1

00:00:00,393  -->  00:00:05,290
Using security domains is something
you need to consider consciously now

2

00:00:05,459  -->  00:00:08,665
that we’ve gone through many ways
of implementing them

3

00:00:08,833  -->  00:00:11,485
with isolation and
compartmentalization.

4

00:00:11,550  -->  00:00:14,891
You should consider how
to partition your domains.

5

00:00:14,951  -->  00:00:19,673
It might be just as simple as having
a work domain and a personal domain,

6

00:00:19,951  -->  00:00:23,414
or a trusted and
untrusted domain.

7

00:00:23,545  -->  00:00:26,323
The domains will be based
on the risk,

8

00:00:26,403  -->  00:00:30,718
the consequences and your
adversaries and you threat model.

9

00:00:30,774  -->  00:00:35,034
Let’s talk through some examples
based on various different use cases.

10

00:00:35,081  -->  00:00:39,524
Let’s say a person wants a
usable and easy operating system,

11

00:00:39,614  -->  00:00:44,531
an environment when performing
most tasks like creating documents.

12

00:00:44,665  -->  00:00:47,913
They don’t want to be overly
burdened by security.

13

00:00:48,053  -->  00:00:52,637
In this case, they may use
Mac OS X on a laptop

14

00:00:52,718  -->  00:00:57,097
with all of the uncumbersome
security settings set.

15

00:00:57,263  -->  00:00:58,321
At the same time,

16

00:00:58,441  -->  00:01:02,511
they want a high level
of security against malware

17

00:01:02,601  -->  00:01:05,164
and hackers while
using the internet,

18

00:01:05,264  -->  00:01:09,125
such as browsing the web,
downloading files, etc.

19

00:01:09,157  -->  00:01:12,348
So they elect to have a high
security domain for this.

20

00:01:12,362  -->  00:01:15,293
They use a lockdown
virtual machine

21

00:01:15,360  -->  00:01:18,832
running Debian to enforce
this security domain.

22

00:01:18,864  -->  00:01:24,133
VirtualBox is used as the interface
between those two domains.

23

00:01:24,445  -->  00:01:28,408
Perhaps someone is concerned
about privacy and local forensics.

24

00:01:28,600  -->  00:01:30,790
They have a separate
secure laptop

25

00:01:30,860  -->  00:01:35,218
which is kept in a physically
secure location when not used.

26

00:01:35,291  -->  00:01:40,588
They run Debian as the host OS
and Tails through VirtualBox.

27

00:01:41,856  -->  00:01:44,919
Perhaps a person's concerned
about tracking and hackers,

28

00:01:44,969  -->  00:01:47,705
but wants to run games
on their machine.

29

00:01:47,748  -->  00:01:52,837
They have a Windows host
for all non-internet activity

30

00:01:52,943  -->  00:01:58,420
and they use a live operating system
like Knoppix for using the internet.

31

00:01:58,557  -->  00:02:03,808
Maybe someone wants the least burdensome
isolation for browsing the web,

32

00:02:04,116  -->  00:02:07,415
so they use Windows and
just sandbox the browser.

33

00:02:07,465  -->  00:02:12,186
That’s the simplest isolation solution
they can come up with.

34

00:02:12,796  -->  00:02:16,247
Maybe a person is concerned about
a nation state-level adversary,

35

00:02:16,323  -->  00:02:18,872
they might use a secure
laptop with Qubes

36

00:02:18,958  -->  00:02:22,570
and Whonix especially
configured for their needs.

37

00:02:23,366  -->  00:02:25,893
For travel, I have a high
need for privacy

38

00:02:26,003  -->  00:02:30,908
because I could be carrying confidential
documents from blue chip companies

39

00:02:31,048  -->  00:02:33,554
that could cause reputational
or other damage.

40

00:02:33,624  -->  00:02:36,266
I use a separate physical laptop

41

00:02:36,336  -->  00:02:39,992
with no sensitive data on it
at all when I travel.

42

00:02:40,068  -->  00:02:42,542
If I do need to access
anything sensitive,

43

00:02:42,624  -->  00:02:46,966
I place it encrypted in the cloud
with dual-factor authentication,

44

00:02:47,048  -->  00:02:49,133
so if my laptop is seized,

45

00:02:49,325  -->  00:02:53,599
nothing can be forensically taken
from it as there is nothing on it.

46

00:02:53,753  -->  00:02:55,815
And this has been
a potential scenario

47

00:02:55,885  -->  00:03:00,057
because I’ve worked in locations
where the oil and gas industry is,

48

00:03:00,177  -->  00:03:03,327
and some of those are pretty
much the Wild West.

49

00:03:03,404  -->  00:03:06,710
Within each security domain
you would also enforce

50

00:03:06,790  -->  00:03:09,890
all the other security controls
detailed throughout the course.

51

00:03:10,467  -->  00:03:12,386
If you look here, you can
see a diagram,

52

00:03:12,417  -->  00:03:16,594
this is from an article written
by Joanna Rutkowska,

53

00:03:16,740  -->  00:03:19,460
who’s the Qubes OS Project Lead.

54

00:03:19,502  -->  00:03:23,597
This is a more complex setup
for using Qubes.

55

00:03:23,955  -->  00:03:27,542
Each of the different colors
represents a level of trust,

56

00:03:27,543  -->  00:03:33,276
black being the most trustworthy
and red being the least trustworthy.

57

00:03:33,307  -->  00:03:35,647
So you can see how
she’s got domains here,

58

00:03:35,882  -->  00:03:40,139
the most trustworthy, the vault which
contains master PGP keys,

59

00:03:40,320  -->  00:03:43,356
keypass, and has no
network connections.

60

00:03:43,456  -->  00:03:47,798
So she’s copying and pasting from
those domains into the other domains.

61

00:03:48,033  -->  00:03:51,518
Then moving down in trust
is the Qubes dev stuff,

62

00:03:51,672  -->  00:03:53,283
the code, the signing,

63

00:03:53,535  -->  00:03:57,254
and over here this is very personal,
so personal email,

64

00:03:57,364  -->  00:03:59,317
personal PGP keys,

65

00:04:00,136  -->  00:04:03,475
there’s various work activities
on other domains,

66

00:04:03,902  -->  00:04:05,299
work admin,

67

00:04:05,826  -->  00:04:08,042
and then through
to the least trustworthy,

68

00:04:08,172  -->  00:04:12,760
which of course is browsing
the web and untrusted apps.

69

00:04:12,871  -->  00:04:15,590
So these are separated into
different security domains

70

00:04:15,708  -->  00:04:18,095
and different VMs within Qubes.

71

00:04:18,157  -->  00:04:22,231
And then you can see here the
interfaces between those domains.

72

00:04:22,416  -->  00:04:25,140
So this is obviously
the sort of thing that you do

73

00:04:25,279  -->  00:04:27,901
when you want to take it
to the next level, really,

74

00:04:27,951  -->  00:04:31,535
in terms of your isolation
and compartmentalization.

75

00:04:31,840  -->  00:04:33,187
So I hope that gives you an idea

76

00:04:33,239  -->  00:04:35,947
of what different security
domains you might need

77

00:04:36,097  -->  00:04:38,893
and use depending
on your situation,

78

00:04:39,091  -->  00:04:42,296
to help you protect you
from your adversaries.