A Windows Vista forum. Vista Banter

Welcome to Vista Banter.

You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact contact support.

Go Back   Home » Vista Banter forum » Microsoft Windows Vista » Security and Windows Vista
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Security and Windows Vista A forum for discussion on security issues with Windows Vista. (microsoft.public.windows.vista.security)

Bitlocker



 
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old September 4th 06, 01:34 PM posted to microsoft.public.windows.vista.security
Or Tsemah
external usenet poster
 
Posts: 74
Default Bitlocker

I have two question that i need to clarify?
First, How not having a TPM chip affects bitlocker? is it the early-boot
component that i require? because i understand that i CAN use a USB for this

Second, if i take a Bitlocker encripted disk and plug it as a secondary
drive on another computer, how can i read it (For restore purposes)

Thanks.
Or.
  #2 (permalink)  
Old September 4th 06, 06:17 PM posted to microsoft.public.windows.vista.security
Brian Lew
external usenet poster
 
Posts: 20
Default Bitlocker

Compared to a USB flash drive, the TMP chip is integrated into the
motherboard and "always plugged in". If you have a TMP, you can also add a
PIN/password to be typed in when the computer starts (in addition to any
passwords on user accounts).

I don't think you can read an encrypted hard drive without the encryption
key, but I haven't tried. I'll try it now and let you know.

"Or Tsemah" wrote:

I have two question that i need to clarify?
First, How not having a TPM chip affects bitlocker? is it the early-boot
component that i require? because i understand that i CAN use a USB for this

Second, if i take a Bitlocker encripted disk and plug it as a secondary
drive on another computer, how can i read it (For restore purposes)

Thanks.
Or.

  #3 (permalink)  
Old September 4th 06, 06:26 PM posted to microsoft.public.windows.vista.security
Or Tsemah
external usenet poster
 
Posts: 74
Default Bitlocker

Please tell me, is there any difference of running a Laptop with a "TPM
Transparent" Bitlocker state (Without the use of PIN\USB) and not running
Bitlocker at all?
I mean, if the computer get stolen, the thief could read the info on the
drive because the TPM handels the encryption.

Or.

"Brian Lew" wrote:

Compared to a USB flash drive, the TMP chip is integrated into the
motherboard and "always plugged in". If you have a TMP, you can also add a
PIN/password to be typed in when the computer starts (in addition to any
passwords on user accounts).

I don't think you can read an encrypted hard drive without the encryption
key, but I haven't tried. I'll try it now and let you know.

"Or Tsemah" wrote:

I have two question that i need to clarify?
First, How not having a TPM chip affects bitlocker? is it the early-boot
component that i require? because i understand that i CAN use a USB for this

Second, if i take a Bitlocker encripted disk and plug it as a secondary
drive on another computer, how can i read it (For restore purposes)

Thanks.
Or.

  #4 (permalink)  
Old September 4th 06, 06:31 PM posted to microsoft.public.windows.vista.security
Brian Lew
external usenet poster
 
Posts: 20
Default Bitlocker

The only difference I can see is if only the hard drive is stolen. And
you're right, if the whole computer is stolen, and BitLocker is still in
transparent mode, it will still be transparent.

"Or Tsemah" wrote:

Please tell me, is there any difference of running a Laptop with a "TPM
Transparent" Bitlocker state (Without the use of PIN\USB) and not running
Bitlocker at all?
I mean, if the computer get stolen, the thief could read the info on the
drive because the TPM handels the encryption.

Or.

"Brian Lew" wrote:

Compared to a USB flash drive, the TMP chip is integrated into the
motherboard and "always plugged in". If you have a TMP, you can also add a
PIN/password to be typed in when the computer starts (in addition to any
passwords on user accounts).

I don't think you can read an encrypted hard drive without the encryption
key, but I haven't tried. I'll try it now and let you know.

"Or Tsemah" wrote:

I have two question that i need to clarify?
First, How not having a TPM chip affects bitlocker? is it the early-boot
component that i require? because i understand that i CAN use a USB for this

Second, if i take a Bitlocker encripted disk and plug it as a secondary
drive on another computer, how can i read it (For restore purposes)

Thanks.
Or.

  #5 (permalink)  
Old September 4th 06, 06:35 PM posted to microsoft.public.windows.vista.security
Or Tsemah
external usenet poster
 
Posts: 74
Default Bitlocker

Thanks for the quick response.

I have another question qbout security for you
It's a simple one,
How does the NAP Health server directs me to a quarnatined Network when my
health certificate is inadiquate? Does it tells my DHCP Server to change my
IP? Or maybe tells the switch hardware to move me to a VLAN?

Thanks.
Or.


"Brian Lew" wrote:

The only difference I can see is if only the hard drive is stolen. And
you're right, if the whole computer is stolen, and BitLocker is still in
transparent mode, it will still be transparent.

"Or Tsemah" wrote:

Please tell me, is there any difference of running a Laptop with a "TPM
Transparent" Bitlocker state (Without the use of PIN\USB) and not running
Bitlocker at all?
I mean, if the computer get stolen, the thief could read the info on the
drive because the TPM handels the encryption.

Or.

"Brian Lew" wrote:

Compared to a USB flash drive, the TMP chip is integrated into the
motherboard and "always plugged in". If you have a TMP, you can also add a
PIN/password to be typed in when the computer starts (in addition to any
passwords on user accounts).

I don't think you can read an encrypted hard drive without the encryption
key, but I haven't tried. I'll try it now and let you know.

"Or Tsemah" wrote:

I have two question that i need to clarify?
First, How not having a TPM chip affects bitlocker? is it the early-boot
component that i require? because i understand that i CAN use a USB for this

Second, if i take a Bitlocker encripted disk and plug it as a secondary
drive on another computer, how can i read it (For restore purposes)

Thanks.
Or.

  #6 (permalink)  
Old September 4th 06, 06:38 PM posted to microsoft.public.windows.vista.security
Brian Lew
external usenet poster
 
Posts: 20
Default Bitlocker

I have no clue; sorry I couldn't be of more help.

"Or Tsemah" wrote:

Thanks for the quick response.

I have another question qbout security for you
It's a simple one,
How does the NAP Health server directs me to a quarnatined Network when my
health certificate is inadiquate? Does it tells my DHCP Server to change my
IP? Or maybe tells the switch hardware to move me to a VLAN?

Thanks.
Or.


"Brian Lew" wrote:

The only difference I can see is if only the hard drive is stolen. And
you're right, if the whole computer is stolen, and BitLocker is still in
transparent mode, it will still be transparent.

"Or Tsemah" wrote:

Please tell me, is there any difference of running a Laptop with a "TPM
Transparent" Bitlocker state (Without the use of PIN\USB) and not running
Bitlocker at all?
I mean, if the computer get stolen, the thief could read the info on the
drive because the TPM handels the encryption.

Or.

"Brian Lew" wrote:

Compared to a USB flash drive, the TMP chip is integrated into the
motherboard and "always plugged in". If you have a TMP, you can also add a
PIN/password to be typed in when the computer starts (in addition to any
passwords on user accounts).

I don't think you can read an encrypted hard drive without the encryption
key, but I haven't tried. I'll try it now and let you know.

"Or Tsemah" wrote:

I have two question that i need to clarify?
First, How not having a TPM chip affects bitlocker? is it the early-boot
component that i require? because i understand that i CAN use a USB for this

Second, if i take a Bitlocker encripted disk and plug it as a secondary
drive on another computer, how can i read it (For restore purposes)

Thanks.
Or.

  #7 (permalink)  
Old September 8th 06, 06:13 AM posted to microsoft.public.windows.vista.security
Jamie Hunter [MS]
external usenet poster
 
Posts: 39
Default Bitlocker

A couple of clarifications on BitLocker for you regarding your questions on
this thread:

(1) How to read the disk in another computer for restore purposes

For this scenario, a USB key or password is required. The "manage-bde"
command line interface, which wraps around the WMI interface, is the most
powerful way to address all desired restore scenarios.

(2) Can a thief read a TPM protected disk?

In the TPM-only case, the TPM is protecting the OS. Although the OS has full
access to the data because the OS has the key, it is protecting access to
the disk. For this security to work successfully, it is important that the
logon password is strong. I.e. a blank password would allow the thief access
to the data .
In summary, TPM ensures OS cannot have the key if it is cracked. IS has key
if the OS is not cracked. Thief cannot get key without cracking OS.

TPM+USB or TPM+PIN does provided extra security depth, however these usually
have a usability pain factor associated with them.
-
Jamie Hunter [MS]
----


"Or Tsemah" wrote in message
...
I have two question that i need to clarify?
First, How not having a TPM chip affects bitlocker? is it the early-boot
component that i require? because i understand that i CAN use a USB for
this

Second, if i take a Bitlocker encripted disk and plug it as a secondary
drive on another computer, how can i read it (For restore purposes)

Thanks.
Or.


 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 10:32 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.Search Engine Optimization by vBSEO 3.0.0 RC6
Copyright ©2004-2024 Vista Banter.
The comments are property of their posters.