1 / 17

Wong Tuck Wah Independent Security Professional, CISSP

Think your network is safe using the default protocols? Think again. Wong Tuck Wah Independent Security Professional, CISSP. Feed the Fishes. Go Toilet. Cosmetics Patchup. Check Email. Shake Legs. Read Newspaper. Go Pantry. Summon into boss room. Tidy Desktop. Networking.

henry
Download Presentation

Wong Tuck Wah Independent Security Professional, CISSP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Think your network is safe using the default protocols? Think again Wong Tuck Wah Independent Security Professional, CISSP

  2. Feed the Fishes Go Toilet Cosmetics Patchup Check Email Shake Legs Read Newspaper Go Pantry Summon into boss room Tidy Desktop Networking What is the1stthing you will do when you reach office ? Gossip Meeting Tune in to 90.5FM Staring at Ceiling Charge Battery Tea Break Internet Surfing Starts Working Call Girlfriend Face Politics Take a Nap

  3. Web Server Popeye Protocol Analyzer Olive Bluto Without Popeye is sending a mail to Olive Encryption

  4. Objectives • What Is Certificate? • Usage of Certificates • Public Key Infrastructure • What Is Certificate Authority • Selection of CA • CA Hierarchy • Certificate Enrolment Process • Conclusions

  5. What Is Certificate? • Verifies the identity of a user, computer, or program • Contains information about the issuer and the subject • Is signed by a CA

  6. DigitalSignatures Smart Card Logon EncryptingFile System SecureE-mail InternetAuthentication SoftwareCode Signing Software Restriction Policy IP Security 802.1x Usage of Certificates

  7. Certificate and CAManagement Tools Certification Authority Certificate and CRLDistribution Points Certificate Template Digital Certificate Certificate Revocation List Public Key-EnabledApplications and Services Public Key Infrastructure

  8. What Is Certificate Authority • Verifies the identity of a certificate requestor • Issues certificates • Manages certificate revocation

  9. Selection of CA • Self-Hosted Root vs Commercial Root CA • Reputation • Cost • Flexibility • Expertise

  10. Selection of CA Stand-Alone CA Enterprise CA • Typically used for offline CAs • Typically used to issue certificates • AD is mandatory • AD is optional • Web-based and MMCenrolment • Web-based enrolment only • Certificate requests issued or denied based on the certificate template • Certificate requests issued or denied by a certificate manager

  11. CA Hierarchy Stand-alone and kept offline Root CA Policy CA Issuing CA

  12. Bank Shop Enrolment Customers Data Revocation Data Enrolment Transaction using credit Credit Card Enrolment Process

  13. Bank Shop Customers Data Certificate Data Revocation Data Revocation List CA Server Transaction using credit Transaction using certificate Certificate Enrolment Process Enrolment Enrolment

  14. Web Server Popeye Protocol Analyzer Olive Bluto With Popeye is sending a mail to Olive Encryption

  15. Source : IDA

  16. Conclusions • Internet Protocols are NOT secured by design • Contents are usually transmitted in CLEAR text • Certificates can be used to alleviate the situation

  17. Source: Cufa Grad Forum

More Related