Bitlocker AND EFS, or Bitlocker OR EFS?

I am researching implementing encryption in our enterprise. I am trying to understand how EFS and Bitlocker work together or sepoerately. In a case where your primary goal is to protect data, would you need both EFS and Bitlocker? If you encrypt the whole drive with Bitlocker, why would you still need the EFS system with all of the user interferance? When would you want to have both? Or is Bitlocker just the newer version/replacement product for encryption through Microsoft?
bisselltechsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rich RumbleSecurity SamuraiCommented:
They are different functions of encryption. EFS is file level, and BitLocker is filesystem level. EFS can be used for this folder or that folder, and bitlocker works on the whole HD or partition. Both thwart offline attacks, like if a LT is stolen, the HD is encrypted, and that is enough for most attackers to stop. EFS only encrypts what you tell it to, and it can't encrypt everything which is by design, and EFS has a few flaws working against it that make it possible to recover the files. If bitlocker, trueCrypt, PointSec or pgpdisk was used on that LT, no data is recoverable (that we know of) because there are no temporary files where one might find plain-text version of encrypted files (as can be the case with efs).
http://articles.techrepublic.com.com/5100-10878_11-6162949.html
That should be the perfect article for this subject. There are alternatives to bit locker, and the hack that bypass's all the ones I just listed is pretty cool, very james bond, but impractical see here:
http://citp.princeton.edu/memory/
Now SeaGate Momentus FDE hard drives do not suffer from the same "hole/flaw" and since the encryption is hardware level, it's faster an takes nothing away from the CPU.
-rich
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bisselltechsAuthor Commented:
So if you are running single hard drives on the laptops, and you used Bitlocker to encrypt the whole drive, it seems like you really wouldn't need EFS, is that correct?
0
Rich RumbleSecurity SamuraiCommented:
Basically yes... EFS is "seemless" encryption, and if someone stole the LT while it was turned on and the screen did not lock, they could view/copy the EFS files as long as you were logged on still. Even though the drive is encrypted, while the OS is running, it looks like plain-text so again in that situation neither solution protects you. If the files of importance were kept inside an encrypted container like a password protected zip file or truecrypt container, then that data is more secure than using EFS or HD encryption, that is in that situation where the LT is stolen out of your hands or after you walked away for a minute and it is logged in.
-rich
0
Rich RumbleSecurity SamuraiCommented:
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.