From the course: Threat Modeling: Spoofing In Depth
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Spoofing TLS
- There's a lot of low-level spoofing that's possible. In many cases, the easy and obvious fix is add TLS and then all our problems are solved. TLS, it's like magic pixie dust that will secure your internet to make sure your stock picks all go to 11. Is that what I want? What if I buy at 50 and it goes to 11? Magic can be so fickle. So if I run a server, rouxacademy.com, I can get a certificate to authenticate that server. The TLS connection won't work unless the host someone is trying to reach is the name on that certificate. Most certificates rely on asymmetric cryptography where keys have mathematically related parts. Some of those systems can be used to produce a digital signature where the private part of the key is used to create a signature that can be verified with the public part. A certificate is a cryptographic key that's signed by some other key. That's all. There's a special set of root keys or root certificates that are trusted in the sense that they can change the…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.