Customer Service or Enrol: 0800 282 353 or +44 1372 364610
 

PKI: A Comprehensive Hands-On Introduction

Course: 586   Type: Hands-On   Duration: 4 Days
Quick Enrol  

You Will Learn How To

  • Build a Public Key Infrastructure (PKI) to secure Internet, intranet and extranet applications
  • Identify functionality of PKI components based on standards
  • Design PKI architectures to support different trust models
  • Integrate public key certificates into a range of PKI applications
  • Constrain trust among PKIs with qualified subordination
  • Evaluate policy requirements for your enterprise PKI

Course Benefits
A public key infrastructure (PKI) is a critical component for ensuring confidentiality, integrity and authentication in an enterprise. This hands-on course provides essential knowledge and skills needed to select, design and deploy a PKI to secure existing and future applications within your organization. You also learn to link your PKI to other organizations and enable secure communications.

Who Should Attend
PKI designers, technical managers overseeing security and those responsible for developing enterprise security. Anyone connecting a PKI to an external Certification Authority (CA), a bridge or another organization's PKI will also benefit.

Hands-on Training
You gain extensive hands-on experience planning, designing and building a PKI. Exercises include:
  • Archiving and recovering a private key from a CA
  • Creating custom certificate content
  • Building an Entrust Root CA and connecting to an X.500 directory
  • Cross-certifying with a Bridge CA
  • Constraining trust among PKIs using qualified subordination
  • Securing communications with S/MIME, SSL and IPsec
  • Establishing a Microsoft SCA under an Entrust Root CA
  • Authenticating with a smart card
  • Configuring Microsoft compatibility in Entrust CA

Course Content
Trust in a Digital World
Establishing trust
  • Instigating trust through credentials
  • Verifying with a trusted third party
Implementing trust with cryptography
  • Selecting symmetric and asymmetric algorithms
  • Encrypting with modulo arithmetic
  • Visualizing the Diffie-Hellman algorithm
  • Enforcing non-repudiation with digital signatures
Securing PKI
Ensuring strong authentication
  • Authenticating via zero knowledge proof
  • Enforcing access with M-of-N authentication
  • Requiring multifactor authentication with smart cards
Securing the private key
  • Protecting with the Data Protection API
  • Examining key storage in the user profile
  • Prevent tampering with the Hardware Security Module (HSM)
Ensuring persistence of credentials
  • Auto-archiving the encryption private key
  • Utilizing a key recovery agent
  • Solving deniability with dual-key support
Authenticating with PKI Credentials
Inside PKI X.509 v3 Certificates
  • Interoperating with industry profiles
  • Setting certificate lifetimes
  • Controlling access with attribute certificates
  • Enrolling Cisco devices with SCEP
Customizing certificate templates
  • Creating new certificate fields
  • Implementing policies in templates
Leveraging certificates in applications
  • Securing Web traffic with SSL
  • Setting up a Virtual Private Network (VPN) with IPsec
  • Sending e-mail securely with S/MIME
Establishing Certificate Policy (CP)
  • Identifying with an Object Identifier (OID)
  • Selecting Microsoft application policies
  • Upholding Certification Practice Statements (CPS)
  • Standardizing provisions for CP/CPS
Dissecting PKI Components
Trusting a Certification Authority (CA)
  • Rolling over a CA certificate lifetime
  • CA disaster recovery
Registration Authority (RA)
  • Interfacing with PKCS and PKIX standards
  • Contrasting online RA vs. offline RA
Connecting to the PKI Repository
  • Identifying with a distinguished name (DN)
  • Accessing the X.500 directory with LDAP v3
X.509 v2 Certificate Revocation List (CRL)
  • Selecting complete, delta or partitioned CRL
  • Publishing CA certificates and CRLs
  • Authenticating certificates with OCSP
Validating an entity certificate
  • Forming a certificate chain
  • Locating the Trust Anchor
  • Confirming via path processing
Designing Trust Architectures
Building an enterprise hierarchical trust model
  • Distributing trust to subordinate CAs
  • Increasing security with an offline root CA
  • Designating CAs: Issuing, intermediate or policy
Linking with a distributed trust model
  • Extending trust with cross-certification
  • Controlling trust transitivity with path length
Restricting trust with Qualified Subordination
  • Constraining names and policies
  • Mapping equivalent policies with peer CAs
  • Path processing a Certificate Trust List
Integrating with a Bridge CA
  • Centralizing trust policy relationships
  • Introducing the Federal Bridge CA (FBCA)
Interfacing with Microsoft PKI
  • Enterprise CA vs. Standalone CA
  • Delegating Common Criteria roles
  

request more info Salutation*:

First Name*:

Last Name*:

Job Title:

Company*:

Post Code*:

Country*:
   Codes
Office Telephone*:

Extension:

E-mail*:

* Required

A Learning Tree representative will contact you to follow up your request for information.

Save 55%
PKI: A Comprehensive Hands-On Introduction
Course Schedule
12 - 15 Aug, 2008
London
2 - 5 Dec, 2008
London
31 Mar - 3 Apr, 2009
London

Participants planning a PKI infrastructure.

£ 1,695 - Standard Tuition
Savings Plans
£ 1,080 - 10-Day Training Pass
£ 995 - Flex-Training Passport
£ 1,215 - 10-Training Vouchers
£ 1,300 - 5-Training Vouchers
£ 1,525 - Alumni Gold Tuition

 
Certification Core Course
 
ISC2 32 A
 
Customer Service or Enrol: 0800 282 353 or +44 1372 364610