1
00:00:00,870 --> 00:00:07,050
What happens if the computer's integrity is confirmed Let's suppose that someone stole our laptop.

2
00:00:08,940 --> 00:00:14,310
One of the tasks have been loggers to protect laptops from theft.

3
00:00:14,330 --> 00:00:18,010
This does not mean that someone cannot steal her laptop.

4
00:00:18,050 --> 00:00:22,360
It means that if someone has stole it you can't read the data on the disk.

5
00:00:24,370 --> 00:00:27,550
Someone who steals our computer will probably turn it on.

6
00:00:27,570 --> 00:00:29,460
Bill Lockyer will be invisible to them.

7
00:00:31,530 --> 00:00:36,530
The key will be reading decrypted with the TPM module then it will be decrypted with the next key.

8
00:00:36,540 --> 00:00:41,030
And finally the entire disk will be decrypted.

9
00:00:41,160 --> 00:00:48,990
They will see the log in window if her password is easy to guess and the attacker enters it.

10
00:00:49,110 --> 00:00:56,200
He has access to decrypted data all investment and time devoted to encryption is useless.

11
00:00:57,020 --> 00:01:04,220
What then does bit locker protect from it protects if someone has physical access to the computer.

12
00:01:05,220 --> 00:01:12,130
You will not be able to run it under the control of another system other than the original details of

13
00:01:12,130 --> 00:01:14,210
the TPM modules will not agree.

14
00:01:15,480 --> 00:01:19,730
The attacker will not start the computer from the old cracked CD like we did previously.

15
00:01:21,600 --> 00:01:26,640
For the same reason the attacker will not copy the Sam security and system files because they won't

16
00:01:26,640 --> 00:01:30,860
even know where they are on the drive.

17
00:01:30,870 --> 00:01:33,670
He also can't really and he can't change their content.

18
00:01:35,140 --> 00:01:40,880
Bit locker although it's not very invasive and invisible is very effective as long as we use difficult

19
00:01:40,880 --> 00:01:45,160
passwords to guess.

20
00:01:45,360 --> 00:01:54,980
Since we have an encrypted disk why encrypt individual files why do we still need ferse once we have

21
00:01:54,980 --> 00:02:02,500
an encrypted disk we're protected against local attacks therefore bit Locker's often enabled on servers

22
00:02:02,500 --> 00:02:07,810
as well as laptops in order to additionally ensure the safety of these critical devices.

23
00:02:09,890 --> 00:02:15,920
What will happen if we would like to exchange confidential data with other users Bill locker and true

24
00:02:15,920 --> 00:02:18,000
crypto will not allow it in any way.

25
00:02:19,260 --> 00:02:27,040
We need to have a solution operating in a higher layer not between a physical and logical does but between

26
00:02:27,040 --> 00:02:35,000
a folder and what the operating system sees the folder content your first comes to our aid

27
00:02:38,390 --> 00:02:42,490
if it is available since Windows 2000.

28
00:02:42,560 --> 00:02:45,060
The mechanism of action is as follows.

29
00:02:46,100 --> 00:02:48,440
To encrypt something we need a key.

30
00:02:48,650 --> 00:02:54,890
If we don't have it then when we try to encrypt the first file or computer reports on our behalf a request

31
00:02:54,890 --> 00:03:02,610
to issue the certificate with a key the request will be reported to the domain keyed distribution center.

32
00:03:05,510 --> 00:03:09,350
If such does not exist then our computer will issue us a certificate

33
00:03:12,300 --> 00:03:18,130
a public key will be in the Received certificate a private key is also linked with the certificate which

34
00:03:18,130 --> 00:03:20,850
we write and the user profile.

35
00:03:20,880 --> 00:03:25,710
This is very important deleting a user profile.

36
00:03:25,790 --> 00:03:34,350
It's loss damage or resetting the password involves loss of the FS key.

37
00:03:34,390 --> 00:03:43,650
Now having private and public keys we can generate a file encryption key or FAQ with this symmetric

38
00:03:43,650 --> 00:03:49,290
key we can encrypt our file to decrypt such a file.

39
00:03:49,290 --> 00:03:52,510
We need to have access to the effect queue which we just talked about.

40
00:03:53,800 --> 00:04:03,550
Think about it as a session key re-encrypt the session key with the previously received FS key with

41
00:04:03,550 --> 00:04:07,420
the same FNQ we can also encrypt the additional ESF keys.

42
00:04:08,970 --> 00:04:11,040
This is what is frequently done.

43
00:04:13,310 --> 00:04:18,700
These are the keys of persons with whom we'd like to exchange an encrypted file or key recovery agent

44
00:04:20,500 --> 00:04:25,080
this person will be able to decrypt the key and thus decrypt encrypted files.

45
00:04:25,210 --> 00:04:26,890
If something happens to our profile

46
00:04:33,030 --> 00:04:40,510
a modular structure of the operating systems was used with the ESF an additional component was introduced

47
00:04:40,510 --> 00:04:43,150
between the layers.

48
00:04:43,210 --> 00:04:46,380
In this case it's the NTFS driver layer.

49
00:04:46,390 --> 00:04:48,790
In other words the new technology file system

50
00:04:53,710 --> 00:05:01,580
the encryption itself runs completely automatically in a moment we'll see how does it look from the

51
00:05:01,580 --> 00:05:02,920
user's perspective.

52
00:05:04,640 --> 00:05:10,400
In order to ensure security and additional NTFS driver component first checks whether we have all the

53
00:05:10,400 --> 00:05:21,570
necessary keys for example is the user profile loaded next it generates a key encrypting it for security

54
00:05:22,770 --> 00:05:25,990
then a backup copy or a temporary file is created.

55
00:05:27,030 --> 00:05:32,930
The new file is located in the same folder as the file that we want it to encrypt the content of the

56
00:05:32,930 --> 00:05:35,720
newly created file is encrypted.

57
00:05:35,720 --> 00:05:40,320
The file is marked as encrypted when transferring to it.

58
00:05:40,330 --> 00:05:42,540
Data from the original file.

59
00:05:42,620 --> 00:05:44,730
The data itself is also encrypted.

60
00:05:45,610 --> 00:05:52,670
This is what happens when selecting the file encrypt attribute the original file will be cleared if

61
00:05:52,670 --> 00:05:53,210
everything.

62
00:05:53,270 --> 00:05:54,530
Well so far.

63
00:05:54,650 --> 00:06:00,670
The content of the temporary file is transferred back to the original file.

64
00:06:00,710 --> 00:06:05,480
The content is encrypted and remains so in the meantime.

65
00:06:05,590 --> 00:06:13,110
The original file was marked as encrypted saving the information about the encrypted file and the entire

66
00:06:13,110 --> 00:06:15,470
operation.

67
00:06:15,590 --> 00:06:20,270
The temporary log file is automatically deleted.

68
00:06:20,290 --> 00:06:28,330
The procedure is repeated if we have recovery agents or persons whose kids we write in the file.

69
00:06:28,370 --> 00:06:35,540
The final effect is that we have an encrypted file and then the DDL and Diyar fields of this file encrypted

70
00:06:35,780 --> 00:06:44,920
keys are placed there as many keys as there are people who have shared access to the file.

71
00:06:45,010 --> 00:06:50,560
We are the one that encrypted the file the recovery agent and the person we want to share the file with

72
00:06:54,460 --> 00:06:58,950
the decryption procedure is very similar.

73
00:06:58,950 --> 00:07:03,170
First we must have access to the key to do this.

74
00:07:03,170 --> 00:07:07,600
We check what's in the ZDF and Diarra fields of the file.

75
00:07:07,690 --> 00:07:11,470
We read the contents of these fields meaning the encrypted keys.

76
00:07:11,740 --> 00:07:12,780
Then we decrypt them

77
00:07:15,900 --> 00:07:17,750
having the decrypted key.

78
00:07:17,940 --> 00:07:24,300
We can try to decrypt the file itself and transfer its contents to an application for example display

79
00:07:24,300 --> 00:07:25,830
the text file in the notepad.