MN502 Network Security
Laboratory 5 Manual: Advanced Cryptography
Description of the laboratory exercise:
In this laboratory, you will conduct two exercises on advanced cryptography.
- In first experiment, you will use online tests to determine the security of web servers and your local web browser.
- In second experiment, you will view the Certificate Revocation Lists (CRL) and any untrusted certificates on your computer.
- Launch Virtual Box
- Launch your Win8.1 VM
- Do all your exercises in the VM
Exercises 1: SSL Server and Client Tests
In this exercise, you will use online tests to determine the security of web servers and your local web browser.
- Go to www.ssllabs.com/ssltest/index.html.
- Click the first website listed under Recent Best-Rate.
- Note the grade given for this site. Click the IP address under Server (if multiple IP addresses are listed, select one of the addresses) to display the results similar to that seen in Figure 6-13.
- Under Summary note the Overall Rating along with the scores for Certificate, Protocol Support, Key Exchange, and Cipher Strength, which make up the cipher suite.
- If this site did not receive an Overall Rating of A under Summary, you will see the reasons listed. Read through these.
- Scroll down through the document and read through the Authentication information. Note the information supplied regarding the digital certificates.
- Scroll down to Configuration. Note the list of protocols supported and not supported. If this site was to increase its security, which protocols should it no longer support? Why?
- Under Cipher Suites interpret the suites listed. Notice that they are given in server-preferred order. In order to increase its security, which cipher suite should be listed first? Why?
- Under Handshake Simulation select the web browser and operating system that you are using or is similar to what you are using (IE 11/Win 8.1 is using Microsoft Internet Explorer 11 running under Windows 8.1). Read through the capabilities of this client interacting with this web server. Note particularly the order of preference of the cipher suites. Click the browser’s back button when finished.
- Scroll to the top of the page, then click Scan Another >>.
- This time select one of the Recent Worst-Rated sites. As with the previous excellent example, now review the Summary, Authentication, Configuration, Cipher Suites, and Handshake Simulation. Would you agree with this site’s score?
- If necessary, return to the SSL Report page and click Scan Another >>.
- Enter the name of your school or work URL and generate a report. What score did it receive?
- Review the Summary, Authentication, Configuration, Cipher Suites, and Handshake Simulation. Would you agree with this site’s score?
- Make a list of the top five vulnerabilities that you believe should be addressed in order of priority.
- Click Projects.
- Now test the capabilities of your web browser. Click SSL Client Test. Review the capabilities of your web browser. Print or take a screen capture of this page.
- Close this web browser.
- Now open a different web browser on this computer or on another computer.
- Go to www.ssllabs.com/projects/index.html and click SSL Client Test to compare the two scores. From a security perspective, which browser is better? Why?
- Close all windows.
Exercises 2: Viewing Digital Certificate Revocation Lists (CRL) and Untrusted Certificates
Revoked digital certificates are listed in a Certificate Revocation List (CRL), which can be accessed to check the certificate status of other users. In this exercise, you will view the CRL and any untrusted certificates on your computer.
- Click Start and then type cmd and press Enter.
- Type certmgr.msc and then press Enter.
- In the left pane, expand Trusted Root Certification Authorities.
- In the left pane, click Certificates. These are the CAs approved for this computer.
- In the left pane, expand Intermediate Certification Authorities.
- Click Certificates to view the intermediate CAs.
- Click Certificate Revocation List.
- In the right pane, all revoked certificates will display. Select a revoked certificate and double-click it, as illustrated in Figure 6-14.
- Read the information about it and click fields for more detail if necessary. Close the Certificate Revocation List by clicking the OK button.
- In the left pane, expand Untrusted Certificates.
- Click Certificates. The certificates that are no longer trusted are listed in the right pane.
- Double-click one of the untrusted certificates. Click OK to close the Certificate dialog box.
- Close all windows.