S3SS10N Wednesday – Digital Certificates

Join Cybrary

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here
< Back to S3SS10NS

S3SS10N Wednesday – Digital Certificates

Published: June 29, 2016 | By: Kelly Handerhan | Views: 4830
save
This post has been saved to your profile

This Weeks S3SS10N Wednesday


You must be a Cybrary member to view this S3SS10N Wednesday video. Join for free.

Join Now

Login

In this “Session Wednesday” video, Kelly Handerhan explains digital certificates and their importance in establishing trust in the online world. When transacting business both on and offline, we typically like to know whom we’re dealing with. It’s unlikely that you’d purchase a computer from someone selling really cheap laptops from the back of a truck by the side of the road. At least, we hope you wouldn’t! This also holds true when purchasing consumer goods online. You’re much more likely to purchase a laptop from Amazon or Newegg than from an obscure site with horrible web design. But it’s not enough that a site claims to be Amazon or Newegg. It’s easy enough to fake appearances. You need assurance that you’re truly dealing with Amazon or Newegg. This is where digital certificates come into play.

Kelly presents a great story relating to certificates and a trusted authority by way of the MVA, the police, and HOV lane violations. It seems Kelly was unfamiliar with HOV lanes after first locating to the DC area from her home in North Carolina and soon fell afoul of the traffic laws up here. She then proceeds to describe the process of a traffic stop, which you’re probably familiar with if you’ve ever been pulled over for any reason.

The first step is identifying who you are. In Kelly’s traffic stop example, it’s your name and other identifying information on your driver’s license and registration. But this isn’t sufficient. The police officer must know if your license is valid. This is determined by the expiration date. In addition, he must know that you’re authorized to drive your class of vehicle. This is determined by the class field of your license. Your license number assures him that your license hasn’t been revoked, and finally, a hologram is used on modern driver’s licenses to prevent fakes. The old days of creating fake licenses using a photo booth and a typewriter are long over!

In the online world, digital certificates and a certificate authority (CA) take the place of a driver’s license and the MVA. In addition, encryption is also employed. This secures the data that’s transmitted between your computer and a remote server such as Amazon.com. Secure protocols in the form of HTTPS and SSL are used to implement this encryption component. A three-way handshake utilizing a public and private key is used to establish the secure connection. The information exchanged in the form of name, class, expiration date, and a hash to detect modification are all analogous to the driver’s license in Kelly’s MVA example.

A certificate authority issues SSL certificates and the hash used by the remote server, such as Amazon.com, is encrypted with the private key of the CA. This provides a reasonable degree of assurance that as a client, you’re dealing with the real deal; however, as in life, there are no guarantees. Various threats exist to exploit vulnerabilities in such arrangements. Impersonation can still occur in the way of “man in the middle” attacks targeting network devices, DNS servers, and wireless access points. Stronger security can be obtained by implementing multi-factor authentication.

Don’t forget to comment!
Tell us what you think, and share your own knowledge.

< Back to S3SS10NS

About This S3SS10N Wednesday's Contributor

Kelly Handerhan
Skilled and certified in CISSP, CASP, and PMP, SME Kelly has taught several courses on Cybrary and is highly praised for her ability to effectively communicate important information in a relate-able and understandable way.
Enjoy this S3SS10N Wednesday? Want more Cybytes?
Invite a Friend
and share now
Facebook Twitter Google+ LinkedIn Email
Join Cybrary
26 Comments
  1. Great explanation – Thank you very much Kelly. The first half helped me appreciate the concept behind certification. Cheers!

  2. Great introduction, thank you!

  3. Profile image for wlain

    Thank you very much for another great brief tutorial. Are you going to run out of personal stories before you run out of topics? 🙂

Page 5 of 5«12345
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel