Windows Laptop Security – Encryption and Other Options - Part 2 of 2
In Part 2, we look at Windows hard drive encryption. In addition, we take a brief look at options for recovering stolen laptops.
Windows Hard Drive Encryption
Microsoft Windows BitLocker Drive Encryption with TPM (Trusted Platform Module – see references at end of article) is Microsoft’s blessed offering to provide full-on entire o/s and hard drive encryption. This offering does various pre-boot verification of critical files, comparing checksums and related keys, in order to determine if the o/s should even boot. BitLocker works in conjunction with hardware- and firmware-embedded verification mechanisms termed TPM – Trusted Platform Module. If the Windows o/s hard drive should be removed from its associated laptop then, due to the TPM key-matching algorithms and, without the appropriate BitLocker key, the hard drive would be unusable in any other system but the one for which it was intended – the one on which the BitLocker encryption was initially enabled.
TPM itself is included in most business-class laptops sold today – sometimes as a default option and sometimes as a requested option.
Note that there are also commercial non-Microsoft laptop hard drive encryption offerings, such as Dekart’s “Private Disk” and the free utility “TrueCrypt” (see references below). These products claim to offer similar levels of pre-boot verification, but not all such products work seamlessly with TPM; some such products are standalone, and as such, are not entirely as locked down as the BitLocker-TPM combination.
With this level of hard drive and o/s encryption, there is a very high degree of comfort in realizing that, if the laptop it stolen, there is little chance that any data will be compromised.
Other third-party Windows hard drive encryption offerings:
Dekart’s “Private Disk” encryption utility - great for encrypting thumb drives and even fixed data (non-o/s) drives.
TrueCrypt can encrypt entire o/s disk or data disk.
Windows XP Professional Stolen Laptop Recovery Options
As a part of Windows laptop security, encryption should go hand-in-hand with laptop “location-and-recovery” services such as CyberAngel and Adeona (see references below). Adeona is the first free Open Source offering for tracking the location of your lost or stolen laptop. Some such services use GPS location; some are software-only; others are hardware- or firmware-embedded; others use Wi-Fi triangulation, in conjunction with GPS to help locate and recover a lost or stolen laptop. Note also that CyberAngel and some other tools in the same class provide end-to-end complete hard drive encryption or file- and folder-based encryption – in attempts to be a one-stop laptop security solution.
Clearly there are both free and commercial file and disk encryption utilities for Windows-based systems, including XP, Vista and Windows Server platforms. For hard drive encryption, best practice dictates that you should use the tool designed by the vendor at the o/s level – BitLocker. Using tools such as BitLocker, in conjunction with Trusted Platform Module, provide an almost unbreakable encryption scenario for your entire o/s and related data; thus providing you with the ability to sleep easily at night, knowing that, if your laptop is stolen, your data cannot be compromised.
Additionally, such tools as CyberAngel and other laptop recovery tools, can provide yet another level of peace of mind – knowing that there may be a possibility of recovering your physical laptop in the event it is lost or stolen.
Last but not least, simple best practices, such as storing minimal unencrypted or sensitive information on your laptop and, instead, storing your more sensitive data on network drives at your workplace, can also provide an added measure of security to your laptop data. The added best practice of storing copies of sensitive data on removable drives, which you always keep on your person, adds still another layer of comfort, security and safety regarding intellectual property, sensitive data, and ability to recover.
Microsoft BitLocker and TPM Technical Overview
This post is part of the series: Windows Laptop Security - Encryption and Other Options
In this series, we review Windows file encryption, folder encryption, o/s hard drive encryption, sensitive data best practices, and we take a brief look at lost or stolen laptop recovery tools.