1. Summarise the functions of BitLocker you used in the lab (Just focus on BitLocker not GPO).
BitLocker Drive Encryption It is a new data protection feature in Windows Vista. Mainly used to solve a problem: data theft or malicious leakage caused by physical loss of computer equipment.
BitLocker uses TPM to help protect Windows operating system and user data and helps ensure that computers are not tampered with even if they are unattended, lost or stolen.
2. Discuss the protection BitLocker provides the user.
If the computer has a compatible TPM installed, BitLocker will use the TPM to lock the encryption key that protects the data. Therefore, these keys can only be accessed after the TPM has verified the state of the computer.
During the boot process, the TPM releases the key, which unlocks the encrypted partition only after comparing a hash value of the important operating system configuration value with a previously taken snapshot. This will verify the integrity of the Windows boot process. If the TPM detects that the Windows installation has been tampered with, the key will not be released.
For added security, the TPM can be combined with a user-entered PIN or a startup key stored on a USB flash drive.
3. Suggest how the Recovery Key should be stored securely.
According to the first few questions described. A safer way to recover a secret key can be to use physical storage. Like USB.
The pure TPM mode requires a TPM chip in the system, so that the key used for decryption and the related files used to verify the integrity of the boot file are saved in the TPM chip.
The pure U disk mode requires the system to meet the conditions associated with the USB device mentioned above, so that the key used for decryption will be saved in the U disk.
Mixed mode, you can further enhance system security in the form of TPM+U disk, TPM+PIN, and TPM+U disk+PIN
Silver 