bitlocker的文献翻译.docx
- 文档编号:6969195
- 上传时间:2023-01-13
- 格式:DOCX
- 页数:23
- 大小:37.53KB
bitlocker的文献翻译.docx
《bitlocker的文献翻译.docx》由会员分享,可在线阅读,更多相关《bitlocker的文献翻译.docx(23页珍藏版)》请在冰豆网上搜索。
bitlocker的文献翻译
河南理工大学(本科)文献翻译
Windows7中
Bitlocker驱动器加密常被问到的问题
姓名:
学号:
专业:
指导老师:
BitLockerDriveEncryptioninWindows7:
FrequentlyAskedQuestions
BitLockerDriveEncryptionisadataprotectionfeatureavailableinWindows 7Enterprise,Windows 7Ultimate,andinalleditionsofWindowsServer2008R2.ThistopicincludesfrequentlyaskedquestionsaboutBitLockerinWindows 7.
1、WhatisBitLocker?
Howdoesitwork?
BitLockerDriveEncryptionisadataprotectionfeatureavailableinWindows 7EnterpriseandWindows 7UltimateforclientcomputersandinWindowsServer2008R2.BitLockerprovidesenhancedprotectionagainstdatatheftorexposureoncomputersandremovabledrivesthatarelostorstolen,andmoresecuredatadeletionwhenBitLocker-protectedcomputersaredecommissionedasitismuchmoredifficulttorecoverdeleteddatafromanencrypteddrivethanfromanon-encrypteddrive.
2、HowBitLockerworkswithoperatingsystemdrives
Dataonalostorstolencomputerisvulnerabletounauthorizedaccess,eitherbyrunningasoftwareattacktoolagainstitorbytransferringthecomputer'sharddisktoadifferentcomputer.BitLockerhelpsmitigateunauthorizeddataaccessonlostorstolencomputersby:
EncryptingtheentireWindowsoperatingsystemdriveontheharddisk.BitLockerencryptsalluserfilesandsystemfilesontheoperatingsystemdrive,includingtheswapfilesandhibernationfiles.
Checkingtheintegrityofearlybootcomponentsandbootconfigurationdata.OncomputersthathaveaTrustedPlatformModule(TPM)version1.2,BitLockerusestheenhancedsecuritycapabilitiesoftheTPMtohelpensurethatyourdataisaccessibleonlyifthecomputer'sbootcomponentsappearunalteredandtheencrypteddiskislocatedintheoriginalcomputer.
BitLockerisintegratedintoWindows 7andprovidesenterpriseswithenhanceddataprotectionthatiseasytomanageandconfigure.Forexample,BitLockercanuseanexistingActiveDirectoryDomainServices(AD DS)infrastructuretoremotelystoreBitLockerrecoverykeys.
3、HowBitLockerworkswithfixedandremovabledatadrives
BitLockercanalsobeusedtoprotectfixedandremovabledatadrives.Whenusedwithdatadrives,BitLockerencryptstheentirecontentsofthedriveandcanbeconfiguredbyusingGroupPolicytorequirethatBitLockerbeenabledonadrivebeforethecomputercanwritedatatothedrive.BitLockercanbeconfiguredwiththefollowingunlockmethodsfordatadrives:
Automaticunlock.Fixeddatadrivescanbesettoautomaticallyunlockonacomputerwheretheoperatingsystemdriveisencrypted.RemovabledatadrivescanbesettoautomaticallyunlockonacomputerrunningWindows 7afterthepasswordorsmartcardisinitiallyusedtounlockthedrive.However,removabledatadrivesmustalwayshaveeitherapasswordorsmartcardunlockmethodinadditiontotheautomaticunlockmethod.
Password.Whenusersattempttoopenadrive,theyarepromptedtoentertheirpasswordbeforethedrivewillbeunlocked.ThismethodcanbeusedwiththeBitLockerToGoReaderoncomputersrunningWindows VistaorWindows XP,toopenBitLocker-protecteddrivesasread-only.
Smartcard.Whenusersattempttoopenadrive,theyarepromptedtoinserttheirsmartcardbeforethedrivewillbeunlocked.
Adrivecansupportmultipleunlockmethods.Forexample,aremovabledatadrivecanbeconfiguredtobeautomaticallyunlockedonyourprimaryworkcomputerbutqueryyouforapasswordifusedwithanothercomputer.
4、DoesBitLockersupportmultifactorauthentication?
Yes,BitLockersupportsmultifactorauthenticationforoperatingsystemdrives.IfyouenableBitLockeronacomputerthathasaTPMversion 1.2,youcanuseadditionalformsofauthenticationwiththeTPMprotection.BitLockerofferstheoptiontolockthenormalbootprocessuntiltheusersuppliesapersonalidentificationnumber(PIN)orinsertsaUSBdevice(suchasaflashdrive)thatcontainsaBitLockerstartupkey,orboththePINandtheUSBdevicecanberequired.Theseadditionalsecuritymeasuresprovidemultifactorauthenticationandhelpensurethatthecomputerwillnotstartorresumefromhibernationuntilthecorrectauthenticationmethodispresented.
备注:
UseofboththeUSBandPINalongwiththeTPMmustbeconfiguredbyusingtheManage-bdecommand-linetool.ThisprotectionmethodcannotbespecifiedbyusingtheBitLockersetupwizard.
5、WhataretheBitLockerhardwareandsoftwarerequirements?
TouseallBitLockerfeatures,yourcomputermustmeetthehardwareandsoftwarerequirementslistedinthefollowingtable.
Hardwareconfiguration:
ThecomputermustmeettheminimumrequirementsforWindows 7.
Operatingsystem:
Windows 7Ultimate,Windows 7Enterprise,orWindowsServer2008R2(备注:
BitLockerisanoptionalfeatureofWindowsServer2008R2.UseServerManagertoinstallBitLockeronacomputerrunningWindowsServer2008R2.)
HardwareTPM:
TPMversion 1.2,ATPMisnotrequiredforBitLocker;however,onlyacomputerwithaTPMcanprovidetheadditionalsecurityofpre-startupsystemintegrityverificationandmultifactorauthentication.
BIOSconfiguration:
ATrustedComputingGroup(TCG)-compliantBIOS.TheBIOSmustbesettostartfirstfromtheharddisk,andnottheUSBorCDdrives.TheBIOSmustbeabletoreadfromaUSBflashdriveduringstartup.
Filesystem:
AtleasttwoNTFSdiskpartitions,oneforthesystemdriveandonefortheoperatingsystemdrive.Thesystemdrivepartitionmustbeatleast100megabytes(MB)andsetastheactivepartition.
6、Whyaretwopartitionsrequired?
Whydoesthesystemdrivehavetobesolarge?
TwopartitionsarerequiredtorunBitLockerbecausepre-startupauthenticationandsystemintegrityverificationmustoccuronaseparatepartitionfromtheencryptedoperatingsystemdrive.Thisconfigurationhelpsprotecttheoperatingsystemandtheinformationintheencrypteddrive.InWindows Vista,thesystemdrivemustbe1.5gigabytes(GB),butinWindows 7thisrequirementhasbeenreducedto100MBforadefaultinstallation.ThesystemdrivemayalsobeusedtostoretheWindowsRecoveryEnvironment(WindowsRE)andotherfilesthatmaybespecifictosetuporupgradeprograms.Computermanufacturersandenterprisecustomerscanalsostoresystemtoolsorotherrecoverytoolsonthisdrive,whichwillincreasetherequiredsizeofthesystemdrive.Forexample,usingthesystemdrivetostoreWindows REalongwiththeBitLockerstartupfilewillincreasethesizeofthesystemdriveto300MB.Thesystemdriveishiddenbydefaultandisnotassignedadriveletter.ThesystemdriveiscreatedautomaticallywhenWindows 7isinstalled.
7、WhichTrustedPlatformModules(TPMs)doesBitLockersupport?
BitLockersupportsTPMversion 1.2.BitLockerdoesnotsupportpreviousversionsofTPMs.Version 1.2TPMsprovideincreasedstandardization,securityenhancement,andimprovedfunctionalityoverpreviousversions.Inaddition,youmustuseaMicrosoft-providedTPMdriver.
注意事项:
WhenusingBitLockerwithaTPM,itisrecommendedthatBitLockerbeturnedonimmediatelyafterthecomputerhasbeenrestarted.IfthecomputerhasresumedfromsleeppriortoturningonBitLocker,theTPMmayincorrectlymeasurethepre-bootcomponentsonthecomputer.Inthissituation,whentheusersubsequentlyattemptstounlockthecomputer,theTPMverificationcheckwillfailandthecomputerwillenterBitLockerrecoverymodeandprompttheusertoproviderecoveryinformationbeforeunlockingthedrive.
8、HowcanItellwhethermycomputerhasaTPMversion 1.2?
ClickStart,clickControlPanel,clickSystemandSecurity,clickBitLockerDriveEncryption,andthenclickTurnOnBitLocker.IfyourcomputerdoesnothaveaTPMversion 1.2ortheBIOSisnotcompatiblewiththeTPM,youwillreceivethefollowingerrormessage:
AcompatibleTrustedPlatformModule(TPM)SecurityDevicemustbepresentonthiscomputer,butaTPMwasnotfound.PleasecontactyoursystemadministratortoenableBitLocker.
IfyoureceivethiserrormessageonacomputerthathasaTPM,checkifeitherofthefollowingsituationsappliestoyourcomputer:
SomecomputershaveTPMsthatdonotappearintheWindows 7TPMMicrosoftManagementConsolesnap-in(tpm.msc)duetoaBIOSsettingthathidestheTPMbydefaultanddoesnotmaketheTPMavailableunlessitisfirstenabledintheBIOS.IfyourTPMmightbehiddenintheBIOS,consultthemanufacturer'sdocumentationforinstructionstodisplayorenabletheTPM.
SomecomputersmighthaveanearlierversionoftheTPMoranearlierversionofthesystemBIOSthatisnotcompatiblewithBitLocker.ContactthecomputermanufacturertoverifythatthecomputerhasaTPMversion 1.2ortogetaBIOSupdate.
9、CanIuseBitLockeronanoperatingsystemdrivewithoutaTPMversion 1.2?
Yes,youcanenableBitLockeronanoperatingsystemdrivewithoutaTPMversion1.2,iftheBIOShastheabilitytoreadfromaUSBflashdriveinthebootenvironment.ThisisbecauseBitLockerwillnotunlocktheprotecteddriveuntilBitLocker'sownvolumemasterkeyisfirstreleasedbyeitherthecomputer'sTPMorbyaUSBflashdrivecontainingtheBitLockerstartupkeyforthatcomputer.However,computerswithoutTPMswillnotbeabletousethesystemintegrityverificationthatBitLockercanalsoprovide.
TohelpdeterminewhetheracomputercanreadfromaUSBdeviceduringthebootprocess,usetheBitLockersystemcheckaspartoftheBitLockersetupprocess.ThissystemcheckperformsteststoconfirmthatthecomputercanproperlyreadfromtheUSBdevicesattheappropriatetimeandthatthecomputermeetsotherBitLockerrequirements.
ToenableBitLockeronacomputerwithoutaTPM,youmustenablethe“Require
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- bitlocker 文献 翻译
![提示](https://static.bdocx.com/images/bang_tan.gif)