Operating system security generalities in fact includes two aspects of the content, respectively, the operating system itself security and operating system data security. In the Windows7, the security and stability of the operating system are improved to a large extent through UAC control mechanism, system backup and restore. So we're not just asking, Windows7 is there any new measures to protect data security? The answer is exciting. In Windows7, it proposes a new data protection mechanism, that is, BitLocker. This tool can protect the security of enterprise information files.
As shown in the figure above, it is the interface that starts the BitLocker drive. By default, the Windows operating system does not start this BitLocker feature. If your organization has a high security requirement for your data files, you can start this feature as appropriate. So what are the features of this feature? What are the limitations of its use? The author will solve this puzzle today.
One, BitLocker differs from the EFS encryption mechanism.
Anyone who has ever used a Windows operating system knows that, starting with the 2000 operating system, Microsoft has implemented a file format called NTFS on the operating system. This file format is relatively secure and stable compared to the file format root FAT32. And in this zoning format, Microsoft has also achieved a lot of exciting features. The EFS file encryption mechanism is one of them. So what does this EFS file encryption mechanism have to do with this BitLocker? What's the difference?
The first thing to be sure is that both of these technologies are good file protection mechanisms that can largely protect the security of data files. But they have a big difference: EFS is encrypted for a particular file or folder. BitLocker, however, is encrypted for the entire drive. In other words, with EFS technology, users can selectively encrypt important files or folders. And if BitLocker is used, the user does not have the option. It either encrypts all the folders on a drive or does not encrypt all of them. This is the main difference between the two file encryption mechanisms.
But they also have a lot in common. This is transparent to end users, whether it is an EFS encryption system or a BitLocker protection mechanism. This is mainly reflected in the following several aspects. First of all, as long as the legitimate user, its access to data, is not aware of this protection measures exist, whether the data encryption or decryption process, are completed in the background, do not require user intervention. If BitLocker technology is implemented on a drive, the operating system automatically encrypts it when the user saves the file to that drive. The operating system will also automatically decrypt the next time it is accessed. Second, if other non-preferred users try to access encrypted data, they are prompted by an "Access Denied" error. Whether it is an EFS encryption system or a BitLocker protection mechanism, it protects users from unauthorized access. Third, their user verification process is done by logging on to the Windows operating system. In other words, their key is directly linked to the operating system's account. For this reason, if the user illegally copies the files to another host, if they do not have the owner's authorization (certificate), then other illegal users will not be able to open the files even if they have them.
It can be seen that EFS has many of the same places as this BitLocker protection mechanism. So why would Microsoft bother to develop this BitLocker file encryption protection mechanism? This is mainly because the protection mechanism still has its own many characteristics. These features, to some extent, make up for the lack of EFS file encryption system.