When you say encryption to people they think of world war two and counter espionage. Encryption in reality can and should be used by everyone. It is a strong chink in your armour and can prevent data being intercepted or read if stolen from a website or by malware. Symmetric, asymmetric, block ciphers, stream ciphers, hashing and more are just some of the technical terms but what do they all mean? Encryption is used every second of the day without knowing it, from browsing a website to using a banking app. It can be complex, and this course will take you briefly through the theory and then many hands-on exercises to actually understand the theory properly and how to protect data in many ways. GDPR has increased the need for encryption which assists with compliance, especially around data transfer between organisations. Practical learning is the best way to understand the theory.

Learning Outcomes

Delegates will understand the broad spectrum of encryption protocols and mainstream products from a highly practical way as well as the theory behind them.

  • The difference between encoding, encryption and hashing
  • The differences between mainstream encryption standards, i.e. DES, 3DES, AES etc.
  • Difference between symmetric and asymmetric encryption
  • Pros and cons of the above and types of keys (key, password, passphrase or hardware keys)
  • How to use mainstream products and protocols
  • Defending data at rest and in transit using software & hardware means
  • How to defeat “loopholes” in encryption

Course Outline

Module 1 – Brief on: Encoding vs. encryption vs. hashing

  • The differences between them
  • What encoding looks like
  • What code signing does
  • How encoding is used in encryption day to day
  • Practical #1 on encoding in hexadecimal, base64 and binary
  • Practical #2 on fake encryption which is really encoding
  • Practical #3 on ASCII binary XOR

Module 2 – One-way encryption

  • Options for hashing
  • What is a collision
  • What hashes are used for
  • Standard hashes vs HMAC (hash-based message authentication code)
  • Practical #1 on creating different hashing functions from text, files, folders & passwords
  • Practical #2 on providing integrity checks with hashing
  • Practical #3 on Shattered.io SHA-1 collision by Google
  • Practical #4 on HMAC

Module 3 – Encryption at rest (software)

  • The difference between in-flight and at-rest
  • The differences between symmetric and asymmetric
  • The differences between DES, 3DES, IDEA and AES
  • Pros and cons, and “loopholes” of encryption at rest
  • Practical #1 on Bitlocker for USBs & partitions
  • Practical #2 on EFS (Encrypting File System) which pre-dated Bitlocker
  • Practical #3 on a British encryption suite for files, folders, archives, USB, CD, text & virtual drive

Module 4 – Encryption at rest (hardware)

  • How to protect the “crown jewels”
  • Practical #1, now for the “holy grail” of data at rest encryption using top end hardware encryption tokens

Module 5 – Encryption for email

  • 10 question mini-quiz
  • What RSA does
  • The different ways of email encryption and the weaknesses
  • The options available to you – useful for complying with GDPR
  • Pros and cons
  • What does DKIM (DomainKeys Identified Mail) do for email. A brief on SPF (Sender Policy Framework) to
  • Practical #1 using the British product from module 3
  • Practical #2 using OpenPGP which teaches asymmetric well, rather than the theory
  • Practical #3 using less known S/MIME which offers asymmetric encryption and signing for files & emails

Module 6 – Encryption in transit

  • What RC4 and ECC does
  • Where it is used
  • The pros & cons and how to strengthen it
  • Practical #1 view cipher suites and SSL/TLS versions for your company’s website
  • Practical #2 set up a basic website with AWS, a real domain and quick coverage of DNS. Once live, secure it with TLS with crypto security tweaks
  • Challenge #1 mini two-part cryptography related challenge
  • Practical #3 setup your own personal VPN using OpenVPN

Module 7 – Great but how do I protect my passwords & keys?

  • Options to store passwords & encryption keys securely
  • Practical #1 set up an open source password vault and lock it with hardware two factor authentication