1

00:00:00,762  -->  00:00:04,452
We just talked about physical
isolation and the need for it,

2

00:00:04,778  -->  00:00:08,964
now some virtual isolation and
compartmentalization methods

3

00:00:08,989  -->  00:00:13,271
that you can think about and potentially
use yourself if you need to.

4

00:00:13,540  -->  00:00:18,607
First is with encryption. You can use
compartmentalization with encryption,

5

00:00:18,714  -->  00:00:21,004
and you will with the protocols
that you're using.

6

00:00:21,230  -->  00:00:25,421
So here are some examples of how you
might use compartmentalization,

7

00:00:25,446  -->  00:00:28,477
virtual compartmentalization
with encryption.

8

00:00:28,814  -->  00:00:33,621
You can separate data by
its level of importance,

9

00:00:33,646  -->  00:00:38,021
or you can separate your assets by
their level of importance by having,

10

00:00:38,074  -->  00:00:42,045
say for example, one encrypted
volume for confidential data,

11

00:00:42,111  -->  00:00:46,112
one for secret data, and one
for, say, top secret data,

12

00:00:46,366  -->  00:00:50,965
and use different encryption
keys for each of those volumes.

13

00:00:51,413  -->  00:00:56,267
You could use a storage device
like a NAS with separate volumes,

14

00:00:56,330  -->  00:00:58,620
each encrypted with
a separate key.

15

00:00:58,921  -->  00:01:03,325
I have a NAS storage device with
separate encrypted volumes.

16

00:01:03,389  -->  00:01:06,972
The secure volumes are
virtually never mounted

17

00:01:07,016  -->  00:01:10,817
and decrypted because I don’t
need to access them very often.

18

00:01:10,912  -->  00:01:15,782
The day to day volumes are used for
less secure, less secret data.

19

00:01:15,937  -->  00:01:19,048
This is a good method
of virtual isolation

20

00:01:19,262  -->  00:01:23,238
to reduce the attack surface
of the secured data.

21

00:01:23,302  -->  00:01:26,056
If, for example, I had some
sort of randsomware,

22

00:01:26,286  -->  00:01:30,051
those drives are not mounted
in order to be attacked.

23

00:01:30,484  -->  00:01:32,729
The encryption key
isn’t in memory

24

00:01:32,897  -->  00:01:34,732
because the drives
are not mounted.

25

00:01:35,079  -->  00:01:37,552
A form of virtual isolation
with encryption.

26

00:01:37,911  -->  00:01:41,818
You can use hidden encrypted volumes
to make your data harder to find.

27

00:01:42,333  -->  00:01:45,016
And you’ll find when you're
using transport security,

28

00:01:45,063  -->  00:01:47,317
use of separate session keys

29

00:01:47,342  -->  00:01:51,159
for encrypted messages like with
Elliptical Curve Diffie-Hellman

30

00:01:51,206  -->  00:01:55,793
for perfect forward secrecy is an
example of compartmentalization,

31

00:01:55,818  -->  00:01:58,739
separate sessions
using separate keys.

32

00:01:59,120  -->  00:02:02,421
We talk more about encryption
in other areas of the course.

33

00:02:02,468  -->  00:02:05,589
We have a section on File
And Disk Encryption,

34

00:02:05,614  -->  00:02:07,171
which covers more of this.

35

00:02:07,658  -->  00:02:11,391
Another tool for virtual
isolation is the portable app.

36

00:02:11,468  -->  00:02:14,815
For Windows, these can be
downloaded from this site here,

37

00:02:14,879  -->  00:02:19,326
portableapps.com and
also pendriveapps.com.

38

00:02:20,444  -->  00:02:24,268
Portableapps has about
300 portable apps,

39

00:02:24,349  -->  00:02:27,083
so it’s quite impressive what
you can download from there.

40

00:02:27,108  -->  00:02:30,640
And you can see Firefox,
Thunderbird, Chrome, Skype.

41

00:02:30,992  -->  00:02:34,719
These can be used with Linux,
Unix, and BSD via Wine,

42

00:02:34,783  -->  00:02:40,576
and Mac OSX via Crossover, Wineskin,
Winebottle, and PlayOnMac.

43

00:02:40,894  -->  00:02:45,179
If you're not familiar, portable
apps are standalone applications.

44

00:02:45,204  -->  00:02:49,135
They are self contained and
don’t require an installation.

45

00:02:49,325  -->  00:02:51,822
When you install an application,
such as a browser,

46

00:02:51,901  -->  00:02:55,509
the application files are stored
in various locations

47

00:02:55,589  -->  00:02:58,774
over the file system, and changes
are made to the registry.

48

00:02:58,914  -->  00:03:00,318
With portable apps,

49

00:03:00,373  -->  00:03:04,110
all changes are contained
to a single folder or file,

50

00:03:04,198  -->  00:03:06,130
making the application portable.

51

00:03:06,148  -->  00:03:10,118
So you can literally copy it, paste it
somewhere else, and it’ll still work.

52

00:03:10,262  -->  00:03:12,400
That’s not the case with
installed applications.

53

00:03:12,425  -->  00:03:15,440
You cannot just copy and paste
them and then they’ll work.

54

00:03:15,889  -->  00:03:17,944
Portable apps have
several benefits

55

00:03:17,976  -->  00:03:20,108
for security, privacy,
and anonymity,

56

00:03:20,171  -->  00:03:22,165
and not many people
take advantage of them.

57

00:03:22,276  -->  00:03:23,427
So let’s go through some.

58

00:03:23,595  -->  00:03:26,518
So let’s imagine we’re using
Firefox as a web browser.

59

00:03:26,574  -->  00:03:28,839
Data related to the
browser history

60

00:03:28,902  -->  00:03:31,302
is contained within
the portable app.

61

00:03:31,405  -->  00:03:35,217
This makes evidence concealment
and elimination easier.

62

00:03:35,336  -->  00:03:39,386
The application could be placed
on a physically secure device,

63

00:03:39,437  -->  00:03:42,614
like an encrypted USB
such as this one,

64

00:03:42,646  -->  00:03:46,378
so that it can be moved, it can
be hidden, it can be destroyed.

65

00:03:46,817  -->  00:03:49,574
The application can be placed
on an encrypted volume

66

00:03:49,605  -->  00:03:51,915
or even a hidden
encrypted volume.

67

00:03:52,048  -->  00:03:54,564
This means that unless
it’s unencrypted,

68

00:03:54,595  -->  00:03:57,239
the application’s data
is inaccessible.

69

00:03:57,881  -->  00:04:02,219
The application could be placed on both
a physically secured device like this one,

70

00:04:02,306  -->  00:04:06,190
and within this device, put on
an encrypted hidden volume

71

00:04:06,258  -->  00:04:10,235
making a pretty stealthy app
with its data self-contained.

72

00:04:10,286  -->  00:04:13,395
And you can have multiple
instances of the application.

73

00:04:13,420  -->  00:04:16,524
You can just copy it, paste it,
and you’ve got a separate instance,

74

00:04:16,549  -->  00:04:18,319
and you can create
separate versions of it,

75

00:04:18,344  -->  00:04:22,060
separate security domains, separate
profiles, separate aliases.

76

00:04:22,119  -->  00:04:24,404
So, if we’re going back to
the example of the browser,

77

00:04:24,487  -->  00:04:27,004
you could have multiple
profiles of that browser

78

00:04:27,029  -->  00:04:29,656
with different security
extensions installed.

79

00:04:30,016  -->  00:04:32,119
The applications can be
used on other machines,

80

00:04:32,159  -->  00:04:36,821
enabling you to use a secure application
like a browser on another machine.

81

00:04:36,927  -->  00:04:39,006
You just take along
your USB stick

82

00:04:39,031  -->  00:04:41,969
and plug it in the other machine
and you’ve got your secure,

83

00:04:42,044  -->  00:04:45,441
hardened Firefox on another
machine as needed,

84

00:04:45,500  -->  00:04:47,762
or whatever application
it is that you're using.

85

00:04:48,508  -->  00:04:51,101
Admin rights are not needed
to run the applications,

86

00:04:51,126  -->  00:04:53,808
so you can run them on
systems you don’t own.

87

00:04:54,222  -->  00:04:56,360
They enable plausible deniability.

88

00:04:56,392  -->  00:05:00,640
So, let me give you an example. If you
have a standard installed browser

89

00:05:00,690  -->  00:05:03,544
used for normal,
non-private browsing,

90

00:05:03,615  -->  00:05:07,055
and you also have a second,
hidden, portable browser

91

00:05:07,127  -->  00:05:09,963
on an encrypted volume
for private browsing,

92

00:05:10,079  -->  00:05:12,206
your normal browser
would be clean

93

00:05:12,262  -->  00:05:14,937
and available for
forensic examination

94

00:05:15,063  -->  00:05:17,622
and will contain a full
browser history.

95

00:05:17,770  -->  00:05:21,879
The portable app browser will remain
hidden away and unknown about,

96

00:05:21,921  -->  00:05:24,064
giving you plausible deniability

97

00:05:24,144  -->  00:05:26,620
based around the evidence
on your browser.

98

00:05:27,643  -->  00:05:30,613
You can store portable
applications in the Cloud.

99

00:05:30,638  -->  00:05:33,619
So you could put them with
a file syncing service,

100

00:05:33,666  -->  00:05:36,431
and then run them remotely
over the internet

101

00:05:36,508  -->  00:05:38,640
on any machine that
you decided to go on,

102

00:05:38,754  -->  00:05:41,008
meaning that your
application isn’t even

103

00:05:41,127  -->  00:05:44,494
installed locally or
even remains locally.

104

00:05:44,592  -->  00:05:47,592
This gives you physical
isolation as well,

105

00:05:47,825  -->  00:05:49,898
potentially making
your application

106

00:05:49,923  -->  00:05:52,278
out of the physical
geographic sphere

107

00:05:52,303  -->  00:05:54,165
of influence of your adversary.

108

00:05:54,905  -->  00:05:58,200
So, as you can see, some
solutions provide both virtual

109

00:05:58,313  -->  00:06:01,424
and physical isolation and
compartmentalization.

110

00:06:02,310  -->  00:06:06,111
Another example of this is
applications as a service.

111

00:06:06,317  -->  00:06:07,908
For example, webmail.

112

00:06:07,933  -->  00:06:12,308
With webmail, all data can
be stored with a third party

113

00:06:12,421  -->  00:06:15,550
potentially helping someone
store their data

114

00:06:15,627  -->  00:06:18,442
out of the sphere of influence
of their adversary,

115

00:06:18,540  -->  00:06:21,612
creating physical and
virtual isolation.

116

00:06:22,508  -->  00:06:26,267
You can even browse the web
via remote services,

117

00:06:26,325  -->  00:06:30,384
preventing exploits from propagating
back to your machine.

118

00:06:30,492  -->  00:06:34,958
There’s no real name yet for these
as they are relatively unadopted

119

00:06:34,983  -->  00:06:38,018
but are a good solution
for security.

120

00:06:38,074  -->  00:06:40,639
I call them, personally,
Cloud Browsers.

121

00:06:40,714  -->  00:06:43,397
Here is one example
here: Authentic8.

122

00:06:44,540  -->  00:06:47,595
Maxthon’s cloud browser
is another option.

123

00:06:48,968  -->  00:06:53,073
Spikes has something called AirGap,
which is the same sort of solution.

124

00:06:54,944  -->  00:06:58,597
And there’s also spoon.net which
have their browser, Sandbox.

125

00:06:59,184  -->  00:07:01,227
And if you go down here,
you see you can

126

00:07:01,759  -->  00:07:05,547
various different
versions of browsers,

127

00:07:05,667  -->  00:07:08,528
giving you both virtual
and geographically,

128

00:07:08,553  -->  00:07:11,419
physical isolation and
compartmentalization.

129

00:07:11,484  -->  00:07:14,938
These will protect you very
well from hackers and malware

130

00:07:15,127  -->  00:07:17,418
as they cannot propagate
to your machine

131

00:07:17,523  -->  00:07:20,055
by creating that virtual
and physical isolation,

132

00:07:20,159  -->  00:07:24,139
but are a privacy concern
and anonymity concern

133

00:07:24,245  -->  00:07:27,213
as they obviously own the browsers,
they own the infrastructure,

134

00:07:27,238  -->  00:07:30,144
so they know where you're
going and what you're doing.

135

00:07:30,311  -->  00:07:34,537
So unfortunately, good for security,
good against hackers and malware,

136

00:07:34,587  -->  00:07:37,492
not so great for privacy
and anonymity.

137

00:07:38,468  -->  00:07:42,245
Another isolation method that
you can use is remote access.

138

00:07:42,324  -->  00:07:45,638
You can use terminal services,
remote desktops,

139

00:07:45,663  -->  00:07:50,165
Citrix, TeamViewer, SSH, VNC,
Remote Desktop Manager,

140

00:07:50,244  -->  00:07:54,552
XenDesktop, Citrix Receivers,
XenServer, and so on.

141

00:07:54,650  -->  00:07:57,690
With these, you control
a remote machine.

142

00:07:57,778  -->  00:08:00,679
This remote machine
performs the tasks for you

143

00:08:00,798  -->  00:08:04,262
and you just get the visuals back
of what that device is doing.

144

00:08:04,349  -->  00:08:06,733
This isolates you from
potential threats

145

00:08:06,758  -->  00:08:09,545
in the same way the cloud
browsers do

146

00:08:09,633  -->  00:08:11,651
because you are only
viewing the desktop.

147

00:08:11,754  -->  00:08:15,360
Malware can’t propagate
to you via screen update.

148

00:08:15,929  -->  00:08:19,650
So that’s an option for you. You can set up
your own remote access software

149

00:08:19,746  -->  00:08:21,719
on your own server
for isolation.

150

00:08:21,913  -->  00:08:25,386
You could do that remotely if you
have your own virtual server.

151

00:08:25,444  -->  00:08:29,470
I personally have a XenServer
local to my network,

152

00:08:29,566  -->  00:08:32,142
and one of those VMs
acts as a browser

153

00:08:32,182  -->  00:08:35,880
which gives me virtual isolation
when I’m browsing the web.