CST 610 Proj 4

ADDITIONAL LAB GUIDANCE

Below is a list of additional guidance and/or recommendations for your lab experience report:

· Completing the labs: All sections or parts of the labs should be completed as required.

· Answering the lab questions: You are required to answer all the lab questions (if any).

· Taking screenshots: While taking screenshots is recommended in your lab, try to limit them and only focus on the applicable ones to support your lab report.

· Writing your lab experience report: You are required to write a summary of the lab experience report based on your findings and incorporate them into your final deliverables.

· File name convention: Please change the generic file name of this template to reflect part of your name, the course ID, or the project/lab title.

· e.g. 1: CST610 Project 4 Lab-Data Protection with Bitlocker Drive Encryption

· e.g. 2: CST610 Project 4 Lab-Data Protection with Bitlocker Drive Encryption—John Doe

· e.g. 3: CST610-Project 4 Lab_Data Protection with Bitlocker Drive Encryption (5/15/22)

In compiling your findings, think of how your experience performing the labs is related to the overall project goals. You are required to collect information from the lab to understand potential vulnerabilities and other security challenges, analyze, create your lab report, and incorporate key components in the final project report.

Please do well to pay attention to each item above and use it as a supplemental guide besides the project requirements. Finally, note that successfully completing the lab is important for achieving the overall project goals.

As a cybersecurity consultant, you were hired to secure AbriteXI’s sensitive data and ensured that the company

has the highest levels of security posture required to prevent data exfiltration, as well as potential attacks. By performing this lab, you have been able to ensure the highest levels of security required to prevent data exfiltration by employing BitLocker Drive Encryption (BDE). Specifically, you decided to use BDE as a data protection tool to integrate with the internal operating system (OS) and encrypted user hard drives with the aim of addressing threats to data privacy. Based on the knowledge and experience gained from the lab about the use of BitLocker encryption, answer the following questions.

PART 2—TASK 2, TASK 3, TASK 4: Performing BitLocker Encryption/Decryption, Changing Encryption/Decryption Password, TPM chip

1. Comment on what the PowerShell command outputs above indicate. There will be additional questions for you to answer later in this lab.

The PowerShell command output results in the TPM configuration. In the above example, it tells us ‘TpmPresent : False’ indicating that there is no TPM installed.

2. In your opinion, how does BitLocker work and how can you tell if a TPM is on my computer?

Bitlocker encrypts the entire drive. You can configure a password prompt when specific locations are accessed. If you run PowerShell and run the command “Get-TPM”, it will tell if TPM is installed.

3. Can you use BitLocker on an operating system drive without a TPM?

BitLocker can run the OS with TPM, if you load if from a USB flashdrive from boot.

4. Why do you think attempt to enable BitLocker on the C drive without a TPM prompted the error message that the administrator must set the Allow BitLocker without a compatible TPM option?

The error indicates that TPM is not installed, but enabling BitLocker is possible as long as an Admin account enables it to do so without a TPM. This a good protective measure against unwanted configuration, whether accidental or malicious.

5. In your opinion, why do you think you were able to encrypt the Data-A(H:) drive? What is the OS security implications of this requirement?

I was able to due to being signed in as an Admin. This requirement ensures that encryption is both legitimate and purposeful, and prevents malicious tampering.

6. When a drive is encrypted with BitLocker and the BitLocker lock is on, what options do you have to manage that drive in the Manage BitLocker utility?

In this instance, the only option really, is to unlock the drive.

7. Other than the encryption keys that need to be generated and stored, why does BitLocker require a TPM chip?

The TPM chip is required to store encryption keys, similar to NVRAM while the machine is powered down.

8. What is the best practice for using BitLocker on an operating system drive and what role does TPM play? [hint: Think of the advantages of a TPM chip?]

Enable it on all drives and PIN protect it from decryption. The role of the TPM chip is to store encryption keys while the machine is powered down. This enables to BitLocker to use stored keys rather than an external USB drive, upon startup.

What credentials are required to use BitLocker and does BitLocker support multifactor authentication?

BitLocker requires a PIN, MFA is supported.

9. Based on your experience conducting this lab, how long do you think initial encryption will take when BitLocker is turned on, and what happens if the computer is turned off during encryption or decryption?

In my experience, initial encryption was fairly quick, however, I suspect actual time will depend upon drive size and speed. If encryption or decryption is interrupted by power loss, it will pick up where it left off when power resumes.

10. Based on your experience conducting this lab, what is the difference between a recovery password and a recovery key? Where are the encryption keys stored?

A recovery password is randomly generated and saved to a specific location, whereas a recovery key is a password you input to access drives locked by BitLocker.

OPTIONAL QUESTIONS:

1. Was the C drive encryption successful? Why or why not?

2. What do you think about storage of the recovery key and an encrypted device?

3. Document your observations based on your experience conducting BitLocker encryption. Please do well to document any errors if any.

NOTE: Proceed to the next page and use the space provided to compile a summary of your lab experience report. Use additional space as necessary to complete the report.

SUMMARY OF THE LAB EXPERIENCE REPORT

Use the space below to summarize your lab experience report based on your findings from the lab, making sure to complete all required actions in each step of the lab and respond to all questions. Be sure to incorporate key part of your findings in your final project report for submission to your professor. You may use additional space as necessary to complete the lab.

BitLocker is a great tool for encryptin drives for both personal and business use. With BitLocker you can encrypt your whole drive, BitLocker will ony allow decryption with the use of recovery key to prevent unwanted or malicious access. Only an Admin can turn this system feature on or off. Having TPM installed allowed you to utilize a stored, non-volatile BitLocker encryption key, this bypasses the need to have an external USB drive to unlock it. You can set it so anpassword is required to access locked drives. The time it takes to encrypt a drive depends on several variables, including drive size and speed, and the amount of date being encrypted. This encryption can run in the background, allowing you to utilize the machine. Power interruption will only pause encryption, and will resume when power returns.