Digital Certificates HUIT IT Security | May 24 2012.

Slides:



Advertisements
Similar presentations
With Folder HelpDesk for Outlook, support centres and other helpdesks can work efficiently with support cases inside Microsoft Outlook. The support tickets.
Advertisements

Can you walk away from your current website? In short, yes. However how depends on whether you intend to remain with the same web host and use the same.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Certificates ID on the Internet. SSL In the early days of the internet content was simply sent unencrypted. It was mostly academic traffic, and no one.
Website Hardening HUIT IT Security | Sep
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
Building Security into Your System Bill Major Gregory Ponto.
High Assurance / Enhanced Validation Name of Presenter: Kevin Brown Date: August 5th Confidential.
Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.
Lesson 9. * Testing Your browser * Using different browser tools * Using conditional comments with * Dealing with future compatibility problems.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Can SSL and TOR be intercepted? Secure Socket Layer.
Measures to prevent MITM attack and their effectiveness CSCI 5931 Web Security Submitted By Pradeep Rath Date : 23 rd March 2004.
Networking E-commerce. E-commerce ► A general term used to describe the buying and selling of products or services over the Internet. ► This covers a.
Session 2.  Recap of Services We Provide  Refund Policy  Selling Tools Demo(s)  CRM Demo  Commission/Bonus Recap  Teen to show how to configure.
ERCOT External Web Services and Notifications Secure Sockets Layer (SSL) Certificate Upgrade Leo Angele ERCOT Web Services.
Name Developing your own Query Magic in SharePoint Search Virgil Carroll principal architect, high monkey.
William Dalessi SEO Expert When it comes to web design services is the one name you can trust, not just as an orange country web design.
Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.

INTRODUCTION TO WEB HOSTING
ArcGIS for Server Security: Advanced
My Learning Journal Parent Workshop Friday 28th April 2017.
Company Meeting Title Presenter.
Presentation By :- Krishna Sai Mulpuri
BUILD SECURE PRODUCTS AND SERVICES
Data Virtualization Tutorial… SSL with CIS Web Data Sources
Training for developers of X-Road interfaces
Tactic 1: Adopt Least Privilege
Apache web server Quick overview.
Copyright and Open Licensing
Cryptography and Network Security
Secure Sockets Layer (SSL)
Symantec Code Signing Certificate
Identity and Access Management
Working to Keep our Children Safe in a World Filled with Technology
This presentation has been prepared for
Incident Response for Federated Identities
Lesson 2-9 AP Computer Science Principles
CS 465 Secure Last Updated: Nov 30, 2017.
Introduction to electronic resources management
Using SSL – Secure Socket Layer
Introducing Umbraco Latch
Briefing Session Guide
Overview of Social Computing in Microsoft SharePoint 2010
Nessus Vulnerability Scanning
Cryptography and Network Security
Chapter 7 STRENGTH OF ENCRYPTION & Public Key Infrastructure
Sophia Lafferty-hess | research data manager
Teacher Academy Workshops
Configuring Internet-related services
ONE® Mail Training Presentation
Learning Link Scotland
Go afternoon everyone, or good morning or evening for our international partners where ever you may be. thanks for joining me today to go over Vendasta’s.
Deprecation of certificates for internal needs
HUIT IT Security | October
User Readiness Worksheet Template
Building Security into Your System
Azure Multi-Factor Authentication (MFA)
Tyler Technologies presents: What you need to know about upcoming changes to your New World ERP technical environment in Mike Adnson | Launch Manager,
Vulnerability in an Android App I Found last November - Attack and Countermeasure - Ken Okuyama Sony Digital Network Applications.
Cryptography and Network Security
Copyright and Open Licensing
Build Your First NAV PowerApp in 60 Minutes 19 June, 2018
Power of OU Campus Gadgets
Tyler Technologies presents: What you need to know about upcoming changes to your New World ERP technical environment in Scott Alan Miller MCP,
Scott Miller TSM Team Lead Ray Mah Architect, Foundation
OU BATTLECARD: Oracle Identity Management Training
Cognos Analytics v For Report Viewers
Presentation transcript:

Digital Certificates HUIT IT Security | May 24 2012

Agenda: Why are we meeting? What have we learned? 11/11/2018 Agenda: Why are we meeting? What have we learned? HUIT Digital Certificates Q&A/Demo Introduce yourself. Everyone know me? Ask for raised hands for questions I appreciate your patience for a few slides. This talk will pick up technospeak and jargon as we move along but I will try and keep it approachable for everyone.

11/11/2018 Breadcrumb May 24 2012 Why? When we last spoke in September 2011, we discussed specific Best Practices and Hardening tips for Web Servers. The presentation was motivated by recent incidents, at least one was front page news. Citation HUIT IT Security | Digital Certificates

Why? To restate the problem: 11/11/2018 Breadcrumb May 24 2012 Why? To restate the problem: The web continues to be the defacto platform for content delivery, sometimes insecurely. Web applications are now a dominant focus for attackers. Insecure delivery: firesheep, mobile clients Confidential information: ecommerce, mail/OWA, calendering, administrative applications and more High risk information: wonderful and scary acronyms like FERPA, PCI, HIPAA, IDM, HRCI Citation HUIT IT Security | Digital Certificates

What have we learned? Mandating SSL/TLS is not enough Breadcrumb 11/11/2018 Breadcrumb May 24 2012 What have we learned? Mandating SSL/TLS is not enough SSL/TLS support is "necessary but not sufficient," A range of problems exist: Self-signing (spoofing) Best Practices and procedures Notification and alerting Now widely adopted Financial incentive to use wildcards Several new uses for SSL Necessity for Intermediate certificate A range of registrars in use. Some insecure (I’ll eat my words later) Cipher length and re-negotiation/downgrading Certificate length (2048 people) Certificate enabled but not enforced. EFF SSL anywhere Not all SSL is created equal: SSL has continued to evolve over time: -- 1996: SSL version 3.0 -- 1999: TLS 1.0 (aka SSL 3.1) -- 2006: TLS 1.1 (aka SSL 3.2) -- 2008: TLS 1.2 (aka SSL 3.3) BEAST targeted an older revision of SSL. SSL 2.0 is insecure and should not be supported (Microsoft) Can check your SSL implmentation https://www.ssllabs.com/ssldb/index.html Citation HUIT IT Security | Digital Certificates

What have we learned? Fund Security initiatives Breadcrumb Citation 11/11/2018 Breadcrumb May 24 2012 What have we learned? Fund Security initiatives I know, news to everyone here, right? Unfortunately I could give the same September presentation today. Lets try to incent good behavior. Unfunded security initiatives can and do fail. The HUIT IT Security catalog is centrally funded and available for the entire community. Citation HUIT IT Security | Digital Certificates

The HUIT Digital Certificate Service 11/11/2018 Breadcrumb May 24 2012 The HUIT Digital Certificate Service Certificate Management Administration Provisioning Revocation Reporting With thanks to Joe St Sauvier from Internet2: If SSL/TLS works the way it is supposed to, it would be impossible for you to be conned into trusting an imposter's system – the imposter wouldn't have the certificate it should have, signed by a trusted CA. If users decide to trust a new random CA, however, that model can fall apart. Some machines/users are more vulnerable to getting new random untrustworthy CAs than others... In most cases, user simply blindly trust those who create and distribute browsers to ultimately decide which CAs should be considered to be "trustworthy" by default. Everyone know Stuxnet? Flame? DigiNotar? Citation HUIT IT Security | Digital Certificates

The HUIT Digital Certificate Service 11/11/2018 Breadcrumb May 24 2012 The HUIT Digital Certificate Service Certificate Availability Delegation Multi-site Other uses Other uses – we’ll come back to this. Lets focus on what we can do today. Personal Certs/SMIME/Code/SAN/EV Citation HUIT IT Security | Digital Certificates

The HUIT Digital Certificate Service 11/11/2018 Breadcrumb May 24 2012 The HUIT Digital Certificate Service Using this program, any domain associated with a Harvard school or institute may obtain SSL certificates for no fee. In JUNE for existing NOC Portal customers More on our iSite Goals and Objectives Ensure that websites are adequately secured using accepted standards and best practices Develop a certificate service and program capable of centralizing all University certificates Fund a university-wide site license, removing any financial disincentive to adopt and comply with University policy and best practice Did I say June? Citation HUIT Security | Digital Certificates

Demo and Q & A Breadcrumb Image goes here Citation 11/11/2018 May 24 2012 Demo and Q & A   Image goes here Citation HUIT Security | Digital Certificates

11/11/2018 Breadcrumb Sep 30 2011 IT Security Contact Info ithelp@harvard.edu Helpdesk at x 57777 Use the iSite These slides will be on http://security.harvard.edu Citation HUIT IT Security | Digital Certificates

Esmond Kane | Digital Certificates 11/11/2018 Thank you. Esmond Kane | Digital Certificates Thank you slide May 24 2012

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.