Understand Encryption

LESSON 2.5_A

98-367 Security Fundamentals

98-367 Security Fundamentals

LESSON 2.5_A

Lesson Overview

In this lesson, you will learn about:

• Key features of EFS (encrypted file system)• BitLocker® & BitLocker ToGo®

• Trusted platform module (TPM)• Mail encryption & signing

98-367 Security Fundamentals

LESSON 2.5_A

Anticipatory Set

What threats does BitLocker protect against? What do you want to protect with BitLocker?

98-367 Security Fundamentals

LESSON 2.5_A

BitLocker & BitLocker ToGo BitLocker drive encryption provides enhanced protection against data

theft or exposure on computers that are lost or stolen as well as providing protection for removable drives such as USB flash drives and external hard drives through BitLocker To Go.

98-367 Security Fundamentals

LESSON 2.5_A

BitLocker ToGo Video In Windows® 7, core BitLocker drive encryption functionality is

enhanced to deliver an improved experience for IT professionals and end users.

Includes simple enhancements such as the ability to right-click on a drive to enable BitLocker protection and the automatic creation of the required hidden boot partition.

Learn about these enhancements and the new BitLocker To Go, which gives system administrators control over how removable storage devices can be used and the strength of protection required.

Watch the video.

98-367 Security Fundamentals

LESSON 2.5_A

BitLocker ToGo Recovery Key Required if the encrypted drive is moved to another computer or

changes are made to the system startup information Is so important that it is recommended that you make additional copies

of the key and store the key in safe places so that you can readily find the key if needed to recover access to the drive

Need the recovery key to unlock the encrypted data on the drive if BitLocker enters a locked state

Is unique to this particular drive; cannot use it to recover encrypted data from any other BitLocker-protected drive.

For maximum security, store recovery keys apart from the computer

98-367 Security Fundamentals

LESSON 2.5_A

Trusted Platform Module (TPM) A TPM is a microchip designed to provide basic security-related

functions, primarily involving encryption keys. The TPM is usually installed on the motherboard of a computer or

laptop and communicates with the system using a hardware bus. After the TPM is initialized, the BitLocker setup wizard prompts you to

choose how to store the recovery key. You can choose from the following options:o Save the recovery key to a USB flash drive. Saves the recovery key

to a USB flash drive.o Save the recovery key to a file. Saves the recovery key to a network

drive or other location.o Print the recovery key. Prints the recovery key.

98-367 Security Fundamentals

LESSON 2.5_A

Mail Encryption & SigningS/MIME provides two security services: Digital signatures Message encryption These two services are the core of S/MIME-based message security. All other concepts related to message security support these two

services. Although the full scope of message security may seem complex, these

two services are the basis of message security. After gaining a basic understanding of digital signatures and message

encryption, you can then learn how other concepts support these services.

98-367 Security Fundamentals

LESSON 2.5_A

Class ActivitySetting up mail encryption1. Open Outlook®

2. Click on Tools3. Click on Trust Center4. Click on E-mail Security5. Click Settings

98-367 Security Fundamentals

LESSON 2.5_A

Lesson Review Summarize the importance of file and mail encryption The encrypted file system, or EFS, was introduced in NTFS 3.0 to

provide an additional level of security for files and directories. o It provides cryptographic protection of individual files on NTFS file

system volumes using a public-key system. Typically, the access control to file and directory objects provided by

the Windows security model is sufficient to protect unauthorized access to sensitive information. o However, if a laptop that contains sensitive data is lost or stolen, the

security protection of that data may be compromised. o Encrypting the files increases security.