Technology Tips and News
I'm considering deploying bitlocker on my servers that have a TPM or USB key, however I wonder if this even makes sense.
If someone has psychical access to the server they can also access the TPM or USB key and access the data, correct?
Then what is the point in using bitlocker? It makes sense if someone removes the SSD or HDD from the server, but not when they have access to the entire system.
It's like this: with tpm in effect, you can boot the server hands-free, so if it crashes, it will restart automatically unattended, which is a very important thing. Also, it will not require attendance for maintenance reboots like for updates.
If an attacker steals the machine, he can boot it but he cannot logon. If it is outside the domain environment, the network firewall will by default block all network access. In other words, there's no way to get in.
The only attack scenario would be the cold boot attack as shown here https://www.youtube.com/watch?v=JDaicPIgn9U which is a realistic scenario if the memory is removable and you think the attacker is really prepared to do it.
It's like this: with tpm in effect, you can boot the server hands-free, so if it crashes, it will restart automatically unattended, which is a very important thing. Also, it will not require attendance for maintenance reboots like for updates.
If an attacker steals the machine, he can boot it but he cannot logon. If it is outside the domain environment, the network firewall will by default block all network access. In other words, there's no way to get in.
The only attack scenario would be the cold boot attack as shown here https://www.youtube.com/watch?v=JDaicPIgn9U which is a realistic scenario if the memory is removable and you think the attacker is really prepared to do it.
Hi Gijs007,
BitLocker encrypts the hard drives on your computer to provide enhanced protection against data theft or exposure on computers and removable drives that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned as it is much more difficult to recover deleted data from an encrypted drive than from a non-encrypted drive. Therefore If you enabled the Bitlocker the computer theft is very low risk situation.
The TPM is import component in Bitlocker, but as far as I know USB dongle is not supported when you use Bitlocker.
More information.
BitLocker Frequently Asked Questions (FAQ)
https://technet.microsoft.com/en-us/library/hh831507.aspx#BKMK_WhatIsBitLocker
Using Smart Cards with BitLocker
https://technet.microsoft.com/en-us/library/dd875530(v=ws.10).aspx
Im glad to be of help to you!
Surely, USB thumb drives are supported as protector, but for a server, it would make no sense, because it should be able to restart unattended. Therefore, we would have to leave the usb key plugged in which is non-sense.
About theft being a "low risk situation" - watch my linked youtube clip, it all depends on who we have to fear.
But if someone in the datacenter can just boot up the server don't they have access to the data as well?
I've noticed that even if the server is just booted (but no user has logged in) applications that run as a service can already access the data on the encrypted hard drive (at least when autounlock is enabled, which is desired because we want the server to be
up and running after a power outage without admin intervention).
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier