Access, Authentication and PKI Professional PKI II “PKI Exposed” You will learn how to:
Build a PKI to secure Internet and applications
Evaluate security policy requirements for your enterprise PKI
Identify PKI components based on standards
Design PKI trust architectures
Integrate public key certificates into applications
Enhance your security with your PKI implementation
Course benefits:
A public key infrastructure (PKI) is an increasingly critical component for ensuring confidentiality, integrity and authentication in an enterprise. This hands-on course provides essential knowledge and skills needed to select, design and deploy a PKI to secure existing and future applications within your organization.
Web and other forms of E-Commerce introduce awhole new
group of information security challenges. Traditional password authentication,
access controls and network perimeter security safeguards often
fall short in a dynamic mobile business environment. Data traveling
over untrusted networks must be protected by encryption methods that
are highly dependent on flexible and robust key management schemes.
In this comprehensive, five-day hands-on course, you’ll learn how
to plan, evaluate, develop, and implement a successful enterprise network
security framework using Public Key Infrastructure (PKI), authentication,
identity, and access authorization systems.
Upon completion of the class, you’ll have all the
experience, confidence, and tools you need to plan Certificate Policy
& Certificate Practice Statements and execute a fully integrated
PKI, enterprise-wide encryption, authentication and identity plan.
Key topics:
• PKI needs assessment
• Verify PKI Trust Concepts
• Is it Access & Identity or Encryption you really need?
• Understanding Encryption options
• Top 10 PKI obstacles
• Securing Mail with S/MIME
• Install multiple trusted certificate servers in hands-on labs
• Build Certificate Policies and Certificate Practice Statements
• Recovering a Private key from Microsoft CA
• Creating specific certificate OIDs
• Cross Certifying with a Bridge CA
• Configuring PKI Assurance Hierarchies
• Install HSPD -12 PIV, Smart Cards, Smart Tokens, and Biometrics
• Product comparisons and demonstrations
• Avoiding PKI pitfalls
Who should attend:
Information Security Officers and Managers,
PKI designers, technical managers overseeing security, and those responsible for developing enterprise security policie, Information Systems Administrators
and Auditors, Network Administrators, Information Assurance Consultants,
Systems and Data- Security Analysts, Project Managers.
Throughout this course, you gain extensive hands-on experience planning, designing and building a PKI
Course agenda: Introduction to Cryptography
PKI Cryptography Essentials Identifying approaches to cryptography
Symmetric and asymmetric ciphers
Generating hash collisions
Authenticating via zero knowledge proof
Improving with K-of-N authentication
Enforcing non-repudiation with digital signatures
From PGP (Pretty Good Privacy) to using digital signature certificates.
You’ll learn what cryptography is, what it can and can’t do,
and how and when you’ll want to use it.
Network Security Refresher Network Defense and Countermeasure
Penetration Testing
Transmission Security
Security Roles and Responsibilities
Trust in a Digital World
Establishing trust through credentials
Verifying trust with a trusted third party
Securing the Private key Selecting Cryptographic Service Providers
Protecting with Data Protection API
Securing with physical smart cards and Hardware Security Model (HSM)
Public Key Infrastructure
An in-depth look at all the elements and applications of PKI — including the top 10 PKI deployment issues and how to handle them in
ways that work for your organization.
Establishing PKI Policies Creating a Certificate Policy (CP)
Identifying with an object identifier (OID)
Obtaining an OID
Selecting Microsoft Application Policies
Certification Practice Statements (CPS)
Upholding the CA policies
Standardizing provisions for CP/CPS
Contrasting CP vs. CPS
Authenticating with PKI Credentials Inside PKI X.509v3 Certificates
Interoperating with industry profiles
Setting certificate lifetimes
Controlling access with attribute certificates
Enrolling Cisco devices with SCEP
HSPD-12 tools– In an effort to better secure federal resources and reduce the potential for terrorist attacks, Homeland Security Presidential Directive 12 (HSPD-12) has set an October 2006 deadline for agencies to adopt identity and access management controls and procedures intended to establish the reliability of employees and contractors and prevent unauthorized access to government facilities and systems. The goal of HSPD-12 is to require federal agencies to adopt a standard, secure, and reliable identification card (the “PIV card”) for employees and contractors – and to ensure that it's only issued only to intended individuals.
Certificates and Signatures
When are certificates and signatures used? How do they differ? All questions
and issues are answered here.
• Signatures vs. certificates
• Digital signatures — definitions, applications, and how
they work
• Certificate structures
• Authentication
• Access control
• Integrity
• Non-repudiation
Certification Authorities
and Directories
The ins and outs of CAs and directories, with special emphasis on the
challenges inherent in managing multiple CA environments and the role
of PKI.
• Roles and responsibilities of Certificate Authorities (CAs)
• Registration and certification process
• Directories defined
• Certificate management
• Certificate value
• Cross certification
• Key recovery
Leveraging certificates in applications
SSL
IPsec
S/MIME
Registration Authority (RA)
Interfacing with PKCS & PKIX standards
Contrasting online RA vs. offline RA
Linking with PKI Repository
Identifying with distinguished names
Accessing the X.500 directory with LDAPv3
Choosing LDAP chaining or referrals X.509v2 Certificate Revocation List (CRL)
Timeliness and scalability solutions
Selecting complete or delta CRL
Publishing CA certificates and CRLs
Validating certificates with OCSP Validating entity certificate
Forming a certificate chain
Locating the Trust Anchor
Matching CA Certificates
Validating via path processing
Building a hierarchical trust model
Distributing trust to subordinate CAs
Increasing security with offline root
Issuing CA vs intermediate CA
Defining CPS with a policy CA
Restricting with Qualified Subordination
Constraining trust to subordinates
Mapping policies with peer CAs
Path processing a Certificate Trust List chain
Product Comparisons
and Demonstrations
The information and answers you need to choose the products that match
both your strategic objectives and your existing infrastructure.
• Comparison matrix
• Middleware products
• Multiple product demos
• Outsourcing CA hosting
Overcoming Pitfalls
in Public Key Encryption and Certificate Management
A look at where a PKI strategy or deployment could go wrong — and
how to steer clear.
• Underestimating the complexity of a PKI rollout
• Challenges associated with encryption
• Key management
Case Studies
Putting all the learning to work with an examination of how PKI and
CAs have been used in real organizations — what went right, and
what went wrong.
Deploying a PKI
How to effectively translate well-conceived strategy into smooth-running
PKI reality.
• The mode
l
• Deployment success factors
• Technological challenges
• Non-technological challenges
• Deployment approach
• Typical PKI deployment team
• Deployment tools
Course Labs and Exercises
• Lab I — Encryption and Digital Signing
• Lab II — Netscape CMS installation to network
• Lab III — MS installation to network -manual & auto key archival
• Lab IV — Entrust and other CA installations
• Lab V — Smart Cards and Biometrics
• Team Exercises — Creating a PKI framework, policies and OIDs
• Discussions — PKI enabling user applications and Risk Management
Course benefits:
