Security
Practical Database Auditing for Microsoft SQL Server and Azure SQL
Know how to track changes and key events in your SQL Server databases in support of application troubleshooting, regulatory compliance, and governance. This book shows how to use key features in SQL Server ,such as SQL Server Audit and Extended Events, to track schema changes, permission changes, and changes to your data. You’ll even learn how to track queries run against specific tables in a database.Not all changes and events can be captured and tracked using SQL Server Audit and Extended Events, and the book goes beyond those features to also show what can be captured using common criteria compliance, change data capture, temporal tables, or querying the SQL Server log. You will learn how to audit just what you need to audit, and how to audit pretty much anything that happens on a SQL Server instance. This book will also help you set up cloud auditing with an emphasis on Azure SQL Database, Azure SQL Managed Instance, and AWS RDS SQL Server.You don’t need expensive, third-party auditing tools to make auditing work for you, and to demonstrate and provide value back to your business. This book will help you set up an auditing solution that works for you and your needs. It shows how to collect the audit data that you need, centralize that data for easy reporting, and generate audit reports using built-in SQL Server functionality for use by your own team, developers, and organization’s auditors.WHAT YOU WILL LEARN* Understand why auditing is important for troubleshooting, compliance, and governance* Track changes and key events using SQL Server Audit and Extended Events* Track SQL Server configuration changes for governance and troubleshooting* Utilize change data capture and temporal tables to track data changes in SQL Server tables* Centralize auditing data from all your databases for easy querying and reporting* Configure auditing on Azure SQL, Azure SQL Managed Instance, and AWS RDS SQL Server WHO THIS BOOK IS FORDatabase administrators who need to know what’s changing on their database servers, and those who are making the changes; database-savvy DevOps engineers and developers who are charged with troubleshooting processes and applications; developers and administrators who are responsible for generating reports in support of regulatory compliance reporting and auditingJOSEPHINE BUSH has more than 10 years of experience as a database administrator. Her experience is extensive and broad-based, including experience in financial, business, and energy data systems using SQL Server, MySQL, Oracle, and PostgreSQL. She is a Microsoft Certified Solutions Expert: Data Management and Analytics. She holds a BS in Information Technology, an MBA in IT Management, and an MS in Data Analytics. She is the author of Learn SQL Database Programming. You can reach her on Twitter @hellosqlkitty.IntroductionPART I. GETTING STARTED WITH AUDITINGChapter 1. Why Auditing is ImportantChapter 2. Types of AuditingPART II. IMPLEMENTING AUDITINGChapter 3. What is SQL Server Audit?Chapter 4. Implementing SQL Server Audit via the GUIChapter 5. Implementing SQL Server Audit via SQL ScriptsChapter 6: What is Extended Events?Chapter 7: Implementing Extended Events via the GUIChapter 8: Implementing Extended Events via SQL ScriptsChapter 9. Tracking SQL Server Configuration ChangesChapter 10. Additional SQL Server Auditing and Tracking MethodsPART III. CENTRALIZING AND REPORTING ON AUDITING DATAChapter 11. Centralizing Audit DataChapter 12. Create Reports from Audit DataPART IV. CLOUD AUDITING OPTIONSChapter 13. Auditing Azure SQL DatabasesChapter 14. Auditing Azure SQL Managed InstanceChapter 15. Other Cloud Provider Auditing OptionsPART V. APPENDIXESAppendix A. Database Auditing Options Comparison
The Art of Site Reliability Engineering (SRE) with Azure
Gain a foundational understanding of SRE and learn its basic concepts and architectural best practices for deploying Azure IaaS, PaaS, and microservices-based resilient architectures.The book starts with the base concepts of SRE operations and developer needs, followed by definitions and acronyms of Service Level Agreements in real-world scenarios. Moving forward, you will learn how to build resilient IaaS solutions, PaaS solutions, and microservices architecture in Azure. Here you will go through Azure reference architecture for high-available storage, networking and virtual machine computing, describing Availability Sets and Zones and Scale Sets as main scenarios. You will explore similar reference architectures for Platform Services such as App Services with Web Apps, and work with data solutions like Azure SQL and Azure Cosmos DB.Next, you will learn automation to enable SRE with Azure DevOps Pipelines and GitHub Actions. You’ll also gain an understanding of how an open culture around post-mortems dramatically helps in optimizing SRE and the overall company culture around managing and running IT systems and application workloads. You’ll be exposed to incent management and monitoring practices, by making use of Azure Monitor/Log Analytics/Grafana, which forms the foundation of monitoring Azure and Hybrid-running workloads.As an extra, the book covers two new testing solutions: Azure Chaos Studio and Azure Load Testing. These solutions will make it easier to test the resilience of your services.After reading this book, you will understand the underlying concepts of SRE and its implementation using Azure public cloud.WHAT WILL YOU LEARN:* Learn SRE definitions and metrics like SLI/SLO/SLA, Error Budget, toil, MTTR, MTTF, and MTBF* Understand Azure Well-Architected Framework (WAF) and Disaster Recovery scenarios on Azure* Understand resiliency and how to design resilient solutions in Azure for different architecture types and services* Master core DevOps concepts and the difference between SRE and tools like Azure DevOps and GitHub* Utilize Azure observability tools like Azure Monitor, Application Insights, KQL or Grafana* Understand Incident Response and Blameless Post-Mortems and how to improve collaboration using ChatOps practices with Microsoft toolsWHO IS THIS BOOK FOR:IT operations administrators, engineers, security team members, as well as developers or DevOps engineers.UNAI HUETE BELOKI is a Microsoft Technical Trainer (MTT) working at Microsoft, based in San Sebastian (Spain).From February 2017 to July 2020 he worked as a PFE (Premier Field Engineer), offering support and education as a DevOps Expert to Microsoft customers all around EMEA , mainly focused in the following technologies: GitHub, Azure DevOps, Azure Cloud Architecture and Monitoring, Azure AI/Cognitive Services.Since July 2020, he has worked as a Microsoft Technical Trainer (MTT) on the technologies mentioned above, and served as the MTT lead for the AZ-400 DevOps Solutions exam, helping shape content of the exam/course.In his free time, he loves traveling, water sports like surfing and spearfishing, and mountain-related activities such as MTB and snowboarding.CHAPTER 1: THE FOUNDATION OF SREThis chapter lays out the foundation of Site Resiliency Engineering, founded by Google. From the base concepts of how IT Operations and Developers need to collaborate, to how SRE helps organizations in running business-critical workloads without major downtimeCHAPTER 2: SERVICE LEVEL MANAGEMENT DEFINITIONS AND ACRONYMS AND THEIR MEANING IN A REAL-LIFE CONTEXTThis Chapter describes all common Service Level Agreements (SLA) definitions and acronyms, looked at from a real-world scenario to provide a clear understandingo Some examples, SLA, SLO, MTTF, MTBF, MTTR,…CHAPTER 3: ARCHITECTING RESILIENT INFRASTRUCTURE AS A SERVICE (IAAS) SOLUTIONS IN AZURESRE is all about providing ultimate uptime of your organization’s workloads, and this chapter will cover that in relation to Azure IaaS Compute solutions. Explaining the Azure reference architecture for high-available storage, networking and Virtual Machine computing, describing Availability Sets and Zones and ScaleSets as main scenarios. It will also touch on preparing for Disaster Recovery with Azure Backup and Azure Site Recovery, helping you to quickly mitigate outages in case of a failureCHAPTER 4: ARCHITECTING RESILIENT PLATFORM AS A SERVICE (PAAS) SOLUTIONS IN AZUREFollowing on the scenario of Virtual Machines, this chapter details similar reference architectures for Platform Services such as App Services with Web Apps, but also touching on data solutions like Azure SQL and Azure Cosmos DBCHAPTER 5: ARCHITECTING RESILIENT SERVERLESS AND MICROSERVICES ARCHITECTURES IN AZUREThis third chapter in the reference architecture topic describes how to build high-available, business-critical scenarios using Serverless Functions and Azure LogicApps, as well as Microservices scenarios using Azure Container Instance and Azure Kubernetes Service (AKS).CHAPTER 6: AUTOMATION TO ENABLE SRE WITH AZURE DEVOPS PIPELINES / GITHUB ACTIONSAutomation is the cornerstone to SRE, allowing businesses to not only deploy new workloads in a easy way, but also relying on SRE to avoid critical outages or, when an outage occurs, relying on automation to mitigate the problem as fast as possible. Sharing several examples from both Azure DevOps Pipelines and GitHub Actions, this chapter provides the reader a lot of real-life examples to reuse in their own environmentCHAPTER 7: EFFICIENTLY HANDLING BLAMELESS POST-MORTEMSPost-Mortems are the way to look back at what caused the outage, and describe any lessons learned for the future, helping in avoiding a similar outage in the future, or assist in quickly fixing an identical incident. Blameless is where the focus is on finding the root-cause of the problem, without pinpointing any individual or team as being the victim. This chapter describes how an open culture around post-mortems dramatically helps in optimizing SRE and the overall company culture around managing and running IT systems and application workloads.CHAPTER 8: MONITORING AS THE KEY TO KNOWLEDGEBesides the automated deployments, monitoring is the 2nd big technical topic in any SRE scenario. You can’t manage what you don’t know. This chapter provides an overview of Azure Monitor and Log Analytics, which forms the foundation of monitoring Azure and Hybrid-running workloads. Starting from metrics for the different Azure services touched on in earlier chapters, this chapter also covers how to export logs to 3rd party solutions such as Splunk or integrating dashboarding tools like Grafana
Security in Vehicular Networks
Vehicular networks were first developed to ensure safe driving and to extend the Internet to the road. However, we can now see that the ability of vehicles to engage in cyber-activity may result in tracking and privacy violations through the interception of messages, which are frequently exchanged on road.This book serves as a guide for students, developers and researchers who are interested in vehicular networks and the associated security and privacy issues. It facilitates the understanding of the technologies used and their various types, highlighting the importance of privacy and security issues and the direct impact they have on the safety of their users. It also explains various solutions and proposals to protect location and identity privacy, including two anonymous authentication methods that preserve identity privacy and a total of five schemes that preserve location privacy in the vehicular ad hoc networks and the cloud-enabled internet of vehicles, respectively.Leila Benarous is an associate professor in the Computer Science department and a researcher at LIM Laboratory, University of Laghouat, Algeria. She is also an associate member of UPEC-LiSSi-TincNET Research Team, France.Salim Bitam is a professor of Computer Science and vice rector responsible for post-graduation training and scientific research at the University of Biskra, Algeria. His main research interests include vehicular networks, cloud computing and bio-inspired methods.Abdelhamid Mellouk is currently the director of IT4H High School Engineering Department, a professor at the University of Paris-Est Créteil (UPEC) and Head of UPEC-LiSSi-TincNET Research Team, France. He is the founder of the Network Control Research and Curricula activities in UPEC, the current co President of the French Deep Tech Data Science and Artificial Intelligence Systematic Hub, member of the Algerian High Research Council (CNRST) and an associate editor of several top ranking scientific journals.Preface xiList of Acronyms xiiiIntroduction xixCHAPTER 1 VEHICULAR NETWORKS 11.1 Introduction 11.2 Motivation by numbers 21.3 Evolution 31.4 Architecture 41.5 Characteristics 51.6 Technical challenges and issues 61.7 Wireless technology 71.8 Standards 71.8.1 IEEE WAVE stack 81.8.2 ETSI standards 91.8.3 The 3GPP standard 91.9 Types 101.9.1 The autonomous vehicle (self-dependent) 101.9.2 VANET 111.9.3 Vehicular clouds 111.9.4 Internet of vehicles 121.9.5 Social Internet of vehicles 141.9.6 Data named vehicular networks 151.9.7 Software-defined vehicular networks 151.10 Test beds and real implementations 161.11 Services and applications 171.12 Public opinion 191.13 Conclusion 20CHAPTER 2 PRIVACY AND SECURITY IN VEHICULAR NETWORKS 212.1 Introduction 212.2 Privacy issue in vehicular networks 222.2.1 Types 232.2.2 When and how it is threatened? 242.2.3 Who is the threat? 242.2.4 What are the consequences? 242.2.5 How can we protect against it? 252.3 State-of-the-art location privacy-preserving solutions 282.3.1 Non-cooperative change 282.3.2 Silence approaches 282.3.3 Infrastructure-based mix-zone approach 282.3.4 The cooperation approach (distributed mix-zone) 362.3.5 Hybrid approach 362.4 Authentication issues in vehicular networks 492.4.1 What is being authenticated in vehicular networks? 492.4.2 Authentication types 502.4.3 How does authentication risk privacy? 512.5 Identity privacy preservation authentication solutions: state of the art 522.6 Conclusion 54CHAPTER 3 SECURITY AND PRIVACY EVALUATION METHODOLOGY 553.1 Introduction 553.2 Evaluation methodology 583.2.1 Security 583.2.2 Privacy 663.3 Conclusion 74CHAPTER 4 THE ATTACKER MODEL 754.1 Introduction 754.2 Security objectives 764.3 Security challenges 784.4 Security attacker 794.4.1 Aims 804.4.2 Types 804.4.3 Means 814.4.4 Attacks 82Contents vii4.4.5 Our attacker model 854.5 Conclusion 90CHAPTER 5 PRIVACY-PRESERVING AUTHENTICATION IN CLOUD-ENABLED VEHICLE DATA NAMED NETWORKS (CVDNN) FOR RESOURCES SHARING 915.1 Introduction 915.2 Background 925.2.1 Vehicular clouds 925.2.2 Vehicular data named networks 945.3 System description 945.4 Forming cloud-enabled vehicle data named networks 955.5 Migrating the local cloud virtual machine to the central cloud 975.6 Privacy and authentication when using/providing CVDNN services 975.6.1 The authentication process 985.6.2 The reputation testimony 1005.7 The privacy in CVDNN 1025.8 Discussion and analysis 1035.8.1 The privacy when joining the VC 1035.8.2 Privacy while using the VC 1065.9 Conclusion 106CHAPTER 6 PRIVACY-PRESERVING AUTHENTICATION SCHEME FOR ON-ROAD ON-DEMAND REFILLING OF PSEUDONYM IN VANET 1096.1 Introduction 1096.2 Network model and system functionality 1116.2.1 Network model 1116.2.2 The system functionality 1136.3 Proposed scheme 1146.4 Analysis and discussion 1196.4.1 Security analysis 1196.4.2 Burrows, Abadi and Needham (BAN) logic 1246.4.3 SPAN and AVISPA tools 1266.5 Conclusion 129CHAPTER 7 PRESERVING THE LOCATION PRIVACY OF VEHICULAR AD HOC NETWORK USERS 1317.1 Introduction 1317.2 Adversary model 1337.3 Proposed camouflage-based location privacy-preserving scheme 1337.3.1 Analytical model 1357.3.2 Simulation 1367.4 Proposed hybrid pseudonym change strategy 1417.4.1 Hypothesis and assumptions 1417.4.2 Changing the pseudonyms 1427.4.3 The simulation 1457.5 Conclusion 148CHAPTER 8 PRESERVING THE LOCATION PRIVACY OF INTERNET OF VEHICLES USERS 1518.1 Introduction 1518.2 CE-IoV 1538.3 Privacy challenges 1568.4 Attacker model 1578.5 CLPPS: cooperative-based location privacy-preserving scheme for Internet of vehicles 1588.5.1 Simulation 1598.5.2 Comparative study and performance analysis 1638.6 CSLPPS: concerted silence-based location privacy-preserving scheme for Internet of vehicles 1668.6.1 The proposed solution 1668.6.2 Simulation results 1678.6.3 Comparative study performance analysis 1698.7 Obfuscation-based location privacy-preserving scheme in cloud-enabled Internet of vehicles 1718.7.1 The proposition 1718.7.2 Study of feasibility using game theoretic approach 1738.7.3 The simulation 1748.7.4 Analytical model 1778.7.5 Comparative study 1788.8 Conclusion 180CHAPTER 9 BLOCKCHAIN-BASED PRIVACY-AWARE PSEUDONYM MANAGEMENT FRAMEWORK FOR VEHICULAR NETWORKS 1819.1 Introduction 1819.2 Background 1839.2.1 Public key infrastructure (PKI) 1839.2.2 Vehicular PKI 1859.2.3 Blockchain technology 1859.2.4 Blockchain of blockchains 1909.3 Related works 1919.3.1 Blockchain-based PKI 1919.3.2 Privacy-aware blockchain-based PKI 1919.3.3 Monero 1919.3.4 Blockchain-based vehicular PKI 1929.4 Key concepts 1929.4.1 Ring signature 1929.4.2 One-time address 1949.5 Proposed solution 1959.5.1 General description 1959.5.2 Registration to the blockchain 1969.5.3 Certifying process 1969.5.4 Revocation process 1979.5.5 Transaction structure and validation 1979.5.6 Block structure and validation 2009.5.7 Authentication using blockchain 2019.6 Analysis 2029.7 Comparative study 2069.8 Conclusion 206Conclusion 211References 215Index 229
CO-PA in SAP S/4HANA Finance
Wirksames Ergebniscontrolling ist für den Erfolg Ihres Unternehmens entscheidend. In diesem Buch lernen Sie, wie Sie die Ergebnis- und Marktsegmentrechnung in SAP S/4HANA Finance an Ihre Bedürfnisse anpassen. Anhand von Beispielen und Screenshots erfahren Sie alles zur Stammdatenpflege und Berichterstellung. Und Sie lernen, wie Sie Predictive Accounting nutzen, um vorausschauend bessere und schnellere Entscheidungen zu treffen. Auch die Migration von SAP ERP zu SAP S/4HANA Finance wird ausführlich behandelt. Aus dem Inhalt: Ergebnisrechnung mit CO-PA in SAP S/4HANA FinanceErgebnisbereich und Grundeinstellungen für die ErgebnisrechnungMerkmalkonfigurationKonfiguration von Wert- und MengenfeldernBuchhalterische ErgebnisrechnungMargenanalyseIst-Wertflüsse Einleitung ... 13 1. Einführung in die Ergebnisrechnung ... 17 1.1 ... Zweck der Ergebnisrechnung ... 17 1.2 ... Kosten- und Erlösträger ... 19 1.3 ... Arten der Ergebnisrechnung ... 20 1.4 ... Technische Struktur ... 30 1.5 ... Zusammenfassung ... 32 2. Customizing des Ergebnisbereichs und Grundeinstellungen für die Ergebnisrechnung ... 35 2.1 ... Einen Ergebnisbereich pflegen ... 35 2.2 ... Währungen ... 50 2.3 ... Nummernkreise ... 54 2.4 ... Versionen ... 59 2.5 ... Ergebnisbereich transportieren ... 61 2.6 ... Ergebnisbereich setzen ... 64 2.7 ... Erweiterungsledger für die Ergebnisrechnung anlegen ... 65 2.8 ... Zusammenfassung ... 68 3. Merkmale konfigurieren ... 69 3.1 ... Merkmale ... 69 3.2 ... Merkmalsableitungen ... 86 3.3 ... Merkmale in Belegen ableiten ... 121 3.4 ... Zusammenfassung ... 137 4. Customizing der Wert- und Mengenfelder für die kalkulatorische Ergebnisrechnung ... 139 4.1 ... Wertfelder konfigurieren ... 139 4.2 ... Mengenfelder konfigurieren ... 143 4.3 ... Wert- und Mengenfelder dem Ergebnisbereich zuordnen ... 146 4.4 ... Zusammenfassung ... 150 5. Customizing des Werteflusses für die Margenanalyse ... 151 5.1 ... Einführung ... 151 5.2 ... Predictive Accounting ... 152 5.3 ... Überleitung von Fakturen ... 160 5.4 ... Herstellkosten in der Margenanalyse ... 177 5.5 ... Split der Umsatzkosten ... 179 5.6 ... Abweichungsermittlung ... 189 5.7 ... Ableitung für Belegzeilen ohne Ergebnisobjekt ... 210 5.8 ... Abrechnung Projekte/PSP-Elemente ... 219 5.9 ... Kostenstellenumlage ... 230 5.10 ... Direktkontierung ... 245 5.11 ... Zusammenfassung ... 247 6. Customizing des Werteflusses für die kalkulatorische Ergebnisrechnung ... 249 6.1 ... Einführung ... 249 6.2 ... Kundenauftragsbestand ... 252 6.3 ... Fakturaüberleitung ... 260 6.4 ... Herstellkosten in CO-PA ... 275 6.5 ... Kalkulation nach CO-PA übernehmen ... 284 6.6 ... Abweichungsermittlung ... 297 6.7 ... Projekte/PSP-Elemente abrechnen ... 315 6.8 ... Kostenstellenumlage ... 324 6.9 ... Direktkontierung ... 338 6.10 ... Zusammenfassung ... 342 7. Planung ... 343 7.1 ... Was ändert sich für die Planung mit SAP S/4HANA Finance? ... 343 7.2 ... Planung in der Margenanalyse ... 345 7.3 ... Planung in der kalkulatorischen Ergebnisrechnung ... 354 7.4 ... Zusammenfassung ... 366 8. Reporting ... 369 8.1 ... Übersicht des Reportings in der Ergebnisrechnung ... 369 8.2 ... Reporting in der Margenanalyse ... 373 8.3 ... Reporting in der kalkulatorischen Ergebnisrechnung ... 402 8.4 ... Zusammenfassung ... 412 A. Änderungen am Datenmodell ... 413 Die Autorin ... 415 Index ... 417
Microsoft Azure for Java Developers
Learn Azure-based features to build and deploy Java applications on Microsoft’s Azure cloud platform. This book provides examples of components on Azure that are of special interest to Java programmers, including the different deployment models that are available. The book shows how to deploy your Java applications in Azure WebApp, Azure Kubernetes Service, Azure Functions, and Azure Spring Cloud. Also covered is integration with components such as Graph API, Azure Storage, Azure Redis Cache, and Azure SQL.The book begins with a brief discussion of cloud computing and an introduction to Java support on Azure. You’ll then learn how to deploy Java applications using each of the deployment models, and you’ll see examples of integrating with Azure services that are of particular interest to Java programmers. Security is an important aspect, and this book shows you how to enable authentication and authorization for your Java applications using Azure Active Directory.Implementing a DevOps strategy is essential in today’s market when building any application. Examples in this book show you how to build continuous integration and continuous deployment pipelines to build and deploy Java applications on Azure. The book focuses on the best practices you should follow while designing and implementing Java applications on Azure. The book also elaborates on monitoring and debugging Java applications running on Azure using Application Insights and Azure Monitor.WHAT YOU WILL LEARN* Design and build Azure-based Java applications* Run Azure-based Java applications on services such as Azure App Services, Azure Spring Cloud, Azure Functions, and Azure Kubernetes Service* Integrate Azure services such as Azure SQL, Azure Storage Account, Azure Redis Cache, Azure Active Directory, and more with Java applications running on Azure * Monitor and debug Java applications running on Azure* Secure Azure-based Java applications* Build DevOps CI/CD strategy for Azure-based Java applications* Package and deploy Azure-based Java applications on Azure WHO THIS BOOK IS FORJava developers planning to build Azure-based Java applications and deploy them on Azure. Developers should be aware of the preliminary cloud fundamentals to help them understand the Java capability available on Azure. They do not need to be an expert in Azure to grasp the book’s content and start building Java-based applications using the capability available on Azure. However, they should have a good understanding of the Java programming language and frameworks.ABHISHEK MISHRA is a Principal Cloud Architect at a leading organization and has more than 17 years of experience in building and architecting software solutions for large and complex enterprises across the globe. He has deep expertise in enabling digital transformation for his customers using the cloud and artificial intelligence. He speaks at conferences on Azure and has authored four books on Azure prior to writing this new book.IntroductionPART I. BUILDING AND DEPLOYING JAVA APPLICATIONS TO AZURE1. Getting Started with Java Development for Azure2. Java for Azure WebApp3. Java-based Azure Functions4. Containerizing Java Applications with Azure Kubernetes Service5. Running Java Applications on Azure Spring CloudPART II. INTEGRATING JAVA APPLICATIONS WITH POPULAR AZURE SERVICES6. Integrating with Azure Storage Account7. Azure SQL from Java Applications8. Work with Azure Cosmos DB9. Storing Runtime Data in Azure Redis Cache10. Sending Emails using Graph API11. Debugging and Monitoring using Azure Monitor12. Authentication and Authorization with Azure Active DirectoryPART III. DEVOPS AND BEST PRACTICES13. Provisioning Resources with Azure DevOps and Azure CLI14. Building and Deploying using Azure DevOps15. A Near-Production Azure-based Java Application
Computer Science Security
This book serves as a guide to help the reader develop an awareness of security vulnerabilities and attacks, and encourages them to be circumspect when using the various computer resources and tools available today. For experienced users, Computer Science Security presents a wide range of tools to secure legacy software and hardware.Computing has infiltrated all fields nowadays. No one can escape this wave and be immune to security attacks, which continue to evolve, gradually reducing the level of expertise needed by hackers.It is high time for each and every user to acquire basic knowledge of computer security, which would enable them to mitigate the threats they may face both personally and professionally. It is this combined expertise of individuals and organizations that will guarantee a minimum level of security for families, schools, the workplace and society in general.Ameur Salem Zaidoun received a National Diploma in Computer Engineering from ENSI, Tunisia, and is a university teacher at ISET of Siliana at the level of Lecturer Technologist. An ex-developer and security consultant, he is a CCNA R&S-, DevNet- and CCNA-Security-certified and a Huawei HCNA-R&S-certified Cisco Instructor.List of Acronyms xiIntroduction xiiiCHAPTER 1 GENERAL CONCEPTS IN SECURITY 11.1 Introduction 11.2 Reasons for security 21.2.1 Technical issues 21.2.2 Social factors 41.3 Security attacks 51.3.1 Passive/active classification of attacks 51.3.2 Direct/indirect classification of attacks 81.3.3 Examples of attacks 101.3.4 Some statistics 121.4 Security objectives 131.4.1 Establishing a culture 131.4.2 Establishing technical solutions 131.5 Security fields 141.5.1 Energy security 141.5.2 Organizational and physical security 151.5.3 Software security 161.6 Normalization of security 181.6.1 Fundamental issues and general presentation 181.6.2 ISO 7498-2 norm 191.7 Security services 241.7.1 Authentication 251.7.2 Confidentiality 271.7.3 Integrity 271.7.4 Non-repudiation 271.7.5 Traceability and access control 271.7.6 Service availability 271.8 Security mechanisms 281.8.1 Encryption 281.8.2 Integrity check 291.8.3 Access check 291.8.4 Electronic signature 301.8.5 Notarization 301.9 Good practices 311.10 Conclusion 31CHAPTER 2 SECURITY WEAKNESSES 332.1 Introduction 332.2 Weakness in the TCP/IP 342.2.1 ARPANet, the ancestor of the Internet 342.2.2 The Internet and security problems 342.2.3 The Internet and the ability to analyze 352.3 Weaknesses due to malware and intrusion tools 362.3.1 Viruses 372.3.2 Worms 402.3.3 Spam 412.3.4 Software bomb 422.3.5 Trojan horse 422.3.6 Spyware 432.3.7 Keylogger 442.3.8 Adware 442.3.9 Other malware 452.3.10 Comparison of intrusion tools 462.4 Conclusion 46CHAPTER 3 AUTHENTICATION TECHNIQUES AND TOOLS 493.1 Introduction 493.2 Theoretical concepts of authentication 503.2.1 Identification 503.2.2 Authentication 513.3 Different types of authentications 513.3.1 Local service authentication 513.3.2 Network authentication 523.4 AAA service 563.4.1 Local AAA 573.4.2 Server AAA 593.5 Conclusion 63CHAPTER 4 TECHNIQUES AND TOOLS FOR CONTROLLING ACCESS, ACL AND FIREWALLS 654.1 Introduction 654.2 Access control list 664.2.1 ACL classification 664.2.2 ACL configuration in Cisco 684.2.3 ACL configuration for Huawei 744.3 Firewall 784.3.1 Filtering function 794.3.2 Functionalities of tracing and NAT 814.3.3 Firewall architecture 824.3.4 How a firewall works 844.3.5 Firewall classifications 844.3.6 Stateful firewall 864.3.7 Zone-based firewall 874.3.8 Firewall examples 904.4 The concept of a DMZ 924.4.1 Implementation of topologies 924.5 Conclusion 95CHAPTER 5 TECHNIQUES AND TOOLS FOR DETECTING INTRUSIONS 975.1 Introduction 975.2 Antivirus 975.2.1 Functions of an antivirus 975.2.2 Methods for detecting a virus 985.2.3 Actions taken by an antivirus 985.2.4 Antivirus components 995.2.5 Antivirus and firewall comparison 995.3 Intrusion detection systems 1005.3.1 IDS purposes 1005.3.2 IDS components and functions 1005.3.3 IDS classification 1025.3.4 Examples of IDS/IPS 1055.4 Conclusion 107CHAPTER 6 TECHNIQUES AND TOOLS FOR ENCRYPTION, IPSEC AND VPN 1096.1 Introduction 1096.2 Encryption techniques 1106.2.1 Basic principles of encryption 1116.2.2 Cryptoanalysis 1126.2.3 Evolution of cryptography 1136.2.4 The concept of certificates 1176.2.5 Comparison of encryption techniques 1186.3 IPSec 1196.3.1 Ah 1206.3.2 Esp 1206.3.3 Different IPSec modes 1216.3.4 Different IPSec implementations 1226.3.5 Different IPSec encapsulations 1226.3.6 IKE protocol 1256.4 VPNs 1266.4.1 Issues and justifications 1266.4.2 VPN principles 1276.4.3 Different types of VPNs 1276.4.4 Different tunneling protocols 1286.4.5 Site-to-site IPSec VPN configuration 1296.5 Conclusion 131CHAPTER 7 NEW CHALLENGES AND TRENDS IN SECURITY, SDN AND IOT 1337.1 Introduction 1337.2 SDN security 1347.2.1 General description of an SDN 1347.2.2 SDN architecture 1357.2.3 SDN components 1367.2.4 Security issues in SDNs 1387.2.5 Security solutions for SDNs 1397.3 IoT/IoE security 1417.3.1 Sensor networks 1417.3.2 Security issues in the IoT 1437.3.3 Blockchain: an IoT security solution 1457.4 Conclusion 146CHAPTER 8 SECURITY MANAGEMENT 1478.1 Introduction 1478.2 Security audits 1488.2.1 Objectives 1488.2.2 Audit action diagram 1498.2.3 Organizational and physical audit 1508.2.4 Technical audit 1518.2.5 Intrusive test 1528.2.6 Audit methodologies 1528.3 Security policy demonstration 1558.3.1 Security test and evaluation 1558.3.2 Security policy development 1598.3.3 Elements of a security policy 1618.4 Norms, directives and procedures 1628.4.1 ISO 27000 norm 1638.4.2 ISO/FDIS 31000 norm 1638.4.3 ISO/IEC 38500 norm 1648.5 Conclusion 164References 165Index 167
Penetration Tester werden für Dummies
Pentests sind für Unternehmen unverzichtbar geworden, denn nur wer die Schwachstellen kennt, kann auch dagegen vorgehen. Robert Shimonski erklärt Ihnen in diesem Buch alles, was Sie brauchen, um selbst Pentests durchzuführen. Von den nötigen Vorbereitungen über Risikoanalyse und rechtliche Belange bis hin zur eigentlichen Durchführung und späteren Auswertung ist alles dabei. Versetzen Sie sich in Hacker hinein und lernen Sie, wo Unternehmen angreifbar sind. Werden Sie selbst zum Penetration Tester.Autor:Robert Shimonski ist Leiter des Service-Managements bei Northwell Health und ein erfahrener Autor. Er hat bereits über 20 Bücher geschrieben. Seine Themen reichen von Penetration Testing über Netzwerksicherheit bis hin zu digitaler Kriegsführung.Leseprobe (PDF-Link)
Penetration Testing mit Metasploit (2. Auflg.)
Metasploit ist ein mächtiges Werkzeug, mit dem auch unerfahrene Administratoren gängige Angriffsmethoden verstehen und nachstellen können, um Sicherheitslücken im System aufzuspüren. Der Autor erläutert in diesem Buch gezielt alle Funktionen von Metasploit, die relevant für Verteidiger (sogenannte Blue Teams) sind, und zeigt, wie sie im Alltag der IT-Security wirkungsvoll eingesetzt werden können.Als Grundlage erhalten Sie das Basiswissen zu Exploits und Penetration Testing und setzen eine Kali-Linux-Umgebung auf. Mit dem kostenlos verfügbaren Portscanner Nmap scannen Sie Systeme auf angreifbare Dienste ab. Schritt für Schritt lernen Sie die Durchführung eines typischen Hacks mit Metasploit kennen und erfahren, wie Sie mit einfachen Techniken in kürzester Zeit höchste Berechtigungsstufen in den Zielumgebungen erlangen.Schließlich zeigt der Autor, wie Sie Metasploit von der Meldung einer Sicherheitsbedrohung über das Patchen bis hin zur Validierung in der Verteidigung von IT-Systemen und Netzwerken einsetzen. Dabei gibt er konkrete Tipps zur Erhöhung Ihres IT-Sicherheitslevels. Zusätzlich lernen Sie, Schwachstellen mit dem Schwachstellenscanner Nessus zu finden, auszuwerten und auszugeben.So wird Metasploit ein effizienter Bestandteil Ihrer IT-Sicherheitsstrategie. Sie können Schwachstellen in Ihrem System finden und Angriffstechniken unter sicheren Rahmenbedingungen selbst anwenden sowie fundierte Entscheidungen für Gegenmaßnahmen treffen und prüfen, ob diese erfolgreich sind.Aus dem Inhalt:Metasploit: Hintergrund und HistorieKali-Linux-Umgebung aufsetzenPentesting-GrundlagenSchwachstellen und ExploitsNmap-ExkursMetasploit-BasicsMetasploit in der VerteidigungHacking-PraxisbeispieleAnti-Virus-EvasionNessus-SchwachstellenscannerGlossar Autoreninfo (Stand: Mai 2020):Sebastian Brabetz ist als Geschäftsleiter verantwortlich für die Professional Security Services bei der mod IT GmbH und ist zertifiziert als Offensive Security Certified Professional (OSCP).Er arbeitet im Bereich IT Security in allen Bereichen vom Consulting über defensives Schwachstellen-Management und Incident Response bis hin zu offensiven Penetrationstests. U.a. gibt er Workshops zu den Themen Pentesting und Metasploit.
Blockchain Security from the Bottom Up
THE GOLD STANDARD IN UP-TO-DATE BLOCKCHAIN CYBERSECURITY HANDBOOKSIn Blockchain Security from the Bottom Up: Securing and Preventing Attacks on Cryptocurrencies, Decentralized Applications, NFTs, and Smart Contracts, accomplished blockchain and cybersecurity consultant and educator Howard E. Poston delivers an authoritative exploration of blockchain and crypto cybersecurity. In the book, the author shows you exactly how cybersecurity should be baked into the blockchain at every layer of the technology’s ecosystem. You’ll discover how each layer can be attacked and learn how to prevent and respond to those attacks in an environment of constant technological change and evolution. You’ll also find:* Illuminating case studies of real-world attacks and defenses at various layers in the blockchain ecosystem* Thorough introductions to blockchain technology, including its implementations in areas like crypto, NFTs, and smart contracts* Comprehensive explorations of critical blockchain topics, including protocols, consensus, and proof of workA can’t-miss resource for blockchain and cybersecurity professionals seeking to stay on the cutting-edge of a rapidly evolving area, Blockchain Security from the Bottom Up will also earn a place on the bookshelves of software developers working with cryptocurrencies and other blockchain implementations. HOWARD E. POSTON III is an independent blockchain consultant, educator, and content creator who has developed and taught over a dozen courses covering cybersecurity topics. He holds a master’s degree in Cybersecurity from the Air Force Institute of Technology and is a Certified Ethical Hacker. He has developed and facilitated blockchain security courses for major companies.CHAPTER 1 INTRODUCTION TO BLOCKCHAIN SECURITY 1The Goals of Blockchain Technology 2Anonymity 2Decentralization 2Fault Tolerance 2Immutability 3Transparency 3Trustless 3Structure of the Blockchain 3The Blockchain Network 5The Blockchain Node 5A Blockchain Block 6A Blockchain Transaction 7Inside the Blockchain Ecosystem 8Fundamentals 8Primitives 9Data Structures 9Protocols 9Consensus 9Block Creation 10Infrastructure 10Nodes 10Network 11Advanced 11Smart Contracts 11Extensions 11Threat Modeling for the Blockchain 12Threat Modeling with STRIDE 12Spoofing 12Tampering 12Repudiation 13Information Disclosure 13Denial of Service 13Elevation of Privilege 13Applying STRIDE to Blockchain 14Conclusion 14CHAPTER 2 FUNDAMENTALS 15Cryptographic Primitives 15Public Key Cryptography 16Introducing “Hard” Mathematical Problems 16Building Cryptography with “Hard” Problems 18How the Blockchain Uses Public Key Cryptography 19Security Assumptions of Public Key Cryptography 20Attacking Public Key Cryptography 20Hash Functions 25Security Assumptions of Hash Functions 25Additional Security Requirements 27How the Blockchain Uses Hash Functions 28Attacking Hash Functions 31Threat Modeling for Cryptographic Algorithms 32Data Structures 33Transactions 33What’s In a Transaction? 33Inside the Life Cycle of a Transaction 34Attacking Transactions 34Blocks 37Inside a Block 37Attacking Blockchain Blocks 38Threat Modeling for Data Structures 39Conclusion 39CHAPTER 3 PROTOCOLS 43Consensus 43Key Concepts in Blockchain Consensus 44Byzantine Generals Problem 44Security via Scarcity 45The Longest Chain Rule 46Proof of Work 46Introduction to Proof of Work 47Security of Proof of Work 48Proof of Stake 53Introduction to Proof of Stake 53Variants of Proof of Stake 54Security of Proof of Stake 54Threat Modeling for Consensus 59Block Creation 59Stages of Block Creation 60Transaction Transmission 60Block Creator Selection (Consensus) 60Block Building 61Block Transmission 61Block Validation 61Attacking Block Creation 62Denial of Service 62Frontrunning 63SPV Mining 65Threat Modeling for Block Creation 65Conclusion 65CHAPTER 4 INFRASTRUCTURE 67Nodes 67Inside a Blockchain Node 68Attacking Blockchain Nodes 68Blockchain- Specific Malware 69Denial-of-Service Attacks 70Failure to Update 71Malicious Inputs 72Software Misconfigurations 73Threat Modeling for Blockchain Nodes 74Networks 74Attacking the Blockchain Network 75Denial-of-service Attacks 75Eclipse/Routing Attacks 76Sybil Attacks 78Threat Modeling for Blockchain Networks 80Conclusion 80CHAPTER 5 ADVANCED 83Smart Contracts 83Smart Contract Vulnerabilities 84General Programming Vulnerabilities 85Blockchain- Specific Vulnerabilities 94Platform-Specific Vulnerabilities 103Application- Specific Vulnerabilities 119Threat Modeling for Smart Contracts 128Blockchain Extensions 128State Channels 129State Channel Security Considerations 129Sidechains 130Sidechain Security Considerations 131Threat Modeling for Blockchain Extensions 132Conclusion 133CHAPTER 6 CONSIDERATIONS FOR SECURE BLOCKCHAIN DESIGN 137Blockchain Type 137Public vs. Private 138Benefits of Public vs. Private Blockchains 138Open vs. Permissioned 139Benefits of Open vs. Permissioned Blockchains 139Choosing a Blockchain Architecture 140Privacy and Security Enhancements 140Zero-Knowledge Proofs 140Stealth Addresses 141Ring Signatures 141Legal and Regulatory Compliance 142Designing Secure Blockchains for the Future 143Index 145
Cloud Attack Vectors
Cyberattacks continue to increase in volume and sophistication, targeting everything owned, managed, and serviced from the cloud. Today, there is widespread consensus—it is not a matter of if, but rather when an organization will be breached. Threat actors typically target the path of least resistance. With the accelerating adoption of cloud technologies and remote work, the path of least resistance is shifting in substantive ways. In recent years, attackers have realigned their efforts, focusing on remaining undetected, monetization after exploitation, and publicly shaming organizations after a breach.New, innovative, and useful products continue to emerge and offer some cloud protection, but they also have distinct limitations. No single, standalone solution or strategy can effectively protect against all cloud attack vectors or identify all malicious activity. The simple fact is that the cloud is based on a company’s assets being offered as services. As a result, the best security any organization can achieve is to establish controls and procedures in conjunction with services that are licensed in the cloud.Cloud Attack Vectors details the risks associated with cloud deployments, the techniques threat actors leverage, the empirically-tested defensive measures organizations should adopt, and shows how to improve detection of malicious activity.WHAT YOU’LL LEARN* Know the key definitions pertaining to cloud technologies, threats, and cybersecurity solutions* Understand how entitlements, permissions, rights, identities, accounts, credentials, and exploits can be leveraged to breach a cloud environment* Implement defensive and monitoring strategies to mitigate cloud threats, including those unique to cloud and hybrid cloud environments* Develop a comprehensive model for documenting risk, compliance, and reporting based on your cloud implementationWHO THIS BOOK IS FORNew security professionals, entry-level cloud security engineers, managers embarking on digital transformation, and auditors looking to understand security and compliance risks associated with the cloud MOREY J. HABER is Chief Technology Officer at BeyondTrust. He has more than 20 years of IT industry experience and is author of the book Privileged Attack Vectors and Asset Attack Vectors. Morey joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. He currently oversees BeyondTrust technology for vulnerability, privileged, and remote access management solutions. In 2004, Morey joined eEye as the Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was a Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. Morey began his career as a Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelors of Science in Electrical Engineering from the State University of New York at Stony Brook.BRIAN CHAPPELL is Chief Security Strategist for Beyond Trust, EMEA & APAC, and is a multi-skilled individual with a passion for delivering best practice solutions that help customers run their businesses more effectively and securely. His specialties include: cybersecurity solutions, IT strategy and implementation, project management, global IT operations management, sales engineering, software development, and enterprise and solutions architecture.CHRISTOPHER HILLS is a Security Strategist focused on Privileged Access Management (PAM) and Identity and Access Management (IAM). He is Security Strategist for BeyondTrust's Privileged Access Management Solutions, enforcing Privileged Password Management and Privileged Session Management, Privileged Endpoint Management, and Secure Remote Access which utilizes a single pane of glass for all management aspects, including Automated Account Discovery, Privileged Management and Elevation, Audit and Compliance, and Behavior & Reporting. His responsibilities include: IAM/PAM focus, strategy, mentoring, leadership, customer and prospect liaison, thought leadership, background reference, business development, customer-facing GRC, and working closely with global sales and marketing organizations to help support GTM efforts while assisting with critical sales opportunities and key marketing events.FORWARDINTRODUCTIONCHAPTER 1. CLOUD COMPUTINGSoftware as a ServicePlatform as a ServiceInfrastructure as a ServiceFunction as a ServiceX as a ServiceDesktop as a ServiceData Center as a ServiceManaged Software as a ServiceBackend as a ServiceCHAPTER 2. CLOUD PROVIDERSAmazon Web ServicesMicrosoft AzureGoogle Cloud PlatformOracle CloudAlibabaOther ServicesCHAPTER 3. CLOUD DEFINITIONSIdentitiesAccountsEntitlementsPrivilegesRightsPermissionsContainersSegmentationMicrosegmentationInstancesChapter 4. Asset ManagementDiscoveryCHAPTER 5. ATTACK VECTORSEntitlementsVulnerabilitiesHardeningConfigurationsCredentialsS3 BucketsIdentitiesEntitlementsAPIAuthenticationCertificatesPhishingRemote AccessSupply Chain – 3rd Party MSP/MSSPChapter 6. MitigationsHardeningPatch ManagementPAMCIEMCIAMCWPPChapter 7. Regulatory ComplianceSecurity QuestionnairesSOCType IType IIType IIICloud Security AllianceCCMCAIQCIS ControlsPCI DSSISONISTFedRampChapter 8. ArchitecturesZero TrustCloud-NativeHybridEphemeral ImplementationsAccountsInstancesPrivilegesCHAPTER 9. Imposter SyndromeCHAPTER 10. RECOMMENDATIONSCHAPTER 11. CONCLUSION
Kubernetes Application Developer
Write efficient, smart, and optimized code for containerized applications on public and private clouds at a generic level. This book shows you how to set up microservices that are robust, scalable, and capable of running on GKE (Google Kubernetes Service), AKS (Azure Kubernetes Service), ECS (Elastic Container Service), or even on a vanilla K8S cluster.The book covers the nuts and bolts of container orchestration engines (COEs) and explains how to install and configure them. It also covers creation and deployment of a sample application on COEs. You will learn how to integrate different applications such as OAuth and how to test them and secure them using Istio Citadel. You also will be taught how to create HPA rules for microservices and scale only those microservices that require it, making your stack intelligent. In the concluding chapter, the book explains how to build a SaaS solution from scratch, running on the cloud with automated deployments accessed publicly via a secured ingress K8S controller.By the end of the book, you will have a good understanding of developing microservices and how to design and create a software solution on the cloud.WHAT YOU WILL LEARN* Build software on Kubernetes in the most optimized way* Interact with Kubernetes using client SDKs in Python, Go, nodejs, etc.* Create a testing and deployment CI/CD system for software stacks* Secure your application using Istio, without writing code* Access microservices using ingress controllers and scale them using HPA rulesWHO THIS BOOK IS FORSoftware and system engineers and developersPRATEEK KHUSHALANI is a Cloud Architect at Google and works as a full stack developer in developing cloud based accelerators. Prior to Google, he worked as software developer at IBM and worked as an individual contributor on the development of SDN networking of the IBM public cloud. He has worked across industries such as software, retail, and R&D prototypes, with a focus on cloud computing and machine learning. At Google, he contributes to the development of tools which help accelerate customer's migration journey to Google Cloud Platform. Prateek has strong expertise in developing and designing IaaS, PaaS, and SaaS solutions for both public and private clouds. He holds a bachelor's degree from Birla Institute of Technology, Mesra. He is an open-source contributor and is an active writer on tech blogs.•Chapter 1, Cloud Computing and KubernetesChapter Goal:o What is cloud computingo What is Kuberneteso Different distributions of Kuberneteso Setting up a K8S cluster- for workshop purposeso Common commands of K8So Place of Kubernetes from an architecture point of view.•Chapter 2, Creating Applications on KubernetesChapter Goal:o Create an Apache http servero Create a Java Tomcat war-based servero Create a gRPC API servero Create a Rest API servero Differences when creating applications on Kubernetes.o How will the application be actually called in a production based cluster.•Chapter 3, Testing of Applications on KubernetesChapter Goal:o Creating a CI system for testing.o Using of Pytest, go test, behave and other best testing tools based on programming language.o Adding a simple CD system stage.o Coverage of code and mock of applications to replicate real time scenarios.•Chapter 4, Security of ApplicationsChapter Goal:o Creating a book inventory application composed of UI, API and DBo Using cloud services instead of reinventing the wheelo Using and understand Istio for TLS Encryption and monitoring.o Understanding authentication/authorization and RBAC systems.o Leverage all the services available rather than developing things to secure all microservices.•Chapter 5, Networking of ApplicationsChapter Goal:o Understanding the basics of networking in Kubernetes.o How containers/pod reach each other via overlay networking.o Different ways networking is configured in Kubernetes cluster.o Using name-based DNS routing in applications rather than IP’so Understanding load balancers and the features provided by it.o Using Istio to create a service mesh of microservices and see the flow of traffic between them.o Configuring Kubernetes objects such as Ingress, Service, Endpoints.•Chapter 6, Scaling of Software SolutionChapter Goal:o Identify which microservice of the solution is becoming a bottlenecko Creating HPA rules in Kubernetes to scale specific microservice.o Use case and real-world problems and solutions to them via scaling.•Chapter 7, Building a SaaS SolutionChapter Goal:o Start with nothing but a simple k8s cluster.o Create microservice with your own hands one by one.o Identify what all services are required for building a sample SaaS e commerce solution.o Creating/Configuring a UI, API, DB, business logic, monitoring software stack.o Architecting the entire solution.o Bring the stack up and testing it against load and autoscaling the solution to support any number of requests.
The Azure Data Lakehouse Toolkit
Design and implement a modern data lakehouse on the Azure Data Platform using Delta Lake, Apache Spark, Azure Databricks, Azure Synapse Analytics, and Snowflake. This book teaches you the intricate details of the Data Lakehouse Paradigm and how to efficiently design a cloud-based data lakehouse using highly performant and cutting-edge Apache Spark capabilities using Azure Databricks, Azure Synapse Analytics, and Snowflake. You will learn to write efficient PySpark code for batch and streaming ELT jobs on Azure. And you will follow along with practical, scenario-based examples showing how to apply the capabilities of Delta Lake and Apache Spark to optimize performance, and secure, share, and manage a high volume, high velocity, and high variety of data in your lakehouse with ease.The patterns of success that you acquire from reading this book will help you hone your skills to build high-performing and scalable ACID-compliant lakehouses using flexible and cost-efficient decoupled storage and compute capabilities. Extensive coverage of Delta Lake ensures that you are aware of and can benefit from all that this new, open source storage layer can offer. In addition to the deep examples on Databricks in the book, there is coverage of alternative platforms such as Synapse Analytics and Snowflake so that you can make the right platform choice for your needs.After reading this book, you will be able to implement Delta Lake capabilities, including Schema Evolution, Change Feed, Live Tables, Sharing, and Clones to enable better business intelligence and advanced analytics on your data within the Azure Data Platform.WHAT YOU WILL LEARN* Implement the Data Lakehouse Paradigm on Microsoft’s Azure cloud platform* Benefit from the new Delta Lake open-source storage layer for data lakehouses * Take advantage of schema evolution, change feeds, live tables, and more* Write functional PySpark code for data lakehouse ELT jobs* Optimize Apache Spark performance through partitioning, indexing, and other tuning options* Choose between alternatives such as Databricks, Synapse Analytics, and SnowflakeWHO THIS BOOK IS FORData, analytics, and AI professionals at all levels, including data architect and data engineer practitioners. Also for data professionals seeking patterns of success by which to remain relevant as they learn to build scalable data lakehouses for their organizations and customers who are migrating into the modern Azure Data Platform.RON C. L’ESTEVE is a professional author, trusted technology leader, and digital innovation strategist residing in Chicago, IL, USA. He is well-known for his impactful books and award-winning article publications about Azure Data & AI Architecture and Engineering. He possesses deep technical skills and experience in designing, implementing, and delivering modern Azure Data & AI projects for numerous clients around the world.Having several Azure Data, AI, and Lakehouse certifications under his belt, Ron has been a go-to technical advisor for some of the largest and most impactful Azure implementation projects on the planet. He has been responsible for scaling key data architectures, defining the road map and strategy for the future of data and business intelligence needs, and challenging customers to grow by thoroughly understanding the fluid business opportunities and enabling change by translating them into high-quality and sustainable technical solutions that solve the most complex challenges and promote digital innovation and transformation.Ron is a gifted presenter and trainer, known for his innate ability to clearly articulate and explain complex topics to audiences of all skill levels. He applies a practical and business-oriented approach by taking transformational ideas from concept to scale. He is a true enabler of positive and impactful change by championing a growth mindset.IntroductionPART I. GETTING STARTED1. The Lakehouse Paradigm2. Mount Lakes to DatabricksPART II. LAKEHOUSE PLATFORMS3. Snowflake Data Warehouse4. Synapse Analytics Serverless Pools5. Databricks SQL AnalyticsPART III. APACHE SPARK6. PySpark7. Extract, Load, Transform JobsPART IV. DELTA LAKE8. Delta Schema Evolution9. Delta Change Feed10. Delta Clones11. Delta Live Tables12. Delta SharingPART V. OPTIMIZING PERFORMANCE13. Dynamic Partition Pruning for Querying Star Schemas14. Z-Ordering and Data Skipping15. Adaptive Query Execution16. Bloom Filter Index17. HyperspacePART VI. LAKEHOUSE CAPABILITIES18. Auto Loader Resource Management19. Advanced Schema Evolution with Auto Loader20. Python Wheels21. Security and Controls22. Unity Catalog
Verfügbarkeitsprüfung mit SAP
Bestandstransparenz, Liefertreue und die Optimierung von Durchlaufzeiten sind zentrale Wettbewerbsvorteile – besonders in globalen Lieferketten! Dieses Buch führt Sie sachkundig in die verschiedenen SAP-Lösungen für die Verfügbarkeitsprüfung (ATP) ein und erklärt deren Funktionen, Konfiguration und Integration. Neben den bewährten Lösungen von SAP ERP und SAP APO lernen Sie die neue erweiterte Verfügbarkeitsprüfung (aATP) in SAP S/4HANA kennen. Sie erfahren, wie Sie Produktion, Beschaffung und Vertrieb nahtlos steuern und so die Planungssicherheit erhöhen. Aus dem Inhalt: RückstandsbearbeitungFehlteilemanagementATP-VerfügbarkeitsprüfungBasismethoden und erweiterte OptionenRegelbasierte VerfügbarkeitsprüfungStreckenabwicklungVerfügbarkeitsprüfung gegen ProduktionRundung und SicherheitsbeständeBesonderheiten in SAP APOProduktverfügbarkeit (PAC)KontingentierungAlternativen-basierte Bestätigung (ABC) Einleitung ... 19 TEIL I. Grundlagen der Verfügbarkeitsprüfung mit SAP ... 29 1. Betriebswirtschaftlicher Hintergrund ... 31 1.1 ... Dispositionsstrategien ... 33 1.2 ... Verfügbarkeitsprüfung im Unternehmen ... 36 1.3 ... Implementierung der Verfügbarkeitsprüfung ... 41 1.4 ... Zusammenfassung ... 44 2. Verfügbarkeitsprüfung mit SAP ... 45 2.1 ... Systeme und Lösungen ... 45 2.2 ... Integration mit SAP CRM und SAP Customer Experience ... 51 2.3 ... Anwendungsszenarien und Beispielarchitekturen ... 54 2.4 ... Zusammenfassung ... 57 3. Anwendungsbereiche und Prozessintegration ... 59 3.1 ... Durchführung der Verfügbarkeitsprüfung ... 59 3.2 ... Verfügbarkeitsprüfung im Vertrieb ... 60 3.3 ... Verfügbarkeitsprüfung in der Produktion ... 72 3.4 ... Verfügbarkeitsprüfung in der Materialwirtschaft ... 77 3.5 ... Zusammenfassung ... 82 TEIL II. Verfügbarkeitsprüfung mit SAP ERP ... 83 4. Stamm- und Bewegungsdaten in SAP ERP ... 85 4.1 ... Stammdaten ... 85 4.2 ... Bewegungsdaten ... 90 4.3 ... Zusammenfassung ... 127 5. Parameter der Verfügbarkeitsprüfung in SAP ERP ... 129 5.1 ... Prüfgruppe ... 129 5.2 ... Prüfregel ... 136 5.3 ... Prüfumfang ... 139 5.4 ... Einteilungstyp ... 151 5.5 ... Bedarfsklasse und Bedarfsartenfindung ... 153 5.6 ... Sperrlogik ... 163 5.7 ... Transport- und Versandterminierung ... 165 5.8 ... Zusammenfassung ... 173 6. Prüfmethoden in SAP ERP ... 175 6.1 ... Überblick ... 176 6.2 ... ATP-Verfügbarkeitsprüfung ... 177 6.3 ... Verfügbarkeitsprüfung gegen Vorplanung ... 192 6.4 ... Verfügbarkeitsprüfung gegen Kontingente ... 222 6.5 ... Montageabwicklung ... 236 6.6 ... Zusammenfassung ... 240 7. Fehlteilemanagement in SAP ERP ... 241 7.1 ... Kostenoptimales Bestandsniveau ... 241 7.2 ... Fehlteileidentifizierung ... 243 7.3 ... Fehlteileauswertung ... 247 7.4 ... Fehlteileinformationsmeldung ... 250 7.5 ... Zusammenfassung ... 257 8. Rückstandsbearbeitung in SAP ERP ... 259 8.1 ... Negative Prüfungsergebnisse ... 259 8.2 ... Manuelle Rückstandsbearbeitung ... 261 8.3 ... Neuterminierung ... 265 8.4 ... Zusammenfassung ... 271 TEIL III. Verfügbarkeitsprüfung mit SAP S/4HANA ... 273 9. Einführung in die Verfügbarkeitsprüfung mit SAP S/4HANA ... 275 9.1 ... Standard-Verfügbarkeitsprüfung in SAP S/4HANA ... 276 9.2 ... Erweiterte Verfügbarkeitsprüfung (aATP) in SAP S/4HANA ... 278 9.3 ... Zusammenspiel der einzelnen Funktionen der erweiterten Verfügbarkeitsprüfung ... 291 9.4 ... Merkmalskataloge in der erweiterten Verfügbarkeitsprüfung ... 293 9.5 ... Zusammenfassung ... 294 10. Kontingentierung ... 295 10.1 ... Customizing zur Nutzung der Kontingentierung ... 296 10.2 ... SAP-Fiori-Apps für die Kontingentierung ... 298 10.3 ... Kontingentierung konfigurieren ... 300 10.4 ... Kontingentierungsplandaten verwalten ... 302 10.5 ... Kontingentierungssequenzen verwalten ... 304 10.6 ... Produkte zur Kontingentierung zuordnen ... 307 10.7 ... Kontingentierungsübersicht ... 308 10.8 ... SAP-Beispiel für die Kontingentierung ... 309 10.9 ... Zusammenfassung ... 319 11. Verfügbarkeitsschutz ... 321 11.1 ... Customizing zur Nutzung des Verfügbarkeitsschutzes ... 321 11.2 ... SAP-Fiori-Apps für den Verfügbarkeitsschutz ... 322 11.3 ... Grundlagen des Verfügbarkeitsschutzes ... 323 11.4 ... Konfiguration des Verfügbarkeitsschutzes ... 328 11.5 ... SAP-Beispiel für den Verfügbarkeitsschutz ... 333 11.6 ... Zusammenfassung ... 340 12. Alternativenbasierte Bestätigung ... 341 12.1 ... Customizing zur Aktivierung der alternativenbasierten Bestätigung ... 342 12.2 ... SAP-Fiori-Apps zur Konfiguration der alternativenbasierten Bestätigung ... 343 12.3 ... Grundlagen der Werks- und Lagerortersetzung ... 344 12.4 ... Grundlagen der Produktersetzung ... 355 12.5 ... Die alternativenbasierte Bestätigung konfigurieren ... 356 12.6 ... SAP-Beispiel für die alternativenbasierte Bestätigung ... 361 12.7 ... Zusammenfassung ... 365 13. Rückstandsbearbeitung ... 367 13.1 ... SAP-Fiori-Apps für die Rückstandsbearbeitung ... 368 13.2 ... Grundlagen der Rückstandsbearbeitung in SAP S/4HANA ... 369 13.3 ... Konfiguration der Rückstandsbearbeitung ... 375 13.4 ... SAP-Beispiel für die Rückstandsbearbeitung ... 384 13.5 ... Manuelle Freigabe von Lieferungen ... 387 13.6 ... Zusammenfassung ... 390 TEIL IV. Verfügbarkeitsprüfung mit SAP APO ... 391 14. SAP-APO-Systemintegration ... 393 14.1 ... Core Interface (CIF-Schnittstelle) ... 394 14.2 ... Schnittstellenkonfiguration ... 396 14.3 ... Integrationsmodelle ... 400 14.4 ... Zusammenfassung ... 410 15. Parameter der Verfügbarkeitsprüfung in SAP APO ... 411 15.1 ... Grundlagen ... 411 15.2 ... Prüfvorschrift ... 413 15.3 ... Allgemeine Customizing-Einstellungen ... 428 15.4 ... Zusammenfassung ... 434 16. Prüfmethoden in SAP APO ... 435 16.1 ... Grundlagen ... 435 16.2 ... Produktverfügbarkeitsprüfung ... 436 16.3 ... Kontingentierung ... 458 16.4 ... Prüfung gegen Vorplanung ... 480 16.5 ... Zusammenfassung ... 490 17. Erweiterte Prüfmethoden in SAP APO ... 493 17.1 ... Kombination von Basismethoden ... 493 17.2 ... Regelbasierte Verfügbarkeitsprüfung ... 498 17.3 ... Streckenabwicklung ... 537 17.4 ... Prüfung gegen die Produktion ... 543 17.5 ... Zusammenfassung ... 564 18. Zusatzfunktionen der Verfügbarkeitsprüfung in SAP APO ... 565 18.1 ... Mehrpositionen-Einzellieferlokation ... 565 18.2 ... Konsolidierung in einer Konsolidierungslokation ... 570 18.3 ... Sicherheitsbestände in der Verfügbarkeitsprüfung berücksichtigen ... 578 18.4 ... Rundung in der Verfügbarkeitsprüfung ... 585 18.5 ... Korrelationsrechnung ... 599 18.6 ... Zusammenfassung ... 603 19. Ergebnis und Analyse der Verfügbarkeitsprüfung ... 605 19.1 ... Ergebnisdarstellung ... 605 19.2 ... Simulation ... 612 19.3 ... Verfügbarkeitsübersichten ... 614 19.4 ... ATP-Alerts ... 615 19.5 ... Analyse ... 617 19.6 ... Zusammenfassung ... 625 20. Rückstandsbearbeitung in SAP APO ... 627 20.1 ... Rückstandsbearbeitung im Hintergrund ... 627 20.2 ... Interaktive Rückstandsbearbeitung ... 646 20.3 ... Ereignisgesteuerte Mengenzuordnung ... 648 20.4 ... Zusammenfassung ... 660 21. Transport- und Versandterminierung in SAP APO ... 661 21.1 ... Grundlagen ... 661 21.2 ... Terminierung mit Konditionstechnik ... 671 21.3 ... Terminierung mit der konfigurierbaren Prozessterminierung ... 674 21.4 ... Terminierung mit SNP-Stammdaten ... 682 21.5 ... Terminierung mit der dynamischen Routenfindung ... 683 21.6 ... Simulation der Transport- und Versandterminierung ... 685 21.7 ... Zusammenfassung ... 689 Die Autoren ... 691 Index ... 693
Icinga
Monitoring – Grundlagen und PraxisNach der Einführung in die Komponenten einer Icinga-Umgebung, den wichtigsten Begriffen, der Installation und der Bedienoberfläche Icinga Web 2 folgt der praktische Einstieg in die Überwachung mit Icinga. Anhand einer fiktiven Firma wird die Einarbeitung in die Konfigurationssprache Icinga DSL gezeigt.Zentraler Punkt in diesem Buch ist die Überwachung von Linux- und Windows-Systemen mit dem Icinga-Agenten sowie generell die verteilte Überwachung mit Einsatz von Satelliten-Systemen. An praktischen Beispielen werden die erworbenen Icinga-DSL-Kenntnisse weiter vertieft: Plugins gängiger Netzwerkdienste, Einsatz von Datenbanken wie PostgreSQL, MariaDB, Oracle oder Microsoft SQL und die Einbeziehung von Virtualisierungsplattformen. Weitere Kapitel über Benachrichtigung und Abhängigkeiten, den Icinga-Director als grafikgestütztes Konfigurations-Tool, über Hochverfügbarkeit und Logmanagement, über das Modellieren von Businessprozessen und die Integration der Erfassung und Darstellung zeitlicher Verläufe runden dieses Buch ab.Autor:Lennart Betz arbeitet als Consultant und Trainer bei der Nürnberger NETWAYS GmbH. Seine Hauptarbeitsgebiete sind Planung, Aufbau und Betreuung von Monitoringlösungen, Konfigurationsmanagement und weitere Automatisierungsthemen. Schon früh während seines Mathematikstudiums beschäftigte er sich mit Freier Software und verfolgt dies auch seit dem Abschluss in seiner beruflichen Tätigkeit konsequent weiter.
Software Defined Networks
SOFTWARE DEFINED NETWORKSSOFTWARE DEFINED NETWORKING SUGGESTS AN ALTERNATIVE WORLDVIEW, ONE THAT COMES WITH A NEW SOFTWARE STACK TO WHICH THIS BOOK IS ORGANIZED, WITH THE GOAL OF PRESENTING A TOP-TO-BOTTOM TOUR OF SDN WITHOUT LEAVING ANY SIGNIFICANT GAPS THAT THE READER MIGHT SUSPECT CAN ONLY BE FILLED WITH MAGIC OR PROPRIETARY CODE.Software defined networking (SDN) is an architecture designed to make a network more flexible and easier to manage. SDN has been widely adopted across data centers, WANs, and access networks and serves as a foundational element of a comprehensive intent-based networking (IBN) architecture. Although SDN has so far been limited to automated provisioning and configuration, IBN now adds “translation” and “assurance” so that the complete network cycle can be automated, continuously aligning the network to business needs. In 14 chapters, this book provides a comprehensive understanding of an SDN-based network as a scalable distributed system running on commodity hardware. The reader will have a one-stop reference looking into the applications, architectures, functionalities, virtualization, security, and privacy challenges connected to SDN. AUDIENCEResearchers in software, IT, and electronic engineering as well as industry engineers and technologists working in areas such as network virtualization, Python network programming, CISCO ACI, software defined network, and cloud computing. ANAND NAYYAR, PHD, received his PhD in Computer Science from Desh Bhagat University in 2017 and is currently an assistant professor, Vice-Chairman (Research) and Director (IoT and Intelligent Systems Lab) in the School of Computer Science, Duy Tan University, Da Nang, Vietnam. A Certified Professional with 100+ Professional certificates from CISCO, Microsoft, Oracle, Google, Beingcert, EXIN, GAQM, Cyberoam, and many more, he has published more than 150 research articles and ISI journals, edited 30+ books, and has 60 patents to his credit.BHAWNA SINGLA, PHD, received her PhD from Thapar University, Patiala, India and is currently a professor in the Computer Science and Engineering Department, PIET College of Engineering and Technology, Samalkha, Panipat, India. She has more than 18 years of academic experience and has published more than 35 research papers in international journals/conferences and edited books. PREETI NAGRATH, PHD, is an associate professor in Bharati Vidyapeeth’s College of Engineering. She has more than 16 years of academic experience and has published more than 60 research papers in SCI-indexed journals. Preface xxi1 INTRODUCTION TO SOFTWARE DEFINED NETWORKING 1Subhra Priyadarshini Biswal and Sanjeev Patel1.1 Introduction 21.2 Terminology and Architecture 51.2.1 Infrastructure Layer 91.2.2 Southbound Interfaces Layer 111.2.3 Network Hypervisors Layer 111.2.4 Controller Layer 121.2.5 Northbound Interfaces 131.3 The Role of Network Operating Systems 141.4 SDN Versus NFV 161.5 The Role of NFV into SDN-Based IoT Systems 171.6 Challenges and Future Directions 191.7 Applications of SDN in IT Industries 211.8 Conclusion and Future Scope 23References 242 SOFTWARE-DEFINED NETWORKS: PERSPECTIVES AND APPLICATIONS 29Inderjeet Kaur, Anupama Sharma, Amita Agnihotri and Charu Agarwal2.1 Introduction 302.2 SDN Architecture 322.2.1 Key Takeaways of SDN Architecture 352.2.2 Open Flow 362.3 Functionalities of SDN 392.3.1 SDN Benefits 402.4 SDN vs. Traditional Hardware-Based Network 412.5 Load Balancing in SDN 442.5.1 SDN-Based Load Balancer in Cloud Computing 472.5.2 SDN Without Cloud Computing 492.6 SDN Security 492.6.1 Security Threats and Attacks 512.7 SDN Applications 532.8 Research Directions 552.9 Conclusion 55References 563 SOFTWARE-DEFINED NETWORKS AND ITS APPLICATIONS 63Rajender Kumar, Alankrita Aggarwal, Karun Handa, Punit Soni and Mukesh Kumar3.1 Introduction 643.2 SDN vs Traditional Networks 653.3 SDN Working: A Functional Overview 673.4 Components and Implementation Architecture 683.4.1 Components of an SDN 683.4.1.1 SDN Application 683.4.1.2 SDN Controller 693.4.1.3 SDN Datapath 693.4.1.4 SDN Control to Data-Plane Interface (CDPI) 693.4.1.5 SDN Northbound Interfaces (NBI) 693.4.1.6 SDN Control Plane: Incorporated-Hierarchical-Distributed 693.4.1.7 Controller Placement 703.4.1.8 OpenFlow and Open Source in SDN Architecture 703.4.2 SDN Design 703.4.2.1 Northward APIs 713.4.2.2 Southward APIs 713.4.2.3 Orchestrator 713.4.2.4 Controller 713.4.2.5 Compute 713.5 Implementation Architecture 723.6 Pros and Cons of SDN 723.6.1 SDN Misconceptions 733.6.2 Pros of SDN 733.6.2.1 Centralized Network Provisioning 733.6.2.2 Holistic Enterprise Management 733.6.2.3 More Granular Security 743.6.2.4 Lower Operating Costs 743.6.2.5 Hardware-Savings and Reduced Capital Expenditures 743.6.2.6 Cloud Abstraction 753.6.2.7 Guaranteed Content Delivery 753.6.3 Cons of SDN 753.6.3.1 Latency 753.6.3.2 Maintenance 753.6.3.3 Complexity 753.6.3.4 Configuration 763.6.3.5 Device Security 763.7 SDN Applications 763.7.1 SDN Environment for Applications 763.7.1.1 Internal SDN Applications 773.7.1.2 External SDN Applications 773.7.1.3 Security Services 773.7.1.4 Network Monitoring and Intelligence 773.7.1.5 Data Transmission Management 783.7.1.6 Content Availability 783.7.1.7 Guideline and Compliance-Bound Applications 783.7.1.8 Elite Applications 793.7.1.9 Circulated Application Control and Cloud Integration 793.7.2 Common Application of SDN in Enterprise Networks 793.7.2.1 Further Developed Security 803.7.2.2 Diminished Working Expenses 803.7.2.3 A Superior Client Experience 813.7.3 SDN Drives in the Enterprise 813.7.3.1 Bringing Together and Improving on the Administration Plane 813.7.3.2 Accomplishing Programmability of the Control Plane 813.7.3.3 Simple Client Onboarding 823.7.3.4 Simple Endpoint Security 823.7.3.5 Simple Traffic Checking 823.7.3.6 SES Client Onboarding 833.7.3.7 Client Onboarding 833.7.3.8 SES Simple Endpoint Security: Distinguishing Dubious Traffic 833.7.3.9 SES Simple Traffic Observing 843.7.3.10 Synopsis 843.7.4 SDN Stream Sending (SDN) 843.7.4.1 Proactive Versus Reactive Versus Hybrid 843.7.4.2 DMN 853.7.4.3 SD-WAN 853.7.4.4 SD-LAN 853.7.4.5 Security Using the SDN Worldview 853.7.5 Security Utilizing the SDN Paradigm 863.7.6 Gathering Data Delivery Using SDN 873.7.7 Relationship of SDN to NFV 873.8 Future Research Directions of SDN 883.9 Conclusion & Future Scope 89References 904 LATENCY-BASED ROUTING FOR SDN-OPENFLOW NETWORKS 97Hima Bindu Valiveti, Meenakshi K, Swaraja K, Jagannadha Swamy Tata, Chaitanya Duggineni, Swetha Namburu and Sri Indrani Kotamraju4.1 Introduction to Generations of Networks 984.2 Features of 5G Systems 994.3 Software-Defined Networking (SDN) 1024.4 Proposed Work 1054.4.1 Path Selection Algorithm 1064.4.2 Optimized Path Selection 1064.4.2.1 Forwarding Node Selection 1064.4.2.2 Priority Scheduling 1084.4.2.3 Priority Classification 1084.5 Experimentation and Results 1094.5.1 Implementation of Traffic Streaming 1094.6 Performance Analysis 1134.7 Conclusion and Future Scope 116References 1165 QOS IMPROVEMENT EVALUATION WITH AN EFFECTIVE SWITCH ASSIGNMENT TO THE CONTROLLER IN REAL-TIME SDN ENVIRONMENT 119Jehad Ali and Byeong-hee Roh5.1 Introduction 1205.1.1 Objectives 1215.2 Architecture of SDN 1215.2.1 Data Plane 1235.2.2 Southbound (SB) APIs 1235.2.3 NB API 1245.2.4 Management Plane 1255.2.5 Control Plane 1255.3 Controller Placement Effect on the QoS 1255.4 Communication between the Control and Data Planes 1265.5 Related Works 1285.6 Parameters for Computing E2E Delay 1295.6.1 Path Discovery Delay (PD) 1295.6.2 Actual Delay (AD) 1295.7 Clustering Based on the Latency of the Emulated Mininet Network 1305.8 Results and Discussion 1315.9 Conclusion and Future Directions 133References 1346 AN INSIGHT INTO TRAFFIC ENGINEERING IN SOFTWARE-DEFINED NETWORKS 137Prabu U. and Geetha V.6.1 Introduction 1386.2 Related Works 1426.3 Review on Traffic Engineering Techniques in SDN 1456.4 Review on Traffic Engineering Techniques in Hybrid SDN 1636.5 Review on Traffic Matrix Estimation and Measurement Techniques in SDN 1696.6 Analysis and Research Direction 1776.7 Conclusion and Future Scope 179References 1797 NETWORK FUNCTIONS VIRTUALIZATION AND SDN 191Priyanka Kujur and Sanjeev Patel7.1 Introduction 1927.2 Types of Virtualizations 1947.2.1 Server Virtualization 1947.2.2 Network Virtualization 1957.2.3 Application Virtualization 1957.2.4 Desktop Virtualization 1977.2.5 Storage Virtualization 1977.3 Wireless Network Virtualization 1987.3.1 Radio Spectrum Resources 1987.3.2 Wireless Network Infrastructure 1997.3.3 Wireless Virtual Resources 2007.3.3.1 Spectrum-Level Slicing 2007.3.3.2 Infrastructure-Level Slicing 2007.3.3.3 Network-Level Slicing 2007.3.3.4 Flow-Level Slicing 2007.3.4 Wireless Virtualization Controller 2017.4 Network Functions Virtualization and Software-Defined Network 2017.4.1 Network Virtualization 2017.4.2 Network Functions Virtualization 2017.4.2.1 Network Functions Virtualization Infrastructure 2027.4.2.2 Virtual Network Functions 2037.4.2.3 Network Functions Virtualization Management and Orchestration 2037.4.2.4 NFV Challenges 2047.4.3 Benefits of NFV 2047.4.3.1 Coexistence of Dissimilar Network 2047.4.3.2 Encouraging Network Innovation 2047.4.3.3 Deployment of Agile Network Capabilities 2047.4.3.4 Provisioning of Independent and Diverse Networks 2057.4.3.5 Resource Optimization 2057.4.3.6 Deployment of Distinct Network Services 2057.4.4 Software-Defined Networking (SDN) 2057.4.4.1 Traditional Networks 2057.4.4.2 Need for New Network Architecture 2067.4.4.3 Introduction to SDN 2067.4.4.4 SDN Implementation 2087.4.4.5 SDN Design 2087.4.4.6 SDN Operation 2097.4.5 Open Flow 2107.4.5.1 Open Flow Architecture 2117.4.5.2 Defining Flow in Open Flow 2127.4.5.3 Flow and Group Table 2137.4.6 SDN Benefits 2147.4.6.1 Centralized Network 2147.4.6.2 Programmability of the Network 2147.4.6.3 Rise of Virtualization 2147.4.6.4 Lower Operating Cost 2157.4.6.5 Device Configuration and Troubleshooting 2157.4.7 SDN Challenges 2157.4.7.1 Reliability 2157.4.7.2 Scalability 2157.4.7.3 Performance Under Latency Constraints 2167.4.7.4 Use of Low-Level Interface Between the Controller and the Network Device 2167.4.7.5 Controller Placement Problem 2167.4.7.6 Security 2177.4.8 SDN versus Traditional Network 2177.4.9 Network Function Virtualization versus SDN 2187.5 SDN Architecture 2197.5.1 Data Plane 2197.5.2 Control Plane 2207.5.3 Application Layer 2207.6 Software-Defined Networking Application 2207.6.1 Adaptive Routing 2207.6.2 Load Balancing 2217.6.3 Boundless Roaming 2217.6.4 Network Maintenance 2227.6.5 Network Security 2227.6.6 SDN for Cloud Computing 2227.6.7 Internet of Things 2247.7 Conclusion and Future Scope 224References 2258 SDN-ENABLED NETWORK VIRTUALIZATION AND ITS APPLICATIONS 231Anil Kumar Rangsietti and Siva Sairam Prasad Kodali8.1 Introduction 2328.2 Traditional Cloud Data Centers 2348.2.1 SDN for Enabling Innovative Traffic Engineering Tasks in Cloud Data Centers 2368.2.1.1 Optimal Routing Mechanisms 2368.2.1.2 Flexible Traffic Steering During Network Failure Recovery 2388.2.1.3 Improved Topology Management Mechanisms 2388.2.1.4 Innovative Traffic Analysis and Monitoring Mechanisms 2398.2.1.5 General Challenges in Adopting SDN 2398.2.2 SDN Role in Flexible Network Virtualization 2418.2.2.1 Sharing of Physical Infrastructure and Enforcing Multiple Customer Policies 2428.2.2.2 Strict Customer Policies Enforcement and Service Level Agreements (SLA) Guarantee 2438.2.2.3 Failures of Devices or Links 2438.2.2.4 Optimal Utilization of Cloud Resources 2448.3 Importance of SDN in Network Function Virtualization (NFV) 2458.3.1 Network Service Chaining (NSC) 2488.3.2 Importance of NFs Placement in a Cloud Environment 2498.3.3 Importance of NF Placement and Scaling in NSC 2518.4 SDN and Network Virtualization Role in Evolution of Next-Generation Wi-Fi and Mobile Networks 2538.4.1 Software-Defined Solutions for Enterprise Wireless LANs (WLANs) 2538.4.1.1 Software-Defined APs 2548.4.1.2 SDN Switches and Controller 2568.4.2 Software-Defined Mobile Networks and Telecommunication Clouds 2588.4.3 Necessity and Importance of Telecommunication Clouds 2598.4.3.1 SDN- and NFV-Enabled Cloud Environments 2608.4.3.2 Lightweight Virtualization Technologies 2618.4.3.3 Novel Application Architecture, Such as Cloud Native Applications and Microservices 2638.5 SDN and NFV Role in 5G and Smart Cities 2648.5.1 SDN and NFV Role in Designing Deployment Environment for IoT Applications 2658.5.2 Cloud-Fog-Edge Computing Environments 2668.5.3 SDN- and NFV-Enabled 5G and Network Slicing Deployment 2698.6 Conclusions and Future Scope 271References 2729 SOFTWARE-DEFINED NETWORKING: RECENT DEVELOPMENTS AND POTENTIAL SYNERGIES 279Jasminder Kaur Sandhu, Bhawna Singla, Meena Pundir, Sanjeev Rao and Anil Kumar Verma9.1 Introduction 2809.2 Characteristics of Software-Defined Networking 2829.2.1 Open Standards and Vendor Neutral 2829.2.2 Centrally Managed 2839.2.3 Decoupled 2839.2.4 Dynamic/Agile 2839.2.5 Flow-Based Management 2839.2.6 Programmable 2839.3 Applications of Software-Defined Networking 2849.3.1 Specific Purposes 2849.3.1.1 Network Management 2849.3.1.2 Middle-Box 2849.3.2 Security 2859.3.3 Networks 2859.3.3.1 Optical Network 2869.3.3.2 Home Network 2869.3.3.3 Wireless Network 2869.4 Security Issues in Software-Defined Networking 2879.4.1 Authentication and Authorization 2879.4.2 Access Control and Accountability 2889.4.3 Threats from Applications 2899.4.4 Threats Due to Scalability 2899.4.5 Denial of Service (DoS) Attacks 2909.4.6 Challenges in Distributed Control Plane 2909.5 Potential Attacks in Software-Defined Networking 2919.5.1 Spoofing 2919.5.2 ARP Spoofing 2919.5.2.1 IP Spoofing 2939.5.3 Tampering 2939.5.4 Repudiation 2949.5.5 Information Disclosure 2959.5.6 DoS 2959.5.7 Elevation of Privilege 2969.6 Solutions to Security Issues and Attacks in Software-Defined Networking 2979.6.1 Spoofing 2979.6.1.1 ARP Spoofing 2979.6.1.2 IP Spoofing 3019.6.2 Tampering 3019.6.3 Repudiation 3019.6.3.1 Nonrepudiation Verification 3019.6.3.2 Accountability 3029.6.4 Information Disclosure 3029.6.4.1 Scanning-Based Solutions 3029.6.4.2 Information Disclosure Countermeasure 3029.6.5 Denial of Service (DoS) 3029.6.6 Elevation of Privilege 3039.7 Software-Defined Networking Framework 3039.7.1 Global Flow Table 3049.7.2 VNGuard 3049.8 Security Enhancement Using the Software-Defined Networking Framework 3059.8.1 SDN Firewall 3059.8.2 Access Control 3079.8.3 Intrusion Detection System/Intrusion Prevention System (IDS/IPS) 3079.8.4 SDN Policies 3079.8.5 Monitoring and Auditing 3089.8.6 Privacy Protection 3089.8.7 SDN WiFi Networks 3089.8.8 Mobile SDN 3099.8.9 BYOD 3099.8.10 SDN Open Labs 3099.9 Open Challenge 3109.9.1 Interaction Between Different Controllers and Switches 3109.9.2 Controller Security 3109.9.3 Managing Heterogenous Controllers 3109.9.4 Standard Protocol for Controller 3119.9.5 Standard Protocol Between Control and Management Plane 3119.9.6 Managing the Load Between Controllers 3119.10 Recommended Best Practices 3119.10.1 Authentication 3129.10.2 Access Control 3129.10.3 Data Confidentiality 3129.10.4 Nonrepudiation 3129.10.5 Data Integrity 3139.10.6 Communication Security 3139.10.7 Privacy 3139.10.8 Availability 3139.11 Conclusion and Future Scope 314References 31510 SECURITY CHALLENGES AND ANALYSIS FOR SDN-BASED NETWORKS 321Priyanka Kujur, Subhra Priyadarshini Biswal and Sanjeev Patel10.1 Introduction 32210.2 Threat Model 32510.2.1 Spoofing 32510.2.2 Tampering 32510.2.3 Repudiation 32510.2.4 Information Disclosure 32510.2.5 Denial of Service 32610.2.6 Elevation of Privileges 32610.2.7 Threats in SDN Networks 32610.2.7.1 Attack Surface in SDN 32610.2.7.2 Security Issues in SDN 32710.2.7.3 Addressing SDN Security Matters 32810.2.7.4 Attack to the SDN Architecture 32810.2.8 Policy-Based SDN Security Architecture 33010.3 Control Plane Security of SDN 33110.3.1 Application Coexistence 33110.3.2 Flow Constraints vs. Flow Circuits 33210.3.3 An Application Permission Model 33210.3.4 Application Accountability 33210.3.5 Toward a Security-Enhanced Control Layer 33210.4 Security Analysis 33210.5 Network-Wide Security in SDN 33310.5.1 Security Systems Development 33410.5.2 Flow Sampling 33510.5.3 Traffic Monitoring 33610.5.4 Access Control 33710.5.5 Content Inspection 33710.5.6 Network Resilience 33810.5.7 Security Middle Boxes 33910.5.8 Security Challenges in SDN 33910.6 SDN-Based Virtual and Cloud Networks Security 34010.6.1 Virtual Networks Security 34010.6.2 Cloud Networks Security 34010.7 SDN-Based Secure IoT Frameworks 34110.8 Conclusion and Future Scope 341References 34211 A NOVEL SECURE SDN ARCHITECTURE FOR RELIABLE DATA TRANSMISSION IN 5G NETWORKS 347J. Sathiamoorthy, Usha M. and R. Bhagavath Nishant11.1 Introduction 34811.1.1 Organization of the Chapter 35211.2 Related Work 35211.3 SDN-5G Networks—What Does the Future Hold? 35611.4 Layers in SDN-5G Networks 35811.5 Security Threats 35911.5.1 Control Plane 36011.5.2 Data Plane 36111.5.3 Application Plane 36111.6 SDN-5G Networks—Possible Attacks and Threats 36211.6.1 Distributed Denial of Services (DDoS) 36211.6.2 Solution for DDoS—To Analyze User’s Behavior via Detection Through Entropy 36311.6.3 Solution for Packet Sniffing 36311.6.4 Steps in the Handshake Process 36411.6.5 ARP Spoofing Attack 36511.6.5.1 ARP Authentication 36511.6.5.2 Operating System Patching 36511.6.5.3 API Exploitation 36611.6.5.4 Password Guessing or Brute Force 36611. 7 Proposed Methodology 36711.7.1 Strong Security Architecture for SDN-Based 5G Networks 36711.8 Security Analysis 37311.8.1 IP Spoofing 37311.8.2 MITM Attack 37911.8.3 Replay Attack 37911.9 Conclusion and Future Scope 388References 38812 SECURITY AND PRIVACY ISSUES IN 5G/6G-ASSISTED SOFTWARE-DEFINED NETWORKS 391Durbadal Chattaraj and Ashok Kumar Das12.1 Introduction 39212.1.1 SDN Applications 39412.1.2 Security and Privacy Issues in SDN 39612.1.3 Chapter Contributions 39712.1.4 Chapter Organization 39712.2 Security and Functionality Requirements in SDN 39812.3 Network and Threat Models 39912.3.1 Network Model 39912.3.2 Adversary Model 40212.4 Taxonomy of Security Protocols in SDN 40512.5 Security Solutions in SDN 40612.5.1 Authentication 40712.5.2 Access Control 40812.5.3 Key Management 40912.5.4 Intrusion Detection 41012.5.5 Blockchain-Based Security Solution 41212.6 Comparative Analysis 41312.6.1 Comparative Analysis on Communication and Computational Costs 41412.6.2 Comparative Analysis on Security Features 41512.7 Conclusion and Future Scopes 419References 42013 EVOLVING REQUIREMENTS AND APPLICATION OF SDN AND IOT IN THE CONTEXT OF INDUSTRY 4.0, BLOCKCHAIN AND ARTIFICIAL INTELLIGENCE 427Sunil Kr. Singh, Sunil Kr Sharma, Dipesh Singla and Shabeg Singh Gill13.1 Introduction 42813.2 Objectives of the Chapter 43013.3 Organization of the Chapter 43113.4 Software-Defined Network Architecture 43113.4.1 SDN Planes 43413.4.1.1 Control Plane 43413.4.1.2 Data Plane 43413.4.1.3 Application/Management Plane 43513.4.2 QoS: Quality of Service 43613.4.2.1 Jitter 43613.4.2.2 Packet Loss 43613.4.2.3 Bandwidth 43713.4.2.4 Latency 43713.4.3 OpenQoS 43713.4.4 Secondnet 43813.4.5 OpenQFlow 44013.4.6 CloudNaaS 44113.4.7 Scalable QoS and Automated Control for Network Convergence 44213.5 Security 44213.5.1 Fresco 44213.5.2 NetFuse 44313.5.3 Scalability 44413.5.4 DIFANE 44413.5.5 DevoFlow 44513.5.6 Maestro 44513.5.7 Load Balancing 44613.5.8 AsterX 44613.5.9 OpenFlow-Based Server Load Balancing Gone Wild 44713.6 Software-Defined Network (SDN) With IoT 44713.7 SDN-Based IoT Architecture 44813.7.1 IoT’s Architecture With Software Programming Functions 44913.7.2 SDN Controllers 44913.7.3 Gateways/Routers 45113.7.4 Sinks 45213.7.5 Data Center 45213.7.6 Design Principles 45313.7.7 Dynamic Deployment of Security Policies 45413.8 Role of SDN and IoT in Industry 4.0 45613.8.1 Industry 4.0 Explained 45713.8.1.1 Mass Customization 45713.8.1.2 Flexibility 45713.8.1.3 Additive Manufacturing 45713.8.1.4 Better Decision Making 45813.8.1.5 Simulation and Digital Twins 45813.8.1.6 Integrated Supply Chain 45813.8.1.7 Energy Management 45813.8.1.8 Creating Value from Big Data 45913.8.1.9 Cyber-Physical Systems 45913.8.2 Brokerage Services 46213.8.3 Man4Ware 46413.8.4 Security 46613.8.5 Additional Advanced Service Alternatives 46713.8.6 Interconnection and Integration Between IoT and Industry 4.0 46713.9 Work in Related Domains of IoT 46813.10 IoT Computing and Management With SDN 47013.10.1 Edge Computing 47013.10.2 Convergence of NFV and Edge Computing 47113.10.3 Use of Artificial Intelligence (AI) in Software-Defined Networks (SDN) 47213.10.4 SDN Network Structure and OpenFlow (OF) Protocol 47313.11 Scope of Blockchain to Secure IoT Using SDN 47413.11.1 The Architecture of Blockchain-Based SDN 47513.11.2 Workflow of BC-SDN and Smart Contracts 47713.11.2.1 Key Components of Workflow 47813.12 SDN in Various Emerging Areas of IoT 48113.13 Conclusion and Future Scope 486References 48914 SDN-BASED CLOUD COMBINING EDGE COMPUTING FOR IOT INFRASTRUCTURE 497Jyoti Snehi, Manish Snehi, Devendra Prasad, Sarita Simaiya, Isha Kansal and Vidhu Baggan14.1 Introduction 49814.1.1 Architecture of SDN vs. Traditional Networks 50314.1.2 SDN/NFV Tiers 50414.1.3 Objective of Chapter 50914.1.4 Organization of Chapter 50914.2 Challenges with SDN-Based Cloud and NFV Technologies for IoT 51014.3 Literature Survey 51914.4 Knowledge-Driven SDN-Based IoT Architecture That Leverages Edge Cloud 52614.5 Discussion and Future Recommendation 53214.6 Conclusion 533References 533Index 541
Microsoft 365 - das umfassende Handbuch (6. Auflg.)
Microsoft 365 für Administratoren, 6. aktualisierte AuflageDas Standardwerk für die Administration von Microsoft 365! Mit den erprobten Anleitungen dieses umfassenden Handbuchs administrieren Sie die Daten Ihres Unternehmens sicher in der Cloud. Ob Sie die Microsoft 365-Dienste in Ihre bestehende IT-Infrastruktur integrieren wollen oder Ihre Nutzerdaten in die Microsoft-Cloud migrieren möchten: Markus Widl, Technologieberater für Microsoft 365, zeigt Ihnen von der Active-Directory-Integration bis zur Automation von wiederkehrenden Aufgaben mit der PowerShell die besten Lösungen bei der Arbeit mit Microsoft 365. Getestete Skripte und ein großes Referenz-Poster inklusive.Aus dem Inhalt:Was ist Microsoft 365?GrundkonfigurationArbeit mit der PowerShellIdentitäten und Active-Directory-SynchronisierungOffice, Project und VisioOneDrive for Business Online, Skype for Business OnlineAzure Rights Management ServicesExchange Online, SharePoint OnlineMicrosoft TeamsDelve und MyAnalyticsWeitere Dienste: Yammer, Planer, Sway, Teams, Mobile Device ManagementLeseprobe (PDF-Link)Zum Autor:Markus Widl arbeitet seit mehr als 20 Jahren als Berater, Entwickler und Trainer in der IT. Sein Fokus liegt auf Cloudtechnologien wie Microsoft 365 und Azure.
Produktentwicklung mit SAP Recipe Development
Von der Produktidee über die Verwaltung von Spezifikationen und Inhaltsstoffen bis hin zur Etikettierung und Übergabe an die Produktion: In diesem Buch erfahren Sie, welche Funktionen in SAP Recipe Development zur Verfügung stehen. Die Autorin veranschaulicht, wie Sie SAP Recipe Development erfolgreich in Ihre Systemlandschaft einbinden und die passenden Customizing-Einstellungen finden. Auch die Umstellung auf SAP S/4HANA wird behandelt. Aus dem Inhalt: Produktentwicklung in der ProzessindustrieIntegration in QM, PP und PSICF-Services, Transporte, StandardrollenStammdatenSpezifikationFormeln und BerechnungsergebnisseHerstellverfahren und ProzesseEtikettierungReports, Hilfsmittel und TabellenSAP ERP vs. SAP S/4HANASAP Recipe Management vs. SAP Recipe Development Vorwort ... 19 Einleitung ... 21 1. Technische Voraussetzungen und Grundkonfiguration ... 27 1.1 ... Verfügbarkeit ... 28 1.2 ... Softwarekomponente ... 29 1.3 ... Relevante Server ... 30 1.4 ... Business Functions ... 33 1.5 ... Switch BC-Sets ... 35 1.6 ... OData-Services und ICF-Services ... 37 1.7 ... Transporte ... 41 1.8 ... Standardinhalte generieren ... 42 1.9 ... Standardrollen ... 50 1.10 ... ALE-Verteilung ... 51 1.11 ... Zusammenfassung ... 58 2. Stammdaten ... 59 2.1 ... Stammdaten von SAP Recipe Development ... 60 2.2 ... Stammdaten angrenzender SAP-Komponenten ... 71 2.3 ... Zusammenfassung ... 78 3. Spezifikation -- Funktionsumfang und grundlegende Stammdatenobjekte ... 79 3.1 ... Funktionsumfang ... 80 3.2 ... Phrasenverwaltung ... 105 3.3 ... Merkmal ... 112 3.4 ... Klasse ... 126 3.5 ... Zusammenfassung ... 131 4. Spezifikation -- Customizing ... 133 4.1 ... Spezifikationstypen ... 134 4.2 ... Spezifikationsarten ... 138 4.3 ... Berechtigungsgruppen ... 144 4.4 ... Identifikatoren ... 147 4.5 ... Stoffnatur ... 152 4.6 ... Materialzuordnung ... 154 4.7 ... Beziehungen ... 156 4.8 ... Komponentenarten ... 158 4.9 ... Ausnahmewerte ... 163 4.10 ... Verwendung und Verwendungsprofile ... 167 4.11 ... Bewertungsart ... 172 4.12 ... Eigenschaftsbaum ... 183 4.13 ... Änderungsdienst ... 196 4.14 ... Kopfstatus ... 197 4.15 ... Vererbung und Kopie ... 203 4.16 ... Funktionen im Menü definieren ... 208 4.17 ... Ausgabemethoden ... 210 4.18 ... Daten für das Rezept ... 211 4.19 ... Spezifikationssuche ... 215 4.20 ... Zusammenfassung ... 217 5. Grundlagen des Rezepts ... 219 5.1 ... Funktionsumfang ... 219 5.2 ... Formel, Berechnungsergebnisse und Prozess ... 256 5.3 ... Rezeptarten ... 260 5.4 ... Rezeptzwecke definieren ... 268 5.5 ... Allgemeine Einstellungen ... 269 5.6 ... Berechtigungsgruppen ... 274 5.7 ... Funktionen in der Rezeptentwicklung ausblenden ... 276 5.8 ... Status ... 277 5.9 ... Vorgabenprüfung ... 284 5.10 ... Massenänderung ... 284 5.11 ... Eigenschaftsspezifikation ... 290 5.12 ... Rezeptsuche ... 295 5.13 ... Zusammenfassung ... 300 6. Formel und Berechnungsergebnisse ... 301 6.1 ... Formel ... 301 6.2 ... Berechnungsergebnisse ... 326 6.3 ... Darstellung der Berechnungsergebnisse ... 354 6.4 ... Zusammenfassung ... 362 7. Herstellverfahren in der Sicht »Prozess« ... 363 7.1 ... Prozessgrundlagen ... 363 7.2 ... Prozesselemente ... 364 7.3 ... Ausrüstungsanforderung ... 375 7.4 ... Prozessparameter ... 377 7.5 ... Prozessbaustein ... 380 7.6 ... Zusammenfassung ... 390 8. Etikett ... 391 8.1 ... Überblick über das Etikett ... 391 8.2 ... Grund-Customizing ... 399 8.3 ... Inhaltsstoffetikett ... 411 8.4 ... Qualitatives Etikett ... 418 8.5 ... Komponentenetikett ... 422 8.6 ... Packungsetikett ... 434 8.7 ... XML-Export ... 439 8.8 ... Zusammenfassung ... 441 9. Vorgabenprüfung ... 443 9.1 ... Allgemeines ... 444 9.2 ... Grundkonfiguration ... 444 9.3 ... Vorgaben für Nährstoffe/quantitative Komponenten ... 455 9.4 ... Vorgaben für qualitative Komponenten ... 458 9.5 ... Vorgaben für Listenstoffe ... 462 9.6 ... Stoffgruppen ... 466 9.7 ... Vorgabenschnellbearbeitung ... 468 9.8 ... Ausführung der Vorgabenprüfung ... 469 9.9 ... Prüfergebnisse ... 475 9.10 ... Zusammenfassung ... 478 10. SAP Recipe Development unter SAP ERP und SAP S/4HANA -- Unterschiede ... 481 10.1 ... Benutzeroberfläche ... 481 10.2 ... Spezifikation ... 484 10.3 ... Rezept ... 493 10.4 ... Zusammenfassung ... 496 11. Integration von SAP Recipe Development mit anderen SAPKomponenten ... 497 11.1 ... Materialstamm ... 497 11.2 ... Produktion ... 504 11.3 ... Qualitätsmanagement ... 536 11.4 ... Projektsystem ... 544 11.5 ... Zusammenfassung ... 546 12. Migration der Produktentwicklung nach SAP S/4HANA ... 547 12.1 ... Wechsel nach SAP S/4HANA auf der Basis von SAP Recipe Management ... 547 12.2 ... Wechsel nach SAP S/4HANA auf der Basis von SAP Recipe Development ... 557 12.3 ... Zusammenfassung ... 557 Glossar ... 559 Die Autorin ... 565 Index ... 567
Cybersecurity in Smart Homes
Smart homes use Internet-connected devices, artificial intelligence, protocols and numerous technologies to enable people to remotely monitor their home, as well as manage various systems within it via the Internet using a smartphone or a computer. A smart home is programmed to act autonomously to improve comfort levels, save energy and potentially ensure safety; the result is a better way of life. Innovative solutions continue to be developed by researchers and engineers and thus smart home technologies are constantly evolving. By the same token, cybercrime is also becoming more prevalent. Indeed, a smart home system is made up of connected devices that cybercriminals can infiltrate to access private information, commit cyber vandalism or infect devices using botnets. This book addresses cyber attacks such as sniffing, port scanning, address spoofing, session hijacking, ransomware and denial of service. It presents, analyzes and discusses the various aspects of cybersecurity as well as solutions proposed by the research community to counter the risks. Cybersecurity in Smart Homes is intended for people who wish to understand the architectures, protocols and different technologies used in smart homes.RIDA KHATOUN is Associate Professor at Telecom ParisTech, France. His current research interests are focused on cybersecurity in areas such as connected cars, cloud computing and the Internet of Things, as well as cybersecurity architectures, intrusion detection systems and blockchain technology.CHAPTER 1 HOME AUTOMATION SOLUTIONS FOR SECUREWSN 1Corinna SCHMITT and Marvin WEBER1.1 Introduction 21.2 Background 41.2.1 SecureWSN 41.2.2 Communication standards 81.2.3 The monitor-analyse-plan-execute-knowledge model 121.2.4 Hardware and libraries 141.3 Design decisions 151.3.1 Requirements 161.3.2 HAIFA architecture 181.3.3 WebMaDa integration 291.4 Implementation 301.4.1 CoMaDa integration 301.4.2 HAIFA’s ZigBee Gateway 481.4.3 WebMaDa integration 551.4.4 Uploading HA data to WebMaDa 561.4.5 Sending HA messages from WebMaDa to CoMaDa 591.4.6 WebMaDa’s frontend 621.5 Evaluation of HAIFA 641.5.1 Actuator interoperability (R1) 651.5.2 Rule-based automation (R2) 651.5.3 Node hardware interoperability (R3) 681.5.4 CoMaDa and WebMaDa management (R4) 681.6 Summary and conclusions 681.7 Acknowledgements 691.8 References 70CHAPTER 2 SMART HOME DEVICE SECURITY: A SURVEY OF SMART HOME AUTHENTICATION METHODS WITH A FOCUS ON MUTUAL AUTHENTICATION AND KEY MANAGEMENT PRACTICES 75Robinson RAJU and Melody MOH2.1 Introduction 752.2 Smart home – introduction and technologies 772.2.1 Smart home – introduction 772.2.2 Smart home devices – categories 792.3 Smart home security 802.3.1 Threats 812.3.2 Vulnerabilities 822.3.3 IoT communication protocols 842.3.4 Enhancements to IoT communication protocols 862.3.5 IoT security architectures 872.4 Smart home authentication mechanisms 912.4.1 Stages of defining an authentication protocol for IoT 922.4.2 Taxonomy of authentication schemes for IoT 932.5 A primer on mutual authentication and key management terminologies 962.5.1 X.509 certificate 972.5.2 CoAP and DTLS 992.5.3 Tls 1.3 1012.5.4 Key management fundamentals 1022.6 Mutual authentication in smart home systems 1042.6.1 Device and user onboarding 1052.6.2 Flow of user authentication and authorization 1062.6.3 Examples of mutual authentication schemes 1072.7 Challenges and open research issues 1122.8 Conclusion 1132.9 References 114CHAPTER 3 SRAM PHYSICALLY UNCLONABLE FUNCTIONS FOR SMART HOME IOT TELEHEALTH ENVIRONMENTS 125Fayez GEBALI and Mohammad MAMUN3.1 Introduction 1263.2 Related literature 1293.3 System design considerations 1303.4 Silicon physically unclonable functions (PUF) 1313.4.1 Mutual authentication and key exchange using PUF 1323.4.2 Fuzzy extractor 1333.5 Convolutional encoding and Viterbi decoding the SRAM words 1333.6 CMOS SRAM PUF construction 1363.6.1 SRAM PUF statistical model 1383.6.2 Extracting the SRAM cell statistical parameters 1413.6.3 Obtaining the golden SRAM PUF memory content 1423.6.4 Bit error rate (BER) 1423.6.5 Signal-to-noise ratio (SNR) for SRAM PUF 1433.7 Algorithms for issuing CRP 1443.7.1 Algorithm #1: single-challenge 1443.7.2 Algorithm #2: repeated challenge 1473.7.3 Algorithm #3: repeated challenge with bit selection 1483.8 Security of PUF-based IoT devices 1503.9 Conclusions 1513.10 Acknowledgements 1513.11 References 151CHAPTER 4 IOT NETWORK SECURITY IN SMART HOMES 155Manju LATA and Vikas KUMAR4.1 Introduction 1564.2 IoT and smart home security 1594.3 IoT network security 1644.4 Prevailing standards and initiatives 1694.5 Conclusion 1724.6 References 172CHAPTER 5 IOT IN A NEW AGE OF UNIFIED AND ZERO-TRUST NETWORKS AND INCREASED PRIVACY PROTECTION 177Sava ZXIVANOVICH, Branislav TODOROVIC, Jean Pierre LORRÉ, Darko TRIFUNOVIC, Adrian KOTELBA, Ramin SADRE and Axel LEGAY5.1 Introduction 1785.2 Internet of Things 1795.3 IoT security and privacy challenges 1825.3.1 Security challenges 1835.3.2 Privacy challenges 1845.4 Literature review 1875.5 Security and privacy protection with a zero-trust approach 1905.6 Case study: secure and private interactive intelligent conversational 1935.6.1 LinTO technical characteristics 1945.6.2 Use case 1955.6.3 Use case mapping on the reference architecture 1975.7 Discussion 1975.8 Conclusion 1985.9 Acknowledgements 1995.10 References 199CHAPTER 6 IOT, DEEP LEARNING AND CYBERSECURITY IN SMART HOMES: A SURVEY 203Mirna ATIEH, Omar MOHAMMAD, Ali SABRA and Nehme RMAYTI6.1 Introduction 2036.2 Problems encountered 2056.3 State of the art 2076.3.1 IoT overview 2076.3.2 History 2086.3.3 Literature review 2086.3.4 Advantages, disadvantages and challenges 2096.4 IoT architecture 2126.4.1 Sensing layer 2136.4.2 Network layer 2136.4.3 Service layer 2136.4.4 Application–interface layer 2136.5 IoT security 2146.5.1 Security in the sensing layer 2146.5.2 Security in the network layer 2156.5.3 Security in the service layer 2156.5.4 Security in the application–interface layer: 2166.5.5 Cross-layer threats 2166.5.6 Security attacks 2166.5.7 Security requirements in IOT 2186.5.8 Security solutions for IOT 2196.6 Artificial intelligence, machine learning and deep learning 2216.6.1 Artificial intelligence 2226.6.2 Machine learning 2226.6.3 Deep learning 2246.6.4 Deep learning vs machine learning 2256.7 Smart homes 2276.7.1 Human activity recognition in smart homes 2276.7.2 Neural network algorithm for human activity recognition 2286.7.3 Deep neural networks used in human activity recognition 2306.8 Anomaly detection in smart homes 2336.8.1 What are anomalies? 2336.8.2 Types of anomaly 2336.8.3 Categories of anomaly detection techniques 2336.8.4 Related work of anomaly detection in smart homes 2346.9 Conclusion 2376.10 References 238CHAPTER 7 STIKI: A MUTUAL AUTHENTICATION PROTOCOL FOR CONSTRAINED SENSOR DEVICES 245Corinna SCHMITT, Severin SIFFERT and Burkhard STILLER7.1 Introduction 2467.2 Definitions and history of IoT 2487.3 IoT-related security concerns 2517.3.1 Security analysis guidelines 2537.3.2 Security analysis by threat models 2557.3.3 sTiki’s security expectations 2567.4 Background knowledge for sTiki 2587.4.1 Application dependencies for sTiki 2587.4.2 Inspiring resource-efficient security protocols 2607.5 The sTiki protocol 2647.5.1 Design decisions taken 2667.5.2 Implementation of sTiki’s components 2677.6 sTiki’s evaluation 2707.6.1 Secured communication between aggregator and server 2717.6.2 Secured communication between collector and aggregator 2757.6.3 Communication costs 2767.6.4 Integration into an existing system 2777.6.5 Comparison to existing approaches 2787.7 Summary and conclusions 2797.8 Acknowledgements 2807.9 References 281List of Authors 287Index 289
Practical Industrial Cybersecurity
A PRACTICAL ROADMAP TO PROTECTING AGAINST CYBERATTACKS IN INDUSTRIAL ENVIRONMENTSIn Practical Industrial Cybersecurity: ICS, Industry 4.0, and IIoT, veteran electronics and computer security author Charles J. Brooks and electrical grid cybersecurity expert Philip Craig deliver an authoritative and robust discussion of how to meet modern industrial cybersecurity challenges. The book outlines the tools and techniques used by practitioners in the industry today, as well as the foundations of the professional cybersecurity skillset required to succeed on the SANS Global Industrial Cyber Security Professional (GICSP) exam. Full of hands-on explanations and practical guidance, this book also includes:* Comprehensive coverage consistent with the National Institute of Standards and Technology guidelines for establishing secure industrial control systems (ICS)* Rigorous explorations of ICS architecture, module and element hardening, security assessment, security governance, risk management, and morePractical Industrial Cybersecurity is an indispensable read for anyone preparing for the Global Industrial Cyber Security Professional (GICSP) exam offered by the Global Information Assurance Certification (GIAC). It also belongs on the bookshelves of cybersecurity personnel at industrial process control and utility companies. Practical Industrial Cybersecurity provides key insights to the Purdue ANSI/ISA 95 Industrial Network Security reference model and how it is implemented from the production floor level to the Internet connection of the corporate network. It is a valuable tool for professionals already working in the ICS/Utility network environment, IT cybersecurity personnel transitioning to the OT network environment, and those looking for a rewarding entry point into the cybersecurity field. CHARLES J. BROOKS is the co-Owner and Vice President of Educational Technologies Group Inc and the co-Owner of eITPrep LLP. He oversees research and product development at those organizations and has authored several books, including the A+ Certification Training Guide and The Complete Introductory Computer Course. For the past eight years Charles has been lecturing and providing Instructor training for cybersecurity teachers throughout the U.S. and abroad. His latest projects have been associated with IT and OT cybersecurity courses and hands-on lab activities that include Cybersecurity Essentials — Concepts & Practices; Cybersecurity Essentials – Environments & Testing; and Industrial Network Cybersecurity.PHILIP A. CRAIG JR is the founder of BlackByte Cyber Security, LLC, a consultancy formed to develop new cybersecurity tools and tactics for use in U.S Critical Infrastructure. He oversees research and product development for the U.S. Department of Energy (DOE), the Defense Advanced Research Projects Agency (DARPA), and the National Rural Electric Cooperative Association (NRECA), as well as providing expert knowledge in next generation signal isolation techniques to protect automated controls in energy generation, transmission, and distribution systems. Mr. Craig has authored regulation for both the Nuclear Regulatory Commission (NRC) and National Energy Reliability Corporation (NERC) and is an active cyber responder in federal partnerships for incident response. Introduction xxiiiCHAPTER 1 INDUSTRIAL CONTROL SYSTEMS 1Introduction 2Basic Process Control Systems 3Closed- Loop Control Systems 5Industrial Process Controllers 6Supervisory Control and Data Acquisition Systems 20System Telemetry 21Utility Networks 23OT/IT Network Integration 25Industrial Safety and Protection Systems 28Safety Instrument Systems 29Review Questions 39Exam Questions 41CHAPTER 2 ICS ARCHITECTURE 43Introduction 44Network Transmission Media 45Copper Cabling 45Fiber- Optic Cabling 46Industrial Network Media Standards 49Ethernet Connectivity 52External Network Communications 53Transmission Media Vulnerabilities 55Field Device Architecture 56PLC I/O Sections 58PLC Implementations 62Industrial Sensors 63Final Control Elements/Actuators 71Relays 73Process Units 76Industrial Network Protocols 79Common Industrial Protocols 79EtherNet/IP Protocol 79Modbus 80ProfiNet/ProfiBus 81Dnp3 82Iccp 83Opc 83BACnet 83Enterprise Network Protocols 84Tcp/ip 84Dynamic Host Configuration Protocol 89Review Questions 90Exam Questions 91CHAPTER 3 SECURE ICS ARCHITECTURE 95Introduction 96Boundary Protection 97Firewalls 98Proxies 104Security Topologies 105Network Switches 106Routers 108Security Zoning Models 109Flat Network Topologies 113Network Segmentation 122Controlling Intersegment Data Movement 128Tunneling 128Wireless Networking 129Wireless Sensors 131Wireless Gateways 134Modems 135Review Questions 137Exam Questions 139CHAPTER 4 ICS MODULE AND ELEMENT HARDENING 143Introduction 145Endpoint Security and Hardening 145User Workstation Hardening 145BIOS Security Subsystems 147Additional Outer Perimeter Access Hardening 148Mobile Device Protection 154OS Security/Hardening 155File System Security 156Operating System Security Choices 160Linux SystemV vs Systemd 160Hardening Operating Systems 162Common Operating System Security Tools 162Virtualization 169Application Software Security 172Software Exploitation 172Information Leakage 173Applying Software Updates and Patches 174Database Hardening 174SQL Injection 175Anti-Malware 177Antivirus 178Anti-spyware 178Anti- Malware: Sanitization 181Embedded Device Security 182Meters 184Network Hardening 189OT/IT Network Security 189Server Security 191Hardening the Server OS 193Logical Server Access Control 194Hardening Network Connectivity Devices 196Review Questions 201Exam Questions 202CHAPTER 5 CYBERSECURITY ESSENTIALS FOR ICS 205Introduction 207Basic Security Tenets 208Confidentiality, Integrity, and Availability 208Availability in ICS Networks 209Nonrepudiation 210Principle of Least Privilege 211Separation of Duties 211Vulnerability and Threat Identification 212Nation- States 213Cyberterrorists 213Cybercriminals 214Insider Threats 216Events, Incidents, and Attacks 217Threat Vectors 217Weaponization 230Delivery 230Exploitation 231Installation 232Command and Control 233Actions on Objectives 233Attack Methods 234Unauthorized Access 251Cryptographics 260Encryption 262Digital Certificates 264Public Key Infrastructure 264Hashing 266Resource Constraints 267Review Questions 268Exam Questions 268CHAPTER 6 PHYSICAL SECURITY 271Introduction 272Infrastructure Security 273Access Control 274Physical Security Controls 276Authentication Systems 278Remote Access Monitoring and Automated Access Control Systems 286Intrusion Detection and Reporting Systems 289Security Controllers 290Video Surveillance Systems 295Cameras 297IP Cameras 297Pan- Tilt- Zoom Cameras 298Physical Security for ICS 306Industrial Processes/Generating Facilities 307Control Center/Company Offices 307Nerc Cip-006-1 309Review Questions 311Exam Questions 312CHAPTER 7 ACCESS MANAGEMENT 315Introduction 316Access Control Models 317Mandatory Access Control 317Discretionary Access Control 318Role- Based Access Control 318Rule- Based Access Control 319Attribute- Based Access Control 319Context- Based Access Control 320Key Security Components within Access Controls 320Directory Services 321Active Directory 321Linux Directory Services 324Application Runtime and Execution Control 326User Access Management 326Establishing User and Group Accounts 328Group Account Security 330Network Authentication Options 331Establishing Resource Controls 332ICS Access Control 334Remote ICS Access Control 336Access Control for Cloud Systems 340Review Questions 343Exam Questions 344CHAPTER 8 ICS SECURITY GOVERNANCE AND RISK MANAGEMENT 347Introduction 348Security Policies and Procedure Development 348Requirements 349Exceptions and Exemptions 350Standards 351ICS Security Policies 356Risk Management 357Asset Identification 358Risk Assessment 359Risk Identification Vulnerability Assessment 362Impact Assessment 363ICS Risk Assessments 364Risk Mitigation 366Nerc Cip-008 367Review Questions 369Exam Questions 370CHAPTER 9 ICS SECURITY ASSESSMENTS 373Introduction 374Security Assessments 374ICS Device Testing 376Vulnerability 376Supply Chain 377Communication Robustness Testing 382Fuzzing 382ICS Penetration Testing 384The Pentest Process 385Security Testing Tools 392Packet Sniffers 392Network Enumeration/Port Scanning 393Port Scanning 395Vulnerability Scanning 395Review Questions 401Exam Questions 402CHAPTER 10 ICS SECURITY MONITORING AND INCIDENT RESPONSE 405Introduction 407ICS Lifecycle Challenges 408Change Management 408Establishing a Security Baseline 409Change Management Documentation 411Configuration Change Management 412Controlling Patch Distribution and Installation for Systems 414Monitoring 419Event Monitoring 420Network Monitoring 421Security Monitoring 423Logging and Auditing 424Event Logging 425Incident Management 433The Incident Response Lifecycle 434Preparation 435Incident Response 442Recovery 445Post- Incident Activities 446Review Questions 449Exam Questions 450CHAPTER 11 DISASTER RECOVERY AND BUSINESS CONTINUITY 453Introduction 454Business Continuity Plans 455System Redundancy 455Local Virtualized Storage 459System Backup and Restoration 462Backup Options 463Backup Media Rotation 466Securing Backup Media 467Other BCP Considerations 467Disaster Recovery 469Planning 470Documenting the Disaster Recovery Plan 472The Disaster Response/Recovery Team 473Nerc Cip-009-6 475Review Questions 477Exam Questions 478APPENDIX A GICSP OBJECTIVE MAP 481ICS410.1 ICS: Global Industrial Cybersecurity Professional (GICSP) Objectives 482Overview 482ICS410.2: Architecture and Field Devices 483ICS410.3: Communications and Protocols 484ICS410.4: Supervisory Systems 485ICS410.5: Security Governance 485APPENDIX B GLOSSARY 487APPENDIX C STANDARDS AND REFERENCES 533Reference Links 536APPENDIX D REVIEW AND EXAM QUESTION ANSWERS 539Chapter 1: Industrial Control Systems 540Review Question Answers 540Exam Question Answers 541Chapter 2: ICS Architecture 542Review Question Answers 542Exam Question Answers 544Chapter 3: Secure ICS Architecture 545Review Question Answers 545Exam Question Answers 547Chapter 4: ICS Modules and Element Hardening 548Review Question Answers 548Exam Question Answers 550Chapter 5: Cybersecurity Essentials for ICS 551Review Question Answers 551Exam Question Answers 553Chapter 6: Physical Security 554Review Question Answers 554Exam Question Answers 556Chapter 7: Access Management 556Review Question Answers 556Exam Question Answers 558Chapter 8: ICS Security Governance and Risk Management 559Review Question Answers 559Exam Question Answers 560Chapter 9: ICS Security Assessments 561Review Question Answers 561Exam Question Answers 563Chapter 10: ICS Security Monitoring and Incident Response 564Review Question Answers 564Exam Question Answers 565Chapter 11: Disaster Recovery and Business Continuity 567Review Question Answers 567Exam Question Answers 568Index 571
Materialwirtschaft mit SAP S/4HANA
Ob Disposition, Einkauf, Bestandsführung oder Rechnungsprüfung: Dieser praktische Ratgeber stellt Ihnen alle wichtigen Funktionen von MM in SAP S/4HANA ausführlich vor und zeigt Ihnen, wie Sie sie in der Praxis einsetzen. Dabei lernen Sie natürlich auch das neue Geschäftspartnerkonzept und die SAP-Fiori-Apps für die Materialwirtschaft kennen. Dank ausführlicher Schritt-für-Schritt-Anleitungen und vieler Screenshots finden Sie sich schnell im neuen System zurecht, und Sie können das Buch damit zur Einarbeitung wie auch zum Nachschlagen nutzen. Aus dem Inhalt: Material- und LieferantenstammdatenGeschäftspartnerEinkaufsinfosatz, Orderbuch und QuotierungVerbrauchsgesteuerte DispositionSpezielle EinkaufsprozesseWareneingang und WarenausgangUmlagerung, Umbuchung und ReservierungSonderbestände, Bestandsbewertung und InventurRechnungserfassung, Abweichungen und RechnungssperreNachbelastung, Nebenkosten und GutschriftAutomatisierte RechnungsprüfungWE/RE-KontenpflegeAuswertungen Einleitung ... 17 1. Einführung in SAP Fiori ... 21 1.1 ... SAP Fiori Apps Reference Library ... 21 1.2 ... Kachelgruppen im SAP Fiori Launchpad ... 25 1.3 ... Das eigene SAP Fiori Launchpad einrichten ... 26 2. Unternehmensstruktur ... 33 2.1 ... Mandant ... 33 2.2 ... Controlling ... 34 2.3 ... Finanzbuchhaltung ... 36 2.4 ... Logistik allgemein ... 37 2.5 ... Materialwirtschaft ... 39 2.6 ... Logistics Execution System ... 41 3. Stammdaten ... 43 3.1 ... Produktstammsatz ... 43 3.2 ... Produktverwaltung ... 56 3.3 ... Charge ... 85 3.4 ... Geschäftspartner ... 88 3.5 ... Konditionen ... 93 3.6 ... Quotierung ... 95 3.7 ... Orderbuch ... 98 3.8 ... Einkaufsinfosatz ... 99 4. Beschaffungsprozess im Überblick ... 105 4.1 ... Beschaffungsprozess ... 105 4.2 ... Einkauf ... 106 4.3 ... Bestandsführung ... 115 4.4 ... Logistische Rechnungsprüfung ... 127 5. Grundlagen der verbrauchsgesteuerten Disposition ... 139 5.1 ... Verbrauchsgesteuerte Disposition ... 139 5.2 ... Übersicht der Dispositionsverfahren ... 162 5.3 ... Planungslauf ... 169 5.4 ... Disposition mit Prognose ... 204 5.5 ... Automatische Lieferplaneinteilung und Quotierung ... 217 5.6 ... Ausgewählte Parametereinstellungen im Customizing ... 221 6. Einkauf ... 223 6.1 ... Aufbau von Einkaufsbelegen ... 225 6.2 ... Arbeiten im SAP-System vereinfachen ... 239 6.3 ... Einkaufsbeleg ... 247 6.4 ... Belegtypen ... 249 6.5 ... Belegarten ... 252 6.6 ... Positionstyp ... 302 6.7 ... Kontierungstyp ... 310 6.8 ... Bezugsquellenermittlung ... 319 6.9 ... Geschäftsvorfälle in der operativen Beschaffung ... 334 6.10 ... Bestätigungssteuerung ... 365 6.11 ... Lieferantenbewertung ... 372 6.12 ... Preisfindung ... 380 6.13 ... Textarten im Einkaufsbeleg ... 387 6.14 ... Nachrichten ... 392 6.15 ... Freigabeprozess ... 402 6.16 ... Bestellanforderung in Bestellung überführen ... 407 7. Bestandsführung und Inventur ... 417 7.1 ... Wareneingang ... 418 7.2 ... Umlagerungen und Umbuchungen ... 444 7.3 ... Reservierung ... 469 7.4 ... Warenausgang ... 489 7.5 ... Bestandsfortschreibung und -auswertung ... 498 7.6 ... Materialbewertung ... 504 7.7 ... Inventurbewertung ... 524 7.8 ... Automatische Kontenfindung ... 549 7.9 ... Verschiedene Einstellmöglichkeiten ... 582 7.10 ... Schnittstelle zu WM und QM ... 587 8. Logistik-Rechnungsprüfung ... 589 8.1 ... Einführung in die Logistik-Rechnungsprüfung ... 591 8.2 ... Rechnungserfassung ... 592 8.3 ... Auswertungen: Liste der Lieferantenrechnungen ... 663 8.4 ... Abweichungen ... 665 8.5 ... Sperren und Freigaben ... 673 8.6 ... Gutschrift, Nachbelastung und Nebenkosten ... 679 9. Auswertungen ... 687 9.1 ... Die SAP-Fiori-App »Meine Einkaufsbelegpositionen« ... 688 9.2 ... Die SAP-Fiori-App »Bestellpositionen nach Kontierung« ... 702 9.3 ... Die SAP-Fiori-App »Bestellpositionen überwachen« ... 706 9.4 ... Die SAP-Fiori-App »Übersicht Kreditorenbuchhaltung« ... 712 Anhang ... 715 A ... Glossar ... 715 B ... Literaturverzeichnis ... 723 Das Autorenteam ... 725 Index ... 727
Vertrieb mit SAP S/4HANA - Customizing
Komplexe Projekte erfordern besondere Sorgfalt! Mit diesem Leitfaden sind Sie bestens für das Customizing von SAP S/4HANA Sales gerüstet. Sie erfahren, wie Sie Kundenstammdaten und Konditionen anlegen, und lernen die Konfiguration aller relevanten Bereiche des Vertriebs Schritt für Schritt kennen. Von Belegen über Preisfindung und Verfügbarkeitsprüfung bis hin zu besonderen Apps für Auswertungen werden alle notwendigen Einstellungen erklärt. Aus dem Inhalt: Organisationsstrukturen und StammdatenVerkauf, Lieferung, FakturierungPreisfindung, Naturalrabatt und BonuskaufKontierung und KalkulationVerfügbarkeitsprüfung und BedarfsübergabeVersand und TransportNachrichtensteuerungMaterialeingabe und ProduktvorschlagCross-SellingPartnerfindungUnvollständigkeitsprüfungFSCM (Financial Supply Chain Management)Auswertungen Einleitung ... 13 Teil I. Einführung in den Vertrieb mit SAP S/4HANA ... 21 1. Organisationsstruktur ... 23 1.1 ... Buchungskreis ... 26 1.2 ... Verkaufsorganisation ... 30 1.3 ... Vertriebsweg ... 36 1.4 ... Sparte ... 39 1.5 ... Vertriebsbereich ... 43 1.6 ... Verkaufsbüro und Verkäufergruppe ... 44 1.7 ... Weitere wichtige Organisationseinheiten im SAP-System ... 48 1.8 ... Konsistenzprüfung ... 60 1.9 ... Zusammenfassung ... 62 2. Stammdaten für den Vertrieb ... 65 2.1 ... SAP-Geschäftspartnerkonzept und -attribute ... 65 2.2 ... Geschäftspartner allgemein ... 77 2.3 ... Geschäftspartner mit der Rolle »Kunde« ... 81 2.4 ... Kundenhierarchie ... 91 2.5 ... Materialstamm ... 95 2.6 ... Weitere wichtige Stammsätze ... 105 2.7 ... Zusammenfassung ... 109 Teil II. Vertriebsprozesse -- Verkauf, Versand und Fakturierung ... 111 3. Verkauf ... 113 3.1 ... Auftragsabwicklung im Vertrieb ... 114 3.2 ... Auftragsarten ... 120 3.3 ... Positionstypen ... 136 3.4 ... Einteilungstypen ... 146 3.5 ... Belegfluss und Kopiersteuerung ... 150 3.6 ... Leihgutabwicklung ... 153 3.7 ... Retourenabwicklung ... 159 3.8 ... Zusammenfassung ... 167 4. Versand ... 169 4.1 ... Lieferarten und Lieferbelege ... 170 4.2 ... Kommissionierung ... 181 4.3 ... Verpacken und Gruppieren von Lieferungen ... 184 4.4 ... Versand- und Transportterminierung ... 188 4.5 ... Routendefinition und Routenfindung ... 193 4.6 ... Warenausgang ... 203 4.7 ... Zusammenfassung ... 206 5. Fakturierung ... 207 5.1 ... Fakturaarten ... 208 5.2 ... Zahlungskarten ... 222 5.3 ... Bonusabwicklung ... 227 5.4 ... Interne Verrechnung ... 250 5.5 ... Fakturierungspläne ... 257 5.6 ... Steuerermittlung und Steuerfindung ... 268 5.7 ... Zusammenfassung ... 272 Teil III. Vertriebsfunktionen in SAP S/4HANA ... 275 6. Preisfindung ... 277 6.1 ... Steuerung der Preisfindung ... 278 6.2 ... Weitere Einstellungen ... 303 6.3 ... Konditionsausschluss ... 311 6.4 ... Zusammenfassung ... 314 7. Verfügbarkeitsprüfung und Bedarfsübergabe ... 315 7.1 ... Bedarfsübergabe ... 316 7.2 ... Verfügbarkeitsprüfung nach ATP-Logik ... 325 7.3 ... Verfügbarkeitsprüfung gegen Kontingente ... 336 7.4 ... Rückstandsbearbeitung ... 347 7.5 ... Regelbasiertes Verfahren der Verfügbarkeitsprüfung ... 352 7.6 ... Zusammenfassung ... 354 8. Weitere wichtige Grundfunktionen ... 357 8.1 ... Naturalrabatt ... 357 8.2 ... Bonuskauf ... 368 8.3 ... Materialeingabe ... 378 8.4 ... Dynamischer Produktvorschlag ... 392 8.5 ... Cross-Selling ... 403 8.6 ... Chargen und Serialnummern ... 414 8.7 ... Ausgabesteuerung und Nachrichtenfindung ... 432 8.8 ... Unvollständigkeitsprüfung ... 460 8.9 ... Partnerfindung ... 468 8.10 ... Textsteuerung ... 474 8.11 ... Erlöskontenfindung ... 482 Teil IV. Kreditrisikoüberwachung, Reporting und ABAP ... 495 9. SAP Credit Management ... 497 9.1 ... Customizing und Prozessablauf ... 498 9.2 ... Zusammenfassung ... 510 10. Auswertungen ... 511 10.1 ... SAP Fiori: Launchpad und Apps ... 512 10.2 ... Transaktionen im SAP GUI ... 521 10.3 ... Zusammenfassung ... 531 11. ABAP -- Grundlagen und Debugging ... 533 11.1 ... Einführung ... 534 11.2 ... Datendeklaration und Schlüsselwörter ... 542 11.3 ... Funktionsbausteine, BAPIs und User-Exits ... 548 11.4 ... Debugging ... 554 11.5 ... Zusammenfassung ... 560 12. Zusammenfassung ... 561 Anhang ... 563 A. Glossar ... 565 B. Wichtige Transaktionen und Apps ... 573 C. Buchempfehlungen ... 609 Das Team ... 611 Index ... 613
SAP-Testmanagement
Entwickeln Sie eine maßgeschneiderte Teststrategie! So vermeiden Sie Überraschungen bei der Einführung und dem Upgrade von SAP-Software. Erfahren Sie, wie Sie Ihre Tests mit der neuen, ganzheitlichen Test Suite des SAP Solution Managers planen, vorbereiten, durchführen und im Anschluss evaluieren. Lernen Sie darüber hinaus Automatisierungstools kennen, die Ihr Testmanagement auf die nächste Stufe heben. Durch die starke Praxisnähe können Sie das Buch als begleitendes Nachschlagewerk und Anleitung für Ihren Projektalltag verwenden. Aus dem Inhalt: Teststrategie findenTests planen, durchführen, auswertenTestfallerstellungSAP Solution ManagerTester-ArbeitsvorratTestautomatisierungÄnderungseinflussanalyse mit BPCA und SEAFocused Build und Focused InsightsCBTAeCATT Einleitung ... 15 TEIL I. Testen in Theorie und Praxis ... 19 1. Testen im SAP-Umfeld ... 21 1.1 ... Testen von Standardsoftware ... 22 1.2 ... Testaktivitäten im Lebenszyklus von SAP-Lösungen ... 25 2. Der grundlegende Testprozess ... 31 2.1 ... Testplanung ... 32 2.2 ... Testentwurf ... 34 2.3 ... Testdurchführung ... 37 2.4 ... Abschluss der Testaktivitäten ... 41 2.5 ... Bewertung und Optimierung des Testprozesses ... 43 2.6 ... Testüberwachung und -steuerung ... 46 3. Testorganisation ... 49 3.1 ... Rollen ... 50 3.2 ... Organisationsaufbau ... 61 4. Dimensionen von SAP-Softwaretests ... 67 4.1 ... Teststufen ... 68 4.2 ... Qualitätsmerkmale ... 72 4.3 ... Testtiefe ... 78 4.4 ... Sonstige Tests ... 81 5. Testfallerstellung ... 83 5.1 ... Testmethoden ... 83 5.2 ... Genereller Aufbau von Testfällen ... 93 5.3 ... Testdaten ... 98 5.4 ... Risikoorientiertes Testen ... 101 5.5 ... Testautomatisierung ... 103 5.6 ... Testfallentwurfsspezifikation ... 105 5.7 ... Lebenszyklus von Testfällen ... 110 6. Testwerkzeuge ... 113 6.1 ... Werkzeuge für das Testmanagement ... 113 6.2 ... Optimierung der Effektivität und Effizienz von Tests ... 120 6.3 ... Unterstützung der Testvorbereitung ... 124 6.4 ... Werkzeuge für weitere Testarten ... 126 6.5 ... Werkzeugauswahl ... 129 7. Teststrategie und Testkonzept ... 135 7.1 ... Testrichtlinie ... 136 7.2 ... Teststrategie ... 138 7.3 ... Testkonzept ... 141 7.4 ... Stufentestkonzept ... 142 8. Die Testwerkzeugstrategie von SAP ... 145 8.1 ... Die Rolle von Testaktivitäten im Application Lifecycle Management für SAP-Lösungen ... 146 8.2 ... Testwerkzeuge von SAP ... 154 TEIL II. Testen mit dem SAP Solution Manager ... 161 9. Einführung in das Testmanagement mit dem SAP Solution Manager ... 163 9.1 ... Einführung in den SAP Solution Manager ... 164 9.2 ... Die Rolle von Focused Build und Focused Insights für das Testen ... 171 9.3 ... Der Testprozess mit der Test-Suite im Überblick ... 175 9.4 ... Technische Grundkonfiguration ... 181 9.5 ... Benutzer und Geschäftspartner ... 207 10. Testvorbereitung und Testfallerstellung mit dem SAP Solution Manager ... 213 10.1 ... Prozessmanagement im SAP Solution Manager ... 214 10.2 ... Dokumentenbasierte Testfälle ... 240 10.3 ... Testschritt-Designer ... 249 11. Testplanung mit dem SAP Solution Manager ... 263 11.1 ... Erstellung von Testplänen, Testpaketen und Testsequenzen ... 264 11.2 ... Bearbeitung von Testplänen und Testpaketen ... 281 12. Testausführung mit dem SAP Solution Manager ... 293 12.1 ... Die App »Meine Aufgaben - Tester-Arbeitsvorrat« ... 294 12.2 ... Die App »Meine Testausführungen« ... 309 13. Testauswertung ... 317 13.1 ... Vollständigkeits- und Lückenreports ... 319 13.2 ... Testausführungsanalyse ... 322 13.3 ... Status- und Fortschrittsanalyse ... 333 13.4 ... Übersichten und Dashboards ... 337 14. Individualisieren des Testprozesses mit dem SAP Solution Manager ... 353 14.1 ... Defect Management ... 354 14.2 ... Berechtigungskonzept ... 367 14.3 ... Digitale Signaturen ... 377 14.4 ... Geschäftspartner ... 384 14.5 ... Integration in das Change Request Management ... 386 14.6 ... Integration in das Projektmanagement ... 395 TEIL III. Werkzeuge zur Automatisierung und Verbesserung von Tests ... 399 15. Änderungseinflussanalyse ... 401 15.1 ... Business Process Change Analyzer ... 402 15.2 ... Scope and Effort Analyzer ... 435 16. Testautomatisierung ... 445 16.1 ... Einstieg in die Testautomatisierung ... 446 16.2 ... Testautomatisierungs-Framework ... 453 16.3 ... eCATT ... 456 16.4 ... CBTA ... 460 16.5 ... Tricentis Test Automation for SAP ... 470 17. Weitere Testwerkzeuge ... 483 17.1 ... Statische Analyse mit dem ABAP Test Cockpit ... 484 17.2 ... Testmanagement in agilen Projekten mit Focused Build ... 494 17.3 ... Testmanagement mit SAP Cloud ALM ... 499 Die Autoren ... 505 Index ... 506
Cybersecurity and Local Government
CYBERSECURITY AND LOCAL GOVERNMENTLEARN TO SECURE YOUR LOCAL GOVERNMENT’S NETWORKS WITH THIS ONE-OF-A-KIND RESOURCEIn Cybersecurity and Local Government, a distinguished team of researchers delivers an insightful exploration of cybersecurity at the level of local government. The book makes a compelling argument that every local government official, elected or otherwise, must be reasonably knowledgeable about cybersecurity concepts and provide appropriate support for it within their governments. It also lays out a straightforward roadmap to achieving those objectives, from an overview of cybersecurity definitions to descriptions of the most common security challenges faced by local governments. The accomplished authors specifically address the recent surge in ransomware attacks and how they might affect local governments, along with advice as to how to avoid and respond to these threats. They also discuss the cybersecurity law, cybersecurity policies that local government should adopt, the future of cybersecurity, challenges posed by Internet of Things, and much more. Throughout, the authors provide relevant field examples, case studies of actual local governments, and examples of policies to guide readers in their own application of the concepts discussed within. Cybersecurity and Local Government also offers:* A thorough introduction to cybersecurity generally, including definitions of key cybersecurity terms and a high-level overview of the subject for non-technologists.* A comprehensive exploration of critical information for local elected and top appointed officials, including the typical frequencies and types of cyberattacks.* Practical discussions of the current state of local government cybersecurity, with a review of relevant literature from 2000 to 2021.* In-depth examinations of operational cybersecurity policies, procedures and practices, with recommended best practices.Perfect for local elected and top appointed officials and staff as well as local citizens, Cybersecurity and Local Government will also earn a place in the libraries of those studying or working in local government with an interest in cybersecurity. DONALD F. NORRIS, PHD, is Professor Emeritus of Public Policy at the University of Maryland, Baltimore County (UMBC), USA. Before retiring from UMBC in 2017, he was Director of the Maryland Institute for Policy Analysis and Research for 27 years and Director of the UMBC School of Public Policy for 10 years.LAURA K. MATECZUN, JD, is a PhD student at the University of Maryland, Baltimore County (UMBC), USA. Her research is focused on local government cybersecurity. Laura has received a Graduate Certificate in Cybersecurity Strategy & Policy from UMBC.RICHARD F. FORNO, PHD, is Principal Lecturer at the University of Maryland, Baltimore County (UMBC), USA. He is Assistant Director of UMBC’s Center for Cybersecurity.Preface ixAbout the Authors xi1 Why Local Government Cybersecurity? 12 What is Cybersecurity? 173 Cybersecurity 101 for Local Governments 274 What the Literature Says About Local Government Cybersecurity 475 Cyberattacks: Targetting Local Government 676 Managing Local Government Cybersecurity 857 Cybersecurity Policies for Local Government 1138 People: The Root of The Problem 1439 The NIST Cybersecurity Framework Demystified 15110 Cybersecurity Law and Regulation for Local Government 16711 Important Questions to Ask 18712 The Future of Local Government Cybersecurity 20113 Summary and Recommendations 227Index 235
Practical Forensic Analysis of Artifacts on iOS and Android Devices
Leverage foundational concepts and practical skills in mobile device forensics to perform forensically sound criminal investigations involving the most complex mobile devices currently available on the market. Using modern tools and techniques, this book shows you how to conduct a structured investigation process to determine the nature of the crime and to produce results that are useful in criminal proceedings.You’ll walkthrough the various phases of the mobile forensics process for both Android and iOS-based devices, including forensically extracting, collecting, and analyzing data and producing and disseminating reports. Practical cases and labs involving specialized hardware and software illustrate practical application and performance of data acquisition (including deleted data) and the analysis of extracted information. You'll also gain an advanced understanding of computer forensics, focusing on mobile devices and other devices not classifiable as laptops, desktops, or servers.This book is your pathway to developing the critical thinking, analytical reasoning, and technical writing skills necessary to effectively work in a junior-level digital forensic or cybersecurity analyst role.WHAT YOU'LL LEARN* Acquire and investigate data from mobile devices using forensically sound, industry-standard tools* Understand the relationship between mobile and desktop devices in criminal and corporate investigations* Analyze backup files and artifacts for forensic evidenceWHO THIS BOOK IS FORForensic examiners with little or basic experience in mobile forensics or open source solutions for mobile forensics. The book will also be useful to anyone seeking a deeper understanding of mobile internals.MOHAMMED MOREB, Ph.D. in Electrical and Computer Engineering. Expertise in Cybercrimes & Digital Evidence Analysis, specifically focusing on Information and Network Security, with a strong publication track record, work for both conceptual and practical wich built during works as a system developer and administrator for the data center for more than 10 years, config, install, and admin enterprise system related to all security configuration, he improved his academic path with the international certificate such as CCNA, MCAD, MCSE; Academically he teaches the graduate-level courses such as Information and Network Security course, Mobile Forensics course, Advanced Research Methods, Computer Network Analysis and Design, and Artificial Intelligence Strategy for Business Leaders.Dr. Moreb recently founded a new framework and methodology specialized in software engineering for machine learning in health informatics named SEMLHI which investigates the interaction between software engineering and machine learning within the context of health systems. The SEMLHI framework includes four modules (software, machine learning, machine learning algorithms, and health informatics data) that organize the tasks in the framework using a SEMLHI methodology, thereby enabling researchers and developers to analyze health informatics software from an engineering perspective and providing developers with a new road map for designing health applications with system functions and software implementations.CHAPTER 1Introduction to Mobile Forensic Analysis* The Importance of Mobile Forensic Analysis* Understanding mobile forensics* Challenges in mobile forensics* Tools used for mobile forensics* The mobile phone evidence extraction process* Examination and analysis* Rules of evidence* Practical Mobile Forensic* SummaryCHAPTER 2INTRODUCTION TO IOS FORENSICSIOS Boot Process* IOS Architecture * IOS Security * Understanding Jailbreaking* Data Acquisition from iOS Devices* Data Acquisition from iOS Backups* iOS Data Analysis and Recovery* Mobile Forensics Investigation Challenges on iOS iOS Forensic Tools* SummaryCHAPTER 3INTRODUCTION TO ANDROID FORENSICS* Understanding Android* Application framework* Android runtime* Linux Kernel* Android Forensic Setup and Pre-Data Extraction Techniques* Android Data Extraction Techniques* Android Data Analysis and Recovery* Android App rooting process and techniques * SummaryCHAPTER 4FORENSIC INVESTIGATIONS OF POPULAR APPLICATIONS ON ANDROID AND IOS PLATFORMS* Introduction* Case & Investigator Details* Investigations of Facebook Messenger and WhatsApp applicationsDetails of the device seized for examination* Results and Analysis* SummaryCHAPTER 5FORENSIC ANALYSIS OF TELEGRAM MESSENGER ON IOS AND ANDROID SMARTPHONES CASE STUDY* Introduction* Literature Review* Methodology and Experiment Setup* Evidences Acquisition* Evidences Processing and Analysis* Results* SummaryCHAPTER 6DETECTING PRIVATE DATA LEAKS OVER MOBILE APPLICATIONS USING MOBILE FORENSIC TECHNIQUES* Introduction* Legal Issues Regarding the Local Electronic Crimes Law & Mobile Forensics * Details of the reporting agency and tools used in the examination* Description of steps taken during examination * Chain of custody documentation * Details of findings or issues identified* Evidence recovered during the examination, ranging from chat messages * Images captured during the examination* Examination and analysis information* SummaryCHAPTER 7IMPACT OF IPHONE JAILBREAKING ON USER DATA INTEGRITY IN MOBILE FORENSICSIntroductionMobile ForensicsUser Data Integrity in Mobile ForensicsJailbreaking’s affect on iOSData acquisitionLogical acquisitionFilesystem acquisitionExperiment Details and ToolsResultsData ExtractionExtracted data before jailbreakExtracted data after jailbreakSummaryCHAPTER 8THE IMPACT OF CRYPTOCURRENCY MINING ON MOBILE DEVICES* Introduction * Cryptocurrency mining* Measurement and work mechanism* Tools, programs, and applications used in cryptocurrency miningExperiment and analogy by iPhone 6s* Experiment and analogy by LG g5* Results and Analysis* SummaryCHAPTER 9MOBILE FORENSIC INVESTIGATION FOR WHATSAPP* Introduction* WhatsApp Architecture* WhatsApp Experiment* Tools used in the seizure process* Analysis Stage* Examination on a backup taken by iTunes* Examination on a backup taken from the connected device* Forensic Tools comparison* SummaryCHAPTER 10Cloud Computing Forensics: Dropbox Case Study* Introduction* Cloud Computing Forensics* Cloud forensic challengesDropbox cloud storage* Implementation Details* Seating Tools and Environment* Magnet axiom forensics program * MobileEdit express forensics tool* FinalMobile forensics tool* Results and Analysis* Programs and tools* Experiments* SummaryCHAPTER 11MALWARE FORENSICS FOR VOLATILE AND NONVOLATILE MEMORY IN MOBILE DEVICES* Introduction* Mobile Malware Forensic* Smartphone Volatile Memory* Mobile Devices Case Details* Development and Experiment* Logical acquisition using Axiom processPhysical acquisition output in finalmobile forensics* Investigating from the non-volatile memory* Evaluate Forensic tools usage in this case* SummaryCHAPTER 12MOBILE FORENSIC FOR KEYLOGGER ARTIFACT* Introduction* Mobile KeyLogger* Methodology and case study setup* Mobile Malware and Spyware* Evidence recovered during the examination* Evidence recovered using Magnet ACQUIRE* Examination and analysis KeyLogger result* SummaryCHAPTER 13DIGITAL EVIDENCE IDENTIFICATION METHODS FOR MOBILE DEVICES WITH FACEBOOK MESSENGER* Introduction* Mobile messenger appsMobile operating system architecture* Experiment Tools* Evidence and scene security* Evidence isolation* Data Acquisition* FBM Data analysis using Magnet AXIOM Examine* FBM Data analysis using Belkasoft* FBM Data analysis using DB Browser for SQLiteRecover deleted evidence from SQLite Property Lists* Reporting* Summary