Search This Blog

Thursday, August 25, 2016

Hard Disk Encryption. Possible? (Windows10)




Yes! Encrypting your computer hard disk is very much possible especially if you are using Windows10 as your computer’s operating system. Below, we are going to expatiate on two best utilities you can use to perform hard disk encryption in Windows10, but before then, let us give you an overview of the important of hard disk encryption over lock screen/Windows log in feature.


When you lock your Windows10 activated computer using the Sign-in utility from Windows, what you are actually doing is preventing unauthorized access into your computer and not your hard disk. Here is what we mean. If your computer were to fall into wrong hand, the attacker can still get access into the files saved on your computer.
All the attacker needs to do is, remove your hard disk from your computer, and set the disk as a secondary disk or an external storage device in his/her own computer, and then he will have unlimited access to your file.
Let us explain the concept using your phone for you to be able to understand it more.

You put a lock on your phone. That means, anybody that do not have the password, pin, or pattern you use to lock your phone cannot get access to the files in your phone. True of False. Definitely your answer will be TRUE.
But let now suppose that you remove the memory card (SD) from your phone, put it into a card reader, and insert it into your computer, will you still be required to input a password, pin, or pattern before you can access the file in the memory card (SD) with your computer?
Now you see, the lock on your phone is similar to the sign-in option of Windows10 or any other Operating system, they only prevent unauthorized access to a disk when they are being loaded, or better still, when the disk containing the OS is used as the primary hard disk of a computer and not as secondary.

Encryption of the hard disk on the other hand, in the most secure way of protecting the content of your disk, because whether they are used as a primary or secondary disk to a computer, access to the disk will be denied if the password/passphrase needed to decrypt or unlock the hard disk is not inputted.
More to that also, there are some Trusted Platform Module (TPM) encrypting tools that if you use them to encrypt your hard disk, then your hard disk cannot be decrypted using any other computer except a computer that have the motherboard of your computer, which you use to enable the encryption. But for technical reasons, we do not recommend you to use encrypting utilities with TPM enabled, that is why we will not put it in the list below.

Having made these point clear. Let us now expatiate on the two best encrypting utility you can use to encrypt your hard disk if your computer is using Windows10 as it’s OS.

BitLocker
The very first hard disk encrypting utility we are going to expatiate on is BitLocker –Microsoft own encrypting utility which is developed in 2006 as part of Microsoft’s Net-Generation Secure Computing Base Architecture.
BitLocker comes preinstalled with Windows10 and any other Windows version it is compatible with. If your computer using Windows10 or another version does not have it, you can download it by clicking >>> HERE <<<

Activating BitLocker
Activating BitLocker is quite simple. There are basically two ways to do this. But we are here going to talk on one, which is probably the simplest of the two.

  1. Open File Explorer and click on This PC in the left section of File Explorer

  2. Select your Hard disk, click on Manage in the menu toolbar of the File Explorer under the Drive Tools tab. Click on BitLocker and then Turn on BitLocker in the proceeding menu.

  3. The BitLocker utility will open, and after scanning through your computer’s configuration will ask you to choose a why you want to use to back up your recovery key. Choose, any option that best suit you and click the Next button.
    (Note that if you choose Save to a file option, you will be needing an external storage device attached to your computer in order to save it. You cannot proceed unless you have choose at least one back up option for your recovery key)

  4. Next, you will be taken to Choose how much of your drive to encrypt screen. From the options, choose Encrypt used disk space only if your computer is new, or choose Encrypt entire drive if it is not, and click Next.

  5. In the Are you ready to encrypt this drive? Screen, check the box Run BitLocker system check and click the Continue button give BitLocker permission to begin the encrypting process, or click on the Cancel button to tell BitLocker not to process with the encrypting process.
    Note: If you do not check the Run BitLocker system check box, you will not be able to set an alternative access key. Thus you will be needing your recovery key every single time you want to access your hard disk/start your computer. So it is recommended that you do.



VeraCrypt
VeraCrypt is the second hard disk encrypting utility we are going to talk about for now. VeraCrypt is also a free disk encrypting utility know and used by tens of thousands of people. Although it is a third-party utility, it has the ability to encrypt the whole disk and not just portions/partitions of it. Click >>> HERE <<< to download it.
After you have downloaded and install VeraCrypt, do the following to encrypt your hard disk.


  1. Launch VeraCypt

  2. From the VeraCrypt homepage screen, click on the System tab and select Encrypt System Partition/Drive… from the drop-down list/menu.

  3. Next select the Type of System Encryption that best fit your need. In this example, we are selecting Normal, and click Next.

  4. After that, choose which area of the disk you want to Encrypt and follow the on-screen guideline to process with the encryption of your disk.



Down Side of Hard Disk Encryption.
BIOS requires the any pre-boot password is typed using US keyboard layout. This means that when you want to type in your password recommended when activating encrypting, you should keyboard with US Key layout, but if you then if that is not possible, then you are required to use the same keyboard you use to type in the password during activation of the encryption or any other keyboard with the same lay so that you can avoid wrong password errors.

Encrypting an hard disk is quite different from encrypting files in the hard disk. This what we mean. Encrypting an hard disk is more like putting a lock on Windows (your computer operating system) but not as explained on the outset. The unlocking process in only required when a user want to access what is stored on the hard disk, when you have unlock it (which is highly impossible for unauthorized persons), then all the files in that disk can be access/open and read. For example, if you connect to a network and your computer is discoverable, anybody in the network who is trying to get access into your computer's hard disk content will not be required to input any password since you have already decrypted the disk during start up.
What we are trying to say is that, the disk decrypting process is required only once, that is when the disk is being loaded for the first time or when you are bring the disk online. Hence when the disk has been loaded by you (after you have decrypted the disk during computer startup or when you are connecting it to another computer has a secondary disk) and the disk is still online (you have not turn off your computer, or disconnected it), then an attacker can have access to your hard disk's content if they can have their hand on your computer which is not yet off, of if they are connected to a network you are also connected to and your computer is discoverable on that network.

So if you are working with a very sensitive data, we recommend that you encrypt both the files stored in the disk and the hard disk itself.

Team Pinfoltd.



SHARE THIS

0 comments:

Search This Blog