1 00:00:01,497 --> 00:00:03,577 What you’re going to realise pretty quickly 2 00:00:03,637 --> 00:00:08,415 is that if you have a high need for security and/or privacy, 3 00:00:08,835 --> 00:00:11,534 that this can be somewhat incompatible 4 00:00:11,674 --> 00:00:14,104 with things being quick and easy, 5 00:00:14,284 --> 00:00:18,565 if you try to do it all within the same environment or operating system. 6 00:00:18,743 --> 00:00:22,518 So what I’m talking about here is Security Domains and Isolation, 7 00:00:22,678 --> 00:00:25,631 and having different Security Domains and Isolation. 8 00:00:25,756 --> 00:00:29,479 Sadly, it can be very difficult to get the operating system 9 00:00:29,559 --> 00:00:34,780 that you use for daily use to be highly secure and to maintain privacy, 10 00:00:35,096 --> 00:00:39,054 plus be fast enough for applications you might want to run 11 00:00:39,104 --> 00:00:40,702 and for it to be easy to use. 12 00:00:40,742 --> 00:00:42,888 So, if you want to use games 13 00:00:43,201 --> 00:00:45,151 then if you’ve got full disk encryption, 14 00:00:45,278 --> 00:00:47,198 it’s going to slow it down, as an example. 15 00:00:47,319 --> 00:00:48,996 Which is why for everyday use, 16 00:00:49,053 --> 00:00:52,701 you might have a low Security and/or Privacy Domain, 17 00:00:52,908 --> 00:00:56,094 and when you want stronger security and/or privacy, 18 00:00:56,237 --> 00:00:58,960 you use a different approach of Security Domain. 19 00:00:59,059 --> 00:01:04,027 Security Domains are generally really either physical or virtual 20 00:01:04,160 --> 00:01:06,960 in terms of how you can separate them in some way. 21 00:01:07,072 --> 00:01:10,251 An example of a Physical Security Domain 22 00:01:10,353 --> 00:01:15,754 could be that you have one lock down physical machine or laptop, 23 00:01:15,852 --> 00:01:18,604 and the operating system and everything in it 24 00:01:18,645 --> 00:01:23,500 is configured in a certain way that that gives you high security. 25 00:01:23,626 --> 00:01:26,859 And you have another physical machine or laptop, 26 00:01:26,950 --> 00:01:28,624 and that is for general use. 27 00:01:28,664 --> 00:01:32,448 So that’s an example of a Physical Security Domain. 28 00:01:32,954 --> 00:01:36,971 And you can also have Virtual Security Domains or Isolation. 29 00:01:37,539 --> 00:01:42,389 A virtual example could be using Platform Virtualization software 30 00:01:42,529 --> 00:01:46,061 or Hypervisors which, as we’ve discussed, 31 00:01:46,325 --> 00:01:50,698 and you’ve seen, is software that emulates a whole physical computer, 32 00:01:51,240 --> 00:01:54,972 and can often emulate multiple physical platforms. 33 00:01:55,308 --> 00:01:59,417 Like having Windows as your Low Security Domain, 34 00:01:59,549 --> 00:02:02,136 and perhaps a virtual machine that has Debian in it 35 00:02:02,206 --> 00:02:04,586 for your High Security Domain. 36 00:02:04,890 --> 00:02:06,750 There are actually quite a few options to give you 37 00:02:06,774 --> 00:02:09,048 different Security Domains and Isolations 38 00:02:09,196 --> 00:02:11,284 that aren’t too onerous, 39 00:02:11,495 --> 00:02:14,116 including virtual machines is a good example. 40 00:02:14,215 --> 00:02:17,936 So you can set yourself up these separate Security Domains or environments 41 00:02:18,016 --> 00:02:21,607 if you really want to beef up security and privacy. 42 00:02:21,724 --> 00:02:25,368 Virtual Isolation provides a barrier to compromise. 43 00:02:25,515 --> 00:02:28,943 So if you have a virtual machine guest operating system, 44 00:02:29,395 --> 00:02:32,043 so say for example Debian, 45 00:02:32,418 --> 00:02:37,183 if this was compromised and your host operating system, say Windows, 46 00:02:37,500 --> 00:02:40,407 then that would be difficult to access, 47 00:02:40,507 --> 00:02:45,479 it would be difficult to get from Debian to Windows through the Hypervisor. 48 00:02:45,529 --> 00:02:48,501 The Hypervisor would need to be exploitable, 49 00:02:48,677 --> 00:02:51,660 or it would have to be poorly configured in some way 50 00:02:51,852 --> 00:02:55,964 like you’ve allowed file sharing or something like that in order, 51 00:02:56,034 --> 00:03:00,231 so the exploit from the Debian to the Windows environment can be done. 52 00:03:01,311 --> 00:03:05,610 It’s worth noting that if security and/or privacy are paramount, 53 00:03:05,744 --> 00:03:10,776 then you literally will need separate Security Domains for different tasks. 54 00:03:11,362 --> 00:03:14,680 Not necessarily physical, but at least virtual. 55 00:03:14,707 --> 00:03:18,993 The level of security you need to maintain high privacy 56 00:03:19,072 --> 00:03:22,653 isn’t practical for day to day use of the internet. 57 00:03:22,803 --> 00:03:24,744 Think about the type of Security Domains 58 00:03:24,795 --> 00:03:28,163 that you might want as you go through the course. 59 00:03:28,228 --> 00:03:32,350 Domains you might have in extreme cases could be Work Domain, 60 00:03:32,414 --> 00:03:34,122 Personal, Banking, 61 00:03:34,611 --> 00:03:37,888 a Temporary Domain: a Non-persistent Domain 62 00:03:38,134 --> 00:03:43,028 that is used temporarily and then it’s destroyed, a High Privacy Domain. 63 00:03:43,264 --> 00:03:46,478 All of these are possible in different ways with different techniques 64 00:03:46,718 --> 00:03:50,830 and not necessarily that onerous, depending on how you set them up. 65 00:03:50,861 --> 00:03:53,155 Let’s talk more about Physical Isolation. 66 00:03:54,137 --> 00:03:58,871 Physical Separation provides the highest level of security and privacy. 67 00:03:59,144 --> 00:04:01,653 It also protects you against any adversary 68 00:04:01,713 --> 00:04:05,018 that has physical access to your device. 69 00:04:05,336 --> 00:04:07,944 This would mean a different laptop or physical device 70 00:04:08,004 --> 00:04:12,873 configured for security and/or privacy, and another for general use. 71 00:04:12,978 --> 00:04:16,591 Let’s talk about some of the situations where Physical might make sense, 72 00:04:16,641 --> 00:04:18,542 or a Physical Security Domain. 73 00:04:18,632 --> 00:04:21,409 If you need, for example to enter a country 74 00:04:21,489 --> 00:04:24,460 where Customs can access your laptop, 75 00:04:24,557 --> 00:04:27,031 which to be clear is most countries, 76 00:04:27,081 --> 00:04:30,937 many which have laws to force you to give up your password, 77 00:04:30,987 --> 00:04:32,790 or can take your laptop, 78 00:04:32,830 --> 00:04:34,841 or other countries where it’s even worse, 79 00:04:34,881 --> 00:04:38,057 where they can use forms of threats and intimidation, 80 00:04:38,323 --> 00:04:40,397 and abuse, and violence 81 00:04:40,489 --> 00:04:42,770 in order for you to disclose your password 82 00:04:42,830 --> 00:04:44,861 or get access to your laptop. 83 00:04:44,921 --> 00:04:46,332 With Physical Separation, 84 00:04:46,390 --> 00:04:50,826 you simply don’t take the laptop with the sensitive information 85 00:04:50,886 --> 00:04:53,882 or the things you’re trying to keep private away from them. 86 00:04:53,972 --> 00:04:57,948 This is something that I’ve actually had to recommend for Corporate clients 87 00:04:58,126 --> 00:05:01,977 who need to travel to particular area’s or parts of the world 88 00:05:02,032 --> 00:05:04,111 where they have valuable information 89 00:05:04,269 --> 00:05:07,607 that we knew the Governments would potentially want to get hold of. 90 00:05:07,657 --> 00:05:10,044 Those clients don’t want to be in a situation 91 00:05:10,284 --> 00:05:13,499 where they have to resist forms of intimidation. 92 00:05:13,604 --> 00:05:16,895 So do consider the laws of other countries if you travel. 93 00:05:17,043 --> 00:05:22,004 Even adult material could be a crime in other legal jurisdictions. 94 00:05:22,111 --> 00:05:25,652 If you have a Threat Agent that could visit your location, 95 00:05:26,080 --> 00:05:30,016 you can physically hide or lock away a secure laptop, 96 00:05:30,166 --> 00:05:33,205 making it impossible for it to be forensically examined 97 00:05:33,255 --> 00:05:35,037 if they can’t actually find it. 98 00:05:35,369 --> 00:05:38,228 And you keep a more standard laptop available. 99 00:05:38,328 --> 00:05:39,773 With Physical Separation, 100 00:05:39,864 --> 00:05:44,083 if your standard laptop is compromised by your Threat Agent, 101 00:05:44,217 --> 00:05:47,583 that could be via Malware or via some other means, 102 00:05:47,664 --> 00:05:49,914 because you have kept Physical Separation, 103 00:05:49,964 --> 00:05:54,292 they can’t get access to your secure data from your standard laptop. 104 00:05:54,382 --> 00:05:56,211 You don’t even have to use your own equipment 105 00:05:56,278 --> 00:06:00,151 when it comes to Physical Isolation or a Physical Security Domain. 106 00:06:00,254 --> 00:06:01,649 This can be dangerous, of course, 107 00:06:01,699 --> 00:06:05,085 to use other people’s equipment for both privacy and security 108 00:06:05,175 --> 00:06:07,268 if you don't take the right precautions, 109 00:06:07,424 --> 00:06:09,042 which we'll cover as part of the course. 110 00:06:09,123 --> 00:06:10,848 But you could use, for example, 111 00:06:10,958 --> 00:06:14,255 an internet café to send an anonymous message. 112 00:06:14,365 --> 00:06:16,878 You could also maybe boot that machine 113 00:06:16,950 --> 00:06:19,634 with your own operating system and configurations. 114 00:06:19,695 --> 00:06:23,541 You could use a internet connection that you don’t own, for privacy, 115 00:06:23,611 --> 00:06:27,749 these are all separations of Physical Security Domains. 116 00:06:27,799 --> 00:06:29,640 You could have a separate router, 117 00:06:29,690 --> 00:06:34,320 or separate network equipment for a particular type of privacy activity. 118 00:06:34,370 --> 00:06:36,526 You could have separate network cards, 119 00:06:36,566 --> 00:06:38,791 or WiFi cards or Ethernet adaptors. 120 00:06:38,841 --> 00:06:43,788 Physical devices can be tied back to the purchaser in some instances. 121 00:06:43,942 --> 00:06:47,495 For example, the network cards within physical devices 122 00:06:47,643 --> 00:06:51,009 have unique MAC addresses or hardware addresses. 123 00:06:51,049 --> 00:06:53,877 If you purchase your secure laptop anonymously, 124 00:06:54,141 --> 00:06:57,000 then the MAC, if somebody is able to determine it, 125 00:06:57,115 --> 00:06:58,588 cannot be traced back to you. 126 00:06:58,668 --> 00:07:00,557 There are ways to change your MAC address 127 00:07:00,677 --> 00:07:04,724 which we can cover if you’re using a Virtual form of Security Domain. 128 00:07:04,784 --> 00:07:07,368 But having an anonymously purchased laptop 129 00:07:07,423 --> 00:07:11,598 provides an extra lair within the Physical Domain of Security. 130 00:07:11,855 --> 00:07:13,814 Some Virtual Isolation is slow, 131 00:07:14,247 --> 00:07:17,988 for example using virtual machines or hidden operating systems 132 00:07:18,333 --> 00:07:22,403 and having a separate machine for speed and usability might be needed. 133 00:07:22,473 --> 00:07:25,993 There are quite a few disadvantages though to having Physical Separation. 134 00:07:26,396 --> 00:07:29,709 It means that you have to have another machine, which, 135 00:07:29,797 --> 00:07:33,608 or multiple machines if you want different Security Domains, 136 00:07:33,897 --> 00:07:35,977 which is cumbersome, and it’s expensive 137 00:07:36,047 --> 00:07:40,127 and it can just generally be annoying and just inconvenient for your situation. 138 00:07:40,133 --> 00:07:42,706 Transferring data between physical machines 139 00:07:43,045 --> 00:07:47,970 really breaks Physical Isolation and it breaks those separate Security Domains, 140 00:07:48,234 --> 00:07:50,527 so it’s hard to transfer data securely. 141 00:07:50,647 --> 00:07:55,290 Physically separate machines are also just as vulnerable to attack, 142 00:07:55,360 --> 00:07:57,488 even though they’re in separate domains. 143 00:07:57,538 --> 00:08:01,990 So just having a separate machine is no good, it has to be secure as well. 144 00:08:02,127 --> 00:08:04,675 The more domains you have or the more machines you have, 145 00:08:04,998 --> 00:08:07,005 you end up having to keep them all up to date 146 00:08:07,075 --> 00:08:08,770 and you have to keep them all secure. 147 00:08:08,878 --> 00:08:13,887 And also, Malware has been known to bridge physical devices 148 00:08:13,971 --> 00:08:17,257 called the Air Gap and that has been demonstrated, 149 00:08:17,337 --> 00:08:18,941 which we'll discuss more about. 150 00:08:19,003 --> 00:08:22,002 So there are some cases for Physical Separation 151 00:08:22,072 --> 00:08:23,571 and Physical Security Domains, 152 00:08:23,631 --> 00:08:26,063 and this is something that will be unique to your situation 153 00:08:26,113 --> 00:08:30,748 as to whether or not you think you need a Physical Security Domain. 154 00:08:30,907 --> 00:08:33,923 Let’s talk about some of the virtual ways you can create 155 00:08:34,084 --> 00:08:37,015 separate Security Domains and Isolation. 156 00:08:37,435 --> 00:08:41,601 First point worth making is that Virtual Separation, 157 00:08:41,764 --> 00:08:45,947 a technology used to create the virtualisation can be attacked 158 00:08:46,052 --> 00:08:49,434 in attempt to bypass the one Security Domain 159 00:08:49,569 --> 00:08:50,821 and get into the other. 160 00:08:50,914 --> 00:08:54,413 To create separate domains you could do things like dual booting, 161 00:08:54,495 --> 00:08:58,839 you can use Platform virtualisation software and hypervisors, 162 00:08:58,947 --> 00:09:01,830 the likes of VMware, Virtualbox, 163 00:09:01,987 --> 00:09:05,406 Vagrant, Hyper-V, VPC. 164 00:09:05,601 --> 00:09:07,891 There’s also Kernel Virtual Machine, 165 00:09:07,944 --> 00:09:10,456 there’s Jails or BSD Jails, 166 00:09:10,506 --> 00:09:14,837 Zones, Linux Containers, Docker. 167 00:09:14,895 --> 00:09:17,925 You can also have hidden operating systems, 168 00:09:18,208 --> 00:09:21,578 VeraCrypt and TrueCrypt provide that functionality. 169 00:09:21,591 --> 00:09:24,360 You can have separate hard drive partitions 170 00:09:24,420 --> 00:09:26,178 that are encrypted and hidden. 171 00:09:26,268 --> 00:09:28,909 You can have things like Sandboxes. 172 00:09:28,975 --> 00:09:30,853 You can have portable apps. 173 00:09:31,152 --> 00:09:35,002 You can have non-persistent operating systems like Tails, 174 00:09:35,052 --> 00:09:37,288 Knoppix, Puppy Linux, 175 00:09:37,610 --> 00:09:40,634 JonDo Live, Tiny Core Linux. 176 00:09:40,997 --> 00:09:43,617 You can have bootable USBs. 177 00:09:43,754 --> 00:09:45,645 You can have operating systems 178 00:09:45,705 --> 00:09:49,100 that are dedicated to Isolation/Separation like Qubes, 179 00:09:49,150 --> 00:09:51,503 which is a very good operating system. 180 00:09:51,563 --> 00:09:54,814 So there are lots of ways to create Security Domains 181 00:09:54,894 --> 00:09:57,167 through Isolation and Separation. 182 00:09:57,693 --> 00:10:00,772 And the useful ones we'll be covering throughout the course.