Overview
Published: May 29, 2007 Deploying data encryption across an organization requires a great deal of deliberation and prior planning. The Data Encryption Toolkit for Mobile PCs Planning and Implementation Guide describes the planning and implementation processes you should follow to use Microsoft® BitLocker™ Drive Encryption (BitLocker) and the Encrypting File System (EFS) as part of your strategy for protecting data on mobile PCs. A Quick Overview of BitLockerBitLocker is an important new security feature in the Windows Vista™ operating system that provides significant data and operating system protection for your computer. BitLocker is a full-volume encryption technology that can help ensure that data is not revealed if someone tampers with the computer when the installed operating system is offline. It is most effective on computers that have a compatible Trusted Platform Module (TPM) microchip and BIOS, because it uses them to provide enhanced data protection and to ensure early boot component integrity. BitLocker can optionally use an external USB key as a token to hold the startup key. A Quick Overview of EFSEFS enables transparent encryption and decryption of files by using advanced standards–based cryptographic algorithms. Any individual or program that does not possess the appropriate cryptographic key cannot decrypt the encrypted data, even if they gain physical possession of the computer on which the files reside. Even people who are authorized to access the computer and its file system cannot view the data. EFS combines two types of encryption: a symmetric cipher is used to protect the data in the file, and an asymmetric cipher is used to protect the key used in the symmetric cipher. The Distributed Systems Guide of the Windows 2000 Server Resource Kit includes a comprehensive overview of EFS and a collection of information about EFS in Microsoft Windows® 2000. To locate this information online, use the Windows 2000 Server Resource Kit table of contents to browse to the Distributed Systems Guide, expand Distributed Security and then click Encrypting File System. There are differences between EFS in Windows 2000, Windows XP Professional, Windows Server® 2003, and Windows Vista. The Windows XP Professional Resource Kit explains the differences between implementations of EFS in Windows 2000 and Windows XP Professional, and the "Encrypting File System in Windows XP and Windows Server 2003" article describes modifications in Windows XP and Windows Server 2003. Differences between EFS in Windows XP Professional and Windows Vista are described in Chapter 2: Configuration and Deployment Tasks in this guide. Chapter SummariesThe Planning and Implementation Guide chapters discuss the following topics:
Who Should Read this GuideThis guide is intended for IT professionals who are responsible for designing, planning for, and implementing computer networks that that include dozens to thousands of client computers, especially laptop and Tablet PC computers. You should read this guide if your responsibilities include:
Style Conventions
Support and FeedbackThe Solution Accelerators – Security and Compliance (SA-SC) team would appreciate your thoughts about this and other Solution Accelerators. Please contribute comments and feedback to secwish@microsoft.com. We look forward to hearing from you. Solution Accelerators provide prescriptive guidance and automation for cross-product integration. They present proven tools and content so you can plan, build, deploy, and operate information technology with confidence. To view the extensive range of Solution Accelerators and for additional information, visit the Solution Accelerators page on Microsoft TechNet. AcknowledgmentsThe SA-SC team would like to acknowledge and thank the group of people who produced the Data Encryption Toolkit for Mobile PCs Planning and Implementation Guide. The following individuals were either directly responsible or made a substantial contribution to the writing, development, and testing of this guide. Development Leads Mike Smith-Lonergan - Microsoft David Mowers - Securitay, Inc. Program Manager Bill Canning - Microsoft Content Developers Roger A. Grimes - Microsoft Paul Robichaux - 3Sharp, LLC Editor Steve Wacker - Wadeware LLC Reviewers Randy Armknecht - Calamos Investments Vijay Bharadwaj - Microsoft Marcus Bluestein - Kraft Kennedy & Lesser, Inc. Dean Chen - Waggener Edstrom Worldwide Tom Daemen - Microsoft Mike Danseglio - Microsoft Erik Holt - Microsoft Russell Humphries - Microsoft David Kennedy - Microsoft Luca Lorenzini Douglas MacIver - Microsoft Sanjay Pandit - Microsoft Greg Petersen - Avanade Matt Setzer - Microsoft Stan Shkolnik - Deloitte Touche Tohmatsu Michael Trotman - United States Postal Service (USPS) Richard Trusson - Microsoft Mike Wolfe - Microsoft Product Managers Alain Meeus - Microsoft Jim Stuart - Microsoft Release Manager Karina Larson - Microsoft Testers Gaurav Singh Bora - Microsoft Sumit Ajitkumar Parikh - Infosys Technologies Ltd. Swaminathan Viswanathan - Infosys Technologies Ltd. Swapna Rangachari Jagannathan - Infosys Technologies Ltd. Neethu Thomas - Infosys Technologies Ltd. |
|