Understanding PKI and Encryption Technologies

Synopsis:

Hands-on course that provides an overview of PKI and encryption technologies, including symmetric and asymmetric encryption, digital hashes and others. 
Duration: 1 Day

Cost:

 $795

Audience:

 Security Staff, MIS Administrators, Network Administrators, et. al.

Prerequisites:

 None

Registration:

 Contact Mike Endrizzi at 952-953-3767 for Details
       

Course Outline:
  • PKI Encryption Basics
    • Principles of Computer Security
    • Encryption Concepts
      • Code books
      • Algorithms
      • Keys and Key Lengths
      • One-Time Pads
      • XOR Function
    • Symmetric Encryption 
      • Stream Ciphers
      • Block Ciphers
      • Key management problems 
    • Digital Hashes 
    • Asymmetric Encryption
      • Encryption and public keys
      • Decryption and private keys
      • Digital Signatures 
      • Digital Signatures and private keys
      • Digital Signatures and public keys
      • Symmetric vs. Asymmetric
      • Love/Hate it - The Math 
    • Solving key management
      • Key management w/  RSA/SSL - DEMO
      • Key management w/  PGP - DEMO
      • Key management w/ Diffie - Helman
    • Encryption politics
      • Key lengths and export restrictions
      • Key escrow
    • Why pure crypto is not computer security

     

  • PKI Technology Overview
    • The need for PKI
      • The silver bullet - single sign-on
      • Single solution strong security
      • Backing e-commerce transactions
    • Building Trust into Keys
      • The missing link - authentication
      • Direct - Out of Band (OOB)
      • Centralized - Kerberos 
      • DEMO Windows 2000 Kerberos and Active Directory
      • Decentralized - PGP 
      • DEMO Building a PGP Web of Trust
      • Hierarchical - PKI
    • X.509 Certificates
      • X.509 and public keys
      • X.509 certificate description
      • X.509 certificate types
      • DEMO - Exploring Windows 2000 X.509 certificates
      • DEMO - PGP and X.509 integration
    •  Building trust with Certificate Authority (CA)s
      • Manual trust and certificates
      • X.509 certificate fingerprints
      • DEMO - Windows 2000 X.509 certificate thumbprints
      • The need for hierarchical CAs
      • The role of CAs
      • The role of RAs
      • Trust enforced with digital signatures 
      • Where is the "root" CA
      • How to build a hierarchical CA chain
      • How to verify a hierarchical CA chain
      • DEMO - Issuing certificates in Windows 2000 environments
      • DEMO - Windows 2000 hierarchical CA checking
      • DEMO - Windows 2000 CA certificate stores in IE 5.0
      • DEMO - Windows 2000 certificate manager
    • X.509 Certificate Storage
      • Storage Models
        • Local desktop storage
          • Registry
          • DEMO - Windows 2000 IE personal certificate manager
          • File system
          • Smartcards
        • Centralized storage
          • Directory servers and PKI
          • Open standard vs. proprietary access
          • The move to LDAP
          • DEMO - Windows 2000 and Active Directory
        • Outsourced storage
          • DEMO - Verisign services 
          • DEMO - ID Certify services 
      • Backup and Recovery 
        • How to recover encrypted data
        • Split private key recovery
    • X.509 Certificate Distribution
      • Workgroup mode
        • Individual certificate distribution
        • DEMO - Windows Outlook 2000 certificate distribution via email
        • DEMO - Windows 2000 certificate import/export 
        • S/MIME and certificates
        • Problems with manual distribution
      • Standalone directory mode
        • Integrating certificates and directory services
        • DEMO - Searching Windows 2000 Active Directory with LDAP
        • DEMO - Searching PGP directories
      • Enterprise mode
        • User transparent distribution via directory/email integration
        • DEMO - Windows 2000 Active Directory, Outlook 2000 and transparent certificate distribution
    • X.509 Certificate Revocation
      • The need for certificate revocation
      • How revocation works
      • Details of Certificate Revocation Lists (CRL)s
      • DEMO - Windows 2000 certificate revocation
      • DEMO - PGP key revocation
    • Summary: Certificate management vs Key management

     

  • PKI Advanced Topics (Extended Sessions Only)
  • X.509 Extension Fields
    • Field description
    • Field categories
      • Key info
      • User and CA info
      • Policy info
      • Certificate path
    • DEMO - Windows 2000 extension fields
  • Certificate Policy Statement (CPS)
  • CA Cross certification 
    • How to trust your partners
    • Cross certification with digital signatures
    • Walking the chain of cross certification
    • Cross certification with Certificate Trust Lists (CTL's)
    • DEMO - Windows 2000 CTLs
  • PKI deployment challenges
    • E-commerce single sign on
    • Enterprise single sign on
    • Extensions
    • Cross certification
    • Interoperability
    • Roaming user
    • Revocation
  • PKI Standards and Buzzwords
  • Opinions/Predication

Home | Services | Training | Support | Contact Us | Search

Copyright 2006, Security Evolution, Inc.