Workshop: DANE and DNSSEC

Trainer: Carsten Strotmann

DANE (DNSSEC Authenticated Named Entities) is a range of new internet RFC standards to secure the internet communication using the DNSSEC-secured domain name system (DNS). DANE offers a global, hierarchical PKI (public key infrastructure) based on the existing domain name system.

By means of practical exercises, the workshop teaches participants the basics of DNSSEC-signed DNS zones, checking DNSSEC contents and setting up DANE TLSA records for SSL/TLS-secured servers (mail, web, XMPP chat, ...).

Contents of the DANE DNSSEC workshop:

• DNS basics (refresher)
• DNS threats and attacks
• Introduction to DNSSEC (new record types)
• Signing DNS data with BIND 9
• Validating DNSSEC information with BIND 9 and Unbound
• Creating TLSA records for SSL/TLS certificates

Conditions for participation
The training will be held in German, but the training documents and many Internet sources are available in English.
Participation requires basic knowledge of the Unix/Linux command line (shell) and using a Unix/Linux text editor (vi, nano, emacs, ...).

You need a laptop with a WLAN or an Ethernet interface and an SSH terminal program to participate in the exercises.

Price: €1,000

Date: January 26, 2016 – the day before IT-Defense 2016 starts

You will receive CPE Points for participating in the workshop. The training takes 6 hours.

Location:
Hyatt Regency Mainz
Malakoff-Terrasse 1
55116 Mainz
Tel: +49 6131 73 1234
Fax: +49 6131 73 1235
Email: mainz.regency@hyatt.com