1 00:00:00,770 --> 00:00:04,770 Let's see now work with the emphasis on looks and practice. 2 00:00:04,940 --> 00:00:11,060 Let's take a look at the properties of our hard disk work with bit locker results and the fact that 3 00:00:11,060 --> 00:00:18,730 the TPM module needs to be initiated and then we can turn on bit locker in order to do so. 4 00:00:19,130 --> 00:00:26,050 We must not only have the right version but also have the correct edition of Windows the Enterprise 5 00:00:26,050 --> 00:00:27,340 Edition allows encryption. 6 00:00:27,370 --> 00:00:33,400 While the professional does not since we're starting this process for the first time we need to protect 7 00:00:33,400 --> 00:00:38,440 the key with an additional password as we've already mentioned. 8 00:00:38,460 --> 00:00:43,740 This means that there will be two copies of the key for the password to be safe. 9 00:00:43,740 --> 00:00:46,380 It has to be generated for us. 10 00:00:46,380 --> 00:00:50,300 We can also save it to a file and move it from the disk to a safer place. 11 00:00:51,080 --> 00:00:58,440 We can also print it or put it on a USP flash drive the whole procedure after the initiation of the 12 00:00:58,440 --> 00:01:01,560 TPM module was almost ready. 13 00:01:01,560 --> 00:01:07,950 Clicking two more times would have started the encryption of disks see. 14 00:01:07,980 --> 00:01:15,170 Let's see now if the TPM module is initialized more operations may be related to the TPM module 15 00:01:21,590 --> 00:01:30,410 as can be seen we can configure operations supported by a given TPM module in our case the TPM module 16 00:01:30,410 --> 00:01:36,660 has already been initialized meaning it's been turned on and protected by a password. 17 00:01:36,790 --> 00:01:41,190 You can only turn off reset or clear the password. 18 00:01:41,350 --> 00:01:47,790 The TPM module that is prepared in this way is sufficient for the correct operation of bit Lucker. 19 00:01:47,950 --> 00:01:52,280 From now we encrypt the system disk or additional disks. 20 00:01:52,310 --> 00:01:55,840 However working with the EFA system is a bit more complicated. 21 00:02:00,480 --> 00:02:03,590 On the disk let's create a text file and save some text in it. 22 00:02:05,470 --> 00:02:10,990 Encryption results in the setting of a certain NTFS object attribute file or folder 23 00:02:14,990 --> 00:02:19,820 open the object's advanced attributes where we can compress or encrypt the file 24 00:02:22,930 --> 00:02:27,880 when encrypting a file will have the opportunity to see a warning telling us that folders rather than 25 00:02:27,880 --> 00:02:29,570 files should be encrypted. 26 00:02:32,380 --> 00:02:35,660 Folder encryption means encrypting all the files in that folder. 27 00:02:37,400 --> 00:02:41,000 In that case why should we encrypt folders that files. 28 00:02:41,800 --> 00:02:49,670 Because having an encrypted folder newly created files in that folder will also be encrypted many programs 29 00:02:49,730 --> 00:02:57,360 including programs in office create temporary copies of files with which we're working if the folder 30 00:02:57,360 --> 00:03:02,850 is unencrypted and we work with an encrypted file the created copies will not be encrypted. 31 00:03:05,580 --> 00:03:07,510 It should be deleted when we finish work. 32 00:03:07,530 --> 00:03:11,530 But that does not always happen. 33 00:03:11,540 --> 00:03:17,670 We however encrypt the file or self what had happened. 34 00:03:17,710 --> 00:03:23,180 We can see the files encrypted but its name is marked in a green font. 35 00:03:23,190 --> 00:03:29,180 We also had the opportunity to see that Windows cares for us since the computer issued us a certificate 36 00:03:29,220 --> 00:03:30,720 and yes a file. 37 00:03:30,870 --> 00:03:39,900 It now reminds us to copy and store it in a safe place such as on a flash drive kept in a safe place. 38 00:03:39,980 --> 00:03:44,800 If something happens to our profile we will still have problems with access to this file. 39 00:03:47,960 --> 00:03:54,240 Let's take a look now at the first attribute of this file. 40 00:03:54,250 --> 00:03:58,810 In fact we're the only person that has access to the thicky copy. 41 00:03:58,840 --> 00:04:00,780 There is no one else. 42 00:04:00,940 --> 00:04:05,510 There is no recovery agent. 43 00:04:05,640 --> 00:04:10,250 We do not belong to a domain so there is no administrator who would care for these things. 44 00:04:12,260 --> 00:04:15,670 We also see that everyone has authorization to this file. 45 00:04:15,920 --> 00:04:24,270 It seems so all users have full control. 46 00:04:24,410 --> 00:04:25,190 We'll see what happens. 47 00:04:25,190 --> 00:04:33,210 Now if someone tries to read the file switched now to the account of another user try to open the txt 48 00:04:33,210 --> 00:04:34,710 file you created earlier. 49 00:04:36,220 --> 00:04:39,210 We have privileges to this file but we cannot see its content 50 00:04:43,460 --> 00:04:44,320 we can delete it. 51 00:04:44,330 --> 00:04:52,060 The encryption protects the confidentiality of data and nothing more. 52 00:04:52,120 --> 00:04:55,000 We have mentioned this several times. 53 00:04:55,180 --> 00:04:59,620 If something is encrypted it does not mean that it cannot be changed or deleted. 54 00:05:01,970 --> 00:05:07,610 In this module we discussed technologies that allow protecting all data stored on hard disks. 55 00:05:07,700 --> 00:05:16,340 We focused on the encryption of entire disks and in particular the encryption using bit locker technology. 56 00:05:16,350 --> 00:05:21,430 We also talked of how ESF technology complements bit locker technology. 57 00:05:21,450 --> 00:05:27,640 I hope that the information in this module will help you ensure confidentiality of data even if the 58 00:05:27,640 --> 00:05:30,240 data carrier falls into the wrong hands. 59 00:05:30,610 --> 00:05:31,090 Thank you.