Security
Computer Science Security
This book serves as a guide to help the reader develop an awareness of security vulnerabilities and attacks, and encourages them to be circumspect when using the various computer resources and tools available today. For experienced users, Computer Science Security presents a wide range of tools to secure legacy software and hardware.Computing has infiltrated all fields nowadays. No one can escape this wave and be immune to security attacks, which continue to evolve, gradually reducing the level of expertise needed by hackers.It is high time for each and every user to acquire basic knowledge of computer security, which would enable them to mitigate the threats they may face both personally and professionally. It is this combined expertise of individuals and organizations that will guarantee a minimum level of security for families, schools, the workplace and society in general.Ameur Salem Zaidoun received a National Diploma in Computer Engineering from ENSI, Tunisia, and is a university teacher at ISET of Siliana at the level of Lecturer Technologist. An ex-developer and security consultant, he is a CCNA R&S-, DevNet- and CCNA-Security-certified and a Huawei HCNA-R&S-certified Cisco Instructor.List of Acronyms xiIntroduction xiiiCHAPTER 1 GENERAL CONCEPTS IN SECURITY 11.1 Introduction 11.2 Reasons for security 21.2.1 Technical issues 21.2.2 Social factors 41.3 Security attacks 51.3.1 Passive/active classification of attacks 51.3.2 Direct/indirect classification of attacks 81.3.3 Examples of attacks 101.3.4 Some statistics 121.4 Security objectives 131.4.1 Establishing a culture 131.4.2 Establishing technical solutions 131.5 Security fields 141.5.1 Energy security 141.5.2 Organizational and physical security 151.5.3 Software security 161.6 Normalization of security 181.6.1 Fundamental issues and general presentation 181.6.2 ISO 7498-2 norm 191.7 Security services 241.7.1 Authentication 251.7.2 Confidentiality 271.7.3 Integrity 271.7.4 Non-repudiation 271.7.5 Traceability and access control 271.7.6 Service availability 271.8 Security mechanisms 281.8.1 Encryption 281.8.2 Integrity check 291.8.3 Access check 291.8.4 Electronic signature 301.8.5 Notarization 301.9 Good practices 311.10 Conclusion 31CHAPTER 2 SECURITY WEAKNESSES 332.1 Introduction 332.2 Weakness in the TCP/IP 342.2.1 ARPANet, the ancestor of the Internet 342.2.2 The Internet and security problems 342.2.3 The Internet and the ability to analyze 352.3 Weaknesses due to malware and intrusion tools 362.3.1 Viruses 372.3.2 Worms 402.3.3 Spam 412.3.4 Software bomb 422.3.5 Trojan horse 422.3.6 Spyware 432.3.7 Keylogger 442.3.8 Adware 442.3.9 Other malware 452.3.10 Comparison of intrusion tools 462.4 Conclusion 46CHAPTER 3 AUTHENTICATION TECHNIQUES AND TOOLS 493.1 Introduction 493.2 Theoretical concepts of authentication 503.2.1 Identification 503.2.2 Authentication 513.3 Different types of authentications 513.3.1 Local service authentication 513.3.2 Network authentication 523.4 AAA service 563.4.1 Local AAA 573.4.2 Server AAA 593.5 Conclusion 63CHAPTER 4 TECHNIQUES AND TOOLS FOR CONTROLLING ACCESS, ACL AND FIREWALLS 654.1 Introduction 654.2 Access control list 664.2.1 ACL classification 664.2.2 ACL configuration in Cisco 684.2.3 ACL configuration for Huawei 744.3 Firewall 784.3.1 Filtering function 794.3.2 Functionalities of tracing and NAT 814.3.3 Firewall architecture 824.3.4 How a firewall works 844.3.5 Firewall classifications 844.3.6 Stateful firewall 864.3.7 Zone-based firewall 874.3.8 Firewall examples 904.4 The concept of a DMZ 924.4.1 Implementation of topologies 924.5 Conclusion 95CHAPTER 5 TECHNIQUES AND TOOLS FOR DETECTING INTRUSIONS 975.1 Introduction 975.2 Antivirus 975.2.1 Functions of an antivirus 975.2.2 Methods for detecting a virus 985.2.3 Actions taken by an antivirus 985.2.4 Antivirus components 995.2.5 Antivirus and firewall comparison 995.3 Intrusion detection systems 1005.3.1 IDS purposes 1005.3.2 IDS components and functions 1005.3.3 IDS classification 1025.3.4 Examples of IDS/IPS 1055.4 Conclusion 107CHAPTER 6 TECHNIQUES AND TOOLS FOR ENCRYPTION, IPSEC AND VPN 1096.1 Introduction 1096.2 Encryption techniques 1106.2.1 Basic principles of encryption 1116.2.2 Cryptoanalysis 1126.2.3 Evolution of cryptography 1136.2.4 The concept of certificates 1176.2.5 Comparison of encryption techniques 1186.3 IPSec 1196.3.1 Ah 1206.3.2 Esp 1206.3.3 Different IPSec modes 1216.3.4 Different IPSec implementations 1226.3.5 Different IPSec encapsulations 1226.3.6 IKE protocol 1256.4 VPNs 1266.4.1 Issues and justifications 1266.4.2 VPN principles 1276.4.3 Different types of VPNs 1276.4.4 Different tunneling protocols 1286.4.5 Site-to-site IPSec VPN configuration 1296.5 Conclusion 131CHAPTER 7 NEW CHALLENGES AND TRENDS IN SECURITY, SDN AND IOT 1337.1 Introduction 1337.2 SDN security 1347.2.1 General description of an SDN 1347.2.2 SDN architecture 1357.2.3 SDN components 1367.2.4 Security issues in SDNs 1387.2.5 Security solutions for SDNs 1397.3 IoT/IoE security 1417.3.1 Sensor networks 1417.3.2 Security issues in the IoT 1437.3.3 Blockchain: an IoT security solution 1457.4 Conclusion 146CHAPTER 8 SECURITY MANAGEMENT 1478.1 Introduction 1478.2 Security audits 1488.2.1 Objectives 1488.2.2 Audit action diagram 1498.2.3 Organizational and physical audit 1508.2.4 Technical audit 1518.2.5 Intrusive test 1528.2.6 Audit methodologies 1528.3 Security policy demonstration 1558.3.1 Security test and evaluation 1558.3.2 Security policy development 1598.3.3 Elements of a security policy 1618.4 Norms, directives and procedures 1628.4.1 ISO 27000 norm 1638.4.2 ISO/FDIS 31000 norm 1638.4.3 ISO/IEC 38500 norm 1648.5 Conclusion 164References 165Index 167
SAP S/4HANA - Systemadministration
Ein neues System bringt neue Herausforderungen in der Administration mit sich. Auch wenn Ihnen viele Werkzeuge des SAP NetWeaver Application Server ABAP weiterhin zur Verfügung stehen, müssen Sie mit Einführung von SAP S/4HANA Ihren Fokus erweitern. In diesem Buch lernen Sie die neuen SAP-Fiori-Apps zur Systemadministration kennen und erfahren, wie Sie SAP-HANA-Datenbank, ABAP-Plattform und Frontend-Server stets im Blick behalten. Aus dem Inhalt: Betriebs- und MigrationskonzepteArchitektur und KomponentenProzesse und SchnittstellenKonfiguration und WartungBerechtigungsverwaltungBackup und RecoveryTransportwesenHintergrundverarbeitungOutput ManagementSystemsicherheitMonitoring und AlertsHochverfügbarkeit Einleitung ... 19 1. Einführung in die Architektur von SAP S/4HANA ... 25 1.1 ... Die SAP-HANA-Plattform ... 27 1.2 ... Die ABAP-Plattform ... 35 1.3 ... Bedienoberfläche ... 39 1.4 ... SAP Business Technology Platform ... 48 2. Bereitstellung und Betrieb von SAP S/4HANA ... 51 2.1 ... Betriebskonzepte ... 52 2.2 ... Bereitstellungskonzepte ... 60 2.3 ... Werkzeuge zur Bereitstellung von SAP S/4HANA ... 82 3. Prozesse und Komponenten von SAP S/4HANA ... 95 3.1 ... ABAP-Plattform ... 95 3.2 ... SAP-HANA-Plattform ... 128 3.3 ... Hardware und Betriebssystem ... 147 4. Konfiguration der ABAP-Plattform ... 161 4.1 ... Profilparameter pflegen ... 161 4.2 ... Betriebsarten ... 170 4.3 ... Speicherverwaltung ... 179 4.4 ... Mit Aufgabenlisten arbeiten ... 190 4.5 ... SAP Gateway und SAP-Fiori-Frontend-Server einrichten ... 195 4.6 ... Starten und Stoppen der ABAP-Plattform ... 201 5. Administration und Konfiguration der SAP-HANA-Plattform ... 211 5.1 ... Administrationswerkzeuge ... 211 5.2 ... Konfiguration der SAP-HANA-Datenbank ... 233 5.3 ... Starten und Stoppen der SAP-HANA-Plattform ... 239 5.4 ... Backup und Recovery ... 246 6. Konfiguration der Systemlandschaft ... 263 6.1 ... Grundlagen ... 263 6.2 ... Mandanten verwalten ... 271 6.3 ... Transportwesen konfigurieren ... 298 6.4 ... Systemkopien ... 338 7. Benutzer und Berechtigungen ... 351 7.1 ... Grundlagen der Benutzer- und Berechtigungsverwaltung ... 352 7.2 ... Benutzer und Berechtigungen der ABAP-Plattform ... 352 7.3 ... Benutzer und Berechtigungen der SAP-HANA-Plattform ... 402 7.4 ... Externe Werkzeuge zur Benutzer- und Berechtigungsadministration ... 409 7.5 ... Benutzer- und Berechtigungsverwaltung in SAP S/4HANA Cloud ... 411 8. Hintergrundverarbeitung ... 415 8.1 ... Grundlagen der Hintergrundverarbeitung ... 415 8.2 ... Einplanung von Jobs ... 418 8.3 ... Überwachung der Hintergrundverarbeitung ... 429 8.4 ... Technisches Job-Repository ... 436 8.5 ... Anwendungsjobs ... 439 8.6 ... Jobverwaltung über den SAP Solution Manager ... 442 9. Ausgabeverwaltung in SAP S/4HANA ... 445 9.1 ... Frameworks und Formulartechnologien ... 445 9.2 ... Ablauf einer Ausgabe ... 446 9.3 ... Anlegen von Ausgabegeräten ... 447 9.4 ... Gängige Ausgabemethoden ... 450 9.5 ... Arbeiten mit Spool-Aufträgen ... 454 9.6 ... Zentrale Druckerverwaltung ... 457 9.7 ... Drucken in SAP S/4HANA Cloud ... 460 10. Konnektivität ... 463 10.1 ... Remote Function Call ... 464 10.2 ... IDoc-Schnittstelle ... 491 10.3 ... Unified Connectivity ... 497 10.4 ... Cloud Connector ... 503 10.5 ... SAP Application Interface Framework ... 506 11. Sicherheitsfunktionen ... 509 11.1 ... Secure by Default ... 509 11.2 ... SAP Security Baseline Template ... 511 11.3 ... SAP-EarlyWatch-Bericht ... 511 11.4 ... Sicherheitshinweise ... 513 11.5 ... Verbindungssicherheit ... 518 11.6 ... Zugriffskontrolle des RFC-Gateways ... 529 11.7 ... Verschlüsselung der Daten ... 532 11.8 ... Auditing ... 533 12. Systemüberwachung und Fehleranalyse des AS ABAP ... 539 12.1 ... Server- und Prozessübersicht ... 539 12.2 ... Benutzersitzungen ... 545 12.3 ... Systemlog ... 549 12.4 ... Kurzdumps ... 552 12.5 ... Verbuchung ... 558 12.6 ... Sperreinträge ... 562 12.7 ... Snapshots ... 564 12.8 ... Häufig benötigte Standardwerkzeuge ... 566 12.9 ... Überwachung und Fehleranalyse von SAP Fiori ... 575 12.10 ... Ganzheitliche Überwachung ... 583 13. Überwachung der SAP-HANA-Plattform ... 593 13.1 ... Arbeiten mit Alerts ... 593 13.2 ... Überwachung der Systemressourcen ... 598 13.3 ... Traces und Diagnosedateien ... 611 13.4 ... Transaktionale Probleme ... 624 13.5 ... Administration nicht mehr reagierender Systeme ... 629 14. Softwarewartung ... 631 14.1 ... Die Release-Strategie für SAP S/4HANA ... 631 14.2 ... Die Release-Strategie für SAP HANA ... 634 14.3 ... Service und Support ... 636 14.4 ... Anbindung an das SAP Support Portal ... 645 14.5 ... Hinweis-Assistent ... 652 14.6 ... Upgrade oder Update von SAP S/4HANA ... 660 14.7 ... Update von SAP HANA ... 677 15. Hochverfügbarkeit ... 685 15.1 ... Hochverfügbarkeit der ABAP-Plattform ... 686 15.2 ... Hochverfügbarkeit von SAP HANA ... 689 15.3 ... Hochverfügbarkeit beim Betrieb von AS ABAP und SAP HANA auf einem Host ... 694 Anhang ... 697 A ... Checklisten zur Systemadministration ... 699 B ... Wichtige Transaktionscodes ... 707 C ... Nützliche Programme ... 715 D ... Nützliche Funktionsbausteine ... 719 E ... Nützliche Tabellen ... 721 F ... Wichtige SAP-Hinweise ... 723 Der Autor ... 727 Index ... 729
Penetration Testing mit Metasploit (2. Auflg.)
Metasploit ist ein mächtiges Werkzeug, mit dem auch unerfahrene Administratoren gängige Angriffsmethoden verstehen und nachstellen können, um Sicherheitslücken im System aufzuspüren. Der Autor erläutert in diesem Buch gezielt alle Funktionen von Metasploit, die relevant für Verteidiger (sogenannte Blue Teams) sind, und zeigt, wie sie im Alltag der IT-Security wirkungsvoll eingesetzt werden können.Als Grundlage erhalten Sie das Basiswissen zu Exploits und Penetration Testing und setzen eine Kali-Linux-Umgebung auf. Mit dem kostenlos verfügbaren Portscanner Nmap scannen Sie Systeme auf angreifbare Dienste ab. Schritt für Schritt lernen Sie die Durchführung eines typischen Hacks mit Metasploit kennen und erfahren, wie Sie mit einfachen Techniken in kürzester Zeit höchste Berechtigungsstufen in den Zielumgebungen erlangen.Schließlich zeigt der Autor, wie Sie Metasploit von der Meldung einer Sicherheitsbedrohung über das Patchen bis hin zur Validierung in der Verteidigung von IT-Systemen und Netzwerken einsetzen. Dabei gibt er konkrete Tipps zur Erhöhung Ihres IT-Sicherheitslevels. Zusätzlich lernen Sie, Schwachstellen mit dem Schwachstellenscanner Nessus zu finden, auszuwerten und auszugeben.So wird Metasploit ein effizienter Bestandteil Ihrer IT-Sicherheitsstrategie. Sie können Schwachstellen in Ihrem System finden und Angriffstechniken unter sicheren Rahmenbedingungen selbst anwenden sowie fundierte Entscheidungen für Gegenmaßnahmen treffen und prüfen, ob diese erfolgreich sind.Aus dem Inhalt:Metasploit: Hintergrund und HistorieKali-Linux-Umgebung aufsetzenPentesting-GrundlagenSchwachstellen und ExploitsNmap-ExkursMetasploit-BasicsMetasploit in der VerteidigungHacking-PraxisbeispieleAnti-Virus-EvasionNessus-SchwachstellenscannerGlossar Autoreninfo (Stand: Mai 2020):Sebastian Brabetz ist als Geschäftsleiter verantwortlich für die Professional Security Services bei der mod IT GmbH und ist zertifiziert als Offensive Security Certified Professional (OSCP).Er arbeitet im Bereich IT Security in allen Bereichen vom Consulting über defensives Schwachstellen-Management und Incident Response bis hin zu offensiven Penetrationstests. U.a. gibt er Workshops zu den Themen Pentesting und Metasploit.
Blockchain Security from the Bottom Up
THE GOLD STANDARD IN UP-TO-DATE BLOCKCHAIN CYBERSECURITY HANDBOOKSIn Blockchain Security from the Bottom Up: Securing and Preventing Attacks on Cryptocurrencies, Decentralized Applications, NFTs, and Smart Contracts, accomplished blockchain and cybersecurity consultant and educator Howard E. Poston delivers an authoritative exploration of blockchain and crypto cybersecurity. In the book, the author shows you exactly how cybersecurity should be baked into the blockchain at every layer of the technology’s ecosystem. You’ll discover how each layer can be attacked and learn how to prevent and respond to those attacks in an environment of constant technological change and evolution. You’ll also find:* Illuminating case studies of real-world attacks and defenses at various layers in the blockchain ecosystem* Thorough introductions to blockchain technology, including its implementations in areas like crypto, NFTs, and smart contracts* Comprehensive explorations of critical blockchain topics, including protocols, consensus, and proof of workA can’t-miss resource for blockchain and cybersecurity professionals seeking to stay on the cutting-edge of a rapidly evolving area, Blockchain Security from the Bottom Up will also earn a place on the bookshelves of software developers working with cryptocurrencies and other blockchain implementations. HOWARD E. POSTON III is an independent blockchain consultant, educator, and content creator who has developed and taught over a dozen courses covering cybersecurity topics. He holds a master’s degree in Cybersecurity from the Air Force Institute of Technology and is a Certified Ethical Hacker. He has developed and facilitated blockchain security courses for major companies.CHAPTER 1 INTRODUCTION TO BLOCKCHAIN SECURITY 1The Goals of Blockchain Technology 2Anonymity 2Decentralization 2Fault Tolerance 2Immutability 3Transparency 3Trustless 3Structure of the Blockchain 3The Blockchain Network 5The Blockchain Node 5A Blockchain Block 6A Blockchain Transaction 7Inside the Blockchain Ecosystem 8Fundamentals 8Primitives 9Data Structures 9Protocols 9Consensus 9Block Creation 10Infrastructure 10Nodes 10Network 11Advanced 11Smart Contracts 11Extensions 11Threat Modeling for the Blockchain 12Threat Modeling with STRIDE 12Spoofing 12Tampering 12Repudiation 13Information Disclosure 13Denial of Service 13Elevation of Privilege 13Applying STRIDE to Blockchain 14Conclusion 14CHAPTER 2 FUNDAMENTALS 15Cryptographic Primitives 15Public Key Cryptography 16Introducing “Hard” Mathematical Problems 16Building Cryptography with “Hard” Problems 18How the Blockchain Uses Public Key Cryptography 19Security Assumptions of Public Key Cryptography 20Attacking Public Key Cryptography 20Hash Functions 25Security Assumptions of Hash Functions 25Additional Security Requirements 27How the Blockchain Uses Hash Functions 28Attacking Hash Functions 31Threat Modeling for Cryptographic Algorithms 32Data Structures 33Transactions 33What’s In a Transaction? 33Inside the Life Cycle of a Transaction 34Attacking Transactions 34Blocks 37Inside a Block 37Attacking Blockchain Blocks 38Threat Modeling for Data Structures 39Conclusion 39CHAPTER 3 PROTOCOLS 43Consensus 43Key Concepts in Blockchain Consensus 44Byzantine Generals Problem 44Security via Scarcity 45The Longest Chain Rule 46Proof of Work 46Introduction to Proof of Work 47Security of Proof of Work 48Proof of Stake 53Introduction to Proof of Stake 53Variants of Proof of Stake 54Security of Proof of Stake 54Threat Modeling for Consensus 59Block Creation 59Stages of Block Creation 60Transaction Transmission 60Block Creator Selection (Consensus) 60Block Building 61Block Transmission 61Block Validation 61Attacking Block Creation 62Denial of Service 62Frontrunning 63SPV Mining 65Threat Modeling for Block Creation 65Conclusion 65CHAPTER 4 INFRASTRUCTURE 67Nodes 67Inside a Blockchain Node 68Attacking Blockchain Nodes 68Blockchain- Specific Malware 69Denial-of-Service Attacks 70Failure to Update 71Malicious Inputs 72Software Misconfigurations 73Threat Modeling for Blockchain Nodes 74Networks 74Attacking the Blockchain Network 75Denial-of-service Attacks 75Eclipse/Routing Attacks 76Sybil Attacks 78Threat Modeling for Blockchain Networks 80Conclusion 80CHAPTER 5 ADVANCED 83Smart Contracts 83Smart Contract Vulnerabilities 84General Programming Vulnerabilities 85Blockchain- Specific Vulnerabilities 94Platform-Specific Vulnerabilities 103Application- Specific Vulnerabilities 119Threat Modeling for Smart Contracts 128Blockchain Extensions 128State Channels 129State Channel Security Considerations 129Sidechains 130Sidechain Security Considerations 131Threat Modeling for Blockchain Extensions 132Conclusion 133CHAPTER 6 CONSIDERATIONS FOR SECURE BLOCKCHAIN DESIGN 137Blockchain Type 137Public vs. Private 138Benefits of Public vs. Private Blockchains 138Open vs. Permissioned 139Benefits of Open vs. Permissioned Blockchains 139Choosing a Blockchain Architecture 140Privacy and Security Enhancements 140Zero-Knowledge Proofs 140Stealth Addresses 141Ring Signatures 141Legal and Regulatory Compliance 142Designing Secure Blockchains for the Future 143Index 145
Cloud Attack Vectors
Cyberattacks continue to increase in volume and sophistication, targeting everything owned, managed, and serviced from the cloud. Today, there is widespread consensus—it is not a matter of if, but rather when an organization will be breached. Threat actors typically target the path of least resistance. With the accelerating adoption of cloud technologies and remote work, the path of least resistance is shifting in substantive ways. In recent years, attackers have realigned their efforts, focusing on remaining undetected, monetization after exploitation, and publicly shaming organizations after a breach.New, innovative, and useful products continue to emerge and offer some cloud protection, but they also have distinct limitations. No single, standalone solution or strategy can effectively protect against all cloud attack vectors or identify all malicious activity. The simple fact is that the cloud is based on a company’s assets being offered as services. As a result, the best security any organization can achieve is to establish controls and procedures in conjunction with services that are licensed in the cloud.Cloud Attack Vectors details the risks associated with cloud deployments, the techniques threat actors leverage, the empirically-tested defensive measures organizations should adopt, and shows how to improve detection of malicious activity.WHAT YOU’LL LEARN* Know the key definitions pertaining to cloud technologies, threats, and cybersecurity solutions* Understand how entitlements, permissions, rights, identities, accounts, credentials, and exploits can be leveraged to breach a cloud environment* Implement defensive and monitoring strategies to mitigate cloud threats, including those unique to cloud and hybrid cloud environments* Develop a comprehensive model for documenting risk, compliance, and reporting based on your cloud implementationWHO THIS BOOK IS FORNew security professionals, entry-level cloud security engineers, managers embarking on digital transformation, and auditors looking to understand security and compliance risks associated with the cloud MOREY J. HABER is Chief Technology Officer at BeyondTrust. He has more than 20 years of IT industry experience and is author of the book Privileged Attack Vectors and Asset Attack Vectors. Morey joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. He currently oversees BeyondTrust technology for vulnerability, privileged, and remote access management solutions. In 2004, Morey joined eEye as the Director of Security Engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was a Development Manager for Computer Associates, Inc. (CA), responsible for new product beta cycles and named customer accounts. Morey began his career as a Reliability and Maintainability Engineer for a government contractor building flight and training simulators. He earned a Bachelors of Science in Electrical Engineering from the State University of New York at Stony Brook.BRIAN CHAPPELL is Chief Security Strategist for Beyond Trust, EMEA & APAC, and is a multi-skilled individual with a passion for delivering best practice solutions that help customers run their businesses more effectively and securely. His specialties include: cybersecurity solutions, IT strategy and implementation, project management, global IT operations management, sales engineering, software development, and enterprise and solutions architecture.CHRISTOPHER HILLS is a Security Strategist focused on Privileged Access Management (PAM) and Identity and Access Management (IAM). He is Security Strategist for BeyondTrust's Privileged Access Management Solutions, enforcing Privileged Password Management and Privileged Session Management, Privileged Endpoint Management, and Secure Remote Access which utilizes a single pane of glass for all management aspects, including Automated Account Discovery, Privileged Management and Elevation, Audit and Compliance, and Behavior & Reporting. His responsibilities include: IAM/PAM focus, strategy, mentoring, leadership, customer and prospect liaison, thought leadership, background reference, business development, customer-facing GRC, and working closely with global sales and marketing organizations to help support GTM efforts while assisting with critical sales opportunities and key marketing events.FORWARDINTRODUCTIONCHAPTER 1. CLOUD COMPUTINGSoftware as a ServicePlatform as a ServiceInfrastructure as a ServiceFunction as a ServiceX as a ServiceDesktop as a ServiceData Center as a ServiceManaged Software as a ServiceBackend as a ServiceCHAPTER 2. CLOUD PROVIDERSAmazon Web ServicesMicrosoft AzureGoogle Cloud PlatformOracle CloudAlibabaOther ServicesCHAPTER 3. CLOUD DEFINITIONSIdentitiesAccountsEntitlementsPrivilegesRightsPermissionsContainersSegmentationMicrosegmentationInstancesChapter 4. Asset ManagementDiscoveryCHAPTER 5. ATTACK VECTORSEntitlementsVulnerabilitiesHardeningConfigurationsCredentialsS3 BucketsIdentitiesEntitlementsAPIAuthenticationCertificatesPhishingRemote AccessSupply Chain – 3rd Party MSP/MSSPChapter 6. MitigationsHardeningPatch ManagementPAMCIEMCIAMCWPPChapter 7. Regulatory ComplianceSecurity QuestionnairesSOCType IType IIType IIICloud Security AllianceCCMCAIQCIS ControlsPCI DSSISONISTFedRampChapter 8. ArchitecturesZero TrustCloud-NativeHybridEphemeral ImplementationsAccountsInstancesPrivilegesCHAPTER 9. Imposter SyndromeCHAPTER 10. RECOMMENDATIONSCHAPTER 11. CONCLUSION
Kubernetes Application Developer
Write efficient, smart, and optimized code for containerized applications on public and private clouds at a generic level. This book shows you how to set up microservices that are robust, scalable, and capable of running on GKE (Google Kubernetes Service), AKS (Azure Kubernetes Service), ECS (Elastic Container Service), or even on a vanilla K8S cluster.The book covers the nuts and bolts of container orchestration engines (COEs) and explains how to install and configure them. It also covers creation and deployment of a sample application on COEs. You will learn how to integrate different applications such as OAuth and how to test them and secure them using Istio Citadel. You also will be taught how to create HPA rules for microservices and scale only those microservices that require it, making your stack intelligent. In the concluding chapter, the book explains how to build a SaaS solution from scratch, running on the cloud with automated deployments accessed publicly via a secured ingress K8S controller.By the end of the book, you will have a good understanding of developing microservices and how to design and create a software solution on the cloud.WHAT YOU WILL LEARN* Build software on Kubernetes in the most optimized way* Interact with Kubernetes using client SDKs in Python, Go, nodejs, etc.* Create a testing and deployment CI/CD system for software stacks* Secure your application using Istio, without writing code* Access microservices using ingress controllers and scale them using HPA rulesWHO THIS BOOK IS FORSoftware and system engineers and developersPRATEEK KHUSHALANI is a Cloud Architect at Google and works as a full stack developer in developing cloud based accelerators. Prior to Google, he worked as software developer at IBM and worked as an individual contributor on the development of SDN networking of the IBM public cloud. He has worked across industries such as software, retail, and R&D prototypes, with a focus on cloud computing and machine learning. At Google, he contributes to the development of tools which help accelerate customer's migration journey to Google Cloud Platform. Prateek has strong expertise in developing and designing IaaS, PaaS, and SaaS solutions for both public and private clouds. He holds a bachelor's degree from Birla Institute of Technology, Mesra. He is an open-source contributor and is an active writer on tech blogs.•Chapter 1, Cloud Computing and KubernetesChapter Goal:o What is cloud computingo What is Kuberneteso Different distributions of Kuberneteso Setting up a K8S cluster- for workshop purposeso Common commands of K8So Place of Kubernetes from an architecture point of view.•Chapter 2, Creating Applications on KubernetesChapter Goal:o Create an Apache http servero Create a Java Tomcat war-based servero Create a gRPC API servero Create a Rest API servero Differences when creating applications on Kubernetes.o How will the application be actually called in a production based cluster.•Chapter 3, Testing of Applications on KubernetesChapter Goal:o Creating a CI system for testing.o Using of Pytest, go test, behave and other best testing tools based on programming language.o Adding a simple CD system stage.o Coverage of code and mock of applications to replicate real time scenarios.•Chapter 4, Security of ApplicationsChapter Goal:o Creating a book inventory application composed of UI, API and DBo Using cloud services instead of reinventing the wheelo Using and understand Istio for TLS Encryption and monitoring.o Understanding authentication/authorization and RBAC systems.o Leverage all the services available rather than developing things to secure all microservices.•Chapter 5, Networking of ApplicationsChapter Goal:o Understanding the basics of networking in Kubernetes.o How containers/pod reach each other via overlay networking.o Different ways networking is configured in Kubernetes cluster.o Using name-based DNS routing in applications rather than IP’so Understanding load balancers and the features provided by it.o Using Istio to create a service mesh of microservices and see the flow of traffic between them.o Configuring Kubernetes objects such as Ingress, Service, Endpoints.•Chapter 6, Scaling of Software SolutionChapter Goal:o Identify which microservice of the solution is becoming a bottlenecko Creating HPA rules in Kubernetes to scale specific microservice.o Use case and real-world problems and solutions to them via scaling.•Chapter 7, Building a SaaS SolutionChapter Goal:o Start with nothing but a simple k8s cluster.o Create microservice with your own hands one by one.o Identify what all services are required for building a sample SaaS e commerce solution.o Creating/Configuring a UI, API, DB, business logic, monitoring software stack.o Architecting the entire solution.o Bring the stack up and testing it against load and autoscaling the solution to support any number of requests.
Verfügbarkeitsprüfung mit SAP
Bestandstransparenz, Liefertreue und die Optimierung von Durchlaufzeiten sind zentrale Wettbewerbsvorteile – besonders in globalen Lieferketten! Dieses Buch führt Sie sachkundig in die verschiedenen SAP-Lösungen für die Verfügbarkeitsprüfung (ATP) ein und erklärt deren Funktionen, Konfiguration und Integration. Neben den bewährten Lösungen von SAP ERP und SAP APO lernen Sie die neue erweiterte Verfügbarkeitsprüfung (aATP) in SAP S/4HANA kennen. Sie erfahren, wie Sie Produktion, Beschaffung und Vertrieb nahtlos steuern und so die Planungssicherheit erhöhen. Aus dem Inhalt: RückstandsbearbeitungFehlteilemanagementATP-VerfügbarkeitsprüfungBasismethoden und erweiterte OptionenRegelbasierte VerfügbarkeitsprüfungStreckenabwicklungVerfügbarkeitsprüfung gegen ProduktionRundung und SicherheitsbeständeBesonderheiten in SAP APOProduktverfügbarkeit (PAC)KontingentierungAlternativen-basierte Bestätigung (ABC) Einleitung ... 19 TEIL I. Grundlagen der Verfügbarkeitsprüfung mit SAP ... 29 1. Betriebswirtschaftlicher Hintergrund ... 31 1.1 ... Dispositionsstrategien ... 33 1.2 ... Verfügbarkeitsprüfung im Unternehmen ... 36 1.3 ... Implementierung der Verfügbarkeitsprüfung ... 41 1.4 ... Zusammenfassung ... 44 2. Verfügbarkeitsprüfung mit SAP ... 45 2.1 ... Systeme und Lösungen ... 45 2.2 ... Integration mit SAP CRM und SAP Customer Experience ... 51 2.3 ... Anwendungsszenarien und Beispielarchitekturen ... 54 2.4 ... Zusammenfassung ... 57 3. Anwendungsbereiche und Prozessintegration ... 59 3.1 ... Durchführung der Verfügbarkeitsprüfung ... 59 3.2 ... Verfügbarkeitsprüfung im Vertrieb ... 60 3.3 ... Verfügbarkeitsprüfung in der Produktion ... 72 3.4 ... Verfügbarkeitsprüfung in der Materialwirtschaft ... 77 3.5 ... Zusammenfassung ... 82 TEIL II. Verfügbarkeitsprüfung mit SAP ERP ... 83 4. Stamm- und Bewegungsdaten in SAP ERP ... 85 4.1 ... Stammdaten ... 85 4.2 ... Bewegungsdaten ... 90 4.3 ... Zusammenfassung ... 127 5. Parameter der Verfügbarkeitsprüfung in SAP ERP ... 129 5.1 ... Prüfgruppe ... 129 5.2 ... Prüfregel ... 136 5.3 ... Prüfumfang ... 139 5.4 ... Einteilungstyp ... 151 5.5 ... Bedarfsklasse und Bedarfsartenfindung ... 153 5.6 ... Sperrlogik ... 163 5.7 ... Transport- und Versandterminierung ... 165 5.8 ... Zusammenfassung ... 173 6. Prüfmethoden in SAP ERP ... 175 6.1 ... Überblick ... 176 6.2 ... ATP-Verfügbarkeitsprüfung ... 177 6.3 ... Verfügbarkeitsprüfung gegen Vorplanung ... 192 6.4 ... Verfügbarkeitsprüfung gegen Kontingente ... 222 6.5 ... Montageabwicklung ... 236 6.6 ... Zusammenfassung ... 240 7. Fehlteilemanagement in SAP ERP ... 241 7.1 ... Kostenoptimales Bestandsniveau ... 241 7.2 ... Fehlteileidentifizierung ... 243 7.3 ... Fehlteileauswertung ... 247 7.4 ... Fehlteileinformationsmeldung ... 250 7.5 ... Zusammenfassung ... 257 8. Rückstandsbearbeitung in SAP ERP ... 259 8.1 ... Negative Prüfungsergebnisse ... 259 8.2 ... Manuelle Rückstandsbearbeitung ... 261 8.3 ... Neuterminierung ... 265 8.4 ... Zusammenfassung ... 271 TEIL III. Verfügbarkeitsprüfung mit SAP S/4HANA ... 273 9. Einführung in die Verfügbarkeitsprüfung mit SAP S/4HANA ... 275 9.1 ... Standard-Verfügbarkeitsprüfung in SAP S/4HANA ... 276 9.2 ... Erweiterte Verfügbarkeitsprüfung (aATP) in SAP S/4HANA ... 278 9.3 ... Zusammenspiel der einzelnen Funktionen der erweiterten Verfügbarkeitsprüfung ... 291 9.4 ... Merkmalskataloge in der erweiterten Verfügbarkeitsprüfung ... 293 9.5 ... Zusammenfassung ... 294 10. Kontingentierung ... 295 10.1 ... Customizing zur Nutzung der Kontingentierung ... 296 10.2 ... SAP-Fiori-Apps für die Kontingentierung ... 298 10.3 ... Kontingentierung konfigurieren ... 300 10.4 ... Kontingentierungsplandaten verwalten ... 302 10.5 ... Kontingentierungssequenzen verwalten ... 304 10.6 ... Produkte zur Kontingentierung zuordnen ... 307 10.7 ... Kontingentierungsübersicht ... 308 10.8 ... SAP-Beispiel für die Kontingentierung ... 309 10.9 ... Zusammenfassung ... 319 11. Verfügbarkeitsschutz ... 321 11.1 ... Customizing zur Nutzung des Verfügbarkeitsschutzes ... 321 11.2 ... SAP-Fiori-Apps für den Verfügbarkeitsschutz ... 322 11.3 ... Grundlagen des Verfügbarkeitsschutzes ... 323 11.4 ... Konfiguration des Verfügbarkeitsschutzes ... 328 11.5 ... SAP-Beispiel für den Verfügbarkeitsschutz ... 333 11.6 ... Zusammenfassung ... 340 12. Alternativenbasierte Bestätigung ... 341 12.1 ... Customizing zur Aktivierung der alternativenbasierten Bestätigung ... 342 12.2 ... SAP-Fiori-Apps zur Konfiguration der alternativenbasierten Bestätigung ... 343 12.3 ... Grundlagen der Werks- und Lagerortersetzung ... 344 12.4 ... Grundlagen der Produktersetzung ... 355 12.5 ... Die alternativenbasierte Bestätigung konfigurieren ... 356 12.6 ... SAP-Beispiel für die alternativenbasierte Bestätigung ... 361 12.7 ... Zusammenfassung ... 365 13. Rückstandsbearbeitung ... 367 13.1 ... SAP-Fiori-Apps für die Rückstandsbearbeitung ... 368 13.2 ... Grundlagen der Rückstandsbearbeitung in SAP S/4HANA ... 369 13.3 ... Konfiguration der Rückstandsbearbeitung ... 375 13.4 ... SAP-Beispiel für die Rückstandsbearbeitung ... 384 13.5 ... Manuelle Freigabe von Lieferungen ... 387 13.6 ... Zusammenfassung ... 390 TEIL IV. Verfügbarkeitsprüfung mit SAP APO ... 391 14. SAP-APO-Systemintegration ... 393 14.1 ... Core Interface (CIF-Schnittstelle) ... 394 14.2 ... Schnittstellenkonfiguration ... 396 14.3 ... Integrationsmodelle ... 400 14.4 ... Zusammenfassung ... 410 15. Parameter der Verfügbarkeitsprüfung in SAP APO ... 411 15.1 ... Grundlagen ... 411 15.2 ... Prüfvorschrift ... 413 15.3 ... Allgemeine Customizing-Einstellungen ... 428 15.4 ... Zusammenfassung ... 434 16. Prüfmethoden in SAP APO ... 435 16.1 ... Grundlagen ... 435 16.2 ... Produktverfügbarkeitsprüfung ... 436 16.3 ... Kontingentierung ... 458 16.4 ... Prüfung gegen Vorplanung ... 480 16.5 ... Zusammenfassung ... 490 17. Erweiterte Prüfmethoden in SAP APO ... 493 17.1 ... Kombination von Basismethoden ... 493 17.2 ... Regelbasierte Verfügbarkeitsprüfung ... 498 17.3 ... Streckenabwicklung ... 537 17.4 ... Prüfung gegen die Produktion ... 543 17.5 ... Zusammenfassung ... 564 18. Zusatzfunktionen der Verfügbarkeitsprüfung in SAP APO ... 565 18.1 ... Mehrpositionen-Einzellieferlokation ... 565 18.2 ... Konsolidierung in einer Konsolidierungslokation ... 570 18.3 ... Sicherheitsbestände in der Verfügbarkeitsprüfung berücksichtigen ... 578 18.4 ... Rundung in der Verfügbarkeitsprüfung ... 585 18.5 ... Korrelationsrechnung ... 599 18.6 ... Zusammenfassung ... 603 19. Ergebnis und Analyse der Verfügbarkeitsprüfung ... 605 19.1 ... Ergebnisdarstellung ... 605 19.2 ... Simulation ... 612 19.3 ... Verfügbarkeitsübersichten ... 614 19.4 ... ATP-Alerts ... 615 19.5 ... Analyse ... 617 19.6 ... Zusammenfassung ... 625 20. Rückstandsbearbeitung in SAP APO ... 627 20.1 ... Rückstandsbearbeitung im Hintergrund ... 627 20.2 ... Interaktive Rückstandsbearbeitung ... 646 20.3 ... Ereignisgesteuerte Mengenzuordnung ... 648 20.4 ... Zusammenfassung ... 660 21. Transport- und Versandterminierung in SAP APO ... 661 21.1 ... Grundlagen ... 661 21.2 ... Terminierung mit Konditionstechnik ... 671 21.3 ... Terminierung mit der konfigurierbaren Prozessterminierung ... 674 21.4 ... Terminierung mit SNP-Stammdaten ... 682 21.5 ... Terminierung mit der dynamischen Routenfindung ... 683 21.6 ... Simulation der Transport- und Versandterminierung ... 685 21.7 ... Zusammenfassung ... 689 Die Autoren ... 691 Index ... 693
Icinga
Monitoring – Grundlagen und PraxisNach der Einführung in die Komponenten einer Icinga-Umgebung, den wichtigsten Begriffen, der Installation und der Bedienoberfläche Icinga Web 2 folgt der praktische Einstieg in die Überwachung mit Icinga. Anhand einer fiktiven Firma wird die Einarbeitung in die Konfigurationssprache Icinga DSL gezeigt.Zentraler Punkt in diesem Buch ist die Überwachung von Linux- und Windows-Systemen mit dem Icinga-Agenten sowie generell die verteilte Überwachung mit Einsatz von Satelliten-Systemen. An praktischen Beispielen werden die erworbenen Icinga-DSL-Kenntnisse weiter vertieft: Plugins gängiger Netzwerkdienste, Einsatz von Datenbanken wie PostgreSQL, MariaDB, Oracle oder Microsoft SQL und die Einbeziehung von Virtualisierungsplattformen. Weitere Kapitel über Benachrichtigung und Abhängigkeiten, den Icinga-Director als grafikgestütztes Konfigurations-Tool, über Hochverfügbarkeit und Logmanagement, über das Modellieren von Businessprozessen und die Integration der Erfassung und Darstellung zeitlicher Verläufe runden dieses Buch ab.Autor:Lennart Betz arbeitet als Consultant und Trainer bei der Nürnberger NETWAYS GmbH. Seine Hauptarbeitsgebiete sind Planung, Aufbau und Betreuung von Monitoringlösungen, Konfigurationsmanagement und weitere Automatisierungsthemen. Schon früh während seines Mathematikstudiums beschäftigte er sich mit Freier Software und verfolgt dies auch seit dem Abschluss in seiner beruflichen Tätigkeit konsequent weiter.
Software Defined Networks
SOFTWARE DEFINED NETWORKSSOFTWARE DEFINED NETWORKING SUGGESTS AN ALTERNATIVE WORLDVIEW, ONE THAT COMES WITH A NEW SOFTWARE STACK TO WHICH THIS BOOK IS ORGANIZED, WITH THE GOAL OF PRESENTING A TOP-TO-BOTTOM TOUR OF SDN WITHOUT LEAVING ANY SIGNIFICANT GAPS THAT THE READER MIGHT SUSPECT CAN ONLY BE FILLED WITH MAGIC OR PROPRIETARY CODE.Software defined networking (SDN) is an architecture designed to make a network more flexible and easier to manage. SDN has been widely adopted across data centers, WANs, and access networks and serves as a foundational element of a comprehensive intent-based networking (IBN) architecture. Although SDN has so far been limited to automated provisioning and configuration, IBN now adds “translation” and “assurance” so that the complete network cycle can be automated, continuously aligning the network to business needs. In 14 chapters, this book provides a comprehensive understanding of an SDN-based network as a scalable distributed system running on commodity hardware. The reader will have a one-stop reference looking into the applications, architectures, functionalities, virtualization, security, and privacy challenges connected to SDN. AUDIENCEResearchers in software, IT, and electronic engineering as well as industry engineers and technologists working in areas such as network virtualization, Python network programming, CISCO ACI, software defined network, and cloud computing. ANAND NAYYAR, PHD, received his PhD in Computer Science from Desh Bhagat University in 2017 and is currently an assistant professor, Vice-Chairman (Research) and Director (IoT and Intelligent Systems Lab) in the School of Computer Science, Duy Tan University, Da Nang, Vietnam. A Certified Professional with 100+ Professional certificates from CISCO, Microsoft, Oracle, Google, Beingcert, EXIN, GAQM, Cyberoam, and many more, he has published more than 150 research articles and ISI journals, edited 30+ books, and has 60 patents to his credit.BHAWNA SINGLA, PHD, received her PhD from Thapar University, Patiala, India and is currently a professor in the Computer Science and Engineering Department, PIET College of Engineering and Technology, Samalkha, Panipat, India. She has more than 18 years of academic experience and has published more than 35 research papers in international journals/conferences and edited books. PREETI NAGRATH, PHD, is an associate professor in Bharati Vidyapeeth’s College of Engineering. She has more than 16 years of academic experience and has published more than 60 research papers in SCI-indexed journals. Preface xxi1 INTRODUCTION TO SOFTWARE DEFINED NETWORKING 1Subhra Priyadarshini Biswal and Sanjeev Patel1.1 Introduction 21.2 Terminology and Architecture 51.2.1 Infrastructure Layer 91.2.2 Southbound Interfaces Layer 111.2.3 Network Hypervisors Layer 111.2.4 Controller Layer 121.2.5 Northbound Interfaces 131.3 The Role of Network Operating Systems 141.4 SDN Versus NFV 161.5 The Role of NFV into SDN-Based IoT Systems 171.6 Challenges and Future Directions 191.7 Applications of SDN in IT Industries 211.8 Conclusion and Future Scope 23References 242 SOFTWARE-DEFINED NETWORKS: PERSPECTIVES AND APPLICATIONS 29Inderjeet Kaur, Anupama Sharma, Amita Agnihotri and Charu Agarwal2.1 Introduction 302.2 SDN Architecture 322.2.1 Key Takeaways of SDN Architecture 352.2.2 Open Flow 362.3 Functionalities of SDN 392.3.1 SDN Benefits 402.4 SDN vs. Traditional Hardware-Based Network 412.5 Load Balancing in SDN 442.5.1 SDN-Based Load Balancer in Cloud Computing 472.5.2 SDN Without Cloud Computing 492.6 SDN Security 492.6.1 Security Threats and Attacks 512.7 SDN Applications 532.8 Research Directions 552.9 Conclusion 55References 563 SOFTWARE-DEFINED NETWORKS AND ITS APPLICATIONS 63Rajender Kumar, Alankrita Aggarwal, Karun Handa, Punit Soni and Mukesh Kumar3.1 Introduction 643.2 SDN vs Traditional Networks 653.3 SDN Working: A Functional Overview 673.4 Components and Implementation Architecture 683.4.1 Components of an SDN 683.4.1.1 SDN Application 683.4.1.2 SDN Controller 693.4.1.3 SDN Datapath 693.4.1.4 SDN Control to Data-Plane Interface (CDPI) 693.4.1.5 SDN Northbound Interfaces (NBI) 693.4.1.6 SDN Control Plane: Incorporated-Hierarchical-Distributed 693.4.1.7 Controller Placement 703.4.1.8 OpenFlow and Open Source in SDN Architecture 703.4.2 SDN Design 703.4.2.1 Northward APIs 713.4.2.2 Southward APIs 713.4.2.3 Orchestrator 713.4.2.4 Controller 713.4.2.5 Compute 713.5 Implementation Architecture 723.6 Pros and Cons of SDN 723.6.1 SDN Misconceptions 733.6.2 Pros of SDN 733.6.2.1 Centralized Network Provisioning 733.6.2.2 Holistic Enterprise Management 733.6.2.3 More Granular Security 743.6.2.4 Lower Operating Costs 743.6.2.5 Hardware-Savings and Reduced Capital Expenditures 743.6.2.6 Cloud Abstraction 753.6.2.7 Guaranteed Content Delivery 753.6.3 Cons of SDN 753.6.3.1 Latency 753.6.3.2 Maintenance 753.6.3.3 Complexity 753.6.3.4 Configuration 763.6.3.5 Device Security 763.7 SDN Applications 763.7.1 SDN Environment for Applications 763.7.1.1 Internal SDN Applications 773.7.1.2 External SDN Applications 773.7.1.3 Security Services 773.7.1.4 Network Monitoring and Intelligence 773.7.1.5 Data Transmission Management 783.7.1.6 Content Availability 783.7.1.7 Guideline and Compliance-Bound Applications 783.7.1.8 Elite Applications 793.7.1.9 Circulated Application Control and Cloud Integration 793.7.2 Common Application of SDN in Enterprise Networks 793.7.2.1 Further Developed Security 803.7.2.2 Diminished Working Expenses 803.7.2.3 A Superior Client Experience 813.7.3 SDN Drives in the Enterprise 813.7.3.1 Bringing Together and Improving on the Administration Plane 813.7.3.2 Accomplishing Programmability of the Control Plane 813.7.3.3 Simple Client Onboarding 823.7.3.4 Simple Endpoint Security 823.7.3.5 Simple Traffic Checking 823.7.3.6 SES Client Onboarding 833.7.3.7 Client Onboarding 833.7.3.8 SES Simple Endpoint Security: Distinguishing Dubious Traffic 833.7.3.9 SES Simple Traffic Observing 843.7.3.10 Synopsis 843.7.4 SDN Stream Sending (SDN) 843.7.4.1 Proactive Versus Reactive Versus Hybrid 843.7.4.2 DMN 853.7.4.3 SD-WAN 853.7.4.4 SD-LAN 853.7.4.5 Security Using the SDN Worldview 853.7.5 Security Utilizing the SDN Paradigm 863.7.6 Gathering Data Delivery Using SDN 873.7.7 Relationship of SDN to NFV 873.8 Future Research Directions of SDN 883.9 Conclusion & Future Scope 89References 904 LATENCY-BASED ROUTING FOR SDN-OPENFLOW NETWORKS 97Hima Bindu Valiveti, Meenakshi K, Swaraja K, Jagannadha Swamy Tata, Chaitanya Duggineni, Swetha Namburu and Sri Indrani Kotamraju4.1 Introduction to Generations of Networks 984.2 Features of 5G Systems 994.3 Software-Defined Networking (SDN) 1024.4 Proposed Work 1054.4.1 Path Selection Algorithm 1064.4.2 Optimized Path Selection 1064.4.2.1 Forwarding Node Selection 1064.4.2.2 Priority Scheduling 1084.4.2.3 Priority Classification 1084.5 Experimentation and Results 1094.5.1 Implementation of Traffic Streaming 1094.6 Performance Analysis 1134.7 Conclusion and Future Scope 116References 1165 QOS IMPROVEMENT EVALUATION WITH AN EFFECTIVE SWITCH ASSIGNMENT TO THE CONTROLLER IN REAL-TIME SDN ENVIRONMENT 119Jehad Ali and Byeong-hee Roh5.1 Introduction 1205.1.1 Objectives 1215.2 Architecture of SDN 1215.2.1 Data Plane 1235.2.2 Southbound (SB) APIs 1235.2.3 NB API 1245.2.4 Management Plane 1255.2.5 Control Plane 1255.3 Controller Placement Effect on the QoS 1255.4 Communication between the Control and Data Planes 1265.5 Related Works 1285.6 Parameters for Computing E2E Delay 1295.6.1 Path Discovery Delay (PD) 1295.6.2 Actual Delay (AD) 1295.7 Clustering Based on the Latency of the Emulated Mininet Network 1305.8 Results and Discussion 1315.9 Conclusion and Future Directions 133References 1346 AN INSIGHT INTO TRAFFIC ENGINEERING IN SOFTWARE-DEFINED NETWORKS 137Prabu U. and Geetha V.6.1 Introduction 1386.2 Related Works 1426.3 Review on Traffic Engineering Techniques in SDN 1456.4 Review on Traffic Engineering Techniques in Hybrid SDN 1636.5 Review on Traffic Matrix Estimation and Measurement Techniques in SDN 1696.6 Analysis and Research Direction 1776.7 Conclusion and Future Scope 179References 1797 NETWORK FUNCTIONS VIRTUALIZATION AND SDN 191Priyanka Kujur and Sanjeev Patel7.1 Introduction 1927.2 Types of Virtualizations 1947.2.1 Server Virtualization 1947.2.2 Network Virtualization 1957.2.3 Application Virtualization 1957.2.4 Desktop Virtualization 1977.2.5 Storage Virtualization 1977.3 Wireless Network Virtualization 1987.3.1 Radio Spectrum Resources 1987.3.2 Wireless Network Infrastructure 1997.3.3 Wireless Virtual Resources 2007.3.3.1 Spectrum-Level Slicing 2007.3.3.2 Infrastructure-Level Slicing 2007.3.3.3 Network-Level Slicing 2007.3.3.4 Flow-Level Slicing 2007.3.4 Wireless Virtualization Controller 2017.4 Network Functions Virtualization and Software-Defined Network 2017.4.1 Network Virtualization 2017.4.2 Network Functions Virtualization 2017.4.2.1 Network Functions Virtualization Infrastructure 2027.4.2.2 Virtual Network Functions 2037.4.2.3 Network Functions Virtualization Management and Orchestration 2037.4.2.4 NFV Challenges 2047.4.3 Benefits of NFV 2047.4.3.1 Coexistence of Dissimilar Network 2047.4.3.2 Encouraging Network Innovation 2047.4.3.3 Deployment of Agile Network Capabilities 2047.4.3.4 Provisioning of Independent and Diverse Networks 2057.4.3.5 Resource Optimization 2057.4.3.6 Deployment of Distinct Network Services 2057.4.4 Software-Defined Networking (SDN) 2057.4.4.1 Traditional Networks 2057.4.4.2 Need for New Network Architecture 2067.4.4.3 Introduction to SDN 2067.4.4.4 SDN Implementation 2087.4.4.5 SDN Design 2087.4.4.6 SDN Operation 2097.4.5 Open Flow 2107.4.5.1 Open Flow Architecture 2117.4.5.2 Defining Flow in Open Flow 2127.4.5.3 Flow and Group Table 2137.4.6 SDN Benefits 2147.4.6.1 Centralized Network 2147.4.6.2 Programmability of the Network 2147.4.6.3 Rise of Virtualization 2147.4.6.4 Lower Operating Cost 2157.4.6.5 Device Configuration and Troubleshooting 2157.4.7 SDN Challenges 2157.4.7.1 Reliability 2157.4.7.2 Scalability 2157.4.7.3 Performance Under Latency Constraints 2167.4.7.4 Use of Low-Level Interface Between the Controller and the Network Device 2167.4.7.5 Controller Placement Problem 2167.4.7.6 Security 2177.4.8 SDN versus Traditional Network 2177.4.9 Network Function Virtualization versus SDN 2187.5 SDN Architecture 2197.5.1 Data Plane 2197.5.2 Control Plane 2207.5.3 Application Layer 2207.6 Software-Defined Networking Application 2207.6.1 Adaptive Routing 2207.6.2 Load Balancing 2217.6.3 Boundless Roaming 2217.6.4 Network Maintenance 2227.6.5 Network Security 2227.6.6 SDN for Cloud Computing 2227.6.7 Internet of Things 2247.7 Conclusion and Future Scope 224References 2258 SDN-ENABLED NETWORK VIRTUALIZATION AND ITS APPLICATIONS 231Anil Kumar Rangsietti and Siva Sairam Prasad Kodali8.1 Introduction 2328.2 Traditional Cloud Data Centers 2348.2.1 SDN for Enabling Innovative Traffic Engineering Tasks in Cloud Data Centers 2368.2.1.1 Optimal Routing Mechanisms 2368.2.1.2 Flexible Traffic Steering During Network Failure Recovery 2388.2.1.3 Improved Topology Management Mechanisms 2388.2.1.4 Innovative Traffic Analysis and Monitoring Mechanisms 2398.2.1.5 General Challenges in Adopting SDN 2398.2.2 SDN Role in Flexible Network Virtualization 2418.2.2.1 Sharing of Physical Infrastructure and Enforcing Multiple Customer Policies 2428.2.2.2 Strict Customer Policies Enforcement and Service Level Agreements (SLA) Guarantee 2438.2.2.3 Failures of Devices or Links 2438.2.2.4 Optimal Utilization of Cloud Resources 2448.3 Importance of SDN in Network Function Virtualization (NFV) 2458.3.1 Network Service Chaining (NSC) 2488.3.2 Importance of NFs Placement in a Cloud Environment 2498.3.3 Importance of NF Placement and Scaling in NSC 2518.4 SDN and Network Virtualization Role in Evolution of Next-Generation Wi-Fi and Mobile Networks 2538.4.1 Software-Defined Solutions for Enterprise Wireless LANs (WLANs) 2538.4.1.1 Software-Defined APs 2548.4.1.2 SDN Switches and Controller 2568.4.2 Software-Defined Mobile Networks and Telecommunication Clouds 2588.4.3 Necessity and Importance of Telecommunication Clouds 2598.4.3.1 SDN- and NFV-Enabled Cloud Environments 2608.4.3.2 Lightweight Virtualization Technologies 2618.4.3.3 Novel Application Architecture, Such as Cloud Native Applications and Microservices 2638.5 SDN and NFV Role in 5G and Smart Cities 2648.5.1 SDN and NFV Role in Designing Deployment Environment for IoT Applications 2658.5.2 Cloud-Fog-Edge Computing Environments 2668.5.3 SDN- and NFV-Enabled 5G and Network Slicing Deployment 2698.6 Conclusions and Future Scope 271References 2729 SOFTWARE-DEFINED NETWORKING: RECENT DEVELOPMENTS AND POTENTIAL SYNERGIES 279Jasminder Kaur Sandhu, Bhawna Singla, Meena Pundir, Sanjeev Rao and Anil Kumar Verma9.1 Introduction 2809.2 Characteristics of Software-Defined Networking 2829.2.1 Open Standards and Vendor Neutral 2829.2.2 Centrally Managed 2839.2.3 Decoupled 2839.2.4 Dynamic/Agile 2839.2.5 Flow-Based Management 2839.2.6 Programmable 2839.3 Applications of Software-Defined Networking 2849.3.1 Specific Purposes 2849.3.1.1 Network Management 2849.3.1.2 Middle-Box 2849.3.2 Security 2859.3.3 Networks 2859.3.3.1 Optical Network 2869.3.3.2 Home Network 2869.3.3.3 Wireless Network 2869.4 Security Issues in Software-Defined Networking 2879.4.1 Authentication and Authorization 2879.4.2 Access Control and Accountability 2889.4.3 Threats from Applications 2899.4.4 Threats Due to Scalability 2899.4.5 Denial of Service (DoS) Attacks 2909.4.6 Challenges in Distributed Control Plane 2909.5 Potential Attacks in Software-Defined Networking 2919.5.1 Spoofing 2919.5.2 ARP Spoofing 2919.5.2.1 IP Spoofing 2939.5.3 Tampering 2939.5.4 Repudiation 2949.5.5 Information Disclosure 2959.5.6 DoS 2959.5.7 Elevation of Privilege 2969.6 Solutions to Security Issues and Attacks in Software-Defined Networking 2979.6.1 Spoofing 2979.6.1.1 ARP Spoofing 2979.6.1.2 IP Spoofing 3019.6.2 Tampering 3019.6.3 Repudiation 3019.6.3.1 Nonrepudiation Verification 3019.6.3.2 Accountability 3029.6.4 Information Disclosure 3029.6.4.1 Scanning-Based Solutions 3029.6.4.2 Information Disclosure Countermeasure 3029.6.5 Denial of Service (DoS) 3029.6.6 Elevation of Privilege 3039.7 Software-Defined Networking Framework 3039.7.1 Global Flow Table 3049.7.2 VNGuard 3049.8 Security Enhancement Using the Software-Defined Networking Framework 3059.8.1 SDN Firewall 3059.8.2 Access Control 3079.8.3 Intrusion Detection System/Intrusion Prevention System (IDS/IPS) 3079.8.4 SDN Policies 3079.8.5 Monitoring and Auditing 3089.8.6 Privacy Protection 3089.8.7 SDN WiFi Networks 3089.8.8 Mobile SDN 3099.8.9 BYOD 3099.8.10 SDN Open Labs 3099.9 Open Challenge 3109.9.1 Interaction Between Different Controllers and Switches 3109.9.2 Controller Security 3109.9.3 Managing Heterogenous Controllers 3109.9.4 Standard Protocol for Controller 3119.9.5 Standard Protocol Between Control and Management Plane 3119.9.6 Managing the Load Between Controllers 3119.10 Recommended Best Practices 3119.10.1 Authentication 3129.10.2 Access Control 3129.10.3 Data Confidentiality 3129.10.4 Nonrepudiation 3129.10.5 Data Integrity 3139.10.6 Communication Security 3139.10.7 Privacy 3139.10.8 Availability 3139.11 Conclusion and Future Scope 314References 31510 SECURITY CHALLENGES AND ANALYSIS FOR SDN-BASED NETWORKS 321Priyanka Kujur, Subhra Priyadarshini Biswal and Sanjeev Patel10.1 Introduction 32210.2 Threat Model 32510.2.1 Spoofing 32510.2.2 Tampering 32510.2.3 Repudiation 32510.2.4 Information Disclosure 32510.2.5 Denial of Service 32610.2.6 Elevation of Privileges 32610.2.7 Threats in SDN Networks 32610.2.7.1 Attack Surface in SDN 32610.2.7.2 Security Issues in SDN 32710.2.7.3 Addressing SDN Security Matters 32810.2.7.4 Attack to the SDN Architecture 32810.2.8 Policy-Based SDN Security Architecture 33010.3 Control Plane Security of SDN 33110.3.1 Application Coexistence 33110.3.2 Flow Constraints vs. Flow Circuits 33210.3.3 An Application Permission Model 33210.3.4 Application Accountability 33210.3.5 Toward a Security-Enhanced Control Layer 33210.4 Security Analysis 33210.5 Network-Wide Security in SDN 33310.5.1 Security Systems Development 33410.5.2 Flow Sampling 33510.5.3 Traffic Monitoring 33610.5.4 Access Control 33710.5.5 Content Inspection 33710.5.6 Network Resilience 33810.5.7 Security Middle Boxes 33910.5.8 Security Challenges in SDN 33910.6 SDN-Based Virtual and Cloud Networks Security 34010.6.1 Virtual Networks Security 34010.6.2 Cloud Networks Security 34010.7 SDN-Based Secure IoT Frameworks 34110.8 Conclusion and Future Scope 341References 34211 A NOVEL SECURE SDN ARCHITECTURE FOR RELIABLE DATA TRANSMISSION IN 5G NETWORKS 347J. Sathiamoorthy, Usha M. and R. Bhagavath Nishant11.1 Introduction 34811.1.1 Organization of the Chapter 35211.2 Related Work 35211.3 SDN-5G Networks—What Does the Future Hold? 35611.4 Layers in SDN-5G Networks 35811.5 Security Threats 35911.5.1 Control Plane 36011.5.2 Data Plane 36111.5.3 Application Plane 36111.6 SDN-5G Networks—Possible Attacks and Threats 36211.6.1 Distributed Denial of Services (DDoS) 36211.6.2 Solution for DDoS—To Analyze User’s Behavior via Detection Through Entropy 36311.6.3 Solution for Packet Sniffing 36311.6.4 Steps in the Handshake Process 36411.6.5 ARP Spoofing Attack 36511.6.5.1 ARP Authentication 36511.6.5.2 Operating System Patching 36511.6.5.3 API Exploitation 36611.6.5.4 Password Guessing or Brute Force 36611. 7 Proposed Methodology 36711.7.1 Strong Security Architecture for SDN-Based 5G Networks 36711.8 Security Analysis 37311.8.1 IP Spoofing 37311.8.2 MITM Attack 37911.8.3 Replay Attack 37911.9 Conclusion and Future Scope 388References 38812 SECURITY AND PRIVACY ISSUES IN 5G/6G-ASSISTED SOFTWARE-DEFINED NETWORKS 391Durbadal Chattaraj and Ashok Kumar Das12.1 Introduction 39212.1.1 SDN Applications 39412.1.2 Security and Privacy Issues in SDN 39612.1.3 Chapter Contributions 39712.1.4 Chapter Organization 39712.2 Security and Functionality Requirements in SDN 39812.3 Network and Threat Models 39912.3.1 Network Model 39912.3.2 Adversary Model 40212.4 Taxonomy of Security Protocols in SDN 40512.5 Security Solutions in SDN 40612.5.1 Authentication 40712.5.2 Access Control 40812.5.3 Key Management 40912.5.4 Intrusion Detection 41012.5.5 Blockchain-Based Security Solution 41212.6 Comparative Analysis 41312.6.1 Comparative Analysis on Communication and Computational Costs 41412.6.2 Comparative Analysis on Security Features 41512.7 Conclusion and Future Scopes 419References 42013 EVOLVING REQUIREMENTS AND APPLICATION OF SDN AND IOT IN THE CONTEXT OF INDUSTRY 4.0, BLOCKCHAIN AND ARTIFICIAL INTELLIGENCE 427Sunil Kr. Singh, Sunil Kr Sharma, Dipesh Singla and Shabeg Singh Gill13.1 Introduction 42813.2 Objectives of the Chapter 43013.3 Organization of the Chapter 43113.4 Software-Defined Network Architecture 43113.4.1 SDN Planes 43413.4.1.1 Control Plane 43413.4.1.2 Data Plane 43413.4.1.3 Application/Management Plane 43513.4.2 QoS: Quality of Service 43613.4.2.1 Jitter 43613.4.2.2 Packet Loss 43613.4.2.3 Bandwidth 43713.4.2.4 Latency 43713.4.3 OpenQoS 43713.4.4 Secondnet 43813.4.5 OpenQFlow 44013.4.6 CloudNaaS 44113.4.7 Scalable QoS and Automated Control for Network Convergence 44213.5 Security 44213.5.1 Fresco 44213.5.2 NetFuse 44313.5.3 Scalability 44413.5.4 DIFANE 44413.5.5 DevoFlow 44513.5.6 Maestro 44513.5.7 Load Balancing 44613.5.8 AsterX 44613.5.9 OpenFlow-Based Server Load Balancing Gone Wild 44713.6 Software-Defined Network (SDN) With IoT 44713.7 SDN-Based IoT Architecture 44813.7.1 IoT’s Architecture With Software Programming Functions 44913.7.2 SDN Controllers 44913.7.3 Gateways/Routers 45113.7.4 Sinks 45213.7.5 Data Center 45213.7.6 Design Principles 45313.7.7 Dynamic Deployment of Security Policies 45413.8 Role of SDN and IoT in Industry 4.0 45613.8.1 Industry 4.0 Explained 45713.8.1.1 Mass Customization 45713.8.1.2 Flexibility 45713.8.1.3 Additive Manufacturing 45713.8.1.4 Better Decision Making 45813.8.1.5 Simulation and Digital Twins 45813.8.1.6 Integrated Supply Chain 45813.8.1.7 Energy Management 45813.8.1.8 Creating Value from Big Data 45913.8.1.9 Cyber-Physical Systems 45913.8.2 Brokerage Services 46213.8.3 Man4Ware 46413.8.4 Security 46613.8.5 Additional Advanced Service Alternatives 46713.8.6 Interconnection and Integration Between IoT and Industry 4.0 46713.9 Work in Related Domains of IoT 46813.10 IoT Computing and Management With SDN 47013.10.1 Edge Computing 47013.10.2 Convergence of NFV and Edge Computing 47113.10.3 Use of Artificial Intelligence (AI) in Software-Defined Networks (SDN) 47213.10.4 SDN Network Structure and OpenFlow (OF) Protocol 47313.11 Scope of Blockchain to Secure IoT Using SDN 47413.11.1 The Architecture of Blockchain-Based SDN 47513.11.2 Workflow of BC-SDN and Smart Contracts 47713.11.2.1 Key Components of Workflow 47813.12 SDN in Various Emerging Areas of IoT 48113.13 Conclusion and Future Scope 486References 48914 SDN-BASED CLOUD COMBINING EDGE COMPUTING FOR IOT INFRASTRUCTURE 497Jyoti Snehi, Manish Snehi, Devendra Prasad, Sarita Simaiya, Isha Kansal and Vidhu Baggan14.1 Introduction 49814.1.1 Architecture of SDN vs. Traditional Networks 50314.1.2 SDN/NFV Tiers 50414.1.3 Objective of Chapter 50914.1.4 Organization of Chapter 50914.2 Challenges with SDN-Based Cloud and NFV Technologies for IoT 51014.3 Literature Survey 51914.4 Knowledge-Driven SDN-Based IoT Architecture That Leverages Edge Cloud 52614.5 Discussion and Future Recommendation 53214.6 Conclusion 533References 533Index 541
Microsoft 365 - das umfassende Handbuch (6. Auflg.)
Microsoft 365 für Administratoren, 6. aktualisierte AuflageDas Standardwerk für die Administration von Microsoft 365! Mit den erprobten Anleitungen dieses umfassenden Handbuchs administrieren Sie die Daten Ihres Unternehmens sicher in der Cloud. Ob Sie die Microsoft 365-Dienste in Ihre bestehende IT-Infrastruktur integrieren wollen oder Ihre Nutzerdaten in die Microsoft-Cloud migrieren möchten: Markus Widl, Technologieberater für Microsoft 365, zeigt Ihnen von der Active-Directory-Integration bis zur Automation von wiederkehrenden Aufgaben mit der PowerShell die besten Lösungen bei der Arbeit mit Microsoft 365. Getestete Skripte und ein großes Referenz-Poster inklusive.Aus dem Inhalt:Was ist Microsoft 365?GrundkonfigurationArbeit mit der PowerShellIdentitäten und Active-Directory-SynchronisierungOffice, Project und VisioOneDrive for Business Online, Skype for Business OnlineAzure Rights Management ServicesExchange Online, SharePoint OnlineMicrosoft TeamsDelve und MyAnalyticsWeitere Dienste: Yammer, Planer, Sway, Teams, Mobile Device ManagementLeseprobe (PDF-Link)Zum Autor:Markus Widl arbeitet seit mehr als 20 Jahren als Berater, Entwickler und Trainer in der IT. Sein Fokus liegt auf Cloudtechnologien wie Microsoft 365 und Azure.
Produktentwicklung mit SAP Recipe Development
Von der Produktidee über die Verwaltung von Spezifikationen und Inhaltsstoffen bis hin zur Etikettierung und Übergabe an die Produktion: In diesem Buch erfahren Sie, welche Funktionen in SAP Recipe Development zur Verfügung stehen. Die Autorin veranschaulicht, wie Sie SAP Recipe Development erfolgreich in Ihre Systemlandschaft einbinden und die passenden Customizing-Einstellungen finden. Auch die Umstellung auf SAP S/4HANA wird behandelt. Aus dem Inhalt: Produktentwicklung in der ProzessindustrieIntegration in QM, PP und PSICF-Services, Transporte, StandardrollenStammdatenSpezifikationFormeln und BerechnungsergebnisseHerstellverfahren und ProzesseEtikettierungReports, Hilfsmittel und TabellenSAP ERP vs. SAP S/4HANASAP Recipe Management vs. SAP Recipe Development Vorwort ... 19 Einleitung ... 21 1. Technische Voraussetzungen und Grundkonfiguration ... 27 1.1 ... Verfügbarkeit ... 28 1.2 ... Softwarekomponente ... 29 1.3 ... Relevante Server ... 30 1.4 ... Business Functions ... 33 1.5 ... Switch BC-Sets ... 35 1.6 ... OData-Services und ICF-Services ... 37 1.7 ... Transporte ... 41 1.8 ... Standardinhalte generieren ... 42 1.9 ... Standardrollen ... 50 1.10 ... ALE-Verteilung ... 51 1.11 ... Zusammenfassung ... 58 2. Stammdaten ... 59 2.1 ... Stammdaten von SAP Recipe Development ... 60 2.2 ... Stammdaten angrenzender SAP-Komponenten ... 71 2.3 ... Zusammenfassung ... 78 3. Spezifikation -- Funktionsumfang und grundlegende Stammdatenobjekte ... 79 3.1 ... Funktionsumfang ... 80 3.2 ... Phrasenverwaltung ... 105 3.3 ... Merkmal ... 112 3.4 ... Klasse ... 126 3.5 ... Zusammenfassung ... 131 4. Spezifikation -- Customizing ... 133 4.1 ... Spezifikationstypen ... 134 4.2 ... Spezifikationsarten ... 138 4.3 ... Berechtigungsgruppen ... 144 4.4 ... Identifikatoren ... 147 4.5 ... Stoffnatur ... 152 4.6 ... Materialzuordnung ... 154 4.7 ... Beziehungen ... 156 4.8 ... Komponentenarten ... 158 4.9 ... Ausnahmewerte ... 163 4.10 ... Verwendung und Verwendungsprofile ... 167 4.11 ... Bewertungsart ... 172 4.12 ... Eigenschaftsbaum ... 183 4.13 ... Änderungsdienst ... 196 4.14 ... Kopfstatus ... 197 4.15 ... Vererbung und Kopie ... 203 4.16 ... Funktionen im Menü definieren ... 208 4.17 ... Ausgabemethoden ... 210 4.18 ... Daten für das Rezept ... 211 4.19 ... Spezifikationssuche ... 215 4.20 ... Zusammenfassung ... 217 5. Grundlagen des Rezepts ... 219 5.1 ... Funktionsumfang ... 219 5.2 ... Formel, Berechnungsergebnisse und Prozess ... 256 5.3 ... Rezeptarten ... 260 5.4 ... Rezeptzwecke definieren ... 268 5.5 ... Allgemeine Einstellungen ... 269 5.6 ... Berechtigungsgruppen ... 274 5.7 ... Funktionen in der Rezeptentwicklung ausblenden ... 276 5.8 ... Status ... 277 5.9 ... Vorgabenprüfung ... 284 5.10 ... Massenänderung ... 284 5.11 ... Eigenschaftsspezifikation ... 290 5.12 ... Rezeptsuche ... 295 5.13 ... Zusammenfassung ... 300 6. Formel und Berechnungsergebnisse ... 301 6.1 ... Formel ... 301 6.2 ... Berechnungsergebnisse ... 326 6.3 ... Darstellung der Berechnungsergebnisse ... 354 6.4 ... Zusammenfassung ... 362 7. Herstellverfahren in der Sicht »Prozess« ... 363 7.1 ... Prozessgrundlagen ... 363 7.2 ... Prozesselemente ... 364 7.3 ... Ausrüstungsanforderung ... 375 7.4 ... Prozessparameter ... 377 7.5 ... Prozessbaustein ... 380 7.6 ... Zusammenfassung ... 390 8. Etikett ... 391 8.1 ... Überblick über das Etikett ... 391 8.2 ... Grund-Customizing ... 399 8.3 ... Inhaltsstoffetikett ... 411 8.4 ... Qualitatives Etikett ... 418 8.5 ... Komponentenetikett ... 422 8.6 ... Packungsetikett ... 434 8.7 ... XML-Export ... 439 8.8 ... Zusammenfassung ... 441 9. Vorgabenprüfung ... 443 9.1 ... Allgemeines ... 444 9.2 ... Grundkonfiguration ... 444 9.3 ... Vorgaben für Nährstoffe/quantitative Komponenten ... 455 9.4 ... Vorgaben für qualitative Komponenten ... 458 9.5 ... Vorgaben für Listenstoffe ... 462 9.6 ... Stoffgruppen ... 466 9.7 ... Vorgabenschnellbearbeitung ... 468 9.8 ... Ausführung der Vorgabenprüfung ... 469 9.9 ... Prüfergebnisse ... 475 9.10 ... Zusammenfassung ... 478 10. SAP Recipe Development unter SAP ERP und SAP S/4HANA -- Unterschiede ... 481 10.1 ... Benutzeroberfläche ... 481 10.2 ... Spezifikation ... 484 10.3 ... Rezept ... 493 10.4 ... Zusammenfassung ... 496 11. Integration von SAP Recipe Development mit anderen SAPKomponenten ... 497 11.1 ... Materialstamm ... 497 11.2 ... Produktion ... 504 11.3 ... Qualitätsmanagement ... 536 11.4 ... Projektsystem ... 544 11.5 ... Zusammenfassung ... 546 12. Migration der Produktentwicklung nach SAP S/4HANA ... 547 12.1 ... Wechsel nach SAP S/4HANA auf der Basis von SAP Recipe Management ... 547 12.2 ... Wechsel nach SAP S/4HANA auf der Basis von SAP Recipe Development ... 557 12.3 ... Zusammenfassung ... 557 Glossar ... 559 Die Autorin ... 565 Index ... 567
Microsoft 365
Das Standardwerk für die Administration von Microsoft 365. Mit den erprobten Anleitungen und dem fundierten Fachwissen dieses umfassenden Handbuchs administrieren Sie die Daten Ihres Unternehmens sicher in der Cloud. Egal ob Sie Microsoft 365 in Ihre bestehende IT-Infrastruktur integrieren wollen oder Ihre Nutzerdaten in die Microsoft-Dienste migrieren möchten: Markus Widl, Technologieberater für Microsoft 365, zeigt Ihnen von der Active-Directory-Integration bis zur Automation von wiederkehrenden Aufgaben mit der PowerShell die besten Lösungen bei der Administration von Microsoft 365. Getestete Skripte und ein großes Referenz-Poster inklusive. Aus dem Inhalt: Was ist Microsoft 365?GrundkonfigurationMicrosoft PowerShellIdentitäten und Active-Directory-SynchronisationOffice, Project und VisioOneDrive for Business OnlineAzure Rights Management ServicesExchange Online, SharePoint OnlineMicrosoft TeamsMicrosoft-365-GruppenDelve und MyAnalyticsYammer, Planer, Sway, Teams, Mobile Device Management, Kaizala Geleitwort ... 25 Vorwort ... 27 1. Was ist Microsoft 365? ... 31 1.1 ... Warum Microsoft 365? ... 31 1.2 ... Microsoft 365 und Office 365 ... 32 1.3 ... Einsatzszenarien ... 34 1.4 ... Rechenzentrumsregionen ... 41 1.5 ... Sicherheit in den Rechenzentren ... 45 1.6 ... Systemvoraussetzungen ... 49 1.7 ... Lizenzierung ... 54 1.8 ... FastTrack Center ... 68 1.9 ... So geht es weiter ... 71 2. Grundkonfiguration ... 73 2.1 ... Einen Microsoft 365-Mandanten anlegen ... 73 2.2 ... Microsoft 365-Portal und Microsoft 365 Admin Center ... 76 2.3 ... Abonnements ... 86 2.4 ... Domänenverwaltung ... 89 2.5 ... Benutzerverwaltung ... 100 2.6 ... Berichte ... 116 2.7 ... Dienststatus ... 117 2.8 ... Nachrichtencenter ... 118 2.9 ... Problembehebung ... 118 2.10 ... So geht es weiter ... 123 3. Microsoft PowerShell ... 125 3.1 ... Wozu PowerShell? ... 125 3.2 ... Start der PowerShell ... 127 3.3 ... Kernkomponenten der PowerShell ... 131 3.4 ... Cmdlets ... 135 3.5 ... Aliasse ... 140 3.6 ... Klassen und Objekte ... 142 3.7 ... Pipeline ... 150 3.8 ... Wichtige Cmdlets ... 153 3.9 ... Variablen ... 161 3.10 ... Funktionen und Filter ... 162 3.11 ... Skripte ... 165 3.12 ... Snap-ins und Module ... 176 3.13 ... PowerShell-Remoting ... 177 3.14 ... PowerShell und Microsoft 365 ... 179 3.15 ... PowerShell und Active Directory ... 217 3.16 ... So geht es weiter ... 220 4. Identitäten und Active Directory-Synchronisierung ... 221 4.1 ... Verschiedene Identitäten ... 221 4.2 ... Szenarien zur Active Directory-Integration ... 223 4.3 ... Synchronisierung mit AAD Connect ... 238 4.4 ... Synchronisierung mit AAD Connect Cloud Sync ... 281 4.5 ... Identitätsverbund ... 289 4.6 ... So geht es weiter ... 313 5. Office ... 315 5.1 ... Welches Office-Paket? ... 315 5.2 ... Systemvoraussetzungen ... 318 5.3 ... Administrationsübersicht ... 319 5.4 ... Installation unter Windows ... 322 5.5 ... Kompatibilität mit Add-ins und VBA-Code ... 362 5.6 ... Installation unter macOS ... 365 5.7 ... Office für das Web ... 367 5.8 ... Office auf Mobilgeräten ... 373 5.9 ... Richtlinienverwaltung ... 374 5.10 ... So geht es weiter ... 380 6. Exchange Online ... 381 6.1 ... Was ist Exchange Online? ... 382 6.2 ... Administrationsübersicht ... 387 6.3 ... PowerShell mit Exchange Online ... 393 6.4 ... Clients ... 396 6.5 ... Allgemeine Verwaltung ... 404 6.6 ... Archivierung ... 428 6.7 ... Nachrichtenfluss ... 453 6.8 ... Sicherheit ... 466 6.9 ... Exchange-Migration ... 501 6.10 ... Vollständige Exchange-Hybridkonfiguration ... 542 6.11 ... Migration öffentlicher Ordner ... 578 6.12 ... Migration anderer Postfacharten ... 580 6.13 ... SMTP-Relay ... 585 6.14 ... So geht es weiter ... 590 7. SharePoint Online ... 591 7.1 ... Was ist SharePoint Online? ... 591 7.2 ... Administrationsübersicht ... 598 7.3 ... PowerShell mit SharePoint Online ... 600 7.4 ... SharePoint-Architektur ... 601 7.5 ... Berechtigungen ... 650 7.6 ... Suche ... 679 7.7 ... Benutzerprofile ... 680 7.8 ... Terminologiespeicher ... 684 7.9 ... Dokumentcenter ... 688 7.10 ... InfoPath Forms Services ... 691 7.11 ... Business Connectivity Services (BCS) ... 692 7.12 ... Mobiler Zugriff ... 693 7.13 ... Datensicherheit ... 694 7.14 ... SharePoint Online-Migration ... 699 7.15 ... Hybridumgebungen ... 707 7.16 ... So geht es weiter ... 725 8. OneDrive for Business ... 727 8.1 ... Was ist OneDrive for Business? ... 727 8.2 ... Lizenzüberblick ... 732 8.3 ... Einschränkungen ... 733 8.4 ... Administrationsübersicht ... 733 8.5 ... PowerShell mit OneDrive for Business ... 734 8.6 ... Synchronisierung einrichten ... 735 8.7 ... OneDrive-Konfiguration ... 743 8.8 ... Dateien wiederherstellen ... 763 8.9 ... Virus- und Schadcodeerkennung ... 765 8.10 ... Integration mit lokaler SharePoint-Umgebung ... 766 8.11 ... Migration ... 767 8.12 ... Clients ... 767 8.13 ... So geht es weiter ... 768 9. Microsoft 365-Gruppen ... 769 9.1 ... Was sind Microsoft 365-Gruppen? ... 769 9.2 ... Gruppenverwaltung ... 777 9.3 ... Gruppen in Exchange-Hybridkonfigurationen ... 805 9.4 ... So geht es weiter ... 807 10. Microsoft Teams ... 809 10.1 ... Was ist Microsoft Teams? ... 809 10.2 ... Lizenzüberblick ... 824 10.3 ... Administrationsübersicht ... 836 10.4 ... PowerShell mit Teams ... 841 10.5 ... Architektur ... 842 10.6 ... Technische Vorbereitungen ... 887 10.7 ... Verwalten von Teams ... 891 10.8 ... Verwalten von Benutzern ... 897 10.9 ... Richtlinien und Einstellungen ... 899 10.10 ... Governance ... 926 10.11 ... Clients ... 970 10.12 ... Telefonie ... 976 10.13 ... Audiokonferenzen ... 1059 10.14 ... Konferenzraumsysteme ... 1063 10.15 ... Analysen und Berichte ... 1064 10.16 ... Qualitätsanalyse ... 1065 10.17 ... Multi-Geo für Benutzer und Teams ... 1068 10.18 ... So geht es weiter ... 1069 11. Microsoft Viva ... 1071 11.1 ... Die Microsoft Viva-Plattform ... 1071 11.2 ... Viva Connections ... 1073 11.3 ... Viva Insights ... 1081 11.4 ... Viva Topics ... 1087 11.5 ... Viva Learning ... 1094 11.6 ... So geht es weiter ... 1103 12. Sicherheit ... 1105 12.1 ... Allgemein ... 1105 12.2 ... Identitäten ... 1116 12.3 ... Daten ... 1144 12.4 ... Geräte ... 1169 12.5 ... So geht es weiter ... 1170 13. Compliance und Datenschutz ... 1171 13.1 ... Microsoft 365 Compliance Center ... 1171 13.2 ... Berechtigungen und Rollen ... 1174 13.3 ... Compliance-Manager ... 1174 13.4 ... Aufbewahrung ... 1176 13.5 ... Datenklassifizierung ... 1205 13.6 ... Überwachungsprotokoll ... 1218 13.7 ... eDiscovery ... 1222 13.8 ... Kommunikationscompliance ... 1229 13.9 ... Verhinderung von Datenverlust ... 1230 13.10 ... Informationsbarrieren ... 1235 13.11 ... Azure AD-Zugriffsüberprüfungen ... 1236 13.12 ... Weitere Compliance-Dienste ... 1238 13.13 ... Typen vertraulicher Informationen ... 1240 13.14 ... So geht es weiter ... 1241 14. Geräteverwaltung ... 1243 14.1 ... Geräte im Azure Active Directory ... 1243 14.2 ... Microsoft Endpoint Manager ... 1252 14.3 ... Microsoft Intune ... 1254 14.4 ... Windows Autopilot ... 1258 14.5 ... So geht es weiter ... 1268 15. Weitere Anwendungen und Dienste ... 1269 15.1 ... Dienste und Anwendungen ... 1269 15.2 ... Power-Plattform ... 1289 15.3 ... So geht es weiter ... 1294 16. Evergreen ... 1295 16.1 ... Was bedeutet Evergreen? ... 1296 16.2 ... Wichtige Fragestellungen ... 1300 16.3 ... Entwicklung und Veröffentlichung ... 1302 16.4 ... Ende ... 1322 Index ... 1323
Cybersecurity in Smart Homes
Smart homes use Internet-connected devices, artificial intelligence, protocols and numerous technologies to enable people to remotely monitor their home, as well as manage various systems within it via the Internet using a smartphone or a computer. A smart home is programmed to act autonomously to improve comfort levels, save energy and potentially ensure safety; the result is a better way of life. Innovative solutions continue to be developed by researchers and engineers and thus smart home technologies are constantly evolving. By the same token, cybercrime is also becoming more prevalent. Indeed, a smart home system is made up of connected devices that cybercriminals can infiltrate to access private information, commit cyber vandalism or infect devices using botnets. This book addresses cyber attacks such as sniffing, port scanning, address spoofing, session hijacking, ransomware and denial of service. It presents, analyzes and discusses the various aspects of cybersecurity as well as solutions proposed by the research community to counter the risks. Cybersecurity in Smart Homes is intended for people who wish to understand the architectures, protocols and different technologies used in smart homes.RIDA KHATOUN is Associate Professor at Telecom ParisTech, France. His current research interests are focused on cybersecurity in areas such as connected cars, cloud computing and the Internet of Things, as well as cybersecurity architectures, intrusion detection systems and blockchain technology.CHAPTER 1 HOME AUTOMATION SOLUTIONS FOR SECUREWSN 1Corinna SCHMITT and Marvin WEBER1.1 Introduction 21.2 Background 41.2.1 SecureWSN 41.2.2 Communication standards 81.2.3 The monitor-analyse-plan-execute-knowledge model 121.2.4 Hardware and libraries 141.3 Design decisions 151.3.1 Requirements 161.3.2 HAIFA architecture 181.3.3 WebMaDa integration 291.4 Implementation 301.4.1 CoMaDa integration 301.4.2 HAIFA’s ZigBee Gateway 481.4.3 WebMaDa integration 551.4.4 Uploading HA data to WebMaDa 561.4.5 Sending HA messages from WebMaDa to CoMaDa 591.4.6 WebMaDa’s frontend 621.5 Evaluation of HAIFA 641.5.1 Actuator interoperability (R1) 651.5.2 Rule-based automation (R2) 651.5.3 Node hardware interoperability (R3) 681.5.4 CoMaDa and WebMaDa management (R4) 681.6 Summary and conclusions 681.7 Acknowledgements 691.8 References 70CHAPTER 2 SMART HOME DEVICE SECURITY: A SURVEY OF SMART HOME AUTHENTICATION METHODS WITH A FOCUS ON MUTUAL AUTHENTICATION AND KEY MANAGEMENT PRACTICES 75Robinson RAJU and Melody MOH2.1 Introduction 752.2 Smart home – introduction and technologies 772.2.1 Smart home – introduction 772.2.2 Smart home devices – categories 792.3 Smart home security 802.3.1 Threats 812.3.2 Vulnerabilities 822.3.3 IoT communication protocols 842.3.4 Enhancements to IoT communication protocols 862.3.5 IoT security architectures 872.4 Smart home authentication mechanisms 912.4.1 Stages of defining an authentication protocol for IoT 922.4.2 Taxonomy of authentication schemes for IoT 932.5 A primer on mutual authentication and key management terminologies 962.5.1 X.509 certificate 972.5.2 CoAP and DTLS 992.5.3 Tls 1.3 1012.5.4 Key management fundamentals 1022.6 Mutual authentication in smart home systems 1042.6.1 Device and user onboarding 1052.6.2 Flow of user authentication and authorization 1062.6.3 Examples of mutual authentication schemes 1072.7 Challenges and open research issues 1122.8 Conclusion 1132.9 References 114CHAPTER 3 SRAM PHYSICALLY UNCLONABLE FUNCTIONS FOR SMART HOME IOT TELEHEALTH ENVIRONMENTS 125Fayez GEBALI and Mohammad MAMUN3.1 Introduction 1263.2 Related literature 1293.3 System design considerations 1303.4 Silicon physically unclonable functions (PUF) 1313.4.1 Mutual authentication and key exchange using PUF 1323.4.2 Fuzzy extractor 1333.5 Convolutional encoding and Viterbi decoding the SRAM words 1333.6 CMOS SRAM PUF construction 1363.6.1 SRAM PUF statistical model 1383.6.2 Extracting the SRAM cell statistical parameters 1413.6.3 Obtaining the golden SRAM PUF memory content 1423.6.4 Bit error rate (BER) 1423.6.5 Signal-to-noise ratio (SNR) for SRAM PUF 1433.7 Algorithms for issuing CRP 1443.7.1 Algorithm #1: single-challenge 1443.7.2 Algorithm #2: repeated challenge 1473.7.3 Algorithm #3: repeated challenge with bit selection 1483.8 Security of PUF-based IoT devices 1503.9 Conclusions 1513.10 Acknowledgements 1513.11 References 151CHAPTER 4 IOT NETWORK SECURITY IN SMART HOMES 155Manju LATA and Vikas KUMAR4.1 Introduction 1564.2 IoT and smart home security 1594.3 IoT network security 1644.4 Prevailing standards and initiatives 1694.5 Conclusion 1724.6 References 172CHAPTER 5 IOT IN A NEW AGE OF UNIFIED AND ZERO-TRUST NETWORKS AND INCREASED PRIVACY PROTECTION 177Sava ZXIVANOVICH, Branislav TODOROVIC, Jean Pierre LORRÉ, Darko TRIFUNOVIC, Adrian KOTELBA, Ramin SADRE and Axel LEGAY5.1 Introduction 1785.2 Internet of Things 1795.3 IoT security and privacy challenges 1825.3.1 Security challenges 1835.3.2 Privacy challenges 1845.4 Literature review 1875.5 Security and privacy protection with a zero-trust approach 1905.6 Case study: secure and private interactive intelligent conversational 1935.6.1 LinTO technical characteristics 1945.6.2 Use case 1955.6.3 Use case mapping on the reference architecture 1975.7 Discussion 1975.8 Conclusion 1985.9 Acknowledgements 1995.10 References 199CHAPTER 6 IOT, DEEP LEARNING AND CYBERSECURITY IN SMART HOMES: A SURVEY 203Mirna ATIEH, Omar MOHAMMAD, Ali SABRA and Nehme RMAYTI6.1 Introduction 2036.2 Problems encountered 2056.3 State of the art 2076.3.1 IoT overview 2076.3.2 History 2086.3.3 Literature review 2086.3.4 Advantages, disadvantages and challenges 2096.4 IoT architecture 2126.4.1 Sensing layer 2136.4.2 Network layer 2136.4.3 Service layer 2136.4.4 Application–interface layer 2136.5 IoT security 2146.5.1 Security in the sensing layer 2146.5.2 Security in the network layer 2156.5.3 Security in the service layer 2156.5.4 Security in the application–interface layer: 2166.5.5 Cross-layer threats 2166.5.6 Security attacks 2166.5.7 Security requirements in IOT 2186.5.8 Security solutions for IOT 2196.6 Artificial intelligence, machine learning and deep learning 2216.6.1 Artificial intelligence 2226.6.2 Machine learning 2226.6.3 Deep learning 2246.6.4 Deep learning vs machine learning 2256.7 Smart homes 2276.7.1 Human activity recognition in smart homes 2276.7.2 Neural network algorithm for human activity recognition 2286.7.3 Deep neural networks used in human activity recognition 2306.8 Anomaly detection in smart homes 2336.8.1 What are anomalies? 2336.8.2 Types of anomaly 2336.8.3 Categories of anomaly detection techniques 2336.8.4 Related work of anomaly detection in smart homes 2346.9 Conclusion 2376.10 References 238CHAPTER 7 STIKI: A MUTUAL AUTHENTICATION PROTOCOL FOR CONSTRAINED SENSOR DEVICES 245Corinna SCHMITT, Severin SIFFERT and Burkhard STILLER7.1 Introduction 2467.2 Definitions and history of IoT 2487.3 IoT-related security concerns 2517.3.1 Security analysis guidelines 2537.3.2 Security analysis by threat models 2557.3.3 sTiki’s security expectations 2567.4 Background knowledge for sTiki 2587.4.1 Application dependencies for sTiki 2587.4.2 Inspiring resource-efficient security protocols 2607.5 The sTiki protocol 2647.5.1 Design decisions taken 2667.5.2 Implementation of sTiki’s components 2677.6 sTiki’s evaluation 2707.6.1 Secured communication between aggregator and server 2717.6.2 Secured communication between collector and aggregator 2757.6.3 Communication costs 2767.6.4 Integration into an existing system 2777.6.5 Comparison to existing approaches 2787.7 Summary and conclusions 2797.8 Acknowledgements 2807.9 References 281List of Authors 287Index 289
Practical Industrial Cybersecurity
A PRACTICAL ROADMAP TO PROTECTING AGAINST CYBERATTACKS IN INDUSTRIAL ENVIRONMENTSIn Practical Industrial Cybersecurity: ICS, Industry 4.0, and IIoT, veteran electronics and computer security author Charles J. Brooks and electrical grid cybersecurity expert Philip Craig deliver an authoritative and robust discussion of how to meet modern industrial cybersecurity challenges. The book outlines the tools and techniques used by practitioners in the industry today, as well as the foundations of the professional cybersecurity skillset required to succeed on the SANS Global Industrial Cyber Security Professional (GICSP) exam. Full of hands-on explanations and practical guidance, this book also includes:* Comprehensive coverage consistent with the National Institute of Standards and Technology guidelines for establishing secure industrial control systems (ICS)* Rigorous explorations of ICS architecture, module and element hardening, security assessment, security governance, risk management, and morePractical Industrial Cybersecurity is an indispensable read for anyone preparing for the Global Industrial Cyber Security Professional (GICSP) exam offered by the Global Information Assurance Certification (GIAC). It also belongs on the bookshelves of cybersecurity personnel at industrial process control and utility companies. Practical Industrial Cybersecurity provides key insights to the Purdue ANSI/ISA 95 Industrial Network Security reference model and how it is implemented from the production floor level to the Internet connection of the corporate network. It is a valuable tool for professionals already working in the ICS/Utility network environment, IT cybersecurity personnel transitioning to the OT network environment, and those looking for a rewarding entry point into the cybersecurity field. CHARLES J. BROOKS is the co-Owner and Vice President of Educational Technologies Group Inc and the co-Owner of eITPrep LLP. He oversees research and product development at those organizations and has authored several books, including the A+ Certification Training Guide and The Complete Introductory Computer Course. For the past eight years Charles has been lecturing and providing Instructor training for cybersecurity teachers throughout the U.S. and abroad. His latest projects have been associated with IT and OT cybersecurity courses and hands-on lab activities that include Cybersecurity Essentials — Concepts & Practices; Cybersecurity Essentials – Environments & Testing; and Industrial Network Cybersecurity.PHILIP A. CRAIG JR is the founder of BlackByte Cyber Security, LLC, a consultancy formed to develop new cybersecurity tools and tactics for use in U.S Critical Infrastructure. He oversees research and product development for the U.S. Department of Energy (DOE), the Defense Advanced Research Projects Agency (DARPA), and the National Rural Electric Cooperative Association (NRECA), as well as providing expert knowledge in next generation signal isolation techniques to protect automated controls in energy generation, transmission, and distribution systems. Mr. Craig has authored regulation for both the Nuclear Regulatory Commission (NRC) and National Energy Reliability Corporation (NERC) and is an active cyber responder in federal partnerships for incident response. Introduction xxiiiCHAPTER 1 INDUSTRIAL CONTROL SYSTEMS 1Introduction 2Basic Process Control Systems 3Closed- Loop Control Systems 5Industrial Process Controllers 6Supervisory Control and Data Acquisition Systems 20System Telemetry 21Utility Networks 23OT/IT Network Integration 25Industrial Safety and Protection Systems 28Safety Instrument Systems 29Review Questions 39Exam Questions 41CHAPTER 2 ICS ARCHITECTURE 43Introduction 44Network Transmission Media 45Copper Cabling 45Fiber- Optic Cabling 46Industrial Network Media Standards 49Ethernet Connectivity 52External Network Communications 53Transmission Media Vulnerabilities 55Field Device Architecture 56PLC I/O Sections 58PLC Implementations 62Industrial Sensors 63Final Control Elements/Actuators 71Relays 73Process Units 76Industrial Network Protocols 79Common Industrial Protocols 79EtherNet/IP Protocol 79Modbus 80ProfiNet/ProfiBus 81Dnp3 82Iccp 83Opc 83BACnet 83Enterprise Network Protocols 84Tcp/ip 84Dynamic Host Configuration Protocol 89Review Questions 90Exam Questions 91CHAPTER 3 SECURE ICS ARCHITECTURE 95Introduction 96Boundary Protection 97Firewalls 98Proxies 104Security Topologies 105Network Switches 106Routers 108Security Zoning Models 109Flat Network Topologies 113Network Segmentation 122Controlling Intersegment Data Movement 128Tunneling 128Wireless Networking 129Wireless Sensors 131Wireless Gateways 134Modems 135Review Questions 137Exam Questions 139CHAPTER 4 ICS MODULE AND ELEMENT HARDENING 143Introduction 145Endpoint Security and Hardening 145User Workstation Hardening 145BIOS Security Subsystems 147Additional Outer Perimeter Access Hardening 148Mobile Device Protection 154OS Security/Hardening 155File System Security 156Operating System Security Choices 160Linux SystemV vs Systemd 160Hardening Operating Systems 162Common Operating System Security Tools 162Virtualization 169Application Software Security 172Software Exploitation 172Information Leakage 173Applying Software Updates and Patches 174Database Hardening 174SQL Injection 175Anti-Malware 177Antivirus 178Anti-spyware 178Anti- Malware: Sanitization 181Embedded Device Security 182Meters 184Network Hardening 189OT/IT Network Security 189Server Security 191Hardening the Server OS 193Logical Server Access Control 194Hardening Network Connectivity Devices 196Review Questions 201Exam Questions 202CHAPTER 5 CYBERSECURITY ESSENTIALS FOR ICS 205Introduction 207Basic Security Tenets 208Confidentiality, Integrity, and Availability 208Availability in ICS Networks 209Nonrepudiation 210Principle of Least Privilege 211Separation of Duties 211Vulnerability and Threat Identification 212Nation- States 213Cyberterrorists 213Cybercriminals 214Insider Threats 216Events, Incidents, and Attacks 217Threat Vectors 217Weaponization 230Delivery 230Exploitation 231Installation 232Command and Control 233Actions on Objectives 233Attack Methods 234Unauthorized Access 251Cryptographics 260Encryption 262Digital Certificates 264Public Key Infrastructure 264Hashing 266Resource Constraints 267Review Questions 268Exam Questions 268CHAPTER 6 PHYSICAL SECURITY 271Introduction 272Infrastructure Security 273Access Control 274Physical Security Controls 276Authentication Systems 278Remote Access Monitoring and Automated Access Control Systems 286Intrusion Detection and Reporting Systems 289Security Controllers 290Video Surveillance Systems 295Cameras 297IP Cameras 297Pan- Tilt- Zoom Cameras 298Physical Security for ICS 306Industrial Processes/Generating Facilities 307Control Center/Company Offices 307Nerc Cip-006-1 309Review Questions 311Exam Questions 312CHAPTER 7 ACCESS MANAGEMENT 315Introduction 316Access Control Models 317Mandatory Access Control 317Discretionary Access Control 318Role- Based Access Control 318Rule- Based Access Control 319Attribute- Based Access Control 319Context- Based Access Control 320Key Security Components within Access Controls 320Directory Services 321Active Directory 321Linux Directory Services 324Application Runtime and Execution Control 326User Access Management 326Establishing User and Group Accounts 328Group Account Security 330Network Authentication Options 331Establishing Resource Controls 332ICS Access Control 334Remote ICS Access Control 336Access Control for Cloud Systems 340Review Questions 343Exam Questions 344CHAPTER 8 ICS SECURITY GOVERNANCE AND RISK MANAGEMENT 347Introduction 348Security Policies and Procedure Development 348Requirements 349Exceptions and Exemptions 350Standards 351ICS Security Policies 356Risk Management 357Asset Identification 358Risk Assessment 359Risk Identification Vulnerability Assessment 362Impact Assessment 363ICS Risk Assessments 364Risk Mitigation 366Nerc Cip-008 367Review Questions 369Exam Questions 370CHAPTER 9 ICS SECURITY ASSESSMENTS 373Introduction 374Security Assessments 374ICS Device Testing 376Vulnerability 376Supply Chain 377Communication Robustness Testing 382Fuzzing 382ICS Penetration Testing 384The Pentest Process 385Security Testing Tools 392Packet Sniffers 392Network Enumeration/Port Scanning 393Port Scanning 395Vulnerability Scanning 395Review Questions 401Exam Questions 402CHAPTER 10 ICS SECURITY MONITORING AND INCIDENT RESPONSE 405Introduction 407ICS Lifecycle Challenges 408Change Management 408Establishing a Security Baseline 409Change Management Documentation 411Configuration Change Management 412Controlling Patch Distribution and Installation for Systems 414Monitoring 419Event Monitoring 420Network Monitoring 421Security Monitoring 423Logging and Auditing 424Event Logging 425Incident Management 433The Incident Response Lifecycle 434Preparation 435Incident Response 442Recovery 445Post- Incident Activities 446Review Questions 449Exam Questions 450CHAPTER 11 DISASTER RECOVERY AND BUSINESS CONTINUITY 453Introduction 454Business Continuity Plans 455System Redundancy 455Local Virtualized Storage 459System Backup and Restoration 462Backup Options 463Backup Media Rotation 466Securing Backup Media 467Other BCP Considerations 467Disaster Recovery 469Planning 470Documenting the Disaster Recovery Plan 472The Disaster Response/Recovery Team 473Nerc Cip-009-6 475Review Questions 477Exam Questions 478APPENDIX A GICSP OBJECTIVE MAP 481ICS410.1 ICS: Global Industrial Cybersecurity Professional (GICSP) Objectives 482Overview 482ICS410.2: Architecture and Field Devices 483ICS410.3: Communications and Protocols 484ICS410.4: Supervisory Systems 485ICS410.5: Security Governance 485APPENDIX B GLOSSARY 487APPENDIX C STANDARDS AND REFERENCES 533Reference Links 536APPENDIX D REVIEW AND EXAM QUESTION ANSWERS 539Chapter 1: Industrial Control Systems 540Review Question Answers 540Exam Question Answers 541Chapter 2: ICS Architecture 542Review Question Answers 542Exam Question Answers 544Chapter 3: Secure ICS Architecture 545Review Question Answers 545Exam Question Answers 547Chapter 4: ICS Modules and Element Hardening 548Review Question Answers 548Exam Question Answers 550Chapter 5: Cybersecurity Essentials for ICS 551Review Question Answers 551Exam Question Answers 553Chapter 6: Physical Security 554Review Question Answers 554Exam Question Answers 556Chapter 7: Access Management 556Review Question Answers 556Exam Question Answers 558Chapter 8: ICS Security Governance and Risk Management 559Review Question Answers 559Exam Question Answers 560Chapter 9: ICS Security Assessments 561Review Question Answers 561Exam Question Answers 563Chapter 10: ICS Security Monitoring and Incident Response 564Review Question Answers 564Exam Question Answers 565Chapter 11: Disaster Recovery and Business Continuity 567Review Question Answers 567Exam Question Answers 568Index 571
Materialwirtschaft mit SAP S/4HANA
Ob Disposition, Einkauf, Bestandsführung oder Rechnungsprüfung: Dieser praktische Ratgeber stellt Ihnen alle wichtigen Funktionen von MM in SAP S/4HANA ausführlich vor und zeigt Ihnen, wie Sie sie in der Praxis einsetzen. Dabei lernen Sie natürlich auch das neue Geschäftspartnerkonzept und die SAP-Fiori-Apps für die Materialwirtschaft kennen. Dank ausführlicher Schritt-für-Schritt-Anleitungen und vieler Screenshots finden Sie sich schnell im neuen System zurecht, und Sie können das Buch damit zur Einarbeitung wie auch zum Nachschlagen nutzen. Aus dem Inhalt: Material- und LieferantenstammdatenGeschäftspartnerEinkaufsinfosatz, Orderbuch und QuotierungVerbrauchsgesteuerte DispositionSpezielle EinkaufsprozesseWareneingang und WarenausgangUmlagerung, Umbuchung und ReservierungSonderbestände, Bestandsbewertung und InventurRechnungserfassung, Abweichungen und RechnungssperreNachbelastung, Nebenkosten und GutschriftAutomatisierte RechnungsprüfungWE/RE-KontenpflegeAuswertungen Einleitung ... 17 1. Einführung in SAP Fiori ... 21 1.1 ... SAP Fiori Apps Reference Library ... 21 1.2 ... Kachelgruppen im SAP Fiori Launchpad ... 25 1.3 ... Das eigene SAP Fiori Launchpad einrichten ... 26 2. Unternehmensstruktur ... 33 2.1 ... Mandant ... 33 2.2 ... Controlling ... 34 2.3 ... Finanzbuchhaltung ... 36 2.4 ... Logistik allgemein ... 37 2.5 ... Materialwirtschaft ... 39 2.6 ... Logistics Execution System ... 41 3. Stammdaten ... 43 3.1 ... Produktstammsatz ... 43 3.2 ... Produktverwaltung ... 56 3.3 ... Charge ... 85 3.4 ... Geschäftspartner ... 88 3.5 ... Konditionen ... 93 3.6 ... Quotierung ... 95 3.7 ... Orderbuch ... 98 3.8 ... Einkaufsinfosatz ... 99 4. Beschaffungsprozess im Überblick ... 105 4.1 ... Beschaffungsprozess ... 105 4.2 ... Einkauf ... 106 4.3 ... Bestandsführung ... 115 4.4 ... Logistische Rechnungsprüfung ... 127 5. Grundlagen der verbrauchsgesteuerten Disposition ... 139 5.1 ... Verbrauchsgesteuerte Disposition ... 139 5.2 ... Übersicht der Dispositionsverfahren ... 162 5.3 ... Planungslauf ... 169 5.4 ... Disposition mit Prognose ... 204 5.5 ... Automatische Lieferplaneinteilung und Quotierung ... 217 5.6 ... Ausgewählte Parametereinstellungen im Customizing ... 221 6. Einkauf ... 223 6.1 ... Aufbau von Einkaufsbelegen ... 225 6.2 ... Arbeiten im SAP-System vereinfachen ... 239 6.3 ... Einkaufsbeleg ... 247 6.4 ... Belegtypen ... 249 6.5 ... Belegarten ... 252 6.6 ... Positionstyp ... 302 6.7 ... Kontierungstyp ... 310 6.8 ... Bezugsquellenermittlung ... 319 6.9 ... Geschäftsvorfälle in der operativen Beschaffung ... 334 6.10 ... Bestätigungssteuerung ... 365 6.11 ... Lieferantenbewertung ... 372 6.12 ... Preisfindung ... 380 6.13 ... Textarten im Einkaufsbeleg ... 387 6.14 ... Nachrichten ... 392 6.15 ... Freigabeprozess ... 402 6.16 ... Bestellanforderung in Bestellung überführen ... 407 7. Bestandsführung und Inventur ... 417 7.1 ... Wareneingang ... 418 7.2 ... Umlagerungen und Umbuchungen ... 444 7.3 ... Reservierung ... 469 7.4 ... Warenausgang ... 489 7.5 ... Bestandsfortschreibung und -auswertung ... 498 7.6 ... Materialbewertung ... 504 7.7 ... Inventurbewertung ... 524 7.8 ... Automatische Kontenfindung ... 549 7.9 ... Verschiedene Einstellmöglichkeiten ... 582 7.10 ... Schnittstelle zu WM und QM ... 587 8. Logistik-Rechnungsprüfung ... 589 8.1 ... Einführung in die Logistik-Rechnungsprüfung ... 591 8.2 ... Rechnungserfassung ... 592 8.3 ... Auswertungen: Liste der Lieferantenrechnungen ... 663 8.4 ... Abweichungen ... 665 8.5 ... Sperren und Freigaben ... 673 8.6 ... Gutschrift, Nachbelastung und Nebenkosten ... 679 9. Auswertungen ... 687 9.1 ... Die SAP-Fiori-App »Meine Einkaufsbelegpositionen« ... 688 9.2 ... Die SAP-Fiori-App »Bestellpositionen nach Kontierung« ... 702 9.3 ... Die SAP-Fiori-App »Bestellpositionen überwachen« ... 706 9.4 ... Die SAP-Fiori-App »Übersicht Kreditorenbuchhaltung« ... 712 Anhang ... 715 A ... Glossar ... 715 B ... Literaturverzeichnis ... 723 Das Autorenteam ... 725 Index ... 727
Vertrieb mit SAP S/4HANA - Customizing
Komplexe Projekte erfordern besondere Sorgfalt! Mit diesem Leitfaden sind Sie bestens für das Customizing von SAP S/4HANA Sales gerüstet. Sie erfahren, wie Sie Kundenstammdaten und Konditionen anlegen, und lernen die Konfiguration aller relevanten Bereiche des Vertriebs Schritt für Schritt kennen. Von Belegen über Preisfindung und Verfügbarkeitsprüfung bis hin zu besonderen Apps für Auswertungen werden alle notwendigen Einstellungen erklärt. Aus dem Inhalt: Organisationsstrukturen und StammdatenVerkauf, Lieferung, FakturierungPreisfindung, Naturalrabatt und BonuskaufKontierung und KalkulationVerfügbarkeitsprüfung und BedarfsübergabeVersand und TransportNachrichtensteuerungMaterialeingabe und ProduktvorschlagCross-SellingPartnerfindungUnvollständigkeitsprüfungFSCM (Financial Supply Chain Management)Auswertungen Einleitung ... 13 Teil I. Einführung in den Vertrieb mit SAP S/4HANA ... 21 1. Organisationsstruktur ... 23 1.1 ... Buchungskreis ... 26 1.2 ... Verkaufsorganisation ... 30 1.3 ... Vertriebsweg ... 36 1.4 ... Sparte ... 39 1.5 ... Vertriebsbereich ... 43 1.6 ... Verkaufsbüro und Verkäufergruppe ... 44 1.7 ... Weitere wichtige Organisationseinheiten im SAP-System ... 48 1.8 ... Konsistenzprüfung ... 60 1.9 ... Zusammenfassung ... 62 2. Stammdaten für den Vertrieb ... 65 2.1 ... SAP-Geschäftspartnerkonzept und -attribute ... 65 2.2 ... Geschäftspartner allgemein ... 77 2.3 ... Geschäftspartner mit der Rolle »Kunde« ... 81 2.4 ... Kundenhierarchie ... 91 2.5 ... Materialstamm ... 95 2.6 ... Weitere wichtige Stammsätze ... 105 2.7 ... Zusammenfassung ... 109 Teil II. Vertriebsprozesse -- Verkauf, Versand und Fakturierung ... 111 3. Verkauf ... 113 3.1 ... Auftragsabwicklung im Vertrieb ... 114 3.2 ... Auftragsarten ... 120 3.3 ... Positionstypen ... 136 3.4 ... Einteilungstypen ... 146 3.5 ... Belegfluss und Kopiersteuerung ... 150 3.6 ... Leihgutabwicklung ... 153 3.7 ... Retourenabwicklung ... 159 3.8 ... Zusammenfassung ... 167 4. Versand ... 169 4.1 ... Lieferarten und Lieferbelege ... 170 4.2 ... Kommissionierung ... 181 4.3 ... Verpacken und Gruppieren von Lieferungen ... 184 4.4 ... Versand- und Transportterminierung ... 188 4.5 ... Routendefinition und Routenfindung ... 193 4.6 ... Warenausgang ... 203 4.7 ... Zusammenfassung ... 206 5. Fakturierung ... 207 5.1 ... Fakturaarten ... 208 5.2 ... Zahlungskarten ... 222 5.3 ... Bonusabwicklung ... 227 5.4 ... Interne Verrechnung ... 250 5.5 ... Fakturierungspläne ... 257 5.6 ... Steuerermittlung und Steuerfindung ... 268 5.7 ... Zusammenfassung ... 272 Teil III. Vertriebsfunktionen in SAP S/4HANA ... 275 6. Preisfindung ... 277 6.1 ... Steuerung der Preisfindung ... 278 6.2 ... Weitere Einstellungen ... 303 6.3 ... Konditionsausschluss ... 311 6.4 ... Zusammenfassung ... 314 7. Verfügbarkeitsprüfung und Bedarfsübergabe ... 315 7.1 ... Bedarfsübergabe ... 316 7.2 ... Verfügbarkeitsprüfung nach ATP-Logik ... 325 7.3 ... Verfügbarkeitsprüfung gegen Kontingente ... 336 7.4 ... Rückstandsbearbeitung ... 347 7.5 ... Regelbasiertes Verfahren der Verfügbarkeitsprüfung ... 352 7.6 ... Zusammenfassung ... 354 8. Weitere wichtige Grundfunktionen ... 357 8.1 ... Naturalrabatt ... 357 8.2 ... Bonuskauf ... 368 8.3 ... Materialeingabe ... 378 8.4 ... Dynamischer Produktvorschlag ... 392 8.5 ... Cross-Selling ... 403 8.6 ... Chargen und Serialnummern ... 414 8.7 ... Ausgabesteuerung und Nachrichtenfindung ... 432 8.8 ... Unvollständigkeitsprüfung ... 460 8.9 ... Partnerfindung ... 468 8.10 ... Textsteuerung ... 474 8.11 ... Erlöskontenfindung ... 482 Teil IV. Kreditrisikoüberwachung, Reporting und ABAP ... 495 9. SAP Credit Management ... 497 9.1 ... Customizing und Prozessablauf ... 498 9.2 ... Zusammenfassung ... 510 10. Auswertungen ... 511 10.1 ... SAP Fiori: Launchpad und Apps ... 512 10.2 ... Transaktionen im SAP GUI ... 521 10.3 ... Zusammenfassung ... 531 11. ABAP -- Grundlagen und Debugging ... 533 11.1 ... Einführung ... 534 11.2 ... Datendeklaration und Schlüsselwörter ... 542 11.3 ... Funktionsbausteine, BAPIs und User-Exits ... 548 11.4 ... Debugging ... 554 11.5 ... Zusammenfassung ... 560 12. Zusammenfassung ... 561 Anhang ... 563 A. Glossar ... 565 B. Wichtige Transaktionen und Apps ... 573 C. Buchempfehlungen ... 609 Das Team ... 611 Index ... 613
SAP-Testmanagement
Entwickeln Sie eine maßgeschneiderte Teststrategie! So vermeiden Sie Überraschungen bei der Einführung und dem Upgrade von SAP-Software. Erfahren Sie, wie Sie Ihre Tests mit der neuen, ganzheitlichen Test Suite des SAP Solution Managers planen, vorbereiten, durchführen und im Anschluss evaluieren. Lernen Sie darüber hinaus Automatisierungstools kennen, die Ihr Testmanagement auf die nächste Stufe heben. Durch die starke Praxisnähe können Sie das Buch als begleitendes Nachschlagewerk und Anleitung für Ihren Projektalltag verwenden. Aus dem Inhalt: Teststrategie findenTests planen, durchführen, auswertenTestfallerstellungSAP Solution ManagerTester-ArbeitsvorratTestautomatisierungÄnderungseinflussanalyse mit BPCA und SEAFocused Build und Focused InsightsCBTAeCATT Einleitung ... 15 TEIL I. Testen in Theorie und Praxis ... 19 1. Testen im SAP-Umfeld ... 21 1.1 ... Testen von Standardsoftware ... 22 1.2 ... Testaktivitäten im Lebenszyklus von SAP-Lösungen ... 25 2. Der grundlegende Testprozess ... 31 2.1 ... Testplanung ... 32 2.2 ... Testentwurf ... 34 2.3 ... Testdurchführung ... 37 2.4 ... Abschluss der Testaktivitäten ... 41 2.5 ... Bewertung und Optimierung des Testprozesses ... 43 2.6 ... Testüberwachung und -steuerung ... 46 3. Testorganisation ... 49 3.1 ... Rollen ... 50 3.2 ... Organisationsaufbau ... 61 4. Dimensionen von SAP-Softwaretests ... 67 4.1 ... Teststufen ... 68 4.2 ... Qualitätsmerkmale ... 72 4.3 ... Testtiefe ... 78 4.4 ... Sonstige Tests ... 81 5. Testfallerstellung ... 83 5.1 ... Testmethoden ... 83 5.2 ... Genereller Aufbau von Testfällen ... 93 5.3 ... Testdaten ... 98 5.4 ... Risikoorientiertes Testen ... 101 5.5 ... Testautomatisierung ... 103 5.6 ... Testfallentwurfsspezifikation ... 105 5.7 ... Lebenszyklus von Testfällen ... 110 6. Testwerkzeuge ... 113 6.1 ... Werkzeuge für das Testmanagement ... 113 6.2 ... Optimierung der Effektivität und Effizienz von Tests ... 120 6.3 ... Unterstützung der Testvorbereitung ... 124 6.4 ... Werkzeuge für weitere Testarten ... 126 6.5 ... Werkzeugauswahl ... 129 7. Teststrategie und Testkonzept ... 135 7.1 ... Testrichtlinie ... 136 7.2 ... Teststrategie ... 138 7.3 ... Testkonzept ... 141 7.4 ... Stufentestkonzept ... 142 8. Die Testwerkzeugstrategie von SAP ... 145 8.1 ... Die Rolle von Testaktivitäten im Application Lifecycle Management für SAP-Lösungen ... 146 8.2 ... Testwerkzeuge von SAP ... 154 TEIL II. Testen mit dem SAP Solution Manager ... 161 9. Einführung in das Testmanagement mit dem SAP Solution Manager ... 163 9.1 ... Einführung in den SAP Solution Manager ... 164 9.2 ... Die Rolle von Focused Build und Focused Insights für das Testen ... 171 9.3 ... Der Testprozess mit der Test-Suite im Überblick ... 175 9.4 ... Technische Grundkonfiguration ... 181 9.5 ... Benutzer und Geschäftspartner ... 207 10. Testvorbereitung und Testfallerstellung mit dem SAP Solution Manager ... 213 10.1 ... Prozessmanagement im SAP Solution Manager ... 214 10.2 ... Dokumentenbasierte Testfälle ... 240 10.3 ... Testschritt-Designer ... 249 11. Testplanung mit dem SAP Solution Manager ... 263 11.1 ... Erstellung von Testplänen, Testpaketen und Testsequenzen ... 264 11.2 ... Bearbeitung von Testplänen und Testpaketen ... 281 12. Testausführung mit dem SAP Solution Manager ... 293 12.1 ... Die App »Meine Aufgaben - Tester-Arbeitsvorrat« ... 294 12.2 ... Die App »Meine Testausführungen« ... 309 13. Testauswertung ... 317 13.1 ... Vollständigkeits- und Lückenreports ... 319 13.2 ... Testausführungsanalyse ... 322 13.3 ... Status- und Fortschrittsanalyse ... 333 13.4 ... Übersichten und Dashboards ... 337 14. Individualisieren des Testprozesses mit dem SAP Solution Manager ... 353 14.1 ... Defect Management ... 354 14.2 ... Berechtigungskonzept ... 367 14.3 ... Digitale Signaturen ... 377 14.4 ... Geschäftspartner ... 384 14.5 ... Integration in das Change Request Management ... 386 14.6 ... Integration in das Projektmanagement ... 395 TEIL III. Werkzeuge zur Automatisierung und Verbesserung von Tests ... 399 15. Änderungseinflussanalyse ... 401 15.1 ... Business Process Change Analyzer ... 402 15.2 ... Scope and Effort Analyzer ... 435 16. Testautomatisierung ... 445 16.1 ... Einstieg in die Testautomatisierung ... 446 16.2 ... Testautomatisierungs-Framework ... 453 16.3 ... eCATT ... 456 16.4 ... CBTA ... 460 16.5 ... Tricentis Test Automation for SAP ... 470 17. Weitere Testwerkzeuge ... 483 17.1 ... Statische Analyse mit dem ABAP Test Cockpit ... 484 17.2 ... Testmanagement in agilen Projekten mit Focused Build ... 494 17.3 ... Testmanagement mit SAP Cloud ALM ... 499 Die Autoren ... 505 Index ... 506
Cybersecurity and Local Government
CYBERSECURITY AND LOCAL GOVERNMENTLEARN TO SECURE YOUR LOCAL GOVERNMENT’S NETWORKS WITH THIS ONE-OF-A-KIND RESOURCEIn Cybersecurity and Local Government, a distinguished team of researchers delivers an insightful exploration of cybersecurity at the level of local government. The book makes a compelling argument that every local government official, elected or otherwise, must be reasonably knowledgeable about cybersecurity concepts and provide appropriate support for it within their governments. It also lays out a straightforward roadmap to achieving those objectives, from an overview of cybersecurity definitions to descriptions of the most common security challenges faced by local governments. The accomplished authors specifically address the recent surge in ransomware attacks and how they might affect local governments, along with advice as to how to avoid and respond to these threats. They also discuss the cybersecurity law, cybersecurity policies that local government should adopt, the future of cybersecurity, challenges posed by Internet of Things, and much more. Throughout, the authors provide relevant field examples, case studies of actual local governments, and examples of policies to guide readers in their own application of the concepts discussed within. Cybersecurity and Local Government also offers:* A thorough introduction to cybersecurity generally, including definitions of key cybersecurity terms and a high-level overview of the subject for non-technologists.* A comprehensive exploration of critical information for local elected and top appointed officials, including the typical frequencies and types of cyberattacks.* Practical discussions of the current state of local government cybersecurity, with a review of relevant literature from 2000 to 2021.* In-depth examinations of operational cybersecurity policies, procedures and practices, with recommended best practices.Perfect for local elected and top appointed officials and staff as well as local citizens, Cybersecurity and Local Government will also earn a place in the libraries of those studying or working in local government with an interest in cybersecurity. DONALD F. NORRIS, PHD, is Professor Emeritus of Public Policy at the University of Maryland, Baltimore County (UMBC), USA. Before retiring from UMBC in 2017, he was Director of the Maryland Institute for Policy Analysis and Research for 27 years and Director of the UMBC School of Public Policy for 10 years.LAURA K. MATECZUN, JD, is a PhD student at the University of Maryland, Baltimore County (UMBC), USA. Her research is focused on local government cybersecurity. Laura has received a Graduate Certificate in Cybersecurity Strategy & Policy from UMBC.RICHARD F. FORNO, PHD, is Principal Lecturer at the University of Maryland, Baltimore County (UMBC), USA. He is Assistant Director of UMBC’s Center for Cybersecurity.Preface ixAbout the Authors xi1 Why Local Government Cybersecurity? 12 What is Cybersecurity? 173 Cybersecurity 101 for Local Governments 274 What the Literature Says About Local Government Cybersecurity 475 Cyberattacks: Targetting Local Government 676 Managing Local Government Cybersecurity 857 Cybersecurity Policies for Local Government 1138 People: The Root of The Problem 1439 The NIST Cybersecurity Framework Demystified 15110 Cybersecurity Law and Regulation for Local Government 16711 Important Questions to Ask 18712 The Future of Local Government Cybersecurity 20113 Summary and Recommendations 227Index 235
The Salesforce Consultant's Guide
Break down the art and science of Salesforce consulting. This book will help you refine your consulting skills on the Salesforce platform. Author Heather Negley, a seasoned consultant who has completed over 30 Salesforce delivery projects in the past nine years, equips Salesforce professionals with detailed explanations on the stages of a project and the skills you need for each stage. You will learn the type of roles on a project, so that you can plan your career path.If you need help managing clients, this book teaches you how to effectively work with and advise people. You will go through the following main sections to round out your skills and service offerings:* The best learning and community resources, including mentoring programs* Tips on how to get job experience* The evolution of software development* Project roles* The parts of a project* Consulting skillsThe consulting skills section of the book breaks down each skill and explains the parts of the project to which you should apply your skills and real-world examples. Topics include client management, communication, emotional intelligence, critical thinking, and avoiding cognitive biases.WHAT YOU WILL LEARN* Identify patterns in your projects through archetype identification* Watch out for specific risks common to project types* Choose the best consulting tool from your toolbox, depending on the problem that you encounterWHO THIS BOOK IS FORPeople who work as Salesforce administrators for their industry and want to make a move into consulting. It is an excellent choice for someone who is interested in project work and likes to work with people to help them make decisions.HEATHER NEGLEY is an independent Salesforce consultant currently working with Simplus. She also mentors and coaches Salesforce professionals on consulting best practices. She is a results-driven, senior leader with over 25 years of software, automation, and web experience in the private sector, nonprofits, and government. She is Salesforce and PMP certified and has worked on dozens of Salesforce implementations as a technology lead, project manager, business analyst, change manager, and solution and business architect.INTRODUCTIONPART 1: EXPERIENCECHAPTER 1: NO EXPERIENCECHAPTER 2: EXPERIENCEPART 2: PREPARING FOR A SOFTWARE PROJECTCHAPTER 3: SOFTWARE DEVELOPMENT LIFECYCLE FRAMEWORKCHAPTER 4: ROLES ON A PROJECTCHAPTER 5: SALES AND STAFFINGPART 3: STAGES OF A PROJECTCHAPTER 6: PRE-PROJECT RAMP UPCHAPTER 7: KICKOFF AND DISCOVERYCHAPTER 8: DEVELOPMENTCHAPTER 9: USER ACCEPTANCE TESTINGPART 4: CONSULTING SKILLSCHAPTER 10: COMMUNICATIONCHAPTER 11: CRITICAL THINKINGCHAPTER 12: CLIENT MANAGEMENT
Practical Forensic Analysis of Artifacts on iOS and Android Devices
Leverage foundational concepts and practical skills in mobile device forensics to perform forensically sound criminal investigations involving the most complex mobile devices currently available on the market. Using modern tools and techniques, this book shows you how to conduct a structured investigation process to determine the nature of the crime and to produce results that are useful in criminal proceedings.You’ll walkthrough the various phases of the mobile forensics process for both Android and iOS-based devices, including forensically extracting, collecting, and analyzing data and producing and disseminating reports. Practical cases and labs involving specialized hardware and software illustrate practical application and performance of data acquisition (including deleted data) and the analysis of extracted information. You'll also gain an advanced understanding of computer forensics, focusing on mobile devices and other devices not classifiable as laptops, desktops, or servers.This book is your pathway to developing the critical thinking, analytical reasoning, and technical writing skills necessary to effectively work in a junior-level digital forensic or cybersecurity analyst role.WHAT YOU'LL LEARN* Acquire and investigate data from mobile devices using forensically sound, industry-standard tools* Understand the relationship between mobile and desktop devices in criminal and corporate investigations* Analyze backup files and artifacts for forensic evidenceWHO THIS BOOK IS FORForensic examiners with little or basic experience in mobile forensics or open source solutions for mobile forensics. The book will also be useful to anyone seeking a deeper understanding of mobile internals.MOHAMMED MOREB, Ph.D. in Electrical and Computer Engineering. Expertise in Cybercrimes & Digital Evidence Analysis, specifically focusing on Information and Network Security, with a strong publication track record, work for both conceptual and practical wich built during works as a system developer and administrator for the data center for more than 10 years, config, install, and admin enterprise system related to all security configuration, he improved his academic path with the international certificate such as CCNA, MCAD, MCSE; Academically he teaches the graduate-level courses such as Information and Network Security course, Mobile Forensics course, Advanced Research Methods, Computer Network Analysis and Design, and Artificial Intelligence Strategy for Business Leaders.Dr. Moreb recently founded a new framework and methodology specialized in software engineering for machine learning in health informatics named SEMLHI which investigates the interaction between software engineering and machine learning within the context of health systems. The SEMLHI framework includes four modules (software, machine learning, machine learning algorithms, and health informatics data) that organize the tasks in the framework using a SEMLHI methodology, thereby enabling researchers and developers to analyze health informatics software from an engineering perspective and providing developers with a new road map for designing health applications with system functions and software implementations.CHAPTER 1Introduction to Mobile Forensic Analysis* The Importance of Mobile Forensic Analysis* Understanding mobile forensics* Challenges in mobile forensics* Tools used for mobile forensics* The mobile phone evidence extraction process* Examination and analysis* Rules of evidence* Practical Mobile Forensic* SummaryCHAPTER 2INTRODUCTION TO IOS FORENSICSIOS Boot Process* IOS Architecture * IOS Security * Understanding Jailbreaking* Data Acquisition from iOS Devices* Data Acquisition from iOS Backups* iOS Data Analysis and Recovery* Mobile Forensics Investigation Challenges on iOS iOS Forensic Tools* SummaryCHAPTER 3INTRODUCTION TO ANDROID FORENSICS* Understanding Android* Application framework* Android runtime* Linux Kernel* Android Forensic Setup and Pre-Data Extraction Techniques* Android Data Extraction Techniques* Android Data Analysis and Recovery* Android App rooting process and techniques * SummaryCHAPTER 4FORENSIC INVESTIGATIONS OF POPULAR APPLICATIONS ON ANDROID AND IOS PLATFORMS* Introduction* Case & Investigator Details* Investigations of Facebook Messenger and WhatsApp applicationsDetails of the device seized for examination* Results and Analysis* SummaryCHAPTER 5FORENSIC ANALYSIS OF TELEGRAM MESSENGER ON IOS AND ANDROID SMARTPHONES CASE STUDY* Introduction* Literature Review* Methodology and Experiment Setup* Evidences Acquisition* Evidences Processing and Analysis* Results* SummaryCHAPTER 6DETECTING PRIVATE DATA LEAKS OVER MOBILE APPLICATIONS USING MOBILE FORENSIC TECHNIQUES* Introduction* Legal Issues Regarding the Local Electronic Crimes Law & Mobile Forensics * Details of the reporting agency and tools used in the examination* Description of steps taken during examination * Chain of custody documentation * Details of findings or issues identified* Evidence recovered during the examination, ranging from chat messages * Images captured during the examination* Examination and analysis information* SummaryCHAPTER 7IMPACT OF IPHONE JAILBREAKING ON USER DATA INTEGRITY IN MOBILE FORENSICSIntroductionMobile ForensicsUser Data Integrity in Mobile ForensicsJailbreaking’s affect on iOSData acquisitionLogical acquisitionFilesystem acquisitionExperiment Details and ToolsResultsData ExtractionExtracted data before jailbreakExtracted data after jailbreakSummaryCHAPTER 8THE IMPACT OF CRYPTOCURRENCY MINING ON MOBILE DEVICES* Introduction * Cryptocurrency mining* Measurement and work mechanism* Tools, programs, and applications used in cryptocurrency miningExperiment and analogy by iPhone 6s* Experiment and analogy by LG g5* Results and Analysis* SummaryCHAPTER 9MOBILE FORENSIC INVESTIGATION FOR WHATSAPP* Introduction* WhatsApp Architecture* WhatsApp Experiment* Tools used in the seizure process* Analysis Stage* Examination on a backup taken by iTunes* Examination on a backup taken from the connected device* Forensic Tools comparison* SummaryCHAPTER 10Cloud Computing Forensics: Dropbox Case Study* Introduction* Cloud Computing Forensics* Cloud forensic challengesDropbox cloud storage* Implementation Details* Seating Tools and Environment* Magnet axiom forensics program * MobileEdit express forensics tool* FinalMobile forensics tool* Results and Analysis* Programs and tools* Experiments* SummaryCHAPTER 11MALWARE FORENSICS FOR VOLATILE AND NONVOLATILE MEMORY IN MOBILE DEVICES* Introduction* Mobile Malware Forensic* Smartphone Volatile Memory* Mobile Devices Case Details* Development and Experiment* Logical acquisition using Axiom processPhysical acquisition output in finalmobile forensics* Investigating from the non-volatile memory* Evaluate Forensic tools usage in this case* SummaryCHAPTER 12MOBILE FORENSIC FOR KEYLOGGER ARTIFACT* Introduction* Mobile KeyLogger* Methodology and case study setup* Mobile Malware and Spyware* Evidence recovered during the examination* Evidence recovered using Magnet ACQUIRE* Examination and analysis KeyLogger result* SummaryCHAPTER 13DIGITAL EVIDENCE IDENTIFICATION METHODS FOR MOBILE DEVICES WITH FACEBOOK MESSENGER* Introduction* Mobile messenger appsMobile operating system architecture* Experiment Tools* Evidence and scene security* Evidence isolation* Data Acquisition* FBM Data analysis using Magnet AXIOM Examine* FBM Data analysis using Belkasoft* FBM Data analysis using DB Browser for SQLiteRecover deleted evidence from SQLite Property Lists* Reporting* Summary
MCA Microsoft Certified Associate Azure Administrator Study Guide
LEARN WHAT IT TAKES TO BE AN AZURE ADMINISTRATOR AND EFFICIENTLY PREPARE FOR EXAM AZ-104 WITH THIS AUTHORITATIVE RESOURCEMCA Microsoft 365 Azure Administrator Study Guide: Exam AZ-104 prepares readers to take the AZ-104 Exam and to fully understand the role of a Microsoft 365 Azure Administrator. The book takes a practical and straightforward approach to Microsoft Azure, ensuring that you understand both the realities of working as an Administrator and the techniques and skills necessary to succeed on the AZ-104 Exam.In addition to providing you with access to the online Sybex test bank that includes hundreds of practice questions, flashcards, and a glossary of terms, the study guide comprehensively explains all the following topics:* How to manage Azure subscriptions and resources* Implementing and managing storage* Deploying and managing virtual machines* Managing and configuring virtual networks* How to Manage identitiesPerfect for anyone considering a career as a Microsoft Azure Administrator or preparing for the AZ-104 Exam, MCA Microsoft 365 Azure Administrator Study Guide: Exam AZ-104 also belongs on the bookshelves of practicing administrators who wish to brush up on the fundamentals of their profession.RITHIN SKARIA is a cloud evangelist, speaker, consultant, and a published author with an interest in cloud architecture design and optimization. With a decade of experience managing, implementing, and designing IT infrastructure solutions for public and private clouds, he is currently working with Microsoft as a Customer Engineer, focusing on Azure solutions. Rithin has over 18 certifications in different technologies such as Azure, Linux, Microsoft 365, and Kubernetes; he is also a Microsoft Certified Trainer. Rithin has been recognized has one of the engagement leads for his contributionsto the Microsoft Worldwide Open Source Community. He has presented at various events and conferences, including Microsoft Spark.INTRODUCTION ASSESSMENT TEST XXIIIxxxCHAPTER 1 IDENTITY: AZURE ACTIVE DIRECTORY 1Azure Active Directory 2Benefits 2Concepts 4Azure AD vs. Active Directory Domain Services 4Azure AD: Licensing 5Custom Domains in Azure AD 7Users and Groups 8User Accounts 8Group Accounts 26Azure AD Roles 36Azure AD Join 37Benefits 37Connection Options 38Self- Service Password Reset 39Enabling SSPR 39Authentication Methods 40Managing Multiple Directories 42Summary 43Exam Essentials 44Review Questions 45CHAPTER 2 COMPLIANCE AND CLOUD GOVERNANCE 49Azure Regions 50Facts 51Regional Pairs 52Azure Accounts and Subscriptions 53Azure Accounts 54Azure Subscriptions 54Azure Cost Management 57Plan and Control Expenses 58Cost Saving Techniques 59Resource Groups 60Management Groups 65Azure Policy 68Implementing Azure Policy 69Implementing Initiatives 77Role- Based Access Control 79Concepts 80Azure RBAC Roles 82Custom RBAC Roles 84Role Assignment 91Resource Locks 95Configuring Locks 97Resource Tags 99Use Cases 99Applying Tags 100Summary 102Exam Essentials 102Review Questions 104CHAPTER 3 VIRTUAL NETWORKING 109Virtual Networks 110VNet Concepts 111Address Space 111Subnets 111Regions 111Subscription 112IP Addressing 113Static and Dynamic Addressing 113Private IP Addresses 113Public IP Address 116Network Routes 118System Routes 119User- Defined Routes 119Service Endpoints 125Supported Services 127Private Endpoint 127Azure DNS 129Record Management 131Private DNS Zones 133Network Security Groups 137NSG Concepts 137NSG Effective Rules 141Azure Firewall 142Azure Firewall Rules 142Implementing Azure Firewall 144Summary 145Exam Essentials 146Review Questions 148CHAPTER 4 INTERSITE CONNECTIVITY 153Azure- to- Azure Connectivity 154Internet 155Virtual Network Peering 156VPN Gateway 165Virtual Network Peering vs. VPN Gateway 177Azure to On- Premises Connectivity 178VPN Gateways 178ExpressRoute Connections 189Intersite Connectivity Architecture 193Virtual WAN 196Summary 197Exam Essentials 198Review Questions 199CHAPTER 5 NETWORK TRAFFIC MANAGEMENT 203Availability Options 204Availability Sets 205Availability Zones 207Service Level Agreement 208Azure Load Balancer 208Types of Load Balancers 209Load Balancer SKUs 212Configuring Load Balancer 212Implementing Azure Load Balancer 214Azure Application Gateway 221Request Handling Process 222Routing Methods 223Configuring Application Gateway 224Implementing Application Gateway 226Azure Front Door 235Azure Traffic Manager 237Comparing the Load Balancing Solutions 239Summary 239Exam Essentials 240Review Questions 241CHAPTER 6 AZURE STORAGE 245Azure Storage Account 246Azure Storage Services 247Azure Blob Storage 247Azure Files 248Azure Queues 249Azure Tables 249Azure Disks 249Storage Replication 250Locally Redundant Storage 250Zone Redundant Storage 251Georedundant Storage 252Geo- zone- Redundant Storage 253Storage Account Types 255Storage Account Endpoints 256Accessing Storage 256Custom Domain Configuration 256Securing Storage Endpoints 257Azure Blob Storage 258Blob Containers 259Blob Access Tiers 259Blob Lifecycle Management 260Uploading Blobs 261Storage Security 268Authorization Options 268Shared Access Signatures 269Storage Service Encryption 275Azure Files and File Sync 276Azure Files vs. Azure Blobs 276Managing File Shares 277Mapping File Shares 279File Share Snapshots 282Azure File Sync 285Managing Storage 288Azure Storage Explorer 289AzCopy 291Import/Export Service 297Summary 299Exam Essentials 300Review Questions 302CHAPTER 7 AZURE VIRTUAL MACHINES 307Virtual Machine Planning 309Virtual Network 309Name 309Location and Pricing 310Size 311Storage 312Operating System 315Chapter 8Deploying Virtual Machines 315Connecting to Virtual Machines 320Windows Connections 320Linux Connections 324Azure Bastion 329Availability of Virtual Machines 334Scaling Concepts 335Vertical Scaling 335Horizontal Scaling 336Virtual Machine Scale Sets 336Implementing a Scale Set 337Autoscaling 340Summary 342Exam Essentials 342Review Questions 343Automation, Deployment, and Configuration of Resources 349Azure Resource Manager 350ARM Templates 352Template Design 352Template Modes 354Template Sections 355Composing Templates 361Exporting Templates 370Configuring Virtual Hard Disk Templates 374Create a VM from a VHD 375Virtual Machine Extensions 376Custom Script Extension 378Desired State Configuration 379Summary 380Exam Essentials 381Review Questions 382CHAPTER 9 PAAS COMPUTE OPTIONS 387Azure App Service Plans 388Pricing Tiers 389Scaling 391Azure App Services 396Continuous Deployment 400Deployment Slots 402Securing App Service 405Custom Domains 408Backup 409Container Instances 411Docker 412Azure Container Instances 415Container Groups 421Azure Kubernetes Service 422Terminology 424Cluster Components 425Networking 426Storage 429Cluster Upgrade 431Scaling 432Summary 438Exam Essentials 439Review Questions 440CHAPTER 10 DATA PROTECTION 445File and Folder Backups 446Azure Backup 446Creating Recovery Services Vault 447Configuring a Recovery Services Vault 448Virtual Machine Data Protection 451Virtual Machine Snapshots 452Azure Backup 453Azure Backup Server 463Azure Site Recovery 466Summary 469Exam Essentials 470Review Questions 471CHAPTER 11 MONITORING RESOURCES 475Azure Monitor 476Metrics 477Logs 478Data Sources 479Activity Log 480Azure Alerts 482Creating Alert Rules 483Alert States 484Action Groups 484Log Analytics 492Workspace 493Data Sources 493Agents Configuration 496Query Language 497Network Watcher 502IP Flow Verify 503Next Hop 503Effective Security Rules 505VPN Troubleshoot 505Packet Capture 506Connection Troubleshoot 506NSG Flow Logs 507Topology 509Summary 509Exam Essentials 510Review Questions 511Appendix Answers to the Review Questions 515Chapter 1: Identity: Azure Active Directory 516Chapter 2: Compliance and Cloud Governance 517Chapter 3: Virtual Networking 519Chapter 4: Intersite Connectivity 520Chapter 5: Network Traffic Management 521Chapter 6: Azure Storage 522Chapter 7: Azure Virtual Machines 524Chapter 8: Automation, Deployment, and Configuration of Resources 526Chapter 9: PaaS Compute Options 528Chapter 10: Data Protection 529Chapter 11: Monitoring Resources 530Index 533Exercise 1.1 Viewing Users in Your Directory 9Exercise 1.2 Creating Users in Azure AD 14Exercise 1.3 Modifying and Deleting Users 16Exercise 1.4 Performing Bulk Operations 20Exercise 1.5 Viewing Groups in Azure AD 27Exercise 1.6 Adding Security Groups to Azure AD 29Exercise 1.7 Adding Microsoft 365 Groups in Azure AD 32Exercise 2.1 Creating a Resource Group from the Azure Portal 61Exercise 2.2 Listing Resource Groups from the Azure Portal 63Exercise 2.3 Deleting Resource Groups from the Azure Portal 64Exercise 2.3 Implementing a Custom Policy 73Exercise 2.4 Creating a Custom Role Using PowerShell 87Exercise 2.5 Assigning Roles from the Azure Portal 91Exercise 3.1 Creating Virtual Networks 114Exercise 3.2 Creating Virtual Networks Using Azure PowerShell 116Exercise 3.3 Creating Public IP Addresses 117Exercise 3.4 Creating a Route Table 121Exercise 3.5 Creating a Custom Route 122Exercise 3.6 Associating a Routing Table to a Subnet 124Exercise 3.7 Creating an Azure DNS Zone 130Exercise 3.8 Adding Records to an Azure DNS Zone 132Exercise 3.9 Creating a Private DNS Zone and Validating Resolution 134Exercise 3.10 Creating NSG and NSG Rules 139Exercise 4.1 Implementing Virtual Network Peering in the Azure Portal 159Exercise 4.2 Implementing the Virtual Network to Virtual Network VPN in the Azure Portal 173Exercise 4.3 Implementing a P2S VPN in the Azure Portal 183Exercise 5.1 Implementing Load Balancing in Azure 215Exercise 5.2 Implementing Azure Application Gateway 227Exercise 6.1 Uploading Blobs 262Exercise 6.2 Working with SAS Keys 273Exercise 6.3 Working with AzCopy 294Exercise 7.1 Creating a Windows Virtual Machine 316Exercise 7.2 Connecting to a Windows VM Using RDP 321Exercise 7.3 Connecting to a Linux VM Using a Password 325Exercise 7.4 Connecting to Linux VM Using SSH Keys 327Exercise 7.5 Connecting to Linux VM Using SSH Keys 329Exercise 8.1 Composing an ARM Template 362Exercise 9.1 Creating an App Service Plan 392Exercise 9.2 Creating an App Service Plan 397Exercise 9.3 Building and Running Containers in Azure 416Exercise 9.4 Running Applications in an AKS Cluster 435Exercise 10.1 Implementing a VM Backup 455Exercise 11.1 Creating Alerts 486Exercise 11.2 Ingesting Logs to the Log Analytics Workspace 497ntroduction xxiiiAssessment Test xxxChapter 1 Identity: Azure Active Directory 1Chapter 2 Compliance and Cloud Governance 49Chapter 3 Virtual Networking 109Chapter 4 Intersite Connectivity 153Chapter 5 Network Traffic Management 203Chapter 6 Azure Storage 245Chapter 7 Azure Virtual Machines 307Chapter 8 Automation, Deployment, and Configuration of Resources 349Chapter 9 PaaS Compute Options 387Chapter 10 Data Protection 445Chapter 11 Monitoring Resources 475APPENDIX ANSWERS TO THE REVIEW QUESTIONS 515Chapter 1: Identity: Azure Active Directory 516Chapter 2: Compliance and Cloud Governance 517Chapter 3: Virtual Networking 519Chapter 4: Intersite Connectivity 520Chapter 5: Network Traffic Management 521Chapter 6: Azure Storage 522Chapter 7: Azure Virtual Machines 524Chapter 8: Automation, Deployment, and Configuration of Resources 526Chapter 9: PaaS Compute Options 528Chapter 10: Data Protection 529Chapter 11: Monitoring Resources 530Index 533TABLE OF EXERCISESExercise 1.1 Viewing Users in Your Directory 9Exercise 1.2 Creating Users in Azure AD 14Exercise 1.3 Modifying and Deleting Users 16Exercise 1.4 Performing Bulk Operations 20Exercise 1.5 Viewing Groups in Azure AD 27Exercise 1.6 Adding Security Groups to Azure AD 29Exercise 1.7 Adding Microsoft 365 Groups in Azure AD 32Exercise 2.1 Creating a Resource Group from the Azure Portal 61Exercise 2.2 Listing Resource Groups from the Azure Portal 63Exercise 2.3 Deleting Resource Groups from the Azure Portal 64Exercise 2.3 Implementing a Custom Policy . 73Exercise 2.4 Creating a Custom Role Using PowerShell 87Exercise 2.5 Assigning Roles from the Azure Portal 91Exercise 3.1 Creating Virtual Networks 114Exercise 3.2 Creating Virtual Networks Using Azure PowerShell 116Exercise 3.3 Creating Public IP Addresses 117Exercise 3.4 Creating a Route Table 121Exercise 3.5 Creating a Custom Route 122Exercise 3.6 Associating a Routing Table to a Subnet 124Exercise 3.7 Creating an Azure DNS Zone 130Exercise 3.8 Adding Records to an Azure DNS Zone 132Exercise 3.9 Creating a Private DNS Zone and Validating Resolution 134Exercise 3.10 Creating NSG and NSG Rules 139Exercise 4.1 Implementing Virtual Network Peering in the Azure Portal 159Exercise 4.2 Implementing the Virtual Network to Virtual Network VPN in the Azure Portal 173Exercise 4.3 Implementing a P2S VPN in the Azure Portal 183Exercise 5.1 Implementing Load Balancing in Azure 215Exercise 5.2 Implementing Azure Application Gateway 227Exercise 6.1 Uploading Blobs 262Exercise 6.2 Working with SAS Keys 273Exercise 6.3 Working with AzCopy 294Exercise 7.1 Creating a Windows Virtual Machine 316Exercise 7.2 Connecting to a Windows VM Using RDP 321Exercise 7.3 Connecting to a Linux VM Using a Password 325Exercise 7.4 Connecting to Linux VM Using SSH Keys 327Exercise 7.5 Connecting to Linux VM Using SSH Keys 329Exercise 8.1 Composing an ARM Template 362Exercise 9.1 Creating an App Service Plan 392Exercise 9.2 Creating an App Service Plan 397Exercise 9.3 Building and Running Containers in Azure 416Exercise 9.4 Running Applications in an AKS Cluster 435Exercise 10.1 Implementing a VM Backup 455Exercise 11.1 Creating Alerts 486Exercise 11.2 Ingesting Logs to the Log Analytics Workspace 497
Microsoft 365 Identität und Services
Original Microsoft Prüfungstraining MS-100: mit dem Original zum Erfolg!Bereiten Sie sich auf die Microsoft-Prüfung MS-100 vor und zeigen Sie, dass Sie die Fähigkeiten und Kenntnisse besitzen, die für die effektive Entwicklung, Bereitstellung, Verwaltung und Sicherung von Microsoft 365-Diensten erforderlich sind. Das Prüfungstraining wurde für erfahrene IT-Profis entwickelt und konzentriert sich auf kritisches Denken und Entscheidungsfähigkeit, die für den Erfolg auf dem Microsoft Certified Expert-Level erforderlich sind.Das Training ist entsprechend der in der Prüfung bewerteten Fähigkeiten aufgebaut. Es enthält strategische Was-wäre-wenn-Szenarien und behandelt die folgenden Themenbereiche:Entwerfen und Implementieren von Microsoft 365-DienstenVerwalten von Benutzeridentitäten und -rollenVerwalten von Zugriff und AuthentifizierungPlanen von Office 365-Arbeitslasten und -AnwendungenDie Prüfung MS-100:Diese Prüfung konzentriert sich auf das Wissen, das erforderlich ist für:die Verwaltung von Domänendie Planung einer Microsoft 365-Implementierung#die Einrichtung und Verwaltung von Microsoft 365-Tenancy und -Abonnementsdie Planung der Benutzer- und Datenmigrationden Entwurf einer Identitätsstrategiedie Planung und Verwaltung der Identitätssynchronisierung mit Azure AD Connectdie Verwaltung von Azure AD-Identitäten und -Benutzerrollendie Verwaltung der Authentifizierungdie Implementierung von MFA, die Konfiguration des Anwendungszugriffsdie Implementierung des Zugriffs für externe Benutzer von Microsoft 365-Workloadsdie Planung der Bereitstellung von Office 365-Workloads und -AnwendungenDie Microsoft-Zertifizierung:Mit dem Bestehen dieser Prüfung und der Prüfung MS-101 Microsoft 365 Mobilität und Sicherheit sowie dem Erwerb einer Microsoft 365 Workload-Administrator-Zertifizierung oder der MCSE Productivity-Zertifizierung erfüllen Sie die Anforderungen für die Zertifizierung zum Microsoft 365 Certified Enterprise Administrator Expert. Damit weisen Sie nach, dass Sie in der Lage sind, Microsoft 365-Dienste zu bewerten, zu planen, zu migrieren, bereitzustellen und zu verwalten.Zusatzmaterial: URL-Liste (PDF-Link)
Superbundle: iX kompakt Sicheres Active Directory (Heft + PDF + Buch)
Das neue Sonderheft der iX-Redaktion zum kritischen Thema "Sicheres Active Directory" versammelt alle in iX erschienenen themenbezogenen Artikel der letzten Monate in aktualisierter überarbeiteter Form in einem Heft.Komplett im Set: gedrucktes Heft + digitale Ausgabe + Fachbuch zur Microsoft-Zertifizierung mit 17,99 Euro Ersparnis!"Das Heft behandelt die Sicherheit von Active Directory, der zentralen Komponente von typischen On-Premises-Netzwerken, sowie von Azure Active Directory, dem Identitätsdienst bei Microsofts Cloud. Beschrieben werden Grundlagen, das Vorgehen von Eindringlingen – und wie man Angriffe verhindert, erkennt und untersucht. Es eignet sich damit sehr gut für Administratoren und Sicherheitsverantwortliche, die Microsoft-Produkte lokal oder in der Cloud nutzen. Mit diesem Wissen können sie Ransomware und andere Angriffe abwehren."- Frank Ully, Head of Research bei der Oneconsult AG, München, leitet zahlreiche iX-Workshops zur Active-Directory-Sicherheit und ist Autor vieler wichtiger Artikel dieses SonderheftsDer komplette Inhalt im Überblick:Grundlagen Microsofts Active Directory ist der am meisten genutzte Verzeichnisdienst weltweit – kein Wunder, lassen sich damit die Ressourcen eines Unternehmens äußerst komfortabel verwalten. Das macht das AD aber auch zu einem beliebten Angriffsziel. Wer verstehen will, wie Cyberkriminelle den zentralen Dienst angreifen und wie man ihn absichert, muss wissen, wie das AD grundlegend funktioniert. (Seite 7) Angriffsszenarien Durch Fehler bei der Konfiguration, mangelnde Härtung oder zu großzügige Rechtevergabe im Active Directory entstehen Einfallstore für Angriffe. Cyberkriminellen kann es dann gelingen, das gesamte AD zu übernehmen, um ihre kriminellen Ziele zu verfolgen. Nur wer weiß, wie die Kriminellen vorgehen und wie die verbreiteten Angriffe funktionieren, kann sich davor schützen. (Seite 41) Abwehrstrategien Es gibt viele Ansätze, das AD vor Angreifern zu schützen. Die Bandbreite reicht von präventiven Maßnahmen mit Windows-Bordmitteln und Drittanbietertools über Sicherheitsaudits bis hin zu grundlegenden Sicherheitsvorkehrungen, etwa nach IT-Grundschutz. Gelingt den Kriminellen trotzdem der Zugriff, muss der Angriff so schnell wie möglich entdeckt, forensisch aufbereitet und analysiert werden. (Seite 79) Azure AD Wenn Unternehmen Microsoft 365 oder andere Dienste aus der Azure-Cloud einsetzen, nutzen sie den Cloud-Identitätsdienst Azure AD – vielleicht ohne sich dessen überhaupt bewusst zu sein. Wie beim On-Premises Active Directory können auch hier mangelnde Härtung und Fehlkonfigurationen dazu führen, dass Angreifer einzelne Identitäten, Ressourcen oder gar das komplette Azure AD kompromittieren – und schlimmstenfalls darüber Zugriff auf das lokale AD erlangen. (Seite 135) Grundlagen 8 Ressourcenmanagement Komfortable IT-Schaltzentrale mit Schwachpunkten 16 Strukturüberblick Ein Verzeichnisdienst für alle(s) 24 Informationsbeschaffung Was jeder Domänenbenutzer alles sieht 32 Wissenspool Ausgewählte Quellen und Werkzeuge zur Sicherheit von Active Directory 36 Wörterverzeichnis Das Active-Directory-Glossar Angriffsszenarien 42 Passwörter und Hashes Wie Angreifer die Domäne kompromittieren 49 Berechtigungen Wie Angreifer sich im Active Directory Zugriff verschaffen 56 Rechtevergabe Wie Angreifer Tickets, Delegierung und Trusts missbrauchen 64 Inter-Forest und Persistenz Wie Angreifer sich über einen AD-Forest hinaus ausbreiten und festsetzen 72 NTML-Schwachstelle PetitPotam und weitere Wege, die Kontrolle über das AD zu übernehmen Abwehrstrategien 80 Gruppenrichtlinien und mehr Wie Administratoren ihr Active Directory absichern 86 Selbstaudits AD-Härtungsmaßnahmen jenseits von Group Policies 93 Incident Response und Forensik Angreifer durch Logs enttarnen 99 Deception Wie Angreifer in die Falle gelockt werden 107 Zugangsdaten Passwortsicherheit (nicht nur) im Active Directory 114 IT-Grundschutz Active Directory grundschutzkonform absichern 121 Marktübersicht Tools für die Absicherung von Microsofts Active Directory 128 IT-Forensik Angriffsspuren analysieren Azure AD 136 Grundlagen Das Azure Active Directory und Azure-Dienste 142 Angriffsvektoren Angriffe auf das Azure Active Directory und auf Azure-Dienste 152 Schutzmaßnahmen Azure Active Directory und Azure-Dienste absichern 159 Zugriffsmanagement Azure Active Directory und Zero Trust 165 Forensik und Logging Angriffe auf das Azure AD entdecken und nachvollziehen Sonstiges 3 Editorial 155 Impressum 155 Inserentenverzeichnis-> Infos zum Fachbuch im Superbundle:Microsoft 365 Mobilität und Sicherheit, ISBN 9783864908958, Einzelpreis EUR 49,90Original Microsoft Prüfungstraining MS-101: mit dem Original zum Erfolg!Bereiten Sie sich auf die Microsoft-Prüfung MS-101 vor und zeigen Sie, dass Sie die erforderlichen Fähigkeiten und Kenntnisse für die Verwaltung von Mobilität und Sicherheit in Microsoft 365 sowie die damit verbundenen Verwaltungsaufgaben in der Praxis beherrschen. Dieses Prüfungstraining wurde für erfahrene IT-Profis entwickelt und konzentriert sich auf das kritische Denken und den Scharfsinn bei der Entscheidungsfindung, die für den Erfolg auf der Ebene des Microsoft Certified Expert (MCE) erforderlich sind.Die Microsoft-Zertifizierung:Das Bestehen dieser Prüfung und der Prüfung MS-100 sowie der Erwerb einer Microsoft 365 Workload-Administrator-Zertifizierung oder der MCSE-Productivity-Zertifizierung erfüllt Ihre Anforderungen für die Zertifizierung zu Microsoft 365 Certified: Enterprise Administrator Expert. Damit weisen Sie nach, dass Sie in der Lage sind, Microsoft 365-Dienste zu bewerten, zu planen, zu migrieren, bereitzustellen und zu verwalten.Inhalt (PDF-Link)Leseprobe, Kapitel 1 (PDF-Link)
Vertrieb mit SAP S/4HANA
Sie suchen praxisnahes und wirklich konkretes Wissen zu SAP S/4HANA Sales? Tauchen Sie mit diesem Buch tief in Organisationsstrukturen, Stammdaten, Funktionen und Prozesse des Vertriebs ein. Von der Vorverkaufsphase bis zum Zahlungseingang: Anhand von Beispielen lernen Sie, mit SAP S/4HANA im Vertrieb zu arbeiten. Auch das Zusammenspiel mit Produktion, Materialwirtschaft und Finanzwesen wird fundiert erklärt. Und natürlich macht das Buch Sie mit SAP Fiori, dem neuen Geschäftspartnerkonzept, Embedded Analytics sowie der Migration nach SAP S/4HANA vertraut. Projektteammitglieder und Projektleitung, (Junior-)Beraterinnen und Key-User finden in diesem Buch Antworten auf ihre Fragen. Aus dem Inhalt: Organisationsstrukturen und StammdatenBearbeitung von BelegenPreisfindung und NachrichtenfindungVersandterminierungVerfügbarkeitsprüfungCross-SellingReklamationsabwicklungTerminauftragsabwicklungFakturierungspläneKundeneinzelfertigung und ProduktfertigungReporting und Analysen mit SAP S/4HANA Embedded AnalyticsEinsatz von SAP Fiori im Vertrieb Einleitung ... 19 Teil I. Grundlagen des Vertriebs mit SAP S/4HANA ... 31 1. Überblick über SAP S/4HANA ... 33 1.1 ... Die In-Memory-Technologie und SAP HANA als Datenbank ... 34 1.2 ... Architektur von SAP HANA ... 37 1.3 ... Grundlegende Konzepte von SAP S/4HANA ... 40 1.4 ... User Experience ... 47 1.5 ... Integration in andere Bereiche ... 50 2. Organisationseinheiten ... 53 2.1 ... Mandant ... 53 2.2 ... Buchungskreis ... 54 2.3 ... Werk ... 55 2.4 ... Lagerort ... 55 2.5 ... Vertriebsbereich ... 56 2.6 ... Verkaufsbüro und Verkäufergruppe ... 58 2.7 ... Organisationseinheiten im Versand ... 59 2.8 ... Organisationsstrukturen im Controlling ... 59 3. Stammdaten ... 61 3.1 ... Geschäftspartner (Business Partner) ... 61 3.2 ... Materialstamm ... 68 3.3 ... Konditionen ... 74 3.4 ... Nachrichten ... 75 3.5 ... Absprachen ... 76 Teil II. Vertriebsfunktionen in SAP S/4HANA ... 79 4. Grundlegende Vertriebsfunktionen ... 81 4.1 ... Verfügbarkeitsprüfung ... 81 4.2 ... Versandterminierung ... 103 4.3 ... Preisfindung ... 111 4.4 ... Nachrichtenfindung ... 128 4.5 ... Chargenfindung ... 142 4.6 ... Serialnummern ... 154 5. Spezielle Vertriebsfunktionen ... 165 5.1 ... Materialfindung ... 165 5.2 ... Materiallistung und -ausschluss ... 181 5.3 ... Dynamischer Produktvorschlag ... 187 5.4 ... Kreditmanagement ... 197 5.5 ... Bonusabwicklung ... 216 5.6 ... Vertriebsstücklisten ... 221 5.7 ... Dynamische Workflows ... 227 6. Integration in das Rechnungswesen ... 241 6.1 ... Betriebswirtschaftliche Grundlagen ... 241 6.2 ... Funktionen in SAP S/4HANA ... 242 6.3 ... Szenarien ... 245 6.4 ... Beispiel für das Szenario anonyme Massenfertigung ... 252 Teil III. Vertriebsprozesse in SAP S/4HANA ... 259 7. Der Verkaufsbeleg ... 261 7.1 ... Belegstruktur ... 261 7.2 ... Vertriebsprozess ... 269 8. Terminauftragsabwicklung ... 277 8.1 ... Kundenanfrage ... 278 8.2 ... Kundenangebot ... 279 8.3 ... Terminauftrag ... 280 8.4 ... Lieferungsbearbeitung ... 281 8.5 ... Fakturierung ... 290 8.6 ... Beispiel für die Terminauftragsabwicklung ... 296 9. Streckenauftragsabwicklung ... 311 9.1 ... Betriebswirtschaftliche Grundlagen ... 311 9.2 ... Streckenauftragsabwicklung in SAP S/4HANA ... 313 9.3 ... Beispiel für den Prozess der Streckenabwicklung ... 317 10. Konsignationsabwicklung ... 325 10.1 ... Betriebswirtschaftliche Grundlagen ... 325 10.2 ... Konsignationsabwicklung mit SAP S/4HANA ... 326 10.3 ... Beispiel für die Konsignationsabwicklung ... 329 11. Fakturierungspläne und Anzahlungsabwicklung ... 333 11.1 ... Betriebswirtschaftliche Grundlagen ... 333 11.2 ... Fakturierungspläne in SAP S/4HANA ... 336 11.3 ... Beispiel eines Fakturierungsplans mit Anzahlungen ... 341 11.4 ... Anzahlungsabwicklung mit Belegkonditionen ... 351 11.5 ... Beispiel einer Anzahlungsabwicklung mit Konditionen ... 354 12. Leihgut- und Mietabwicklung ... 359 12.1 ... Betriebswirtschaftliche Grundlagen ... 359 12.2 ... Leihgutabwicklung ... 360 12.3 ... Beispiel des Customizings von Leihgutabwicklung und Mietgeschäft ... 361 13. Retourenabwicklung ... 371 13.1 ... Betriebswirtschaftliche Grundlagen ... 371 13.2 ... Retourenabwicklung in SAP S/4HANA ... 373 13.3 ... Beispiel einer Retourenabwicklung ... 379 13.4 ... Erweiterte Retourenabwicklung für Kundenretouren ... 384 13.5 ... Beispiel einer erweiterten Retourenabwicklung ... 387 14. Gut- und Lastschriften ... 393 14.1 ... Betriebswirtschaftliche Grundlagen ... 393 14.2 ... Gut- und Lastschriften in SAP S/4HANA ... 394 14.3 ... Beispiel einer Gutschriftsabwicklung ... 397 15. Zentrale Reklamationsbearbeitung ... 405 15.1 ... Betriebswirtschaftliche Grundlagen ... 405 15.2 ... Reklamationsbearbeitung in SAP S/4HANA ... 406 15.3 ... Beispiel für einen Austausch ... 408 15.4 ... Beispiel für eine Gutschrift ... 415 16. Rahmenverträge ... 421 16.1 ... Betriebswirtschaftliche Grundlagen ... 421 16.2 ... Rahmenverträge in SAP S/4HANA ... 422 16.3 ... Beispiel eines allgemeinen Wertkontrakts ... 426 17. Cross-Company-Geschäfte ... 435 17.1 ... Betriebswirtschaftliche Grundlagen ... 435 17.2 ... Cross-Company-Konzept in SAP S/4HANA ... 437 17.3 ... Beispiel für den buchungsübergreifenden Verkauf ... 449 18. Reporting mit SAP S/4HANA Embedded Analytics ... 459 18.1 ... Embedded Analytics in SAP S/4HANA ... 459 18.2 ... Unterschiede zu SAP Business Warehouse ... 469 18.3 ... Unterschiede zum Logistikinformationssystem ... 471 18.4 ... Kennzahlen für den Vertrieb ... 473 18.5 ... Neues Dashboard in der SAP Analytics Cloud ... 478 18.6 ... Integration von SAP BusinessObjects ... 478 18.7 ... Integration in die Prozesse ... 484 Teil IV. Gestaltung von Wertschöpfungsketten in SAP S/4HANA ... 485 19. Lagerverkauf mit Chargenfertigung ... 487 19.1 ... Produkte und Märkte ... 487 19.2 ... Organisationsstruktur ... 487 19.3 ... Prozessbeschreibung ... 488 19.4 ... Beispiel eines Lagerverkaufs mit Chargenfertigung ... 493 20. Vorplanung ohne Endmontage ... 507 20.1 ... Produkte und Märkte ... 507 20.2 ... Organisationsstruktur ... 508 20.3 ... Prozessbeschreibung ... 509 20.4 ... Beispiel einer gesamten Wertschöpfungskette ... 517 21. Kundeneinzelfertigung ... 541 21.1 ... Produkte und Märkte ... 541 21.2 ... Organisationsstruktur ... 542 21.3 ... Prozessbeschreibung ... 542 21.4 ... Beispiel für Auftragsabwicklung und Controlling einer Kundeneinzelfertigung ... 552 22. Projektfertigung ... 571 22.1 ... Produkte und Märkte ... 572 22.2 ... Organisationsstruktur ... 572 22.3 ... Prozessbeschreibung ... 573 22.4 ... Beispiel einer Projektfertigung ... 585 23. Weitere Szenarien ... 609 23.1 ... Losfertigung ... 610 23.2 ... Anonyme Lagerfertigung mit Bruttoplanung ... 610 23.3 ... Kombination von Losfertigung und anonymer Lagerfertigung ... 611 23.4 ... Vorplanung mit Endmontage ... 612 23.5 ... Kundeneinzelfertigung mit Verrechnung gegen die Vorplanung ... 613 23.6 ... Variantenkonfiguration ... 614 23.7 ... Fazit ... 616 Teil V. Technologien und systemübergreifende Geschäftsprozesse ... 617 24. Integrationstechnologie ... 619 24.1 ... SAP Business Client ... 619 24.2 ... SAP Business Technology Platform ... 620 24.3 ... Vergleich zwischen SAP Integration Suite und SAP Process Orchestration ... 642 25. SAP Fiori Launchpad ... 647 25.1 ... Installation ... 649 25.2 ... Vertriebsrollenspezifische Einstellungen im SAP Fiori Launchpad ... 660 26. Übergreifende Geschäftsprozesse ... 671 26.1 ... SAP Extended Warehouse Management ... 672 26.2 ... SAP S/4HANA International Trade ... 679 26.3 ... SAP Transportation Management ... 682 27. CRM mit SAP Customer Experience ... 689 27.1 ... Komponenten von SAP Customer Experience ... 690 27.2 ... Customer Journey ... 691 27.3 ... Stammdaten in SAP Customer Experience ... 691 27.4 ... SAP Marketing Cloud ... 693 27.5 ... SAP Sales Cloud ... 695 27.6 ... SAP Service Cloud und SAP Subscription Billing ... 700 27.7 ... SAP Commerce Cloud ... 701 27.8 ... SAP Customer Data Cloud ... 706 27.9 ... Weitere Prozesse und Funktionen in SAP Customer Experience ... 707 28. Unternehmensübergreifende Auftragsabwicklung ... 711 28.1 ... Prozessbeschreibung ... 712 28.2 ... Beispiel für die unternehmensübergreifende Auftragsabwicklung ... 717 29. Migration von SAP ERP nach SAP S/4HANA ... 739 29.1 ... Migrationswerkzeuge ... 741 29.2 ... Customizing ... 744 29.3 ... Umgang mit Eigenentwicklungen und Programmen ... 745 29.4 ... Datenmigration ... 749 Teil VI. Notwendigkeit von Organisationsentwicklung ... 757 30. Auswirkungen der Unternehmenskultur ... 759 30.1 ... Fehlerkultur ... 761 30.2 ... Silodenken ... 764 30.3 ... Entscheidungsfindung ... 767 31. Change Management ... 771 31.1 ... Entwicklungsauftrag des Change Managements ... 772 31.2 ... Systemische Beratung ... 776 32. Zusammenfassung und Ausblick ... 783 Anhang ... 789 A ... Transaktionen und Menüpfade ... 789 B ... Glossar ... 807 C ... Literaturempfehlungen ... 817 Das Autorenteam ... 819 Index ... 821