DAR Encryption
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hi and welcome to Module 2, Lesson 6.4.
00:00
In this lesson, we're going to talk about DAR Encryption.
00:00
DAR stands for data at rest.
00:00
A lot of the same principles apply here.
00:00
This type of encryption is the same as the one we talked
00:00
about in the encryption section under the network layer,
00:00
the same encryption principles apply.
00:00
We're simply talking about
00:00
encrypting data as it sits at rest on
00:00
a disk instead of in
00:00
transit when it's being transmitted across the network.
00:00
But it's the same basic principles.
00:00
There's two major types of DAR encryption.
00:00
There's full disk encryption where we're
00:00
encrypting the entire volume of a disk,
00:00
the whole thing and then there's
00:00
file level encryption where we're going to
00:00
encrypt each individual file at
00:00
a different level and give different
00:00
people permissions to read it.
00:00
With full disk encryption,
00:00
here's how that works.
00:00
Let's say we've got an end-user who's
00:00
going to boot up their laptop.
00:00
Well, before the laptop even boots,
00:00
the end-user would be prompted for a key.
00:00
That's essentially just a password.
00:00
The end user enters that password,
00:00
that key is sent back to the management server,
00:00
the key management system,
00:00
it takes a look at its policies to
00:00
determine whether or not that key is correct.
00:00
If that key is allowed to decrypt
00:00
that particular endpoint or that laptop,
00:00
makes a decision and says yes and then it allows
00:00
that an encryption to happen on the laptop.
00:00
At that point the operating system would boot up.
00:00
The entire disk is encrypted in one blob.
00:00
The operating system, nothing can function if
00:00
that laptop was stolen or anything like that.
00:00
It couldn't be decrypted.
00:00
Really full disk encryption is
00:00
used to prevent against physical theft
00:00
is to prevent if someone grabbed
00:00
the whole disk and ran off with it,
00:00
they couldn't really decrypt it or read
00:00
any of their contents on it.
00:00
It can also be used to wipe a disk if
00:00
it's reported stolen so that check-in mechanism,
00:00
it let's say the laptop was reported stolen.
00:00
Well, when that thief tries to boot up that system,
00:00
if it's out there on the connected to
00:00
the Internet and types in some password,
00:00
as soon as that call-out
00:00
goes to the key management server,
00:00
a command could be sent back to
00:00
the laptop to just wipe the whole disk.
00:00
The next type of DAR encryption is file level encryption.
00:00
With this type, we can encrypt individual files and give
00:00
certain people access to
00:00
decrypt them and read the contents.
00:00
In the way this works,
00:00
let's take a look at this one.
00:00
If we've got an IT administrator who
00:00
wants access to the legal server,
00:00
when he goes and connects to
00:00
the legal server is going to kick off two things.
00:00
One thing it's going to do is it's going to look at
00:00
local policies on that server.
00:00
The local policies that are assigned to
00:00
that file that is trying to access.
00:00
Does that administrator have read,
00:00
write access to the file itself?
00:00
The other thing that's going to do is it's going to
00:00
reach out to the key management server.
00:00
If it has a DAR encryption agent on the server,
00:00
it's going to reach out to key management
00:00
and it's going to determine
00:00
whether or not this person has
00:00
access to decrypt this file.
00:00
In this case, the IT administrator does
00:00
not have access to decrypt the file,
00:00
so that decision is going to be sent
00:00
back to the legal server.
00:00
At this point, the IT administrator,
00:00
you see they have read,
00:00
write access to the file itself,
00:00
but they do not have access to decrypt that file
00:00
and read the contents of it.
00:00
Now this is important because administrators,
00:00
for example, may need read write access to a file.
00:00
Read is a little misleading here,
00:00
read doesn't mean you can read the actual contents,
00:00
read just in this case means you can copy the file
00:00
and you can move the file somewhere else.
00:00
IT administrators might need
00:00
that type of access because maybe
00:00
they're in charge of the backups
00:00
that happened on that system,
00:00
or maybe they're part of
00:00
a help desk and attorneys call in
00:00
and they need to find
00:00
their files and the administrator
00:00
needs to help with them,
00:00
they can see the files themselves,
00:00
they just can't see what's in them.
00:00
You need actual decrypt capabilities to be able to
00:00
open that file and actually
00:00
read the contents of the file.
00:00
Now that attorney connects to
00:00
the legal server and the same process
00:00
happens and this time the key management services, yes.
00:00
That attorney does have access
00:00
to decrypt and read the contents,
00:00
so it sends the key back to the attorney's session on
00:00
the legal file server and it
00:00
allows that attorney to actually
00:00
decrypt the file and read it.
00:00
This is how you can use file level encryption
00:00
when it comes to file level encryption to get much,
00:00
much more granular because you're allowing encryption at
00:00
individual file levels versus
00:00
full disk encryption where you're
00:00
encrypting the entire volume.
00:00
It's either on or off.
00:00
That wraps up our lesson on DAR encryption.
00:00
Next up we're going to talk about
00:00
file integrity monitoring.
Up Next
Instructed By
Similar Content
