- SSL really accomplishes two things, primarily. And those are trust and encryption. So let's talk about trust and encryption on a network. Users have an expectation of security in your systems. You, as an administrator, whether they're using a web browser, an e-mail program, a calendar app, whatever it happens to be, if you're making them enter a username and a password, they expect that that stuff is secure. What is the reality of security? Well, if your users run wireless networks, you need to realize that those networks are open to listening.
Your network services, like DHCP or DNS, can be hijacked or replaced. And Man-in-the-middle attacks are common and easy. The tools are available for download off of publicly-available websites. SSL vulnerabilities are discovered all the time, and recent ones, like Heartbleed, are infamous. Diligence is a minimum requirement for your job, not extra credit. Setting up secured services is something that's expected of you, so it's very important to get it done right.
So what do we do about it? Well, we take control of the problem, of course. We deliver that implied security that they expect, and we set-up the SSL service correctly to encrypt your services that are capable of being encrypted, and, for any services that can offer both encrypted and unencrypted services, disable the unencrypted version of the service on your server. Lastly, you gotta understand how all of this works. From the theories, straight through to the practice to ensure you're properly implementing the service. What does SSL accomplish? It accomplishes trust.
It proves that the server you're connecting to is who it claims to be. And then once you trust that connection, it encrypts, or scrambles, all of the data between the server and the users that you're trying to protect.
- SSL communications
- Certificate authorities
- Public key infrastructures
- Symmetric and asymmetric key pairs
- Cryptographic hash functions
- Encryption algorithms
Start now, and by the end of this course you'll have the knowledge to create SSL certificates, as well as revoke and renew them, from the command line.