Q/AAP - Qualified/ Access, Authentication and PKI Professional Certification Exam
A public way to work with encryption is essential to protecting PII ( personal identifiable information) information that we share across our networks and with external business partners.
A Public key infrastructure ( PKI ) is a critical component for ensuring CIA (confidentiality, integrity and authentication) in an enterprise that must minimize PII exposure and manage the threat of risk. This hands-on course provides essential data protection knowledge and skills needed to select, design and deploy a PKI to secure existing and future applications within your organization.
Web and other forms of E-Commerce introduce a whole new group of information security challenges. Traditional password authentication, access controls and network perimeter security safeguards often fall short in a dynamic mobile business environment. Data traveling over untrusted networks must be protected by encryption methods that are highly dependent on flexible and robust key management schemes. In this comprehensive, five-day hands-on course, you'll learn how to plan, evaluate, develop, and implement a successful enterprise network security framework using Public Key Infrastructure (PKI), authentication, identity, and access authorization systems. 85% labs!
Upon completion of the class, youll have all the experience, confidence, and tools you need to plan Certificate Policy & Certificate Practice Statements and execute a fully integrated PKI, enterprise-wide encryption, authentication and identity plan.
eStudy is available for this class.
The Q/AAP Certification is also a stand-alone Q/IAP Certification Exam.
PKI needs assessment
Verify PKI Trust Concepts
Is it Access & Identity or Encryption you really need?
Understanding Encryption options
Top 10 PKI obstacles
Securing Mail with S/MIME
Install multiple trusted certificate servers in hands-on labs
Build Certificate Policies and Certificate Practice Statements
Recovering a Private key from Microsoft CA
Creating specific certificate OIDs
Cross Certifying with a Bridge CA
Configuring PKI Assurance Hierarchies
Install HSPD -12 PIV, Smart Cards, Smart Tokens, and Biometrics
Product comparisons and demonstrations
Avoiding PKI pitfalls
Who should attend:
Information Security Officers and Managers, PKI designers, technical managers overseeing security, and those responsible for developing enterprise security policies, Information Systems Administrators and Auditors, Network Administrators, Information Assurance Consultants, Systems and Data- Security Analysts, Project Managers.
|Time:||7:45am - 5:00pm|
|Location:||Click here to view the course schedule|
|Learning Level:||Basic to Advanced|
|Prerequisites:||Understanding of TCP/IP protocols|
|Instructor:||Sondra Schneider/ David Spivey|
Method of Delivery - Residential On Ground
Method of Evaluation: 1. 95 % attendance 2. 100 % completion of Lab
Grading: Pass = 95% Attendance and 100% Completion of Labs and Practical
Fail => 95% Attendance and > 100% Completion of Labs and Practical
Here is what you Learn to do: with extensive hands-on experience planning, designing and building a PKI
Introduction to Cryptography
PKI Cryptography Essentials Identifying approaches to cryptography
Symmetric and asymmetric ciphers
Generating hash collisions
Authenticating via zero knowledge proof
Improving with K-of-N authentication
Enforcing non-repudiation with digital signatures
From PGP (Pretty Good Privacy) to using digital signature certificates. Youll learn what cryptography is, what it can and cant do, and how and when youll want to use it.
Network Security Refresher
Network Defense and Countermeasure
Security Roles and Responsibilities
Establishing trust through credentials
Verifying trust with a trusted third party
Securing the Private key
Selecting Cryptographic Service Providers
Protecting with Data Protection API
Securing with physical smart cards and Hardware Security Model (HSM)
Public Key Infrastructure
An in-depth look at all the elements and applications of PKI including the top 10 PKI deployment issues and how to handle them in ways that work for your organization.
Establishing PKI Policies Creating a Certificate Policy (CP)
Identifying with an object identifier (OID)
Obtaining an OID
Selecting Microsoft Application Policies
Certification Practice Statements (CPS)
Upholding the CA policies
Standardizing provisions for CP/CPS
Contrasting CP vs. CPS
Interoperating with industry profiles
Setting certificate lifetimes
Controlling access with attribute certificates
Enrolling Cisco devices with SCEP
HSPD-12 tools– In an effort to better secure federal resources and reduce the potential for terrorist attacks, Homeland Security Presidential Directive 12 (HSPD-12) has set an October 2006 deadline for agencies to adopt identity and access management controls and procedures intended to establish the reliability of employees and contractors and prevent unauthorized access to government facilities and systems. The goal of HSPD-12 is to require federal agencies to adopt a standard, secure, and reliable identification card (the “PIV card”) for employees and contractors – and to ensure that it's only issued only to intended individuals.
Certificates and Signatures
When are certificates and signatures used? How do they differ? All questions and issues are answered here.
Signatures vs. certificates
Digital signatures definitions, applications, and how they work
The ins and outs of CAs and directories, with special emphasis on the challenges inherent in managing multiple CA environments and the role of PKI.
Roles and responsibilities of Certificate Authorities (CAs)
Registration and certification process
Leveraging certificates in applications
Registration Authority (RA)
Interfacing with PKCS & PKIX standards
Contrasting online RA vs. offline RA
Linking with PKI Repository
Identifying with distinguished names
Accessing the X.500 directory with LDAPv3
Choosing LDAP chaining or referrals X.509v2 Certificate Revocation List (CRL)
Timeliness and salability solutions
Selecting complete or delta CRL
Publishing CA certificates and CRLs
Validating certificates with OCSP Validating entity certificate
Forming a certificate chain
Locating the Trust Anchor
Matching CA Certificates
Validating via path processing
Building a hierarchical trust model
Distributing trust to subordinate CAs
Increasing security with offline root
Issuing CA vs intermediate CA
Defining CPS with a policy CA
Constraining trust to subordinates
Mapping policies with peer CAs
Path processing a Certificate Trust List chain
The information and answers you need to choose the products that match both your strategic objectives and your existing infrastructure.
Multiple product demos
Outsourcing CA hosting
in Public Key Encryption and Certificate Management
A look at where a PKI strategy or deployment could go wrong and how to steer clear.
Underestimating the complexity of a PKI rollout
Challenges associated with encryption
Putting all the learning to work with an examination of how PKI and CAs have been used in real organizations what went right, and what went wrong.
Deploying a PKI
How to effectively translate well-conceived strategy into smooth-running PKI reality.
Deployment success factors
Typical PKI deployment team
Course Labs and Exercises
Lab I Encryption and Digital Signing
Lab II CA installation to network
Lab III MS installation to network -manual & auto key archival
Lab IV Entrust and other CA installations
Lab V Smart Cards and Biometrics
Team Exercises Creating a PKI framework, policies and OIDs
Discussions PKI enabling user applications and Risk Management
*Course fees are subject to change