How can I encrypt my PowerSpec G223 ?

St_Nick

I have a Powerspec G223 with a MSI B360-A Pro motherboard. I'm running Win 10 Pro on it. 
In theory, Win 10 Pro should provide BitLocker capability.
Last night I decided to get serious about my computer security, and thought I'd activate BitLocker. The guys on TenForums indicated I'd need TPM.2 to get it done, so I went looking. I could not find evidence of one last night. This morning I contacted MSI who told me the board does not ship with a TPM chip, although the documentation says it has a socket, and a recent BIOS update they offer is described as improving TPM functionality.
Many questions arise: 
Does Microcenter add a TPM chip in the build of this box before sale?
If not, I guess I could add a TPM, but I do not feel comfortable messing with the MB hardware.
The UEFI indicated that the Secure Boot was disabled, which took me down the rabbit hole of trying to enable Secure Boot, but I do not seem to have the necessary platform key, unless it is hiding on the initial installation driver disc or somewhere else not know to me.
In any case, do you recommend enabling Secure Boot, providing I can find a key?
Is the platform key something I can get (or find out where I might have it), or am I just going to have to go to Gpg4win or another pure software solution?

TSTDavey

Hello @St_Nick thanks for posting on the Microcenter Community Forum. Bitlocker is really only a feature used for laptops for incase they are stolen. Desktopa like the Powerspec G223 are rarely stolen due to the weight of them, but they are still susceptible to theft if a thief really wants to carry a 20 ILB computer tower out of a home. Its a lot of work to install a TPM2 chip. You are better off purchasing a motherboard that has it, but again most desktop computers do not come with the chip due desktops are not as vulnerable to theft like a laptop.

Let us know what areas of security with your desktop that you are concerned about. We can then give technical advise on what Windows 10 Pro security and encryption features you can enable (excluding bitlocker) or software that could be leveraged to address your security concerns; as Bitlocker is really for laptops and not desktops.

St_Nick

I am concerned about hacking and IP theft, which is why I'm intending to lock this 20 lb. sucker down, but as I do not seem to have a TPM module, that makes it harder to do. Might buy one, but your sales team said you don't have any.
That is also why I was looking at gpg4win as an alternative. 

TSTDavey

@St_Nick for hacking and IP theft you may want to look at a VPN. All bitlocker does is encrypt data files on your hard drive incase it's stolen. A hacker if hacked into your computer could still get your bitlocker encrypted password if they are monitoring your keystrokes. Windows has standard encryption capability as well. Our MC store has NordVPN, there is also Private Internet Access (PIA), as another VPN to use to hide your IP address. You also want to make sure you have a firewall on your desktop, don't use the Windows firewall. You can use our Eset Internet Security which has a firewall or Norton is another security program with firewall capability. Two programs will help prevent hackers and IP theft, this would be firewall security software (ex., Eset, etc.) and VPN software. You could still encrypt your data on your computer if its sensitive data and you feel it needs to be encrypted by using windows encryptions. The Firewall and VPN will help prevent hackers from getting into the computer.


https://forums.tomshardware.com/threads/should-i-use-bitlocker.3333461/ 

St_Nick

Thanks, TST.
From what I've gathered, Tor provides VPN for free for some uses. Of course, I will consider other alternatives.
I purchased NOD internet security and have the firewall up, but am looking for multi-layered security.
As I indicated with that little screen shot is that I do not seem to have the MSFT encryption capability available. I do not have a TPM module because Microcenter did not think it worth the while to plug one in, and does not carry them in inventory. How would you suggest I use MSFT tools to encrypt, given my particular situation?
I want a way to make whatever is taken from me unreadable by the person who might get it. I would view myself as a potential random victim of hacking. I doubt anyone has been viewing me as a huge target, because actually there would be little of monetary value in snitching my stuff. As a result, I doubt I have a keystroke recorder on board, especially after regular NOD screenings.
Nonetheless, I still have cloud data hanging around out there that I would prefer was not for the taking. I view it as a big laptop in the sky, if you catch my drift.
Thoughts?

TSTDavey

@St_Nick for a personal computer  VPN and Firewall will do the job. If you don't have a large network or large business (fortune 500) that require advanced network security, the VPN and firewall is really best option for a home personal windows computer. You can use the file encryption if you choose to do so, just don't loose the encrypted file password. It would be not good if you lose that password. You are really safe with just the VPN and firewall. You really won't need to encrypt files as your ESET firewall will alert you of any hacking activity or intrusion and block them.  Below are links related to multi-layered security. Your Eset Internet Security already includes features that provide multiple layered security such as a network firewall, IDS and IPS along with some Proxy features. I've also included a link on how to encrypt folders or files and a youtube video.

Link (Multi-layer Security)
https://heimdalsecurity.com/blog/protect-your-pc-multiple-layers-security/ 

Link (How to protect your computer)
https://www.cio.com/article/2399075/how-to-build-multiple-layers-of-security-for-your-small-business.html 

Link (How to encrypt a file or folder in Windows)
https://support.microsoft.com/en-us/windows/how-to-encrypt-a-file-1131805c-47b8-2e3e-a705-807e13c10da7 

Link (How to encrypt files or folders in Windows VIDEO)
https://www.youtube.com/watch?v=uF_ewHntpeg 

St_Nick

That was very helpful, thanks.
While I may be a bit unusual in my expression of concern, or even in trying to take action, as a small business guy running on the home office computer I have a number of connections going in and out of the network. The practices outlined in the vids you linked sound reasonable, and, while I do not have a metric for the intensity of the defense to be prepared for that is expressed as a $ of potential loss, such a number would seem useful in determining when it is the right time to scale up on this effort.
Happy new year to you, TST.