Basic Bitlocker questions....

Discussion in 'privacy technology' started by Matt Cole, Jul 19, 2016.

  1. Matt Cole

    Matt Cole Registered Member

    Joined:
    Sep 17, 2015
    Posts:
    32
    Hi

    I have been posting happily on this site in a couple of different forums and am almost at the end of my backup and security journey....Very grateful for all the help.

    I had a couple of questions about Bitlocker which will be making up a small part of the picture.

    I want to encrypt a USB flash drive with sensitive (customer) data on it for when I travel for use on my laptop.

    From what I can see this is a fairly straightforward process eg:

    http://www.tomsguide.com/faq/id-2318734/encrypt-portable-hard-drive.html

    BUT

    1. If my laptop does not have TPM can I still do this process?

    2. Am I right in thinking that once an external drive is encrypted with Bitlocker Full Drive Encryption then I can only access the data on the drive via the machine with which the encryption was created? If so, I would need to create it on the laptop that I am aiming to travel with - right?
     
  2. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    1. TPM isn't necessary to do this on a USB drive. On qualifying editions of Windows, you'll have an explorer context menu available which gives you the option of turning Bitlocker on for the drive. You supply a password, and you'll have the opportunity to save the recovery key elsewhere.

    TPM is valuable (but not essential) to apply Bitlocker to a SYSTEM drive - valuable because it helps protect the integrity of the bootup process and provide some protection against rootkits. It also means that you can store non-system drives Bitlocker passwords on the system drive (so they will auto-open without having to type additional passwords), and you don't have to enter a pin every time on bootup (though you can add this protection which is best practice).

    You can also use a USB+PIN on the system drive - to do so following these instructions

    http://www.howtogeek.com/howto/6229/how-to-use-bitlocker-on-drives-without-tpm/

    2. All you need to read the Bitlocker protected USB drive is the password, and either Bitlocker (already there on qualifying editions) or the installable Bitlocker-to-go program (which allows you to open the drive, with password, on a read-only basis). You do not need the same system to open the drive, that only applies where you are using TPM protection on the system drive. IOW, it's readable on pretty much any version of Windows. Of course, you have to trust whatever you're reading it on.....
     
  3. Matt Cole

    Matt Cole Registered Member

    Joined:
    Sep 17, 2015
    Posts:
    32

    Many thanks @deBoetie (yet AGAIN)! As you can see I'm still digging into this.....

    Re point 2 - what I want to be able to do is to upload the data on the Bitlockered USB / flash drive to the machine it is plugged into and into the application that I want to access this data (Sage) - ie considerably more than 'read only'.

    This would be essential for the laptop as it would the machine I would travel with.

    It would be nice to have for the Desktop (for synching data that may have changed on my laptop while away), but not essential assuming I can take Sage data off the laptop onto an unencrypted usb drive and load THAT up to Sage on the PC.

    Does that make sense?

    Is it do-able?

    (BTW, A heads-up; I am looking to ask some questions about Sandboxing in the appropriate thread / forum if there is one. If this is not your area and / or you feel you have done done well enough by me as it is I will more than understand)!!
     
  4. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,989
    Location:
    Brasil
    Yes, definitely. Open your Group Policy Editor, then go to Bitlocker settings. There you can configure it to encrypt your hard drive without a TPM module. But since this is not your case.... :p
     
  5. Matt Cole

    Matt Cole Registered Member

    Joined:
    Sep 17, 2015
    Posts:
    32
    Thanks!
     
  6. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    @Matt Cole - the read-only bit is only for the case where you have to use Bitlocker-to-go, which only applies on XP or Home editions and so on. For business editions, you'll normally have Bitlocker already there, but check.
     
Loading...