Description

The TLS (Transport Layer Secure) standard is the most deployed protocol for securing application exchanges. This course will provide you with a good knowledge of TLS architecture, protocol and security services. You will implement it on the client and server side within exchanges to be secured.

Who is this training for ?

For whom ?

Systems and network technicians and administrators, security architects and security managers.

Prerequisites

Training objectives

Implement the TLS protocol Strongly and securely configure TLS clients and servers Analyze TLS traffic Know attacks on TLS

Training program

• Cryptography and security services
  • Cryptographic terminology and principles.
  • Main cryptography algorithms and their uses in TLS: AES, DHE, ECC, RSA, DSA.
  • Hash function (MD5 , SHA1, SHA2, SHA3) with and without key (Hmac).
  • Cryptography operating modes.
  • Cryptanalysis and attack on cryptographic functions.
  • Services security: confidentiality, authentication, integrity.
  • Practical work Encryption and decryption based on OpenSSL and cryptanalysis.
• Certificates and digital signature
  • Digital signature.
  • Attacks on public keys.
  • Certificates and PKCS12 key implementation.
  • Certificate profiles for TLS .
  • Practical work Design of certificates (client and server side) and PKCS12 on the client side.
• TLS Architecture and Services
  • Positioning of the different versions: SSLv3, TLS1.
  • 0, TLS1.
  • 1, TLS1.
  • 2.
  • Architecture, protocol and security services, TLS exchanges.
  • Configuration of cipher suites.
  • Practical work Configuration of a TLS client and TLS traffic analysis.
• Configuring and implementing the TLS protocol
  • Configuration on the client and server side.
  • Configuration for simple server authentication.
  • Implementation of certificates, settings of encryption algorithms on the server side.
  • Server authentication, configuration of certificate stores.
  • Practical work Configuration and implementation of TLS on the Apache web server side.
• Advanced TLS protocol services
  • TLS extensions and features.
  • Different authentication modes: OpenPGP certificate, PSK.
  • Ticket and session reopening.
  • Session benchmarking.
  • Configuration of the TLS client (PKCS12).
  • Practical work Configuration of TLS clients and servers for strong and mutual authentication.
  • Implementation of extensions, performance analysis.
• TLS protocol security analysis and outlook
  • Attacks on the TLS protocol.
  • Best practices, configuration control.
  • Presentation of the DTLS protocol.
  • Presentation of the future version of TLS 1.
  • 3.
  • Practical work Auditing the TLS protocol.
  • Implementation of attacks on TLS.
  • Configuring and implementing DTLS.