Upload
henry
View
32
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Think your network is safe using the default protocols? Think again. Wong Tuck Wah Independent Security Professional, CISSP. Feed the Fishes. Go Toilet. Cosmetics Patchup. Check Email. Shake Legs. Read Newspaper. Go Pantry. Summon into boss room. Tidy Desktop. Networking. - PowerPoint PPT Presentation
Citation preview
Wong Tuck WahWong Tuck WahIndependent Security Professional, CISSPIndependent Security Professional, CISSP
Think your network is safe Think your network is safe
using the default protocols?using the default protocols?
Think againThink again
What is theWhat is the 11stst thing you thing you will do when you reach will do when you reach
office ?office ?
Go ToiletGo Toilet
Check Check EmailEmail
Go Go PantryPantry
Tea Tea BreakBreak Internet Internet
SurfingSurfingCall Call
GirlfriendGirlfriend
Meeting Meeting
GossiGossipp
NetworkingNetworking
Summon Summon into boss into boss
roomroom
Face Face
PoliticsPoliticsTake a NapTake a Nap
Tidy Tidy DesktopDesktop
Cosmetics PatchupCosmetics Patchup
Read Newspaper
Staring at Ceiling
Feed the Fishes
Tune in to 90.5FM
Charge Battery
Shake
Legs
Starts Starts WorkinWorkin
gg
Popeye is sending a
mail to Olive
Web Server
Olive
Popeye
Bluto
Protocol Analyzer
WithouWithoutt
EncryptiEncryptionon
ObjectivesObjectives
What Is Certificate?
Usage of Certificates
Public Key Infrastructure
What Is Certificate Authority
Selection of CA
CA Hierarchy
Certificate Enrolment Process
Conclusions
What Is Certificate?What Is Certificate?
Verifies the identity of a user, computer, or program
Contains information about the issuer and the subject
Is signed by a CA
Usage of CertificatesUsage of Certificates
Smart CardLogon
Smart CardLogon
SoftwareCode Signing
SoftwareCode Signing
IP SecurityIP Security
EncryptingFile SystemEncryptingFile System
SecureE-mailSecureE-mail
InternetAuthentication
InternetAuthentication
802.1x802.1x
SoftwareRestriction Policy
SoftwareRestriction Policy
DigitalSignatures
DigitalSignatures
Public Key InfrastructurePublic Key Infrastructure
Certificate Template
Certificate Template
Digital Certificate
Digital Certificate
Certificate Revocation List
Certificate Revocation List
Public Key-EnabledApplications and Services
Public Key-EnabledApplications and Services
Certificate and CRLDistribution PointsCertificate and CRLDistribution Points
Certificate and CAManagement ToolsCertificate and CAManagement Tools
Certification Authority
Certification Authority
What Is Certificate AuthorityWhat Is Certificate Authority
Verifies the identity of a certificate requestor
Issues certificates
Manages certificate revocation
Selection of CASelection of CA
Self-Hosted Root vs Commercial Root CA
Reputation
Cost
Flexibility
Expertise
Selection of CASelection of CA
Stand-Alone CAStand-Alone CA Enterprise CAEnterprise CA
1. Typically used for offline CAs
1. Typically used to issue certificates
2. AD is optional 2. AD is mandatory
3. Web-based enrolment only
3. Web-based and MMC enrolment
4. Certificate requests issued or denied by a certificate manager
4. Certificate requests issued or denied based on the certificate template
CA HierarchyCA Hierarchy
Root CARoot CA
Policy CAPolicy CA
Issuing CAIssuing CA
Stand-alone and kept offline
Credit Card Enrolment ProcessCredit Card Enrolment Process
ShopBank
Customers Data
Revocation Data
Transaction using credit
Enrolment
Enrolment
Certificate Enrolment ProcessCertificate Enrolment Process
ShopBank
Customers Data
Revocation Data
Transaction using credit
CA
Certificate Data
Revocation List
Server
Transaction using certificate
Enrolment
Enrolment
Popeye is sending a
mail to Olive
Web Server
Olive
Popeye
Bluto
Protocol Analyzer
WithWith
EncryptiEncryptionon
Source : IDASource : IDA
ConclusionsConclusions
Internet Protocols are NOTNOT secured by design
Contents are usually transmitted in CLEARCLEAR text
Certificates can be used to alleviate the situation
Source: Cufa Grad ForumSource: Cufa Grad Forum