CONTENTS

• Access Control & OS
  1. Tutorial Overview
  2. Windows Lab Procedures
  3. Unix 's File System
  5. SOLARIS
  6. SOLARIS Lab Procedures
• Apache SSL
  1. Tutorial Overview
  2. Installing Components
  3. Creating a Certificate
  4. Configuring Apache SSL
• Authenticode
  1. Tutorial Overview
  2. Installing .NET Framework SDK
  3. Signing a File
  4. Verifying a Signature
• Common Criteria Methodology
  1. Tutorial Overview
  2. General Evaluation Guidelines
  3. Evaluation of Functional Requirements TOE
  4. Questions
  5. References
• Cryptography with C#
  1. Tutorial Overview
  2. C# .NET Framework Examples
  3. Message Authentication
  4. Digital Signatures
  5. Exercises
  6. Resources
• Cryptographic Libraries
  1. Tutorial Overview
  2. OpnelSSL's Toolkit
  3. Java Cryptography Extension
  4. Exercises
  5. Resources
• Firewall Access Control Lists
  1. Tutorial Overview
  2. Technical Details
  3. Telnet and FTP
  4. Lab Report
• Firewall Configurations & Attacks
  1. Tutorial Overview
  2. Attacking Without a Firewall
  3. Filter an IP Address
  4. Filter TCP Traffic
  5. Misconfigured Firewall Examples
  6. Exercises
• Forensics
  1. Tutorial Overview
  2. Exercises
  3. Hidden Data
  4. Steganography
  5. Viewing IE Cache
  6. Installation Instructions
• IIS & Server 2003
  1. Tutorial Overview
  2. Installing Components
  3. Create a Certificate Request
  4. Submit a Certificate Request
  5. Installing a Certificate
  6. Secure Certificate Services
  7. Secure the Server
  8. Secure IIS
• IPSec and VPN Tunnel
  1. Tutorial Overview
  2. Technical Details
  3. VPN Tunnel Parameters
  4. Lab Report
• Java Code Signing
  1. Tutorial Overview
  2. Installing Java & Signing a File
  3. Verifying a Signature
• Network Protocol Analyzers
  1. Tutorial Overview
  2. TCPDump
  3. Ethereal
  4. Sniffer Distributed System
  5. Telnet Session
• PKI
  1. Tutorial Overview
  2. Installing Thunderbird
  3. Installing GPG and Enigmail
  4. Create and Use Key Pairs
• Secure Cookies
  1. Tutorial Overview
  2. Installing Components
  3. Creating a Secure Cookie
• Three Tier

Tutorial Overview. This tutorial will guide you through the steps required to sign a file using Microsoft’s Authenticode. It is assumed that you have a basic understanding of PKI and are familiar with the command prompt. This tutorial is broken down into four sections. The first section is a brief explanation of the Authenticode, .NET, and the tools used to successfully complete this tutorial. The second section covers installation of .NET and the third section covers the steps of the signer/sender. The final section covers the steps of the recipient.  This tutorial is used in IS2771 Security in E-Commerce.

Authenticode. Is Microsoft's answer to ensuring an end user on the Internet that a piece of code they are about to download has not been tampered with and identifies the publisher. This allows end users to make an informed decision as to whether or not they want to download a piece of code. Authenticode does not guarantee bug free code. Authenticode relies on certificates and is based on specifications that have been used successfully for some time. There are a number of tools you will use to complete this tutorial that can be found in Microsoft .NET Framework SDK.

Microsoft .NET Framework SDK. This is SDK includes everything you need to write, build, test, and deploy .NET Framework applications. This includes the tools that are used to create a certificate, sign a file, and verify a signature on a file.

MakeCert. MakeCert is the program that is used to make a test X.509 certificate. A public/private key pair is created and will be used for digital signatures. This key pair is associated with a name and associated with a publisher’s name. The certificate is signed by using the root key or a specified key that binds your name to the public key pair.

Cert2SPC. The Software Publisher Certificate Test tool creates a Software Publisher's Certificate (SPC) from one or more X.509 certificates. Cert2spc is for test purposes only. You can obtain a valid SPC from a Certification Authority such as VeriSign or Thawte.

SignTool. The Sign Tool is a command-line tool that digitally signs files, verifies signatures in files, or time stamps files. You also have the ability to use the Sign Tool sign wizard, which has a GUI and allows users to complete the signing process with ease. You have to use the command-line tool when verifying a signature on a file.

Browse Pages << | < | 1 2 3 4 | > | >>