Cryptography provides the means to secure data at rest and in transit, but that's only part of the story for hardening mobile systems. Requirements for a hardened back-end infrastructure are magnified by mobile units as these go-anywhere devices provide attackers with a potentially simple route into your back-end network. In this course, you will learn about encryption, some practical use cases in the mobile enterprise, and back-end hardening for mobile systems.
Learning Objectives
Cryptography Overview
- start the course
- describe usage scenarios for cryptography
- describe the theory of one-way cryptographic functions and hashes
Hashing and Encryption
- describe hashing and identify the main hashing algorithms
- perform hashing using Windows PowerShell
- describe symmetric encryption
- describe asymmetric encryption and its common uses
- encrypt and decrypt a message using OpenSSL
Digital Signing and Certificates
- describe digital signing
- perform digital signing using OpenSSL
- describe key distribution in cryptographic systems
- describe digital certificates and the process of issuing certificates in a CA system
- create a certificate in Visual Studio makecert
Hardened Applications and Infrastructure
- describe requirements for back-end security for mobile applications
- describe measures to harden services for mobile applications
- describe requirements for securing app mobile app deployment
- describe measures to protect mobile apps at the transport layer
- describe infrastructure security requirements to support secure mobile apps
- describe the architecture of a demilitarized zone to protect mobile app services
- describe the use of a reverse proxy in protecting mobile app back-end services
- describe processes for securing directory services and certificate authorities used in mobile app back-end systems
- describe the use of S/MIME to secure e-mail in the enterprise
- describe the use of rights management systems to secure document content
- describe measures to protect data in transit and at rest
- describe the use of mobile device management systems to fully manage secure mobile devices
Practice: Secure Back-end Systems
- describe threats to back-end systems, and strategies to mitigate them