TLS is what turns "http" into "https". If data is encrypted and transmitted across the Internet, in most cases TLS (the successor of SSL) is used. Whether web, email, phone calls, chat, or VPN -- there is hardly a type of communication which cannot be encrypted using TLS.
Especially because TLS can be found almost everywhere, it is worthwhile to fully understand it and to analyze its security. The training will address the following questions, among others:
- Which cryptographic basics do I need to understand? How are they used in TLS?
- Which TLS implementations are available?
- How do I generate my own TLS certificates?
- What are the known TLS attacks? How can I protect my systems?
- How do I configure my servers in a secure way?
- What does the future hold for TLS?
- Short introduction to cryptography
- TLS Protocol Flow
- TLS Extensions
- Certificates and Validation of Certificates
- Attacks – Short overview: including BEAST, CRIME, Heartbleed and more
- TLS Implementations
- Secure Server Configuration
- Apache HTTP Server (mod_ssl)
- Apache Tomcat
- Review of Your Own Server Configuration with Common Tools
Requirements: This course is designed for system administrators and developers with basic knowledge of SSL/TLS. You will learn which attacks are applicable to TLS and how they affect your own server. Afterwards, you will learn how to securely configure your own server and how to check a secure configuration with common tools.
Contact: Dr. Juraj Somorovsky