1
00:00:00,700 --> 00:00:05,580
Who and what you trust is key to your security privacy and anonymity.

2
00:00:05,680 --> 00:00:09,630
The less you trust the lower your risk.

3
00:00:09,700 --> 00:00:15,090
You want to minimize the number of things that you trust including yourself.

4
00:00:15,100 --> 00:00:19,220
This is the zero trust model to protect our assets.

5
00:00:19,240 --> 00:00:21,470
We have to make choices about trust.

6
00:00:21,490 --> 00:00:28,410
We have to select software operating systems encryption storage Internet service provider password managers

7
00:00:28,790 --> 00:00:36,370
download We want to download and even people that we need to trust to protect our assets evaluate instead

8
00:00:36,370 --> 00:00:43,310
of trusting everything will present a level of risk some acceptable some not.

9
00:00:43,450 --> 00:00:47,010
We can mitigate the risk by distributing the trust.

10
00:00:47,020 --> 00:00:48,570
This is a zero trust model.

11
00:00:48,580 --> 00:00:55,480
It should be applied to everything we go through in the course trust nothing trust no one evaluate and

12
00:00:55,480 --> 00:00:56,880
distribute the trust.

13
00:00:57,070 --> 00:00:58,120
So what does that really mean.

14
00:00:58,120 --> 00:00:59,750
Well let me give you an example.

15
00:00:59,770 --> 00:01:04,630
Say you want to store files on line you want to sync your files on line.

16
00:01:04,660 --> 00:01:08,680
You need to select a provider that offers the sinking service.

17
00:01:08,680 --> 00:01:16,030
Dropbox is a popular choice and many people use you should not trust that they will not get hacked.

18
00:01:16,060 --> 00:01:19,380
You should not trust that they won't view your files.

19
00:01:19,480 --> 00:01:26,560
You should not trust that they will not lose or change your files so you have to make a risk based choice

20
00:01:26,650 --> 00:01:29,110
based on that zero trust.

21
00:01:29,110 --> 00:01:35,770
So you ask yourself how important is it that the files remain private without being changed and to be

22
00:01:35,770 --> 00:01:36,900
always available.

23
00:01:36,970 --> 00:01:38,720
You decide that it is important.

24
00:01:38,830 --> 00:01:41,170
So you choose to back up the files as well.

25
00:01:41,230 --> 00:01:48,550
In a separate location and encrypt the files or use a service to encrypt the files client side with

26
00:01:48,550 --> 00:01:50,070
a decryption key.

27
00:01:50,140 --> 00:01:57,370
The only you have this way you have distributed the trust to the alternative Balko and to yourself via

28
00:01:57,370 --> 00:02:05,880
encryption Krypton and encryptor are examples of what are called zero knowledge systems.

29
00:02:05,890 --> 00:02:13,270
Zero Knowledge is when the provider literally has zero knowledge about what it is that they are hosting

30
00:02:13,510 --> 00:02:15,010
for their clients.

31
00:02:15,100 --> 00:02:20,740
So zero knowledge system goes some way towards providing a system that you don't necessarily need to

32
00:02:20,740 --> 00:02:24,810
trust too much in terms of confidentiality and privacy.

33
00:02:24,820 --> 00:02:30,550
You still would have to trust them to keep your files available and to not change them if they were

34
00:02:30,550 --> 00:02:34,990
indeed hosting files as an example of a zero knowledge service.

35
00:02:35,020 --> 00:02:41,620
If your files are extremely sensitive I still wouldn't trust a claim of a zero knowledge system because

36
00:02:41,620 --> 00:02:46,550
they could always change something they could recoat it as they have control of the application.

37
00:02:46,570 --> 00:02:51,340
If it was important I would always add an extra layer of encryption.

38
00:02:51,340 --> 00:02:53,080
Let me give you another example.

39
00:02:53,080 --> 00:02:56,330
Applications can have secret back doors.

40
00:02:56,380 --> 00:03:04,420
You may choose to run an application in an isolated virtual machine to stop it being able to communicate

41
00:03:04,510 --> 00:03:04,930
out.

42
00:03:04,930 --> 00:03:06,820
Applications can have malware.

43
00:03:06,850 --> 00:03:14,590
Again you may sandbox that application instead of trusting it you're evaluating or mitigating the risk

44
00:03:14,820 --> 00:03:16,290
distribution the trust.

45
00:03:16,330 --> 00:03:23,290
Or you might adopt a different application completely and go with a free and open source FOSS application

46
00:03:23,290 --> 00:03:30,490
that has had security or auditing as an alternative Trost says the zero trust model you will hear me

47
00:03:30,490 --> 00:03:36,670
mention the use of the zero tools model throughout the course evaluate instead of trusting mitigate

48
00:03:36,670 --> 00:03:39,300
the risk by distributing the trust.