Jan 28 2010

Hidden in Plain Sight

You can take advantage of the TPM chip found in most systems to harden desktop and notebook security.

The Trusted Platform Module is an integral part of virtually every enterprise-level computer sold today.

The TPM is typically a separate application-specific integrated circuit that provides hardware-based security by establishing a root of trust for subsequent security measures to build upon.

It can be used to implement solutions for network security, data protection and user authentication, including full-disk and file and folder encryption. For example, Microsoft’s BitLocker encryption feature (included in the Windows Vista and Windows 7 operating systems) can use the TPM to secure the encryption key.

Before a TPM can be used, it must be activated and enabled. The process for this varies with different computers, but these three steps provide a basic outline:

Step 1: Activate the TPM. Turn on the computer and enter the BIOS. From the BIOS, change the TPM’s status from inactive to active. Sometimes the BIOS doesn’t say “TPM.” If you don’t find TPM, then look for words such as “security chip” instead. Some computers come with software to automate this step, such as Vista’s TPM Initialization Wizard.

Step 2: Install or initialize TPM utility software. If your computer came with TPM utility software, start it up or install it. Again, the software may say “security chip” instead of TPM. If you can’t find any such software, you’ll need to buy it. Vista and Windows 7 include basic TPM utility software, which may be sufficient.

Step 3: Take ownership of the TPM. Use the TPM utility software to assume control of the TPM. In simple terms, this lets you set a TPM password.

After completing these three steps, you can start using the TPM for specific applications.

Security hardware is an invaluable tool in the constant battle to thwart attackers. Because all new machines (and most that came on the market after 2003) already have TPMs, why not use them?