WEBVTT 0:00:02.200000 --> 0:00:06.940000 Hello and welcome to this video titled, Email and Data Encryption. 0:00:06.940000 --> 0:00:10.940000 In this video, I'm going to be talking about three primary things, the 0:00:10.940000 --> 0:00:17.800000 two phases of securing email transactions, some email encryption techniques, 0:00:17.800000 --> 0:00:21.200000 and encrypting what's called data at rest. 0:00:21.200000 --> 0:00:25.320000 So let's start by talking about email encryption. 0:00:25.320000 --> 0:00:31.300000 So the idea here is that we want to protect our email transactions in 0:00:31.300000 --> 0:00:34.360000 one of two ways, actually in both ways. 0:00:34.360000 --> 0:00:38.860000 Number one, we want to take a look at the transactions between our laptop 0:00:38.860000 --> 0:00:41.780000 per PC and the email server. 0:00:41.780000 --> 0:00:46.100000 So when I'm uploading an email to my server, when I'm downloading emails, 0:00:46.100000 --> 0:00:48.120000 I want all of that to be encrypted. 0:00:48.120000 --> 0:00:52.040000 So if anyone's snooping or sniffing on that process, they can't see what's 0:00:52.040000 --> 0:00:56.460000 going on. So that's called encryption of data in motion. 0:00:56.460000 --> 0:01:00.980000 Securing the connection to the email server itself and encrypting transmitted 0:01:00.980000 --> 0:01:02.720000 and received emails. 0:01:02.720000 --> 0:01:07.220000 So now that second part means when I'm creating an email, an in-ideal 0:01:07.220000 --> 0:01:12.300000 scenario, only myself and the recipient of that email should be able to 0:01:12.300000 --> 0:01:17.740000 read it. So ideally, my laptop that creates an email would encrypt it 0:01:17.740000 --> 0:01:22.800000 and no mail exchange servers, no mail transport agents, or anything like 0:01:22.800000 --> 0:01:26.900000 that would be able to decrypt it until it got to the end user on the other 0:01:26.900000 --> 0:01:30.980000 side and they downloaded the email and then they decrypted it. 0:01:30.980000 --> 0:01:36.660000 Now, let's say I receive an email from you, you encrypted it, I decrypted 0:01:36.660000 --> 0:01:39.980000 it, and in the next slide we'll talk about some protocols and applications 0:01:39.980000 --> 0:01:41.900000 that allow you to do that. 0:01:41.900000 --> 0:01:44.140000 Now I've got the email, great. 0:01:44.140000 --> 0:01:46.980000 Now I'm probably going to, unless I immediately delete that email, I'm 0:01:46.980000 --> 0:01:49.380000 probably going to store it somewhere on my laptop. 0:01:49.380000 --> 0:01:53.360000 And so that's the second part that we need to preserve our confidentiality. 0:01:53.360000 --> 0:01:57.940000 We want to encrypt that data at rest, which basically means I want to 0:01:57.940000 --> 0:01:59.720000 encrypt my locally stored email. 0:01:59.720000 --> 0:02:05.800000 So if someone stole my laptop or stole my MacBook and got into it, they 0:02:05.800000 --> 0:02:08.760000 wouldn't be able to see that email, they wouldn't be able to decrypt it 0:02:08.760000 --> 0:02:10.760000 or tell what was going on. 0:02:10.760000 --> 0:02:16.900000 So let's take a look at some email encryption techniques. 0:02:16.900000 --> 0:02:20.400000 So starting with number one, starting with the idea of, hey, all the transactions 0:02:20.400000 --> 0:02:25.400000 I have between me and my local mail exchange server, I want that to be 0:02:25.400000 --> 0:02:28.520000 encrypted. Well, there's two ways to do that, and it really depends on 0:02:28.520000 --> 0:02:34.640000 where that email server is and what protocols you use to access it. 0:02:34.640000 --> 0:02:39.180000 So if you're using something like Gmail or something like that, which 0:02:39.180000 --> 0:02:48.240000 is a web-based service, then you want to make sure that you utilize your 0:02:48.240000 --> 0:02:54.980000 email account by typing in HTTP colon and then whatever, because HTTP 0:02:54.980000 --> 0:02:58.280000 by itself is plaintext, it is not secured. 0:02:58.280000 --> 0:03:02.560000 So we want to make sure we use HTTPS, which means that before I send anything 0:03:02.560000 --> 0:03:06.420000 to that server or it sends anything to me, we're going to exchange some 0:03:06.420000 --> 0:03:09.320000 encryption keys so that we can encrypt everything. 0:03:09.320000 --> 0:03:13.820000 Now, what if we're talking about using a local email client on my laptop, 0:03:13.820000 --> 0:03:18.080000 like Eudora or Outlook or Apple Mail or something like that, in which 0:03:18.080000 --> 0:03:23.240000 case, I'm not doing web-based mail by using some other protocol. 0:03:23.240000 --> 0:03:26.500000 Well, then all the transactions between me and that mail exchange server 0:03:26.500000 --> 0:03:30.040000 should ideally use either SSL or TLS. 0:03:30.040000 --> 0:03:33.740000 Both of those can be used to encrypt those transactions. 0:03:33.740000 --> 0:03:36.540000 Now, what about encrypting emails in transit? 0:03:36.540000 --> 0:03:39.960000 Right? If I'm creating an email and it's going to you and you're a few 0:03:39.960000 --> 0:03:45.800000 hundred or thousands of miles away from me, how can I encrypt it in such 0:03:45.800000 --> 0:03:49.360000 a way that when you get it, you can decrypt it? 0:03:49.360000 --> 0:03:51.740000 Well, you can see here there's this is a listing and you might want to 0:03:51.740000 --> 0:03:56.960000 memorize this if you're taking some certification -based exams, hint hint. 0:03:56.960000 --> 0:04:00.700000 Here are some protocols that are specifically designed to do this. 0:04:00.700000 --> 0:04:04.640000 Now, the one thing that makes this a little bit tricky and probably why 0:04:04.640000 --> 0:04:09.760000 a lot of people don't do this is that this last bullet point right here. 0:04:09.760000 --> 0:04:15.800000 You see, in order for me to create an email and to encrypt it, using any 0:04:15.800000 --> 0:04:22.620000 of these protocols right here requires that on my laptop, I create what's 0:04:22.620000 --> 0:04:26.400000 called a key pair, an asymmetric key pair, otherwise known as a public 0:04:26.400000 --> 0:04:27.920000 -private key pair. 0:04:27.920000 --> 0:04:31.220000 A lot of times they're called RSA keys. 0:04:31.220000 --> 0:04:36.460000 And a lot of people in their laptops and notebooks have no idea how to 0:04:36.460000 --> 0:04:40.620000 do that. And if they can somehow Google and research how to create an 0:04:40.620000 --> 0:04:46.180000 encryption pair, a key pair, they don't know how to tie that in to the 0:04:46.180000 --> 0:04:49.620000 email program. So that takes a little bit of a learning curve right there. 0:04:49.620000 --> 0:04:54.140000 And then secondly, even if I'm asked to do all that, how do I get my public 0:04:54.140000 --> 0:04:57.900000 key to you so that you can decrypt the email? 0:04:57.900000 --> 0:05:01.980000 And similarly, you are going to have to create a public-private key pair. 0:05:01.980000 --> 0:05:05.020000 And you're going to have to get your public key to me. 0:05:05.020000 --> 0:05:06.880000 What are the mechanisms involved in doing that? 0:05:06.880000 --> 0:05:10.100000 Now we're talking most likely about digital certificates or something 0:05:10.100000 --> 0:05:14.160000 like that. So this involves a whole other learning curve that most people 0:05:14.160000 --> 0:05:18.340000 aren't willing to spend the time and sometimes the expense in learning 0:05:18.340000 --> 0:05:23.480000 how to do it. But ultimately, if you want to encrypt the email right on 0:05:23.480000 --> 0:05:27.260000 the endpoint, right on the end user's laptop or tablet or something, you're 0:05:27.260000 --> 0:05:31.240000 going to have to go through these steps on both sides of that email chain. 0:05:31.240000 --> 0:05:33.700000 So that's the encryption of email. 0:05:33.700000 --> 0:05:36.300000 What about once the email is actually sitting in my laptop? 0:05:36.300000 --> 0:05:38.160000 I've received it from you. 0:05:38.160000 --> 0:05:41.300000 I've downloaded it as well as downloaded all the attachments. 0:05:41.300000 --> 0:05:45.040000 All that's going to go into my hard disk drive or my my solid state drive, 0:05:45.040000 --> 0:05:47.340000 depending on what kind of laptop or PC I have. 0:05:47.340000 --> 0:05:49.780000 I want to make sure that's encrypted as well. 0:05:49.780000 --> 0:05:53.660000 And what that is called is called encrypting data at rest. 0:05:53.660000 --> 0:05:57.880000 Because clearly, if my endpoint is stolen and all that stuff is in plain 0:05:57.880000 --> 0:06:01.900000 text, all my files, my attachments, my emails, if someone has a way of 0:06:01.900000 --> 0:06:04.860000 breaking into my laptop, now they can get all that stuff. 0:06:04.860000 --> 0:06:09.020000 Or if they extract the hard drive, maybe they don't even need to boot 0:06:09.020000 --> 0:06:12.740000 up my laptop, they just crack it open, rip the hard drive out of it, and 0:06:12.740000 --> 0:06:15.840000 install the hard drive and some other hardware that they have that's able 0:06:15.840000 --> 0:06:20.160000 to read it. I don't want that to be in plain text. 0:06:20.160000 --> 0:06:22.100000 So that data should be encrypted. 0:06:22.100000 --> 0:06:27.140000 Some operating systems such as Mac OS, like OS X and so forth, actually 0:06:27.140000 --> 0:06:31.080000 natively support hard disk or solid state disk encryption. 0:06:31.080000 --> 0:06:32.380000 So that's kind of nice. 0:06:32.380000 --> 0:06:36.180000 It's actually built into Mac laptops since 2018. 0:06:36.180000 --> 0:06:40.620000 So not a long time, but since 2018, Mac laptops have actually contained 0:06:40.620000 --> 0:06:46.340000 a special chip called the T2 chip, which automatically encrypts everything 0:06:46.340000 --> 0:06:47.960000 on their solid state drive. 0:06:47.960000 --> 0:06:50.220000 So that's really nice. 0:06:50.220000 --> 0:06:53.700000 All the operating systems required downloading using some special encryption 0:06:53.700000 --> 0:06:59.800000 software. And so here are the names of some encryption software for doing 0:06:59.800000 --> 0:07:06.020000 just that. So thank you for watching this video, and I hope this was useful