Sunday, June 22, 2014

BitLocker Day

Today is the BitLocker day. I am BitLocking my file system with BitLocker. I have a QNAP and a File Server running Windows 2012 R2. My client machines, Windows 8.1 is having mapped drives that attach to the network shares on the File Server.

To secure the files:
Firstly I have a iSCSI drive set at QNAP and my File Server is using that drive by iSCSI initiator, lets say I: drive

Secondly, I create a VHDX file and store it in the I: drive. This newly created VHDX file is then mapped as a volume, lets say G: drive.

Thirdly, I have my data stored in the G: drive and share it as necessary to be used by my Windows 8.1 client.

Lastly, I enable BitLocker on the G: drive so that the VHDX is encrypted.

By having this configuration, the actual data is stored within the VHDX file which is encrypted by BitLocker. The I: drive is not encrypted - however it only contains .VHDX file(s) that need password if you want to mount that.

I purposely do not enable BitLocker auto-mount on G: drive. This to ensure if both File Server and QNAP are stolen, my data is not exposed. The only disadvantage of this method is that I need to mount the G: drive every time the File Server is rebooted - no biggie.


2 comments:

John Barness said...

Thank you for the article.
I think data security developers’ next challenge to renew methods of data encryption in order to restrict cyber-criminals from stealing important information is achieved. Besides, as far as I know from virtual data room comparison data rooms for business have the same data security system in use.

Toby Valentine said...

Thank y for this article, it's very important to understand how it works, and of course think about cyber protection.
security online