WEBVTT

00:00.360 --> 00:05.940
One of the most powerful tools you have in your toolbox when it comes to data security is description

00:06.250 --> 00:12.930
disk encryption as the name implies literally encrypts the data that is stored on your mass storage.

00:12.930 --> 00:18.240
We usually think about this in terms of hard drives but it works for just about any type of mass storage.

00:18.240 --> 00:22.180
The important thing that we have to be comfortable with disk encryption is well.

00:22.200 --> 00:25.290
Number one it could slow systems down.

00:25.290 --> 00:32.070
So if you have a big file server for example that was really doing a lot of data moving I probably wouldn't

00:32.070 --> 00:37.860
consider disk encryption where we do like to use description is number one any devices that are out

00:37.860 --> 00:38.460
in the wild.

00:38.460 --> 00:43.650
So mobile devices laptops smartphones whatever we might have out there.

00:43.890 --> 00:50.940
Also if you have desktop systems that may not move but may not have really good physical security because

00:51.240 --> 00:54.910
that's really where the power of description comes into play.

00:54.990 --> 00:59.750
And that is somebody can get to it and they're just not going to be able to access that data.

00:59.760 --> 01:05.910
There are no really well-known common ways to crack almost any type of the many many types of description

01:05.910 --> 01:06.270
out there.

01:06.270 --> 01:12.390
Now when we're talking about disk encryption you can pretty much break all the encryption tools into

01:12.390 --> 01:13.420
two camps.

01:13.430 --> 01:19.290
There's the camp that has TPM or a Trusted Platform Module support and there's the camp that doesn't

01:19.980 --> 01:27.000
TPM or Trusted Platform Module simply means that you have a chip burned into the device if it's a laptop

01:27.000 --> 01:28.570
it's on the motherboard somewhere.

01:28.600 --> 01:30.540
If it's a smartphone it's in the electronics.

01:30.660 --> 01:38.460
And inside this chip is a full blown public private key and there is no way to get the private key out

01:38.460 --> 01:39.570
of this physical chip.

01:39.570 --> 01:44.940
So with that little tool set you can do some amazing things like for example you've got a motherboard

01:45.190 --> 01:50.010
and you've got a whole system in the system you have a hard drive and that hard drives encrypted.

01:50.190 --> 01:56.310
If a bad guy grabs the hard drive and tries to go do something with it in a far away place.

01:56.310 --> 02:01.560
The fact that it's not connected to the TPM chip will prevent anybody from being able to do anything.

02:01.560 --> 02:09.630
So it is a wildly powerful tool now that doesn't mean that every disk encryption out there that does

02:09.630 --> 02:15.060
not use TPM is bad in fact you'd be surprised who doesn't use TPM.

02:15.060 --> 02:20.880
Now what I want to do is I'm going ahead rebooted my computer and I want to show you because if you

02:20.880 --> 02:26.310
have TPM on almost any system you've got to go ahead turn it on at some level.

02:26.310 --> 02:31.290
And in this case on this particular system I had to turn it on at the highest level so if you take a

02:31.290 --> 02:32.930
look right here.

02:32.970 --> 02:36.250
All right so you see that PTT as they call it there.

02:36.300 --> 02:39.990
That is an example of turning it on at the system level.

02:39.990 --> 02:43.230
I don't know why this motherboard calls it PTT I had to look it up.

02:43.230 --> 02:46.110
That is TPM for that particular system.

02:46.960 --> 02:53.320
So there are lots and lots of wonderful description tools out there.

02:53.380 --> 02:57.430
Probably one of the oldest is something called PGE are pretty good privacy disk.

02:57.550 --> 03:01.030
Been around arguably since the late 90s.

03:01.090 --> 03:03.700
Another popular one was one called True crypt.

03:03.700 --> 03:11.110
I'm using the word past tense because surprisingly in the middle of 2014 the true kit true crypt people

03:11.110 --> 03:15.800
simply said we're out of business and they just kind of almost disappeared.

03:16.000 --> 03:18.310
However true crypt is still available.

03:18.310 --> 03:24.490
In fact there have been forks to true crypt with names like Sipher shed or there's a crypt that really

03:24.490 --> 03:30.040
just pick up where true crypt left off and they are very very powerful tools so if anybody were to ask

03:30.040 --> 03:32.140
you is true crypt bad.

03:32.140 --> 03:36.340
There have been audit's and all types of stuff done to it that says we don't know why these guys quit

03:36.340 --> 03:38.590
doing it but they did.

03:38.770 --> 03:43.050
By the way true crypt completely free within the Windows environment.

03:43.060 --> 03:47.560
You're probably going to be using something like bit locker a bit like comes with all the later versions

03:47.560 --> 03:52.450
of Windows for the office environment and does a great job I'm going to show you that one in just a

03:52.450 --> 03:53.470
minute.

03:54.430 --> 04:00.880
For Mac folks you use something like Firebolt Fauvel is actually very interesting because Macs choose

04:00.880 --> 04:02.260
not to use TPM.

04:02.260 --> 04:06.630
There's some arguments about TPM being used for digital rights management.

04:06.820 --> 04:10.630
So people are keeping you from be able to watch movies and stuff like that.

04:10.840 --> 04:15.430
And that's my opinion as to why Apple probably stayed out of that which is kind of interesting.

04:15.610 --> 04:23.380
If you're in the Linux world you've got to literally probably over 100 different types of encryption

04:23.530 --> 04:26.910
methodologies are going to let you sort it out and choose the one you want.

04:27.070 --> 04:29.700
OK so what I want to do now is just take a minute.

04:29.710 --> 04:34.870
I've got the Trusted Platform Module running on my system here so I've rebooted.

04:34.870 --> 04:42.480
And what I want to do is show you get Lochore in action so to startup bit locker and I'm using Windows

04:42.480 --> 04:46.920
10 pro here so I'm going to go to a bit Lochore drive encryption and I'm just going to go ahead and

04:46.920 --> 04:51.920
turn it on so the first thing it's doing right now is it's checking what's to make sure that I have

04:51.920 --> 04:52.010
it.

04:52.010 --> 04:58.250
TPM chip and that the TPM chip is turned on so once it does that it's going to be like OK.

04:58.340 --> 05:04.860
So what we need to do is keep a recovery key handy in case something were to happen so this recovery

05:04.860 --> 05:07.090
key is incredibly important.

05:07.100 --> 05:11.850
So I'm going to print it I will print or overyear

05:21.670 --> 05:26.260
so I'm going ahead and I'm just printing the key on my local printer here and now what it's asking me

05:26.260 --> 05:30.850
is it Ed says you want to encrypt the user space only.

05:30.850 --> 05:33.670
Or do you want me to encrypt the entire drive.

05:34.030 --> 05:36.540
I'm going to go ahead and click next.

05:36.580 --> 05:42.520
And in fact we'll just go ahead and let that go because Bit locker is going to take a good long time

05:42.910 --> 05:45.880
before it actually completes us encryption.

05:45.880 --> 05:55.690
Do not ever run any form of disk encryption software without making very very sure that you have a key

05:55.810 --> 06:01.570
either printed or stored in a file or something because there is literally no way to get this back.

06:01.570 --> 06:08.770
There is no way I can't stress this enough in the United States all the major law enforcement people

06:08.790 --> 06:15.370
there's zillions of court situations where they just simply couldn't get to the data on bad guys encrypted

06:15.370 --> 06:16.250
drives.

06:16.420 --> 06:18.120
And it is a powerful tool.

06:18.130 --> 06:40.520
But failure to have a little backup and nobody is going to get to that data.