Encryption is often used to protect data. Encryption is where data is transformed using a complicated algorithm to make it unreadable. A special key must be used to return the unreadable information back into readable data. Software programs are used to encrypt files, folders, and even entire drives.
Encrypting File System (EFS) is a Windows feature that can encrypt data. EFS is directly linked to a specific user account. Only the user that encrypted the data will be able to access it after it has been encrypted using EFS. To encrypt data using EFS, follow these steps:
Step 1. Select one or more files or folders.
Step 2. Right-click the selected data > Properties.
Step 3. Click Advanced….
Step 4. Select the Encrypt contents to secure data check box.
Step 5. Files and folders that have been encrypted with EFS are displayed in green, as shown in the figure.
In Windows 7 and Windows Vista Ultimate and Enterprise editions, a feature called BitLocker is included to encrypt the entire hard drive volume. BitLocker is also able to encrypt removable drives. To use BitLocker, at least two volumes must be present on a hard disk. A system volume is left unencrypted and must be at least 100 MB. This volume holds the files required by Windows to boot. Windows 7 creates this volume by default when it is installed.
When using BitLocker with Windows Vista, a special tool called BitLocker Drive Preparation Tool can be used to shrink the volume containing the operating system. Once the volume has been shrunk, a system file can be created to comply with the requirements of BitLocker.
After the system volume has been created, the TPM module must be initialized. The TPM is a specialized chip installed on the motherboard of a computer to be used for hardware and software authentication. The TPM stores information specific to the host system, such as encryption keys, digital certificates, and passwords. Applications that use encryption can make use of the TPM chip to secure things like user authentication information, software license protection, and encrypted files, folders, and disks. Integrating hardware security, such as TPM with software security, results in a much safer computer system than using software security alone.
To initialize the TPM module, follow these steps:
Step 1. Start the computer, and enter the BIOS configuration.
Step 2. Look for the TPM option within the BIOS configuration screens. Consult the manual for your motherboard to locate the correct screen.
Step 3. Choose Enable and then press Enter.
Step 4. Save the changes to the BIOS configuration.
Step 5. Reboot the computer.
To turn on BitLocker, follow these steps:
Step 1. Click Start > Control Panel > Security > BitLocker Drive Encryption.
Step 2. If the UAC message appears, click Continue.
Step 3. On the BitLocker Drive Encryption page, click Turn On BitLocker on the operating system volume.
Step 4. If TPM is not initialized, the Initialize TPM Security Hardware wizard appears. Follow the instructions provided by the wizard to initialize the TPM. Restart your computer.
Step 5. The Save the recovery password page has the following options:
- Save the password on a USB drive - This option saves the password to a USB drive.
- Save the password in a folder - This option saves the password to a network drive or other location.
- Print the password - This option will print the password.
Step 6. After saving the recovery password, click Next.
Step 7. On the Encrypt the selected disk volume page, select the Run BitLocker System Check check box.
Step 8. Click Continue.
Step 9. Click Restart Now.
Step 10. The Encryption in Progress status bar is displayed.