We provide virtual course about PKI Fundamentals. Public Key Infrastructure (PKI) is a core service that facilitates authentication, encryption, and digital signing. This course equips learners with the essential skills to design, operate, and maintain PKI.
Course description:
The training begins with an overview of cryptography and the working principals of algorithms. After establishing an understanding of certificates, it discusses considerations for designing a highly reliable Certification Authority structure and showcases useful tools and resources. Practical implementation examples are given in both Windows and Linux (for 4-day version) environments.
Use-cases show how PKI can be used for, among others:
• Securing web servers
• Implementing authentication
• Ensuring software integrity
• Protecting data storage and communication
Course content:
Cryptography Basics:
• Introduction to Cryptography
• Symmetric Cryptography
• Asymmetric Cryptography
• Hash Functions
• Security Goals
Usage Scenarios:
• Encryption
• Signing
• Components of PKI
Algorithms, Protocols and Standards:
• DES and 3DES
• RSA, AES, SHA
• Object Identifiers (optional)
• X.500, X.509
• Certificate file formats and extensions
Understanding Certificates:
• Structure and Content
• Extensions
Getting Started with CAs:
• Using External CAs
• Self-signed Certificates
• CA Hierarchy
• Writing the Certificate Policy and Certification Practice Statement
Windows Server Certificate Security:
• Choosing an Architecture
• Implementing a CA Hierarchy
• Certificate Templates
• Issuing Certificates
• Certificate Renewal
• OpenSSL on Linux (optional)
Maintaining a CA:
• Verifying and Monitoring
• Backup
Certificate Revocation:
• Reasons for Revocation
• Methods of Revocation Checking
• Cloud certificate management using Azure Key Vault (optional)
• Practical Applications:
SSL for Web Server:
• Internet Information Services (IIS)
• (optional) Apache / nginex
• (optional) Certificate-based Authentication
Authentication:
• User Authentication vs Server Authentication
• SSH
• Considering Smart Card Logon
• Virtual Private Networking
• (optional) Wi-Fi with 802.1x
Encrypting File System (EFS):
• Local EFS Encryption
• EFS Within a Domain
• Recovery
Securing E-Mail:
• Certificate Requirements
• Signing in Outlook
• Encryption in Outlook
Code Signing:
• Time Stamping
• Signing PowerShell Scripts
• (optional) Signing Visual Studio Files
• (optional) Signing Office VBScript Code
• Other PKI-Enable Applications
• Closing topics
Best Practices and Compliance:
• NIST Guidelines
• CA/Browser Forum
• Blockchain
• Post-quantum Cryptography
Target audience:
An ideal candidate will be a systems administrator, network administrator, or hold a similar role
Prerequisites:
• Delegates should have basic knowledge of Windows Server administration and networking
Language:
• English course material, english speaking instructor