Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digital Certificates HUIT IT Security | May 24 2012.

Published byClemence Anderson Modified over 6 years ago

Similar presentations

Presentation on theme: "Digital Certificates HUIT IT Security | May 24 2012."— Presentation transcript:

1 Digital Certificates HUIT IT Security | May

2 Agenda: Why are we meeting? What have we learned?
11/11/2018 Agenda: Why are we meeting? What have we learned? HUIT Digital Certificates Q&A/Demo Introduce yourself. Everyone know me? Ask for raised hands for questions I appreciate your patience for a few slides. This talk will pick up technospeak and jargon as we move along but I will try and keep it approachable for everyone.

3 11/11/2018 Breadcrumb May Why? When we last spoke in September 2011, we discussed specific Best Practices and Hardening tips for Web Servers. The presentation was motivated by recent incidents, at least one was front page news. Citation HUIT IT Security | Digital Certificates

4 Why? To restate the problem:
11/11/2018 Breadcrumb May Why? To restate the problem: The web continues to be the defacto platform for content delivery, sometimes insecurely. Web applications are now a dominant focus for attackers. Insecure delivery: firesheep, mobile clients Confidential information: ecommerce, mail/OWA, calendering, administrative applications and more High risk information: wonderful and scary acronyms like FERPA, PCI, HIPAA, IDM, HRCI Citation HUIT IT Security | Digital Certificates

5 What have we learned? Mandating SSL/TLS is not enough Breadcrumb
11/11/2018 Breadcrumb May What have we learned? Mandating SSL/TLS is not enough SSL/TLS support is "necessary but not sufficient," A range of problems exist: Self-signing (spoofing) Best Practices and procedures Notification and alerting Now widely adopted Financial incentive to use wildcards Several new uses for SSL Necessity for Intermediate certificate A range of registrars in use. Some insecure (I’ll eat my words later) Cipher length and re-negotiation/downgrading Certificate length (2048 people) Certificate enabled but not enforced. EFF SSL anywhere Not all SSL is created equal: SSL has continued to evolve over time: : SSL version : TLS 1.0 (aka SSL 3.1) : TLS 1.1 (aka SSL 3.2) : TLS 1.2 (aka SSL 3.3) BEAST targeted an older revision of SSL. SSL 2.0 is insecure and should not be supported (Microsoft) Can check your SSL implmentation Citation HUIT IT Security | Digital Certificates

6 What have we learned? Fund Security initiatives Breadcrumb Citation
11/11/2018 Breadcrumb May What have we learned? Fund Security initiatives I know, news to everyone here, right? Unfortunately I could give the same September presentation today. Lets try to incent good behavior. Unfunded security initiatives can and do fail. The HUIT IT Security catalog is centrally funded and available for the entire community. Citation HUIT IT Security | Digital Certificates

7 The HUIT Digital Certificate Service
11/11/2018 Breadcrumb May The HUIT Digital Certificate Service Certificate Management Administration Provisioning Revocation Reporting With thanks to Joe St Sauvier from Internet2: If SSL/TLS works the way it is supposed to, it would be impossible for you to be conned into trusting an imposter's system – the imposter wouldn't have the certificate it should have, signed by a trusted CA. If users decide to trust a new random CA, however, that model can fall apart. Some machines/users are more vulnerable to getting new random untrustworthy CAs than others... In most cases, user simply blindly trust those who create and distribute browsers to ultimately decide which CAs should be considered to be "trustworthy" by default. Everyone know Stuxnet? Flame? DigiNotar? Citation HUIT IT Security | Digital Certificates

8 The HUIT Digital Certificate Service
11/11/2018 Breadcrumb May The HUIT Digital Certificate Service Certificate Availability Delegation Multi-site Other uses Other uses – we’ll come back to this. Lets focus on what we can do today. Personal Certs/SMIME/Code/SAN/EV Citation HUIT IT Security | Digital Certificates

9 The HUIT Digital Certificate Service
11/11/2018 Breadcrumb May The HUIT Digital Certificate Service Using this program, any domain associated with a Harvard school or institute may obtain SSL certificates for no fee. In JUNE for existing NOC Portal customers More on our iSite Goals and Objectives Ensure that websites are adequately secured using accepted standards and best practices Develop a certificate service and program capable of centralizing all University certificates Fund a university-wide site license, removing any financial disincentive to adopt and comply with University policy and best practice Did I say June? Citation HUIT Security | Digital Certificates

10 Demo and Q & A Breadcrumb Image goes here Citation 11/11/2018
May Demo and Q & A Image goes here Citation HUIT Security | Digital Certificates

11 11/11/2018 Breadcrumb Sep IT Security Contact Info Helpdesk at x 57777 Use the iSite These slides will be on Citation HUIT IT Security | Digital Certificates

12 Esmond Kane | Digital Certificates
11/11/2018 Thank you. Esmond Kane | Digital Certificates Thank you slide May

Download ppt "Digital Certificates HUIT IT Security | May 24 2012."

Similar presentations

With Folder HelpDesk for Outlook, support centres and other helpdesks can work efficiently with support cases inside Microsoft Outlook. The support tickets.

With Folder HelpDesk for Outlook, support centres and other helpdesks can work efficiently with support cases inside Microsoft Outlook. The support tickets.
Can you walk away from your current website? In short, yes. However how depends on whether you intend to remain with the same web host and use the same.

Can you walk away from your current website? In short, yes. However how depends on whether you intend to remain with the same web host and use the same.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Certificates ID on the Internet. SSL In the early days of the internet content was simply sent unencrypted. It was mostly academic traffic, and no one.

Certificates ID on the Internet. SSL In the early days of the internet content was simply sent unencrypted. It was mostly academic traffic, and no one.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.

Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
Building Security into Your System Bill Major Gregory Ponto.

Building Security into Your System Bill Major Gregory Ponto.
High Assurance / Enhanced Validation Name of Presenter: Kevin Brown Date: August 5th Confidential.

High Assurance / Enhanced Validation Name of Presenter: Kevin Brown Date: August 5th Confidential.
Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.

Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.
Lesson 9. * Testing Your browser * Using different browser tools * Using conditional comments with * Dealing with future compatibility problems.

Lesson 9. * Testing Your browser * Using different browser tools * Using conditional comments with * Dealing with future compatibility problems.
Security fundamentals Topic 5 Using a Public Key Infrastructure.

Security fundamentals Topic 5 Using a Public Key Infrastructure.
Can SSL and TOR be intercepted? Secure Socket Layer.

Can SSL and TOR be intercepted? Secure Socket Layer.
Measures to prevent MITM attack and their effectiveness CSCI 5931 Web Security Submitted By Pradeep Rath Date : 23 rd March 2004.

Measures to prevent MITM attack and their effectiveness CSCI 5931 Web Security Submitted By Pradeep Rath Date : 23 rd March 2004.
Networking E-commerce. E-commerce ► A general term used to describe the buying and selling of products or services over the Internet. ► This covers a.

Networking E-commerce. E-commerce ► A general term used to describe the buying and selling of products or services over the Internet. ► This covers a.
Session 2.  Recap of Services We Provide  Refund Policy  Selling Tools Demo(s)  CRM Demo  Commission/Bonus Recap  Teen to show how to configure.

Session 2.  Recap of Services We Provide  Refund Policy  Selling Tools Demo(s)  CRM Demo  Commission/Bonus Recap  Teen to show how to configure.
ERCOT External Web Services and Notifications Secure Sockets Layer (SSL) Certificate Upgrade Leo Angele ERCOT Web Services.

ERCOT External Web Services and Notifications Secure Sockets Layer (SSL) Certificate Upgrade Leo Angele ERCOT Web Services.
Name Developing your own Query Magic in SharePoint Search Virgil Carroll principal architect, high monkey.

Name Developing your own Query Magic in SharePoint Search Virgil Carroll principal architect, high monkey.
William Dalessi SEO Expert When it comes to web design services is the one name you can trust, not just as an orange country web design.

William Dalessi SEO Expert When it comes to web design services is the one name you can trust, not just as an orange country web design.
Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.

Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.
01101111 01101101 00100000 01101101 01100001 01101110 01101001 00100000 01110000 01100001 01100100 01101101 01100101 00100000 01101000 01110101 01101101.

Similar presentations

Ads by Google