• Online, Self-Paced
Course Description

Cryptography provides the means to secure data at rest and in transit, but that's only part of the story for hardening mobile systems. Requirements for a hardened back-end infrastructure are magnified by mobile units as these go-anywhere devices provide attackers with a potentially simple route into your back-end network. In this course, you will learn about encryption, some practical use cases in the mobile enterprise, and back-end hardening for mobile systems.

Learning Objectives

Cryptography Overview

  • start the course
  • describe usage scenarios for cryptography
  • describe the theory of one-way cryptographic functions and hashes

Hashing and Encryption

  • describe hashing and identify the main hashing algorithms
  • perform hashing using Windows PowerShell
  • describe symmetric encryption
  • describe asymmetric encryption and its common uses
  • encrypt and decrypt a message using OpenSSL

Digital Signing and Certificates

  • describe digital signing
  • perform digital signing using OpenSSL
  • describe key distribution in cryptographic systems
  • describe digital certificates and the process of issuing certificates in a CA system
  • create a certificate in Visual Studio makecert

Hardened Applications and Infrastructure

  • describe requirements for back-end security for mobile applications
  • describe measures to harden services for mobile applications
  • describe requirements for securing app mobile app deployment
  • describe measures to protect mobile apps at the transport layer
  • describe infrastructure security requirements to support secure mobile apps
  • describe the architecture of a demilitarized zone to protect mobile app services
  • describe the use of a reverse proxy in protecting mobile app back-end services
  • describe processes for securing directory services and certificate authorities used in mobile app back-end systems
  • describe the use of S/MIME to secure e-mail in the enterprise
  • describe the use of rights management systems to secure document content
  • describe measures to protect data in transit and at rest
  • describe the use of mobile device management systems to fully manage secure mobile devices

Practice: Secure Back-end Systems

  • describe threats to back-end systems, and strategies to mitigate them

Framework Connections

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.