Encryption - EFS vs. Bit Blocker

  • Thread starter Thread starter Jake
  • Start date Start date
J

Jake

Guest
I'm sure this has been asked before but I couldn't find any threads
discussing it..

I've been reluctant to switch over from a desktop machine to a laptop
for fear of someone stealing it and getting access to all my personal
files. However, I just purchased a new laptop with Vista Business
installed and I like it and am considering making the move from a
desktop to a laptop as my primary machine.

I've got a new Lenovo 3000 N200.


So how do I protect my personal files from being accessed if someone
were to snatch my laptop from my car ?


I've been reading and reading and reading about EFS and BitBlocker. I
know I will need to upgrade to Ultimate for BitBlocker (which brings up
other questions about upgrading) but I'll stick to the encryption
question here.


Would EFS be sufficient for protecting my personal files?

Is there anyway someone can take the hard disk out of my laptop, put it
in another machine as a secondary drive, or installed into one of those
portable drive shells, take ownership of the drive and get access to my
files?

Is it practical to encrypt the entire Documents folder from a
performance perspective?


What practices are required? I've read numerous help files and KB
articles and I'm totally confused now about certificates and encryption
keys.. Do I need to back them both up? From what I've read, there are
backup instructions for them both yet one contains the other so I can't
understand why backing them both up is necessary, or for that matter
even mentioned in the help files - unless it's to create as much
confusion as possible.


If I backup my files and restore them, what EXACTLY do I need to gain
access to them again on another PC or a new PC? How many certificates
and keys are involoved?

I read something about taking the private key off the computer when
unattended since it would aid in someone getting access to the files.
THIS I believe is in a MSFT KB about "best practices".. Is that REALLY
necessary? Is there another "non-private" type of key also?

Whew!!! I'm Dazed & Confused but that's normal after reading Microsoft
(marketing fluffed) literature on product features..

Are there any other resources that help unravel all this since Microsoft
as failed to do so for me... Something specific to storing personal
files on a laptop?

Thanks
Bryan
 
Re: Encryption - EFS vs. Bit Blocker

Check out the new Data Encryption Toolkit at
http://www.microsoft.com/technet/security/guidance/clientsecurity/dataencryption/default.mspx.
It's got some good information to help you understand the differences
between EFS and BitLocker and how they can protect your information.

For BitLocker, you'll need Vista Business with Software Assurance, Visa
Enterprise, or Vista Ultimate.

For EFS, yes protecting your "My Documents" folder is a good start. There
are others you should protect, too; the Data Encryption Toolkit has a
utility that will enable encryption on all the relevant places in your
computer.

--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com


"Jake" <Jaker00at@Yahoo.com> wrote in message
news:Xns999896489768Bryanbahotmailcom@66.250.146.128...
> I'm sure this has been asked before but I couldn't find any threads
> discussing it..
>
> I've been reluctant to switch over from a desktop machine to a laptop
> for fear of someone stealing it and getting access to all my personal
> files. However, I just purchased a new laptop with Vista Business
> installed and I like it and am considering making the move from a
> desktop to a laptop as my primary machine.
>
> I've got a new Lenovo 3000 N200.
>
>
> So how do I protect my personal files from being accessed if someone
> were to snatch my laptop from my car ?
>
>
> I've been reading and reading and reading about EFS and BitBlocker. I
> know I will need to upgrade to Ultimate for BitBlocker (which brings up
> other questions about upgrading) but I'll stick to the encryption
> question here.
>
>
> Would EFS be sufficient for protecting my personal files?
>
> Is there anyway someone can take the hard disk out of my laptop, put it
> in another machine as a secondary drive, or installed into one of those
> portable drive shells, take ownership of the drive and get access to my
> files?
>
> Is it practical to encrypt the entire Documents folder from a
> performance perspective?
>
>
> What practices are required? I've read numerous help files and KB
> articles and I'm totally confused now about certificates and encryption
> keys.. Do I need to back them both up? From what I've read, there are
> backup instructions for them both yet one contains the other so I can't
> understand why backing them both up is necessary, or for that matter
> even mentioned in the help files - unless it's to create as much
> confusion as possible.
>
>
> If I backup my files and restore them, what EXACTLY do I need to gain
> access to them again on another PC or a new PC? How many certificates
> and keys are involoved?
>
> I read something about taking the private key off the computer when
> unattended since it would aid in someone getting access to the files.
> THIS I believe is in a MSFT KB about "best practices".. Is that REALLY
> necessary? Is there another "non-private" type of key also?
>
> Whew!!! I'm Dazed & Confused but that's normal after reading Microsoft
> (marketing fluffed) literature on product features..
>
> Are there any other resources that help unravel all this since Microsoft
> as failed to do so for me... Something specific to storing personal
> files on a laptop?
>
> Thanks
> Bryan
>
>
 
Re: Encryption - EFS vs. Bit Blocker

Thanks Steve..

I'll check out that site. I may have already stumbled upon it though..

What about encrypting the entire user folder under C:\Users for my user
account?

I'm a MS Alumni so I'm pretty sure I can get Ultimate for cheaper price
than unlocking it through the online upgrade. Do you know if I can just
use the product key (change product keys) from a retail copy of Ultimate
to upgrade my OEM Business edition? I'm not sure how all that works..

Thanks
Bryan




"Steve Riley [MSFT]" <steve.riley@microsoft.com> wrote in
news:#rU5TNE6HHA.2380@TK2MSFTNGP02.phx.gbl:

> Check out the new Data Encryption Toolkit at
> http://www.microsoft.com/technet/security/guidance/clientsecurity/datae
> ncryption/default.mspx. It's got some good information to help you
> understand the differences between EFS and BitLocker and how they can
> protect your information.
>
> For BitLocker, you'll need Vista Business with Software Assurance,
> Visa Enterprise, or Vista Ultimate.
>
> For EFS, yes protecting your "My Documents" folder is a good start.
> There are others you should protect, too; the Data Encryption Toolkit
> has a utility that will enable encryption on all the relevant places
> in your computer.
>
 
Re: Encryption - EFS vs. Bit Blocker

We haven't tested the scenario you mention--encrypting an entire
C:\Users\<myuserfolder>, so I can't predict what would happen. Some apps
might have installation troubles, maybe? It's best to go with the guidance
in the toolkit, we have tested that.

I don't know about the licensing question...

--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com


"Jake" <Jaker00at@Yahoo.com> wrote in message
news:Xns9998EC56BB71DBryanbahotmailcom@66.250.146.128...
> Thanks Steve..
>
> I'll check out that site. I may have already stumbled upon it though..
>
> What about encrypting the entire user folder under C:\Users for my user
> account?
>
> I'm a MS Alumni so I'm pretty sure I can get Ultimate for cheaper price
> than unlocking it through the online upgrade. Do you know if I can just
> use the product key (change product keys) from a retail copy of Ultimate
> to upgrade my OEM Business edition? I'm not sure how all that works..
>
> Thanks
> Bryan
>
>
>
>
> "Steve Riley [MSFT]" <steve.riley@microsoft.com> wrote in
> news:#rU5TNE6HHA.2380@TK2MSFTNGP02.phx.gbl:
>
>> Check out the new Data Encryption Toolkit at
>> http://www.microsoft.com/technet/security/guidance/clientsecurity/datae
>> ncryption/default.mspx. It's got some good information to help you
>> understand the differences between EFS and BitLocker and how they can
>> protect your information.
>>
>> For BitLocker, you'll need Vista Business with Software Assurance,
>> Visa Enterprise, or Vista Ultimate.
>>
>> For EFS, yes protecting your "My Documents" folder is a good start.
>> There are others you should protect, too; the Data Encryption Toolkit
>> has a utility that will enable encryption on all the relevant places
>> in your computer.
>>
>
 
RE: Encryption - EFS vs. Bit Blocker

Doesn't the Lenovo have bios level options for a Power-On Password and Hard
Drive password? My T61 does and when enabled the system will not power on or
go into the bios unless the password is entered. The Hard Drive password
locks the hard drive to a password, even if it's removed from the system to a
new one.

Just like anything make sure you understand the options before implementing
them, because if the passwords are forgotten then you are pretty much out of
luck.
--
An Engineer asks "How does it work"
A Scientists asks "Why does it work?"
A liberal arts major asks "Do you want fries with that?"



"Jake" wrote:

> I'm sure this has been asked before but I couldn't find any threads
> discussing it..
>
> I've been reluctant to switch over from a desktop machine to a laptop
> for fear of someone stealing it and getting access to all my personal
> files. However, I just purchased a new laptop with Vista Business
> installed and I like it and am considering making the move from a
> desktop to a laptop as my primary machine.
>
> I've got a new Lenovo 3000 N200.
>
>
> So how do I protect my personal files from being accessed if someone
> were to snatch my laptop from my car ?
>
>
> I've been reading and reading and reading about EFS and BitBlocker. I
> know I will need to upgrade to Ultimate for BitBlocker (which brings up
> other questions about upgrading) but I'll stick to the encryption
> question here.
>
>
> Would EFS be sufficient for protecting my personal files?
>
> Is there anyway someone can take the hard disk out of my laptop, put it
> in another machine as a secondary drive, or installed into one of those
> portable drive shells, take ownership of the drive and get access to my
> files?
>
> Is it practical to encrypt the entire Documents folder from a
> performance perspective?
>
>
> What practices are required? I've read numerous help files and KB
> articles and I'm totally confused now about certificates and encryption
> keys.. Do I need to back them both up? From what I've read, there are
> backup instructions for them both yet one contains the other so I can't
> understand why backing them both up is necessary, or for that matter
> even mentioned in the help files - unless it's to create as much
> confusion as possible.
>
>
> If I backup my files and restore them, what EXACTLY do I need to gain
> access to them again on another PC or a new PC? How many certificates
> and keys are involoved?
>
> I read something about taking the private key off the computer when
> unattended since it would aid in someone getting access to the files.
> THIS I believe is in a MSFT KB about "best practices".. Is that REALLY
> necessary? Is there another "non-private" type of key also?
>
> Whew!!! I'm Dazed & Confused but that's normal after reading Microsoft
> (marketing fluffed) literature on product features..
>
> Are there any other resources that help unravel all this since Microsoft
> as failed to do so for me... Something specific to storing personal
> files on a laptop?
>
> Thanks
> Bryan
>
>
>
 
RE: Encryption - EFS vs. Bit Blocker



"SLoweCSL" wrote:

> Doesn't the Lenovo have bios level options for a Power-On Password and Hard
> Drive password? My T61 does and when enabled the system will not power on or
> go into the bios unless the password is entered. The Hard Drive password
> locks the hard drive to a password, even if it's removed from the system to a
> new one.
>
> Just like anything make sure you understand the options before implementing
> them, because if the passwords are forgotten then you are pretty much out of
> luck.
> --
> An Engineer asks "How does it work"
> A Scientists asks "Why does it work?"
> A liberal arts major asks "Do you want fries with that?"
>
>
>
> "Jake" wrote:
>
> > I'm sure this has been asked before but I couldn't find any threads
> > discussing it..
> >
> > I've been reluctant to switch over from a desktop machine to a laptop
> > for fear of someone stealing it and getting access to all my personal
> > files. However, I just purchased a new laptop with Vista Business
> > installed and I like it and am considering making the move from a
> > desktop to a laptop as my primary machine.
> >
> > I've got a new Lenovo 3000 N200.
> >
> >
> > So how do I protect my personal files from being accessed if someone
> > were to snatch my laptop from my car ?
> >
> >
> > I've been reading and reading and reading about EFS and BitBlocker. I
> > know I will need to upgrade to Ultimate for BitBlocker (which brings up
> > other questions about upgrading) but I'll stick to the encryption
> > question here.
> >
> >
> > Would EFS be sufficient for protecting my personal files?
> >
> > Is there anyway someone can take the hard disk out of my laptop, put it
> > in another machine as a secondary drive, or installed into one of those
> > portable drive shells, take ownership of the drive and get access to my
> > files?
> >
> > Is it practical to encrypt the entire Documents folder from a
> > performance perspective?
> >
> >
> > What practices are required? I've read numerous help files and KB
> > articles and I'm totally confused now about certificates and encryption
> > keys.. Do I need to back them both up? From what I've read, there are
> > backup instructions for them both yet one contains the other so I can't
> > understand why backing them both up is necessary, or for that matter
> > even mentioned in the help files - unless it's to create as much
> > confusion as possible.
> >
> >
> > If I backup my files and restore them, what EXACTLY do I need to gain
> > access to them again on another PC or a new PC? How many certificates
> > and keys are involoved?
> >
> > I read something about taking the private key off the computer when
> > unattended since it would aid in someone getting access to the files.
> > THIS I believe is in a MSFT KB about "best practices".. Is that REALLY
> > necessary? Is there another "non-private" type of key also?
> >
> > Whew!!! I'm Dazed & Confused but that's normal after reading Microsoft
> > (marketing fluffed) literature on product features..
> >
> > Are there any other resources that help unravel all this since Microsoft
> > as failed to do so for me... Something specific to storing personal
> > files on a laptop?
> >
> > Thanks
> > Bryan
> >
> >
> >
 
RE: Encryption - EFS vs. Bit Blocker



"SLoweCSL" wrote:

> Doesn't the Lenovo have bios level options for a Power-On Password and Hard
> Drive password? My T61 does and when enabled the system will not power on or
> go into the bios unless the password is entered. The Hard Drive password
> locks the hard drive to a password, even if it's removed from the system to a
> new one.
>
> Just like anything make sure you understand the options before implementing
> them, because if the passwords are forgotten then you are pretty much out of
> luck.
> --
> An Engineer asks "How does it work"
> A Scientists asks "Why does it work?"
> A liberal arts major asks "Do you want fries with that?"
>
>
>
> "Jake" wrote:
>
> > I'm sure this has been asked before but I couldn't find any threads
> > discussing it..
> >
> > I've been reluctant to switch over from a desktop machine to a laptop
> > for fear of someone stealing it and getting access to all my personal
> > files. However, I just purchased a new laptop with Vista Business
> > installed and I like it and am considering making the move from a
> > desktop to a laptop as my primary machine.
> >
> > I've got a new Lenovo 3000 N200.
> >
> >
> > So how do I protect my personal files from being accessed if someone
> > were to snatch my laptop from my car ?
> >
> >
> > I've been reading and reading and reading about EFS and BitBlocker. I
> > know I will need to upgrade to Ultimate for BitBlocker (which brings up
> > other questions about upgrading) but I'll stick to the encryption
> > question here.
> >
> >
> > Would EFS be sufficient for protecting my personal files?
> >
> > Is there anyway someone can take the hard disk out of my laptop, put it
> > in another machine as a secondary drive, or installed into one of those
> > portable drive shells, take ownership of the drive and get access to my
> > files?
> >
> > Is it practical to encrypt the entire Documents folder from a
> > performance perspective?
> >
> >
> > What practices are required? I've read numerous help files and KB
> > articles and I'm totally confused now about certificates and encryption
> > keys.. Do I need to back them both up? From what I've read, there are
> > backup instructions for them both yet one contains the other so I can't
> > understand why backing them both up is necessary, or for that matter
> > even mentioned in the help files - unless it's to create as much
> > confusion as possible.
> >
> >
> > If I backup my files and restore them, what EXACTLY do I need to gain
> > access to them again on another PC or a new PC? How many certificates
> > and keys are involoved?
> >
> > I read something about taking the private key off the computer when
> > unattended since it would aid in someone getting access to the files.
> > THIS I believe is in a MSFT KB about "best practices".. Is that REALLY
> > necessary? Is there another "non-private" type of key also?
> >
> > Whew!!! I'm Dazed & Confused but that's normal after reading Microsoft
> > (marketing fluffed) literature on product features..
> >
> > Are there any other resources that help unravel all this since Microsoft
> > as failed to do so for me... Something specific to storing personal
> > files on a laptop?
> >
> > Thanks
> > Bryan
> >
> >
> > Check out Dells line of business notebooks with FDE (Full Disk Encryption) by Segate. Without the password they are useless even if removed from the PC. Segate claims all of their hard drives will have FDE at some point in the future.
 

Similar threads

onmy
Computer Security
Replies
0
Views
315
onmy
onmy
G
windows 2003 home network setup
Replies
1
Views
202
RSchwarz
RSchwarz
F
Menu drop down appears at top left of screen
Replies
0
Views
84
FrankieQ
F
C
Reading a PDF File
Replies
0
Views
73
Cas Raj
C
thegreenpan
Dual ISP through split network?
Replies
2
Views
780
thegreenpan
thegreenpan
Back
Top