1. Home
  2. Microsoft Products
  3. Microsoft Windows Vista

Chapter 11: Protecting YourData

Chapter 11: Protecting Your Data

Many of the security features in Microsoft Windows Vista are designed to protect your computer from attack by individuals accessing the computer over the network or from the Internet. When the attacker is in your home or office, however, most of these remote access security features fall short in protecting your data. If someone can boot your computer to another operating system, that person could change your computer’s configuration or make other unapproved modifications. He or she could also gain access to your most sensitive data. To protect your data from individuals who have direct access to your computer, Windows Vista includes Trusted Platform Module Services architecture and BitLocker Drive Encryption. Together these features ensure that your computer is protected from many types of attacks by individuals who have direct access to your computer.

Note 

This book was written using the Windows Vista Beta to provide an early introduction to the operating system. More so than any other area of Windows Vista, the security features discussed in this book are subject to change. Some of these features might not be included in the final product, and some of the features might be changed substantially.

Introducing Trusted Platforms

Both Microsoft Windows XP and Windows Vista include the Encrypting File System (EFS) for encrypting files and folders. Using EFS, you can protect your sensitive data so that it can be accessed only by using your public key infrastructure (PKI) certificate. Encryption certificates are stored as part of the data in your user profile. As long as you have access to your profile and the encryption key it contains, you can access your files.

While EFS offers excellent protection for you data, it doesn’t safeguard the computer from attack by someone who has access to the console. In a situation where you’ve lost your computer, your computer has been stolen, or an attacker is logging on to your computer, EFS might not protect you, because the unauthorized user might be able to gain access to the computer before it starts up. He could then access the computer from another operating system and change your computer’s configuration. He might then be able to hack into your account so that he can log on as you or configure the computer so that he can log on as a local administrator. Either way, the unauthorized user could eventually gain full access to your computer and your data.

To seal a computer from physical attack and wrap it in an additional layer of protection, Windows Vista includes the Trusted Platform Module Services architecture. Using Trusted Platform Module Services architecture, you can create a trusted platform with enhanced security and within which your computer’s data is protected even when the operating system is offline. How the Trusted Platform Module Services architecture does this and how you can use Trusted Platform Module Services architecture is what this section is all about.

In Windows Vista, Trusted Platform Module Services provide the infrastructure necessary to take advantage of Trusted Platform Module (TPM) Security Hardware. Trusted Platform Module Services protect a computer by using a dedicated hardware component called a TPM. A TPM is a microchip that is usually installed on the motherboard of a computer, where it communicates with the rest of the system by using a hardware bus. Computers running Windows Vista can use a TPM to provide enhanced protection for data, to ensure early validation of the boot file’s integrity, and to guarantee that a disk has not been tampered with while the operating system was offline.

A TPM has the ability to create cryptographic keys and encrypt them so that they can be decrypted only by the TPM. This process, which is referred to as wrapping or binding, protects the key from disclosure. A TPM has a master wrapping key called the Storage Root Key (SRK), which is stored within the TPM itself to ensure that the private portion of the key is secure.

Increasingly, new business computers have TPMs installed. Computers that have a TPM can create a key that has not only been wrapped but also sealed. The process of sealing the key ensures that the key is tied to specific platform measurements and can be unwrapped only when those platform measurements have the same values that they had when the key was created, and this is what gives TPM-equipped computers increased resistance to attack.

Note 

Because a TPM stores private portions of key pairs separately from memory controlled by the operating system, keys can be sealed to the TPM to provide absolute assurances about the state of a system and its trustworthiness. TPM keys are unsealed (or decrypted) only when the integrity of the system is intact. Further, because the TPM uses its own internal firmware and logical circuits for processing instructions, it does not rely on the operating system and is not subject to external software vulnerabilities.

The TPM can also be used to seal and unseal data that is generated outside of the TPM, and this is where the true power of the TPM lies. In Windows Vista, the feature that accesses the TPM and uses it to seal your computer is called BitLocker Drive Encryption.

When you use BitLocker Drive Encryption and a TPM to seal the boot manager and boot files of a computer, the boot manager and boot files can be unsealed only if they are unchanged since they were last sealed. This means that you can use the TPM to validate a computer’s boot files in the pre-operating system environment. When you seal a hard disk by using the TPM, the hard disk can be unsealed only if the data on the disk is unchanged since it was last sealed. This guarantees that a disk has not been tampered with while the operating system was offline.

Image from book
From the experts: Should you use BitLocker?

BitLocker makes your data more secure in the event an attacker is able to bypass operating system security and directly access your data. In other words, BitLocker can safeguard your computer if an attacker has physical access to your computer. That’s very important to business travelers because confidential data can be leaked when someone loses a laptop.

However, BitLocker is not without its drawbacks. First, you need a way to manage the encryption key because, if you lose the key, you can’t start your computer or access your files. While enterprises that use domains can centrally manage BitLocker keys using Active Directory, no similar solution is available for using BitLocker in workgroup environments. Second, recovering a computer is more difficult when BitLocker is enabled. Normally, if a hard disk is starting to fail or you’ve removed a hard disk from a computer, you can connect the hard disk to a different computer to copy and recover the data. With BitLocker, you can’t do this easily, and you must first unlock the drive. Because of this, regular backups are a must (which can be a challenge for traveling users). Finally, BitLocker only protects your computer when it is off. That means BitLocker won’t protect your computer from malicious software or attackers on the Internet.

With those factors in mind, you should use BitLocker in enterprise environments where the risk of data theft is greater than the cost of managing the encryption keys.

Tony Northrup

Author, MCSE, and MVP—For more information, see http://www.northrup.org.

Image from book



Part I: Getting to Know WindowsVista
Part II: Essential Features in WindowsVista
Part III: Securing Windows Vista
Chapter 9: Protecting User Accountsand Using Parental Controls
Chapter 10: Protecting YourComputer
Chapter 11: Protecting YourData
Getting Started with TPM Management
Managing the TPM
Using BitLocker Drive Encryption
Chapter 12: Networking YourComputer
Chapter 13: Securing Your NetworkConnection
Part IV: Supporting and Deploying WindowsVista
List of Figures
List of Tables
List of Code Examples
List of Sidebars