Security
SAP Data Intelligence
Lernen Sie SAP Data Intelligence kennen! Mit dem Nachfolger von SAP Data Hub koordinieren und integrieren Sie Big Data nicht nur, Sie können sie auch mit Machine Learning weiterverarbeiten. Damit Sie alle Funktionen kennen, die für Ihr Unternehmen wichtig sind, führt Sie das Autorenteam Schritt für Schritt durch die Anwendungen. Von der Dokumentation datenschutzrelevanter Ereignisse über die Modellierung von Datenflüssen bis hin zur Benutzerverwaltung lernen Sie alles, was Sie wissen müssen. Aus dem Inhalt: Business Intelligence und Predictive AnalyticsAudit Log ViewerConnection ManagementCustomer Data ExportLicense ManagementMetadata ExplorerModelerMonitoringPolicy ManagementSystem ManagementVora ToolsML Scenario Manager Einleitung ... 15 TEIL I Einführung ... 21 1. Geänderte Rahmenbedingungen für das Datenmanagement ... 23 1.1 ... Digitalisierung ... 24 1.2 ... Aktuelle Herausforderungen für das Datenmanagement ... 36 1.3 ... Von Business Intelligence zu Predictive Analytics ... 41 1.4 ... Einsatz von Machine Learning und künstlicher Intelligenz ... 53 1.5 ... SAPs Umgang mit der neuen Datenflut ... 58 1.6 ... Zusammenfassung ... 63 2. Relevante Technologien für das Datenmanagement ... 67 2.1 ... Evolution des Datenmanagements ... 68 2.2 ... Das SAP-Technologieportfolio für das Datenmanagement ... 80 2.3 ... Zusammenfassung ... 92 3. Einführung in SAP Data Intelligence ... 95 3.1 ... Was ist SAP Data Intelligence? ... 95 3.2 ... Funktionen von SAP Data Intelligence im Überblick ... 99 3.3 ... Betrieb und Administration der Applikationen ... 104 3.4 ... Entwicklung von Datenflüssen ... 105 3.5 ... Machine-Learning-Szenarien ... 111 3.6 ... Zusammenfassung ... 112 TEIL II Funktionen von SAP Data Intelligence ... 113 4. Connection Management ... 115 4.1 ... Einführung in das Connection Management ... 115 4.2 ... Verbindungen zu SAP-Systemen ... 127 4.3 ... Verbindungen zu Datenbanken ... 130 4.4 ... Verbindungen zu cloudbasierten Systemen ... 131 4.5 ... Technische Verbindungen ... 136 4.6 ... Zusammenfassung ... 137 5. Metadata Explorer ... 139 5.1 ... Einführung in den Metadata Explorer ... 140 5.2 ... Funktionsbereich »Catalog« ... 150 5.3 ... Funktionsbereich »Rules« ... 192 5.4 ... Funktionsbereich »Business Glossary« ... 210 5.5 ... Administration, Monitor und Einstellungen ... 217 5.6 ... Zusammenfassung ... 229 6. Modeler ... 231 6.1 ... Einführung in den Modeler ... 232 6.2 ... Operatoren ... 235 6.3 ... Graphen modellieren ... 270 6.4 ... Zusammenfassung ... 295 7. Customer Data Export ... 297 7.1 ... Einen Export durchführen ... 298 7.2 ... Ergebnis eines Exports ... 300 7.3 ... Zusammenfassung ... 302 8. Vora Tools ... 303 8.1 ... Einführung in die Vora Tools ... 304 8.2 ... Verarbeitung von Daten aus unterschiedlichen Quellsystemen ... 308 8.3 ... Zusammenfassung ... 324 9. Policy Management ... 325 9.1 ... Berechtigungsverwaltung in SAP Data Intelligence ... 325 9.2 ... Standard-Policys ... 331 9.3 ... Eigene Policys und Berechtigungen erstellen ... 334 9.4 ... Zusammenfassung ... 339 10. System Management ... 341 10.1 ... Einführung in das System Management ... 342 10.2 ... Applikationen verwalten ... 343 10.3 ... Benutzer verwalten ... 352 10.4 ... Dateien verwalten ... 358 10.5 ... Strategien und Lösungen verwalten ... 365 10.6 ... Zusammenfassung ... 371 11. Monitoring ... 373 11.1 ... Zielsetzung der Monitoring-Funktionen in SAP Data Intelligence ... 373 11.2 ... Monitoring mit der Monitoring-Applikation ... 374 11.3 ... Monitoring im Modeler ... 388 11.4 ... Zusammenfassung ... 395 12. Audit Log Viewer ... 397 12.1 ... Datenschutzrelevante Ereignisse zugänglich machen ... 398 12.2 ... Auswertungsmöglichkeiten ... 400 12.3 ... Zusammenfassung ... 403 13. License Management ... 405 13.1 ... Verwaltung von Lizenzen ... 405 13.2 ... Messung lizenzpflichtiger Aktivitäten ... 407 13.3 ... Zusammenfassung ... 409 14. Applikationen für Machine Learning ... 411 14.1 ... Machine-Learning-Szenarien entwickeln ... 412 14.2 ... ML-Applikationen im Überblick ... 426 14.3 ... Einsatz von Jupyter Notebooks ... 458 14.4 ... Zusammenfassung ... 471 TEIL III Einsatzszenarien für SAP Data Intelligence ... 473 15. Beispielszenario ... 475 15.1 ... Überblick über das Beispielszenario ... 475 15.2 ... Benutzer im System Management anlegen ... 479 15.3 ... Kundeneigene Policys im Policy Management erstellen ... 481 15.4 ... Systemverbindungen im Connection Management anlegen ... 487 15.5 ... Daten im Metadata Explorer anreichern ... 490 15.6 ... Graph im Modeler modellieren ... 517 15.7 ... ML-Szenario im ML Scenario Manager erstellen ... 541 15.8 ... Export und Einplanung des Graphen im System Management ... 563 15.9 ... Zusammenfassung ... 569 16. Beispiele für weitere Einsatzmöglichkeiten ... 571 16.1 ... Integration von Clouddatenquellen ... 571 16.2 ... Systemübergreifende Modellierung von Datenflüssen ... 574 16.3 ... Globales Datenmanagement ... 577 16.4 ... Professionelles Machine Learning ... 581 16.5 ... Zusammenfassung ... 583 17. Ausblick auf die weitere Produktentwicklung ... 585 17.1 ... Schnittstellen und Integration ... 586 17.2 ... Metadaten und Governance ... 588 17.3 ... Modellierung von Graphen ... 589 17.4 ... Administration ... 590 17.5 ... Zusammenfassung ... 591 Anhang A. Quellen- und Literaturverzeichnis ... 593 Anhang B. Das Autorenteam ... 595 Index ... 599
Die digitale Transformation der Automobilindustrie
Die vorliegende 2. Auflage des Buches gibt umfassende und pragmatische Handlungsempfehlungen für die digitale Transformation der Automobil- und Zulieferindustrie. Sie wurde um aktuelle Praxisbeispiele und Technologieaspekte besonders in den Bereichen Autonomes Fahren und der Fahrzeug-IT erweitert. Im Mittelpunkt steht der Wandel vom fahrzeugfokussierten hin zu einem mobilitätsorientierten Geschäftsmodell. Ausgehend von den Treibern des digitalen Wandels werden vier Digitalisierungsfelder strukturiert und eine Roadmap zu deren Transformation vorgestellt. Der Weg hin zur automatischen hoch effizienten Abwicklung von schlanken, integrierten Geschäftsprozessen wird ebenso erörtert wie die massive Veränderung von Vertriebs-, Aftersales- und Marketingstrukturen mit der Neugestaltung von Kundenbeziehungen. Umfassende Datennutzung und der Einsatz von künstlicher Intelligenz sind hierbei zentrale Lösungsbausteine. Auch die Möglichkeiten moderner Informationstechnologie wie Hybrid-Cloud Architekturen, container-basierter Microservices und Digital Twin werden aufgezeigt. Die nachhaltige Veränderung der Unternehmenskultur, organisatorische Aspekte und auch agile Methoden zum Projektmanagement und für die Ideenfindung als Basis innovativer Lösungen werden als kritische Erfolgsfaktoren im Detail behandelt. Ausgewählte Praxisbeispiele für innovative Digitalisierungsprojekte vermitteln zusätzliche Ideen und Impulse. Ein Ausblick in die Auto-Mobilität und die Arbeitswelt im Jahr 2040 rundet die Ausführungen ab.
Delivering Applications with VMware App Volumes 4
Acquire the skills to build an App Volumes environment for a proof of concept, a pilot, or a live production environment. Delivering Applications with VMware App Volumes 4 starts with an in-depth overview of where the solution fits within the market and its key features, introducing you to application layering and VMware App Volumes. Next, it explains how to install the software and use its management consoles to configure App Volumes. You will understand how to build and configure application layers for delivery and will learn to build and configure writeable volumes for user data and user-installed applications.In the advanced management section, you will learn to customize package templates and integrate App Volumes with JMP. Along the way you will understand how to deliver published apps in MS RemoteApp using layered apps for scalability. In the next phase of the book you will install and configure App Volumes for different use cases: VMware Horizon View, VMware ThinApp, Microsoft RDSH, and Citrix Virtual Apps and Desktops.Throughout the chapters, you will be given hints and tips, along with best practices, all seen from the eyes of somebody who works with this technology day in, day out, and in many different types of environments and scenarios.WHAT YOU WILL LEARN* Understand the App Volumes architecture * Master the concept of application layering* Work with App Volumes, application packages, and Writable Volumes WHO THIS BOOK IS FORVMware professionals, system integrators, IT professionals, and consultants.PETER VON OVEN is an experienced technical consultant working closely with customers and partners designing technology solutions, to meet business needs. During his career, Peter has presented at key IT events such as VMworld, IP EXPO, and various VMUGs and CCUG events. He has also worked in senior presales roles and presales management roles for Fujitsu, HP, Citrix, and VMware, and has been awarded VMware vExpert for the last six years in a row. In 2016, Peter founded his own company, Droplet Computing, where he works today as the founder and chief executive officer, helping redefine the way applications are delivered today. He is also an avid author, having now written 13 books and made videos about VMware end-user computing solutions. In his spare time, Peter volunteers as a STEM Ambassador, helping the next generation develop the skills and confidence in building careers in technology.VMware App VolumesChapter 1 INTRODUCING APPLICATION LAYERING AND VMWARE APP VOLUMESCHAPTER GOAL: Introduction to app layering, VMware App Volumes and it’s features and architecture1. Overview of app layering2. Introduction to App Volumes3. App Volumes architecture4. App Volumes featuresNO OF PAGES 20Chapter 2: INSTALLING THE VMWARE APP VOLUMES SOFTWARECHAPTER GOAL: Installing the software and components1. Prerequisites and requirements for installing App Volumes2. Installing the App Volumes Manager3. Installing the App Volumes AgentNO OF PAGES 30Chapter 3: APP VOLUMES MANAGEMENT CONSOLECHAPTER GOAL: Using the management consoles to configure App Volumes1. Initial login and configuration2. Navigating the menu optionsNO OF PAGES 20Chapter 4: CREATING AND PACKAGING APPLICATIONSCHAPTER GOAL: How to build and configure application layers for delivery1. Definition of an App Volumes package2. Creating a provisioning machine – OS optimization tool template3. Creating a package4. Assigning packages5. Package lifecycle managementNO OF PAGES 50Chapter 5: WORKING WITH WRITEABLE VOLUMESCHAPTER GOAL: How to build and configure Writeable volumes for user data and user installed applications1. What is a Writeable Volume?2. Creating a Writeable Volume3. Assigning Writeable Volume to end users and desktops4. Managing Writeable VolumesNO OF PAGES 35Chapter 6: ADVANCED MANAGEMENTCHAPTER GOAL: Configuring the advanced management features of App Volumes1. How to customize package templates2. Advanced agent configurationNO OF PAGES 50Chapter 7: INTEGRATING APP VOLUMES WITH JMPCHAPTER GOAL: Configuring App Volumes to deliver apps with the VMware just in time management platform1. JMP architecture overview2. Configuring App Volumes in the JMP management console3. App Volumes JMP assignmentsNO OF PAGES 20Chapter 8: APP VOLUMES AND MICROSOFT REMOTEAPPCHAPTER GOAL: How to deliver published apps in MS RemoteApp using layered apps for scalability1. Building an application package for RemoteApp2. Configuring the RDSH role3. Creating and configuring RDSH-based packages4. Delivering packages to end usersNO OF PAGES 30Chapter 9: APP VOLUMES INTEGRATION WITH CITRIX VIRTUAL APPSCHAPTER GOAL: How to deliver published apps with Citrix Virtual Apps1. Building an application package for Citrix Virtual Apps2. Configuring the RDSH role for Citrix Virtual Apps3. Configuring RDSH-based packages for Citrix Virtual Apps4. Installing the Citrix Virtual Desktop Agent (VDA)5. Installing the App Volumes Agent6. Creating a Machine Group and Delivery Group7. Testing your applicationsNO OF PAGES 30Chapter 10: APP VOLUMES INTEGRATION WITH VMWARE HORIZON APPSCHAPTER GOAL: How to deliver layered apps with VMware Horizon Apps published apps1. Building an application package for Horizon Apps2. Configuring the RDSH role for Horizon Apps3. Configuring RDSH-based packages for Horizon Apps4. Installing the App Volumes Agent5. Installing the Horizon Agent6. Configuring a Horizon App farm7. Configuring a Horizon App pool8. Assigning packages to the Horizon Apps server9. Testing your applicationsNO OF PAGES 30Chapter 11: APP VOLUMES AND VMWARE VIEW VIRTUAL DESKTOPSCHAPTER GOAL: How to deliver layered apps to virtual desktops delivered by VMware Horizon View1. Building an application package for Horizon View2. Installing the App Volumes Agent3. Installing the Horizon Agent4. Optimizing the image5. Configuring a Horizon desktop pool6. Assigning packages to Horizon View end users7. Testing your applicationsNO OF PAGES 30Chapter 12: APP VOLUMES AND CITRIX VIRTUAL DESKTOPSCHAPTER GOAL: How to deliver layered apps to virtual desktops delivered by Citrix Virtual Desktops1. Building an application package for Citrix Virtual Desktops2. Installing the Citrix Virtual Desktop Agent (VDA3. Optimizing the image4. Creating a Machine Group and Delivery Group5. Testing your applicationsNO OF PAGES 30Chapter 13: DELIVERING THINAPP VIRTUALIZED APPS WITH APP VOLUMESCHAPTER GOAL: How to deliver virtualized and isolated apps as app layers with VMware ThinApp1. Overview of ThinApp app virtualization2. Creating a ThinApp AppStack3. Advanced configuration optionsNO OF PAGES 30Chapter 14: UPGRADING TO APP VOLUMES 4CHAPTER GOAL: How to upgrade from a previous version to the latest version of App Volumes1. Upgrading the App Volumes management console2. Upgrading the App Volumes Agent3. Upgrading AppStacks to App Packages4. MigratingNO OF PAGES 20
CompTIA Security+ Practice Tests
GET READY FOR A CAREER IN IT SECURITY AND EFFICIENTLY PREPARE FOR THE SY0-601 EXAM WITH A SINGLE, COMPREHENSIVE RESOURCECompTIA Security+ Practice Tests: Exam SY0-601, Second Edition efficiently prepares you for the CompTIA Security+ SY0-601 Exam with one practice exam and domain-by-domain questions. With a total of 1,000 practice questions, you'll be as prepared as possible to take Exam SY0-601.Written by accomplished author and IT security expert David Seidl, the 2nd Edition of CompTIA Security+ Practice Tests includes questions covering all five crucial domains and objectives on the SY0-601 exam:* Attacks, Threats, and Vulnerabilities* Architecture and Design* Implementation* Operations and Incident Response* Governance, Risk, and CompliancePerfect for anyone looking to prepare for the SY0-601 Exam, upgrade their skills by earning a high-level security certification (like CASP+, CISSP, or CISA), as well as anyone hoping to get into the IT security field, CompTIA Security+ Practice Tests allows for efficient and comprehensive preparation and study.ABOUT THE AUTHORDAVID SEIDL, CYSA+, CISSP, GPEN, GCIH, is the co-author of CompTIA Security+ Study Guide: Exam SY0-601, CompTIA CySA+ Study Guide: Exam CS0-002, CompTIA CySA+ Practice Tests: Exam CS0-002, and CompTIA PenTest+ Study Guide: Exam PT0-001. David is Vice President for Information Technology and CIO at Miami University. Previously, he led the University of Notre Dame security team as Director of Information Security and has served in a variety of technical and IT security roles. Introduction xixChapter 1 Threats, Attacks, and Vulnerabilities 1Chapter 2 Architecture and Design 45Chapter 3 Implementation 81Chapter 4 Operations and Incident Response 129Chapter 5 Governance, Risk, and Compliance 159Appendix Answers and Explanations 185Index 299
5G Mobile Core Network
Get up to speed on 5G and prepare for the roll out of the next generation of mobile technology. The book begins with an introduction to 5G and the advanced features of 5G networks, where you’ll see what makes it bigger, better, and faster. You will learn 5G NSA and SA packet core design along with some design challenges, taking a practical approach towards design and deployment. Next, you will understand the testing of the 5G packet core and how to automate it. The book concludes with some advanced service provider strategies, including architectural considerations for service providers to enhance their network and provide services to non-public 5G networks.5G Mobile Core Network is intended for those who wish to understand 5G, and also for those who work extensively in a service provider environment either as operators or as vendors performing activities such as network design, deployment, testing, and automation of the network. By the end of this book you will be able to understand the benefits in terms of CAPEX and OPEX while considering one design over another. Consulting engineers will be able to evaluate the design options in terms of 5G use cases, the scale of deployment, performance, efficiency, latency, and other key considerations.WHAT YOU WILL LEARN* Understand the life cycle of a deployment right from pre-deployment phase to post-deployment phase* See use cases of 5G and the various options to design, implement, and deploy them* Examine the deployment of 5G networks to large-scale service providers* Discover the MVNO/MVNE strategies that a service provider can implement in 5GWHO THIS BOOK IS FORAnyone who is curious about 5G and wants to learn more about the technology.Rajaneesh Shetty works as a service provider solution specialist and has 20+ years of experience in delivery of turn-key end-to-end mobility solutions for large customer accounts. He has proven credentials as a trusted advisory for customer delivery and solution architecture, software management, system architecture, test architecture, product management, and pre-sales for telecom products using state-of-the-art technologies. He has an excellent track record of technical leadership and management. Rajaneesh has also worked across regions with many tier-1 service providers as a trusted advisor for their telecom solutions.Apart from this, below are a few of his achievements:* Co-authored and published a book: 4G: Deployment Strategies and Operational Implications* Has many patents pending approval from the US patent office, primarily in the 5G core network domain* Has many 5G-related white papers published in various forums including the IEEE.org forum* CHAPTER1: 5G OVERVIEW* Introduction to 5G as a technology* Understand the different use cases offered by 5G* Advanced features of 5G including slicing and automation* Changes in 5G for radio , core network etc* Overview of the Network functionsNUMBER OF PAGES: 35* CHAPTER2: MOBILE EDGE COMPUTING IN 5G* Provide the need for distributed architecture* Design principles for edge and centralized data centres* Distributed RAN architecture and principles.* Core network design for the edge data centreNUMBER OF PAGES: 30* CHAPTER3: 5G NSA PACKET CORE DESIGN AND DEPLOYMENT STRATEGIES* Evolution of the network from 4G to 5gNSA* The different deployment options for 5G NSAKey tenets of CUPS architecture * Redundancy in NSA* Design principles for NSAPAGES: 50* CHAPTER4: 5G SA PACKET CORE DESIGN AND DEPLOYMENT STRATEGIES* Evolution of the network from 4G to 5g SA* The different deployment options for 5G SA* Key tenets of SBA architecture* Redundancy in 5G SA core* Design principles for 5G SAPAGES: 50* CHAPTER 5: 5G PACKET CORE TESTING STRATEGIES* Testing strategies for 5G NSA core network* Testing strategies for 5G SA core network* Redundancy testingMonitoring and reporting * Network analytics and other key metricsPAGES: 40* CHAPTER 6: AUTOMATION IN 5G* Deployment workflow* Day 0 and Day1 automation considerations* Day 2 Automation considerations.PAGES: 20* CHAPTER 7: SERVICE PROVIDER STRATEGIES* Migration strategy from 4G to 5G* MVNO / MVNE strategies* Cloud strategy (public/private)* Security considerations.PAGES:40
Oracle 19c/20c
- Installation, Administration, Architektur, Infrastruktur- Migration in die Cloud, Einsatz der autonomen Datenbank- In-Memory-Technologie, Data Science, Maschinelles LernenDieses Buch behandelt umfassend die Planung, den Einsatz und die Administration von Oracle-Datenbanken und umfasst das Long Term Release 19c und die Version 20c mit ihren neuen Features. Der Autor vermittelt alle Inhalte, die sowohl für einen Einstieg als auch für die fortgeschrittene Anwendung wichtig sind.Zu den Schwerpunkten gehören eine Darstellung von Public und Private Cloud für Oracle-Datenbanken sowie die In-Memory-Technologie. Das Buch unterstützt Sie bei Vorbereitung und Durchführung der Migration in die Cloud, der Verwaltung von Public und Private Cloud sowie von Datenbanken, die On-Premises laufen. Auch aktuelle Themen wie Data Science und Maschinelles Lernen werden berücksichtigt.Der Autor richtet sich an Datenbankadministratoren, Systemberater und Architekten und nicht zuletzt an Entwickler von Oracle-Applikationen. Dieses Buch ist gleichermaßen auch für Einsteiger gedacht, die bereits grundlegende Kenntnisse in der IT besitzen und beginnen wollen, sich in die Oracle-Welt einzuarbeiten. Es ist Einstieg, Handbuch und Nachschlagewerk für alle, die mit Oracle-Datenbanken arbeiten.Aus dem Inhalt:Installation und KonfigurationOracle DatenbankarchitekturInterne Strukturen und ObjekteAufbau einer DatenbankinfrastrukturBackup und RecoveryUpgrades, Patching und CloningRecovery-Szenarien für ExpertenErweiterte SicherheitsthemenPerformance TuningEngineered SystemsIn-Memory-DatenbankData ScienceMaschinelles LernenGlobal Data ServicesReal Application ClustersEnterprise Manager Cloud ControlMigration in die Oracle CloudAutonome DatenbankLutz Fröhlich ist Diplommathematiker und Oracle Certified Master und arbeitet seit 1993 mit Oracle-Datenbanken. Er ist spezialisiert auf die Themen Performance, Hochverfügbarkeit, Datenreplikation und -Streaming sowie Exadata und arbeitet seit mehreren Jahren in den Bereichen Data Science und Maschinelles Lernen. Er hält regelmäßig Seminare und Vorträge zu diesen und anderen Themen. Seine praktischen Erfahrungen basieren auf Consulting-Tätigkeiten für über 35 internationale Unternehmen in den USA und Europa.
Hilfe, ich habe meine Privatsphäre aufgegeben!
Wie uns Spielzeug, Apps, Sprachassistenten und Smart Homes überwachen und unsere Sicherheit gefährdet.Neue Technologien sollen unser Leben komfortabler machen. Doch der Preis, den wir dafür zahlen, ist hoch. Die zunehmende Vernetzung durch Geräte, die permanent mit dem Internet verbunden sind, bringt eine Überwachung von ungeahntem Ausmaß mit sich. Das Absurde dabei ist, dass wir unsere Privatsphäre freiwillig aufgeben – und das, ohne uns der Auswirkungen in vollem Umfang bewusst zu sein.Im Kinderzimmer ermöglichen App-gesteuerte Spielzeug-Einhörner böswilligen Hackern, dem Nachwuchs Sprachnachrichten zu senden. Im Wohnzimmer lauschen mit der digitalen Sprachassistentin Alexa und ihren Pendants US-Konzerne mit und ein chinesischer Hersteller smarter Lampen speichert den Standort unseres Heims auf unsicheren Servern. Nebenbei teilen Zyklus- und Dating-Apps alle Daten, die wir ihnen anvertrauen, mit Facebook & Co.In diesem Buch zeigt Ihnen Barbara Wimmer, was Apps und vernetzte Geräte alles über Sie wissen, was mit Ihren Daten geschieht und wie Sie sich und Ihre Privatsphäre im Alltag schützen können.Wie die zunehmende Vernetzung Ihre Privatsphäre und Sicherheit gefährdet:Smart Home: Überwachung und SicherheitslückenSpielzeug mit Online-Funktionen und die Gefahren für Kind und HeimSicherheitslücken und Unfallrisiken bei Connected CarsLauschangriff der digitalen SprachassistentenDatenmissbrauch zu Werbezwecken durch Apps auf dem SmartphoneContact Tracing mit Corona-AppsGesichtserkennung und Überwachung in Smart CitysPerspektiven: Datenschutz und digitale SelbstbestimmungInhaltsverzeichnis & Leseprobe (PDF-Link)
Haus und Wohnung smart vernetzt
Das umfassende Buch zum Nachschlagen. Praxistipps und Anleitungen zum vernetzten Zuhause.Ob Sie Daten zwischen Smartphone und PC austauschen möchten, vom Tablet drucken, Musik und Medien im ganzen Haus nutzen, Ihr WLAN optimieren, per App aus der Ferne Ihre Heizung anstellen möchten. Oder ob Ihr Kühlschrank selbstständig einkaufen soll, diese und weitere relevante Themen rund um Ihr vernetztes Zuhause werden in diesem Buch ausführlich besprochen. Viele praktische Tipps machen die Umsetzung für Sie leicht nachvollziehbar.Aus dem InhaltPC, Laptop und andere Geräte per LAN oder WLAN verbindenDaten im eigenen Netz freigeben und teilenDie richtigen Einstellungen für den RouterDaten zwischen Smartphone und PC austauschenCloud-Dienste geschickt nutzenDaten per Bluetooth austauschenDigitale Assistenten – Google Assistant, Cortana und Alexa Videos, Musik und Medien im Netzwerk nutzenFernsteuerung und FernwartungLicht und Heizung per App steuernLeseprobe (PDF-Link)
Adversariale Robustheit Neuronaler Netze
Gelernte Klassifikationsverfahren sind nicht sicher, wenn Angreifer gezielte Veränderungen an der Eingabe vornehmen. Obwohl diese Änderungen für den Menschen kaum wahrnehmbar sind, ändert sich die Klassifikation. Um gelernte Modelle in sicherheitskritischen Bereichen anwenden zu können, ist es erforderlich, Methoden zu entwickeln, die Robustheit gegen adversariale Angriffe gewährleisten können. Hier wird eine Übersicht über verschiedene Anwendungsfälle, Angriffe, die daraus entstehenden Problemstellungen, Ansätze zur Verteidigung sowie Gefahren bei der Evaluation dieser gegeben und die Notwendigkeit korrekter Verfahren aufgezeigt.
AWS Certified Security Study Guide
GET PREPARED FOR THE AWS CERTIFIED SECURITY SPECIALTY CERTIFICATION WITH THIS EXCELLENT RESOURCEBy earning the AWS Certified Security Specialty certification, IT professionals can gain valuable recognition as cloud security experts. The AWS Certified Security Study Guide: Specialty (SCS-C01) Exam helps cloud security practitioners prepare for success on the certification exam. It’s also an excellent reference for professionals, covering security best practices and the implementation of security features for clients or employers.Architects and engineers with knowledge of cloud computing architectures will find significant value in this book, which offers guidance on primary security threats and defense principles. Amazon Web Services security controls and tools are explained through real-world scenarios. These examples demonstrate how professionals can design, build, and operate secure cloud environments that run modern applications.The study guide serves as a primary source for those who are ready to apply their skills and seek certification. It addresses how cybersecurity can be improved using the AWS cloud and its native security services. Readers will benefit from detailed coverage of AWS Certified Security Specialty Exam topics.* Covers all AWS Certified Security Specialty exam topics* Explains AWS cybersecurity techniques and incident response* Covers logging and monitoring using the Amazon cloud* Examines infrastructure security* Describes access management and data protectionWith a single study resource, you can learn how to enhance security through the automation, troubleshooting, and development integration capabilities available with cloud computing. You will also discover services and tools to develop security plans that work in sync with cloud adoption.ABOUT THE AUTHORSDARIO GOLDFARB is a Security Solutions Architect at Amazon Web Services in Latin America. He has more than 15 years of experience in cybersecurity. ALEXANDRE M.S.P. MORAES is a Director of Teltec, a Brazilian systems integrator that is highly specialized in Network Design, Security Architectures and Cloud Computing. THIAGO MORAIS is the leader of Solutions Architecture teams at Amazon Web Services in Brazil. He has more than 20 years of experience in the IT industry. MAURICIO MUÑOZ is a Sr. Manager of a Specialist Solutions Architects team at Amazon Web Services in Latin America. He's worked in IT for more than 20 years, specializing in Information Security. MARCELLO ZILLO NETO is a Chief Security Advisor and a former Chief Information Security Officer (CISO) in Latin America. He has over 20 years of experience in cybersecurity and incident response. GUSTAVO A. A. SANTANA is the leader of the Specialist and Telecommunications Solutions Architecture teams at Amazon Web Services in Latin America. FERNANDO SAPATA is a Principal Business Development Manager for Serverless at Amazon Web Services in Latin America. He has more than 19 years of experience in the IT industry. Prolog 91. EINLEITUNG 15Veränderung 17Innovationsfähigkeit: Ohne Druck keine Bewegung 23Vier historische technische Revolutionen und ihrWeg zur Akzeptanz innerhalb der Gesellschaft 28Rückkehr zum eigenständigen, selbstermächtigten Menschen 31Mitarbeitende werden immer essenzieller 33Wissen verdoppelt sich, wenn man es teilt 352. MIT NETZWERKFÜHRUNG IN DIE ZUKUNFT 39Unternehmerische Voraussetzungen für das Gelingen von Netzwerken 42Führen in Netzwerken 48Unternehmensnetzwerke 52Inoffizielle Netzwerke 53Unternehmensinterne Netzwerke 54Unternehmensexterne Netzwerke 623. WAS HAT EIN PERÜCKENMACHER MIT STRATEGISCHER NETZWERKFÜHRUNG ZU TUN? 67Hierarchie und Eigenverantwortung 68Der Purpose geht uns alle an 87Serendipität 125Innovative Vernetzungsformate 134Mut zur Lücke 1634. WIE KANN AKTIV AUS TRENDS UND KRISEN GELERNT WERDEN? 167Wie können Vorbehalte abgebaut werden? 171Beispiel Corona – die Krise aktiv nutzen 172Krisen nutzen, um Gewohnheiten zu ändern 1755. WEITERBILDUNG UND PERSONALENTWICKLUNG ALS BEITRAG ZUR VERNETZUNG 183Disruption 1.0 derWeiterbildung 187Die neue Rolle der Personalentwicklung 191Mit dem TEAK®-Konfigurator auf Erfolgskurs 203Was ist Ihr Beitrag? 2366. DIE UNAUFHALTSAME DYNAMIK DES NETZWERKES AM BEISPIEL DER GROUP SCHUMACHER GMBH 2397. DIE NEUE PERSPEKTIVE DER ZUKUNFT – NACHWORT 249Danksagung 253Die Autorin 257Literaturverzeichnis 259Stichwortverzeichnis 269
Electronics Projects with the ESP8266 and ESP32
Discover the powerful ESP8266 and ESP32 microcontrollers and their Wi-Fi communication. The ESP32 microcontroller features Bluetooth and BLE communication in addition to Wi-Fi. The book emphasizes practical projects and readers are guided through Wi-Fi and Bluetooth communication, mobile app design and build, ESP-NOW and LoRa communication, and signal generation.Projects throughout the book utilize the Wi-Fi functionality and processing power of the ESP microcontrollers. Projects are built in the Arduino IDE, so you don't need to download other programming software. Mobile apps are now ubiquitous, making the app build projects of the book very relevant, as are the web page design projects.In Electronics Projects with the ESP8266 and ESP32, you'll see how easy and practical it is to access information over the internet, develop web pages, build mobile apps to remotely control devices with speech recognition or incorporate Google Maps in a GPS route tracking app.You will· Build practical electronics projects with an ESP8266 or ESP32 microcontroller with Wi-Fi communication· Use the Wi-Fi function of the ESP8266 and ESP32 to update web pages· Communicate with your mobile phone or smart watch by Bluetooth Low Energy· Transmit and receive information to control remote devices over the internet· Understand the design and build of mobile apps for internet based applications· Apply your computer programming skills in C++, JavaScript, AJAX and JSON· Use WebSocket, MQTT brokers and IFTTT for fast two-way communication with webpagesWHO THIS BOOK IS FORThe target audience is for Makers and Tinkerers who want to build internet/intranet based applications with more powerful microcontrollers, such as the ESP8266 or ESP32. A level of C++ programming expertise with the Arduino IDE is assumed, although all sketches are fully described and comprehensively commented.Neil Cameron is an experienced analyst and programmer with a deep interest in understanding the application of electronics. Neil wrote the book 'Arduino Applied: Comprehensive Projects for Everyday Electronics'. He has previously taught at University of Edinburgh and Cornell University. Chapter 1: Internet radio• Station display and selection• Minimal internet radioChapter 2: Internet clock• WS2812 RGB LEDs responsive to sound• LED rings clock 24• Network Time ProtocolChapter 3: International weather station• Touch screen calibration• Painting on-screen• Weather data for several citiesChapter 4: Intranet camera• Save images to SD card• Load images on webpage• Stream images to webpageChapter 5: MP3 player• Control command for MP3 player• MP3 player control with Arduino• Infrared remote control of MP3 player• Creating sound tracks• Speaking clock• Voice recorderChapter 6: Bluetooth speakerChapter 7: ESP8266 local server• HTTP request• HTML code• XML HTTP requests, JavaScript and AJAXChapter 8: Updating a webpage• XML HTTP requests, JavaScript and AJAX• JSON• Accessing WWW data• Parsing text• Console log• Wi-Fi connectionChapter 9: WebSocket• Remote control of pan-tilt servo motors and WebSocket• Websocket and AJAX• Access images, time and sensor data over the internetChapter 10: Build an app• Control and feedback app• Install the app• Servo-robot control app• Speech recognition appChapter 11: App database and Google Maps• MIT App Inventor database• MIT App Inventor and Google MapsChapter 12: USB OTG apps• app receive• app transmit• app receive and transmitChapter 13: GPS and Google Maps• GPS position transmission• Validate transmission of GPS location• Improve GPS location signalChapter 14: Radio Frequency Communication• Transmitting and receiving text• Decode Remote Control Signals• Control Pan-Tilt Servos with RF Communication• Control relay with RF Communication• RelaysChapter 15: Signal generation• Signal generation• Digital to analog conversion• Generating waves• Port manipulation• 12-bit DACChapter 16: Signal generation with 555 integrated circuit• Monostable mode• Bistable mode• Astable mode• Variable duty cycle• 50% duty cycle• PWM mode• Function generator• Square wave to sine waveChapter 17: Measuring electricity• Analog to Digital Converter• Voltage meter• Resistance meter (ohmmeter)• Capacitance meter• Current meter (ammeter)• Current sensor• Solar panel and battery meter• Inductance meterChapter 18: Rotary encoder control• Interrupts• Debouncing• Square wave states• State switching• Incrementing a valueChapter 19: Saving data• Saving to EEPROM• Saving directly to ExcelChapter 20: Microcontrollers• Arduino Uno• Arduino Nano• Arduino Pro Micro• LOLIN (WeMos) D1 mini• Interrupts• Watchdog timer• ESP32• ESP32 analog input• ESP32 analog output• ESP32 pulse width modulation• ESP32 capacitive touch sensor• ESP32 Hall effect sensor• ESP32 RTC and sleep mode• ESP32 and interrupts• ESP32 Serial input• ESP32 Bluetooth communication• Wi-Fi communicationAppendixLibraries
Cloud-Based Microservices
Use this field guide as you transform your enterprise to combine cloud computing with a microservices architecture.The recent surge in the popularity of microservices in software development is mainly due to the agility it brings and its readiness for the cloud. The move to a microservices architecture on the cloud involves a gradual evolution in software development. Many enterprises are embarking on this journey, and are now looking for architects who are experienced in building microservices-based applications in the cloud.A master architect should be able to understand the business, identify growth hurdles, break a monolith, design microservices, foresee problems, overcome challenges, change processes, decipher CSP services, strategize cloudification, adopt innovations, secure microservices, prototype solutions, and envision the future. CLOUD-BASED MICROSERVICES provides you with the information you need to be successful in such an endeavor.WHAT YOU WILL LEARN* Be familiar with the challenges in microservices architecture and how to overcome them* Plan for a cloud-based architecture* Architect, build, and deploy microservices in the cloud* Know how security, operations, and support change in this architectureWHO THIS BOOK IS FOREngineers, architects, and those in DevSecOps attempting to move their enterprise software to take advantage of microservices and the cloud and be more nimbleCHANDRA RAJASEKHARAIAH has led multi-million dollar enterprise initiatives in cloud-based microservice development. For the past five years, he has also migrated giant enterprise monoliths to microservices-based applications on the cloud. He has more than 20 years of experience in the software engineering industry as a principal, enterprise architect, solutions architect, and software engineer. His experience includes multiple domains—retail, e-commerce, telecommunications, telematics, travel, electronic payments, automobile—and gives him a broad base to draw parallels, abstract problems, and create innovative solutions. He enjoys architecting, delivering, and supporting enterprise products.PREFACEWhat This Book isWhat This Book is NotCHAPTER 1: CASE STUDY: ENERGENCE CO.Managing Production and DistributionHardware and Software InfrastructureMonolithic Software SolutionsGrowth Opportunities and ObjectivesNext StepsFurther Related ReadingSummaryPoints to PonderCHAPTER 2: MICROSERVICES: WHAT AND WHY?OriginsMicroservices Architecture in a NutshellSuccessful Implementation of MicroservicesOrchestration and ChoreographyMicroservices Migration Plan for EnergenceBreaking a Monolith into ModulesBreaking Modules into Sub-modulesEstablishing Microservices ArchitectureAdvantages and Gains with MicroservicesFurther Related ReadingSummaryPoints to PonderCHAPTER 3: ARCHITECTURAL CHALLENGESIdentifying and Classifying ChallengesAC1: Dispersed Business LogicAC2: Lack of Distributed TransactionsOrchestrated DomainsChoreographed DomainsAC3: Inconsistent Dynamic Overall StateChallenges in Exchanging Data between MicroservicesProblems with ShardingAC4: Difficulty in Gathering Composite DataAC5: Difficulty in Debugging Failures and FaultsAC6: The v2 Dread – Difficulty in EvolvingFurther Related ReadingSummaryPoints to PonderCHAPTER 4: OVERCOMING ARCHITECTURAL CHALLENGESService CatalogSagas (Long-Running Transactions)Ignoring ErrorsCompensating Errors InlineCompensating Errors OfflineImplementing SagasMaintaining Global StatesThe Scenario of Dynamic Overall StateIntermittent-Peek OptionAlways-Listening OptionOther Options and Larger QuestionsCentralized ViewObservabilityContract TestingFurther Related ReadingSummaryPoints to PonderCHAPTER 5: PROCESS CHANGESContinuous IntegrationBuild and Integration EnvironmentsAutomated TestingPerformance TestingContinuous DeliveryInfrastructure as CodDevSecOpsFurther Related ReadingSummaryPoints to PonderCHAPTER 6: CLOUDIFICATION – STRATEGYOverall Setup for Microservices in CloudNetworking and ConnectivityRegions and ZonesComputeIntegrationDatabases and Traditional DatastoresSpecial-Purpose DatastoresCost AnalysisSummaryPoints to PonderCHAPTER 7: CLOUDIFICATION – CORE CONCEPTSVirtualization and ContainerizationContainer OrchestrationService MeshesTraffic ControlEstablishing and Securing CommunicationBuilding Overall ObservabilityChallenges and State of the Art of Service MeshesFaaS, aka, ServerlessStorage and Integration ServicesStorage ServicesIntegration ServicesFurther Related ReadingSummaryPoints to PonderCHAPTER 8: SECURING MICROSERVICES ON CLOUDSecuring MicroservicesReducing the Attack SurfaceSecuring ServicesSecuring Outgoing CommunicationSecuring Microservices on CloudAPI Gateways and Load BalancersIAM of CSPsSecuring Inter-Service CommunicationProcessing IntegrityTrusted BinariesTrusted ExecutionAvailabilityDR-Disaster RecoveryMulti-region SolutionsFurther Related ReadingSummaryPoints to PonderCHAPTER 9: MICROSERVICES, HERE AND BEYONDTrendsSupport and OperationsMicroservices on CloudChanging Security LandscapeAlternate ThoughtsMonoliths are Dead, Long Live the MonolithIN CLOSINGBIBLIOGRAPHYAPPENDIXCOMPARING CSPS
IP Address Management
REDISCOVER FUNDAMENTAL AND ADVANCED TOPICS IN IPAM, DNS, DHCP AND OTHER CORE NETWORKING TECHNOLOGIES WITH THIS UPDATED ONE-STOP REFERENCEThe thoroughly revised second edition of IP Address Management is the definitive reference for working with core IP management technologies, like address allocation, assignment, and network navigation via DNS. Accomplished professionals and authors Timothy Rooney and Michael Dooley offer readers coverage of recent IPAM developments in the world of cloud computing, Internet of Things (IoT), and security, as well as a comprehensive treatment of foundational concepts in IPAM.The new edition addresses the way that IPAM needs and methods have evolved since the publication of the first edition. The book covers the impact of mainstream use of private and public cloud services, the maturation of IPv6 implementations, new DNS security approaches, and the proliferation of IoT devices. The authors have also reorganized the flow of the book, with much of the technical reference material appearing at the end and making for a smoother and simpler reading experience.The 2nd edition of IP Address Management also covers topics like such as:* Discussions about the fundamentals of Internet Protocol Address Management (IPAM), including IP addressing, address allocation and assignment, DHCP, and DNS* An examination of IPAM practices, including core processes and tasks, deployment strategies, IPAM security best-practices, and DNS security approaches* A treatment of IPAM in the modern context, including how to adapt to cloud computing, the Internet of Things, IPv6, and new trends in IPAM* A one-stop reference for IPAM topics, including IP addressing, DHCP, DNS, IPv6, and DNS securityPerfect for IP network engineers and managers, network planners, network architects, and security engineers, the second edition of IP Address Management also belongs on the bookshelves of senior undergraduate and graduate students studying in networking, information technology, and computer security-related courses and programs.MICHAEL DOOLEY is Vice President of Operations for BT Diamond IP division. He has over 20 years of experience managing and developing enterprise-scale software products. His professional expertise includes IP addressing, DHCP, and DNS. He is co-author of IPv6 Deployment and Management and DNS Security Management. TIMOTHY ROONEY is the Product Manager for BT Diamond IP product development and has led the market introduction of NetControl, IPControl, Sapphire Appliances, and ImageControl, four next-gen IP management systems. He is co-author of Introduction to IP Address Management, IP Address Management Principles and Practice, IPv6 Deployment and Management, and DNS Security Management.Preface xixAcknowledgments xxiiiAbout the Authors xxvPart I IPAM Introduction 11 INTRODUCTION 3IP Networking Overview 3IP Routing 6IP Addresses 7Protocol Layering 12OSI and TCP/IP Layers 14TCP/UDP Ports 15Intra-Link Communications 15Are We on the Same Link? 17Limiting Broadcast Domains 18Interlink Communications 19Worldwide IP Communications 20Dynamic Routing 22Routers and Subnets 24Assigning IP addresses 25The Human Element 26Why Manage IP Space? 26Basic IPAM Approaches 27Early History 27Today’s IP Networks and IP Management Challenges 282 IP ADDRESSING 31Internet Protocol History 31The Internet Protocol, Take 1 32Class-Based Addressing 32Internet Growing Pains 35Private Address Space 38Classless Addressing 40Special Use IPv4 Addresses 40The Internet Protocol, Take 2 41IPv6 Address Types and Structure 42IPv6 Address Notation 43Address Structure 45IPv6 Address Allocations 462000::/3 – Global Unicast Address Space 47fc00::/7 – Unique Local Address Space 47fe80::/10 – Link Local Address Space 47ff00::/8 – Multicast Address Space 48Special Use IPv6 Addresses 48IPv4–IPv6 Coexistence 493 IP ADDRESS ASSIGNMENT 51Address Planning 51Regional Internet Registries 51RIR Address Allocation 53Address Allocation Efficiency 54Multi-Homing and IP Address Space 55Endpoint Address Allocation 58Server-based Address Allocation Using DHCP 58DHCP Servers and Address Assignment 61Device Identification by Class 62DHCP Options 62DHCP for IPv6 (DHCPv6) 62DHCP Comparison IPv4 vs. IPv6 63DHCPv6 Address Assignment 64DHCPv6 Prefix Delegation 65Device Unique Identifiers (DUIDs) 66Identity Associations (IAs) 66DHCPv6 Options 67IPv6 Address Autoconfiguration 67Neighbor Discovery 68Modified EUI-64 Interface Identifiers 69Opaque Interface IDs 69Reserved Interface IDs 72Duplicate Address Detection (DAD) 724 NAVIGATING THE INTERNET WITH DNS 75Domain Hierarchy 75Name Resolution 76Resource Records 80Zones and Domains 81Dissemination of Zone Information 83Reverse Domains 84IPv6 Reverse Domains 89Additional Zones 91Root Hints 91Localhost Zones 92DNS Update 925 IPAM TECHNOLOGY APPLICATIONS 93DHCP Applications 93Device Type Specific Configuration 94Broadband Subscriber Provisioning 95Related Lease Assignment or Limitation Applications 101Pre-Boot Execution Environment (PXE) clients 102PPP/RADIUS Environments 103Mobile IP 104Popular DNS Applications 105Host Name and IP Address Resolution 106A – IPv4 Address Record 107AAAA – IPv6 address record 107PTR – Pointer Record 107Alias Host Name Resolutions 108CNAME – Canonical Name Record 108Network Services Location 108SRV – Services Location Record 109Textual Information Lookup 110TXT – Text Record 110Many More Applications 110PART II IPAM MECHANICS 1116 IP MANAGEMENT CORE TASKS 113IPAM Is Foundational 113Impacts of Inadequate IPAM Practice 114IPAM Is Core to Network Management 115FCAPS Summary 116Configuration Management 117Address Allocation Considerations 118Address Allocation Tasks 120IP Address Assignment 133Address Deletion Tasks 135Address Renumbering or Movement Tasks 136Network Services Configuration 140Fault Management 143Monitoring and Fault Detection 143Troubleshooting and Fault Resolution 144Accounting Management 147Inventory Assurance 147Performance Management 151Services Monitoring 151Address Capacity Management 152Auditing and Reporting 152Security Management 153ITIL® Process Mappings 153ITIL Practice Areas 154Conclusion 1627 IPV6 DEPLOYMENT 163IPv6 Deployment Process Overview 164IPv6Address Plan Objectives 165IPv6 Address Plan Examples 166Case 1 166Observations 168Case 2 169Observations 169General IPv6 Address Plan Guidelines 170ULA Considerations 171Renumbering Impacts 172IPv4–IPv6 Coexistence Technologies 173Dual Stack Approach 173Dual Stack Deployment 174DNS Considerations 174DHCP Considerations 175Tunneling Approaches 176Tunneling Scenarios for IPv6 Packets over IPv4 Networks 176Dual-Stack Lite 177Lightweight 4over6 181Mapping of Address and Port with Encapsulation (MAP-E) 181Additional Tunneling Approaches 183Translation Approaches 184IP/ICMP Translation 185Address Translation 186Packet Fragmentation Considerations 187IP Header Translation Algorithm 188Bump in the Host (BIH) 189Network Address Translation for IPv6–IPv4 (NAT64) 192NAT64 and DNS64 193464XLAT 195Mapping of Address and Port with Translation (MAP-T) 195Other Translation Techniques 196Planning Your IPv6 Deployment Process 1978 IPAM FOR THE INTERNET OF THINGS 201IoT Architectures 2016LoWPAN 203Summary 2099 IPAM IN THE CLOUD 211IPAM VNFs 212Cloud IPAM Concepts 212IP Initialization Process 212IP Initialization Implementation 213DHCP Method 214Private Cloud Static Method 216Public Cloud Static Method 218Cloud Automation with APIs 218Multi-Cloud IPAM 220Private Cloud Automation 221Public Cloud Automation 223IPAM Automation Benefits 223Unifying IPAM Automation 224Streamlined Subnet Allocation Workflow 226Workflow Realization 230Tips for Defining Workflows 233Automation Scenarios 234Intra-IPAM Automation 234DHCP Server Configuration 235DNS Server Configuration 236Subnet Assignment 236IP Address Assignment Request 236Extra-IPAM Workflow Examples 237Regional Internet Registry Reporting 237Router Configuration Provisioning 238Customer Provisioning 238Asset Inventory Integration 238Trouble Ticket Creation 239Summary 239PART III IPAM AND SECURITY 24110 IPAM SERVICES SECURITY 243Securing DHCP 244DHCP Service Availability 244DHCP Server/OS Attacks 244DHCP Server/OS Attack Mitigation 245DHCP Service Threats 245DHCP Threat Mitigation 246DHCP Authentication and Encryption 247DNS Infrastructure Risks and Attacks 248DNS Service Availability 249DNS Server/OS Attacks 249DNS Server/OS Attack Mitigation 250DNS Service Denial 250Distributed Denial of Service 251Bogus Domain Queries 251Pseudorandom Subdomain Attacks 252Denial of Service Mitigation 253Reflector Style Attacks 253Reflector Attack Mitigation 254Authoritative Poisoning 254Authoritative Poisoning Mitigation 255Resolver Redirection Attacks 256Resolver Attack Defenses 256Securing DNS Transactions 257Cache Poisoning Style Attacks 257Cache Poisoning Mitigation 259DNSSEC Overview 259The DNSSEC Resolution Process 260Negative Trust Anchors 262DNSSEC Deployment 263Last Mile Protection 264DNS Cookies 264DNS Encryption 264DNS Over TLS (DoT) 264DNS Over HTTPS (DoH) 265Encryption Beyond the Last Mile 26711 IPAM AND NETWORK SECURITY 269Securing Network Access 269Discriminatory Address Assignment with DHCP 269DHCP Lease Query 274Alternative Access Control Approaches 275Layer 2 Switch Alerting 275802.1X 276Securing the Network Using IPAM 277IP-Based Security Policies (ACLs, etc.) 277Malware Detection Using DNS 277Malware Proliferation Techniques 278Phishing 279Spear Phishing 279Software Downloads 279File Sharing 279Email Attachments 280Watering Hole Attack 280Replication 280Brute Force 280Malware Examples 280Malware Mitigation 281DNS Firewall 282DNS Firewall Policy Precedence 284Logging Configuration 285Other Attacks that Leverage DNS 285Network Reconnaissance 285Network Reconnaissance Defenses 286DNS Rebinding Attack 287Data Exfiltration 287Data Exfiltration Mitigation 287DNS as Data Transport (Tunneling) 288Advanced Persistent Threats 289Advanced Persistent Threats Mitigation 29012 IPAM AND YOUR INTERNET PRESENCE 291IP Address Space Integrity 291PublicizingYour Public Namespace 292Domain Registries and Registrars 292DNS Hosting Providers 294Signing Your Public Namespace 295DNSSEC Zone Signing 295Key Rollover 296Prepublish Rollover 297Dual Signature Rollover 298Algorithm Rollover 299Key Security 301Enhancing Internet Application Encryption Integrity 302DNS-Based Authentication of Named Entities (DANE) 303Securing Email with DNS 305Email and DNS 305DNS Block Listing 306Sender Policy Framework (SPF) 307Domain Keys Identified Mail (DKIM) 307Domain-Based Message Authentication, Reporting, and Conformance (DMARC) 308PART IV IPAM IN PRACTICE 31113 IPAM USE CASE 313Introduction 313IPv4 Address Allocation 316First-Level Allocation 317Second-Layer Allocation 318Address Allocation Layer 3 320Core Address Space 323External Extensions of Address Space 323Allocation Trade-Offs and Tracking 324IPAM Worldwide’s Public IPv4 Address Space 325IPAM Worldwide’s IPv6 Allocations 326External Extensions Address Space 329IP Address Tracking 332DNS and IP Address Management 33414 IPAM DEPLOYMENT STRATEGIES 337General Deployment Principles for DHCP/DNS 337Disaster Recovery/Business Continuity 338DHCP Deployment 339DHCP Server Platforms 339DHCP Servers 339Virtualized DHCP Deployment 339DHCP Appliances 339DHCP Deployment Approaches 340Centralized DHCP Server Deployment 340Distributed DHCP Server Deployment 342DHCP Services Deployment Design Considerations 344DHCP Deployment on Edge Devices 347DNS Deployment 348DNS Trust Sectors 349External DNS Trust Sector 350Extranet DNS Trust Sector 355Recursive DNS Trust Sector 357Internal DNS Trust Sector 361Deploying DNS Servers with Anycast Addresses 362Anycast Addressing Benefits 362Anycast Caveats 364Configuring Anycast Addressing 365IPAM Deployment Summary 366High Availability 366Multiple Vendors 366Sizing and Scalability 367Load Balancers 367Lab Deployment 36715 THE BUSINESS CASE FOR IPAM 369IPAM Business Benefits 369Automation 370Outage Reduction 370Rapid Trouble Resolution 370Accurate IPAM Inventory and Reporting 371Expanded IP Services 371Distributed Administration 371Enhanced Security 371Business Case Overview 372Business Case Cost Basis 373Address Block Management 374Subnet Management 381IP Address Assignment – Moves, Adds, and Changes 383Inventory Assurance 386Address Capacity Management 387Auditing and Reporting 392Server Upgrade Management 392Outage and Security Recovery Costs 393IPAM System Administration Costs 396Cost Basis Summary 399Savings with IPAM Deployment 399Business Case Expenses 403Netting it Out: Business Case Results 403Conclusion 40516 IPAM EVOLUTION/TRENDS 407Security Advancements 407Intent-Based Networking 409Artificial Intelligence Applied to IPAM 410IP Address Capacity Management 412DNS Query and Response Analytics 412DNS Malware Detection 413Network Address Intrusions 413IPAM Administration Activity Analysis 414AI Summary 414Edge Computing 414Identifier/Locator Networking 415InformationCentric Networking 416PART V IPAM REFERENCE 41917 IP ADDRESSING REFERENCE 421IP Version 4 421The IPv4 Header 421IP Version 6 423The IPv6 Header 423IPv6 Multicast Addressing 424Flags 425Special Case Multicast Addresses 429Solicited Node Multicast Address 429Node Information Query Address 429IPv6 Addresses with Embedded IPv4 Addresses 430Reserved Subnet Anycast Addresses 43018 DHCP REFERENCE 433DHCPv6 Protocol 433DHCPv6 Packet Format 433DHCPv6 Message Types 433DHCPv6 Failover Overview 437DHCPv6 Options 439DHCP for IPv4 454DHCP Packet Format 454DHCPv4 Message Types 456DHCP Options 47419 DNS REFERENCE 475DNS Message Format 475Encoding of Domain Names 475Name Compression 476InternationalizedDomain Names 478DNS Message Format 479Message Header 480Question Section 482Answer Section 485Authority Section 487Additional Section 487DNS Update Messages 487DNS Extensions (EDNS0) 489The DNS Resolution Process Revisited 494DNS Resolution Privacy Extension 501DNS Resolver Configuration 502DNS Applications and Resource Records 504Resource Record Format 504Host Name and IP Address Resolution 506A – IPv4 Address Record 506AAAA – IPv6 Address Record 506PTR – Pointer Record 507Alias Host and Domain Name Resolutions 507CNAME – Canonical Name Record 507DNAME – Domain Alias Record 508Network Services Location 508SRV – Services Location Record 508AFSDB – DCE or AFS Server Record (Experimental) 509WKS – Well Known Service Record (Historic) 510Host and Textual Information Lookup 510TXT – Text Record 510HINFO – Host Information Record 510DNS Protocol Operational Record Types 512SOA – Start of Authority Record 512NS – Name Server Record 513Dynamic DNS Update Uniqueness Validation 514DHCID – Dynamic Host Configuration Identifier Record 514Telephone Number Resolution 515NAPTR – Naming Authority Pointer Record 517Email and Anti-spam Management 518Email and DNS 519MX – Mail Exchanger Record 519Allow or Block Listing 523Sender Policy Framework (SPF) 523SPF – Sender Policy Framework Formatting for a TXT Record 524Mechanisms 524Modifiers 526Macros 527Macro Examples 528Sender ID (Historical) 528Domain Keys Identified Mail (DKIM) 529DKIM Signature Email Header Field 530DKIM TXT Record 531DMARC TXT Record 532Historic Email Resource Record Types 533MR – Mail Rename Record 533MB – Mailbox Record 533MG – Mail Group Member Record 534MINFO – Mailbox/Mailing List Information 534Security Applications 534Securing Name Resolution – DNSSEC Resource Record Types 534DNSKEY – DNS Key Record 534DS – Delegation Signer Record 536NSEC – Next Secure Record 536NSEC3 – NSEC3 Record 537NSEC3PARAM – NSEC3 Parameters Record 538RRSIG – Resource Record Set Signature Record 539Other Security-oriented DNS Resource Record Types 540TA – Trust Authority Record 540CERT – Certificate Record 540IPSECKEY – Public Key for IPSec Record 541KEY – Key Record 542KX – Key Exchanger Record 543SIG – Signature Record 543SSHFP – Secure Shell Fingerprint Record 544Geographical Location Lookup 544GPOS – Geographical Position Record 544LOC – Location Resource Record 545Non-IP Host-Address Lookups 545ISDN – Integrated Services Digital Network Record (Experimental) 545NSAP – Network Service Access Point Record 545NSAP-PTR – Network Service Access Point Reverse Record 546PX – Pointer for X.400 546X25 – X.25 PSDN Address Record (Experimental) 546RT – Route Through 547The Null Record Type 547NULL 547Experimental Name-Address Lookup Records 547IPv6 Address Chaining – The A6 Record (Experimental) 547APL – Address Prefix List Record (Experimental) 548DNS Resource Record Summary 54920 RFC REFERENCE 555Glossary 583Bibliography 585Index 601
Fog, Edge, and Pervasive Computing in Intelligent IoT Driven Applications
A PRACTICAL GUIDE TO THE DESIGN, IMPLEMENTATION, EVALUATION, AND DEPLOYMENT OF EMERGING TECHNOLOGIES FOR INTELLIGENT IOT APPLICATIONSWith the rapid development in artificially intelligent and hybrid technologies, IoT, edge, fog-driven, and pervasive computing techniques are becoming important parts of our daily lives. This book focuses on recent advances, roles, and benefits of these technologies, describing the latest intelligent systems from a practical point of view. Fog, Edge, and Pervasive Computing in Intelligent IoT Driven Applications is also valuable for engineers and professionals trying to solve practical, economic, or technical problems. With a uniquely practical approach spanning multiple fields of interest, contributors cover theory, applications, and design methodologies for intelligent systems. These technologies are rapidly transforming engineering, industry, and agriculture by enabling real-time processing of data via computational, resource-oriented metaheuristics and machine learning algorithms. As edge/fog computing and associated technologies are implemented far and wide, we are now able to solve previously intractable problems. With chapters contributed by experts in the field, this book:* Describes Machine Learning frameworks and algorithms for edge, fog, and pervasive computing* Considers probabilistic storage systems and proven optimization techniques for intelligent IoT* Covers 5G edge network slicing and virtual network systems that utilize new networking capacity* Explores resource provisioning and bandwidth allocation for edge, fog, and pervasive mobile applications* Presents emerging applications of intelligent IoT, including smart farming, factory automation, marketing automation, medical diagnosis, and moreResearchers, graduate students, and practitioners working in the intelligent systems domain will appreciate this book’s practical orientation and comprehensive coverage. Intelligent IoT is revolutionizing every industry and field today, and Fog, Edge, and Pervasive Computing in Intelligent IoT Driven Applications provides the background, orientation, and inspiration needed to begin.DEEPAK GUPTA, PHD, is an Assistant Professor in the Department of Computer Science and Engineering at the Maharaja Agrasen Institute of Technology, Delhi, India. He has published 158 papers and 3 patents. He is associated with numerous professional bodies, including IEEE, ISTE, IAENG, and IACSIT. He is the convener and organizer of the ICICC, ICDAM Springer Conference Series. ADITYA KHAMPARIA, PHD, is Associate Professor of Computer Science at Lovely Professional University, Punjab, India. He has published more than 45 scientific research publications and is a member of CSI, IET, ISTE, IAENG, ACM and IACSIT. About the Editors xviiList of Contributors xixPreface xxvAcknowledgments xxxiii1 FOG, EDGE AND PERVASIVE COMPUTING IN INTELLIGENT INTERNET OF THINGS DRIVEN APPLICATIONS IN HEALTHCARE: CHALLENGES, LIMITATIONS AND FUTURE USE 1Afroj Alam, Sahar Qazi, Naiyar Iqbal, and Khalid Raza1.1 Introduction 11.2 Why Fog, Edge, and Pervasive Computing? 31.3 Technologies Related to Fog and Edge Computing 61.4 Concept of Intelligent IoT Application in Smart (Fog) Computing Era 91.5 The Hierarchical Architecture of Fog/Edge Computing 121.6 Applications of Fog, Edge and Pervasive Computing in IoT-based Healthcare 151.7 Issues, Challenges, and Opportunity 171.7.1 Security and Privacy Issues 181.7.2 Resource Management 191.7.3 Programming Platform 191.8 Conclusion 20Bibliography 202 FUTURE OPPORTUNISTIC FOG/EDGE COMPUTATIONAL MODELS AND THEIR LIMITATIONS 27Sonia Singla, Naveen Kumar Bhati, and S. Aswath2.1 Introduction 282.2 What are the Benefits of Edge and Fog Computing for the Mechanical Web of Things (IoT)? 322.3 Disadvantages 342.4 Challenges 342.5 Role in Health Care 352.6 Blockchain and Fog, Edge Computing 382.7 How Blockchain will Illuminate Human Services Issues 402.8 Uses of Blockchain in the Future 412.9 Uses of Blockchain in Health Care 422.10 Edge Computing Segmental Analysis 422.11 Uses of Fog Computing 432.12 Analytics in Fog Computing 442.13 Conclusion 44Bibliography 443 AUTOMATING ELICITATION TECHNIQUE SELECTION USING MACHINE LEARNING 47Hatim M. Elhassan Ibrahim Dafallaa, Nazir Ahmad, Mohammed Burhanur Rehman, Iqrar Ahmad, and Rizwan khan3.1 Introduction 473.2 Related Work 483.3 Model: Requirement Elicitation Technique Selection Model 523.3.1 Determining Key Attributes 543.3.2 Selection Attributes 543.3.2.1 Analyst Experience 553.3.2.2 Number of Stakeholders 553.3.2.3 Technique Time 563.3.2.4 Level of Information 563.3.3 Selection Attributes Dataset 563.3.3.1 Mapping the Selection Attributes 573.3.4 k-nearest Neighbor Algorithm Application 573.4 Analysis and Results 603.5 The Error Rate 613.6 Validation 613.6.1 Discussion of the Results of the Experiment 623.7 Conclusion 62Bibliography 654 MACHINE LEARNING FRAMEWORKS AND ALGORITHMS FOR FOG AND EDGE COMPUTING 67Murali Mallikarjuna Rao Perumalla, Sanjay Kumar Singh, Aditya Khamparia, Anjali Goyal, and Ashish Mishra4.1 Introduction 684.1.1 Fog Computing and Edge Computing 684.1.2 Pervasive Computing 684.2 Overview of Machine Learning Frameworks for Fog and Edge Computing 694.2.1 TensorFlow 694.2.2 Keras 704.2.3 PyTorch 704.2.4 TensorFlow Lite 704.2.4.1 Use Pre-train Models 704.2.4.2 Convert the Model 704.2.4.3 On-device Inference 714.2.4.4 Model Optimization 714.2.5 Machine Learning and Deep Learning Techniques 714.2.5.1 Supervised, Unsupervised and Reinforcement Learning 714.2.5.2 Machine Learning, Deep Learning Techniques 724.2.5.3 Deep Learning Techniques 754.2.5.4 Efficient Deep Learning Algorithms for Inference 774.2.6 Pros and Cons of ML Algorithms for Fog and Edge Computing 784.2.6.1 Advantages using ML Algorithms 784.2.6.2 Disadvantages of using ML Algorithms 794.2.7 Hybrid ML Model for Smart IoT Applications 794.2.7.1 Multi-Task Learning 794.2.7.2 Ensemble Learning 804.2.8 Possible Applications in Fog Era using Machine Learning 814.2.8.1 Computer Vision 814.2.8.2 ML- Assisted Healthcare Monitoring System 814.2.8.3 Smart Homes 814.2.8.4 Behavior Analyses 824.2.8.5 Monitoring in Remote Areas and Industries 824.2.8.6 Self-Driving Cars 82Bibliography 825 INTEGRATED CLOUD BASED LIBRARY MANAGEMENT IN INTELLIGENT IOT DRIVEN APPLICATIONS 85Md Robiul Alam Robel, Subrato Bharati, Prajoy Podder, and M. Rubaiyat Hossain Mondal5.1 Introduction 865.1.1 Execution Plan for the Mobile Application 865.1.2 Main Contribution 865.2 Understanding Library Management 875.3 Integration of Mobile Platform with the Physical Library- Brief Concept 885.4 Database (Cloud Based) - A Must have Component for Library Automation 885.5 IoT Driven Mobile Based Library Management - General Concept 895.6 IoT Involved Real Time GUI (Cross Platform) Available to User 935.7 IoT Challenges 985.7.1 Infrastructure Challenges 995.7.2 Security Challenges 995.7.3 Societal Challenges 1005.7.4 Commercial Challenges 1015.8 Conclusion 102Bibliography 1046 A SYSTEMATIC AND STRUCTURED REVIEW OF INTELLIGENT SYSTEMS FOR DIAGNOSIS OF RENAL CANCER 105Nikita, Harsh Sadawarti, Balwinder Kaur, and Jimmy Singla6.1 Introduction 1066.2 Related Works 1076.3 Conclusion 119Bibliography 1197 LOCATION DRIVEN EDGE ASSISTED DEVICE AND SOLUTIONS FOR INTELLIGENT TRANSPORTATION 123Saravjeet Singh and Jaiteg Singh7.1 Introduction to Fog and Edge Computing 1247.1.1 Need for Fog and Edge Computing 1247.1.2 Fog Computing 1257.1.2.1 Application Areas of Fog Computing 1257.1.3 Edge Computing 1267.1.3.1 Advantages of Edge Computing 1277.1.3.2 Application Areas of Fog Computing 1297.2 Introduction to Transportation System 1297.3 Route Finding Process 1317.3.1 Challenges Associated with Land Navigation and Routing Process 1327.4 Edge Architecture for Route Finding 1337.5 Technique Used 1357.6 Algorithms Used for the Location Identification and Route Finding Process 1377.6.1 Location Identification 1377.6.2 Path Generation Technique 1387.7 Results and Discussions 1407.7.1 Output 1407.7.2 Benefits of Edge-based Routing 1437.8 Conclusion 145Bibliography 1468 DESIGN AND SIMULATION OF MEMS FOR AUTOMOBILE CONDITION MONITORING USING COMSOL MULTIPHYSICS SIMULATOR 149Natasha Tiwari, Anil Kumar, Pallavi Asthana, Sumita Mishra, and Bramah Hazela8.1 Introduction 1498.2 Related Work 1518.3 Vehicle Condition Monitoring through Acoustic Emission 1518.4 Piezo-resistive Micro Electromechanical Sensors for Monitoring the Faults Through AE 1528.5 Designing of MEM Sensor 1538.6 Experimental Setup 1538.6.1 FFT Analysis of Automotive Diesel Engine Sound Recording using MATLAB 1558.6.2 Design of MEMS Sensor using COMSOL Multiphysics 1558.6.3 Electrostatic Study Steps for the Optimized Tri-plate Comb Structure 1568.7 Result and Discussions 1578.8 Conclusion 158Bibliography 1589 IOT DRIVEN HEALTHCARE MONITORING SYSTEM 161Md Robiul Alam Robel, Subrato Bharati, Prajoy Podder, and M. Rubaiyat Hossain Mondal9.1 Introduction 1619.1.1 Complementary Aspects of Cloud IoT in Healthcare Applications 1629.1.2 Main Contribution 1649.2 General Concept for IoT Based Healthcare System 1649.3 View of the Overall IoT Healthcare System- Tiers Explained 1659.4 A Brief Design of the IoT Healthcare Architecture-individual Block Explanation 1669.5 Models/Frameworks for IoT use in Healthcare 1689.6 IoT e-Health System Model 1719.7 Process Flow for the Overall Model 1729.8 Conclusion 173Bibliography 17510 FOG COMPUTING AS FUTURE PERSPECTIVE IN VEHICULAR AD HOC NETWORKS 177Harjit Singh, Dr. Vijay Laxmi, Dr. Arun Malik, and Dr. Isha10.1 Introduction 17810.2 Future VANET: Primary Issues and Specifications 18010.3 Fog Computing 18110.3.1 Fog Computing Concept 18310.3.2 Fog Technology Characterization 18310.4 Related Works in Cloud and Fog Computing 18510.5 Fog and Cloud Computing-based Technology Applications in VANET 18610.6 Challenges of Fog Computing in VANET 18810.7 Issues of Fog Computing in VANET 18910.8 Conclusion 190Bibliography 19111 AN OVERVIEW TO DESIGN AN EFFICIENT AND SECURE FOG-ASSISTED DATA COLLECTION METHOD IN THE INTERNET OF THINGS 193Sofia, Arun Malik, Isha, and Aditya Khamparia11.1 Introduction 19311.2 Related Works 19411.3 Overview of the Chapter 19611.4 Data Collection in the IoT 19711.5 Fog Computing 19711.5.1 Why fog Computing for Data Collection in IoT? 19711.5.2 Architecture of Fog Computing 20011.5.3 Features of Fog Computing 20011.5.4 Threats of Fog Computing 20211.5.5 Applications of Fog Computing with the IoT 20311.6 Requirements for Designing a Data Collection Method 20411.7 Conclusion 206Bibliography 20612 ROLE OF FOG COMPUTING PLATFORM IN ANALYTICS OF INTERNET OF THINGS- ISSUES, CHALLENGES AND OPPORTUNITIES 209Mamoon Rashid and Umer Iqbal Wani12.1 Introduction to Fog Computing 20912.1.1 Hierarchical Fog Computing Architecture 21012.1.2 Layered Fog Computing Architecture 21212.1.3 Comparison of Fog and Cloud Computing 21312.2 Introduction to Internet of Things 21412.2.1 Overview of Internet of Things 21412.3 Conceptual Architecture of Internet of Things 21612.4 Relationship between Internet of Things and Fog Computing 21712.5 Use of Fog Analytics in Internet of Things 21812.6 Conclusion 218Bibliography 21813 A MEDICAL DIAGNOSIS OF URETHRAL STRICTURE USING INTUITIONISTIC FUZZY SETS 221Prabjot Kaur and Maria Jamal13.1 Introduction 22113.2 Preliminaries 22313.2.1 Introduction 22313.2.2 Fuzzy Sets 22313.2.3 Intuitionistic Fuzzy Sets 22413.2.4 Intuitionistic Fuzzy Relation 22413.2.5 Max-Min-Max Composition 22413.2.6 Linguistic Variable 22413.2.7 Distance Measure In Intuitionistic Fuzzy Sets 22413.2.7.1 The Hamming Distance 22413.2.7.2 Normalized Hamming Distance 22413.2.7.3 Compliment of an Intuitionistic Fuzzy Set Matrix 22513.2.7.4 Revised Max-Min Average Composition of A and B (A Φ B) 22513.3 Max-Min-Max Algorithm for Disease Diagnosis 22513.4 Case Study 22613.5 Intuitionistic Fuzzy Max-Min Average Algorithm for Disease Diagnosis 22713.6 Result 22813.7 Code for Calculation 22913.8 Conclusion 23313.9 Acknowledgement 234Bibliography 23414 SECURITY ATTACKS IN INTERNET OF THINGS 237Rajit Nair, Preeti Sharma, and Dileep Kumar Singh14.1 Introduction 23814.2 Reference Model of Internet of Things (IoT) 23814.3 IoT Communication Protocol 24614.4 IoT Security 24714.4.1 Physical Attack 24814.4.2 Network Attack 25214.4.3 Software Attack 25414.4.4 Encryption Attack 25514.5 Security Challenges in IoT 25614.5.1 Cryptographic Strategies 25614.5.2 Key Administration 25614.5.3 Denial of Service 25614.5.4 Authentication and Access Control 25714.6 Conclusion 257Bibliography 25715 FOG INTEGRATED NOVEL ARCHITECTURE FOR TELEHEALTH SERVICES WITH SWIFT MEDICAL DELIVERY 263Inderpreet Kaur, Kamaljit Singh Saini, and Jaiteg Singh Khaira15.1 Introduction 26415.2 Associated Work and Dimensions 26615.3 Need of Security in Telemedicine Domain and Internet of Things (IoT) 26715.3.1 Analytics Reports 26815.4 Fog Integrated Architecture for Telehealth Delivery 26815.5 Research Dimensions 26915.5.1 Benchmark Datasets 26915.6 Research Methodology and Implementation on Software Defined Networking 27015.6.1 Key Tools and Frameworks for IoT, Fog Computing and Edge Computing 27415.6.2 Simulation Analysis 27615.7 Conclusion 282Bibliography 28216 FRUIT FLY OPTIMIZATION ALGORITHM FOR INTELLIGENT IOT APPLICATIONS 287Satinder Singh Mohar, Sonia Goyal, and Ranjit Kaur16.1 An Introduction to the Internet of Things 28716.2 Background of the IoT 28816.2.1 Evolution of the IoT 28816.2.2 Elements Involved in IoT Communication 28816.3 Applications of the IoT 28916.3.1 Industrial 29016.3.2 Smart Parking 29016.3.3 Health Care 29016.3.4 Smart Offices and Homes 29016.3.5 Augment Maps 29116.3.6 Environment Monitoring 29116.3.7 Agriculture 29116.4 Challenges in the IoT 29116.4.1 Addressing Schemes 29116.4.2 Energy Consumption 29216.4.3 Transmission Media 29216.4.4 Security 29216.4.5 Quality of Service (QoS) 29216.5 Introduction to Optimization 29316.6 Classification of Optimization Algorithms 29316.6.1 Particle Swarm Optimization (PSO) Algorithm 29316.6.2 Genetic Algorithms 29416.6.3 Heuristic Algorithms 29416.6.4 Bio-inspired Algorithms 29416.6.5 Evolutionary Algorithms (EA) 29416.7 Network Optimization and IoT 29516.8 Network Parameters optimized by Different Optimization Algorithms 29516.8.1 Load Balancing 29516.8.2 Maximizing Network Lifetime 29516.8.3 Link Failure Management 29616.8.4 Quality of the Link 29616.8.5 Energy Efficiency 29616.8.6 Node Deployment 29616.9 Fruit Fly Optimization Algorithm 29716.9.1 Steps Involved in FOA 29716.9.2 Flow Chart of Fruit Fly Optimization Algorithm 29816.10 Applicability of FOA in IoT Applications 30016.10.1 Cloud Service Distribution in Fog Computing 30016.10.2 Cluster Head Selection in IoT 30016.10.3 Load Balancing in IoT 30016.10.4 Quality of Service in Web Services 30016.10.5 Electronics Health Records in Cloud Computing 30116.10.6 Intrusion Detection System in Network 30116.10.7 Node Capture Attack in WSN 30116.10.8 Node Deployment in WSN 30216.11 Node Deployment Using Fruit Fly Optimization Algorithm 30216.12 Conclusion 304Bibliography 30417 OPTIMIZATION TECHNIQUES FOR INTELLIGENT IOT APPLICATIONS 311Priyanka Pattnaik, Subhashree Mishra, and Bhabani Shankar Prasad Mishra17.1 Cuckoo Search 31217.1.1 Introduction to Cuckoo 31217.1.2 Natural Cuckoo 31217.1.3 Artificial Cuckoo Search 31317.1.4 Cuckoo Search Algorithm 31317.1.5 Cuckoo Search Variants 31417.1.6 Discrete Cuckoo Search 31417.1.7 Binary Cuckoo Search 31417.1.8 Chaotic Cuckoo Search 31617.1.9 Parallel Cuckoo Search 31717.1.10 Application of Cuckoo Search 31717.2 Glow Worm Algorithm 31717.2.1 Introduction to Glow Worm 31717.2.2 Glow Worm Swarm Optimization Algorithm (GSO) 31717.3 Wasp Swarm Optimization 32117.3.1 Introduction to Wasp Swarm and Wasp Swarm Algorithm (WSO) 32117.3.2 Fish Swarm Optimization (FSO) 32217.3.3 Fruit Fly Optimization (FLO) 32217.3.4 Cockroach Swarm Optimization 32417.3.5 Bumblebee Algorithm 32417.3.6 Dolphin Echolocation 32517.3.7 Shuffled Frog-leaping Algorithm 32617.3.8 Paddy Field Algorithm 32717.4 Real World Applications Area 328Summary 329Bibliography 32918 OPTIMIZATION TECHNIQUES FOR INTELLIGENT IOT APPLICATIONS IN TRANSPORT PROCESSES 333Muzafer Saračević, Zoran Lončarević, and Adnan Hasanović18.1 Introduction 33318.2 Related Works 33518.3 TSP Optimization Techniques 33618.4 Implementation and Testing of Proposed Solution 33818.5 Experimental Results 34218.5.1 Example Test with 50 Cities 34318.5.2 Example Test with 100 Cities 34418.6 Conclusion and Further Works 346Bibliography 34719 ROLE OF INTELLIGENT IOT APPLICATIONS IN FOG PARADIGM: ISSUES, CHALLENGES AND FUTURE OPPORTUNITIES 351Priyanka Rajan Kumar and Sonia Goel19.1 Fog Computing 35219.1.1 Need of Fog computing 35219.1.2 Architecture of Fog Computing 35319.1.3 Fog Computing Reference Architecture 35419.1.4 Processing on Fog 35519.2 Concept of Intelligent IoT Applications in Smart Computing Era 35519.3 Components of Edge and Fog Driven Algorithm 35619.4 Working of Edge and Fog Driven Algorithms 35719.5 Future Opportunistic Fog/Edge Computational Models 36019.5.1 Future Opportunistic Techniques 36119.6 Challenges of Fog Computing for Intelligent IoT Applications 36119.7 Applications of Cloud Based Computing for Smart Devices 363Bibliography 36420 SECURITY AND PRIVACY ISSUES IN FOG/EDGE/PERVASIVE COMPUTING 369Shweta Kaushik and Charu Gandhi20.1 Introduction to Data Security and Privacy in Fog Computing 37020.2 Data Protection/ Security 37520.3 Great Security Practices In Fog Processing Condition 37720.4 Developing Patterns in Security and Privacy 38120.5 Conclusion 385Bibliography 38521 FOG AND EDGE DRIVEN SECURITY & PRIVACY ISSUES IN IOT DEVICES 389Deepak Kumar Sharma, Aarti Goel, and Pragun Mangla21.1 Introduction to Fog Computing 39021.1.1 Architecture of Fog 39021.1.2 Benefits of Fog Computing 39221.1.3 Applications of Fog with IoT 39321.1.4 Major Challenges for Fog with IoT 39421.1.5 Security and Privacy Issues in Fog Computing 39521.2 Introduction to Edge Computing 39921.2.1 Architecture and Working 40021.2.2 Applications and use Cases 40021.2.3 Characteristics of Edge Computing 40321.2.4 Challenges of Edge Computing 40421.2.5 How to Protect Devices “On the Edge”? 40521.2.6 Comparison with Fog Computing 405Bibliography 406Index 409
Home Server
Das eigene Netzwerk mit Intel NUC oder Raspberry Pi - so richten Sie Ihren Heimserver ein.Mit einer eigenen Schaltzentrale in Ihrem Heimnetzwerk sorgen Sie dafür, dass Sie zuverlässig alle Ihre Daten und Dienste jederzeit im Zugriff haben. Wie Sie einen solchen Home Server einfach und günstig mit dem Raspberry Pi oder dem Intel NUC einrichten, zeigt Ihnen Dennis Rühmer in seinem neuen Leitfaden. Auf 800 Seiten lernen Sie alles, was Sie brauchen, mit vielen Anleitungen und Hinweisen zu Sicherheit und Telefonie. Ob Sie auf Ihre eigene Cloud von überall zugreifen wollen, ob Sie einen privaten Chat-Dienst einrichten möchten, Musik und Videos im eigenen Netzwerk gestreamt werden sollen, oder ob Sie einen zuverlässigen VPN-Server brauchen: Sie werden überrascht sein, wie Sie mit ein wenig Hardware und dem Wissen aus diesem Buch ein leistungsstarkes System zu Hause aufbauen können.Leseprobe (PDF-Link)
Skalierbare Container-Infrastrukturen (3. Auflg.)
Das Handbuch für Administratoren. Die Referenz für DevOps-Teams und Admins in 3. Auflage 2020.Virtualisierung hat die nächste Evolutionsstufe erreicht – hochskalierbare, automatisierte und ausfallsichere Container-Umgebungen. Leistungsfähige IaaS/IaC-Mechanismen rollen Ihre virtuelle Infrastruktur auf Knopfdruck vollautomatisiert aus und provisionieren Cluster und Applikationen in jedem gewünschten Versionsstand. Mit GitOps-basierten, vollautomatisierten CI/CD-Pipelines, automatischer Skalierung von Applikationen und Cluster-Nodes on-demand, flexiblen Service-Meshes und Serverless-Architekturen sowie intelligenten Operatoren machen Sie Ihre Infrastruktur fit für die Zukunft.Die dritte, komplett überarbeitete Auflage der bewährten Container-Referenz liefert Ihnen tiefes, fundiertes Profi-Know-how und praxiserprobte Anleitungen. Sorgen Sie dafür, dass Ihr Unternehmen dank der aktuellsten Container-Technologien auf Basis von Kubernetes und OpenShift wettbewerbsfähig bleibt und bereits jetzt zukünftigen Anforderungen an Skalierbarkeit, Flexibilität, Hochverfügbarkeit und Planungssicherheit gewachsen ist!Container-Engines und Tools: CRI-O, Podman, Buildah, Skopeo und DockerProfessionelle Container-Orchestrierung mit Kubernetes und OpenShift, Vollautomation mit IaaS/IaC, intelligente Operatoren selbst erstellen und einsetzenService Meshes, Serverless-Architekturen und Integration von IDM-LösungenGitOps-basierte und vollautomatisierte Pipelines für maximale EffizienzStorage-Provisioner, containerisierte SDS-Lösungen, Security, Logging, Monitoring, Custom Metrics, Autoscaler und vieles mehr.Leseprobe (PDF-Link)
AWS Certified Data Analytics Study Guide
MOVE YOUR CAREER FORWARD WITH AWS CERTIFICATION! PREPARE FOR THE AWS CERTIFIED DATA ANALYTICS SPECIALTY EXAM WITH THIS THOROUGH STUDY GUIDEThis comprehensive study guide will help assess your technical skills and prepare for the updated AWS Certified Data Analytics exam. Earning this AWS certification will confirm your expertise in designing and implementing AWS services to derive value from data. The AWS Certified Data Analytics Study Guide: Specialty (DAS-C01) Exam is designed for business analysts and IT professionals who perform complex Big Data analyses.This AWS Specialty Exam guide gets you ready for certification testing with expert content, real-world knowledge, key exam concepts, and topic reviews. Gain confidence by studying the subject areas and working through the practice questions. Big data concepts covered in the guide include:* Collection* Storage* Processing* Analysis* Visualization* Data securityAWS certifications allow professionals to demonstrate skills related to leading Amazon Web Services technology. The AWS Certified Data Analytics Specialty (DAS-C01) Exam specifically evaluates your ability to design and maintain Big Data, leverage tools to automate data analysis, and implement AWS Big Data services according to architectural best practices. An exam study guide can help you feel more prepared about taking an AWS certification test and advancing your professional career. In addition to the guide’s content, you’ll have access to an online learning environment and test bank that offers practice exams, a glossary, and electronic flashcards.ASIF ABBASI has over 20 years of experience working in various Data & Analytics engineering, consulting and advisory roles with some of the largest customers across the globe to help them in their quest to become more data driven. Asif is the author of Learning Apache Spark 2.0 and is an AWS Certified Data Analytics & Machine Learning Specialist, AWS Certified Solutions Architect (Professional), Hortonworks Certified Hadoop Professional and Administrator, Certified Spark Developer, SAS Certified Predictive Modeler, and Sun Certified Enterprise Architect. Asif is also a Project Management Professional.Introduction xxiAssessment Test xxxCHAPTER 1 HISTORY OF ANALYTICS AND BIG DATA 1Evolution of Analytics Architecture Over the Years 3The New World Order 5Analytics Pipeline 6Data Sources 7Collection 8Storage 8Processing and Analysis 9Visualization, Predictive and Prescriptive Analytics 9The Big Data Reference Architecture 10Data Characteristics: Hot, Warm, and Cold 11Collection/Ingest 12Storage 13Process/Analyze 14Consumption 15Data Lakes and Their Relevance in Analytics 16What is a Data Lake? 16Building a Data Lake on AWS 19Step 1: Choosing the Right Storage – Amazon S3Is the Base 19Step 2: Data Ingestion – Moving the Data intothe Data Lake 21Step 3: Cleanse, Prep, and Catalog the Data 22Step 4: Secure the Data and Metadata 23Step 5: Make Data Available for Analytics 23Using Lake Formation to Build a Data Lake on AWS 23Exam Objectives 24Objective Map 25Assessment Test 27References 29CHAPTER 2 DATA COLLECTION 31Exam Objectives 32AWS IoT 33Common Use Cases for AWS IoT 35How AWS IoT Works 36Amazon Kinesis 38Amazon Kinesis Introduction 40Amazon Kinesis Data Streams 40Amazon Kinesis Data Analytics 54Amazon Kinesis Video Streams 61AWS Glue 64Glue Data Catalog 66Glue Crawlers 68Authoring ETL Jobs 69Executing ETL Jobs 71Change Data Capture with Glue Bookmarks 71Use Cases for AWS Glue 72Amazon SQS 72Amazon Data Migration Service 74What is AWS DMS Anyway? 74What Does AWS DMS Support? 75AWS Data Pipeline 77Pipeline Definition 77Pipeline Schedules 78Task Runner 79Large-Scale Data Transfer Solutions 81AWS Snowcone 81AWS Snowball 82AWS Snowmobile 85AWS Direct Connect 86Summary 87Review Questions 88References 90Exercises & Workshops 91CHAPTER 3 DATA STORAGE 93Introduction 94Amazon S3 95Amazon S3 Data Consistency Model 96Data Lake and S3 97Data Replication in Amazon S3 100Server Access Logging in Amazon S3 101Partitioning, Compression, and File Formats on S3 101Amazon S3 Glacier 103Vault 103Archive 104Amazon DynamoDB 104Amazon DynamoDB Data Types 105Amazon DynamoDB Core Concepts 108Read/Write Capacity Mode in DynamoDB 108DynamoDB Auto Scaling and Reserved Capacity 111Read Consistency and Global Tables 111Amazon DynamoDB: Indexing and Partitioning 113Amazon DynamoDB Accelerator 114Amazon DynamoDB Streams 115Amazon DynamoDB Streams – Kinesis Adapter 116Amazon DocumentDB 117Why a Document Database? 117Amazon DocumentDB Overview 119Amazon Document DB Architecture 120Amazon DocumentDB Interfaces 120Graph Databases and Amazon Neptune 121Amazon Neptune Overview 122Amazon Neptune Use Cases 123Storage Gateway 123Hybrid Storage Requirements 123AWS Storage Gateway 125Amazon EFS 127Amazon EFS Use Cases 130Interacting with Amazon EFS 132Amazon EFS Security Model 132Backing Up Amazon EFS 132Amazon FSx for Lustre 133Key Benefits of Amazon FSx for Lustre 134Use Cases for Lustre 135AWS Transfer for SFTP 135Summary 136Exercises 137Review Questions 140Further Reading 142References 142CHAPTER 4 DATA PROCESSING AND ANALYSIS 143Introduction 144Types of Analytical Workloads 144Amazon Athena 146Apache Presto 147Apache Hive 148Amazon Athena Use Cases and Workloads 149Amazon Athena DDL, DML, and DCL 150Amazon Athena Workgroups 151Amazon Athena Federated Query 153Amazon Athena Custom UDFs 154Using Machine Learning with Amazon Athena 154Amazon EMR 155Apache Hadoop Overview 156Amazon EMR Overview 157Apache Hadoop on Amazon EMR 158EMRFS 166Bootstrap Actions and Custom AMI 167Security on EMR 167EMR Notebooks 168Apache Hive and Apache Pig on Amazon EMR 169Apache Spark on Amazon EMR 174Apache HBase on Amazon EMR 182Apache Flink, Apache Mahout, and Apache MXNet 184Choosing the Right Analytics Tool 186Amazon Elasticsearch Service 188When to Use Elasticsearch 188Elasticsearch Core Concepts (the ELK Stack) 189Amazon Elasticsearch Service 191Amazon Redshift 192What is Data Warehousing? 192What is Redshift? 193Redshift Architecture 195Redshift AQUA 198Redshift Scalability 199Data Modeling in Redshift 205Data Loading and Unloading 213Query Optimization in Redshift 217Security in Redshift 221Kinesis Data Analytics 225How Does It Work? 226What is Kinesis Data Analytics for Java? 228Comparing Batch Processing Services 229Comparing Orchestration Options on AWS 230AWS Step Functions 230Comparing Different ETL Orchestration Options 230Summary 231Exam Essentials 232Exercises 232Review Questions 235References 237Recommended Workshops 237Amazon Athena Blogs 238Amazon Redshift Blogs 240Amazon EMR Blogs 241Amazon Elasticsearch Blog 241Amazon Redshift References and Further Reading 242CHAPTER 5 DATA VISUALIZATION 243Introduction 244Data Consumers 245Data Visualization Options 246Amazon QuickSight 247Getting Started 248Working with Data 250Data Preparation 255Data Analysis 256Data Visualization 258Machine Learning Insights 261Building Dashboards 262Embedding QuickSight Objects into Other Applications 264Administration 265Security 266Other Visualization Options 267Predictive Analytics 270What is Predictive Analytics? 270The AWS ML Stack 271Summary 273Exam Essentials 273Exercises 274Review Questions 275References 276Additional Reading Material 276CHAPTER 6 DATA SECURITY 279Introduction 280Shared Responsibility Model 280Security Services on AWS 282AWS IAM Overview 285IAM User 285IAM Groups 286IAM Roles 287Amazon EMR Security 289Public Subnet 290Private Subnet 291Security Configurations 293Block Public Access 298VPC Subnets 298Security Options during Cluster Creation 299EMR Security Summary 300Amazon S3 Security 301Managing Access to Data in Amazon S3 301Data Protection in Amazon S3 305Logging and Monitoring with Amazon S3 306Best Practices for Security on Amazon S3 308Amazon Athena Security 308Managing Access to Amazon Athena 309Data Protection in Amazon Athena 310Data Encryption in Amazon Athena 311Amazon Athena and AWS Lake Formation 312Amazon Redshift Security 312Levels of Security within Amazon Redshift 313Data Protection in Amazon Redshift 315Redshift Auditing 316Redshift Logging 317Amazon Elasticsearch Security 317Elasticsearch Network Configuration 318VPC Access 318Accessing Amazon Elasticsearch and Kibana 319Data Protection in Amazon Elasticsearch 322Amazon Kinesis Security 325Managing Access to Amazon Kinesis 325Data Protection in Amazon Kinesis 326Amazon Kinesis Best Practices 326Amazon QuickSight Security 327Managing Data Access with Amazon QuickSight 327Data Protection 328Logging and Monitoring 329Security Best Practices 329Amazon DynamoDB Security 329Access Management in DynamoDB 329IAM Policy with Fine-Grained Access Control 330Identity Federation 331How to Access Amazon DynamoDB 332Data Protection with DynamoDB 332Monitoring and Logging with DynamoDB 333Summary 334Exam Essentials 334Exercises/Workshops 334Review Questions 336References and Further Reading 337APPENDIX ANSWERS TO REVIEW QUESTIONS 339Chapter 1: History of Analytics and Big Data 340Chapter 2: Data Collection 342Chapter 3: Data Storage 343Chapter 4: Data Processing and Analysis 344Chapter 5: Data Visualization 346Chapter 6: Data Security 346Index 349
Kapazitätsplanung mit SAP
Dieses kundige Handbuch beantwortet alle Ihre Fragen rund um die Kapazitätsplanung mit SAP! Die Autoren erläutern Ihnen die Kapazitätsplanung als integrierten Gesamtprozess und zeigen Ihnen, welche Besonderheiten Sie bei den verschiedenen Funktionsbereichen, Branchen und Prozessen berücksichtigen müssen. So lernen Sie die Funktionen für die lang- und kurzfristige Planung in den ERP-Systemen SAP ECC und SAP S/4HANA sowie in APO und IBP kennen und erfahren, wie Sie sie kombinieren, implementieren und anwenden. Aus dem Inhalt: Stamm- und BewegungsdatenLangfristige Planung:Supply Network Planning (SNP)Capable-to-Match (CTM)SAP IBP für Sales and Operations PlanningKurzfristige Planung:Capacity Requirements Planning (CRP)Embedded PP/DSCapable-to-Promise (CTP)Predictive Material and Resource Planning (pMRP)SAP IBP für Response and SupplyIntegration von SAP APO, SAP IBP, SAP ECC und SAP S/4HANASAP S/4HANA CloudVerwandte ProzesseProzessbeispiele Einleitung ... 25 Zielgruppe ... 25 Aufbau ... 25 Hinweise zur Lektüre ... 27 Teil I Grundlagen und Prozesse ... 29 1. Erweitertes MRP-II-Konzept ... 31 1.1 ... Schritte des MRP-II-Konzepts ... 31 1.2 ... Sukzessivplanung vs. Simultanplanung ... 34 1.3 ... Einbettung der Kapazitätsplanung in das MRP-II-Konzept ... 35 2. Kapazitätsplanung ... 39 2.1 ... Charakteristika und Vorgehensweisen in der Kapazitätsplanung ... 40 2.2 ... Anwendungsgebiete der Kapazitätsplanung ... 67 2.3 ... Kapazitätsplanungskonstellationen in SAP ... 69 2.4 ... Fazit ... 76 Teil II Stamm- und Bewegungsdaten ... 77 3. Globale Stammdaten ... 79 3.1 ... Werk und Lokation ... 79 3.2 ... Material und Produkt ... 85 3.3 ... Arbeitsplatz und Ressource ... 95 3.4 ... Fertigungsversion, Produktionsdatenstruktur (PDS) und Produktionsbezugsquellen ... 118 3.5 ... Transportbeziehungen ... 126 3.6 ... Stammdatenumgebungen für aktive Planung und Simulationen ... 129 3.7 ... Fazit ... 132 4. Anwendungsspezifische Stammdaten ... 133 4.1 ... Stammdaten der Projekt- sowie der Instandhaltungsplanung ... 133 4.2 ... Rüstinformationen ... 135 4.3 ... Kostenpflege ... 137 4.4 ... Fazit ... 140 5. Bewegungsdaten ... 141 5.1 ... Auftragsbezogene Bewegungsdaten ... 141 5.2 ... Kennzahlenbezogene Bewegungsdaten ... 156 5.3 ... Fazit ... 159 6. Integration von Stamm- und Bewegungsdaten in SAP APO, ePP/DS und SAP IBP ... 161 6.1 ... Integration ins APO-System ... 162 6.2 ... Integration in ePP/DS ... 173 6.3 ... Integration ins IBP-System ... 177 6.4 ... Fazit ... 179 7. Funktionen der Auftragsanlage ... 181 7.1 ... Anlage von Planungselementen in der Bedarfsplanung ... 182 7.2 ... Anlage von Planungselementen in der Projektplanung ... 194 7.3 ... Anlage von Planungselementen in der Instandhaltungsplanung ... 195 7.4 ... Anlage von Planungselementen in der Kundenauftragsabwicklung ... 195 7.5 ... Fazit ... 196 Teil III Langfristige Kapazitätsplanung ... 197 8. Langfristplanung und predictive MRP in SAP ECC und SAP S/4HANA ... 199 8.1 ... Langfristplanung ... 199 8.2 ... predictive Material and Resource Planning (pMRP) ... 214 8.3 ... Fazit ... 220 9. Grundlagen der langfristigen Kapazitätsplanung in SAP APO ... 221 9.1 ... Überblick und Prozesse von SNP ... 222 9.2 ... Grundkonzept und Funktionsweise von SNP ... 229 9.3 ... Überblick über die Konfiguration von SNP ... 239 9.4 ... Methoden zur langfristigen Kapazitätsplanung in SAP APO ... 245 9.5 ... Fazit ... 249 10. SNP-Heuristik/Kapazitätsabgleich in SAP APO ... 251 10.1 ... Grundlagen, Verwendung und Funktionsweise der SNP-Heuristik ... 252 10.2 ... Grundlagen, Verwendung und Funktionsweise des Kapazitätsabgleichs ... 265 10.3 ... Einstellungen und Stammdaten der Heuristik und des Kapazitätsabgleichs ... 272 10.4 ... SNP-Heuristik und Kapazitätsabgleich durchführen ... 279 10.5 ... Sonderprozesse und Beispiele ... 283 10.6 ... Fazit ... 285 11. SNP-Optimierer in SAP APO ... 287 11.1 ... Grundlagen, Verwendung und Funktionsweise des SNP-Optimierers ... 287 11.2 ... Restriktionen und Kosten im SNP-Optimierer ... 300 11.3 ... Einstellungen und Stammdaten im SNP-Optimierer ... 315 11.4 ... SNP-Optimierer-Planung durchführen und Ergebnisse analysieren ... 323 11.5 ... Sonderprozesse und Beispiele ... 328 11.6 ... Fazit ... 329 12. Capable-to-Match (CTM) in SAP APO ... 331 12.1 ... Grundlagen, Verwendung und Funktionsweise von CTM ... 332 12.2 ... Einstellungen und Stammdaten in CTM ... 347 12.3 ... CTM-Planung durchführen ... 367 12.4 ... Planungsergebnisse analysieren ... 368 12.5 ... Sonderprozesse und Beispiele ... 370 12.6 ... Fazit ... 375 13. Sonderprozesse in der langfristigen Planung in SAP APO ... 377 13.1 ... Aggregierte Planung in SNP ... 377 13.2 ... Haltbarkeiten in SNP ... 378 13.3 ... Variantenkonfiguration/merkmalsbasierte Planung ... 379 13.4 ... Vendor-Managed Inventory (VMI) ... 380 13.5 ... Planen von Lieferanten und Berücksichtigung von Lieferplänen ... 381 13.6 ... Lohnbearbeitung in SNP ... 382 13.7 ... Fazit ... 383 14. Interaktive, langfristige Kapazitätsplanung ... 385 14.1 ... Interaktive SNP-Planung ... 386 14.2 ... Alert-Monitor ... 390 14.3 ... Allgemeine Funktionen der interaktiven Planung ... 390 14.4 ... Fazit ... 391 Teil IV Mittel- bis langfristige Kapazitätsplanung ... 393 15. Grundlagen der mittel- bis langfristigen Kapazitätsplanung in SAP IBP ... 395 15.1 ... Überblick und Prozesse in SAP IBP ... 395 15.2 ... Zeitreihenbasierte Kapazitätsplanung mit SAP IBP ... 398 15.3 ... Auftragsbasierte Kapazitätsplanung mit SAP IBP ... 400 15.4 ... Fazit ... 402 16. Zeitreihenbasierte Kapazitätsplanung in SAP IBP ... 403 16.1 ... Verwendung und Funktionsweise ... 403 16.2 ... Zeitreihenbasierte Algorithmen in der Kapazitätsplanung ... 408 16.3 ... Konfiguration der zeitreihenbasierten Beschaffungsplanung ... 425 16.4 ... Beispiele für zeitreihenbasierte Kapazitätsplanung ... 455 16.5 ... Fazit ... 459 17. Auftragsbasierte Kapazitätsplanung in SAP IBP ... 459 17.1 ... Übersicht über die auftragsbasierte Kapazitätsplanung in SAP IBP ... 460 17.2 ... Basiseinstellungen ... 460 17.3 ... Planungsläufe ... 467 17.4 ... Fazit ... 474 18. Interaktive mittel- bis langfristige Kapazitätsplanung in SAP IBP ... 475 18.1 ... Microsoft Excel ... 476 18.2 ... Browserbasierte Benutzeroberflächen (Web UIs) ... 513 18.3 ... Fazit ... 533 Teil V Kurzfristige Kapazitätsplanung ... 535 19. Kapazitätsplanung in SAP ECC und SAP S/4HANA ... 537 19.1 ... Auftragsterminierung und Kapazitätsbedarfe ... 539 19.2 ... Kapazitätsauswertung ... 558 19.3 ... Kapazitätsabgleich ... 563 19.4 ... Kapazitätsverfügbarkeitsprüfung ... 569 19.5 ... Fazit ... 573 20. Grundlagen der kurzfristigen Kapazitätsplanung in SAP APO und ePP/DS ... 575 20.1 ... Auftrag als Planungselement im APO-System bzw. in ePP/DS ... 575 20.2 ... Pegging ... 587 20.3 ... Fazit ... 601 21. Heuristiken der kurzfristigen Kapazitätsplanung in SAP APO und ePP/DS ... 603 21.1 ... Überblick der in PP/DS vorhandenen Heuristiken ... 605 21.2 ... Strategieprofile in der kurzfristigen Kapazitätsplanung ... 612 21.3 ... PP/DS-Heuristiken in der kurzfristigen Kapazitätsplanung im Detail ... 639 21.4 ... Fazit ... 643 22. Optimierung in der kurzfristigen Kapazitätsplanung in SAP APO und ePP/DS ... 645 22.1 ... Verwendung des genetischen Algorithmus in der PP/DS-Optimierung ... 646 22.2 ... Zielfunktion in der PP/DS-Optimierung ... 648 22.3 ... Randbedingungen in der PP/DS-Optimierung ... 650 22.4 ... PP/DS-Optimierungsfenster ... 652 22.5 ... Ressourcen in der PP/DS-Optimierung ... 652 22.6 ... Aufträge in der PP/DS-Optimierung ... 654 22.7 ... Ablauf der PP/DS-Optimierung ... 657 22.8 ... Weitere Aspekte der PP/DS-Optimierung ... 659 22.9 ... Fazit ... 661 23. Kapazitive Verfügbarkeitsprüfung ... 663 23.1 ... Grundlagen ... 663 23.2 ... Verwendung und Funktionsweise ... 666 23.3 ... Einstellungen für die CTP-Planung ... 668 23.4 ... Prozesse in der CTP-Planung ... 677 23.5 ... Funktionale Einschränkungen in der CTP-Planung ... 688 23.6 ... Fazit ... 691 24. Sonderprozesse in der kurzfristigen Kapazitätsplanung in SAP APO und ePP/DS ... 693 24.1 ... Finiter MRP-Lauf und kapazitätsgetriebene Auftragsanlage ... 693 24.2 ... Haltbarkeiten ... 695 24.3 ... Planung mit Merkmalen ... 698 24.4 ... Kurzfristige Kapazitätsplanung im Projektumfeld ... 706 24.5 ... Kurzfristige Kapazitätsplanung im Prozessfertigungsumfeld ... 708 24.6 ... Kurzfristige Kapazitätsplanung im Serienfertigungsumfeld ... 713 24.7 ... Fazit ... 715 25. Interaktive, kurzfristige Kapazitätsplanung in SAP APO und ePP/DS ... 717 25.1 ... Werkzeuge der interaktiven Planung ... 718 25.2 ... Alert-Monitor ... 723 25.3 ... Plan-Monitor ... 740 25.4 ... Supply Chain Cockpit ... 743 25.5 ... Auftragsbearbeitung ... 746 25.6 ... Zugangs- und Bedarfssicht ... 748 25.7 ... Grafische Feinplanungstafel ... 749 25.8 ... Kapazitätsauswertungen ... 757 25.9 ... Produktsicht, erweiterte Produktplanung und Produktübersicht ... 757 25.10 ... Produktplantafel ... 760 25.11 ... Fazit ... 762 Teil VI Anschließende Prozessschritte und Kapazitätsplanungsszenarios ... 763 26. Auftragsausführung (Execution) ... 765 26.1 ... Überblick über die Ausführung im Rahmen der Eigenfertigung ... 766 26.2 ... Auftragsumsetzung/Eröffnung ... 767 26.3 ... Verfügbarkeitsprüfung ... 772 26.4 ... Auftragsfreigabe ... 774 26.5 ... Materialentnahme ... 776 26.6 ... Rückmeldung ... 778 26.7 ... Lagerzugang ... 781 26.8 ... Abrechnung ... 782 26.9 ... Abschluss ... 782 26.10 ... Fazit ... 782 27. Kapazitive Planung von Transporten ... 785 27.1 ... Grundlagen des Deployments und des Transport Load Builders ... 785 27.2 ... Grundlagen von SAP APO TP/VS ... 789 27.3 ... Grundlagen von SAP Transportation Management (TM) ... 797 27.4 ... Fazit ... 801 28. Integration der Kapazitätsplanungsfunktionen ... 803 28.1 ... Integration der Kapazitätsplanung in den ERP-Systemen ... 804 28.2 ... Integration der Kapazitätsplanung in den SAP-ERP-Systemen und SAP APO ... 805 28.3 ... Integration der Kapazitätsplanung in SAP APO (SNP und PP/DS) ... 808 28.4 ... Integration der Kapazitätsplanung in SAP S/4HANA, SAP IBP für Supply und ePP/DS ... 812 28.5 ... Fazit ... 813 29. Beispielszenario ... 815 29.1 ... Projektbeispiel ... 815 29.2 ... Absatzplanung in SAP ... 819 29.3 ... Kundenauftragseingang auf Endproduktebene ... 819 29.4 ... Beispiel für die Kapazitätsplanung im APO-System ... 820 29.5 ... Fazit ... 831 30. Fazit und Ausblick ... 833 Anhang ... 835 A ... Relevante Erweiterungen ... 837 B ... Literaturverzeichnis ... 851 C ... Das Autorenteam ... 853 Index ... 855
VMware vSphere 7
Mit diesem Buch administrieren Sie VMware vSphere effizient und sicher. Als Berater, IT-Architekt oder Administrator erhalten Sie Hintergrundinformationen und Praxistipps von echten Experten zu allen neuen Features und Produkten des VMware Datencenters. Aus dem Inhalt: vSphere-ArchitekturvMotion und Storage MotionCluster-VerwaltungInstallation und AdministrationNetzwerkkonfiguration und NetzwerkvirtualisierungStorage Architektur und VMware Virtual SANvCenter ESXi und vCenter-AddonsDatensicherung und Ausfallsicherheit in vSphere-UmgebungenvSphere integrated ContainervCenter Server Alliance mit vCenter HAVMware Cloud FoundationHybrid Cloud Vorworte und Danksagungen ... 27 1. Einleitung ... 37 1.1 ... Servervirtualisierung ... 37 1.2 ... Die VMware-Produktfamilie ... 41 1.3 ... Einführung in die VMware-Servervirtualisierung ... 44 2. vSphere-Architektur ... 53 2.1 ... Infrastrukturbestandteile eines Software-Defined Datacenter (SDDC) ... 53 2.2 ... vSphere-Host ... 54 2.3 ... Architektur eines vSphere-Hosts ... 55 2.4 ... Grundlagen der CPU-Virtualisierung ... 57 2.5 ... Grundlagen der Memory-Virtualisierung ... 66 2.6 ... Grundlagen der Hardwarevirtualisierung ... 71 2.7 ... Management einer virtuellen vSphere-Infrastruktur ... 73 2.8 ... Verschlüsselung ... 91 2.9 ... Maximale Ausstattung ... 92 3. vMotion und Storage vMotion ... 97 3.1 ... vMotion ... 100 3.2 ... Storage vMotion ... 153 4. Cluster ... 173 4.1 ... Cluster-Objekt ... 173 4.2 ... HA-Cluster ... 179 4.3 ... DRS-Cluster ... 215 5. Installation von ESXi und vCenter ... 235 5.1 ... VMware vSphere 7 ... 235 5.2 ... Upgrade auf vSphere 7 ... 251 5.3 ... Quick Boot ESXi ... 257 5.4 ... Der Platform Services Controller ... 257 5.5 ... Installation der VMware vCenter Server Appliance ... 258 5.6 ... Patchen des vCenter Servers ... 274 5.7 ... Upgrade des vCenter Servers ... 279 5.8 ... Migration vom Windows vCenter zur vCenter Server Appliance ... 290 5.9 ... Nachträgliche Änderungen am vCenter ... 297 5.10 ... vCenter-Server-Komponenten ... 306 5.11 ... VMware vCenter Converter Standalone ... 318 5.12 ... Hochverfügbarkeit für vCenter Server und Komponenten ... 320 5.13 ... Lizenzierung ... 329 6. Verwaltungsmöglichkeiten ... 331 6.1 ... Die lokale Hostkonsole ... 331 6.2 ... Zugriff auf die Hostkonsole per SSH ... 332 6.3 ... Die Weboberfläche des Hosts ... 333 6.4 ... Die lokale VCSA-Konsole ... 334 6.5 ... Zugriff auf die VCSA per SSH ... 335 6.6 ... Die Weboberfläche der VCSA ... 336 6.7 ... vSphere Web Client ... 337 6.8 ... Administration über mobile Geräte ... 346 6.9 ... vCenter Server ... 347 6.10 ... VMware vSphere PowerCLI ... 357 7. Das Netzwerk in VMware vSphere ... 359 7.1 ... Grundsätzliche Planungsaspekte ... 359 7.2 ... Die physischen und virtuellen Netzwerkschichten ... 364 7.3 ... Die physischen Netzwerkkarten im Host ... 367 7.4 ... vSS und vDS -- eine Gegenüberstellung ... 369 7.5 ... Arbeiten mit dem vNetwork Standard Switch (vSS) ... 389 7.6 ... Arbeiten mit dem vNetwork Distributed Switch (vDS) ... 393 7.7 ... Die Migration von vSS auf vDS ... 421 7.8 ... Managementnetzwerk -- Reparaturfunktionen ... 430 7.9 ... Architektur-Beispiele ... 433 8. Netzwerkvirtualisierung mit VMware NSX Data Center ... 443 8.1 ... VMware NSX: Geschichte und Vision ... 444 8.2 ... VMware NSX-T im Vergleich zu NSX-v: ein Überblick über die Unterschiede ... 447 8.3 ... VMware NSX-T im Überblick ... 449 8.4 ... Exkurs: Das GENEVE-Protokoll ... 451 8.5 ... Die Architektur von NSX-T ... 455 8.6 ... Die Komponenten von NSX-T im Detail ... 458 8.7 ... Die Einrichtung von NSX-T vorbereiten ... 465 8.8 ... Die NSX-T-Installation (Management Plane) ... 471 8.9 ... NSX-T mit einer beispielhaften Netzwerktopologie ... 506 8.10 ... Zusammenfassung und Ausblick ... 534 9. Storage-Architektur ... 537 9.1 ... Lokale Medien ... 538 9.2 ... Die Wahl: Block oder File? ... 544 9.3 ... Storage Area Network -- was ist eigentlich ein SAN? ... 546 9.4 ... Infiniband ... 547 9.5 ... Kommunikation ... 548 9.6 ... FC-Speichernetzwerk ... 557 9.7 ... FCoE ... 563 9.8 ... NVMe-oF ... 565 9.9 ... iSCSI-Speichernetzwerk ... 566 9.10 ... Network File System (NFS) ... 569 9.11 ... Flash-basierter Speicher ... 575 9.12 ... VMware-Storage-Architektur ... 582 9.13 ... VAAI ... 617 9.14 ... Storage I/O Control ... 618 9.15 ... VASA ... 623 9.16 ... VMware vSphere Virtual Volumes ... 625 9.17 ... RDMA -- Remote Direct Memory Access ... 634 9.18 ... PMem -- Persistent Memory NVDIMM-Unterstützung ... 635 10. VMware vSAN ... 637 10.1 ... Grundlagen und Aufbau ... 638 10.2 ... Hardwareanforderungen ... 638 10.3 ... Architektur und Speicherkonzepte ... 642 10.4 ... Sizing ... 652 10.5 ... Topologien ... 655 10.6 ... Setup ... 657 10.7 ... vSAN File Service ... 664 11. Pure Storage ... 675 11.1 ... Portfolio ... 675 11.2 ... Verwaltung der Speichersysteme ... 679 11.3 ... FlashArray und ESXi-Konfiguration ... 683 11.4 ... Virtual Volumes (vVols) ... 689 11.5 ... ActiveCluster ... 690 11.6 ... NVMe-over-Fabrics ... 697 11.7 ... VM Analytics ... 698 12. VMware vSphere und NetApp-Storage ... 701 12.1 ... Baukasten NetApp ... 702 12.2 ... Klassischer Ansatz ... 704 12.3 ... NetApp Virtual Storage Console ... 706 12.4 ... Backup einrichten ... 714 13. Die private Cloud mit Nutanix ... 717 13.1 ... Allgemeines zum Thema Cloud ... 721 13.2 ... Die Nutanix Enterprise Cloud ... 722 13.3 ... Nutanix-Plattformarchitektur und -technologie ... 754 13.4 ... Verwaltung ... 785 13.5 ... Die VM in einem Nutanix-Cluster ... 791 13.6 ... Data Protection ... 799 13.7 ... Move ... 811 13.8 ... Weitere Informationen ... 815 14. Konfiguration von ESXi und vCenter ... 821 14.1 ... DNS ... 821 14.2 ... Virtual Machines ... 823 14.3 ... System ... 825 14.4 ... Hardware ... 853 14.5 ... Virtual Flash ... 859 14.6 ... Alarm Definitions ... 862 14.7 ... Scheduled Tasks ... 862 14.8 ... vCenter-Konfigurationseinstellungen ... 863 14.9 ... Das Administrationsmenü ... 877 14.10 ... Das Menü im Home-Screen des vCenters ... 887 14.11 ... Einrichtung von Ressourcenpools ... 910 14.12 ... VMware vApp ... 914 14.13 ... vCenter-Berechtigungen ... 923 14.14 ... Sonstiges ... 932 15. Konfiguration von vCenter-Add-ons ... 935 15.1 ... Customer Experience Improvement Program (CEIP) ... 935 15.2 ... Der Lifecycle Manager ... 936 15.3 ... VMware vSphere Image Builder PowerCLI ... 967 15.4 ... VMware Auto Deploy und Image Builder im Webclient ... 972 15.5 ... Hybrid Cloud Services ... 979 15.6 ... DRaaS ... 979 15.7 ... vRealize Operations ... 980 15.8 ... VMware vSphere Replication Appliance ... 981 15.9 ... VMware vCenter Converter Standalone ... 989 16. Monitoring ... 1003 16.1 ... Monitoring mit dem Hostclient ... 1004 16.2 ... Monitoring mit dem vSphere-Client ... 1012 16.3 ... Monitoring mit esxtop ... 1019 16.4 ... Monitoring der vCenter Server Appliance ... 1026 16.5 ... Benchmark-Werkzeuge ... 1029 16.6 ... Monitoring-Tools ... 1032 17. Datensicherung von vSphere-Umgebungen ... 1057 17.1 ... Einführung ... 1057 17.2 ... Grundlagen der Datensicherung ... 1061 17.3 ... Die fünf Prinzipien einer konsequenten Datensicherung ... 1066 17.4 ... VMware-Werkzeuge zur Datensicherung ... 1069 17.5 ... Datensicherungstopologien ... 1072 17.6 ... Planung einer Datensicherungsumgebung ... 1075 17.7 ... Veeam-Backup-Repository ... 1093 17.8 ... Veeam Backup & Replication installieren ... 1104 17.9 ... Veeam richtig konfigurieren ... 1105 17.10 ... Erstellen von Backups ... 1109 17.11 ... Erstellen von Replikaten ... 1124 17.12 ... Wiederherstellung aus Backups ... 1125 18. Ausfallsicherheit ... 1131 18.1 ... Sicherung -- Rücksicherung ... 1131 18.2 ... Ausfallsicherheit für das vCenter ... 1143 18.3 ... Fault Tolerance ... 1145 18.4 ... Windows Server Failover Clustering (WSFC) Service für virtuelle Maschinen ... 1158 18.5 ... vSphere Replication ... 1158 19. Automatisierung von vSphere ... 1167 19.1 ... Use Cases zur Automatisierung im Überblick ... 1167 19.2 ... Technischer Überblick ... 1169 19.3 ... Fazit ... 1184 20. Virtuelle Maschinen ... 1185 20.1 ... Virtuelle Hardware ... 1185 20.2 ... Virtuelle Maschinendateien ... 1193 20.3 ... Management Tools für die VM ... 1195 20.4 ... Konfiguration der virtuellen Hardware ... 1195 20.5 ... Optionen für die virtuellen Maschinen ... 1201 20.6 ... Virtuelle Maschinen erstellen ... 1207 20.7 ... Aktualisieren der virtuellen Hardware ... 1211 20.8 ... Ressourcenmanagement ... 1212 20.9 ... USB-Geräte ... 1217 20.10 ... Wechselmedien ... 1223 20.11 ... Betriebszustände einer virtuellen Maschine ... 1231 20.12 ... Speicherrichtlinien für virtuelle Maschinen ... 1232 20.13 ... Konfiguration und Anpassung von virtuellen Maschinen ... 1234 20.14 ... VMware Tools ... 1238 20.15 ... Migration von virtuellen Maschinen ... 1244 20.16 ... Klone ... 1246 20.17 ... Vorlagen ... 1248 20.18 ... Die virtuelle Maschine im VMware vSphere Client ... 1252 20.19 ... Snapshots ... 1262 20.20 ... Erweitertes VM-Management ... 1267 21. Kubernetes ... 1273 21.1 ... Container-Technologien ... 1274 21.2 ... Kubernetes-Architektur ... 1278 21.3 ... Kriterien für den Unternehmenseinsatz ... 1279 21.4 ... vSphere mit Kubernetes ... 1282 21.5 ... Supervisor- und Tanzu-Kubernetes-Grid-Cluster ... 1283 21.6 ... Tanzu-Cluster erstellen ... 1286 22. VMware Cloud Foundation 4.0 ... 1295 22.1 ... Modernisieren Sie Ihr Rechenzentrum ... 1296 22.2 ... Die Vorbereitung ... 1299 22.3 ... Die Standardarchitektur und Architekturvarianten ... 1301 22.4 ... Installation ... 1308 22.5 ... Ressourcen durch Workload-Domains bereitstellen ... 1317 22.6 ... Systemaktualisierungen ... 1320 22.7 ... vSphere mit Kubernetes auf Basis von VCF 4.0 ... 1322 22.8 ... Mehrere Standorte ... 1323 22.9 ... Verfügbarkeit und Ausfallsicherheit ... 1324 22.10 ... Ausblick ... 1326 Index ... 1327
Security Engineering
The classic book on designing secure systems In this newly revised Third Edition of Security Engineering: A Guide to Building Dependable Distributed Systems, celebrated security expert Ross Anderson updates his best-selling textbook to help you meet the challenges of the coming decade. Security Engineering became a classic because it covers not just the technical basics, such as cryptography, access controls and tamper-resistance, but also how they're used in real life. Real-world case studies – of the security of payment systems, military systems, the phone app ecosystems and now self-driving cars – demonstrate how to use security technology in practice, and what can go wrong. Filled with actionable advice and the latest research, this Third Edition brings a classic book up to date with the modern world of smartphones, cloud computing and AI. As everything gets connected to the Internet, security engineering has come to require inter-disciplinary expertise, ranging from physics to psychology and applied economics. Security Engineering is the only textbook on the market to explain all these aspects of protecting real systems, while still remaining easily accessible. Perfect for computer science students and practicing cybersecurity professionals, as well as systems engineers of all sorts, this latest edition of Security Engineering also belongs on the bookshelves of candidates for professional certification such as CISSP. You'll learn what makes a system secure and reliable and what can render it vulnerable, from phones and laptops through cars and payment terminals to cloud services and corporate networks. You'll find: The basics: cryptography, protocols, access controls and usabilityThe attacks: phishing, software exploits and the cybercrime ecosystemThe responses: biometrics, smartcards, enclaves, app stores and the patch cycleThe psychology of security: what makes security hard for users and engineersThe economics of security: how large systems fail, and what to do about itThe big policy questions: from surveillance through censorship to sustainability Security Engineering is the book that created the discipline. It will continue to define the discipline for the 2020s and beyond. Now that there's software in everything, how can you make anything secure? Understand how to engineer dependable systems with this newly updated classic In Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack. This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than on technology. The book repeated its success by showing how security engineers can focus on usability. Now the third edition brings it up to date for 2020. As people now go online from phones more than laptops, most servers are in the cloud, online advertising drives the Internet and social networks have taken over much human interaction, many patterns of crime and abuse are the same, but the methods have evolved. Ross Anderson explores what security engineering means in 2020, including: How the basic elements of cryptography, protocols, and access control translate to the new world of phones, cloud services, social media and the Internet of ThingsWho the attackers are – from nation states and business competitors through criminal gangs to stalkers and playground bulliesWhat they do – from phishing and carding through SIM swapping and software exploits to DDoS and fake newsSecurity psychology, from privacy through ease-of-use to deceptionThe economics of security and dependability – why companies build vulnerable systems and governments look the other wayHow dozens of industries went online – well or badlyHow to manage security and safety engineering in a world of agile development – from reliability engineering to DevSecOps The third edition of Security Engineering ends with a grand challenge: sustainable security. As we build ever more software and connectivity into safety-critical durable goods like cars and medical devices, how do we design systems we can maintain and defend for decades? Or will everything in the world need monthly software upgrades, and become unsafe once they stop? ROSS ANDERSON is Professor of Security Engineering at Cambridge University in England. He is widely recognized as one of the world's foremost authorities on security. In 2015 he won the Lovelace Medal, Britain's top award in computing. He is a Fellow of the Royal Society and the Royal Academy of Engineering. He is one of the pioneers of the economics of information security, peer-to-peer systems, API analysis and hardware security. Over the past 40 years, he has also worked or consulted for most of the tech majors. Preface to the Third Edition xxxvii Preface to the Second Edition xli Preface to the First Edition xliii Formy daughter, and other lawyers… xlvii Foreword xlix Part I Chapter 1 What Is Security Engineering? 3 1.1 Introduction 3 1.2 A framework 4 1.3 Example 1 – a bank 6 1.4 Example 2 – a military base 7 1.5 Example 3 – a hospital 8 1.6 Example 4 – the home 10 1.7 Definitions 11 1.8 Summary 16 Chapter 2 Who Is the Opponent? 17 2.1 Introduction 17 2.2 Spies 19 2.2.1 The Five Eyes 19 2.2.1.1 Prism 19 2.2.1.2 Tempora 20 2.2.1.3 Muscular 21 2.2.1.4 Special collection 22 2.2.1.5 Bullrun and Edgehill 22 2.2.1.6 Xkeyscore 23 2.2.1.7 Longhaul 24 2.2.1.8 Quantum 25 2.2.1.9 CNE 25 2.2.1.10 The analyst’s viewpoint 27 2.2.1.11 Offensive operations 28 2.2.1.12 Attack scaling 29 2.2.2 China 30 2.2.3 Russia 35 2.2.4 The rest 38 2.2.5 Attribution 40 2.3 Crooks 41 2.3.1 Criminal infrastructure 42 2.3.1.1 Botnet herders 42 2.3.1.2 Malware devs 44 2.3.1.3 Spam senders 45 2.3.1.4 Bulk account compromise 45 2.3.1.5 Targeted attackers 46 2.3.1.6 Cashout gangs 46 2.3.1.7 Ransomware 47 2.3.2 Attacks on banking and payment systems 47 2.3.3 Sectoral cybercrime ecosystems 49 2.3.4 Internal attacks 49 2.3.5 CEO crimes 49 2.3.6 Whistleblowers 50 2.4 Geeks 52 2.5 The swamp 53 2.5.1 Hacktivism and hate campaigns 54 2.5.2 Child sex abuse material 55 2.5.3 School and workplace bullying 57 2.5.4 Intimate relationship abuse 57 2.6 Summary 59 Research problems 60 Further reading 61 Chapter 3 Psychology and Usability 63 3.1 Introduction 63 3.2 Insights from psychology research 64 3.2.1 Cognitive psychology 65 3.2.2 Gender, diversity and interpersonal variation 68 3.2.3 Social psychology 70 3.2.3.1 Authority and its abuse 71 3.2.3.2 The bystander effect 72 3.2.4 The social-brain theory of deception 73 3.2.5 Heuristics, biases and behavioural economics 76 3.2.5.1 Prospect theory and risk misperception 77 3.2.5.2 Present bias and hyperbolic discounting 78 3.2.5.3 Defaults and nudges 79 3.2.5.4 The default to intentionality 79 3.2.5.5 The affect heuristic 80 3.2.5.6 Cognitive dissonance 81 3.2.5.7 The risk thermostat 81 3.3 Deception in practice 81 3.3.1 The salesman and the scamster 82 3.3.2 Social engineering 84 3.3.3 Phishing 86 3.3.4 Opsec 88 3.3.5 Deception research 89 3.4 Passwords 90 3.4.1 Password recovery 92 3.4.2 Password choice 94 3.4.3 Difficulties with reliable password entry 94 3.4.4 Difficulties with remembering the password 95 3.4.4.1 Naïve choice 96 3.4.4.2 User abilities and training 96 3.4.4.3 Design errors 98 3.4.4.4 Operational failures 100 3.4.4.5 Social-engineering attacks 101 3.4.4.6 Customer education 102 3.4.4.7 Phishing warnings 103 3.4.5 System issues 104 3.4.6 Can you deny service? 105 3.4.7 Protecting oneself or others? 105 3.4.8 Attacks on password entry 106 3.4.8.1 Interface design 106 3.4.8.2 Trusted path, and bogus terminals 107 3.4.8.3 Technical defeats of password retry counters 107 3.4.9 Attacks on password storage 108 3.4.9.1 One-way encryption 109 3.4.9.2 Password cracking 109 3.4.9.3 Remote password checking 109 3.4.10 Absolute limits 110 3.4.11 Using a password manager 111 3.4.12 Will we ever get rid of passwords? 113 3.5 CAPTCHAs 115 3.6 Summary 116 Research problems 117 Further reading 118 Chapter 4 Protocols 119 4.1 Introduction 119 4.2 Password eavesdropping risks 120 4.3 Who goes there? – simple authentication 122 4.3.1 Challenge and response 124 4.3.2 Two-factor authentication 128 4.3.3 The MIG-in-the-middle attack 129 4.3.4 Reflection attacks 132 4.4 Manipulating the message 133 4.5 Changing the environment 134 4.6 Chosen protocol attacks 135 4.7 Managing encryption keys 136 4.7.1 The resurrecting duckling 137 4.7.2 Remote key management 137 4.7.3 The Needham-Schroeder protocol 138 4.7.4 Kerberos 139 4.7.5 Practical key management 141 4.8 Design assurance 141 4.9 Summary 143 Research problems 143 Further reading 144 Chapter 5 Cryptography 145 5.1 Introduction 145 5.2 Historical background 146 5.2.1 An early stream cipher – the Vigenère 147 5.2.2 The one-time pad 148 5.2.3 An early block cipher – Playfair 150 5.2.4 Hash functions 152 5.2.5 Asymmetric primitives 154 5.3 Security models 155 5.3.1 Random functions – hash functions 157 5.3.1.1 Properties 157 5.3.1.2 The birthday theorem 158 5.3.2 Random generators – stream ciphers 159 5.3.3 Random permutations – block ciphers 161 5.3.4 Public key encryption and trapdoor one-way permutations 163 5.3.5 Digital signatures 164 5.4 Symmetric crypto algorithms 165 5.4.1 SP-networks 165 5.4.1.1 Block size 166 5.4.1.2 Number of rounds 166 5.4.1.3 Choice of S-boxes 167 5.4.1.4 Linear cryptanalysis 167 5.4.1.5 Differential cryptanalysis 168 5.4.2 The Advanced Encryption Standard (AES) 169 5.4.3 Feistel ciphers 171 5.4.3.1 The Luby-Rackoff result 173 5.4.3.2 DES 173 5.5 Modes of operation 175 5.5.1 How not to use a block cipher 176 5.5.2 Cipher block chaining 177 5.5.3 Counter encryption 178 5.5.4 Legacy stream cipher modes 178 5.5.5 Message authentication code 179 5.5.6 Galois counter mode 180 5.5.7 XTS 180 5.6 Hash functions 181 5.6.1 Common hash functions 181 5.6.2 Hash function applications – HMAC, commitments and updating 183 5.7 Asymmetric crypto primitives 185 5.7.1 Cryptography based on factoring 185 5.7.2 Cryptography based on discrete logarithms 188 5.7.2.1 One-way commutative encryption 189 5.7.2.2 Diffie-Hellman key establishment 190 5.7.2.3 ElGamal digital signature and DSA 192 5.7.3 Elliptic curve cryptography 193 5.7.4 Certification authorities 194 5.7.5 TLS 195 5.7.5.1 TLS uses 196 5.7.5.2 TLS security 196 5.7.5.3 TLS 1.3 197 5.7.6 Other public-key protocols 197 5.7.6.1 Code signing 197 5.7.6.2 PGP/GPG 198 5.7.6.3 QUIC 199 5.7.7 Special-purpose primitives 199 5.7.8 How strong are asymmetric cryptographic primitives? 200 5.7.9 What else goes wrong 202 5.8 Summary 203 Research problems 204 Further reading 204 Chapter 6 Access Control 207 6.1 Introduction 207 6.2 Operating system access controls 209 6.2.1 Groups and roles 210 6.2.2 Access control lists 211 6.2.3 Unix operating system security 212 6.2.4 Capabilities 214 6.2.5 DAC and MAC 215 6.2.6 Apple’s macOS 217 6.2.7 iOS 217 6.2.8 Android 218 6.2.9 Windows 219 6.2.10 Middleware 222 6.2.10.1 Database access controls 222 6.2.10.2 Browsers 223 6.2.11 Sandboxing 224 6.2.12 Virtualisation 225 6.3 Hardware protection 227 6.3.1 Intel processors 228 6.3.2 Arm processors 230 6.4 What goes wrong 231 6.4.1 Smashing the stack 232 6.4.2 Other technical attacks 234 6.4.3 User interface failures 236 6.4.4 Remedies 237 6.4.5 Environmental creep 238 6.5 Summary 239 Research problems 240 Further reading 240 Chapter 7 Distributed Systems 243 7.1 Introduction 243 7.2 Concurrency 244 7.2.1 Using old data versus paying to propagate state 245 7.2.2 Locking to prevent inconsistent updates 246 7.2.3 The order of updates 247 7.2.4 Deadlock 248 7.2.5 Non-convergent state 249 7.2.6 Secure time 250 7.3 Fault tolerance and failure recovery 251 7.3.1 Failure models 252 7.3.1.1 Byzantine failure 252 7.3.1.2 Interaction with fault tolerance 253 7.3.2 What is resilience for? 254 7.3.3 At what level is the redundancy? 255 7.3.4 Service-denial attacks 257 7.4 Naming 259 7.4.1 The Needham naming principles 260 7.4.2 What else goes wrong 263 7.4.2.1 Naming and identity 264 7.4.2.2 Cultural assumptions 265 7.4.2.3 Semantic content of names 267 7.4.2.4 Uniqueness of names 268 7.4.2.5 Stability of names and addresses 269 7.4.2.6 Restrictions on the use of names 269 7.4.3 Types of name 270 7.5 Summary 271 Research problems 272 Further reading 273 Chapter 8 Economics 275 8.1 Introduction 275 8.2 Classical economics 276 8.2.1 Monopoly 278 8.3 Information economics 281 8.3.1 Why information markets are different 281 8.3.2 The value of lock-in 282 8.3.3 Asymmetric information 284 8.3.4 Public goods 285 8.4 Game theory 286 8.4.1 The prisoners’ dilemma 287 8.4.2 Repeated and evolutionary games 288 8.5 Auction theory 291 8.6 The economics of security and dependability 293 8.6.1 Why is Windows so insecure? 294 8.6.2 Managing the patching cycle 296 8.6.3 Structural models of attack and defence 298 8.6.4 The economics of lock-in, tying and DRM 300 8.6.5 Antitrust law and competition policy 302 8.6.6 Perversely motivated guards 304 8.6.7 Economics of privacy 305 8.6.8 Organisations and human behaviour 307 8.6.9 Economics of cybercrime 308 8.7 Summary 310 Research problems 311 Further reading 311 Part II Chapter 9 Multilevel Security 315 9.1 Introduction 315 9.2 What is a security policy model? 316 9.3 Multilevel security policy 318 9.3.1 The Anderson report 319 9.3.2 The Bell-LaPadula model 320 9.3.3 The standard criticisms of Bell-LaPadula 321 9.3.4 The evolution of MLS policies 323 9.3.5 The Biba model 325 9.4 Historical examples of MLS systems 326 9.4.1 SCOMP 326 9.4.2 Data diodes 327 9.5 MAC: from MLS to IFC and integrity 329 9.5.1 Windows 329 9.5.2 SELinux 330 9.5.3 Embedded systems 330 9.6 What goes wrong 331 9.6.1 Composability 331 9.6.2 The cascade problem 332 9.6.3 Covert channels 333 9.6.4 The threat from malware 333 9.6.5 Polyinstantiation 334 9.6.6 Practical problems with MLS 335 9.7 Summary 337 Research problems 338 Further reading 339 Chapter 10 Boundaries 341 10.1 Introduction 341 10.2 Compartmentation and the lattice model 344 10.3 Privacy for tigers 346 10.4 Health record privacy 349 10.4.1 The threat model 351 10.4.2 The BMA security policy 353 10.4.3 First practical steps 356 10.4.4 What actually goes wrong 357 10.4.4.1 Emergency care 358 10.4.4.2 Resilience 359 10.4.4.3 Secondary uses 359 10.4.5 Confidentiality – the future 362 10.4.6 Ethics 365 10.4.7 Social care and education 367 10.4.8 The Chinese Wall 369 10.5 Summary 371 Research problems 372 Further reading 373 Chapter 11 Inference Control 375 11.1 Introduction 375 11.2 The early history of inference control 377 11.2.1 The basic theory of inference control 378 11.2.1.1 Query set size control 378 11.2.1.2 Trackers 379 11.2.1.3 Cell suppression 379 11.2.1.4 Other statistical disclosure control mechanisms 380 11.2.1.5 More sophisticated query controls 381 11.2.1.6 Randomization 382 11.2.2 Limits of classical statistical security 383 11.2.3 Active attacks 384 11.2.4 Inference control in rich medical data 385 11.2.5 The third wave: preferences and search 388 11.2.6 The fourth wave: location and social 389 11.3 Differential privacy 392 11.4 Mind the gap? 394 11.4.1 Tactical anonymity and its problems 395 11.4.2 Incentives 398 11.4.3 Alternatives 399 11.4.4 The dark side 400 11.5 Summary 401 Research problems 402 Further reading 402 Chapter 12 Banking and Bookkeeping 405 12.1 Introduction 405 12.2 Bookkeeping systems 406 12.2.1 Double-entry bookkeeping 408 12.2.2 Bookkeeping in banks 408 12.2.3 The Clark-Wilson security policy model 410 12.2.4 Designing internal controls 411 12.2.5 Insider frauds 415 12.2.6 Executive frauds 416 12.2.6.1 The post office case 418 12.2.6.2 Other failures 419 12.2.6.3 Ecological validity 420 12.2.6.4 Control tuning and corporate governance 421 12.2.7 Finding the weak spots 422 12.3 Interbank payment systems 424 12.3.1 A telegraphic history of E-commerce 424 12.3.2 SWIFT 425 12.3.3 What goes wrong 427 12.4 Automatic teller machines 430 12.4.1 ATM basics 430 12.4.2 What goes wrong 433 12.4.3 Incentives and injustices 437 12.5 Credit cards 438 12.5.1 Credit card fraud 439 12.5.2 Online card fraud 440 12.5.3 3DS 443 12.5.4 Fraud engines 444 12.6 EMV payment cards 445 12.6.1 Chip cards 445 12.6.1.1 Static data authentication 446 12.6.1.2 ICVVs, DDA and CDA 450 12.6.1.3 The No-PIN attack 451 12.6.2 The preplay attack 452 12.6.3 Contactless 454 12.7 Online banking 457 12.7.1 Phishing 457 12.7.2 CAP 458 12.7.3 Banking malware 459 12.7.4 Phones as second factors 459 12.7.5 Liability 461 12.7.6 Authorised push payment fraud 462 12.8 Nonbank payments 463 12.8.1 M-Pesa 463 12.8.2 Other phone payment systems 464 12.8.3 Sofort, and open banking 465 12.9 Summary 466 Research problems 466 Further reading 468 Chapter 13 Locks and Alarms 471 13.1 Introduction 471 13.2 Threats and barriers 472 13.2.1 Threat model 473 13.2.2 Deterrence 474 13.2.3 Walls and barriers 476 13.2.4 Mechanical locks 478 13.2.5 Electronic locks 482 13.3 Alarms 484 13.3.1 How not to protect a painting 485 13.3.2 Sensor defeats 486 13.3.3 Feature interactions 488 13.3.4 Attacks on communications 489 13.3.5 Lessons learned 493 13.4 Summary 494 Research problems 495 Further reading 495 Chapter 14 Monitoring and Metering 497 14.1 Introduction 497 14.2 Prepayment tokens 498 14.2.1 Utility metering 499 14.2.2 How the STS system works 501 14.2.3 What goes wrong 502 14.2.4 Smart meters and smart grids 504 14.2.5 Ticketing fraud 508 14.3 Taxi meters, tachographs and truck speed limiters 509 14.3.1 The tachograph 509 14.3.2 What goes wrong 511 14.3.2.1 How most tachograph manipulation is done 511 14.3.2.2 Tampering with the supply 512 14.3.2.3 Tampering with the instrument 512 14.3.2.4 High-tech attacks 513 14.3.3 Digital tachographs 514 14.3.3.1 System-level problems 515 14.3.3.2 Other problems 516 14.3.4 Sensor defeats and third-generation devices 518 14.3.5 The fourth generation – smart tachographs 518 14.4 Curfew tags: GPS as policeman 519 14.5 Postage meters 522 14.6 Summary 526 Research problems 527 Further reading 527 Chapter 15 Nuclear Command and Control 529 15.1 Introduction 529 15.2 The evolution of command and control 532 15.2.1 The Kennedy memorandum 532 15.2.2 Authorization, environment, intent 534 15.3 Unconditionally secure authentication 534 15.4 Shared control schemes 536 15.5 Tamper resistance and PALs 538 15.6 Treaty verification 540 15.7 What goes wrong 541 15.7.1 Nuclear accidents 541 15.7.2 Interaction with cyberwar 542 15.7.3 Technical failures 543 15.8 Secrecy or openness? 544 15.9 Summary 545 Research problems 546 Further reading 546 Chapter 16 Security Printing and Seals 549 16.1 Introduction 549 16.2 History 550 16.3 Security printing 551 16.3.1 Threat model 552 16.3.2 Security printing techniques 553 16.4 Packaging and seals 557 16.4.1 Substrate properties 558 16.4.2 The problems of glue 558 16.4.3 PIN mailers 559 16.5 Systemic vulnerabilities 560 16.5.1 Peculiarities of the threat model 562 16.5.2 Anti-gundecking measures 563 16.5.3 The effect of random failure 564 16.5.4 Materials control 564 16.5.5 Not protecting the right things 565 16.5.6 The cost and nature of inspection 566 16.6 Evaluation methodology 567 16.7 Summary 569 Research problems 569 Further reading 570 Chapter 17 Biometrics 571 17.1 Introduction 571 17.2 Handwritten signatures 572 17.3 Face recognition 575 17.4 Fingerprints 579 17.4.1 Verifying positive or negative identity claims 581 17.4.2 Crime scene forensics 584 17.5 Iris codes 588 17.6 Voice recognition and morphing 590 17.7 Other systems 591 17.8 What goes wrong 593 17.9 Summary 596 Research problems 597 Further reading 597 Chapter 18 Tamper Resistance 599 18.1 Introduction 599 18.2 History 601 18.3 Hardware security modules 601 18.4 Evaluation 607 18.5 Smartcards and other security chips 609 18.5.1 History 609 18.5.2 Architecture 610 18.5.3 Security evolution 611 18.5.4 Random number generators and PUFs 621 18.5.5 Larger chips 624 18.5.6 The state of the art 628 18.6 The residual risk 630 18.6.1 The trusted interface problem 630 18.6.2 Conflicts 631 18.6.3 The lemons market, risk dumping and evaluation games 632 18.6.4 Security-by-obscurity 632 18.6.5 Changing environments 633 18.7 So what should one protect? 634 18.8 Summary 636 Research problems 636 Further reading 636 Chapter 19 Side Channels 639 19.1 Introduction 639 19.2 Emission security 640 19.2.1 History 641 19.2.2 Technical surveillance and countermeasures 642 19.3 Passive attacks 645 19.3.1 Leakage through power and signal cables 645 19.3.2 Leakage through RF signals 645 19.3.3 What goes wrong 649 19.4 Attacks between and within computers 650 19.4.1 Timing analysis 651 19.4.2 Power analysis 652 19.4.3 Glitching and differential fault analysis 655 19.4.4 Rowhammer, CLKscrew and Plundervolt 656 19.4.5 Meltdown, Spectre and other enclave side channels 657 19.5 Environmental side channels 659 19.5.1 Acoustic side channels 659 19.5.2 Optical side channels 661 19.5.3 Other side-channels 661 19.6 Social side channels 663 19.7 Summary 663 Research problems 664 Further reading 664 Chapter 20 Advanced Cryptographic Engineering 667 20.1 Introduction 667 20.2 Full-disk encryption 668 20.3 Signal 670 20.4 Tor 674 20.5 HSMs 677 20.5.1 The xor-to-null-key attack 677 20.5.2 Attacks using backwards compatibility and time-memory tradeoffs 678 20.5.3 Differential protocol attacks 679 20.5.4 The EMV attack 681 20.5.5 Hacking the HSMs in CAs and clouds 681 20.5.6 Managing HSM risks 681 20.6 Enclaves 682 20.7 Blockchains 685 20.7.1 Wallets 688 20.7.2 Miners 689 20.7.3 Smart contracts 689 20.7.4 Off-chain payment mechanisms 691 20.7.5 Exchanges, cryptocrime and regulation 692 20.7.6 Permissioned blockchains 695 20.8 Crypto dreams that failed 695 20.9 Summary 696 Research problems 698 Further reading 698 Chapter 21 Network Attack and Defence 699 21.1 Introduction 699 21.2 Network protocols and service denial 701 21.2.1 BGP security 701 21.2.2 DNS security 703 21.2.3 UDP, TCP, SYN floods and SYN reflection 704 21.2.4 Other amplifiers 705 21.2.5 Other denial-of-service attacks 706 21.2.6 Email – from spies to spammers 706 21.3 The malware menagerie – Trojans, worms and RATs 708 21.3.1 Early history of malware 709 21.3.2 The Internet worm 710 21.3.3 Further malware evolution 711 21.3.4 How malware works 713 21.3.5 Countermeasures 714 21.4 Defense against network attack 715 21.4.1 Filtering: firewalls, censorware and wiretaps 717 21.4.1.1 Packet filtering 718 21.4.1.2 Circuit gateways 718 21.4.1.3 Application proxies 719 21.4.1.4 Ingress versus egress filtering 719 21.4.1.5 Architecture 720 21.4.2 Intrusion detection 722 21.4.2.1 Types of intrusion detection 722 21.4.2.2 General limitations of intrusion detection 724 21.4.2.3 Specific problems detecting network attacks 724 21.5 Cryptography: the ragged boundary 725 21.5.1 SSH 726 21.5.2 Wireless networking at the periphery 727 21.5.2.1 WiFi 727 21.5.2.2 Bluetooth 728 21.5.2.3 HomePlug 729 21.5.2.4 VPNs 729 21.6 CAs and PKI 730 21.7 Topology 733 21.8 Summary 734 Research problems 734 Further reading 735 Chapter 22 Phones 737 22.1 Introduction 737 22.2 Attacks on phone networks 738 22.2.1 Attacks on phone-call metering 739 22.2.2 Attacks on signaling 742 22.2.3 Attacks on switching and configuration 743 22.2.4 Insecure end systems 745 22.2.5 Feature interaction 746 22.2.6 VOIP 747 22.2.7 Frauds by phone companies 748 22.2.8 Security economics of telecomms 749 22.3 Going mobile 750 22.3.1 GSM 751 22.3.2 3G 755 22.3.3 4G 757 22.3.4 5G and beyond 758 22.3.5 General MNO failings 760 22.4 Platform security 761 22.4.1 The Android app ecosystem 763 22.4.1.1 App markets and developers 764 22.4.1.2 Bad Android implementations 764 22.4.1.3 Permissions 766 22.4.1.4 Android malware 767 22.4.1.5 Ads and third-party services 768 22.4.1.6 Pre-installed apps 770 22.4.2 Apple’s app ecosystem 770 22.4.3 Cross-cutting issues 774 22.5 Summary 775 Research problems 776 Further reading 776 Chapter 23 Electronic and Information Warfare 777 23.1 Introduction 777 23.2 Basics 778 23.3 Communications systems 779 23.3.1 Signals intelligence techniques 781 23.3.2 Attacks on communications 784 23.3.3 Protection techniques 785 23.3.3.1 Frequency hopping 786 23.3.3.2 DSSS 787 23.3.3.3 Burst communications 788 23.3.3.4 Combining covertness and jam resistance 789 23.3.4 Interaction between civil and military uses 790 23.4 Surveillance and target acquisition 791 23.4.1 Types of radar 792 23.4.2 Jamming techniques 793 23.4.3 Advanced radars and countermeasures 795 23.4.4 Other sensors and multisensor issues 796 23.5 IFF systems 797 23.6 Improvised explosive devices 800 23.7 Directed energy weapons 802 23.8 Information warfare 803 23.8.1 Attacks on control systems 805 23.8.2 Attacks on other infrastructure 808 23.8.3 Attacks on elections and political stability 809 23.8.4 Doctrine 811 23.9 Summary 812 Research problems 813 Further reading 813 Chapter 24 Copyright and DRM 815 24.1 Introduction 815 24.2 Copyright 817 24.2.1 Software 817 24.2.2 Free software, free culture? 823 24.2.3 Books and music 827 24.2.4 Video and pay-TV 828 24.2.4.1 Typical system architecture 829 24.2.4.2 Video scrambling techniques 830 24.2.4.3 Attacks on hybrid scrambling systems 832 24.2.4.4 DVB 836 24.2.5 DVD 837 24.3 DRM on general-purpose computers 838 24.3.1 Windows media rights management 839 24.3.2 FairPlay, HTML5 and other DRM systems 840 24.3.3 Software obfuscation 841 24.3.4 Gaming, cheating, and DRM 843 24.3.5 Peer-to-peer systems 845 24.3.6 Managing hardware design rights 847 24.4 Information hiding 848 24.4.1 Watermarks and copy generation management 849 24.4.2 General information hiding techniques 849 24.4.3 Attacks on copyright marking schemes 851 24.5 Policy 854 24.5.1 The IP lobby 857 24.5.2 Who benefits? 859 24.6 Accessory control 860 24.7 Summary 862 Research problems 862 Further reading 863 Chapter 25 New Directions? 865 25.1 Introduction 865 25.2 Autonomous and remotely-piloted vehicles 866 25.2.1 Drones 866 25.2.2 Self-driving cars 867 25.2.3 The levels and limits of automation 869 25.2.4 How to hack a self-driving car 872 25.3 AI / ML 874 25.3.1 ML and security 875 25.3.2 Attacks on ML systems 876 25.3.3 ML and society 879 25.4 PETS and operational security 882 25.4.1 Anonymous messaging devices 885 25.4.2 Social support 887 25.4.3 Living off the land 890 25.4.4 Putting it all together 891 25.4.5 The name’s Bond. James Bond 893 25.5 Elections 895 25.5.1 The history of voting machines 896 25.5.2 Hanging chads 896 25.5.3 Optical scan 898 25.5.4 Software independence 899 25.5.5 Why electronic elections are hard 900 25.6 Summary 904 Research problems 904 Further reading 905 Part III Chapter 26 Surveillance or Privacy? 909 26.1 Introduction 909 26.2 Surveillance 912 26.2.1 The history of government wiretapping 912 26.2.2 Call data records (CDRs) 916 26.2.3 Search terms and location data 919 26.2.4 Algorithmic processing 920 26.2.5 ISPs and CSPs 921 26.2.6 The Five Eyes’ system of systems 922 26.2.7 The crypto wars 925 26.2.7.1 The back story to crypto policy 926 26.2.7.2 DES and crypto research 927 26.2.7.3 CryptoWar 1 – the Clipper chip 928 26.2.7.4 CryptoWar 2 – going spotty 931 26.2.8 Export control 934 26.3 Terrorism 936 26.3.1 Causes of political violence 936 26.3.2 The psychology of political violence 937 26.3.3 The role of institutions 938 26.3.4 The democratic response 940 26.4 Censorship 941 26.4.1 Censorship by authoritarian regimes 942 26.4.2 Filtering, hate speech and radicalisation 944 26.5 Forensics and rules of evidence 948 26.5.1 Forensics 948 26.5.2 Admissibility of evidence 950 26.5.3 What goes wrong 951 26.6 Privacy and data protection 953 26.6.1 European data protection 953 26.6.2 Privacy regulation in the USA 956 26.6.3 Fragmentation? 958 26.7 Freedom of information 960 26.8 Summary 961 Research problems 962 Further reading 962 Chapter 27 Secure Systems Development 965 27.1 Introduction 965 27.2 Risk management 966 27.3 Lessons from safety-critical systems 969 27.3.1 Safety engineering methodologies 970 27.3.2 Hazard analysis 971 27.3.3 Fault trees and threat trees 971 27.3.4 Failure modes and effects analysis 972 27.3.5 Threat modelling 973 27.3.6 Quantifying risks 975 27.4 Prioritising protection goals 978 27.5 Methodology 980 27.5.1 Top-down design 981 27.5.2 Iterative design: from spiral to agile 983 27.5.3 The secure development lifecycle 985 27.5.4 Gated development 987 27.5.5 Software as a Service 988 27.5.6 From DevOps to DevSecOps 991 27.5.6.1 The Azure ecosystem 991 27.5.6.2 The Google ecosystem 992 27.5.6.3 Creating a learning system 994 27.5.7 The vulnerability cycle 995 27.5.7.1 The CVE system 997 27.5.7.2 Coordinated disclosure 998 27.5.7.3 Security incident and event management 999 27.5.8 Organizational mismanagement of risk 1000 27.6 Managing the team 1004 27.6.1 Elite engineers 1004 27.6.2 Diversity 1005 27.6.3 Nurturing skills and attitudes 1007 27.6.4 Emergent properties 1008 27.6.5 Evolving your workflow 1008 27.6.6 And finally… 1010 27.7 Summary 1010 Research problems 1011 Further reading 1012 Chapter 28 Assurance and Sustainability 1015 28.1 Introduction 1015 28.2 Evaluation 1018 28.2.1 Alarms and locks 1019 28.2.2 Safety evaluation regimes 1019 28.2.3 Medical device safety 1020 28.2.4 Aviation safety 1023 28.2.5 The Orange book 1025 28.2.6 FIPS 140 and HSMs 1026 28.2.7 The common criteria 1026 28.2.7.1 The gory details 1027 28.2.7.2 What goes wrong with the Common Criteria 1029 28.2.7.3 Collaborative protection profiles 1031 28.2.8 The ‘Principle of Maximum Complacency’ 1032 28.2.9 Next steps 1034 28.3 Metrics and dynamics of dependability 1036 28.3.1 Reliability growth models 1036 28.3.2 Hostile review 1039 28.3.3 Free and open-source software 1040 28.3.4 Process assurance 1042 28.4 The entanglement of safety and security 1044 28.4.1 The electronic safety and security of cars 1046 28.4.2 Modernising safety and security regulation 1049 28.4.3 The Cybersecurity Act 2019 1050 28.5 Sustainability 1051 28.5.1 The Sales of goods directive 1052 28.5.2 New research directions 1053 28.6 Summary 1056 Research problems 1057 Further reading 1058 Chapter 29 Beyond “Computer Says No” 1059 Bibliography 1061 Index 1143
Getting Started with Containers in Google Cloud Platform
Deploy, manage, and secure containers and containerized applications on Google Cloud Platform (GCP). This book covers each container service in GCP from the ground up and teaches you how to deploy and manage your containers on each service.You will start by setting up and configuring GCP tools and the tenant environment. You then will store and manage Docker container images with GCP Container Registry (ACR). Next, you will deploy containerized applications with GCP Cloud Run and create an automated CI/CD deployment pipeline using Cloud Build. The book covers GCP’s flagship service, Google Kubernetes Service (GKE), and deployment of a Kubernetes cluster using clear steps and considering GCP best practices using the GCP management console and gcloud command-line tool. Also covered is monitoring containers and containerized applications on GCP with Cloud Monitoring, and backup and restore containers and containerized applications on GCP.By the end of the book, you will know how to get started with GCP container services and understand the fundamentals of each service and the supporting services needed to run containers in a production environment. This book also assists you in transferring your skills from AWS and Azure to GCP using the knowledge you have acquired on each platform and leveraging it to gain more skills.WHAT YOU WILL LEARN* Get started with Google Cloud Platform (GCP)* Store Docker images on GCP Container Registry * Deploy Google Kubernetes Engine (GKE) cluster* Secure containerized applications on GCP* Use Cloud Build to deploy containers * Use GCP Batch for batch job processing on KubernetesWHO THIS BOOK IS FORGoogle Cloud administrators, developers, and architects who want to get started and learn more about containers and containerized applications on Google Cloud Platform (GPC)SHIMON IFRAH is an IT professional with 15+ years of experience in the design, management, and deployment of information technology systems and networks. In recent years, he has been specializing in cloud computing and containerized applications on Microsoft Azure, Amazon AWS, and Google Cloud Platform (GCP). He holds more than 20 vendor certificates from Microsoft, AWS, VMware, and Cisco. During his career in the IT industry, he has worked for some of the largest managed services and technology companies in the world, helping them administer systems for the largest enterprises. He is based out of Melbourne, Australia. Chapter 1: Get Started with Google Cloud Platform (GCP)Chapter Goal: Setup and configure GCP tools and tenant environmentNo of pages: 40Sub -Topics1. Set up your Google Cloud Platform (GCP) tenant2. Understanding GCP projects3. Understanding cloud shell4. Secure and manage your GCP account (projects and more)5. GCP Services overviewChapter 2: Store and Manage Docker Container Images with GCP Container Registry (ACR)Chapter Goal: Here we learn how to Store Docker Container images on GCP Container registryNo of pages: 40Sub - Topics1. Setup GCP Container Registry2. Push Docker images to Container Registry3. Pull images from GCP Container Registry4. Manage and secure GCP Container RegistryChapter 3: Deploy Containerized Applications with GCP Cloud RunChapter Goal: This chapter explains how to deploy containers and containerized applications on GCP cloud runNo of pages: 40Sub - Topics:1. Set up GCP cloud run 2. Deploy containers with cloud run3. Use cloud build and git to deploy containers4. Scale containerized applications on cloud run5. Monitor and manage containerized applications on cloud runChapter 4: Deploy Containerized Applications with Google Kubernetes Engine (GKE)Chapter Goal: This chapters explains how to deploy containers and containerized applications with GKENo of pages:Sub - Topics:1. Getting started with GKE2. Setup and configure GKE networking and storage3. Deploy Kubernetes dashboard (Web UI) on GKE4. Manage and secure GKE5. Run Batch jobs on Kubernetes with batch (beta)Chapter 5: Deploy Docker Containers on GCP Compute EngineChapter Goal: This chapter explains how to deploy containers and containerized applications on GCP compute engineNo of pages: 40Sub - Topics:1. Install Docker container host on Ubuntu Linux VM2. Install Docker container host on Windows server 2019 VM3. Deploy containers on GCP compute engine using GCP container-optimized OSChapter 6: Secure your GCP Environment and ContainersChapter Goal: This chanpters explains how to secure and protect containers and containerized applications on GCPNo of pages: 40Sub - Topics:1. Introduction to GCP identify infrastructure2. Setup organization policies3. Roles, service accounts and auditing capabilities4. GCP networking and firewalls configurationChapter 7: Scale Containers and Containerized Applications on GCPChapter Goal: This chapter explains how to scale containers and containerized applications on GCPNo of pages: 40Sub - Topics:1. Scale Google Kubernetes Service (GKE)2. Scale cloud run and cloud build containers3. Scale GCP Container Registry4. Scale compute engine hosts and containersChapter 8: Monitor Containers and Containerized Applications on GCP with Stackdriver MonitoringChapter Goal: Learn how to Monitor Containers and Containerized Applications on GCPNo of pages: 40Sub - Topics:1. Monitor Google Kubernetes Service (GKE)2. Monitor cloud run containers3. Monitor compute engine resources4. GCP cost management and toolsChapter 9: Backup and Restore Containers and Containerized Applications on GCPChapter Goal: This chapter explains how to backup and restore containers and containerized applications on GCPNo of pages: 40Sub - Topics:1. Backup persistent storage disks2. Backup compute engine resources3. Manage cloud storage and file storeChapter 10: Troubleshooting Containers and Containerized Applications on GCPChapter Goal: This chapters explains how to troubleshoot containers and containerized applications issues on GCPNo of pages: 40Sub - Topics:1. Troubleshoot Google Kubernetes Service (GKE)2. Troubleshoot cloud run and cloud build deployments3. Troubleshoot GCP Container Registry5. Troubleshoot compute engine resource
Penetration Testing mit mimikatz
- Penetration Tests mit mimikatz von Pass-the-Hash über Kerberoasting bis hin zu Golden Tickets - Funktionsweise und Schwachstellen der Windows Local Security Authority (LSA) und des Kerberos-Protokolls - Alle Angriffe leicht verständlich und Schritt für Schritt erklärt mimikatz ist ein extrem leistungsstarkes Tool für Angriffe auf das Active Directory. Hacker können damit auf Klartextpasswörter, Passwort-Hashes sowie Kerberos Tickets zugreifen, die dadurch erworbenen Rechte in fremden Systemen ausweiten und so die Kontrolle über ganze Firmennetzwerke übernehmen. Aus diesem Grund ist es wichtig, auf Angriffe mit mimikatz vorbereitet zu sein. Damit Sie die Techniken der Angreifer verstehen und erkennen können, zeigt Ihnen IT-Security-Spezialist Sebastian Brabetz in diesem Buch, wie Sie Penetration Tests mit mimikatz in einer sicheren Testumgebung durchführen. Der Autor beschreibt alle Angriffe Schritt für Schritt und erläutert ihre Funktionsweisen leicht verständlich. Dabei setzt er nur grundlegende IT-Security-Kenntnisse voraus. Sie lernen insbesondere folgende Angriffe kennen: Klartextpasswörter aus dem RAM extrahieren Authentifizierung ohne Klartextpasswort mittels Pass-the-Hash Ausnutzen von Kerberos mittels Overpass-the-Hash, Pass-the-Key und Pass-the-Ticket Dumpen von Active Directory Credentials aus Domänencontrollern Erstellen von Silver Tickets und Golden Tickets Cracken der Passwort-Hashes von Service Accounts mittels Kerberoasting Auslesen und Cracken von Domain Cached Credentials Darüber hinaus erfahren Sie, wie Sie die Ausführung von mimikatz sowie die Spuren von mimikatz-Angriffen erkennen. So sind Sie bestens gerüstet, um Ihre Windows-Domäne mit mimikatz auf Schwachstellen zu testen und entsprechenden Angriffen vorzubeugen. Aus dem Inhalt: Sichere Testumgebung einrichten Grundlagen der Windows Local Security Authority (LSA) Funktionsweise des Kerberos-Protokolls Passwörter und Hashes extrahieren: Klartextpasswörter NTLM-Hashes MS-Cache-2-Hashes Schwachstellen des Kerberos-Protokolls ausnutzen: Ticket Granting Tickets und Service Tickets Encryption Keys Credentials des Active Directorys mimikatz-Angriffe erkennen Invoke-Mimikatz und weiterführende Themen Praktisches Glossar
Beginning Java MVC 1.0
Get started with using the new Java MVC 1.0 framework for model, view, and controller development for building modern Java-based web, native, and microservices applications.Beginning Java MVC teaches you the basics, then dives in to models, views, controllers. Next, you learn data binding, events, application types, view engines, and more. You will be given practical examples along the way to reinforce what you have learned. Furthermore, you'll work with annotations, internationalization, security, and deployment.After reading this book, you'll have the know how to build your first full Java-based MVC application.WHAT YOU WILL LEARN* Discover the Java MVC 1.0 APIs and how to use themMaster the Model, View and Controller design pattern * Carry out data binding * Write events* Work with view enginesWHO THIS BOOK IS FORThose new to Java MVC 1.0. Some prior experience with Java programming recommended, especially with JSF or Struts. Peter Späth graduated in 2002 as a physicist and soon afterwards became an IT consultant, mainly for Java-related projects. In 2016 he decided to concentrate on writing books, with his main focus set on software development. With two books about graphics and sound processing and two books for Android and Kotlin programming, his new book addresses beginning Jakarta EE developers willing to develop enterprise-level Java applications with Java EE 8.1. About MVC - Model, View, Controller* History of MVC* MVC in Web Applications* MVC for Java* Finally, Java MVC (JSR-371)* Why MVC* Where is Hello World?2. Prerequisite - Jakarta EE / Java EE* The Nature of Java for Enterprise Applications* Glassfish, a Free Java Server* Using a Preinstalled Java Server* Learning Java for Enterprise Applications* RESTful Services3. Development Workflow* Using Gradle as a Build Framework* Using Eclipse as an IDE* More About Gradle* Developing Using the Console* Installing MVC4. Hello World for Java MVC* Starting The Hello World Project* The Hello World Model* The Hello World View* The Hello World Controller* Using Gradle to Build Hello World* Starting a Jakarta EE Server* Deploying and Testing Hello World5. Start Working With Java MVC* Handling User Input From Forms* Exception Handling in Java MVC* Non-String Post Parameters6. In-Depth Java MVC* The Model* The View: JSPs* The View: Facelets* The Controller7. In-Depth Java MVC - Part II* Injectable Context* Persisating State* Dealing With Page Fragments* Observers* Configuration8. Internationalization* Language Resources* Adding Localized Messages to the Session* Formatting of Data in the View* Using JSF for Formatting* Localized Data Conversion9. Java MVC and EJBs* About Session EJBs* Defining EJBs* Accessing EJBs* EJB Projects* EJBs with Dependencies* Asynchronous EJB Invocation* Timer EJBs10. Connecting Java MVC to a Database* Abstracting Away Database Access With JPA* Setting up a SQL Database* Creating a DataSource* Preparing the Member Registration Application* Adding EclipseLink as ORM* Controllers* Adding Data Access Objects* Updating the View* Adding Entities* Adding Relations11. Logging Java MVC Applications* System Streams* JDK Logging in Glassfish* Using JDK Standard Logging For Other Servers* Adding Log4j Logging to Your Application12. A Java MVC Example Application* The BooKlubb Database* The BooKlubb Eclipse Project* The BooKlubb Infrastructure Classes* Configure BooKlubb Database Access* The BooKlub Internationalization* The BooKlubb Entity Classes* BooKlubb Database Access Via DAOs* The BooKlubb Model* The BooKlubb Controller* The BooKlubb View* Deploying and Testing BooKlubbAppendix* Solutions to The Exercises
Getting Structured Data from the Internet
Utilize web scraping at scale to quickly get unlimited amounts of free data available on the web into a structured format. This book teaches you to use Python scripts to crawl through websites at scale and scrape data from HTML and JavaScript-enabled pages and convert it into structured data formats such as CSV, Excel, JSON, or load it into a SQL database of your choice.This book goes beyond the basics of web scraping and covers advanced topics such as natural language processing (NLP) and text analytics to extract names of people, places, email addresses, contact details, etc., from a page at production scale using distributed big data techniques on an Amazon Web Services (AWS)-based cloud infrastructure. It book covers developing a robust data processing and ingestion pipeline on the Common Crawl corpus, containing petabytes of data publicly available and a web crawl data set available on AWS's registry of open data.GETTING STRUCTURED DATA FROM THE INTERNET also includes a step-by-step tutorial on deploying your own crawlers using a production web scraping framework (such as Scrapy) and dealing with real-world issues (such as breaking Captcha, proxy IP rotation, and more). Code used in the book is provided to help you understand the concepts in practice and write your own web crawler to power your business ideas.WHAT YOU WILL LEARN* Understand web scraping, its applications/uses, and how to avoid web scraping by hitting publicly available rest API endpoints to directly get data* Develop a web scraper and crawler from scratch using lxml and BeautifulSoup library, and learn about scraping from JavaScript-enabled pages using Selenium* Use AWS-based cloud computing with EC2, S3, Athena, SQS, and SNS to analyze, extract, and store useful insights from crawled pages* Use SQL language on PostgreSQL running on Amazon Relational Database Service (RDS) and SQLite using SQLalchemy* Review sci-kit learn, Gensim, and spaCy to perform NLP tasks on scraped web pages such as name entity recognition, topic clustering (Kmeans, Agglomerative Clustering), topic modeling (LDA, NMF, LSI), topic classification (naive Bayes, Gradient Boosting Classifier) and text similarity (cosine distance-based nearest neighbors)* Handle web archival file formats and explore Common Crawl open data on AWS* Illustrate practical applications for web crawl data by building a similar website tool and a technology profiler similar to builtwith.com* Write scripts to create a backlinks database on a web scale similar to Ahrefs.com, Moz.com, Majestic.com, etc., for search engine optimization (SEO), competitor research, and determining website domain authority and ranking* Use web crawl data to build a news sentiment analysis system or alternative financial analysis covering stock market trading signals* Write a production-ready crawler in Python using Scrapy framework and deal with practical workarounds for Captchas, IP rotation, and moreWHO THIS BOOK IS FORPrimary audience: data analysts and scientists with little to no exposure to real-world data processing challenges, secondary: experienced software developers doing web-heavy data processing who need a primer, tertiary: business owners and startup founders who need to know more about implementation to better direct their technical teamJAY M. PATEL is a software developer with over 10 years of experience in data mining, web crawling/scraping, machine learning, and natural language processing (NLP) projects. He is a co-founder and principal data scientist of Specrom Analytics, providing content, email, social marketing, and social listening products and services using web crawling/scraping and advanced text mining.Jay worked at the US Environmental Protection Agency (EPA) for five years where he designed workflows to crawl and extract useful insights from hundreds of thousands of documents that were parts of regulatory filings from companies. He also led one of the first research teams within the agency to use Apache Spark-based workflows for chem and bioinformatics applications such as chemical similarities and quantitative structure activity relationships. He developed recurrent neural networks and more advanced LSTM models in Tensorflow for chemical SMILES generation.Jay graduated with a bachelor's degree in engineering from the Institute of Chemical Technology, University of Mumbai, India and a master of science degree from the University of Georgia, USA. Jay serves as an editor of a publication titled Web Data Extraction and also blogs about personal projects, open source packages, and experiences as a startup founder on his personal site, jaympatel.com.