Re-enable BitLocker Auto-Unlock after System Volume Restore
Mark Berry August 11, 2010
Today I did a disaster recovery test on my Windows Server 2008 R2 Hyper-V host. I used Windows Backup to do a bare metal restore of only the system volume. As expected, after the restore, the system volume was no longer encrypted. But even after re-encrypting the system volume, I was unable to set the data volumes to automatically unlock. Instead, it displayed “Data error (cyclic redundancy check).”
More...How Secure are TrueCrypt and BitLocker?
Mark Berry August 3, 2010
I’ve been using TrueCrypt for a while, and have recently switched to BitLocker. My main purpose is to encrypt backup disks that are taken off site, though I plan to use BitLocker for an internal data volume as well.
Recently a colleague noticed that a $495 program called Passware Kit Enterprise is claiming “Instant decryption of BitLocker To Go USB disks.” In fact they claim to be able to decrypt BitLocker and TrueCrypt disks, as well as PGP volumes. Really? How does that work? Are my efforts to encrypt sensitive data useless?
More...Server Backup and BitLocker
Mark Berry July 22, 2010
A lot of attention has been given to encrypting laptops because they are often stolen and their drives may contain sensitive company information.
Another popular topic is the need to store backup data off site so you can recover in case of disaster. In the small business arena, this is often accomplished by saving the data to external hard drives that are rotated off site.
But how secure are those backup drives once they leave your office? While a laptop may contain excerpts of data, that server backup drive contains all of your proprietary data, and likely private information about your clients as well. What happens if that drive is lost or stolen, either while en route or while stored off site?
More...Remote Boot Bitlocker without a TPM
Mark Berry July 20, 2010
One of the challenges of implementing full-disk encryption is how to provide the key to unlock the drive when the system boots. This is especially important with servers, which may be at a remote location.
Microsoft’s Bitlocker can use a Trusted Platform Module (TPM) on the motherboard to provide a unified start-up experience, even unlocking system drives before a user logs on. But what if your machine does not have a TPM? How do you configure Bitlocker, and how do you boot the machine if you are not at the server location? I found that a Dell Remote Access Controller (DRAC) is all that is needed.
More...Kon-Boot vs. Windows 7 BitLocker
Mark Berry October 19, 2009
I’ve been running Windows 7 with BitLocker for a couple months and am quite pleased with it. BitLocker encrypts the hard drive so that if my laptop is lost or stolen, it should not be possible to access the data on the drive even if you remove the drive and attach it as a second drive to another system.
Recently though I read about a password “bypass” program called Kon-Boot that dynamically replaces the Windows kernel during bootup and allows logging in with any password. I wondered if BitLocker was vulnerable to this kind of program. If a thief could simply log on to my BitLocker-protected system, the encryption would be useless.
So I decided to give it a try.
More...About
Welcome to the Tech Blog! MCB Systems is a San Diego-based provider of information technology services and custom database programming services. We are based in Point Loma with easy access to downtown San Diego, Ocean Beach, Pacific Beach, and Mission Valley. This tech blog is geared towards my I.T. colleagues, but end users may be interested to glimpse what goes on "behind the scenes" in keeping their computing environments stable and secure.
Mark Berry owns MCB Systems, a San Diego provider of I.T. services. Contact MCB Systems.
Subscribe to the MCB Tech Blog
