Login / Create an Account
Home

Crypto Bootcamp

Spend one day learning how to deploy cryptosystems. This one-day intense seminar will cover deployment of SSL, SSH, PGP, and IPsec cryptosystems using open source tools. The seminar will present a brief operational overview of modern crypto protocols, followed by a survey of the components available to deploy these in a secure manner. This will be followed by a briefing on best practices for deployment and then a hands-on lab where you create your own PKI and deploy a secure cryptosystem based on key material you've created with your bare hands using a student-provided laptop computer and a Linux live cd.

This one-day intense seminar will cover deployment of SSL, SSH, PGP, and IPsec cryptosystems using open source tools. The seminar will present a brief operational overview of modern crypto protocols, followed by a survey of the components available to deploy these in a secure manner. This will be followed by a briefing on best practices for deployment and then a hands-on lab where you create your own PKI and deploy a secure cryptosystem based on key material you've created with your bare hands using a student-provided laptop computer and a Linux live cd.

Proposed Course Outline

Format:
One day (four “two hour” modules with a lunch break)
Seminar Goals:
The students will learn:
- what kinds of crypto are used in SSL, SSH, PGP, and IPSec
- what kinds of crypto parameters are tunable and should be tuned
- how to stage a crypto infrastructure in preparation for an enterprise deployment
- best practices for enterprise crypto deployment (or “how to not be busted by the auditors if there's a PCI breach in your retail network”)
- cryptosystem attack and defense techniques

Course Outline

Module One (est. 1.5 hours)
- Modern Cryto Protocols Overview
- Brief Introduction to SSL
- Brief Introduction to SSH
- Brief Introduction to PGP
- Brief Introduction to IPSec

Module Two (Est. 2 hours)
- A brief review of modern crypt engineering
- Open source SSL implementations
- Open source SSH implementations
- Open source PGP implementations
- Open source IPSec implementations
- a vendor-neutral survey of commercial offerings

Module Three (Est. 1 hour)
- crypt best practices overview
- public key cryptography best practices
- key management best practices
- operational crypto best practices
- crypto defense techniques

Module Four Lab (Est. 3 hours)
Note: student is expected to show up with a laptop with working ethernet capable of booting a Fedora 10 live cd. The lab is organized so 'pods' (lab teams of 1-4 people) work together so bring a Linux operator as part of your lab team if you're not already comfortable editing things with VI from the shell as root.

- lab exercise to stand up one or more of (a full PKI, an IPSec mesh, an SSH tunnel mesh, an SSL-based web infrastructure)
- lab exercise to audit another team's deployment

Rodney Thayer
Rodney Thayer is currently a security research with Secorix, a technology assessment service based in San Mateo California. He spends his work time testing and breaking things so enterprises can operate safer on the internet. He used to be a protocol implementor so his exploit development research tends to focus on bits of technology where he knows the bodies are buried. He writes, teaches, and presents at a variety of venues ranging from .gov's to toorcon.org.