See http://YouTube.com/ITFreeTraining or http://itfreetraining.com for the rest of our always free training videos. BitLocker is a Windows 7 technology that allows you to completely encrypt your operating system and data drives. This prevents the hard disk being removed and placed in anther computer or being accessed by using a bootable DVD. This video looks at how to secure your hard disk using BitLocker and also how security can be improved using hardware like a Trust platform module (TPM) to hold the encryption keys. BitLocker demo 05:24 Offline attack An offline attack is when the hard disk is accessed without booting the operating system. This type of attack can by pass any security on the hard disk like NTFS permissions. An offline attack is generally performed by booting from a DVD like Windows PE/Linux or removing the hard disk and installing it in anther computer. Trusted Platform Module (TPM) A TPM is a chip that is found on some motherboards and in some laptops. In some cases the chip is part of the motherboard and in other cases it can be purchased separately and installed. The chip itself holds the keys that BitLocker uses. Since the keys are inside the chip it is not a simple matter of removing the chip and installing a new TPM or exporting the keys from the chip. Requirements Windows 7 Enterprise or Ultimate edition 100mb or greater system partition (Optional) 1.2 TPM or higher BitLocker Modes BitLocker can run in a number of different modes which give different levels of security. TPM only\In this mode, only the TPM chip is required in order to boot the computer. The user will still require a Windows login to access the computer if one has been configured. This does not stop a theft from starting the computer up, but does prevent an offline attack. TPM with pin\In the mode the keys inside the TPM chip are protected with a pin. When the computer is started up, the user is prompted for this pin. Without the pin the computer is not useable. TPM with USB key\In this mode the key to unlock the key in the TPM is stored on a USB key. The advantage of this is that the key can be bigger than a pin. If the computer is always on, the USB key could be stored in a safe and only removed when the computer needs to be switched on. TPM, Pin and USB\In this mode all 3 are required in order to start the computer. This is the most secure configuration. No TPM\If you do not have a TPM chip you can run BitLocker in no TPM mode. In this mode the computer will required a USB key in order to read the keys on start up. Configuring BitLocker To configure BitLocker, open the control panel and select system and security and the BitLocker Drive encryption. From here, select the option turn on BitLocker to launch the configuration wizard. Recovery keys When you configure BitLocker a recovery key will be generated. This key can be printed out or stored on a USB key. It is important to keep this key in a secure location. The key can be used to access the hard drive if the other keys are lost. For example if the TPM chip is no longer accessible, the pin is forgotten or the USB key is lost or damage. Suspend protection If you ever need to upgrade your bios or change other system configuration, select the option suspend protection. This will pause BitLocker allowing you to make the changes. If you do not do this, BitLocker will detect the change and the system will not be bootable unless you have the recovery key.