Data Exchanges Security: IPsec, SSL, SSH

	See also...  Organization of the courses  Training sessions planning
Goals  Duration  Instructor(s)  Pre-requisite for attendants  Teaching method  Related courses  Material  Agenda  Methods of inscription

	This course is only available in intra-company session.

The Internet is more and more frequently used to transfer sensitive or even confidential data. Different solutions are available to protect this dada; this course reviews them.

After this course, the attendants will know, among other things:

• the terminology and base concepts related to cryptology,
• the various cryptographic mechanisms and the security services they can provide,
• the main algorithms used in current products,
• pitfalls to avoid and selection criteria for good encryption products,
• a set of security solutions based on cryptography: IPsec, SSL, SSH, PGP.

This knowledge will enable attendants to better grasp the market encryption solutions and understand their advantages and limits in a given situation.

1 day.

This course is intended for anybody willing to learn the basic concepts of cryptography and about the main encryption tools and protocols in an Internet environment; basic knowledge of the Internet, its protocols and applications is required.

Lecture, with numerous practical examples.

Web Servers and applications Security

  old course material [9 February 2001 - ]

Cryptographie

• Vocabulaire et notion de base
• Algorithmes à clef secrète
• Algorithmes à clef publique
• Fonctions à sens unique
• Clef publique et Certificat X.509
• Définitions
• Certification et itinéraire de certification
• Démonstrations (HTTPS)

Sécurité des Transmissions

• Introduction
• Insécurité des protocoles réseaux usuels Telnet, SMTP etc.
• Principes de sécurisation
• Positionnement dans la pile TCP/IP
• IPsec : sécurité niveau réseau
• IPsec : Composants
• Protocoles AH/ESP, modes transport/tunnel
• Analyse avec Ethereal
• Problématique de la traduction d'adresse (NAT)
• Modèle de tunnels (IPsec brut, encapsulation L2TP)
• Exemple d'architecture (cas des « nomades » )
• Panorama des solutions propriétaires
• Fingerprinting (nmap, IKE-Scan)
• Historique des vulnérabilités des implémentations
• Démonstrations
• SSL/TLS : sécurité niveau session/application
• SSL/TLS : Architecture protocolaire
• Couche Record et encapsulation générique des protocoles
• Mode Tunnel et mécanisme d'upgrade (SMTPS vs SMTP-TLS)
• Mécanismes d'authentification
• Certificats X.509 et PKI
• Établissement de session : protocole d'échange de clef
• Failles d'implémentation
• Démonstrations
• Réalité des « VPN SSL » :
• Relais-inverse HTTP/HTTPS en entrée
• « WEBification » des applications
• Port Forwarding et multiplexage de flux applicatifs
• Tunnels IP dans SSL, avec SSLTUNNEL (PPP/SSL)
• Sécurité applicative avec SSH :
• SSH et redirection de ports
• Authentification à usage unique avec PAM_OPIE
• Démonstrations

For registering an HSC course, please contact our training department by phone : +33 141 409 704 or by email at formations@hsc.fr, with first and last name of every student, your postal address and your company VAT number. Thoses informations enable us to send your the training agreement. The training agreement must be return agreed with signature and company stamp with you purchase order, at least 6 days before the course. The purchase order should precise your billing address and our payment regulations : net 30 days from our invoice date. Registration is completed as soon as we received those two documents.