secure sockets layer (ssl)... · 2020. 7. 31. · secure sockets layer (ssl) course navigation...
TRANSCRIPT
Secure Sockets Layer (SSL) FundamentalsCourse Navigation
Get t ing St ar t edSection 1
Real-Wor ld Use CasesSection 3
Using Encrypt ion t o Prot ect Net work Com m unicat ions
Section 2
Getting Started
Back t o Main
Get t ing St ar t edSection 1
Course Navigation
Introduction to Public Key Infrastructure (PKI)
Introduction to Cryptography
Using Encrypt ion t o Prot ect Net work Com m unicat ions
Section 2
Real-Wor ld Use CasesSection 3
Introduction to Asymmetric Encryption
Introduction
Before we can get into the meat and potatoes of SSL, it 's important to first get a good understanding of what encrypt ion is and why it is used in today's computing environment.
In our Get t ing St ar t ed section, we're going to establish the following principles:
Crypt ography
Asym m et r ic Encrypt ion
PKI
Next
1
2
3
Getting Started
Back t o Main
Get t ing St ar t edSection 1
Course Navigation
Introduction to Public Key Infrastructure (PKI)
Introduction to Cryptography
Using Encrypt ion t o Prot ect Net work Com m unicat ions
Section 2
Real-Wor ld Use CasesSection 3
Introduction to Asymmetric Encryption
Int roduct ion t o Asym m et r ic Encrypt ion
Int roduct ion t o Asym m et r ic Encrypt ion
NextBack
Dr. Whitfield Diffie and Dr. Martin Hellman came together to try to solve t he issues associated with symmetric encryption: key dist r ibut ion .
They developed the first asymmetric key exchange, which later became known as the Dif f ie-Hellm an Key Exchange.
To facil i t at e this, both users in an exchange agree on a shared private key. There's a complex algorithm associated with it, but the basis is that if you know your key, you can then decrypt that message.
For inst ance, if my key is 367 and yours is 235, then we end up with:
367 x 235 = 86245
Int roduct ion t o Crypt ography
Dif f ie-Hellm an
Getting Started
Back t o Main
Get t ing St ar t edSection 1
Course Navigation
Introduction to Public Key Infrastructure (PKI)
Introduction to Cryptography
Using Encrypt ion t o Prot ect Net work Com m unicat ions
Section 2
Real-Wor ld Use CasesSection 3
Introduction to Asymmetric Encryption - Ron Rivest
- Adi Shamir- Leonard Adleman
Widely used today for secure dat a t ransm issions
In RSA, each user has a widely available public key as well as a secret pr ivat e key.
When sending a message, the sender uses the receiver 's public key to encrypt that message.
The only key that can be used to decrypt that message is the receiver 's pr ivat e key.
Int roduct ion t o Asym m et r ic Encrypt ion
Int roduct ion t o Asym m et r ic Encrypt ion
NextBack
Int roduct ion t o Crypt ography
RSA
Creat ed By
Getting Started
Back t o Main
Get t ing St ar t edSection 1
Course Navigation
Introduction to Public Key Infrastructure (PKI)
Introduction to Cryptography
Using Encrypt ion t o Prot ect Net work Com m unicat ions
Section 2
Real-Wor ld Use CasesSection 3
Introduction to Asymmetric Encryption
Int roduct ion t o Public Key Inf rast ruct ure (PKI)
Int roduct ion t o Public Key Inf rast ruct ure (PKI)
Int roduct ion t o Asym m et r ic Encrypt ion
NextBack
Used for t ransact ional exchanges Not any specific technology but rather a f ram ework based on asymmetric technologies
Int roduct ion t o Crypt ography
PKI (Public Key Inf rast ruct ure)
Asym m et r ic Encrypt ion
Cer t if icat es
Issued by a cer t if icat e aut hor it y (CA)
Provides
Conf ident ial i t y, aut hent icit y, int egr it y, and nonrepudiat ion
Getting Started
Back t o Main
Get t ing St ar t edSection 1
Course Navigation
Introduction to Public Key Infrastructure (PKI)
Introduction to Cryptography
Using Encrypt ion t o Prot ect Net work Com m unicat ions
Section 2
Real-Wor ld Use CasesSection 3
Introduction to Asymmetric Encryption
Int roduct ion t o Public Key Inf rast ruct ure (PKI)
Int roduct ion t o Asym m et r ic Encrypt ion
Back
Regist rat ion Aut hor it y (RA)
Int roduct ion t o Crypt ography
Web Server
Web Server SSL Request
Cer t if icat e Aut hor it y (CA)
Could be: - DigiCert- Verisign- Comodo- GoDaddy- Etc.
Int roduct ion t o Public Key Inf rast ruct ure (PKI)
Using Encryption to Protect Network Communications
Back t o Main
Get t ing St ar t edSection 1
Course Navigation
The Use of Hybrid Encryption in SSL
Secure Protocols Overview
How a Public Key Exchange (PKE) Works
How (and Why) TLS Superseded SSL
Using Encrypt ion t o Prot ect Net work Com m unicat ions
Section 2
Real-Wor ld Use CasesSection 3
Introduction
Now that we have a basic understanding of what crypt ography is and what it 's used for, let 's discuss how we use it today to secure our net work com m unicat ions.
In this section, we'll look at the following:
Secure Prot ocols Overview
The Use of Hybr id Encrypt ion
How a Public Key Exchange (PKE) Works
How (and Why) TLS Superseded SSL
Next
1
2
3
4
Using Encryption to Protect Network Communications
Back t o Main
Get t ing St ar t edSection 1
Course Navigation
The Use of Hybrid Encryption in SSL
Secure Protocols Overview
How a Public Key Exchange (PKE) Works
How (and Why) TLS Superseded SSL
Using Encrypt ion t o Prot ect Net work Com m unicat ions
Section 2
Real-Wor ld Use CasesSection 3
HTTP Applicat ion
Present at ion
Secure Prot ocols Overview
Secure Prot ocols Overview
NextBack
Com m unicat ion via SSL
FTP
FTP, SMTP, and HTTP operate at the Applicat ion layer of the OSI model.
When we're securing these with SSL/TLS, we put a crypt ographic wrapper around the communication at the Transpor t layer.
Session
Transpor t
Net work
Dat a Link
Physical
SSL Wrapper
SMTP
Back t o Main
Course Navigation
Requesting and Setting Up a Web Server Cert
Setting Up a Private Docker Registry Using SSL
Encrypting File System (EFS) Overview
Real-Wor ld Use CasesSection 3
Get t ing St ar t edSection 1
Using Encrypt ion t o Prot ect Net work Com m unicat ions
Section 2
Setting Up OpenLDAP to Use SSL/TLS
Real-World Use CasesReal Wor ld Use Cases
NextNext
Introduction
Now that we know the t heory behind SSL and TLS, let 's dive into some of the real-wor ld applicat ions of SSL cer t if icat es.
In this section, we'll walk through im plem ent at ions of the following:
Set t ing Up a Web Server Cer t
Set t ing Up a Pr ivat e Docker Regist ry Using SSL
Encrypt ing File Syst em (EFS) Overview
Set t ing Up OpenLDAP Using SSL/TLS
1
2
3
4
Back t o Main
Course Navigation
Requesting and Setting Up a Web Server Cert
Setting Up a Private Docker Registry Using SSL
Encrypting File System (EFS) Overview
Real-Wor ld Use CasesSection 3
Get t ing St ar t edSection 1
Using Encrypt ion t o Prot ect Net work Com m unicat ions
Section 2
Setting Up OpenLDAP to Use SSL/TLS
Real-World Use CasesRequest ing and Set t ing Up a Web Server Cer t if icat e
Request ing and Set t ing Up a Web Server Cer t
NextBack
1
2
3
4
NGINX
Request certificate from CA.
Place certificate on server.
Modify NGINX conf file to listen on port 443.
Add certificate location to NGINX conf file.
Back t o Main
Course Navigation
Requesting and Setting Up a Web Server Cert
Setting Up a Private Docker Registry Using SSL
Encrypting File System (EFS) Overview
Real-Wor ld Use CasesSection 3
Get t ing St ar t edSection 1
Using Encrypt ion t o Prot ect Net work Com m unicat ions
Section 2
Setting Up OpenLDAP to Use SSL/TLS
Real-World Use Cases
Request ing and Set t ing Up a Web Server Cer t
NextBack
1
2
3
4
Install Docker Engine on server and host.
Get certificate (or, in our case, create certificate).
Add certificate to Docker 's trusted certificates. This makes Docker trust our X.509 cert.
Create the Docker Registry.
Set t ing Up a Pr ivat e Docker Regist ry Using SSL
Set t ing Up a Pr ivat e Docker Regist ry Using SSL
Pr ivat e Docker Regist ry
5
Add server IP to OpenSSL configuration file before creating certificates.
Back t o Main
Course Navigation
Requesting and Setting Up a Web Server Cert
Setting Up a Private Docker Registry Using SSL
Encrypting File System (EFS) Overview
Real-Wor ld Use CasesSection 3
Get t ing St ar t edSection 1
Using Encrypt ion t o Prot ect Net work Com m unicat ions
Section 2
Setting Up OpenLDAP to Use SSL/TLS
Real-World Use CasesSet t ing Up OpenLDAP t o Use SSL
Set t ing Up OpenLDAP t o Use SSL
Back
Encrypt ing File Syst em (EFS) Overview
Set t ing Up a Pr ivat e Docker Regist ry Using SSL
Request ing and Set t ing Up a Web Server Cer t
OpenLDAP
Provides an LDAP service.
Out of the box, the server communicates over an insecure connect ion .
There are two major secur it y issues with this:
- The server remains unaut hent icat ed to the client, so an at t acker could establish and redirect traffic to a rogue server.
- The traffic could be in t ercept ed.
Introducing an SSL certificate into the approach allows us to m it igat e these concerns.
Tradit ionally, secure com m unicat ions were handled via LDAPS protocol (port 636) ? however, this has been deprecat ed and replaced with the STARTTLS function.