allows the option to lock the normal startup process until the user supplies a personal identification number (PIN). Copyright 2007 Global Knowledge Training LLC. All rights reserved. Page 2
3 It should be noted that the availability of computers with the TPM hardware components preinstalled are hard to find, probably due to the manufacturer s desire to keep costs low. It is a fact that since the majority of sales are versions of Windows Vista that do not support BitLocker, hardware is pre-built without the TPM components and TCG compliant BIOS. Another, although less secure, way to use BitLocker on computers that do not have the TPM hardware is insert a removable USB device, such as a flash drive, that contains a startup key. This implementation does not provide the pre-startup system integrity verification offered by BitLocker working with TPM hardware. Optionally, in a domain environment, BitLocker supports the remote escrow of Keys to the Active Directory Domain Services (AD DS) as well as a Windows Management Instrumentation (WMI) interface with scripting support for remote administration of this feature. BitLocker can also be configured with Group Policy Objects (GPO). Either method does provide multi-factor authentication and insures that the computer will not start or even resume from hibernation until the correct PIN or startup key is used. For BitLocker to function, the hard disk requires at least two (NTFS) formatted volumes. One volume that supports the boot files that boot the operating system, known as the system volume and having a minimum of size of 1.5 GB, and another volume that supports operating system, known as the boot partition. In the event that two volumes are not available, Windows Vista has diskpart command line tool that gives you the ability to shrink the size of an NTFS volume so that the system volume for BitLocker can be created. How It Works BitLocker provides three modes of operation: Transparent Operation Mode, User Authentication Mode, and USB Key Mode. The first two modes require the TPM (version 1.2 or later) and TCG-compliant BIOS. The third mode does not require a TPM chip. Transparent operation mode: This mode exploits the capabilities of the TPM 1.2 hardware to provide transparency of the BitLocker technology to the user then they logon to Windows Vista as normal. The key used for the disk encryption is sealed (encrypted) by the TPM chip and will only be released to the OS loader code if the early boot files appear to be unmodified. The pre-os components of BitLocker achieve this by implementing a Static Root of Trust Measurement, which is a methodology specified by the Trusted Computing Group ( User authentication mode: This mode requires that the user provide some authentication to the pre-boot environment in order to be able to boot the OS. Two authentication modes are supported, a pre-boot PIN entered by the user or a Universal Serial Bus USB ( inserted that contains the required startup key. The USB device does not require a TPM chip. USB Key: The user must insert a USB device that contains a startup key into the computer to be able to boot the protected OS. This mode requires that the BIOS on the protected machine support the reading of USB devices in the pre-os environment. BitLocker encrypts data using the Advanced Encryption Standard (AES) with key lengths of 128 or 256 bits, plus an optional diffuser. The Default encryption setting is AES 128 bit with the Elephant Diffuser. AES algorithm was chosen in-part because of its fast performance. According to Microsoft BitLocker imposes a single Copyright 2007 Global Knowledge Training LLC. All rights reserved. Page 3
4 digit percentage of overhead. All BitLocker encryption is done in the background and all decryption is done as blocks as requested. BitLocker uses the TPM to verify the integrity of early boot components and boot configuration data. This helps ensure that BitLocker makes the encrypted volume accessible only if those components have not been tampered with and the encrypted drive is located in the original computer. BitLocker helps ensure the integrity of the startup process by: Providing a method to check that early boot file integrity has been maintained, and help ensure that there has been no adversarial modification of those files, such as with boot sector viruses or rootkits. Enhancing protection to mitigate offline software-based attacks. Any alternative software that might start the system does not have access to the decryption keys for the Windows operating system volume. TPM-only scenario Locking the system when tampered with. If any monitored files have been tampered with, the systemdoes not start. This alerts the user to the tampering, since the system fails to start as usual. In the event that system lockout occurs, BitLocker offers a simple recovery process. Authentication modes in the boot sequence BitLocker supports four different authentication modes, depending on the computer's hardware capabilities and the desired level of security: BitLocker with a TPM (no additional authentication factors) BitLocker with a TPM and a PIN BitLocker with a TPM and a USB startup key BitLocker without a TPM (USB startup key required) Each time Windows Vista starts up with BitLocker enabled, the boot code performs a sequence of steps based on the volume protections set. These steps can include system integrity checks and other authentication steps (PIN or USB startup key) that must be verified before the protected volume is unlocked. For recovery purposes, BitLocker uses a recovery key (stored on a USB device) or a recovery password (numerical password), as shown in the Bitlocker Architecture section below. You create the recovery key or recovery password during BitLocker initialization. Inserting the recovery key or typing the recovery password enables an authorized user to regain access to the encrypted volume in the event of an attempted security breach or system failure. BitLocker searches for keys in the following sequence: 1. Clear key: System integrity verification has been disabled and the BitLocker volume master key is freely accessible. No authentication is necessary. 2. Recovery key or startup key (if present): If a recovery key or startup key is present, BitLocker will use that key immediately and will not attempt other means of unlocking the volume. 3. Authentication 1. TPM: The TPM successfully validates early boot components to unseal the volume master key. 2. TPM + startup key: The TPM successfully validates early boot components and a USB flash drive containing the correct startup key has been inserted. Copyright 2007 Global Knowledge Training LLC. All rights reserved. Page 4
5 3. TPM + PIN: The TPM successfully validates that early boot components and the user enters the correct PIN. 4. Recovery 1. Recovery password: The user must enter the correct recovery password. 2. Recovery key: If none of the above steps successfully unlocks the drive, the user is prompted to insert the USB flash drive that holds the recovery key, and then restart the computer. In this scenario, BitLocker is enabled on a computer that has a TPM, but no additional authentication factors have been enabled. The hard disk is partitioned with two volumes: The system volume that contains the files that boot the operating system The Windows Vista operating system volume known as the boot volume As shown in Figure 1, BitLocker encrypts the operating system volume with a full volume encryption key. This key is itself encrypted with the volume master key, which, in turn, is encrypted by the TPM. Figure 1. Accessing a BitLocker-enabled volume with TPM protection This scenario can be enabled or disabled by the local administrator using the BitLockers Control Panel Applets Security items in Control Panel in Windows Vista. Turning BitLocker off decrypts the volume and removes all keys. New keys are created once BitLocker is turned back on at a later time. Enhanced Authentication Scenarios These scenarios add additional authentication factors to the basic scenario described previously. As shown in Figure 2, using BitLocker on a computer that has a TPM offers two multifactor authentication options: Figure 2. Accessing a BitLocker-enabled volume with enhanced protection Copyright 2007 Global Knowledge Training LLC. All rights reserved. Page 5
6 The TPM plus a PIN (system integrity check plus something the user knows) The TPM plus a startup key stored on a USB flash drive (system integrity check plus something the user has) The advantage of these scenarios is that not all key material is stored on the local computer. PIN authentication In this scenario, the administrator sets up a numeric PIN during BitLocker initialization. BitLocker hashes the PIN using SHA-256 and the first 160 bits of the hash are used as authorization data sent to the TPM to seal the volume master key. The volume master key is now protected by both the TPM and the PIN. To unseal the volume master key, the user will be required to enter the PIN each time the computer starts up or resumes from hibernation. Startup key-only scenario (no TPM) In this scenario, the administrator enables BitLocker on a computer that does not contain a TPM. The computer user must insert the USB flash drive containing a startup key each time the computer starts or resumes from hibernation. The startup key for a non-tpm computer must be created during BitLocker initialization, either through the BitLocker setup wizard or through scripting. BitLocker generates the startup key, the user inserts a USB flash drive, and the system stores the startup key on that device. Using the BitLocker Control Panel item, the user can create a backup copy of the startup key. The startup key is saved unencrypted, in a.bek file as raw binary data. In the case of a lost startup key, the volume must be recovered by using the recovery key or the recovery password and a new startup key must be generated (this process will revoke the original startup key). All other volumes also using the lost startup key must go through a similar procedure, to ensure that the lost startup key is not used by an unauthorized user. BitLocker Architecture BitLocker helps protect the operating system volume of the hard disk from unauthorized access while the computer is offline. To achieve this, BitLocker uses full-volume encryption and the security enhancements offered by the TPM. On computers that have a TPM, BitLocker also supports multifactor authentication. BitLocker uses the TPM to perform system integrity checks on critical early boot components. The TPM collects and stores measurements from multiple early boot components and boot configuration data to create a system identifier for that computer, much like a fingerprint. If the early boot components are changed or tampered with, such as by changing the BIOS, changing the master boot record (MBR), or moving the hard disk to a different computer, the TPM prevents BitLocker from unlocking the encrypted volume and the computer enters recovery mode. If the TPM verifies system integrity, BitLocker unlocks the protected volume. The operating system then starts and system protection becomes the responsibility of the user and the operating system. Figure 3 shows how the BitLocker-protected volume is encrypted with a full volume encryption key, which in turn is encrypted with a volume master key. Securing the volume master key is an indirect way of protecting data on the volume. The addition of the volume master key allows the system to be re-keyed easily when keys upstream in the trust chain are lost or compromised. This ability to re-key the system saves the expense of decrypting and encrypting the entire volume again. Copyright 2007 Global Knowledge Training LLC. All rights reserved. Page 6
7 Figure 3. Relationship between different encryption keys in BitLocker. Copyright 2007 Global Knowledge Training LLC. All rights reserved. Page 7
8 Once BitLocker authenticates access to the protected operating system volume, a filter driver in the Windows Vista file system stack encrypts and decrypts disk sectors transparently as data is written to and read from the protected volume. When the computer hibernates, the hibernation file is saved encrypted to the protected volume. When the computer resumes from hibernation, the encrypted hibernation file is decrypted. After BitLocker encrypts the protected volume during setup, the impact on day-to-day system performance for encryption and decryption is typically minimal. If you temporarily disable BitLocker (for example, to update the BIOS), the operating system volume remains encrypted, but the volume master key will be encrypted with a "clear key" stored unencrypted on the hard disk. The availability of this unencrypted key disables the data protection offered by BitLocker. When BitLocker is re-enabled, the unencrypted key is removed from the disk, the volume master key is keyed and encrypted again, and BitLocker protection resumes. IT administrators can configure BitLocker locally through the BitLocker setup wizard, or both locally and remotely with the interfaces exposed by the Win32_EncryptableVolume WMI provider of the Windows Vista operating system. Interfaces include management functionality to begin, pause, and resume encryption of the volume and to configure how the volume is protected. Architectural Diagram Figure 4. Overall BitLocker Architecture Copyright 2007 Global Knowledge Training LLC. All rights reserved. Page 8
9 Figure 4 shows the overall BitLocker architecture, including its various subcomponents. It displays the user mode and the kernel mode components of BitLocker, including the TPM, and the way they integrate with the different layers of the operating system. Computer Updates and Upgrades. Disabling BitLocker Protection An administrator may want to temporarily disable BitLocker in certain scenarios, such as: Restarting the computer for maintenance without requiring user input (for example, a PIN or startup key). Updating the BIOS Upgrading critical early boot components without triggering BitLocker recovery. Such as: - Installing a different version of the operating system or another operating system, which might change the master boot record (MBR). - Repartitioning the disk, which might change the partition table. - Performing other system tasks that change the boot components validated by the TPM. Upgrading the motherboard to replace or remove the TPM without triggering BitLocker recovery. Turning off (disabling) or clearing the TPM without triggering BitLocker recovery. Moving a BitLocker-protected disk volume to another computer without triggering BitLocker recovery. These scenarios are collectively referred to as the computer upgrade scenario. BitLocker can be enabled or disabled through the BitLocker item in Control Panel in Windows. The following steps are necessary to upgrade a BitLocker-enabled computer. 1. Temporarily turn off BitLocker by placing it into disabled mode. 2. Upgrade the system or the BIOS. 3. Turn BitLocker back on. Forcing BitLocker into disabled mode will keep the volume encrypted, but the volume master key will be encrypted with a symmetric key stored unencrypted on the hard disk. The availability of this unencrypted key disables the data protection offered by BitLocker, but ensures that subsequent computer startups succeed without further user input. When BitLocker is re-enabled, the unencrypted key is removed from the disk and BitLocker protection is turned back on. Additionally, the volume master key is keyed and encrypted again. Moving the encrypted volume (that is, the physical disk) to another BitLocker-enabled computer does not require any additional steps because the key protecting the volume master key is stored unencrypted on the disk. System Recovery A number of scenarios can trigger a recovery process, for example: Moving the BitLocker-protected drive into a new computer. Installing a new motherboard with a new TPM. Turning off, disabling, or clearing the TPM. Updating the BIOS Upgrading critical early boot components that cause system integrity validation to fail. Copyright 2007 Global Knowledge Training LLC. All rights reserved. Page 9
10 Forgetting the PIN when PIN authentication has been enabled. Losing the USB flash drive containing the startup key when startup key authentication has been enabled. An administrator can also trigger recovery as an access control mechanism (for example, during computer redeployment). An administrator may decide to lock down an encrypted drive and require that users obtain BitLocker recovery information to unlock the drive If BitLocker enters recovery mode, the data in the encrypted volume can be recovered through a process that requires minimal setup. For detailed information, see Windows BitLocker Drive Encryption Step-by-Step Guide ( Recovery setup Using Group Policy, an IT administrator can choose what recovery methods to require, deny, or make optional for users who enable BitLocker. The recovery password can be stored in Active Directory Domain Services (AD DS), and the administrator can make this option mandatory, prohibited, or optional for each user of the computer. Additionally, the recovery data can be stored on a USB flash drive. Recovery scenarios In BitLocker, recovery consists of decrypting a copy of the volume master key using either a recovery key stored on a USB flash drive or a cryptographic key derived from a recovery password. The TPM is not involved in any recovery scenarios, so recovery is still possible if the TPM fails boot component validation, malfunctions, or is removed. Recovery password The recovery password is a 48-digit, randomly-generated number that can be created during BitLocker setup. If the computer enters recovery mode, the user will be prompted to type this password using the function keys (F0 through F9). The recovery password can be managed and copied after BitLocker is enabled. Using the BitLocker control panel, the recovery password can be printed or saved to a file for future use. A domain administrator can configure Group Policy to generate recovery passwords automatically and transparently back them up to AD DS as soon as BitLocker is enabled. The domain administrator can also choose to prevent BitLocker from encrypting a drive unless the computer is connected to the network and AD DS backup of the recovery password is successful. Recovery key The recovery key can be created and saved to a USB flash drive during BitLocker setup. It can also be managed and copied after BitLocker is enabled. If the computer enters recovery mode, the user will be prompted to insert the recovery key into the computer. Summary Microsoft s BitLocker Full Drive Encryption technology debuted in Windows Vista as a way to protect the system volume on notebook computers. The idea was that, while notebook loss or theft was inherently expensive, the real expense often came when the data on the drive was exploited by thieves. With full drive encryption, you can t simply pop out a hard drive and access the data using a different computer. Copyright 2007 Global Knowledge Training LLC. All rights reserved. Page 10
11 As it turns out, BitLocker is just as valuable for servers. BitLocker is included on Windows Server2008 and is identical to the version on Windows Vista, as discussed in this article, with the added feature of drive encryption on other volumes. Bottom line, BitLocker is a truly really safe way to protect your data and applications, hard drive and operation system, whether it s trying to access it in your own computer or in someone else s computer. Enjoy the new technology. Learn More Learn more about how you can improve productivity, enhance efficiency, and sharpen your competitive edge. Check out the following Global Knowledge courses: Microsoft Certified Technology Specialist: Server 2008 Upgrade Boot Camp Migrating to Server 2008 Updating Your Active Directory Technology Skills to Windows Server 2008 (Beta 3) Updating Your Application Platform Technology Skills to Windows Server 2008 (Beta 3) Updating Your Network Infrastructure Technology Skills to Windows Server 2008 (Beta 3) Deploying Microsoft Windows Vista Business Desktops Implementing, Configuring, and Troubleshooting Windows Vista Microsoft Certified IT Professional: Enterprise Support Technician Boot Camp For more information or to register, visit or call COURSES to speak with a sales representative. Our courses and enhanced, hands-on labs offer practical skills and tips that you can immediately put to use. Our expert instructors draw upon their experiences to help you understand key concepts and how to apply them to your specific work situation. Choose from our more than 700 courses, delivered through Classrooms, e-learning, and On-site sessions, to meet your IT and business training needs. About the Author Mark Mizrahi has been a Microsoft Certified System Engineer (MCSE) since NT3.51 with a certification in Security. He is a Microsoft Certified Trainer (MCT) and a Certified Ethical Hacker (CEH), and currently teaches Microsoft curriculum for Global Knowledge. He is President of Standard Computer Services and consults for various Fortune 500 companies. He designs and implements web-based Internet security and video surveillance systems for a diversified customer base. Keeping up with the various Hacking methods is part of his daily intake of information and he loves sharing it with his clients and students. Copyright 2007 Global Knowledge Training LLC. All rights reserved. Page 11
MU2b Authentication, Authorization and Accounting Questions Set 2
MU2b Authentication, Authorization and Accounting Questions Set 2 1. You enable the audit of successful and failed policy changes. Where can you view entries related to policy change attempts? Lesson 2
More informationSoftware Vulnerability Assessment & Secure Storage
Software Vulnerability Assessment & Secure Storage 1 Software Vulnerability Assessment Vulnerability assessment is the process of identifying flaws that reside in an OS, application software or devices
More informationWindows 10 and the Enterprise. Craig A. Brown Prepared for: GMIS
Windows 10 and the Enterprise Craig A. Brown Prepared for: GMIS 11-2-2015 Introduction Craig A. Brown Microsoft Practice Leader Global Knowledge MCT, Since 1996 MCSA / MCSE / NT / 2000 / 2003 MCDST MCITP:
More informationInformation protection BitLocker Overview of BitLocker Device Encryption in Windows 10 BitLocker frequently asked questions (FAQ) Prepare your
Table of Contents Information protection BitLocker Overview of BitLocker Device Encryption in Windows 10 BitLocker frequently asked questions (FAQ) Prepare your organization for BitLocker: Planning and
More informationEncrypting stored data
Encrypting stored data Tuomas Aura CSE-C3400 Information security Aalto University, autumn 2014 1. Scenarios 2. File encryption Outline 3. Encrypting file system 4. Full disk encryption 5. Data recovery
More informationSophos Central Device Encryption. Administrator Guide
Sophos Central Device Encryption Administrator Guide Contents About... 1 Manage BitLocker Drive Encryption... 2 Migrate to...2 Prepare Device Encryption...3 Device Encryption step by step... 3 Device Encryption
More informationHow To Encrypt a Windows 7, 8.1 or 10 laptop or tablet
How To Encrypt a Windows 7, 8.1 or 10 laptop or tablet Introduction College sensitive information stored on a mobile computing device is at risk for unauthorized access and disclosure if appropriate security
More informationSafeGuard Enterprise user help. Product version: 8.0
SafeGuard Enterprise user help Product version: 8.0 Contents 1 About SafeGuard Enterprise...4 2 SafeGuard Enterprise modules...5 3 Security recommendations...7 4 Full disk encryption...9 4.1 Encryption
More informationBitLocker Group Policy Settings
BitLocker Group Policy Settings Updated: September 13, 2013 Applies To: Windows 8, Windows 8.1, Windows Server 2012, Windows Server 2012 R2 This reference topic for the IT professional describes the function,
More informationGSE/Belux Enterprise Systems Security Meeting
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. 1 In the news Microsoft Exposes Scope of Botnet Threat By Tony Bradley, October 15, 2010 Microsoft's
More informationUsing SimplySecure to Deploy, Enforce & Manage BitLocker
Whitepaper Using SimplySecure to Deploy, Enforce & Manage BitLocker Organizational management plus access control managed through the cloud Rob Weber February 2019 What is BitLocker? Microsoft s BitLocker
More informationSafeGuard Enterprise. user help. Product Version: 8.1
SafeGuard Enterprise user help Product Version: 8.1 Contents About SafeGuard Enterprise...1 Modules... 2 Full disk encryption with BitLocker...2 Full disk encryption with SafeGuard Power-on Authentication...
More informationExpert Reference Series of White Papers. DirectAccess: The New VPN
Expert Reference Series of White Papers DirectAccess: The New VPN 1-800-COURSES www.globalknowledge.com DirectAccess: The New VPN Mark Mizrahi, MCSE, CEH, CEI Instructor, MCT, MCTS, MCITP Introduction
More informationTable of Contents. Table of Figures. 2 Wave Systems Corp. Client User Guide
2 Wave Systems Corp. Client User Guide Table of Contents Overview... 3 What is the Trusted Drive Manager?... 3 Key Features of Trusted Drive Manager... 3 Getting Started... 4 Required Components... 4 Configure
More informationMobility Windows 10 Bootcamp
Mobility Windows 10 Bootcamp Length: 8 days Format: Bootcamp Time: Day About This Course This boot camp is designed to provide students with the knowledge and skills required to install and configure Windows
More informationProtecting your data with Windows 10 BitLocker
Microsoft IT Showcase Protecting your data with Windows 10 BitLocker Microsoft BitLocker Drive Encryption technology uses the strongest publicly available encryption to protect your computer s data. It
More informationTroubleshooting and Supporting Windows 7 in the Enterprise
Troubleshooting and Supporting Windows 7 in the Enterprise Course 6293 - Three Days - Instructor-led - Hands on Introduction This course is designed for Information Technology (IT) professionals who have
More informationAdvanced Security Measures for Clients and Servers
Advanced Security Measures for Clients and Servers Wayne Harris MCSE Senior Consultant Certified Security Solutions Importance of Active Directory Security Active Directory creates a more secure network
More informationBitLocker Encryption for non-tpm laptops
BitLocker Encryption for non-tpm laptops Contents 1.0 Introduction... 2 2.0 What is a TPM?... 2 3.0 Users of non-tpm University laptops... 2 3.1 Existing Windows 7 laptop users... 2 3.2 Existing Windows
More informationFull file at Chapter 2: Securing and Troubleshooting Windows Vista
Chapter 2: Securing and Troubleshooting Windows Vista TRUE/FALSE 1. An elevated command prompt can only be attained by an administrator after he or she has responded to a UAC box. T PTS: 1 REF: 70 2. There
More informationConfiguring File Server Resource Manager (FSRM)
Configuring File Server Resource Manager (FSRM) LESSON 5 70-411 EXAM OBJECTIVE Objective 2.2 Configure File Server Resource Manager (FSRM). This objective may include but is not limited to: install the
More informationSphinx Feature List. Summary. Windows Logon Features. Card-secured logon to Windows. End-user managed Windows logon data
Sphinx List Summary Version Order # Included software components Sphinx Enterprise S-30 Install Sphinx Logon Manager software and desktop card readers on end-user computers. Pre-configured Sphinx CardMaker
More informationTPM v.s. Embedded Board. James Y
TPM v.s. Embedded Board James Y What Is A Trusted Platform Module? (TPM 1.2) TPM 1.2 on the Enano-8523 that: How Safe is your INFORMATION? Protects secrets from attackers Performs cryptographic functions
More information6293A Troubleshooting and Supporting Windows 7 in the Enterprise
6293A Troubleshooting and Supporting Windows 7 in the Enterprise Course Number: 6293A Course Length: 3 Days Course Overview This course is designed for Information Technology (IT) professionals who have
More informationForensics Challenges. Windows Encrypted Content John Howie CISA CISM CISSP Director, Security Community, Microsoft Corporation
Forensics Challenges Windows Encrypted Content John Howie CISA CISM CISSP Director, Security Community, Microsoft Corporation Introduction Encrypted content is a challenge for investigators Makes it difficult
More informationThe following documents are included with your Sony VAIO computer.
Documentation The following documents are included with your Sony VAIO computer. Printed Documentation Quick Start Guide Describes the process from unpacking to starting up your VAIO. Troubleshooting and
More informationLesson 2: Installing Windows 8.1. MOAC : Configuring Windows 8.1
Lesson 2: Installing Windows 8.1 MOAC 70-687: Configuring Windows 8.1 Overview Exam Objective 1.2: Install Windows 8.1 o Install as Windows To Go o Migrate from previous versions of Windows to Windows
More informationMIS NETWORK ADMINISTRATOR PROGRAM
NH62-9293 Installing, Managing & Troubleshooting Windows 7 Desktop and Intro to Windows 8 104 Total Hours COURSE TITLE: Installing, Managing & Troubleshooting Windows 7 Desktop and Intro to Windows 8 COURSE
More informationWindows Server : Administering Windows Server 2012 R2. Upcoming Dates. Course Description. Course Outline
Windows Server 2012 20411: Administering Windows Server 2012 R2 Acquire the skills necessary to administrate and implement the core infrastructure services in a Windows Server 2012 R2 environment. Learn
More informationBackup, File Backup copies of individual files made in order to replace the original file(s) in case it is damaged or lost.
Glossary A Active Directory a directory service that inventories, secures and manages the users, computers, rules and other components of a Microsoft Windows network. This service is typically deployed
More informationGetCertkey. No help, Full refund!
GetCertkey http://www.getcertkey.com No help, Full refund! Exam : 70-680 Title : TS:Windows 7,Configuring Vendor : Microsoft Version : DEMO Get Latest & Valid 70-680 Exam's Question and Answers 1 from
More informationC A S P E R TECH EDITION 10 USER GUIDE
TM C A S P E R TM TECH EDITION 10 USER GUIDE Copyright and Trademark Information Information in this document is subject to change without notice. Federal law prohibits unauthorized use, duplication, and
More informationDell Data Security Console. User Guide v2.0
Dell Data Security Console User Guide v2.0 Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either
More informationTrusted Platform Module (TPM) Quick Reference Guide
Trusted Platform Module (TPM) Quick Reference Guide System builders/integrators should give this Guide to the system owners to assist them in enabling and activating the Trusted Platform Module. Warning
More informationMD-100: Modern Desktop Administrator Part 1
Days: 5 Description: This five-day course is for IT professionals who deploy, configure, secure, manage, and monitor devices and client applications in an enterprise environment. Students will develop
More informationWindows Client, Enterprise Desktop Support Technician
Course 50331D: Windows Client, Enterprise Desktop Support Technician Page 1 of 11 Windows Client, Enterprise Desktop Support Technician Course 50331D: 3 days; Instructor-Led Introduction (Updated for Windows
More informationFix Three Common Accounting Firm Data Vulnerabilities
Fix Three Common Accounting Firm Data Vulnerabilities Fix Three Common Accounting Firm Data Vulnerabilities Use these step-by-step guides to protect your business from data thieves Brought to you by: Encyro
More informationWindows 7, Enterprise Desktop Support Technician
Windows 7, Enterprise Desktop Support Technician Course 50331D; 5 days, Instructor-led Course Description This five-day instructor-led course provides students with the knowledge and skills needed to isolate,
More informationTrusted Platform Module explained
Bosch Security Systems Video Systems Trusted Platform Module explained What it is, what it does and what its benefits are 3 August 2016 2 Bosch Security Systems Video Systems Table of contents Table of
More informationUNIVERSITY OF EXETER BITLOCKER USER GUIDE
Exeter IT Technical Planning & Development UNIVERSITY OF EXETER BITLOCKER USER GUIDE BitLocker is an encryption system which allows the University to secure sensitive information on University owned laptops,
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine Security Policy Abstract: This document specifies Security Policy enforced by the SecureDoc Cryptographic Engine compliant with the requirements of FIPS 140-2
More informationVendor: CompTIA. Exam Code: Exam Name: CompTIA A+ Certification Exam (902) Version: Demo
Vendor: CompTIA Exam Code: 220-902 Exam Name: CompTIA A+ Certification Exam (902) Version: Demo DEMO QUESTION 1 Which of the following best practices is used to fix a zero-day vulnerability on Linux? A.
More informationFinding information on your computer
Important Be sure to create recovery discs immediately after your computer is ready for use because there are no recovery discs provided with the computer. For instructions on how to create the recovery
More informationNE Administering Windows Server 2012
NE-20411 Administering Windows Server 2012 Summary Duration 5 Days Audience IT Professionals Level 200 Technology Windows Server 2012 Delivery Method Instructor-led (Classroom) Training Credits N/A Introduction
More informationCourse Outline. Implementing and Managing Windows 10 Course C: 5 days Instructor Led
Implementing and Managing Windows 10 Course 20697-1C: 5 days Instructor Led About this course This course is designed to provide students with the knowledge and skills required to install and configure
More informationInstalling and Configuring Windows 10 5 Days, Instructor-led
Installing and Configuring Windows 10 5 Days, Instructor-led Course Description This course is designed to provide students with the knowledge and skills required to install and configure Windows 10 desktops
More informationDesigning and Deploying Connected Device Solutions for Small and Medium Business
Designing and Deploying Connected Device Solutions for Small and Medium Business HPATA Connected Devices Study Guide Rev 1.1 Table of Contents 1.1 Describe and recognize common desktop virtualization technologies
More informationComputer Visions Course Outline
www.compvisions.com 16 Corporate Woods Blvd. Albany, NY 12211 Computer Visions Course Outline Get What You Want We offer highly customizable group training courses: desktop applications, web development,
More informationAdministering Windows Server 2012
Administering Windows Server 2012 20411D; 5 days, Instructor-led Course Description Get hands-on instruction and practice administering Windows Server 2012, including Windows Server 2012 R2, in this five-day
More informationCourse D:Implementing and Managing Windows 100
Course 20697-1D:Implementing and Managing Windows 100 About this course: This course provides students with the knowledge and skills required to install and configure Windows 10 desktops and devices in
More informationUEFI, SecureBoot, DeviceGuard, TPM a WHB (un)related technologies
GOLD PARTNER: Hlavní partner: Hlavní odborný partner: UEFI, SecureBoot, DeviceGuard, TPM a WHB (un)related technologies Ing. Ondřej Ševeček GOPAS a.s. MCSM:Directory MVP:Security CISA CISM CEH CHFI ondrej@sevecek.com
More informationSafeGuard Easy Administrator help. Product version: 6.1
SafeGuard Easy Administrator help Product version: 6.1 Document date: January 2014 Contents 1 About Sophos SafeGuard (SafeGuard Easy) 6.1...10 1.1 SafeGuard Policy Editor...13 1.2 Sophos SafeGuard on endpoints...14
More informationFile Encryption. Steven M. Bellovin https://www.cs.columbia.edu/~smb
File Encryption Steven M. Bellovin https://www.cs.columbia.edu/~smb Why Encrypt Files? Theft of files Theft of media Theft of computer Cloud storage? I.e. Someone else s computer 1 Issues with File Encryption
More informationReset tpm owner password
Reset tpm owner password 11th Doctor Who episode with Rory and Amy getting split up. TPM.MSC reports that the TPM is "ready for use", but if I click "change owner password", it asks for the old password,
More informationActive Directory Services with Windows Server
Active Directory Services with Windows Server 10969B; 5 days, Instructor-led Course Description Get hands on instruction and practice administering Active Directory technologies in Windows Server 2012
More informationTrusted Computing Group
Trusted Computing Group Backgrounder May 2003 Copyright 2003 Trusted Computing Group (www.trustedcomputinggroup.org.) All Rights Reserved Trusted Computing Group Enabling the Industry to Make Computing
More informationCOURSE OUTLINE: Supporting and Troubleshooting Windows 10
Course Name 10982-Supporting and Troubleshooting Course Duration 5 Days Course Structure Instructor-Led Course Overview This course is designed to provide students with the knowledge and skills required
More informationCourse overview CompTIA A Official Study Guide
Course overview CompTIA A+ 220-801 Official Study Guide (G183eng ver092) Overview CompTIA A+ courses are intended for students wishing to qualify with CompTIA A+ Certification. A+ certification is designed
More informationCOURSE 20698A: INSTALLING AND CONFIGURING WINDOWS 10
ABOUT THIS COURSE This five-day instructor-led course provides IT professionals with the knowledge and skills required to install and configure Windows 10 desktops in a Windows Server small to medium-sized
More informationHP Manageability Integration Kit HP Client Management Solutions
HP Manageability Integration Kit HP Client Management Solutions November 2017 925167-002 Table of contents 1 Overview... 9 2 System requirements... 10 2.1 Supported Microsoft System Center Configuration
More informationACTIVE DIRECTORY SERVICES WITH WINDOWS SERVER
CENTER OF KNOWLEDGE, PATH TO SUCCESS Website: ACTIVE DIRECTORY SERVICES WITH WINDOWS SERVER Course: 10969A; Duration: 5 Days; Instructor-led WHAT YOU WILL LEARN Get hands-on instruction and practice administering
More informationPlanning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On- Premises Tools
Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On- Premises Tools 20398BA - 5 Days - Instructor-led, Hands-on Introduction This five-day course teaches IT professionals
More informationUpdating Your Windows Server 2003 Technology Skills to Windows Server 2008
6416D: Updating Your Windows Server 2003 Technology Skills to Windows Server 2008 Page 1 of 10 Updating Your Windows Server 2003 Technology Skills to Windows Server 2008 Course 6416D: 4 days; Instructor-Led
More informationMagic Card User Manual
Table of Contents Magic Card User Manual Magic Card Introduction 2 What is Magic card? 2 Magic Card Features 2 Working Modes 3 Magic card editions 3 Installation 4 System Requirements 4 Pre-installation
More informationWindows Server 2008 Administration
Hands-On Course Description This course provides hands on experience installing and configuring Windows Server 2008 to work with clients including Windows Vista. Students will perform full and core CD-based
More informationUser Guide. IronKey Workspace Models: W700 Updated: September 2013 IRONKEY WORKSPACE W700 USER GUIDE
User Guide IronKey Workspace Models: W700 Updated: September 2013 PAGE 1 Thank you for your interest in IronKey Workspace W700 by Imation. Imation s Mobile Security Group is committed to creating and developing
More informationSupporting and Troubleshooting Windows 10 va. Overview
Supporting and Troubleshooting Windows 10 va Overview This course is designed to provide students with the knowledge and skills required to support and troubleshoot Windows 10 PCs and devices in a Windows
More informationCourse Outline. Installing and Configuring Windows 10 Course 20698A 5 days Instructor Led
Installing and Configuring Windows 10 Course 20698A 5 days Instructor Led About this course This five-day instructor-led course provides IT professionals with the knowledge and skills required to install
More informationConfiguring, Managing, and Maintaining Windows Server 2008 R2 Servers
Configuring, Managing, and Maintaining Windows Server 2008 R2 Servers Course 6419B - Five Days - Instructor-led - Hands on Introduction This five-day instructor-led course provides students with the knowledge
More informationExam Name: Pro: Upgrading to Windows 7 MCITP Enterprise Desktop Support Technician
Vendor: Microsoft Exam Code: 70-682 Exam Name: Pro: Upgrading to Windows 7 MCITP Enterprise Desktop Support Technician Version: DEMO QUESTION 1 Scenario 1 For your convenience, the scenario is repeated
More informationAdvanced Crypto. Introduction. 5. Disk Encryption. Author: Prof Bill Buchanan. Bob. Alice. Eve.
Advanced Crypto Bob Alice 5. Disk Encryption Eve Introduction Trent http://asecuritysite.com/crypto Market Microsoft Bitlocker File/Folder Encryption Disk Encryption Check Point Full Disk Encryption Software
More informationTroubleshooting and Supporting Windows 7 in the Enterprise
Course 6293A: Troubleshooting and Supporting Windows 7 in the Enterprise Course Details Course Outline Module 1: Implementing a Troubleshooting Methodology This module describes the steps involved in establishing
More informationFormat Hard Drive Using Windows 7 Recovery Disk
Format Hard Drive Using Windows 7 Recovery Disk Jun 8, 2015. If it's not possible to create a recovery disk using this method, is it possible to backup Hey guys, I'm looking to format my hard-drive and
More informationPart I. Windows XP Overview, Installation, and Startup COPYRIGHTED MATERIAL
Part I Windows XP Overview, Installation, and Startup COPYRIGHTED MATERIAL Chapter 1 What s New in Windows XP? Windows XP suffers somewhat from a dual personality. In some ways it is a significant release,
More informationIdentity with Windows Server 2016
Identity with Windows Server 2016 20742B; 5 days, Instructor-led Course Description This five-day instructor-led course teaches IT Pros how to deploy and configure Active Directory Domain Services (AD
More informationInfoWatch CryptoStorage. User Guide
InfoWatch CryptoStorage User Guide I N F O W A T C H C R Y P T O S T O R A G E User Guide ZAO InfoWatch Phone/fax: +7(495)22-900-22 http://www.infowatch.com Last edited: December 2008 Table of Contents
More informationDepartment of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD
Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD THIS LECTURE... Today: Technology Lecture discusses basics in context of TPMs
More informationUpgrading Your Skills to MCSA Windows 8 by Hikmat Nomat with 111 q
Upgrading Your Skills to MCSA Windows 8 by Hikmat Nomat with 111 q Number: 70-689 Passing Score: 700 Time Limit: 120 min File Version: 1.2 http://www.gratisexam.com/ Upgrading Your Skills to MCSA Windows
More informationLesson 3: Identifying Key Characteristics of Workgroups and Domains
1-16 Chapter 1 Introduction to Windows XP Professional Lesson 3: Identifying Key Characteristics of Workgroups and Domains Windows XP Professional supports two types of network environments in which users
More informationConfiguring, Managing and Maintaining Windows Server 2008-based Servers (Course 6419)
Length: 5 Days About this Course This five-day instructor-led course provides students with the knowledge and skills that are required to manage accounts and resources, maintain server resources, monitor
More informationInstalling and Configuring Windows 10
Course 20698: Installing and Configuring Windows 10 Page 1 of 8 Installing and Configuring Windows 10 Course 20698: 4 days; Instructor-Led About This Course This four-day instructor-led course provides
More informationPKI Credentialing Handbook
PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key
More informationSEAhawk and Self Encrypting Drives (SED) Whitepaper
Suite 301, 100 Front Street East, Toronto, Ontario, M5A 1E1 SEAhawk and Self Encrypting Drives (SED) Whitepaper This paper discusses the technology behind Self-Encrypting Drives (SEDs) and how Cryptomill
More informationFile System NTFS. Section Seven. NTFS, EFS, Partitioning, and Navigating Folders
13 August 2002 File System Section Seven NTFS, EFS, Partitioning, and Navigating Folders NTFS DEFINITION New Technologies File System or NTFS was first applied in Windows NT 3.0 back in 1992. This technology
More informationIntroducing Windows 7 Lesson 1
Introducing Windows 7 Lesson 1 Minimum System Requirements 1 gigahertz (GHz) or faster 32-bit (x86) or 64-bit (x64) processor 1 gigabyte (GB) RAM (32-bit) or 2 GB RAM (64-bit) 16 GB available hard disk
More informationSupporting and Troubleshooting Windows 10
Course 10982B: Supporting and Troubleshooting Windows 10 Page 1 of 7 Supporting and Troubleshooting Windows 10 Course 10982B: 4 days; Instructor-Led Introduction This course is designed to provide students
More informationms-help://ms.technet.2004apr.1033/win2ksrv/tnoffline/prodtechnol/win2ksrv/howto/efsguide.htm
Page 1 of 14 Windows 2000 Server Step-by-Step Guide to Encrypting File System (EFS) Abstract This document provides sample procedures that demonstrate the end-user and administrative capabilities of the
More informationKey Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge
Key Threats Internet was just growing Mail was on the verge Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering Key Threats Code Red and Nimda (2001), Blaster (2003), Slammer
More informationVeeam Endpoint Backup
Veeam Endpoint Backup Version 1.5 User Guide March, 2016 2016 Veeam Software. All rights reserved. All trademarks are the property of their respective owners. No part of this publication may be reproduced,
More informationAdministering Windows Server 2012 (NI104)
Administering Windows Server 2012 (NI104) MOC OD20411D - 40 Hours Overview Get hands-on instruction and practice administering Windows Server 2012, including Windows Server 2012 R2, in this five-day Microsoft
More informationCOPYRIGHTED MATERIAL. Contents. Assessment Test
Contents Introduction Assessment Test xxvii xxxvii Chapter 1 Installing Windows 7 1 Introducing Windows 7 2 Windows 7 Architecture 5 Preparing to Install Windows 7 6 Windows 7 Starter 7 Windows 7 Home
More informationWINDOWS 7 BITLOCKER DRIVE ENCRYPTION
ComputerFixed.co.uk Page: 1 Email: info@computerfixed.co.uk WINDOWS 7 BITLOCKER DRIVE ENCRYPTION There are so many ways in which you can stop unauthorized access to your computer but what if someone steals
More informationTestOut PC Pro - English 6.0.x COURSE OUTLINE. Modified
TestOut PC Pro - English 6.0.x COURSE OUTLINE Modified 2019-01-02 TestOut PC Pro Outline - English 6.0.x Videos: 142 (17:10:32) Demonstrations: 144 (17:38:44) Simulations: 117 Fact Sheets: 189 Exams: 132
More informationCOURSE 10982: SUPPORTING AND TROUBLESHOOTING WINDOWS 10
ABOUT THIS COURSE This course is designed to provide students with the knowledge and skills required to support and troubleshoot Windows 10 PCs and devices in a Windows Server domain environment. These
More informationSecurity Enhancements
OVERVIEW Security Enhancements February 9, 2009 Abstract This paper provides an introduction to the security enhancements in Microsoft Windows 7. Built upon the security foundations of Windows Vista, Windows
More informationCourse 10982B: Supporting and Troubleshooting Windows 10
C O U R S E O U T L I N E P A G E 1 Course 10982B: Supporting and Troubleshooting Windows 10 Duration 5 Days About this course This course is designed to provide students with the knowledge and skills
More informationImplementing and Managing Windows 10
Implementing and Managing Windows 10 20697-1C; 5 Days; Instructor-led Course Description This course is designed to provide students with the knowledge and skills required to install and configure Windows
More informationLearn about the Fundamental building blocks that go into building a Windows Server infrastructure with Windows Server 2012.
Fundamentals of a Windows Server Infrastructure Overview Learn about the Fundamental building blocks that go into building a Windows Server infrastructure with Windows Server 2012. This five day course
More informationCompTIA A+ Certification ( ) Study Guide Table of Contents
CompTIA A+ Certification (220-902) Study Guide Table of Contents Course Introduction About This Course About CompTIA Certifications Module 1 / Supporting Windows 1 Module 1 / Unit 1 Windows Operating System
More informationPlanning for and Managing Devices in the Enterprise: Enterprise Management Suite (EMS) & On-Premises Tools
Enterprise Management Suite (EMS) & On-Premises Tools Page 1 of 7 Planning for and Managing Devices in the Enterprise: Enterprise Management Suite (EMS) & On-Premises Tools Course 20398A: 4 days; Instructor-Led
More information