A public key infrastructure (PKI) is an increasingly critical component for ensuring privacy and authentication in an enterprise. This technology is capable of securing a wide range of applications across your organization. Successful PKI deployment requires detailed comprehension of many important issues.This hands-on course provides essential knowledge and skills needed to select, design and deploy a PKI to secure existing and future applications within your organization.
Objectives
Throughout this course, you gain extensive hands-on experience planning, designing and building a PKI. Exercises, performed under the guidance of an expert instructor, include:
Analyzing PKI trust concepts
Generating, using and validating digital signatures
Building a Certification Authority and extending trust through PKI
Integrating a PKI with existing directory systems
Linking PKIs using cross-certification
Identifying certificate components
Integrating a PKI with applications
Implementing a PKI solution to support a selected environment
Course Outline
TRUST IN A DIGITAL WORLD
Trust concepts
Establishing trust through credentials
Authentication vs. authorization
Validating credentials
Extending trust over time
FOUNDATIONS OF CRYPTOGRAPHY
Security issues
Authentication
Privacy
Integrity
Security threats
Approaches to cryptography
Symmetric vs. asymmetric ciphers
Issues for secret key encryption
Public key fixes to secret key problems
Hashing and digital signatures
Generating and exchanging keys
Applications of public key cryptography
Authentication via key ownership
Non-repudiation using digital signatures
Key distribution and management
ELEMENTS OF PUBLIC KEY INFRASTRUCTURE
Infrastructure concepts
Pervasive security services
Building a comprehensive security model
PKI functions
Certification Authority
Certificate repository
Key recovery
Business drivers
Saving costs with a single security solution
Improving interoperability
Choosing an infrastructure provider
DEFINING PKI COMPONENTS AND ARCHITECTURES
Certification Authority (CA)
CA requirements
PKCS standards
Interfaces
Key recovery and storage
Certificate Repository
Identifying suitable solutions
Distributing through X.500 directories
LDAPv3 directory access protocol
Registration Authority (RA)
Functionality of an RA
Interfacing with the CA using PKCS#10
PKI client software
Tradeoffs between embedded and middleware designs
Private key security issues
Hierarchical trust model
Deriving trust from a root CA
Distributing trust with subordinate CAs
Distributed trust model
Deriving trust from a local CA
Extending trust with cross certification
Scalability vs. performance
Linking enterprise PKIs
Limitations of a hierarchical model
The certificate trust list approach
CERTIFICATES AND CERTIFICATE MANAGEMENT
Policy and administration
Purposes of a Certificate Policy (CP)
Linking CP to enterprise security policy
Employing the PKIX CP template
Localizing the CP with a Certification Policy Statement (CPS)
