Security
Cyber Security and Network Security
CYBER SECURITY AND NETWORK SECURITYWRITTEN AND EDITED BY A TEAM OF EXPERTS IN THE FIELD, THIS IS THE MOST COMPREHENSIVE AND UP-TO-DATE STUDY OF THE PRACTICAL APPLICATIONS OF CYBER SECURITY AND NETWORK SECURITY FOR ENGINEERS, SCIENTISTS, STUDENTS, AND OTHER PROFESSIONALS.Digital assaults are quickly becoming one of the most predominant issues on the planet. As digital wrongdoing keeps on expanding, it is increasingly more important to investigate new methodologies and advances that help guarantee the security of online networks. Ongoing advances and innovations have made great advances for taking care of security issues in a methodical manner. In light of this, organized security innovations have been delivered so as to guarantee the security of programming and correspondence functionalities at fundamental, improved, and engineering levels.This outstanding new volume covers all of the latest advances, innovations, and developments in practical applications for cybersecurity and network security. This team of editors represents some of the most well-known and respected experts in the area, creating this comprehensive, up-to-date coverage of the issues of the day and state of the art. Whether for the veteran engineer or scientist or a student, this volume is a must-have for any library.SABYASACHI PRAMANIK is an assistant professor in the Department of Computer Science and Engineering, Haldia Institute of Technology, India. He earned his PhD in computer science and engineering from the Sri Satya Sai University of Technology and Medical Sciences, Bhopal, India. He has more than 50 publications in various scientific and technical conferences, journals, and online book chapter contributions. He is also serving as the editorial board member on many scholarly journals and has authored one book. He is an editor of various books from a number of publishers, including Scrivener Publishing. DEBABRATA SAMANTA, PHD, is an assistant professor in the Department of Computer Science, Christ University, Bangalore, India. He obtained his PhD in from the National Institute of Technology, Durgapur, India, and he is the owner of 20 patents and two copyrights. He has authored or coauthored over 166 research papers in international journals and conferences and has received the “Scholastic Award” at the Second International Conference on Computer Science and IT application in Delhi, India. He is a co-author of 11 books and the co-editor of seven books and has presented various papers at international conferences and received Best Paper awards. He has authored o co-authored 20 Book Chapters. M. VINAY, PHD, obtained his PhD at JJT University Rajasthan for Computer Science and is an assistant professor of computer science at Christ University, Bengaluru, India. With over 14 years of teaching, he has received numerous prestigious teaching awards. He has given more than 30 invited talks, 35 guests lectures and conducted more than 25 workshops, He has also published over a dozen papers in distinguished scholarly journals. ABHIJIT GUHA is pursuing a doctorate with the Department of Data Science, Christ University, India. He is currently working as a research and development scientist with First American India Private Ltd. He received three consecutive “Innovation of the Year” awards, from 2015 to 2017, by First American India for his contribution towards his research. Preface xvAcknowledgments xxiii1 SECURING CLOUD-BASED ENTERPRISE APPLICATIONS AND ITS DATA 1Subhradip Debnath, Aniket Das and Budhaditya Sarkar1.1 Introduction 21.2 Background and Related Works 31.3 System Design and Architecture 51.3.1 Proposed System Design and Architecture 51.3.2 Modules 51.3.2.1 Compute Instances 51.3.2.2 API Gateway 61.3.2.3 Storage Bucket (Amazon S3) 61.3.2.4 Lambda 61.3.2.5 Load Balancer 61.3.2.6 Internet Gateway 61.3.2.7 Security Groups 71.3.2.8 Autoscaling 71.3.2.9 QLDB 71.3.2.10 NoSQL Database 81.3.2.11 Linux Instance and Networking 81.3.2.12 Virtual Network and Subnet Configuration 81.4 Methodology 91.4.1 Firewall 91.4.2 Malware Injection Prevention 91.4.3 Man-in-the-Middle Prevention 91.4.4 Data at Transit and SSL 91.4.5 Data Encryption at Rest 101.4.6 Centralized Ledger Database 101.4.7 NoSQL Database 101.4.8 Linux Instance and Server Side Installations 101.5 Performance Analysis 211.5.1 Load Balancer 211.5.2 Lambda (For Compression of Data) 221.5.3 Availability Zone 231.5.4 Data in Transit (Encryption) 231.5.5 Data in Rest (Encryption) 231.6 Future Research Direction 231.7 Conclusion 24References 252 HIGH-PERFORMANCE COMPUTING-BASED SCALABLE “CLOUD FORENSICSAS- A-SERVICE” READINESS FRAMEWORK FACTORS—A REVIEW 27Srinivasa Rao Gundu, Charanarur Panem and S. Satheesh2.1 Introduction 282.2 Aim of the Study 292.3 Motivation for the Study 292.4 Literature Review 302.5 Research Methodology 322.6 Testing Environment Plan 322.7 Testing 352.7.1 Scenario 1: Simultaneous Imaging and Upload and Encryption 362.7.2 Scenario 2: Real-Time Stream Processing 412.7.3 Scenario 3: Remote Desktop Connection, Performance Test 412.8 Recommendations 422.9 Limitations of Present Study 422.10 Conclusions 432.11 Scope for the Future Work 43Acknowledgements 44References 443 MALWARE IDENTIFICATION, ANALYSIS AND SIMILARITY 47Subhradip Debnath and Soumyanil Biswas3.1 Introduction 483.1.1 Goals of Malware Analysis and Malware Identification 483.1.2 Common Malware Analysis Techniques 493.2 Background and Related Works 493.3 Proposed System Design Architecture 513.3.1 Tool Requirement, System Design, and Architecture 513.3.1.1 For Static Malware Analysis 513.3.1.2 For Dynamic Malware Analysis 563.4 Methodology 623.5 Performance Analysis 673.6 Future Research Direction 673.7 Conclusion 68References 684 ROBUST FRAUD DETECTION MECHANISM 71Balajee Maram, Veerraju Gampala, Satish Muppidi and T. Daniya4.1 Introduction 724.2 Related Work 764.2.1 Blockchain Technology for Online Business 764.2.2 Validation and Authentication 794.2.3 Types of Online Shopping Fraud 814.2.3.1 Software Fraudulent of Online Shopping 814.2.4 Segmentation/Authentication 824.2.4.1 Secure Transaction Though Segmentation Algorithm 834.2.4.2 Critical Path Segmentation Optimization 854.2.5 Role of Blockchain Technology for Supply Chain and Logistics 874.3 Conclusion 91References 925 BLOCKCHAIN-BASED IDENTITY MANAGEMENT SYSTEMS 95Ramani Selvanambi, Bhavya Taneja, Priyal Agrawal, Henil Jayesh Thakor and Marimuthu Karuppiah5.1 Introduction 965.2 Preliminaries 995.2.1 Identity Management Systems 995.2.1.1 Identity Factors 995.2.1.2 Architecture of Identity Management Systems 995.2.1.3 Types of Identity Management Systems 1005.2.1.4 Importance of Identity Management Systems 1015.2.2 Blockchain 1025.2.2.1 Blockchain Architecture 1025.2.2.2 Components of Blockchain Architecture 1025.2.2.3 Merkle Tree 1035.2.2.4 Consensus Algorithm 1035.2.2.5 Types of Blockchain Architecture 1055.2.3 Challenges 1065.3 Blockchain-Based Identity Management System 1095.3.1 Need for Blockchain-Based Identity Management Systems 1095.3.2 Approaches for Blockchain-Based Identity Management Systems 1105.3.3 Blockchain-Based Identity Management System Implementations 1115.3.4 Impact of Using Blockchain-Based Identity Management on Business and Users 1205.3.5 Various Use Cases of Blockchain Identity Management 1215.4 Discussion 1225.4.1 Challenges Related to Identity 1225.4.2 Cost Implications 1235.5 Conclusion 1235.6 Future Scope 124References 1256 INSIGHTS INTO DEEP STEGANOGRAPHY: A STUDY OF STEGANOGRAPHY AUTOMATION AND TRENDS 129R. Gurunath, Debabrata Samanta and Digvijay Pandey6.1 Introduction 1306.2 Convolution Network Learning 1316.2.1 CNN Issues 1326.3 Recurrent Neural Networks 1336.3.1 RNN Forward Propagation 1356.4 Long Short-Term Memory Networks 1366.4.1 LSTM Issues 1376.5 Back Propagation in Neural Networks 1386.6 Literature Survey on Neural Networks in Steganography 1406.6.1 TS-RNN: Text Steganalysis Based on Recurrent Neural Networks 1406.6.2 Generative Text Steganography Based on LSTM Network and Attention Mechanism with Keywords 1416.6.3 Graph-Stega: Semantic Controllable Steganographic Text Generation Guided by Knowledge Graph 1426.6.4 RITS: Real-Time Interactive Text Steganography Based on Automatic Dialogue Model 1436.6.5 Steganalysis and Payload Estimation of Embedding in Pixel Differences Using Neural Networks 1446.6.6 Reversible Data Hiding Using Multilayer Perceptron–Based Pixel Prediction 1446.6.7 Neural Network–Based Steganography Algorithm for Still Images 1456.7 Optimization Algorithms in Neural Networks 1456.7.1 Gradient Descent 1456.7.1.1 GD Issues 1466.7.2 Stochastic Gradient Descent 1476.7.2.1 SGD Issues 1486.7.3 SGD with Momentum 1486.7.4 Mini Batch SGD 1496.7.4.1 Mini Batch SGD Issues 1496.7.5 Adaptive Gradient Algorithm 1496.8 Conclusion 151References 1517 PRIVACY PRESERVING MECHANISM BY APPLICATION OF CONSTRAINED NONLINEAR OPTIMIZATION METHODS IN CYBER-PHYSICAL SYSTEM 157Manas Kumar Yogi and A.S.N. Chakravarthy7.1 Introduction 1577.2 Problem Formulation 1597.3 Proposed Mechanism 1607.4 Experimental Results 1627.5 Future Scope 1667.6 Conclusion 167References 1688 APPLICATION OF INTEGRATED STEGANOGRAPHY AND IMAGE COMPRESSING TECHNIQUES FOR CONFIDENTIAL INFORMATION TRANSMISSION 169Binay Kumar Pandey, Digvijay Pandey, Subodh Wairya, Gaurav Agarwal, Pankaj Dadeech, Sanwta Ram Dogiwal and Sabyasachi Pramanik8.1 Introduction 1708.2 Review of Literature 1728.3 Methodology Used 1808.4 Results and Discussion 1828.5 Conclusions 186References 1879 SECURITY, PRIVACY, RISK, AND SAFETY TOWARD 5G GREEN NETWORK (5G-GN) 193Devasis Pradhan, Prasanna Kumar Sahu, Nitin S. Goje, Mangesh M. Ghonge, Hla Myo Tun, Rajeswari R and Sabyasachi Pramanik9.1 Introduction 1949.2 Overview of 5G 1959.3 Key Enabling Techniques for 5G 1969.4 5G Green Network 2009.5 5G Technologies: Security and Privacy Issues 2029.5.1 5G Security Architecture 2039.5.2 Deployment Security in 5G Green Network 2049.5.3 Protection of Data Integrity 2049.5.4 Artificial Intelligence 2049.6 5G-GN Assets and Threats 2059.7 5G-GN Security Strategies and Deployments 2059.8 Risk Analysis of 5G Applications 2089.9 Countermeasures Against Security and Privacy Risks 2099.9.1 Enhanced Mobile Broadband 2099.9.2 Ultra-Reliable Low Latency Communications 2099.10 Protecting 5G Green Networks Against Attacks 2109.11 Future Challenges 2119.12 Conclusion 212References 21310 A NOVEL COST-EFFECTIVE SECURE GREEN DATA CENTER SOLUTIONS USING VIRTUALIZATION TECHNOLOGY 217Subhodip Mukherjee, Debabrata Sarddar, Rajesh Bose and Sandip Roy10.1 Introduction 21810.2 Literature Survey 22010.2.1 Virtualization 22010.3 Problem Statement 22110.3.1 VMware Workstation 22210.4 Green it Using Virtualization 22210.5 Proposed Work 22310.5.1 Proposed Secure Virtual Framework 22510.6 Conclusion 230Acknowledgments 230References 23011 BIG DATA ARCHITECTURE FOR NETWORK SECURITY 233Dr. Bijender Bansal, V.Nisha Jenipher, Rituraj Jain, Dr. Dilip R., Prof. Makhan Kumbhkar, Sabyasachi Pramanik, Sandip Roy and Ankur Gupta11.1 Introduction to Big Data 23411.1.1 10 V’s of Big-Data 23511.1.2 Architecture of Big Data 23711.1.3 Big Data Access Control 23811.1.4 Classification of Big Data 23911.1.4.1 Structured Data 23911.1.4.2 Unstructured Data 24011.1.4.3 Semi-Structured Data 24011.1.5 Need of Big Data 24111.1.6 Challenges to Big Data Management 24111.1.7 Big Data Hadoop 24211.1.8 Big Data Hadoop Architecture 24211.1.9 Security Factors 24211.1.10 Performance Factors 24311.1.11 Security Threats 24411.1.12 Big Data Security Threats 24611.1.13 Distributed Data 24711.1.14 Non-Relational Databases 24711.1.15 Endpoint Vulnerabilities 24711.1.16 Data Mining Solutions 24811.1.17 Access Controls 24811.1.18 Motivation 24911.1.19 Importance and Relevance of the Study 25011.1.20 Background History 25011.1.21 Research Gaps 25211.2 Technology Used to Big Data 25211.2.1 MATLAB 25211.2.2 Characteristics of MATLAB 25311.2.3 Research Objectives 25311.2.4 Methodology 25411.3 Working Process of Techniques 25411.3.1 File Splitter 25411.3.2 GUI Interface for Client 25411.3.3 GUI Interface for Server 25411.3.4 Encrypted File 25511.4 Proposed Work 25511.4.1 Working 25511.4.2 Process Flow of Proposed Work 25511.4.3 Proposed Model 25511.5 Comparative Analysis 25711.5.1 Time Comparison 25711.5.2 Error Rate Comparison 25811.5.3 Packet Size Comparison 25811.5.4 Packet Affected Due to Attack 25811.6 Conclusion and Future Scope 26211.6.1 Conclusion 26211.6.2 Future Scope 263References 264About the Editors 269Index 271
Hacking For Dummies
LEARN TO THINK LIKE A HACKER TO SECURE YOUR OWN SYSTEMS AND DATAYour smartphone, laptop, and desktop computer are more important to your life and business than ever before. On top of making your life easier and more productive, they hold sensitive information that should remain private. Luckily for all of us, anyone can learn powerful data privacy and security techniques to keep the bad guys on the outside where they belong. Hacking For Dummies takes you on an easy-to-follow cybersecurity voyage that will teach you the essentials of vulnerability and penetration testing so that you can find the holes in your network before the bad guys exploit them. You will learn to secure your Wi-Fi networks, lock down your latest Windows 11 installation, understand the security implications of remote work, and much more. You’ll find out how to:* Stay on top of the latest security weaknesses that could affect your business’s security setup* Use freely available testing tools to “penetration test” your network’s security* Use ongoing security checkups to continually ensure that your data is safe from hackersPerfect for small business owners, IT and security professionals, and employees who work remotely, Hacking For Dummies is a must-have resource for anyone who wants to keep their data safe. KEVIN BEAVER is an information security guru and has worked in the industry for more than three decades as a consultant, writer, and speaker. He earned his master’s degree in Management of Technology at Georgia Tech.Introduction 1PART 1: BUILDING THE FOUNDATION FOR SECURITY TESTING 5Chapter 1: Introduction to Vulnerability and Penetration Testing 7Chapter 2: Cracking the Hacker Mindset 25Chapter 3: Developing Your Security Testing Plan 37Chapter 4: Hacking Methodology 49PART 2: PUTTING SECURITY TESTING IN MOTION 59Chapter 5: Information Gathering 61Chapter 6: Social Engineering 69Chapter 7: Physical Security 87Chapter 8: Passwords 99PART 3: HACKING NETWORK HOSTS 129Chapter 9: Network Infrastructure Systems 131Chapter 10: Wireless Networks 165Chapter 11: Mobile Devices 193PART 4: HACKING OPERATING SYSTEMS 205Chapter 12: Windows 207Chapter 13: Linux and macOS 233PART 5: HACKING APPLICATIONS 257Chapter 14: Communication and Messaging Systems 259Chapter 15: Web Applications and Mobile Apps 283Chapter 16: Databases and Storage Systems 309PART 6: SECURITY TESTING AFTERMATH 321Chapter 17: Reporting Your Results 323Chapter 18: Plugging Your Security Holes 329Chapter 19: Managing Security Processes 337PART 7: THE PART OF TENS 345Chapter 20: Ten Tips for Getting Security Buy-In 347Chapter 21: Ten Reasons Hacking Is the Only Effective Way to Test 353Chapter 22: Ten Deadly Mistakes 357Appendix: Tools and Resources 363Index 379
Cybersecurity For Dummies
EXPLORE THE LATEST DEVELOPMENTS IN CYBERSECURITY WITH THIS ESSENTIAL GUIDEEvery day it seems we read another story about one company or another being targeted by cybercriminals. It makes some of us wonder: am I safe online? The good news is that we can all be cybersecure—and it doesn’t take a degree in computer science to make it happen! Cybersecurity For Dummies is the down-to-earth guide you need to secure your own data (and your company’s, too). You’ll get step-by-step guidance on how to implement reasonable security measures, prevent cyber attacks, deal securely with remote work, and what to do in the event that your information is compromised. The book also offers:* Updated directions on how to prevent ransomware attacks and how to handle the situation if you become a target* Step-by-step instructions on how to create data backups and implement strong encryption* Basic info that every aspiring cybersecurity professional needs to knowCybersecurity For Dummies is the ideal handbook for anyone considering a career transition into cybersecurity, as well as anyone seeking to secure sensitive information. JOSEPH STEINBERG is a master of cybersecurity. He is one of very few people to hold the suite of security certifications including: CISSP®, ISSAP®, ISSMP®, and CSSLP®. Joseph has written several books on cybersecurity, including the previous edition of Cybersecurity For Dummies. He is currently a consultant on information security, and serves as an expert witness in related matters.Introduction 1PART 1: GETTING STARTED WITH CYBERSECURITY 5Chapter 1: What Exactly Is Cybersecurity? 7Chapter 2: Getting to Know Common Cyberattacks 23Chapter 3: The Bad Guys You Must Defend Against 49PART 2: IMPROVING YOUR OWN PERSONAL SECURITY 69Chapter 4: Evaluating Your Current Cybersecurity Posture 71Chapter 5: Enhancing Physical Security 93Chapter 6: Cybersecurity Considerations When Working from Home 105PART 3: PROTECTING YOURSELF FROM YOURSELF 115Chapter 7: Securing Your Accounts 117Chapter 8: Passwords 135Chapter 9: Preventing Social Engineering Attacks 151PART 4: CYBERSECURITY FOR BUSINESSES, ORGANIZATIONS, AND GOVERNMENT 173Chapter 10: Securing Your Small Business 175Chapter 11: Cybersecurity and Big Businesses 201PART 5: HANDLING A SECURITY INCIDENT (THIS IS A WHEN, NOT AN IF) 217Chapter 12: Identifying a Security Breach 219Chapter 13: Recovering from a Security Breach 239PART 6: BACKING UP AND RECOVERY 259Chapter 14: Backing Up 261Chapter 15: Resetting Your Device 289Chapter 16: Restoring from Backups 299PART 7: LOOKING TOWARD THE FUTURE 321Chapter 17: Pursuing a Cybersecurity Career 323Chapter 18: Emerging Technologies Bring New Threats 337PART 8: THE PART OF TENS 351Chapter 19: Ten Ways to Improve Your Cybersecurity without Spending a Fortune 353Chapter 20: Ten (or So) Lessons from Major Cybersecurity Breaches 359Chapter 21: Ten Ways to Safely Use Public Wi-Fi 367Index 371ntroduction 1PART 1: GETTING STARTED WITH CYBERSECURITY 5Chapter 1: What Exactly Is Cybersecurity? 7Chapter 2: Getting to Know Common Cyberattacks 23Chapter 3: The Bad Guys You Must Defend Against 49PART 2: IMPROVING YOUR OWN PERSONAL SECURITY 69Chapter 4: Evaluating Your Current Cybersecurity Posture 71Chapter 5: Enhancing Physical Security 93Chapter 6: Cybersecurity Considerations When Working from Home 105PART 3: PROTECTING YOURSELF FROM YOURSELF 115Chapter 7: Securing Your Accounts 117Chapter 8: Passwords 135Chapter 9: Preventing Social Engineering Attacks 151PART 4: CYBERSECURITY FOR BUSINESSES, ORGANIZATIONS, AND GOVERNMENT 173Chapter 10: Securing Your Small Business 175Chapter 11: Cybersecurity and Big Businesses 201PART 5: HANDLING A SECURITY INCIDENT (THIS IS A WHEN, NOT AN IF) 217Chapter 12: Identifying a Security Breach 219Chapter 13: Recovering from a Security Breach 239PART 6: BACKING UP AND RECOVERY 259Chapter 14: Backing Up 261Chapter 15: Resetting Your Device 289Chapter 16: Restoring from Backups 299PART 7: LOOKING TOWARD THE FUTURE 321Chapter 17: Pursuing a Cybersecurity Career 323Chapter 18: Emerging Technologies Bring New Threats 337PART 8: THE PART OF TENS 351Chapter 19: Ten Ways to Improve Your Cybersecurity without Spending a Fortune 353Chapter 20: Ten (or So) Lessons from Major Cybersecurity Breaches 359Chapter 21: Ten Ways to Safely Use Public Wi-Fi 367Index 371ntroduction 1PART 1: GETTING STARTED WITH CYBERSECURITY 5Chapter 1: What Exactly Is Cybersecurity? 7Chapter 2: Getting to Know Common Cyberattacks 23Chapter 3: The Bad Guys You Must Defend Against 49PART 2: IMPROVING YOUR OWN PERSONAL SECURITY 69Chapter 4: Evaluating Your Current Cybersecurity Posture 71Chapter 5: Enhancing Physical Security 93Chapter 6: Cybersecurity Considerations When Working from Home 105PART 3: PROTECTING YOURSELF FROM YOURSELF 115Chapter 7: Securing Your Accounts 117Chapter 8: Passwords 135Chapter 9: Preventing Social Engineering Attacks 151PART 4: CYBERSECURITY FOR BUSINESSES, ORGANIZATIONS, AND GOVERNMENT 173Chapter 10: Securing Your Small Business 175Chapter 11: Cybersecurity and Big Businesses 201PART 5: HANDLING A SECURITY INCIDENT (THIS IS A WHEN, NOT AN IF) 217Chapter 12: Identifying a Security Breach 219Chapter 13: Recovering from a Security Breach 239PART 6: BACKING UP AND RECOVERY 259Chapter 14: Backing Up 261Chapter 15: Resetting Your Device 289Chapter 16: Restoring from Backups 299PART 7: LOOKING TOWARD THE FUTURE 321Chapter 17: Pursuing a Cybersecurity Career 323Chapter 18: Emerging Technologies Bring New Threats 337PART 8: THE PART OF TENS 351Chapter 19: Ten Ways to Improve Your Cybersecurity without Spending a Fortune 353Chapter 20: Ten (or So) Lessons from Major Cybersecurity Breaches 359Chapter 21: Ten Ways to Safely Use Public Wi-Fi 367Index 371
Kubernetes Native Development
Building applications for Kubernetes is both a challenge and an opportunity—a challenge because the options and complexity to develop for Kubernetes are evolving rapidly, an opportunity because, if done right, your applications will go into production quicker, scale easier, and run smoother.This book outlines the impact of Containers and Kubernetes on modern software development and discusses the application frameworks to pick from, how to design an application, and how to develop for and on Kubernetes. You are guided through the application life cycle: development, build, and deployment into the runtime phase. In each phase, you see how it ties to Kubernetes and how to leverage its manifold capabilities. Applications will be more lightweight, easier to maintain, and simpler to operate by just focusing on the business logic.This book provides a strong technical foundation in modern software development and operations. Practical examples show you how to apply the concepts and teach you the full potential of Kubernetes.WHAT YOU WILL LEARN* Get hands-on experience developing, building, and deploying software to Kubernetes* Develop your software to get the best out of Kubernetes* Focus on business logic while leveraging Kubernetes services* Design application components of different granularity from application server-based services to lightweight services* Automate deployments and Day 2 operationsWho This Book Is ForDevelopers who want to close the gap between development and the production environment in order to gain high delivery performance in terms of throughput and stability. This book also targets application operations and DevOps engineers.BENJAMIN SCHMELING is an IT professional with more than 15 years of experience in developing, building, and deploying Java-based software. Today, he works as a solution architect for Red Hat, with a passion for the design and implementation of cloud-native applications running on Kubernetes-based container platforms.MAXIMILIAN DARGATZ has been working in the IT industry for more than 10 years and consults clients on their journey to modernize applications for containers and Kubernetes. He currently works for IBM as a solution architect, working with large German clients on their cloud adoption and how to apply DevOps concepts.Chapter 1: The Impact of Kubernetes on developmentChapter Goal: Understand the foundations of Kubernetes and how it disrupted development and operationsNo of pages 30Sub -Topics* Introduction to Kubernetes* Services provided by Kubernetes (Infrastructure, Cluster, Application, Developer)* Why change development behaviour?* How Kubernetes and DevOps fit togetherChapter 2: Application Design DecisionsChapter Goal: Discuss various design decisions before you start with developmentNo of pages: 40Sub - Topics* Domain Driven Design* Microservices * Choosing the right programming platform (Quarkus, Javascript, Go … (Python :) * Application Deployment Models (App Server, Modular App Server, e.g. Galleon, Bootable Jar, Serverless, Function as a Service)Chapter 3: Developing on and with KubernetesChapter Goal: Learn different development models and optionsNo of pages : 50Sub - Topics:* Local Development, Build and Testing * Hybrid Models (local coding / remote build / remote test, local coding / local build / remote test)* Coding on KubernetesChapter 4: Writing Kubernetes-native ApplicationsChapter Goal: Explain how to leverage Kubernetes API, Resources, CRDsNo of pages: 20Sub - Topics:1. Using the Kubernetes API to make the application control the infrastructure2. Create Custom Resource Definitions to interact with the application3. Use Custom Resource Definitions to store application dataChapter 5: Kubernetes-native CI/CDNo of pages: 30Chapter Goal: How to Leverage Kubernetes for Build (pipelines)* Staging environments * Container Builds * Kubernetes Build Pipelines * Continuous Deployment * GitOpsChapter 6: Reproducible Deployments and Operations to KubernetesNo of pages: 30Chapter Goal: Show different ways of packaging and deploying applications and separating environment-specific configuration* HELM* What are Operators?* Writing your own Operator* Configuration ManagementChapter 7: Running Distributed ApplicationsNo of pages: 30Chapter Goal: Explain the different runtime aspects and how to use application service to shift technical responsibilities to the platform* Composing applications from services* Databases* Leveraging platform services to purify business logic (Service Mesh, Prometheus, EFK)* Kubernetes-native Middleware Chapter 8: Managing the Application LifecycleNo of pages: 20Chapter Goal: Illustrate how to scale an application, release new features, manage traffic and make services more resilient in a distributed environment.* Scaling your application* Serverless / Function as a Service* Canary Releases, Blue/Green Deployment, Dark Releases, A/B Testing* Improving robustness and resiliency
Microsoft 365 Mobilität und Sicherheit
Original Microsoft Prüfungstraining MS-101: mit dem Original zum Erfolg!Bereiten Sie sich auf die Microsoft-Prüfung MS-101 vor und zeigen Sie, dass Sie die erforderlichen Fähigkeiten und Kenntnisse für die Verwaltung von Mobilität und Sicherheit in Microsoft 365 sowie die damit verbundenen Verwaltungsaufgaben in der Praxis beherrschen. Dieses Prüfungstraining wurde für erfahrene IT-Profis entwickelt und konzentriert sich auf das kritische Denken und den Scharfsinn bei der Entscheidungsfindung, die für den Erfolg auf der Ebene des Microsoft Certified Expert (MCE) erforderlich sind.Das Training ist entsprechend der in der Prüfung bewerteten Fähigkeiten aufgebaut. Es enthält strategische Was-wäre-wenn-Szenarien und behandelt die folgenden Themenbereiche:Moderne Gerätedienste implementierenMicrosoft 365-Sicherheits- und -Bedrohungsmanagement implementierenMicrosoft 365-Governance und -Compliance verwaltenEs wird vorausgesetzt, dass Sie als Microsoft 365 Enterprise Administrator an der Evaluierung, Planung, Migration, Bereitstellung und Verwaltung von Microsoft 365-Diensten beteiligt sind.Diese Prüfung konzentriert sich auf das Wissen, das erforderlich ist für:die Implementierung von Mobile Device Management (MDM)die Verwaltung der Geräte-Compliancedie Planung von Geräten und Appsdie Planung der Windows 10-Bereitstellungdie Implementierung von Cloud App Security (CAS)Threat Management und Windows Defender Advanced Threat Protection (ATP)die Verwaltung von Sicherheitsberichten und -warnungendie Konfiguration von Data Loss Prevention (DLP)die Implementierung von Azure Information Protection (AIP)die Verwaltung von Data Governance, Auditing und eDiscoveryDie Microsoft-Zertifizierung:Das Bestehen dieser Prüfung und der Prüfung MS-100 sowie der Erwerb einer Microsoft 365 Workload-Administrator-Zertifizierung oder der MCSE-Productivity-Zertifizierung erfüllt Ihre Anforderungen für die Zertifizierung zu Microsoft 365 Certified: Enterprise Administrator Expert. Damit weisen Sie nach, dass Sie in der Lage sind, Microsoft 365-Dienste zu bewerten, zu planen, zu migrieren, bereitzustellen und zu verwalten.Inhalt (PDF-Link)Leseprobe, Kapitel 1 (PDF-Link)Die Autoren:Charles Pluta ist technischer Berater sowie Microsoft Certified Trainer (MCT) und hat zahlreiche Zertifizierungsprüfungen und Prüfungshandbücher für verschiedene Technologieanbieter geschrieben. Außerdem arbeitet er mehrmals im Jahr als Sprecher und Trainer bei großen Konferenzen, hat ein Diplom in Computer Networking und mehr als 15 Zertifizierungen.Bob Clements ist auf die Verwaltung von Unternehmensgeräten spezialisiert. Er verfügt über Branchenzertifizierungen im Bereich Client-Verwaltung und Administration für Windows, Mac und Linux sowie über umfangreiche Erfahrungen bei der Entwicklung, Implementierung und Unterstützung von Gerätemanagementlösungen für Unternehmen des privaten und öffentlichen Sektors.Brian Svidergol entwirft und entwickelt Infrastruktur-, Cloud- und Hybrid-Lösungen. Er besitzt zahlreiche Branchenzertifizierungen, darunter den Microsoft Certified Solutions Expert (MCSE) Cloud Platform and Infrastructure. Er ist Autor mehrerer Bücher, die alles von Infrastrukturtechnologien vor Ort bis hin zu hybriden Cloud-Umgebungen abdecken. Er verfügt über umfangreiche praktische Erfahrungen in Design-, Implementierungs- und Migrationsprojekten von Startup- bis hin zu Fortune-500-Unternehmen.
Visualizing Google Cloud
EASY-TO-FOLLOW VISUAL WALKTHROUGH OF EVERY IMPORTANT PART OF THE GOOGLE CLOUD PLATFORMThe Google Cloud Platform incorporates dozens of specialized services that enable organizations to offload technological needs onto the cloud. From routine IT operations like storage to sophisticated new capabilities including artificial intelligence and machine learning, the Google Cloud Platform offers enterprises the opportunity to scale and grow efficiently.In Visualizing Google Cloud: Illustrated References for Cloud Engineers & Architects, Google Cloud expert Priyanka Vergadia delivers a fully illustrated, visual guide to matching the best Google Cloud Platform services to your own unique use cases. After a brief introduction to the major categories of cloud services offered by Google, the author offers approximately 100 solutions divided into eight categories of services included in Google Cloud Platform:* Compute* Storage* Databases* Data Analytics* Data Science, Machine Learning and Artificial Intelligence* Application Development and Modernization with Containers* Networking* SecurityYou’ll find richly illustrated flowcharts and decision diagrams with straightforward explanations in each category, making it easy to adopt and adapt Google’s cloud services to your use cases. With coverage of the major categories of cloud models—including infrastructure-, containers-, platforms-, functions-, and serverless—and discussions of storage types, databases and Machine Learning choices, Visualizing Google Cloud: Illustrated References for Cloud Engineers & Architects is perfect for every Google Cloud enthusiast, of course. It is for anyone who is planning a cloud migration or new cloud deployment. It is for anyone preparing for cloud certification, and for anyone looking to make the most of Google Cloud. It is for cloud solutions architects, IT decision-makers, and cloud data and ML engineers. In short, this book is for YOU.PRIYANKA VERGADIA has been working with cloud technology for a decade. She holds an M.S. in Computer Science from the University of Pennsylvania and a B.S. in Electronics from India. Now a Developer Advocate at Google Cloud, Priyanka works with companies and cloud architects to solve their most pressing business challenges using cloud computing. She is also an artist and has combined her cloud knowledge with visual storytelling to bring you a unique & concise visual tour of Google Cloud.“I BELIEVE THAT A PICTURE IS WORTH MORE THAN 1000 WORDS.” Acknowledgments viAbout the Author viiIntroduction ixCHAPTER 1: INFRASTRUCTURE 2CHAPTER 2: STORAGE 30CHAPTER 3: DATABASES 44CHAPTER 4: DATA ANALYTICS 62CHAPTER 5: APPLICATION DEVELOPMENT AND MODERNIZATION OPENING 98CHAPTER 6: NETWORKING 134CHAPTER 7: DATA SCIENCE, MACHINE LEARNING, AND ARTIFICIAL INTELLIGENCE 168CHAPTER 8: SECURITY 206
The Security Culture Playbook
MITIGATE HUMAN RISK AND BAKE SECURITY INTO YOUR ORGANIZATION’S CULTURE FROM TOP TO BOTTOM WITH INSIGHTS FROM LEADING EXPERTS IN SECURITY AWARENESS, BEHAVIOR, AND CULTURE.The topic of security culture is mysterious and confusing to most leaders. But it doesn’t have to be. In The Security Culture Playbook, Perry Carpenter and Kai Roer, two veteran cybersecurity strategists deliver experience-driven, actionable insights into how to transform your organization’s security culture and reduce human risk at every level. This book exposes the gaps between how organizations have traditionally approached human risk and it provides security and business executives with the necessary information and tools needed to understand, measure, and improve facets of security culture across the organization. The book offers:* An expose of what security culture really is and how it can be measured* A careful exploration of the 7 dimensions that comprise security culture* Practical tools for managing your security culture program, such as the Security Culture Framework and the Security Culture Maturity Model* Insights into building support within the executive team and Board of Directors for your culture management programAlso including several revealing interviews from security culture thought leaders in a variety of industries, The Security Culture Playbook is an essential resource for cybersecurity professionals, risk and compliance managers, executives, board members, and other business leaders seeking to proactively manage and reduce risk. PERRY CARPENTER, C|CISO, MSIA, is an author, podcaster, thought leader, and cybersecurity expert specializing in security awareness and the human factors of security. His research focuses on marketing, communication, behavior science, organizational culture management, sociology, and more. KAI ROER is the author of several books on security and leadership, a keynote speaker, and a thought leader in the security culture field. In addition to his research, he is an entrepreneur and the inventor of technology and frameworks that transformed the information security industry. About the Authors viiiAcknowledgments xiiIntroduction xxvPART I: FOUNDATION 1CHAPTER 1: YOU ARE HERE 3Why All the Buzz? 4What Is Security Culture, Anyway? 8A Problem of Definition 9A Problem of Overconfidence 11Takeaways 12CHAPTER 2: UP-LEVELING THE CONVERSATION: SECURITY CULTURE IS A BOARD-LEVEL CONCERN 13A View from the Top 14Telling the Human Side of the Story 15What’s the Cost of Not Getting This Right? 16Cybercriminals Are Doubling Down on Their Attacks Against Your Employees 19Your People and Security Culture Are at the Center of Everything 20The Implication 22Getting It Right 24Takeaways 25CHAPTER 3: THE FOUNDATIONS OF TRANSFORMATION 27The Core Thesis 29The Knowledge-Intention-Behavior Gap 29Three Realities of Security Awareness 31Program Focus 31Extending the Discussion 33Introducing the Security Culture Maturity Model 33The Security Culture Maturity Model in Brief 35The S-Curves 36The Value of the Security Culture Maturity Model 37You Are Always Either Building Strength or Allowing Atrophy 37Takeaways 38PART II: EXPLORATION 39CHAPTER 4: JUST WHAT IS SECURITY CULTURE, ANYWAY? 41Lessons from Safety Culture 42A Jumble of Terms 44Information Security Culture 45IT Security Culture 45Cybersecurity Culture 46Security Culture in the Modern Day 46Technology Focus 47Compliance Focus 48Human-Reality Focus 49Takeaways 51CHAPTER 5: CRITICAL CONCEPTS FROM THE SOCIAL SCIENCES 53What’s the Real Goal—Awareness, Behavior, or Culture? 54Coming to Terms with Our Irrational Nature 55We Are Lazy 56Why Don’t We Just Give Up? 60Security Culture—A Part of Organizational Culture 61Takeaways 62CHAPTER 6: THE COMPONENTS OF SECURITY CULTURE 63A Problem of Definition 64The Academic Perspective 64The Practitioner Perspective 65Defining Security Culture 66Security Culture as Dimensions 67The Seven Dimensions of Security Culture 69Attitudes 69Behaviors 69Cognition 69Communication 70Compliance 70Norms 70Responsibilities 71The Security Culture Survey 71Example Findings from Measuring the Seven Dimensions 72Normalized Use of Unauthorized Services 73Confidentiality and Insider Threats 74Last Thought 74Takeaways 75CHAPTER 7: INTERVIEWS WITH ORGANIZATIONAL CULTURE EXPERTS AND ACADEMICS 77John R. Childress, PYXIS Culture Technologies Limited 78Why Is Culture Important? 78Why Do You Find Culture Interesting? 79Is There a Specific Definition of Culture That You Find Useful? 79What Actions Can Be Taken to Direct Cultural Change? 80Is There a Success or Horror Story You’d Like to Share Related to Culture Change? 81How Does a Culture Evolve (or How Often?) 82Professor John McAlaney, Bournemouth University, UK 82Why Is Culture Important? 83Why Do You Find Culture Interesting? 83Is There a Specific Definition of Culture That You Find Useful? 83What Actions Can Be Taken to Direct Cultural Change? 84Is There a Success or Horror Story You’d Like to Share Related to Culture Change? 85How Does a Culture Evolve (or How Often?) 85Dejun “Tony” Kong, PhD, Muma College of Business, University of South Florida 86Why Is Culture Important? 86Why Do You Find Culture Interesting? 86Is There a Specific Definition of Culture That You Find Useful? 87How Do You Use Metrics to Improve Culture / Measure the Effectiveness of Cultural Change? 87Michael Leckie, Silverback Partners, LLC 87Why Is Culture Important? 88Why Do You Find Culture Interesting? 89Is There a Specific Definition of Culture That You Find Useful? 90How Do You Use Metrics to Improve Culture / Measure the Effectiveness of Cultural Change? 90What Actions Can Be Taken to Direct Cultural Change? 91Is There a Success or Horror Story You’d Like to Share Related to Culture Change? 93How Does a Culture Evolve (or How Often?) 93PART III: TRANSFORMATION 95CHAPTER 8: INTRODUCING THE SECURITY CULTURE FRAMEWORK 97The Power of Three 99Step 1: Measure 100Know Where You are 101Decide Where You Want to Be 102Find Your Gap 104Step 2: Involve 106Building Support 106Different Audiences 108Step 3: Engage 109Rinse and Repeat 111Benefits of Using the Security Culture Framework 111Takeaways 112CHAPTER 9: THE SECRETS TO MEASURING SECURITY CULTURE 113Connecting Awareness, Behavior, and Culture 115How Can You Measure the Unseen? 116Using Existing Data 116The Right Way to Use Data 119Methods of Measuring Culture 119Observation 120Experimentation 121Interrogation (Surveys and Interviews) 121A/B Testing 122Multiple Metrics, Single Score 124Trends 125A Note Regarding Completion Rates 127Takeaways 128CHAPTER 10: HOW TO INFLUENCE CULTURE 129Resistance to Change 130Be Proactive 131The Complexity of Culture 133Using the Seven Dimensions to Influence Your Security Culture 134Attitudes 134Behaviors 136Cognition 138Communication 140Compliance 141Norms 143Responsibilities 144How Do You Know Which Dimension to Target? 146Takeaways 147CHAPTER 11: CULTURE STICKING POINTS 149Does Culture Change Have to Be Difficult? 150Using Norms Is a Double-Edged Sword 151Failing to Plan Is Planning to Fail 152If You Try to Work Against Human Nature, You Will Fail 153Not Seeing the Culture You Are Embedded In 155Takeaways 156CHAPTER 12: PLANNING AND MATURING YOUR PROGRAM 157Taking Stock of What We’ve Covered 158View Your Culture Through Your Employees’ Eyes 159Culture Carriers 160Building and Modeling Maturity 161Exploring the Data 162Culture Maturity Indicators 162Level 1: Basic Compliance 165Level 2: Security Awareness Foundation 165Level 3: Programmatic Security Awareness & Behavior 166Level 4: Security Behavior Management 167Level 5: Sustainable Security Culture 168There Are Stories in the Data 170A Seat at the Table 174Takeaways 175CHAPTER 13: QUICK TIPS FOR GAINING AND MAINTAINING SUPPORT 177You Are a Guide 178Sell by Using Stories 179Lead with Empathy, Know Your Audience 180Set Expectations 184Takeaways 185CHAPTER 14: INTERVIEWS WITH SECURITY CULTURE THOUGHT LEADERS 187Alexandra Panaretos, Ernst & Young 188Why Is Culture Important? 188Why Do You Find Culture Interesting? 189Is There a Success or Horror Story You’d Like to Share Related to Culture Change? 190Dr. Jessica Barker, Cygenta 193Why Is Security Culture Important? 193Why Do You Find Culture Interesting? 194What Actions Can Be Taken to Direct Cultural Change? 194What Is Your Most Interesting Experience with Culture? 195Kathryn Tyrpak, Jaguar Land Rover 195Why Is Culture Important? 195Why Do You Find Culture Interesting? 196Is There a Specific Definition of Culture That You Find Useful? 196How Do You Use Metrics to Improve Culture / Measure the Effectiveness of Cultural Change? 196What Actions Can Be Taken to Direct Cultural Change? 197Lauren Zink, Boeing 197Why Is Culture Important? 198Why Do You Find Culture Interesting? 198Is There a Specific Definition of Culture That You Find Useful? 199How Do You Use Metrics to Improve Culture / Measure the Effectiveness of Cultural Change? 199Mark Majewski, Rock Central 200Why Is Culture Important? 200Why Do You Find Culture Interesting? 200Is There a Specific Definition of Culture That You Find Useful? 201How Do You Use Metrics to Improve Culture / Measure the Effectiveness of Cultural Change? 201What Actions Can Be Taken to Direct Cultural Change? 201Is There a Success or Horror Story You’d Like to Share Related to Culture Change? 202How Does a Culture Evolve (or How Often?) 202Mo Amin, moamin.com 203Why Is Culture Important? 203Why Do You Find Culture Interesting? 203Is There a Specific Definition of Culture That You Find Useful? 203How Do You Use Metrics to Improve Culture / Measure the Effectiveness of Cultural Change? 203What Actions Can Be Taken to Direct Cultural Change? 204Is There a Success or Horror Story You’d Like to ShareRelated to Culture Change? 204How Does a Culture Evolve (or How Often)? 205CHAPTER 15: PARTING THOUGHTS 207Engage the Community 208Be a Lifelong Learner 209Be a Realistic Optimist 210Conclusion 211Bibliography 213Index 217
Kundenservice mit SAP S/4HANA
Ganzheitliche Serviceprozesse, zufriedene Kund*innen – mit diesem praktischen Handbuch lernen Sie, wie Sie diese Ziele mit SAP S/4HANA Service erreichen. Anhand eines Beispielunternehmens beschreiben die Autoren typische Geschäftsvorfälle im Service, vom Ersatzeilvertrieb über geplante und ungeplante Field-Service-Prozesse bis hin zu In-House-Repair-Abwicklung und Anlagenmanagement. Sie zeigen Ihnen, welche Lösungen der S/4HANA-Standard dafür bietet und welche individuellen Anpassungen darüber hinaus möglich sind. Aus dem Inhalt: Architektur von SAP S/4HANA ServiceOrganisationsstrukturenStamm- und BewegungsdatenZentrale Geschäftsobjekte: Anforderung, Angebot, Auftrag, Rückmeldung, Wartungsplan, Verträge etc.Neue Benutzeroberfläche: Fiori-Apps für ServiceprozesseErsatzteilvertriebField ServiceIn-House RepairIntegration mit Controlling, Sales und HCMSchnittstellen zu SAP Field Service Management und SAP Intelligent Asset Management Einleitung ... 15 1. Einführung in SAP S/4HANA Service ... 21 1.1 ... Die neue Servicelösung: SAP S/4HANA Service ... 21 1.2 ... Technische Architektur ... 28 1.3 ... Benutzeroberfläche: SAP Fiori ... 41 1.4 ... Exkurs: SAP S/4HANA Service im Vergleich zu SAP CRM Service und SAP CS ... 44 2. Grundlagen der Geschäftsvorgangsverarbeitung ... 57 2.1 ... Arbeiten mit Geschäftsvorgängen und Positionen ... 57 2.2 ... Abwicklung von Geschäftsvorgängen und Integration in andere Fachbereiche ... 88 2.3 ... Ausgabeverwaltung mit der SAP-S/4HANA-Ausgabesteuerung ... 98 3. Unternehmensstruktur und Organisationselemente ... 101 3.1 ... Betriebswirtschaftlicher Hintergrund ... 101 3.2 ... Organisationseinheiten im SAP-Standard ... 102 3.3 ... Konfiguration und Integration in die Serviceprozesse ... 110 4. Anlagenmanagement ... 123 4.1 ... Betriebswirtschaftlicher Hintergrund ... 123 4.2 ... Anlagenmanagement im SAP-Standard ... 124 4.3 ... Exkurs: SAP Intelligent Asset Management ... 200 5. Interaction Center und Serviceanforderungsmanagement ... 211 5.1 ... Betriebswirtschaftlicher Hintergrund ... 211 5.2 ... Einstieg in das Interaction Center ... 212 5.3 ... Serviceanforderung ... 230 5.4 ... Praxisbeispiel ... 235 5.5 ... Exkurs: Serviceprozesse in SAP Service Cloud ... 241 6. Angebotsmanagement und Lösungsangebote ... 261 6.1 ... Betriebswirtschaftlicher Hintergrund ... 261 6.2 ... Serviceauftragsangebote im SAP-Standard ... 262 6.3 ... Praxisbeispiel ... 276 7. Ersatzteilvertrieb ... 283 7.1 ... Betriebswirtschaftlicher Hintergrund ... 283 7.2 ... Ersatzteilvertrieb im SAP-Standard ... 284 7.3 ... Prozessfacetten ... 292 7.4 ... Praxisbeispiel ... 307 8. Field Service Management ... 319 8.1 ... Betriebswirtschaftlicher Hintergrund ... 319 8.2 ... Field Service Management im SAP-Standard ... 320 8.3 ... Prozessfacetten ... 327 8.4 ... Praxisbeispiel ... 355 8.5 ... Exkurs: Integration mit SAP Field Service Management ... 363 9. Werkstattreparatur (In-House Repair) ... 389 9.1 ... Betriebswirtschaftlicher Hintergrund ... 389 9.2 ... Werkstattreparaturprozess im SAP-Standard ... 390 9.3 ... Praxisbeispiel ... 414 10. Serviceverträge ... 437 10.1 ... Betriebswirtschaftlicher Hintergrund ... 437 10.2 ... Serviceverträge im SAP-Standard ... 438 10.3 ... Praxisbeispiel ... 479 11. Wiederkehrende Services ... 489 11.1 ... Betriebswirtschaftlicher Hintergrund ... 489 11.2 ... Wiederkehrende Services im SAP-Standard ... 490 11.3 ... Praxisbeispiel ... 522 12. Analyse und Monitoring von Serviceprozessen ... 533 12.1 ... Betriebswirtschaftlicher Hintergrund ... 533 12.2 ... Aktive Analyse mit SAP-Fiori-Apps ... 534 12.3 ... Monitoring von Servicesituationen ... 541 Das Autorenteam ... 547 Index ... 549
Disposition mit SAP
Lernen Sie das Customizing zentraler Dispositionselemente in SAP S/4HANA und SAP ERP kennen! Dieses Buch erklärt Ihnen, welche Stammdaten Sie benötigen und wie Sie Planungsstrategien und Prognosen erstellen. Nach der Lektüre wissen Sie, welche Abhängigkeiten Sie beachten sollten und welche Einstellungen für Materialien und Artikel in der Praxis sinnvoll sind. Diese 3. Auflage wurde umfassend aktualisiert und um Informationen zur erweiterten Disposition mit SAP APO und SAP Integrated Business Planning for Supply Chain ergänzt. Aus dem Inhalt: Planungsstrategien und BedarfsverrechnungBedarfsermittlung durch Vorplanung und PrognosenDispositionsverfahren in SAP S/4HANA, ERP, APO und IBPBeschaffungsmenge und SicherheitsbestandBezugsquellenermittlungTerminierungsparameterAdvanced Available-to-Promise (aATP)Dynamic ATP Check (DAC)Capable-to-Confirm (CTC)Disposition mit Kanban-SteuerungErsatzteilplanung (SPP)BestandscontrollingIntegration und Optimierung Einleitung ... 21 TEIL I Grundlagen und Prozesse der Disposition ... 29 1. Grundlagen der Disposition ... 31 1.1 ... Ziele und Aufgaben der Disposition ... 31 1.2 ... Kernfunktionen der Disposition ... 32 1.3 ... Bedarfsrechnung ... 33 1.4 ... Bestandsrechnung ... 38 1.5 ... Bestellrechnung ... 39 1.6 ... Auswahl der Dispositionsvorgehensweise ... 47 1.7 ... Fazit ... 56 2. Strategische versus operative Disposition ... 59 2.1 ... Aufgaben der Disposition ... 59 2.2 ... Organisatorische Eingliederung der Disposition ... 61 2.3 ... Fazit ... 65 3. Klassifizierungen von Materialien als Basis für Dispositionsentscheidungen ... 67 3.1 ... Möglichkeiten der Klassifizierung von Materialien ... 68 3.2 ... ABC-Analyse mit SAP ... 76 3.3 ... XYZ-Analyse mit SAP ... 95 3.4 ... Erweiterte Klassifizierungen erstellen ... 98 3.5 ... Fazit ... 113 4. Ablauf der Disposition in SAP ... 115 4.1 ... Betriebswirtschaftlicher Überblick ... 115 4.2 ... Übersicht über den Dispositionsprozess im SAP-System ... 121 4.3 ... Dispositionsprozess in SAP ECC und SAP S/4HANA ... 123 4.4 ... Dispositionsprozess in SAP APO ... 138 4.5 ... Dispositionsprozess in SAP IBP ... 148 4.6 ... Fazit ... 154 TEIL II Dispositionsparameter im SAP-System und ihre Auswirkungen ... 157 5. Allgemeine Dispositionsstammdaten ... 159 5.1 ... Unterschiede zwischen den SAP-ERP-Systemen und den SAP-Planungssystemen ... 159 5.2 ... Massenpflege von Dispositionsstammdaten ... 164 5.3 ... Sondermaterialien ... 168 5.4 ... Stammdatenqualität überprüfen ... 168 5.5 ... Fazit ... 170 6. Planungsstrategien und Bedarfsverrechnung ... 171 6.1 ... Systemeinstellungen in SAP ECC und SAP S/4HANA ... 172 6.2 ... Planungsstrategien in SAP ECC und SAP S/4HANA ... 180 6.3 ... Planungsstrategien in SAP APO ... 207 6.4 ... Vorplanungsverrechnung in SAP IBP ... 210 6.5 ... Fazit ... 214 7. Bedarfsermittlung durch Vorplanung und Prognosen ... 217 7.1 ... Planungsinstrumente der SAP-Systeme ... 217 7.2 ... Prognose in den SAP-Systemen ... 232 7.3 ... Prognosegenauigkeit ... 258 7.4 ... Prognoseebene festlegen ... 267 7.5 ... Prognoseergebnisse und Programmplanung ... 271 7.6 ... Fazit ... 277 8. Dispositionsverfahren ... 279 8.1 ... Dispositionsverfahren in SAP ECC und SAP S/4HANA ... 279 8.2 ... Dispositionsverfahren in SAP APO und im Add-on for Embedded PP/DS ... 301 8.3 ... Dispositionsverfahren in SAP IBP ... 327 8.4 ... Fazit ... 331 9. Beschaffungsmengenermittlung ... 333 9.1 ... Betriebswirtschaftlicher Hintergrund ... 333 9.2 ... Beschaffungsmengenermittlung in SAP ECC und SAP S/4HANA ... 338 9.3 ... Beschaffungsmengenermittlung in SAP APO und ePP/DS ... 352 9.4 ... Beschaffungsmengenermittlung in SAP IBP ... 363 9.5 ... Fazit ... 365 10. Sicherheitsbestandsplanung ... 367 10.1 ... Aufgabe des Sicherheitsbestands ... 367 10.2 ... Unsicherheiten in der Disposition ... 368 10.3 ... Auswahl und Festlegung des Servicegrads ... 369 10.4 ... Sicherheitsbestände bei mehrstufigen Abhängigkeiten ... 372 10.5 ... Einstufige Sicherheitsbestandsplanung in SAP ECC und SAP S/4HANA ... 374 10.6 ... Einstufige Sicherheitsbestandsplanung in SAP APO ... 406 10.7 ... Mehrstufige Sicherheitsbestandsplanung mit SAP IBP ... 425 10.8 ... Fazit ... 428 11. Ermittlung der Bezugsquellen ... 429 11.1 ... Bezugsquellenfindung in SAP ECC und SAP S/4HANA ... 429 11.2 ... Bezugsquellenfindung in SAP APO und ePP/DS ... 451 11.3 ... Bezugsquellenfindung in SAP IBP ... 472 11.4 ... Fazit ... 474 12. Terminierungsparameter ... 475 12.1 ... Terminierung in SAP ECC und SAP S/4HANA ... 476 12.2 ... Ableitung abhängiger Bedarfe ... 493 12.3 ... Terminierung in SAP APO bzw. ePP/DS ... 501 12.4 ... Terminierung in SAP IBP ... 519 12.5 ... Fazit ... 521 13. Wechselwirkungen ... 523 13.1 ... Parameterabhängigkeiten ... 523 13.2 ... Beziehungsmodell der Parameteroptimierung ... 527 13.3 ... Fazit ... 531 TEIL III Dispositionsoptimierung ... 533 14. Bearbeitung der Dispositionsergebnisse ... 535 14.1 ... Aufgaben der Disponenten und Unterstützung durch die SAP-Systeme ... 535 14.2 ... Dispositionstransaktionen in SAP ECC und SAP S/4HANA ... 538 14.3 ... Apps für die Disposition in SAP S/4HANA ... 548 14.4 ... Operative Disposition mit der erweiterten MRP-Nachbearbeitung ... 552 14.5 ... Alert-Bearbeitung in SAP APO und im Add-on for Embedded PP/DS ... 563 14.6 ... Benutzeroberflächen für die Disposition in SAP IBP ... 579 14.7 ... Fazit ... 586 15. Verfügbarkeitsprüfung ... 587 15.1 ... Verfügbarkeitsprüfung in SAP ECC und SAP S/4HANA ... 587 15.2 ... Verfügbarkeitsprüfung in SAP APO ... 598 15.3 ... Verfügbarkeitsprüfung in SAP IBP ... 603 15.4 ... Fazit ... 608 16. Kollaborative Dispositionsverfahren ... 611 16.1 ... Vendor-Managed Inventory (VMI) ... 612 16.2 ... Supplier-Managed Inventory (SMI) ... 623 16.3 ... Kollaboration mit SAP IBP ... 628 16.4 ... Fazit ... 632 17. Disposition mit Kanban-Steuerung ... 635 17.1 ... Elemente der Kanban-Steuerung ... 635 17.2 ... Pull-Prinzip ... 637 17.3 ... Kanban-Verfahren ... 640 17.4 ... Kanban-Ablauf ... 643 17.5 ... Automatische Kanban-Berechnung ... 646 17.6 ... Auswahlverfahren der Kanban-geeigneten Materialien ... 651 17.7 ... Vergleich der Kanban-Steuerung mit der klassischen Produktionsplanung ... 655 17.8 ... Fazit ... 656 18. Ersatzteilplanung mit SAP ... 657 18.1 ... Überblick ... 657 18.2 ... Stammdaten und Netzwerkkonzept ... 661 18.3 ... Datenbeschaffung -- Absatzhistorie ... 664 18.4 ... Bestandsaufbau- und Bestandsabbauentscheidungen ... 666 18.5 ... Prognose ... 666 18.6 ... Losgrößen- und Sicherheitsbestandsberechnung ... 668 18.7 ... Distributionsbedarfsplanung ... 670 18.8 ... Deployment ... 672 18.9 ... Produktersetzung ... 673 18.10 ... Weitere Bereiche der Ersatzteilplanung ... 677 18.11 ... Die erweiterte Ersatzteilplanung (eSPP) ... 680 18.12 ... Fazit ... 684 19. Bestandscontrolling ... 685 19.1 ... Warum Bestandscontrolling? ... 685 19.2 ... Einführung in das Logistikcontrolling ... 686 19.3 ... Probleme bei der Datenbeschaffung ... 695 19.4 ... Unterscheidung von »gutem« und »schlechtem« Materialbestand ... 696 19.5 ... Wichtige Bestandskennzahlen ... 699 19.6 ... Hilfsmittel zur Bestandsanalyse ... 720 19.7 ... Bestandscontrolling in SAP ECC und SAP S/4HANA ... 724 19.8 ... Bestandscontrolling mit SAP APO und SAP BW ... 727 19.9 ... Bestandscontrolling mit SAP IBP ... 738 19.10 ... Fazit ... 738 20. Dispositionsoptimierung ... 741 20.1 ... Klassische Probleme und Optimierungspotenziale ... 742 20.2 ... Beispielhafter Ablauf eines Optimierungsprojekts ... 747 20.3 ... Optimierungsmöglichkeiten bei der Materialklassifizierung ... 752 20.4 ... Optimierungswerkzeuge von SAP ... 773 20.5 ... Fazit ... 777 Die Autoren ... 779 Index ... 781
The Official (ISC)2 SSCP CBK Reference
THE ONLY OFFICIAL BODY OF KNOWLEDGE FOR SSCP—(ISC)2’S POPULAR CREDENTIAL FOR HANDS-ON SECURITY PROFESSIONALS—FULLY REVISED AND UPDATED 2021 SSCP EXAM OUTLINE.Systems Security Certified Practitioner (SSCP) is an elite, hands-on cybersecurity certification that validates the technical skills to implement, monitor, and administer IT infrastructure using information security policies and procedures. SSCP certification—fully compliant with U.S. Department of Defense Directive 8140 and 8570 requirements—is valued throughout the IT security industry. The Official (ISC)2 SSCP CBK Reference is the only official Common Body of Knowledge (CBK) available for SSCP-level practitioners, exclusively from (ISC)2, the global leader in cybersecurity certification and training. This authoritative volume contains essential knowledge practitioners require on a regular basis. Accurate, up-to-date chapters provide in-depth coverage of the seven SSCP domains: Security Operations and Administration; Access Controls; Risk Identification, Monitoring and Analysis; Incident Response and Recovery; Cryptography; Network and Communications Security; and Systems and Application Security. Designed to serve as a reference for information security professionals throughout their careers, this indispensable (ISC)2 guide:* Provides comprehensive coverage of the latest domains and objectives of the SSCP* Helps better secure critical assets in their organizations* Serves as a complement to the SSCP Study Guide for certification candidatesThe Official (ISC)2 SSCP CBK Reference is an essential resource for SSCP-level professionals, SSCP candidates and other practitioners involved in cybersecurity. Foreword xxiiiIntroduction xxvCHAPTER 1: SECURITY OPERATIONS AND ADMINISTRATION 1Comply with Codes of Ethics 2Understand, Adhere to, and Promote Professional Ethics 3(ISC)2 Code of Ethics 4Organizational Code of Ethics 5Understand Security Concepts 6Conceptual Models for Information Security 7Confidentiality 8Integrity 15Availability 17Accountability 18Privacy 18Nonrepudiation 26Authentication 27Safety 28Fundamental Security Control Principles 29Access Control and Need-to-Know 34Job Rotation and Privilege Creep 35Document, Implement, and Maintain Functional Security Controls 37Deterrent Controls 37Preventative Controls 39Detective Controls 39Corrective Controls 40Compensating Controls 41The Lifecycle of a Control 42Participate in Asset Management 43Asset Inventory 44Lifecycle (Hardware, Software, and Data) 47Hardware Inventory 48Software Inventory and Licensing 49Data Storage 50Implement Security Controls and Assess Compliance 56Technical Controls 57Physical Controls 58Administrative Controls 61Periodic Audit and Review 64Participate in Change Management 66Execute Change Management Process 68Identify Security Impact 70Testing/Implementing Patches, Fixes, and Updates 70Participate in Security Awareness and Training 71Security Awareness Overview 72Competency as the Criterion 73Build a Security Culture, One Awareness Step at a Time 73Participate in Physical Security Operations 74Physical Access Control 74The Data Center 78Service Level Agreements 79Summary 82CHAPTER 2: ACCESS CONTROLS 83Access Control Concepts 85Subjects and Objects 86Privileges: What Subjects Can Do with Objects 88Data Classification, Categorization, and Access Control 89Access Control via Formal Security Models 91Implement and Maintain Authentication Methods 94Single-Factor/Multifactor Authentication 95Accountability 114Single Sign-On 116Device Authentication 117Federated Access 118Support Internetwork Trust Architectures 120Trust Relationships (One-Way, Two-Way, Transitive) 121Extranet 122Third-Party Connections 123Zero Trust Architectures 124Participate in the Identity Management Lifecycle 125Authorization 126Proofing 127Provisioning/Deprovisioning 128Identity and Access Maintenance 130Entitlement 134Identity and Access Management Systems 137Implement Access Controls 140Mandatory vs. Discretionary Access Control 141Role-Based 142Attribute-Based 143Subject-Based 144Object-Based 144Summary 145CHAPTER 3: RISK IDENTIFICATION, MONITORING, AND ANALYSIS 147Defeating the Kill Chain One Skirmish at a Time 148Kill Chains: Reviewing the Basics 151Events vs. Incidents 155Understand the Risk Management Process 156Risk Visibility and Reporting 159Risk Management Concepts 165Risk Management Frameworks 185Risk Treatment 195Perform Security Assessment Activities 203Security Assessment Workflow Management 204Participate in Security Testing 206Interpretation and Reporting of Scanning and Testing Results 215Remediation Validation 216Audit Finding Remediation 217Manage the Architectures: Asset Management and Configuration Control 218Operate and Maintain Monitoring Systems 220Events of Interest 222Logging 229Source Systems 230Legal and Regulatory Concerns 236Analyze Monitoring Results 238Security Baselines and Anomalies 240Visualizations, Metrics, and Trends 243Event Data Analysis 244Document and Communicate Findings 245Summary 246CHAPTER 4: INCIDENT RESPONSE AND RECOVERY 247Support the Incident Lifecycle 249Think like a Responder 253Physical, Logical, and Administrative Surfaces 254Incident Response: Measures of Merit 254The Lifecycle of a Security Incident 255Preparation 257Detection, Analysis, and Escalation 264Containment 275Eradication 277Recovery 279Lessons Learned; Implementation of New Countermeasures 283Third-Party Considerations 284Understand and Support Forensic Investigations 287Legal and Ethical Principles 289Logistics Support to Investigations 291Evidence Handling 292Evidence Collection 297Understand and Support Business Continuity Plan and Disaster Recovery Plan Activities 306Emergency Response Plans and Procedures 307Interim or Alternate Processing Strategies 310Restoration Planning 313Backup and Redundancy Implementation 315Data Recovery and Restoration 319Training and Awareness 321Testing and Drills 322CIANA+PS at Layer 8 and Above 328It IS a Dangerous World Out There 329People Power and Business Continuity 333Summary 333CHAPTER 5: CRYPTOGRAPHY 335Understand Fundamental Concepts of Cryptography 336Building Blocks of Digital Cryptographic Systems 339Hashing 347Salting 351Symmetric Block and Stream Ciphers 353Stream Ciphers 365Eu Ecrypt 371Asymmetric Encryption 371Elliptical Curve Cryptography 380Nonrepudiation 383Digital Certificates 388Encryption Algorithms 392Key Strength 393Cryptographic Attacks, Cryptanalysis, and Countermeasures 395Cryptologic Hygiene as Countermeasures 396Common Attack Patterns and Methods 401Secure Cryptoprocessors, Hardware Security Modules, and Trusted Platform Modules 409Understand the Reasons and Requirements for Cryptography 414Confidentiality 414Integrity and Authenticity 415Data Sensitivity 417Availability 418Nonrepudiation 418Authentication 420Privacy 421Safety 422Regulatory and Compliance 423Transparency and Auditability 423Competitive Edge 424Understand and Support Secure Protocols 424Services and Protocols 425Common Use Cases 437Deploying Cryptography: Some Challenging Scenarios 442Limitations and Vulnerabilities 444Understand Public Key Infrastructure Systems 446Fundamental Key Management Concepts 447Hierarchies of Trust 459Web of Trust 462Summary 464CHAPTER 6: NETWORK AND COMMUNICATIONS SECURITY 467Understand and Apply Fundamental Concepts of Networking 468Complementary, Not Competing, Frameworks 470OSI and TCP/IP Models 471OSI Reference Model 486TCP/IP Reference Model 501Converged Protocols 508Software-Defined Networks 509IPv4 Addresses, DHCP, and Subnets 510IPv4 Address Classes 510Subnetting in IPv4 512Running Out of Addresses? 513IPv4 vs. IPv6: Key Differences and Options 514Network Topographies 516Network Relationships 521Transmission Media Types 525Commonly Used Ports and Protocols 530Understand Network Attacks and Countermeasures 536CIANA+PS Layer by Layer 538Common Network Attack Types 553SCADA, IoT, and the Implications of Multilayer Protocols 562Manage Network Access Controls 565Network Access Control and Monitoring 568Network Access Control Standards and Protocols 573Remote Access Operation and Configuration 575Manage Network Security 583Logical and Physical Placement of Network Devices 586Segmentation 587Secure Device Management 591Operate and Configure Network-Based Security Devices 593Network Address Translation 594Additional Security Device Considerations 596Firewalls and Proxies 598Network Intrusion Detection/Prevention Systems 605Security Information and Event Management Systems 607Routers and Switches 609Network Security from Other Hardware Devices 610Traffic-Shaping Devices 613Operate and Configure Wireless Technologies 615Wireless: Common Characteristics 616Wi-Fi 624Bluetooth 637Near-Field Communications 638Cellular/Mobile Phone Networks 639Ad Hoc Wireless Networks 640Transmission Security 642Wireless Security Devices 645Summary 646CHAPTER 7: SYSTEMS AND APPLICATION SECURITY 649Systems and Software Insecurity 650Software Vulnerabilities Across the Lifecycle 654Risks of Poorly Merged Systems 663Hard to Design It Right, Easy to Fix It? 664Hardware and Software Supply Chain Security 667Positive and Negative Models for Software Security 668Is Blocked Listing Dead? Or Dying? 669Information Security = Information Quality + Information Integrity 670Data Modeling 671Preserving Data Across the Lifecycle 674Identify and Analyze Malicious Code and Activity 678Malware 679Malicious Code Countermeasures 682Malicious Activity 684Malicious Activity Countermeasures 688Implement and Operate Endpoint Device Security 689HIDS 691Host-Based Firewalls 692Allowed Lists: Positive Control for App Execution 693Endpoint Encryption 694Trusted Platform Module 695Mobile Device Management 696Secure Browsing 697IoT Endpoint Security 700Endpoint Security: EDR, MDR, XDR, UEM, and Others 701Operate and Configure Cloud Security 701Deployment Models 702Service Models 703Virtualization 706Legal and Regulatory Concerns 709Data Storage and Transmission 716Third-Party/Outsourcing Requirements 716Lifecycles in the Cloud 717Shared Responsibility Model 718Layered Redundancy as a Survival Strategy 719Operate and Secure Virtual Environments 720Software-Defined Networking 723Hypervisor 725Virtual Appliances 726Continuity and Resilience 727Attacks and Countermeasures 727Shared Storage 729Summary 730APPENDIX: CROSS-DOMAIN CHALLENGES 731Paradigm Shifts in Information Security? 732Pivot 1: Turn the Attackers’ Playbooks Against Them 734ATT&CK: Pivoting Threat Intelligence 734Analysis: Real-Time and Retrospective 735The SOC as a Fusion Center 737All-Source, Proactive Intelligence: Part of the Fusion Center 738Pivot 2: Cybersecurity Hygiene: Think Small, Act Small 739CIS IG 1 for the SMB and SME 740Hardening Individual Cybersecurity 740Assume the Breach 742Pivot 3: Flip the “Data-Driven Value Function” 743Data-Centric Defense and Resiliency 744Ransomware as a Service 745Supply Chains, Security, and the SSCP 746ICS, IoT, and SCADA: More Than SUNBURST 747Extending Physical Security: More Than Just Badges and Locks 749The IoRT: Robots Learning via the Net 750Pivot 4: Operationalize Security Across the Immediate and Longer Term 751Continuous Assessment and Continuous Compliance 752SDNs and SDS 753SOAR: Strategies for Focused Security Effort 755A “DevSecOps” Culture: SOAR for Software Development 756Pivot 5: Zero-Trust Architectures and Operations 757FIDO and Passwordless Authentication 760Threat Hunting, Indicators, and Signature Dependence 761Other Dangers on the Web and Net 763Surface, Deep, and Dark Webs 763Deep and Dark: Risks and Countermeasures 764DNS and Namespace Exploit Risks 765Cloud Security: Edgier and Foggier 766Curiosity as Countermeasure 766Index 769
Windows Server 2022 & Powershell All-in-One For Dummies
ALL THE ESSENTIALS FOR ADMINISTERING WINDOWS SERVER 2022 IN ONE BOOKLooking for a little help installing, configuring, securing, or running a network running Windows Server 2022? Windows Server 2022 & PowerShell All-in-One For Dummies delivers a thorough guide to network administration in a single, convenient book. Whether you need to start from scratch and install a new server or want to jump right into a more advanced topiclike managing security or working in Windows PowerShellyou'll find what you need right here. In this 8-books-in-1 compilation, you'll:* Learn what you need to install and set up a brand-new Windows server installation* Configure your Windows Server and customize its settings based on your needs and preferences* Discover how to install, configure, and work with ContainersThe perfect book for server and system admins looking for a quick reference on Windows Server operation, this book is also a great resource for networking newcomers learning their way around the server software they'll encounter daily. SARA PERROTT is a senior cybersecurity risk manager in the financial services industry and an instructor at Bellevue College. She is the author of Windows Server 2019 & PowerShell All-in-One For Dummies and coauthor of multiple study guides for the AWS Certified SysOps Administrator exam.Introduction 1BOOK 1: INSTALLING AND SETTING UP WINDOWS SERVER 2022 5Chapter 1: An Overview of Windows Server 2022 7Chapter 2: Using Boot Diagnostics 19Chapter 3: Performing the Basic Installation 33Chapter 4: Performing Initial Configuration Tasks 45BOOK 2: CONFIGURING WINDOWS SERVER 2022 73Chapter 1: Configuring Server Roles and Features 75Chapter 2: Configuring Server Hardware 103Chapter 3: Using the Settings Menu 145Chapter 4: Working with Workgroups 155Chapter 5: Promoting Your Server to Domain Controller 171Chapter 6: Managing DNS and DHCP with IP Address Management 203BOOK 3: ADMINISTERING WINDOWS SERVER 2022 217Chapter 1: An Overview of the Tools Menu in Server Manager 219Chapter 2: Setting Group Policy 233Chapter 3: Configuring the Registry 247Chapter 4: Working with Active Directory 263Chapter 5: Performing Standard Maintenance 279Chapter 6: Working at the Command Line 313Chapter 7: Working with PowerShell 325BOOK 4: CONFIGURING NETWORKING IN WINDOWS SERVER 2022 339Chapter 1: Overview of Windows Server 2022 NetworkingChapter 2: Performing Basic Network Tasks 359Chapter 3: Accomplishing Advanced Network Tasks 371Chapter 4: Diagnosing and Repairing Network Connection Problems 389BOOK 5: MANAGING SECURITY WITH WINDOWS SERVER 2022 401Chapter 1: Understanding Windows Server 2022 Security 403Chapter 2: Configuring Shared Resources 419Chapter 3: Configuring Operating System Security 439Chapter 4: Working with the Internet 457Chapter 5: Understanding Digital Certificates 471Chapter 6: Installing and Configuring AD CS 479Chapter 7: Securing Your DNS Infrastructure 499BOOK 6: WORKING WITH WINDOWS POWERSHELL 513Chapter 1: Introducing PowerShell 515Chapter 2: Understanding the NET Framework 547Chapter 3: Working with Scripts and Cmdlets 555Chapter 4: Creating Your Own Scripts and Advanced Functions 565Chapter 5: PowerShell Desired State Configuration 581BOOK 7: INSTALLING AND ADMINISTERING HYPER-V 593Chapter 1: What Is Hyper-V? 595Chapter 2: Virtual Machines 607Chapter 3: Virtual Networking 619Chapter 4: Virtual Storage 637Chapter 5: High Availability in Hyper-V 651BOOK 8: INSTALLING, CONFIGURING, AND USING CONTAINERS 667Chapter 1: Introduction to Containers in Windows Server 2022 669Chapter 2: Docker and Docker Hub 675Chapter 3: Installing Containers on Windows Server 2022 685Chapter 4: Configuring Docker and Containers on Windows Server 2022 695Chapter 5: Managing Container Images 705Chapter 6: Container Networking 715Chapter 7: Container Storage 725Index 733
Introducing .NET 6
Welcome to .NET 6, Microsoft’s unified framework that converges the best of the modern and traditional .NET Framework. This book will introduce you to the new aspects of Microsoft’s fully supported .NET 6 Framework and will teach you how to get the most out of it. You will learn about the progress to one unified .NET, including MAUI and the revival of desktop development. You will dive into Roslyn, Blazor, CLI, Containers, Cloud, and much more, using a “framework first” learning approach. You will begin by learning what each tool is, its practical uses, and how to apply it and then you will try it out on your own for learning reinforcement. And, of course, there will be plenty of code samples using C# 10.INTRODUCING .NET 6 is aimed at .NET developers, both junior developers and those coming from the .NET framework, who want to understand everything the modern framework has to offer, besides the obvious programming languages. While you will still see a lot of fabulous C# 10 throughout the book, the focus of this learning is all about .NET and its tooling.WHAT YOU WILL LEARN* Become a more versatile developer by knowing the variety of options available to you in the .NET 6 framework and its powerful tooling* Know the different front-end frameworks .NET offers, such as UWP, WPF, and WinForms, and how they stack up to each other* Understand the different communication protocols, such as REST and gRPC, for your back-end services* Discover the secrets of cloud-native development, such as serverless computing with Azure Functions and deploying containers to Azure Container Services* Master the command line, take your skill set to the cloud, and containerize your .NET 6 appWHO THIS BOOK IS FORBoth students and more experienced developers, C# developers who want to learn more about the framework they use, developers who want to be more productive by diving deeper into the tooling that .NET 6 brings to the fold, developers who need to make technical decisions. A working knowledge of C# is recommended to follow the examples used in the book.NICO VERMEIR is an Microsoft MVP in the field of Windows development. He works as a Solution Architect at Inetum-Realdolmen Belgium and spends a lot of time keeping up with the rapidly changing world of technology. He loves talking about and using the newest and experimental technologies in the .NET stack. Nico founded MADN, a user group focusing on front end development in .NET. He regularly presents on the topic of .NET.CHAPTER 1: A TOUR OF.NET 6CHAPTER 2: RUNTIMES AND DESKTOP PACKSCHAPTER 3: COMMAND LINE INTERFACECHAPTER 4: DESKTOP DEVELOPMENTCHAPTER 5: BLAZORCHAPTER 6: MAUICHAPTER 7: ASP.NET CORECHAPTER 8: MICROSOFT AZURECHAPTER 9: APPLICATION ARCHITECTURECHAPTER 10: .NET COMPILER PLATFORMCHAPTER 11: ADVANCED .NET 6
Cloud Security For Dummies
EMBRACE THE CLOUD AND KICK HACKERS TO THE CURB WITH THIS ACCESSIBLE GUIDE ON CLOUD SECURITYCloud technology has changed the way we approach technology. It’s also given rise to a new set of security challenges caused by bad actors who seek to exploit vulnerabilities in a digital infrastructure. You can put the kibosh on these hackers and their dirty deeds by hardening the walls that protect your data.Using the practical techniques discussed in Cloud Security For Dummies, you’ll mitigate the risk of a data breach by building security into your network from the bottom-up. Learn how to set your security policies to balance ease-of-use and data protection and work with tools provided by vendors trusted around the world.This book offers step-by-step demonstrations of how to:* Establish effective security protocols for your cloud application, network, and infrastructure * Manage and use the security tools provided by different cloud vendors * Deliver security audits that reveal hidden flaws in your security setup and ensure compliance with regulatory frameworks As firms around the world continue to expand their use of cloud technology, the cloud is becoming a bigger and bigger part of our lives. You can help safeguard this critical component of modern IT architecture with the straightforward strategies and hands-on techniques discussed in this book.TED COOMBS is a direct descendant of King Edward of England, a former world record holder for most miles roller skated in a day, and a longtime technology guru and author. He’s written over a dozen technology books on a wide array of topics ranging from database programming to building an internet site. Along the way he helped create early artificial intelligence tools and served as cybersecurity professional focused on computer forensics. INTRODUCTION 1About This Book 2Foolish Assumptions 3Icons Used in This Book 3Beyond the Book 3Where to Go from Here 4PART 1: GETTING STARTED WITH CLOUD SECURITY 5CHAPTER 1: CLOUDS AREN’T BULLETPROOF 7Knowing Your Business 8Discovering the company jewels 8Initiating your plan 8Automating the discovery process 8Knowing Your SLA Agreements with Service Providers 10Where is the security? 10Knowing your part 11Building Your Team 11Finding the right people 12Including stakeholders 12Creating a Risk Management Plan 13Identifying the risks 14Assessing the consequences of disaster 15Pointing fingers at the right people 15Disaster planning 16When Security Is Your Responsibility 17Determining which assets to protect 17Knowing your possible threat level 20Van Gogh with it (paint a picture of your scenario) 21Setting up a risk assessment database 22Avoiding Security Work with the Help of the Cloud 24Having someone else ensure physical security 25Making sure providers have controls to separate customer data 25Recognizing that cloud service providers can offer better security 25CHAPTER 2: GETTING DOWN TO BUSINESS 27Negotiating the Shared Responsibility Model 28Coloring inside the lines 29Learning what to expect from a data center 29Taking responsibility for your 75 percent 31SaaS, PaaS, IaaS, AaaA! 31SaaS 31SaaS security 32PaaS 32PaaS security 33IaaS 33IaaS security 34FaaS 34SaaS, PaaS, IaaS, FaaS responsibilities 34Managing Your Environment 35Restricting access 36Assessing supply chain risk 36Managing virtual devices 38Application auditing 38Managing Security for Devices Not Under Your Control 39Inventorying devices 39Using a CASB solution 40Applying Security Patches 41Looking Ahead 42CHAPTER 3: STORING DATA IN THE CLOUD 43Dealing with the Data Silo Dilemma 44Cataloging Your Data 45Selecting a data catalog software package 46Three steps to building a data catalog 46Controlling data access 47Working with labels 49Developing label-based security 50Applying sensitivity levels 50Assessing impact to critical functions 50Working with Sample Classification Systems 51Tokenizing Sensitive Data 54Defining data tokens 54Isolating your tokenization system 55Accessing a token system 55Segmenting Data 56Anonymizing Data 56Encrypting Data in Motion, in Use, and at Rest 58Securing data in motion 59Encrypting stored data 59Protecting data in use by applications 60Creating Data Access Security Levels 60Controlling User Access 61Restricting IP access 61Limiting device access 62Building the border wall and other geofencing techniques 63Getting rid of stale data 64CHAPTER 4: DEVELOPING SECURE SOFTWARE 65Turbocharging Development 65No more waterfalls 66CI/CD: Continuous integration/continuous delivery 68Shifting left and adding security in development 68Tackling security sooner rather than later 69Putting security controls in place first 70Circling back 70Implementing DevSecOps 71Automating Testing during Development 71Using static and dynamic code analysis 72Taking steps in automation 73Leveraging software composition analysis 74Proving the job has been done right 76Logging and monitoring 76Ensuring data accountability, data assurance, and data dependability 77Running Your Applications 78Taking advantage of cloud agnostic integration 79Recognizing the down sides of cloud agnostic development 80Getting started down the cloud agnostic path 81Like DevOps but for Data 82Testing, 1-2-3 84Is this thing working? 85Working well with others 85Baking in trust 85DevSecOps for DataOps 86Considering data security 87Ending data siloes 88Developing your data store 89Meeting the Challenges of DataSecOps 90Understanding That No Cloud Is Perfect 92CHAPTER 5: RESTRICTING ACCESS 95Determining the Level of Access Required 95Catching flies with honey 96Determining roles 97Auditing user requirements 97Understanding Least Privilege Policy 98Granting just-in-time privileges 99The need-to-know strategy 99Granting access to trusted employees 99Restricting access to contractors 100Implementing Authentication 101Multifactor authentication (Or, who’s calling me now?) 101Authenticating with API keys 102Using Firebase authentication 102Employing OAuth 103Google and Facebook authentication methods 103Introducing the Alphabet Soup of Compliance 104Global compliance 104Complying with PCI 105Complying with GDPR 106HIPAA compliance 107Government compliance 109Compliance in general 110Maintaining Compliance and CSPM 110Discovering and remediating threats with CSPM applications 112Automating Compliance 113Integrating with DevOps 113Controlling Access to the Cloud 114Using a cloud access security broker (CASB) 115Middleware protection systems 117Getting Certified 121ISO 27001 Compliance 121SOC 2 compliance 122PCI certification 124PART 2: ACCEPTANCE 125CHAPTER 6: MANAGING CLOUD RESOURCES 127Defending Your Cloud Resources from Attack 128Living in a Virtual World 129Moving to virtualization 130Addressing VM security concerns 130Using containers 131Securing Cloud Resources with Patch Management 132Patching VMs and containers 133Implementing patch management 133Keeping Your Cloud Assets Straight in Your Mind 134Keeping Tabs with Logs 136Using Google Cloud Management software 136Using AWS log management 137Using Azure log management 139Working with third-party log management software 139Logging containers 140Building Your Own Defenses 141Creating your development team 141Using open-source security 142Protecting your containers 143Protecting your codebase 143CHAPTER 7: THE ROLE OF AIOPS IN CLOUD SECURITY 145Taking the AIOps Route 146Detecting the problem 148Using dynamic thresholds 149Catching attacks early in the Cyber Kill chain 149Prioritizing incidents 150Assigning tasks 150Diagnosing the root problem 151Reducing time to MTTR 151Spotting transitory problems 152Digging into the past 152Solving the problem 153Achieving resolution 154Automating security responses 154Continually improving 155Making Things Visible 155Implementing resource discovery 155Automating discovery 156Managing Resources, CMDB-Style 157Seeing potential impacts 157Adding configuration items 158Employing CSDM 158Using AIOps 159Gaining insights 159Examining a wireless networking use case 159Using Splunk to Manage Clouds 161Observability 161Alerts 162Splunk and AIOps 163Predictive analytics 163Adaptive thresholding 163Views of everything 164Deep Dive in Splunk 164Event Analytics in Splunk 164Splunk On-Call 165Phantom 166Putting ServiceNow Through Its Paces 167AIOps require an overhead view 167React to problems 167Gauge system health 168Automation makes it all happen 169Getting the Job Done with IT Service Management 170How ITSM is different 170Performance analytics 170Changing Your Team 171A (Not So Final) Word 172CHAPTER 8: IMPLEMENTING ZERO TRUST 173Making the Shift from Perimeter Security 174Examining the Foundations of Zero Trust Philosophy 175Two-way authentication 175Endpoint device management 176End-to-end encryption 177Policy based access 179Accountability 181Least privilege 182Network access control and beyond 182CSPM risk automation 184Dealing with Zero Trust Challenges 185Choose a roadmap 186Take a simple, step-by-step approach 186Keep in mind some challenges you face in implementing zero trust 190CHAPTER 9: DEALING WITH HYBRID CLOUD ENVIRONMENTS 195Public Clouds Make Pretty Sunsets 196Controlling your environment 197Optimizing for speed 197Managing security 198Private Clouds for Those Special Needs 199Wrapping Your Mind around Hybrid Cloud Options 200Hybrid storage solution 201Tiered data storage 202Gauging the Advantages of the Hybrid Cloud Setup 203It’s scalable 203The costs 203You maintain control 203The need for speed 204Overcoming data silos 204Compliance 206Struggling with Hybrid Challenges 207Handling a larger attack surface 207Data leakage 207Data transport times 208Complexity 208Risks to your service level agreements 208Overcoming Hybrid Challenges 209Asset management 209SAM 210HAM 211IT asset management 211Latency issues 212On the Move: Migrating to a Hybrid Cloud 213Data migration readiness 213Making a plan 213Picking the right cloud service 214Using a migration calendar 215Making it happen 215Dealing with compatibility issues 215Using a Package 216HPE Hybrid Cloud Solution 216Amazon Web Services 216Microsoft Azure 217CHAPTER 10: DATA LOSS AND DISASTER RECOVERY 219Linking Email with Data Loss 220Data loss from malware 221The nefarious ransomware 222Ransomware and the cloud 223Crafting Data Loss Prevention Strategies 224Backing up your data 226Tiered backups 226Minimizing Cloud Data Loss 229Why Cloud DLP? 229Cloud access security brokers 229Recovering from Disaster 232Recovery planning 232Business continuity 232RTO and RPO 233Coming up with the recovery plan itself 233Chaos Engineering 235Practical chaos engineering 236Listing what could go wrong 238Seeing how bad it can get 239Attaining resiliency 239PART 3: BUSINESS AS USUAL 241CHAPTER 11: USING CLOUD SECURITY SERVICES 243Customizing Your Data Protection 244Validating Your Cloud 244Multifactor authentication 245One-time passwords 245Managing file transfers 250HSM: Hardware Security Modules for the Big Kids 251Looking at HSM cryptography 252Managing keys with an HSM 253Building in tamper resistance 255Using HSMs to manage your own keys 255Meeting financial data security requirements with HSMs 256DNSSEC 256OpenDNSSEC 257Evaluating HSM products 258Looking at cloud HSMs 259KMS: Key Management Services for Everyone Else 259SSH compliance 260The encryption-key lifecycle 262Setting Up Crypto Service Gateways 263CHAPTER 12: WHEN THINGS GO WRONG 265Finding Your Focus 265Stealing Data 101 266Landing, expanding, and exfiltrating 267Offboarding employees 273Preventing the Preventable and Managing Employee Security 276Navigating Cloud Native Breaches 280Minimizing employee error 281Guarding against insider data thefts 283Preventing employee data spillage 284Cleaning up after the spill 285CHAPTER 13: SECURITY FRAMEWORKS 289Looking at Common Frameworks 290COBIT 290SABSA 291Federal Financial Institutions Examination Council (FFIEC) Cyber Assessment Tool (CAT) 292Federal Risk and Authorization Management Program (FEDRAMP) 292Personal Information Protection and Electronic Documents Act (PIPEDA) 293Payment Card Industry — Data Security Standard (PCI–DSS) 293GLBA 293SCF 294DFARS 252.204-7012/ NIST 800-171 294ISO/IEC 27000 Series 295CIS Critical Security Controls 295CIS Benchmarks 295Common Criteria 296FDA regulations on electronic records and signatures 296ITIL 297Introducing SASE Architecture 298The sassy side of SASE 299Sassy makeup 300The Cloud Native Application Protection Platform 303Working with CWPP 304Managing with CSPM 305NIST Risk Management Framework 305Federal Information Security Modernization Act 306Cybersecurity Strategy and Implementation Plan 307CHAPTER 14: SECURITY CONSORTIUMS 311Doing the Right Thing 311Membership in the Cloud Security Alliance 313Company membership 314Individual membership 315Getting that Stamp of Approval 317CCSK Certification 317CISA: Certified Security Information Systems Auditor 317CRISC: Certified Risk and Information Systems Control 318CCAK: Certificate of Cloud Auditing Knowledge 318Advanced Cloud Security Practitioner 318GDPR Lead Auditor and Consultant 319Information Security Alliances, Groups, and Consortiums 319Words for the Road 321PART 4: THE PART OF TENS 323CHAPTER 15: TEN STEPS TO BETTER CLOUD SECURITY 325Scoping Out the Dangers 326Inspiring the Right People to Do the Right Thing 327Keeping Configuration Management on the Straight and Narrow 328Adopting AIOps 329Getting on board with DataOps 330Befriending Zero Trust 330Keeping the Barn Door Closed 331Complying with Compliance Mandates 332Joining the Cloud Security Club 333Preparing for the Future 333CHAPTER 16: CLOUD SECURITY SOLUTIONS 335Checkpoint CloudGuard 335CloudPassage Halo 336Threat Stack Cloud Security Platform 336Symantec Cloud Workload Protection 336Datadog Monitoring Software 337Azure AD 338Palo Alto Prisma 338Fortinet Cloud Security 338ServiceNow AIOps 339Lacework 340Index 341
Python for Cybersecurity
DISCOVER AN UP-TO-DATE AND AUTHORITATIVE EXPLORATION OF PYTHON CYBERSECURITY STRATEGIESPython For Cybersecurity: Using Python for Cyber Offense and Defense delivers an intuitive and hands-on explanation of using Python for cybersecurity. It relies on the MITRE ATT&CK framework to structure its exploration of cyberattack techniques, attack defenses, and the key cybersecurity challenges facing network administrators and other stakeholders today.Offering downloadable sample code, the book is written to help you discover how to use Python in a wide variety of cybersecurity situations, including:* Reconnaissance, resource development, initial access, and execution* Persistence, privilege escalation, defense evasion, and credential access* Discovery, lateral movement, collection, and command and control* Exfiltration and impactEach chapter includes discussions of several techniques and sub-techniques that could be used to achieve an attacker's objectives in any of these use cases. The ideal resource for anyone with a professional or personal interest in cybersecurity, Python For Cybersecurity offers in-depth information about a wide variety of attacks and effective, Python-based defenses against them.HOWARD E. POSTON III is a freelance consultant and content creator with a professional focus on blockchain and cybersecurity. He has over ten years’ experience in programming with Python and has developed and taught over a dozen courses teaching cybersecurity. He is a sought-after speaker on blockchain and cybersecurity at international security conferences. Introduction xviiCHAPTER 1 FULFILLING PRE- ATT&CK OBJECTIVES 1Active Scanning 2Scanning Networks with scapy 2Implementing a SYN Scan in scapy 4Performing a DNS Scan in scapy 5Running the Code 5Network Scanning for Defenders 6Monitoring Traffic with scapy 7Building Deceptive Responses 8Running the Code 9Search Open Technical Databases 9Offensive DNS Exploration 10Searching DNS Records 11Performing a DNS Lookup 12Reverse DNS Lookup 12Running the Code 13DNS Exploration for Defenders 13Handling DNS Requests 15Building a DNS Response 15Running the Code 16Summary 17Suggested Exercises 17CHAPTER 2 GAINING INITIAL ACCESS 19Valid Accounts 20Discovering Default Accounts 20Accessing a List of Default Credentials 21Starting SSH Connections in Python 22Performing Telnet Queries in Python 23Running the Code 24Account Monitoring for Defenders 24INTRODUCTION TO WINDOWS EVENT LOGS 25Accessing Event Logs in Python 28Detecting Failed Logon Attempts 28Identifying Unauthorized Access to Default Accounts 30Running the Code 30Replication Through Removable Media 31Exploiting Autorun 31Converting Python Scripts to Windows Executables 32Generating an Autorun File 33Setting Up the Removable Media 34Running the Code 34Detecting Autorun Scripts 34Identifying Removable Drives 35Finding Autorun Scripts 36Detecting Autorun Processes 36Running the Code 36Summary 37Suggested Exercises 37CHAPTER 3 ACHIEVING CODE EXECUTION 39Windows Management Instrumentation 40Executing Code with WMI 40Creating Processes with WMI 41Launching Processes with PowerShell 41Running the Code 42WMI Event Monitoring for Defenders 42WMI in Windows Event Logs 43Accessing WMI Event Logs in Python 45Processing Event Log XML Data 45Running the Code 46Scheduled Task/Job 47Scheduling Malicious Tasks 47Checking for Scheduled Tasks 48Scheduling a Malicious Task 48Running the Code 49Task Scheduling for Defenders 50Querying Scheduled Tasks 51Identifying Suspicious Tasks 52Running the Code 52Summary 53Suggested Exercises 53CHAPTER 4 MAINTAINING PERSISTENCE 55Boot or Logon Autostart Execution 56Exploiting Registry Autorun 56The Windows Registry and Autorun Keys 57Modifying Autorun Keys with Python 60Running the Code 61Registry Monitoring for Defenders 62Querying Windows Registry Keys 63Searching the HKU Hive 64Running the Code 64Hijack Execution Flow 65Modifying the Windows Path 65Accessing the Windows Path 66Modifying the Path 67Running the Code 68Path Management for Defenders 69Detecting Path Modification via Timestamps 69Enabling Audit Events 71Monitoring Audit Logs 73Running the Code 75Summary 76Suggested Exercises 76CHAPTER 5 PERFORMING PRIVILEGE ESCALATION 77Boot or Logon Initialization Scripts 78Creating Malicious Logon Scripts 78Achieving Privilege Escalation with Logon Scripts 79Creating a Logon Script 79Running the Code 79Searching for Logon Scripts 80Identifying Autorun Keys 81Running the Code 81Hijack Execution Flow 81Injecting Malicious Python Libraries 82How Python Finds Libraries 82Creating a Python Library 83Running the Code 83Detecting Suspicious Python Libraries 83Identifying Imports 85Detecting Duplicates 85Running the Code 86Summary 86Suggested Exercises 87CHAPTER 6 EVADING DEFENSES 89Impair Defenses 90Disabling Antivirus 90Disabling Antivirus Autorun 90Terminating Processes 93Creating Decoy Antivirus Processes 94Catching Signals 95Running the Code 95Hide Artifacts 95Concealing Files in Alternate Data Streams 96Exploring Alternate Data Streams 96Alternate Data Streams in Python 97Running the Code 98Detecting Alternate Data Streams 98Walking a Directory with Python 99Using PowerShell to Detect ADS 100Parsing PowerShell Output 101Running the Code 102Summary 102Suggested Exercises 103CHAPTER 7 ACCESSING CREDENTIALS 105Credentials from Password Stores 106Dumping Credentials from Web Browsers 106Accessing the Chrome Master Key 108Querying the Chrome Login Data Database 108Parsing Output and Decrypting Passwords 109Running the Code 109Monitoring Chrome Passwords 110Enabling File Auditing 110Detecting Local State Access Attempts 111Running the Code 113Network Sniffing 114Sniffing Passwords with scapy 114Port- Based Protocol Identification 116Sniffing FTP Passwords 116Extracting SMTP Passwords 117Tracking Telnet Authentication State 119Running the Code 121Creating Deceptive Network Connections 121Creating Decoy Connections 122Running the Code 122Summary 123Suggested Exercises 123CHAPTER 8 PERFORMING DISCOVERY 125Account Discovery 126Collecting User Account Data 126Identifying Administrator Accounts 127Collecting User Account Information 128Accessing Windows Password Policies 128Running the Code 129Monitoring User Accounts 130Monitoring Last Login Times 130Monitoring Administrator Login Attempts 131Running the Code 132File and Directory Discovery 133Identifying Valuable Files and Folders 133Regular Expressions for Data Discovery 135Parsing Different File Formats 135Running the Code 136Creating Honeypot Files and Folders 136Monitoring Decoy Content 136Creating the Decoy Content 137Running the Code 138Summary 138Suggested Exercises 139CHAPTER 9 MOVING LATERALLY 141Remote Services 142Exploiting Windows Admin Shares 142Enabling Full Access to Administrative Shares 143Transferring Files via Administrative Shares 144Executing Commands on Administrative Shares 144Running the Code 144Admin Share Management for Defenders 145Monitoring File Operations 146Detecting Authentication Attempts 147Running the Code 148Use Alternative Authentication Material 148Collecting Web Session Cookies 149Accessing Web Session Cookies 150Running the Code 150Creating Deceptive Web Session Cookies 151Creating Decoy Cookies 151Monitoring Decoy Cookie Usage 153Running the Code 153Summary 154Suggested Exercises 155CHAPTER 10 COLLECTING INTELLIGENCE 157Clipboard Data 158Collecting Data from the Clipboard 158Accessing the Windows Clipboard 159Replacing Clipboard Data 159Running the Code 160Clipboard Management for Defenders 160Monitoring the Clipboard 161Processing Clipboard Messages 161Identifying the Clipboard Owner 161Running the Code 162Email Collection 162Collecting Local Email Data 162Accessing Local Email Caches 163Running the Code 163Protecting Against Email Collection 164Identifying Email Caches 165Searching Archive Files 165Running the Code 166Summary 166Suggested Exercises 166CHAPTER 11 IMPLEMENTING COMMAND AND CONTROL 169Encrypted Channel 170Command and Control Over Encrypted Channels 170Encrypted Channel Client 171Encrypted Channel Server 172Running the Code 173Detecting Encrypted C2 Channels 174Performing Entropy Calculations 175Detecting Encrypted Traffic 175Running the Code 176Protocol Tunneling 176Command and Control via Protocol Tunneling 176Protocol Tunneling Client 177Protocol Tunneling Server 177Running the Code 179Detecting Protocol Tunneling 179Extracting Field Data 181Identifying Encoded Data 181Running the Code 181Summary 182Suggested Exercises 182CHAPTER 12 EXFILTRATING DATA 183Alternative Protocols 184Data Exfiltration Over Alternative Protocols 184Alternative Protocol Client 185Alternative Protocol Server 186Running the Code 188Detecting Alternative Protocols 189Detecting Embedded Data 190Running the Code 191Non- Application Layer Protocols 191Data Exfiltration via Non- Application Layer Protocols 192Non- Application Layer Client 193Non- Application Layer Server 193Running the Code 194Detecting Non- Application Layer Exfiltration 195Identifying Anomalous Type and Code Values 196Running the Code 196Summary 197Suggested Exercises 197CHAPTER 13 ACHIEVING IMPACT 199Data Encrypted for Impact 200Encrypting Data for Impact 200Identifying Files to Encrypt 201Encrypting and Decrypting Files 202Running the Code 202Detecting File Encryption 203Finding Files of Interest 204Calculating File Entropies 204Running the Code 205Account Access Removal 205Removing Access to User Accounts 205Changing Windows Passwords 207Changing Linux Passwords 207Running the Code 207Detecting Account Access Removal 208Detecting Password Changes in Windows 209Detecting Password Changes in Linux 210Running the Code 211Summary 211Suggested Exercises 212Index 213
Microsoft Windows Server 2022 - Das Handbuch
Das Standardwerk zur neuen Version: praxisnah und kompetent Diese komplett überarbeitete und aktualisierte Auflage des Klassikers zu Windows Server gibt Ihnen einen tiefgehenden Einblick in den praktischen Einsatz von Windows Server 2022. Das Buch richtet sich sowohl an Neueinsteiger:innen in Microsoft-Servertechnologien als auch an Umsteiger:innen von Vorgängerversionen. Planung und Migration, Konzepte und Werkzeuge der Administration sowie die wichtigsten Konfigurations- und Verwaltungsfragen werden praxisnah behandelt. Alle wichtigen Funktionen werden ausführlich vorgestellt, ebenso die effiziente Zusammenarbeit mit Windows 10-Clients. Es erwarten Sie mehr als 1.000 Seiten praxisnahes und kompetentes Insiderwissen mit vielen hilfreichen Anleitungen und Profitipps.Aus dem Inhalt: Alle Neuerungen von Windows Server 2022 und Änderungen im Vergleich zu Windows Server 2019Lizenzierung und Installation Secured Core Server, Secure DNS und weitere Sicherheitsneuerungen in der PraxisLokale Rechenzentren an Microsoft Azure anbindenBetreiben und Erweitern von Active DirectoryVerwaltung mit dem Windows Admin CenterHochverfügbarkeit und LastenausgleichWindows Server Update Services (WSUS)Diagnose und Überwachung für System, Prozesse und DiensteWindows Server Container, Docker und Hyper-V-ContainerVirtualisierung mit Hyper-VFehlerbehebung Leseprobe (PDF-Link)Autor: Thomas Joos ist selbstständiger IT-Consultant und seit 20 Jahren in der IT-Branche tätig. Er schreibt Fachbücher und berät Unternehmen im Mittelstandsund Enterprise-Bereich in den Themenfeldern Active Directory, Exchange Server und IT-Sicherheit. Durch seinen praxisorientierten und verständlichen Schreibstil sind seine Fachbücher für viele IT-Spezialisten eine wichtige Informationsquelle geworden. Seinen Blog finden Sie auf http://thomasjoos.wordpress.com. Neben vielen erfolgreichen Büchern schreibt er für zahlreiche IT-Publikationen wie z.B. c’t, iX, ITAdministrator und tecchannel.de.Zielgruppe: Administrator*innen
(ISC)2 SSCP Systems Security Certified Practitioner Official Study Guide
THE ONLY SSCP STUDY GUIDE OFFICIALLY APPROVED BY (ISC)2The (ISC)2 Systems Security Certified Practitioner (SSCP) certification is a well-known vendor-neutral global IT security certification. The SSCP is designed to show that holders have the technical skills to implement, monitor, and administer IT infrastructure using information security policies and procedures.This comprehensive Official Study Guide—the only study guide officially approved by (ISC)2—covers all objectives of the seven SSCP domains.* Security Operations and Administration* Access Controls* Risk Identification, Monitoring, and Analysis* Incident Response and Recovery* Cryptography* Network and Communications Security* Systems and Application SecurityThis updated Third Edition covers the SSCP exam objectives effective as of November 2021. Much of the new and more advanced knowledge expected of an SSCP is now covered in a new chapter "Cross-Domain Challenges." If you're an information security professional or student of cybersecurity looking to tackle one or more of the seven domains of the SSCP, this guide gets you prepared to pass the exam and enter the information security workforce with confidence.ABOUT THE AUTHORMICHAEL S. WILLS, SSCP, CISSP, CAMS, is Assistant Professor of Applied Information Technologies in the College of Business at the Embry-Riddle Aeronautical University’s Worldwide Campus. He has many years of experience designing, building, and operating cutting-edge secure systems, and wrote (ISC)2’s official training courses for both the SSCP and CISSP. He is also the creator of ERAU’s Master of Science in Information Security and Assurance degree program. Introduction xxvAssessment Test xlviiiPART I GETTING STARTED AS AN SSCP 1CHAPTER 1 THE BUSINESS CASE FOR DECISION ASSURANCE AND INFORMATION SECURITY 3Information: The Lifeblood of Business 4Policy, Procedure, and Process: How Business Gets Business Done 10Who Runs the Business? 20Summary 24Exam Essentials 24Review Questions 26CHAPTER 2 INFORMATION SECURITY FUNDAMENTALS 33The Common Needs for Privacy, Confidentiality, Integrity, and Availability 34Training and Educating Everybody 47SSCPs and Professional Ethics 47Summary 49Exam Essentials 50Review Questions 54PART II INTEGRATED RISK MANAGEMENT AND MITIGATION 61CHAPTER 3 INTEGRATED INFORMATION RISK MANAGEMENT 63It’s a Dangerous World 64The Four Faces of Risk 75Getting Integrated and Proactive with Information Defense 83Risk Management: Concepts and Frameworks 89Risk Assessment 95Four Choices for Limiting or Containing Damage 107Summary 114Exam Essentials 114Review Questions 120CHAPTER 4 OPERATIONALIZING RISK MITIGATION 127From Tactical Planning to Information Security Operations 128Operationalizing Risk Mitigation: Step by Step 134The Ongoing Job of Keeping Your Baseline Secure 164Ongoing, Continuous Monitoring 174Reporting to and Engaging with Management 182Summary 183Exam Essentials 183Review Questions 189PART III THE TECHNOLOGIES OF INFORMATION SECURITY 197CHAPTER 5 COMMUNICATIONS AND NETWORK SECURITY 199Trusting Our Communications in a Converged World 200Internet Systems Concepts 206Two Protocol Stacks, One Internet 218Wireless Network Technologies 240IP Addresses, DHCP, and Subnets 243IPv4 vs. IPv6: Important Differences and Options 248CIANA Layer by Layer 251Securing Networks as Systems 262Summary 273Exam Essentials 273Review Questions 280CHAPTER 6 IDENTITY AND ACCESS CONTROL 285Identity and Access: Two Sides of the Same CIANA+PS Coin 286Identity Management Concepts 288Access Control Concepts 295Network Access Control 305Implementing and Scaling IAM 310User and Entity Behavior Analytics (UEBA) 329Zero Trust Architectures 332Summary 333Exam Essentials 334Review Questions 343CHAPTER 7 CRYPTOGRAPHY 349Cryptography: What and Why 350Building Blocks of Digital Cryptographic Systems 358Keys and Key Management 367“Why Isn’t All of This Stuff Secret?” 373Cryptography and CIANA+PS 375Public Key Infrastructures 381Applying Cryptography to Meet Different Needs 399Managing Cryptographic Assets and Systems 405Measures of Merit for Cryptographic Solutions 407Attacks and Countermeasures 408PKI and Trust: A Recap 418On the Near Horizon 420Summary 423Exam Essentials 424Review Questions 429CHAPTER 8 HARDWARE AND SYSTEMS SECURITY 435Infrastructure Security Is Baseline Management 437Securing the Physical Context 442Infrastructures 101 and Threat Modeling 444Endpoint Security 457Malware: Exploiting the Infrastructure’s Vulnerabilities 462Privacy and Secure Browsing 466“The Sin of Aggregation” 469Updating the Threat Model 469Managing Your Systems’ Security 470Summary 471Exam Essentials 472Review Questions 478CHAPTER 9 APPLICATIONS, DATA, AND CLOUD SECURITY 483It’s a Data-Driven World…At the Endpoint 484Software as Appliances 487Applications Lifecycles and Security 490CIANA+PS and Applications Software Requirements 498Application Vulnerabilities 504“Shadow IT:” The Dilemma of the User as Builder 507Information Quality and Information Assurance 511Protecting Data in Motion, in Use, and at Rest 514Into the Clouds: Endpoint App and Data Security Considerations 522Legal and Regulatory Issues 533Countermeasures: Keeping Your Apps and Data Safe and Secure 535Summary 536Exam Essentials 537Review Questions 548PART IV PEOPLE POWER: WHAT MAKES OR BREAKS INFORMATION SECURITY 555CHAPTER 10 INCIDENT RESPONSE AND RECOVERY 557Defeating the Kill Chain One Skirmish at a Time 558Harsh Realities of Real Incidents 564Incident Response Framework 566Preparation 571Detection and Analysis 578Containment and Eradication 584Recovery: Getting Back to Business 587Post-Incident Activities 590Summary 594Exam Essentials 595Review Questions 601CHAPTER 11 BUSINESS CONTINUITY VIA INFORMATION SECURITY AND PEOPLE POWER 607What Is a Disaster? 608Surviving to Operate: Plan for It! 609Timelines for BC/DR Planning and Action 615Options for Recovery 617Cloud- Based “Do- Over” Buttons for Continuity, Security, and Resilience 623People Power for BC/DR 626Security Assessment: For BC/DR and Compliance 633Converged Communications: Keeping Them Secure During BC/DR Actions 634Summary 637Exam Essentials 637Review Questions 641CHAPTER 12 CROSS-DOMAIN CHALLENGES 647Operationalizing Security Across the Immediate and Longer Term 648Supply Chains, Security, and the SSCP 657Other Dangers on the Web and Net 662On Our Way to the Future 666Enduring Lessons 672Your Next Steps 677At the Close 678Exam Essentials 678Review Questions 683Appendix Answers to Review Questions 689Chapter 1: The Business Case for Decision Assurance and Information Security 690Chapter 2: Information Security Fundamentals 693Chapter 3: Integrated Information Risk Management 695Chapter 4: Operationalizing Risk Mitigation 698Chapter 5: Communications and Network Security 701Chapter 6: Identity and Access Control 704Chapter 7: Cryptography 707Chapter 8: Hardware and Systems Security 709Chapter 9: Applications, Data, and Cloud Security 712Chapter 10: Incident Response and Recovery 715Chapter 11: Business Continuity via Information Security and People Power 718Chapter 12: Cross- Domain Challenges 722Index 727
Kompatibilitätsverfahren für Profinet-Hardware mit Ethernet Time Sensitive Networks
Die Vernetzung von industriellen Produktionssystemen soll in Zukunft auf Basis von Ethernet Time Sensitive Networks (TSN) umgesetzt werden. Die Einführung einer neuen Netzwerktechnik in die Feldebene der industriellen Produktion stellt jedoch eine besondere Herausforderung dar, da neben Netzwerkfunktionen eine echtzeitfähige Implementierung von Protokollen und spezifischen Anwendungen in die Feldgeräte erforderlich ist. Bei häufig geringen Stückzahlen der anwendungsspezifischen Geräte sind derartige Neuentwicklungen häufig wirtschaftlich nicht tragbar. Migrationsstrategien kommt daher eine entsprechend große Bedeutung zu.Die Forschungsfrage dieser Arbeit lautet: Wie können bestehende Geräte des Echtzeit-Ethernet-Systems PROFINET mit den geforderten Funktions- und Leistungsmerkmalen wie Zeitsynchronisation und synchronisierte Kommunikation kompatibel mit Ethernet TSN-Netzwerken genutzt werden? Der Autor entwickelte Kompatibilitätsverfahren, mit denen dies möglich wird. Das zentrale Kompatibilitätsverfahren ist der Ethernet TSN-kompa¬tible Bridging-Modus Time Aware Forwarding (TAF), der zeitgesteuerte Kommunikation auf der Basis der Empfangszeit zeitrichtig weiterleitet und per Softwareupdate auf bestehender PROFINET-Hardware implementiert werden kann. Diese Geräte können damit in TSN-Netzwerke integriert werden und synchronisierte Kommunikation mit einem Jitter kleiner als 1 µs nutzen.SEBASTIAN SCHRIEGEL absolvierte eine Berufsausbildung als Kommunikationselektroniker und studierte anschließend an der Technischen Hochschule Ostwestfalen-Lippe Elektrotechnik (Dipl.-Ing. FH) und Mechatronische Systeme (M.Sc.). Er arbeitet bei Fraunhofer IOSB-INA in Lemgo und schloss 2021 eine Promotion an der Universität Bielefeld (Dr.-Ing.) ab.Einleitung.- Entwicklung der industriellen Kommunikation und der Anforderungen.- Stand der Wissenschaft und Technik.- Analyse der Kompatibilität von Ethernet TSN und PROFINET-Hardware.- Kompatibilitätsverfahren.- Validierung der Verfahren.- Zusammenfassung und Bewertung.
Evolving Software Processes
EVOLVING SOFTWARE PROCESSESTHE BOOK PROVIDES BASIC BUILDING BLOCKS OF EVOLUTION IN SOFTWARE PROCESSES, SUCH AS DEVOPS, SCALING AGILE PROCESS IN GSD, IN ORDER TO LAY A SOLID FOUNDATION FOR SUCCESSFUL AND SUSTAINABLE FUTURE PROCESSES.One might argue that there are already many books that include descriptions of software processes. The answer is “yes, but.” Becoming acquainted with existing software processes is not enough. It is tremendously important to understand the evolution and advancement in software processes so that developers appropriately address the problems, applications, and environments to which they are applied. Providing basic knowledge for these important tasks is the main goal of this book. Industry is in search of software process management capabilities. The emergence of the COVID-19 pandemic emphasizes the industry’s need for software-specific process management capabilities. Most of today’s products and services are based to a significant degree on software and are the results of largescale development programs. The success of such programs heavily depends on process management capabilities, because they typically require the coordination of hundreds or thousands of developers across different disciplines. Additionally, software and system development are usually distributed across geographical, cultural and temporal boundaries, which make the process management activities more challenging in the current pandemic situation. This book presents an extremely comprehensive overview of the evolution in software processes and provides a platform for practitioners, researchers and students to discuss the studies used for managing aspects of the software process, including managerial, organizational, economic and technical. It provides an opportunity to present empirical evidence, as well as proposes new techniques, tools, frameworks and approaches to maximize the significance of software process management. AUDIENCEThe book will be used by practitioners, researchers, software engineers, and those in software process management, DevOps, agile and global software development. ARIF ALI KHAN is at the University of Jyvȁskylȁ, Finland. He obtained his PhD degree in software engineering from the Department of Computer Science, City University of Hong Kong. He has participated in and managed several empirical software engineering related research projects. He has expertise in software outsourcing, process improvement, 3C’s (communication, coordination, control), requirements change management, agile software development and evidence-based software engineering. Khan has published over 40 articles in peer reviewed conferences and journals.DAC-NHUONG LE obtained his PhD in computer science from Vietnam National University, Vietnam in 2015. He is Deputy-Head of Faculty of Information Technology, Haiphong University, Vietnam. His area of research includes: evaluation computing and approximate algorithms, network communication, security and vulnerability, network performance analysis and simulation, cloud computing, IoT and image processing in biomedicine. He has more than 50 publications and edited/authored 15 computer science books, many with the Wiley-Scrivener imprint. List of Figures xvList of Tables xviiForeword xxiPreface xxiiiAcknowledgments xxviiAcronyms xxix1 REMO: A RECOMMENDATION DEVELOPMENT MODEL FOR SOFTWARE PROCESS IMPROVEMENT 1Sujin Choi, Dae-Kyoo Kim, Sooyong Park1.1 Introduction 21.2 Motivation 31.3 Related Work 51.4 Recommendation Development Model: ReMo 71.4.1 Correlation Analysis 91.4.2 Refining Improvement Packages 141.4.3 Building Recommendations 211.5 Case Studies 251.5.1 Phase I 281.5.2 Phase II 281.5.3 Phase III 281.5.4 Phase IV 291.6 Evaluation 291.6.1 Process Evaluation 301.6.2 Outcome Evaluation 321.6.3 Threats to Validity 361.7 Discussion 371.8 Conclusion 38References 392 A FRAMEWORK FOR A SUSTAINABLE SOFTWARE SECURITY PROGRAM 47Monica Iovan, Daniela S. Cruzes, Espen A. Johansen2.1 Introduction 482.2 Software Security Best Practices 492.2.1 Microsoft Security Development Lifecycle for Agile Development 492.2.2 Building Security in Maturity Model 502.2.3 OWASP Software Assurance Maturity Model 522.2.4 Software Security Services 532.3 Software Security in Visma 552.4 Top-Down and Bottom-Up Approach of a Sustainable Program 552.4.1 Ensuring the Adoption and Implementation of Security Practices 562.4.2 Enabling the Adoption and Implementation of Security Practices 572.4.3 Empowering the Teams 572.4.4 Embedding the Security Activities 582.5 Explorability of a Sustainable Software Security Program 582.5.1 Researching and Innovating Services 582.5.2 Creating New Services 602.5.3 Persuasion Focusing on the Types of Software Development Teams 612.5.4 Service Onboarding 632.6 Exploiting Existing Services 632.6.1 Collecting Continuous Feedback 642.6.2 Retrofitting the Services 652.6.3 Focus on Investment Costs and Benefits 662.6.4 Discontinuing a Service 662.7 Pitfalls of a Sustainable Software Security Program 672.8 Further Reading 682.9 Conclusion 68References 683 LINKING SOFTWARE PROCESSES TO IT PROFESSIONALISM FRAMEWORKS 71Luis Fernández-Sanz, Inés López Baldominos, Vera Pospelova3.1 Introduction 723.2 Process Standards 743.3 IT Professionalism Standards 753.3.1 ESCO 763.3.2 European e-Competence Framework 763.3.3 Skills Match Framework 773.4 Linking Software Processes and IT Professionalism Frameworks 783.5 Analysis of Recommended Skills in Processes According to Participating Professional Roles 793.6 Conclusions 84References 844 MONITORING AND CONTROLLING SOFTWARE PROJECT SCOPE USING AGILE EVM 89Avais Jan, Assad Abbas, Naveed Ahmad4.1 Introduction 904.2 Related Work 914.2.1 Tools and Techniques Used for Scope Definition 924.2.2 Traditional Project Scope Definition 934.2.3 Tools and Techniques for Agile Project Scope Definition 944.3 EVM Applications and Calculation 944.4 Research Methodology 964.4.1 Systematic Literature Review 974.4.2 Mapping of Factors with A-SPSRI Elements 984.5 Quantification of A-SPSRI Elements and Running Simulation 1014.5.1 Quantification of A-SPSRI Elements 1014.5.2 Running Simulations and Their Integration with Agile EVM 1014.5.3 Case Study 1 1034.5.4 Case Study 2 1104.6 Experimental Evaluation of Simulated Results 1124.6.1 Regression Model Interpretation 1124.6.2 Interpretation 1134.7 Conclusion 114References 1155 MODELING MULTI-RELEASE OPEN SOURCE SOFTWARE RELIABILITY GROWTH PROCESS WITH GENERALIZED MODIFIED WEIBULL DISTRIBUTION 123Vishal Pradhan, Ajay Kumar, Joydip Dhar5.1 Introduction 1245.2 Background 1265.3 Proposed Models 1275.3.1 Model-1 (General Model) 1275.3.2 Model-2 (Multi-Release Model) 1285.4 Performance Evaluation with Data Analysis 1285.4.1 Dataset and Parameter Estimation 1285.4.2 Competing Models and Comparison Criteria 1295.4.3 Least Square Estimation (LSE) 1295.4.4 Goodness of Fit 1305.4.5 Comparison of Results 1305.5 Conclusion 131References 1326 DEVELOPING A REFERENCE MODEL FOR OPEN DATA CAPABILITY MATURITY ASSESSMENT 135Murat Tahir Çaldağ, Ebru Gökalp6.1 Introduction 1366.2 Literature Review 1376.2.1 Theoretical Background 1376.2.2 Related Works 1376.3 Model Development 1396.3.1 Scope 1396.3.2 Design 1396.3.3 Populate 1406.3.4 Test 1406.3.5 Deploy and Maintain 1406.4 Open Data Capability Maturity Model 1406.4.1 Process Dimension 1406.4.2 Capability Dimension 1436.5 Conclusion 144References 1457 AHP-BASED PRIORITIZATION FRAMEWORK FOR SOFTWARE OUTSOURCING HUMAN RESOURCE SUCCESS FACTORS IN GLOBAL SOFTWARE DEVELOPMENT 151Abdul Wahid Khan, Ghulam Yaseen, Muhammad Imran Khan, Faheem Khan7.1 Introduction 1527.2 Literature Review 1537.3 Research Methodology 1537.3.1 Systematic Literature Review 1547.3.2 Search String Process 1547.3.3 Search String Development 1557.3.4 Selection of Publications 1557.3.5 Commencement of Data Extraction 1577.3.6 Result Generated for Research Questions through SLR by Applying Final Search String 1587.3.7 Categorization of Identified Success Factors 1597.3.8 Analytical Hierarchical Process (AHP) 1607.4 Proposed Methodology 1627.4.1 Questionnaire Development 1637.4.2 Data Sources 1637.4.3 Validation of Identified Success Factors 1637.4.4 Application of AHP to Prioritize Success Factors 1647.4.5 Comparison of Proposed Framework 1697.5 Limitations 1697.6 Implications of the Study 1697.7 Conclusions and Future Work 170References 1708 A PROCESS FRAMEWORK FOR THE CLASSIFICATION OF SECURITY BUG REPORTS 175Shahid Hussain8.1 Introduction 1768.2 Related Work 1778.2.1 Text Mining for Security Bug Report Prediction 1778.2.2 Machine Learning Algorithms-Based Prediction 1788.2.3 Bi-Normal Separation for Feature Selection 1788.3 Proposed Methodology 1788.3.1 Data Gathering and Preprocessing 1798.3.2 Identifying Security-Related Keywords 1798.3.3 Scoring Keywords 1808.3.4 Scoring Bug Reports 1818.4 Experimental Setup 1818.4.1 Machine Learning Algorithm 1818.4.2 Dataset 1818.4.3 Performance Evaluation 1818.5 Results and Discussion 1828.5.1 Response to RQ1 1828.5.2 Response to RQ2 1828.6 Conclusion 183References 1839 A SYSTEMATIC LITERATURE REVIEW OF CHALLENGES FACTORS FOR IMPLEMENTING DEVOPS PRACTICES IN SOFTWARE DEVELOPMENT ORGANIZATIONS: A DEVELOPMENT AND OPERATION TEAMS PERSPECTIVE 187Mohammad Shameem9.1 Introduction 1889.2 Research Methodology 1899.2.1 Stage-1: Planning the Review 1899.2.2 Stage-2: Conducting the Review 1919.2.3 Stage-3: Reporting the Review Process 1919.3 Results 1929.3.1 RQ1 (Challenges Identified in the Literature) 1929.3.2 RQ2 (Most Critical Challenges) 1929.3.3 RQ3 (Development and Operation Analysis) 1939.4 Discussion and Summary 1949.5 Threats to Validity 1949.6 Conclusions and Future Study 195References 19510 DEVOPS’ CULTURE CHALLENGES MODEL (DC2M): A SYSTEMATIC LITERATURE REVIEW PROTOCOL 201Muhammad Shoaib Khan, Abdul Wahid Khan, Javed Khan10.1 Introduction 20210.2 Background 20310.3 Systematic Literature Review Protocol 20410.4 Creating the Search String 20510.5 Search Strategies 20510.5.1 Trial Search 20510.5.2 Recognizing Search Terms Attributes 20610.5.3 Results for a 20610.5.4 Results for b 20610.5.5 Results for c 20710.5.6 Results for d 20710.6 Final Search String Construction 20810.7 Selection Criteria and Search Process 20910.7.1 Inclusion Criteria 20910.7.2 Exclusion Criteria 20910.7.3 Selection of Primary Sources 21010.8 Assessment of Publication Quality 21010.9 Data Extraction Stage 21010.9.1 Initiation of Data Extraction Phase 21010.9.2 Presentation of Data Extraction 21110.9.3 Data Extraction Process 21110.9.4 Data Storage 21110.10 Data Synthesis 21210.11 Discussion 21210.12 Validation of Review Protocol 21310.13 Limitation 214References 21411 CRITICAL CHALLENGES OF DESIGNING SOFTWARE ARCHITECTURE FOR INTERNET OF THINGS (IOT) SOFTWARE SYSTEM 219Noor Rehman, Abdul Wahid Khan11.1 Introduction 22011.2 Background 22111.2.1 Layered Architecture Pattern 22211.2.2 Microservices Software Architecture 22211.2.3 Event-Driven Software Architecture Pattern 22311.2.4 Blackboard Software Architecture Pattern 22411.2.5 Systematic Literature Review for SADM 22411.3 Research Questions 22411.4 Research Methodology 22511.4.1 Constructing Search Term Formulation 22511.4.2 Publication Selection Process 22911.4.3 Quality Assessment of the Publication 23011.4.4 Data Extraction 23011.4.5 Data Extraction Demonstration 23011.4.6 Findings 23211.5 Continent-Wise Comparison of the Challenges Found 23511.6 Limitations 23511.7 Conclusion and Future Work 236References 23712 CHALLENGES TO PROJECT MANAGEMENT IN DISTRIBUTED SOFTWARE DEVELOPMENT: A SYSTEMATIC LITERATURE REVIEW 241Sher Badshah12.1 Introduction 24212.2 Related Work 24212.3 Methodology 24312.3.1 Planning the Review 24412.3.2 Conducting the Review 24512.3.3 Reporting the Review 24612.4 Results and Discussion 24612.5 Conclusion and Future Work 248References 24913 CYBER SECURITY CHALLENGES MODEL: SLR-BASED PROTOCOL AND INITIAL FINDINGS 253Shah Zaib, Abdul Wahid Khan, Iqbal Qasim13.1 Introduction 25413.2 Related Work 25413.3 Systematic Literature Review (SLR) Protocol 25613.4 Research Questions 25613.5 Search Term Construction 25613.6 Strategies for Searching 25713.6.1 Trial Searching 25713.6.2 Characteristics of Search Terms 25713.7 Process of Search String 25813.7.1 Development of Search String 25813.7.2 Resources to be Searched 25913.8 Selection of Publication 25913.8.1 Inclusion Criteria 25913.8.2 Exclusion Criteria 26013.8.3 Support of Secondary Reviewer 26013.9 Assessment of Publication Quality 26013.10 Data Extraction Phase 26113.10.1 Commencement of Data Extraction Phase 26113.10.2 Presentation of Extracted Data 26113.10.3 Data Extraction Process 26113.10.4 Data Storage 26213.11 Literature Search and Selection 26213.12 Results 26313.12.1 Challenges in CSCM Based on Database/Digital Libraries 26313.12.2 Challenges in CSCM Based on Methodology 26513.13 Discussion 26613.14 Limitations 26613.15 Conclusion and Future Work 266References 26714 A PROCESS ASSESSMENT MODEL FOR HUMAN RESOURCE SKILL DEVELOPMENT ENABLING DIGITAL TRANSFORMATION 271Ebru Gökalp14.1 Introduction 27214.2 Literature Review 27314.2.1 Human Resource Skill Development 27314.2.2 Theoretical Background 27314.3 Process Assessment Model for Human Resource Skill Development 27414.3.1 Process Dimension 27414.3.2 Capability Dimension 27414.4 Application of the Process Assessment Model for DX-HRSD 27614.5 Findings and Discussions 27714.6 Conclusion 279References 279
Windows Server für Dummies
Ganz gleich, ob Sie Einsteiger oder Umsteiger sind: Dieses Buch verschafft Ihnen einen guten Einblick in Windows Server und die Möglichkeiten, die Ihnen das komfortable und flexible Serverbetriebssystem von Microsoft gibt. Das Buch zeigt Ihnen, wie Sie das Betriebssystem installieren, aktivieren und einrichten, wie Sie Rollen und Features anlegen und verwalten, wie Sie eine Domäne erstellen und betreiben, wie Sie DNS und DHCP einrichten, wie Sie mit Hyper-V virtualisieren und vor allem wie Sie Ihre Daten sichern und die Prozesse überwachen. Willkommen in der Windows-Server-Welt! Thomas Bär ist seit Ende der neunziger Jahre in der IT tätig. Er hat weitreichende Erfahrungen bei der Einführung und Umsetzung von IT-Prozessen im Gesundheitswesen. Dieses in der Praxis gewonnene Wissen hat er seit Anfang 2000 in zahlreichen Publikationen als Fachjournalist in einer großen Zahl von Artikeln beschrieben. Er lebt und arbeitet in Günzburg.Frank-Michael Schlede arbeitet seit den achtziger Jahren in der IT und ist seit 1990 als Trainer und Fachjournalist tätig. Nach unterschiedlichen Tätigkeiten als Redakteur und Chefredakteur in verschiedenen Verlagen arbeitet er seit Ende 2009 als freier IT-Journalist für verschiedene Online- und Print-Publikationen sowie als Trainer für LinkedIn Learning. Er lebt und arbeitet in Pfaffenhofen an der Ilm.Über die Autoren 7EINFÜHRUNG17Über dieses Buch 17Was Sie nicht lesen müssen 18Törichte Annahmen über den Leser 18Wie dieses Buch aufgebaut ist 18Teil I – Die Grundlagen des Windows-Servers 19Teil II – Einrichtung und wichtige Rollen 19Teil III – Das richtige Leben: Windows Server im Einsatz 19Teil IV – Der Top-Ten- Teil 20Symbole, die in diesem Buch verwendet werden 20Wie es weitergeht 20TEIL I: WINDOWS-SERVER- RUNDLAGEN 23KAPITEL 1 WINDOWS-SERVER- GRUNDLAGEN 25Das kleine 1x1 der Server 25Hardware-Anforderungen 27Hardware Compatibility List – HCL 29Darf es ein bisschen mehr sein? Sizing des Servers 30KAPITEL 2 WER ZÄHLT DIE VERSIONEN UND EDITIONEN?33Server-Geschichte: Windows NT Server bis 2019 33Windows Server 2019: Neuerungen und Vorteile 35Editionen, Versionen und Service-Kanäle 36Andere Welten (1): Windows-Subsystem für Linux 37Andere Welten (2): Container, Docker, Kubernetes 39Windows Server 2022 – die kommende Generation 40KAPITEL 3 CLOUD UND LOKAL43Installation: Cloud oder lokal? 43Windows Server in der Azure Cloud 44Alternative Cloud-Anbieter und deren Anbindungen 46KAMP DHP 47VPN-Zugriff in die Cloud 52KAPITEL 4 FENSTER ODER KONSOLE?55Windows-Oberfläche versus Kommandozeile 55Was die Eingabeaufforderung so kann 57Kommandozeile: Arbeiten direkt »am Prompt« 59KAPITEL 5 POWERSHELL UND DER SERVER61Wichtige PowerShell-Grundlagen 62Begriffe und Besonderheiten der PowerShell 63Erste Schritte zum eigenen Skript 67Einige Informationen zu Objekten 67Wichtig für viele Zwecke: Vergleichsoperatoren 70Verzweigungen und Schleifen 73Wie Sie ein Skript »zum Laufen« bringen 78PowerShell in der Server-Verwaltung einsetzen 80Prozesse finden und überwachen 80Drucker im Griff behalten 83Das Netzwerk und dessen Geräte 86TEIL II: EINRICHTUNG UND WICHTIGE ROLLEN 93KAPITEL 6 INSTALLATION VON WINDOWS SERVER95Die Frage nach dem Boot-Medium 95Schritt für Schritt: die Installation 97Alternative: Core-Server installieren 101KAPITEL 7 ACTIVE DIRECTORY105Was ist überhaupt ein Active Directory? 106Grundbegriffe rund um das Active Directory 107Installation einer Active-Directory- Domäne 108Erste Benutzer und Computer 113Administrative Konten 118Weiteren Domänencontroller in einer Domäne installieren 121Replikation 126Betriebsmasterrollen 128Entfernung eines Domänencontrollers 130Active-Directory- Verwaltung über den Client 132Active-Directory- Papierkorb 133Active-Directory- Verwaltungscenter 134Gruppen, Benutzer, Container und OUs 136Erstellung von Gruppen 138Benutzer Gruppen zuweisen 140Benutzerkontentypen 143Standardbenutzerkonten und Gruppen 143Rechte und Privilegien 145KAPITEL 8 DNS UND DHCP147Grundlagen der Namensauflösung 147Basiseinrichtung des DNS-Server- Diensts 150DNS-Konfiguration 155DNS-Stammhinweise wiederherstellen 157Verwalten von DNS-Einträgen 158Anlage einer Reverse-Lookupzone 159Anlage eines Hosteintrags 160Primärer und sekundärer DNS-Server 161Zoneneigenschaften 165Batch-Export von DNS-Einträgen 168Microsoft-DNS- Server- Historie 170Allgemeine DNS-Sicherheit 172DNS absichern mit DNSSEC und DANE 172Konfiguration von DNSSEC 173Grundlagen von DHCP 178APIPA 179Installieren eines DHCP-Servers 180DHCP-Reservierungen 183DHCP-Optionen 186DHCP-Failover 187IPAM 190KAPITEL 9 SPEICHERDIENSTE – DATEI-SERVER195Platten und Storage 196RAID, iSCSI-Zielserver und iSCSI-Initiator 196iSCSI-Zielspeicheranbieter 201Server für NFS 203Freigaben, Datei-Server, Ressourcenmanager 207Datendeduplizierung 214DFS-Namespaces 217DFS-Replikation 219Grundlagen zu BranchCache für Datei-Server 221Grundlagen zu Arbeitsordnern 223KAPITEL 10 ERWEITERTE RESSOURCENFREIGABEN225Versteckte und administrative Freigaben 225Dateifreigaben organisieren 228Laufwerkfreigabe per Gruppenrichtlinie zuordnen 228Lassen Sie sich nicht ausschließen 230Vor Blicken schützen – ABE 231Dynamic Access Control 233Prüfung des effektiven Zugriffs 241KAPITEL 11 HYPER-V245Virtualisierung: Begriffe und Bestandteile 245Vorteile beim Einsatz von Hyper-V 246Einrichtung der Hyper-V- Rolle 247Hyper-V konfigurieren 250Manager für virtuelle Switches 254Einrichten eines virtuellen Switches 255Virtueller Switch und die PowerShell 257KAPITEL 12 VIRTUELLE COMPUTER EINSETZEN 261Anlegen einer virtuellen Maschine 261Konfiguration der virtuellen Maschine 266KAPITEL 13 WINDOWS UND LINUX ALS GASTSYSTEM277Virtuelle Computer mit der PowerShell im Griff 283Ein genauerer Blick auf die Prüfpunkte 285Erstellen eines Prüfpunkts 286Anwenden eines Prüfpunkts 288Löschen eines Prüfpunkts 290Ubuntu-Linux als Gastsystem 291KAPITEL 14 DRUCKDIENSTE297Begrifflichkeiten 299Installation von Druck-und Dokumentendiensten 301Druckerserver in der Druckerverwaltung hinzufügen 305Arbeiten mit Druckfiltern 305Drucker in der Druckerverwaltung hinzufügen 307Drucker bereitstellen 311Drucker im-und exportieren 313Druckaufträge im Spooler ansehen 314Line Printer Daemon und Line Printer Remote 315Druckertreiberisolation 316Internetdrucken 317TEIL III: WINDOWS-SERVER IM EINSATZ 321KAPITEL 15 DOMÄNEN-BEITRITT323Vorbedingungen für den Domänen-Beitritt 323Einbinden in die Domäne 327Offline einer Domäne beitreten 329GRUPPENRICHTLINIEN 333Gruppenrichtlinienobjekt verknüpfen 338Gruppenrichtlinienobjekt löschen 339Gruppenrichtlinien und Gruppen 340WMI-Filter 342WMI Query Language 344Zielgruppenadressierung 346Administrative Vorlagen 349Central Store 351Handlungsempfehlung für Gruppenrichtlinien 352Praktische Empfehlungen 354Anmeldung am Computer verweigern 354Desktophintergrundbild festlegen 357Sicherheitsrelevante Gruppenrichtlinien 359Standardbrowser per Gruppenrichtlinie 362Office-VBA per Gruppenrichtlinie ausschalten 363Softwareinstallation per Gruppenrichtlinie 365Entfernen eines Pakets und Updates 367Loopback 368Programme per GPO sperren 368Troubleshooting für Gruppenrichtlinien 370KAPITEL 17 ÜBERWACHUNG DES SERVER-BETRIEBS373Der Server-Manager 373Verwalten des lokalen Servers 377Lokalen Server konfigurieren 379Überblick über das Tools-Menü 381KAPITEL 18 DAS WINDOWS ADMIN CENTER385Was ist das Windows Admin Center (WAC)? 385Installation 387Konfiguration und erster Einsatz 390Grundsätzliche Einstellungen und Erweiterungen 394Weitere Einstellungen und Features 399KAPITEL 19 WINDOWS-SERVER- UPDATES405Einstellungen und Features für die Updates 406Update-Richtlinien verändern 414Update-Einstellungen mittels sconfig ändern 416KAPITEL 20 BACKUP419Grundlagen der Sicherung und Wiederherstellung 420Windows-Server- Sicherung 422Einrichten von Backup-Jobs 423Recovery-Medium nutzen 425Einzelne Dateien wiederherstellen 426Worum handelt es sich beim Azure-Backup- Dienst? 427KAPITEL 21 AUSFÄLLE UND DEREN VERMEIDUNG431Vermeidung von Ausfällen 432Windows aktuell halten 433Applikationen aktuell halten 434RAM-Test 435Festplattenspeicherplatz beachten 436Monitoring 437PRTG 438Nagios und Nagios XI 438Syspectr 439KAPITEL 22 FERNZUGRIFFE441Konsolenzugriffe 442Microsoft Management Console (MMC) 445Remote Desktop (RDP) 446Dritthersteller-Tools 447KAPITEL 23 TROUBLESHOOTING451Erst die Ereignisanzeige – dann der Rest! 453Eigene Dokumentationen 454Server-Manager als Hilfestellung 455IPv6 unterdrücken 456Wo finde ich Unterstützung? 458TEIL IV: DER TOP-TEN- TEIL 461KAPITEL 24 DIE 10 BESTEN SERVER-TOOLS463Veeam Backup & Replication Community Edition 463AD Replication Status Tool 463Specops Password Auditor für Active Directory 463Winscp 463Microsoft Security Compliance Toolkit 1 0 (SCT) 464WiseDateman Password Control 464WireShark 464RSAT 464SysMon 464SysInternals Suite (komplett) 464Stichwortverzeichnis 467
Cloud-Native Microservices with Apache Pulsar
Apply different enterprise integration and processing strategies available with Pulsar, Apache's multi-tenant, high-performance, cloud-native messaging and streaming platform. This book is a comprehensive guide that examines using Pulsar Java libraries to build distributed applications with message-driven architecture.You'll begin with an introduction to Apache Pulsar architecture. The first few chapters build a foundation of message-driven architecture. Next, you'll perform a setup of all the required Pulsar components. The book also covers work with Apache Pulsar client library to build producers and consumers for the discussed patterns.You'll then explore the transformation, filter, resiliency, and tracing capabilities available with Pulsar. Moving forward, the book will discuss best practices when building message schemas and demonstrate integration patterns using microservices. Security is an important aspect of any application; the book will cover authentication and authorization in Apache Pulsar such as Transport Layer Security (TLS), OAuth 2.0, and JSON Web Token (JWT). The final chapters will cover Apache Pulsar deployment in Kubernetes. You'll build microservices and serverless components such as AWS Lambda integrated with Apache Pulsar on Kubernetes.After completing the book, you'll be able to comfortably work with the large set of out-of-the-box integration options offered by Apache Pulsar.WHAT YOU'LL LEARN* Examine the important Apache Pulsar components * Build applications using Apache Pulsar client libraries* Use Apache Pulsar effectively with microservices* Deploy Apache Pulsar to the cloudWHO THIS BOOK IS FORCloud architects and software developers who build systems in the cloud-native technologies.RAHUL SHARMA is a software developer with around 17 years of experience in Java/J2EE and Python applications. Being an open-source enthusiast, he has contributed to various projects like Apache Crunch, and so on. In his career, he has worked with companies of various sizes, from enterprises to start-ups. He has worked on Kubernetes and microservices extensively for enterprises.MOHAMMAD ATYAB is a software developer with more than 13 years of developing products. He has worked in various languages primarily Java/J2EE, Python, C++. He has a passion of building products and has created web based scalable applications in chat bots, ecommerce, marketing and financial domains. He has worked in large enterprises as well as startups and worked extensively in the areas of Big Data and AI.DATA PROCESSING WITH APACHE PULSARChapter 1: Introduction to Apache PulsarChapter 2: Working with MessagesChapter 3: Working with Pulsar FunctionsChapter 4: Schema RegistryChapter 5: Build Microservices using PulsarChapter 6: Pulsar ConnectersChapter 7: Pulsar SecurityChapter 8: Deploy Pulsar on Kubernetes
Cybersecurity Risk Management
CYBERSECURITY RISK MANAGEMENTIn Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework, veteran technology analyst Cynthia Brumfield, with contributions from cybersecurity expert Brian Haugli, delivers a straightforward and up-to-date exploration of the fundamentals of cybersecurity risk planning and management. The book offers readers easy-to-understand overviews of cybersecurity risk management principles, user, and network infrastructure planning, as well as the tools and techniques for detecting cyberattacks. The book also provides a roadmap to the development of a continuity of operations plan in the event of a cyberattack. With incisive insights into the Framework for Improving Cybersecurity of Critical Infrastructure produced by the United States National Institute of Standards and Technology (NIST), Cybersecurity Risk Management presents the gold standard in practical guidance for the implementation of risk management best practices. Filled with clear and easy-to-follow advice, this book also offers readers:* A concise introduction to the principles of cybersecurity risk management and the steps necessary to manage digital risk to systems, assets, data, and capabilities* A valuable exploration of modern tools that can improve an organization’s network infrastructure protection* A practical discussion of the challenges involved in detecting and responding to a cyberattack and the importance of continuous security monitoring* A helpful examination of the recovery from cybersecurity incidentsPerfect for undergraduate and graduate students studying cybersecurity, Cybersecurity Risk Management is also an ideal resource for IT professionals working in private sector and government organizations worldwide who are considering implementing, or who may be required to implement, the NIST Framework at their organization. CYNTHIA BRUMFIELD is the President of DCT Associates and a veteran media, communications, and technology analyst who is now focused on cybersecurity. Backed by executive-level experience at top-tier U.S. communications trade associations, a premier investment analysis firm, and her own successful publication and consulting businesses, she has spearheaded research, analysis, consulting, publishing, and education initiatives for major organizations, including Fortune 500 corporations, security organizations, and federal government clients. In addition, she is an award-winning writer who currently runs a pioneering cybersecurity news destination, Metacurity, and writes regularly for top news outlets, including ongoing columns for CSO Online.BRIAN HAUGLI is the Managing Partner and Founder of SideChannel. He has been driving security programs for two decades and brings a true practitioner’s approach to the industry. He has led programs for the DoD, Pentagon, Intelligence Community, Fortune 500, and many others. In addition, Brian is a renowned speaker and expert on NIST guidance, threat intelligence implementations, and strategic organizational initiatives. Academic Foreword xiiiAcknowledgments xvPreface – Overview of the NIST Framework xviiBackground on the Framework xviiiFramework Based on Risk Management xixThe Framework Core xixFramework Implementation Tiers xxiFramework Profile xxiiOther Aspects of the Framework Document xxiiiRecent Developments At Nist xxiiiCHAPTER 1 CYBERSECURITY RISK PLANNING AND MANAGEMENT 1Introduction 2I. What Is Cybersecurity Risk Management? 2A. Risk Management Is a Process 3II. Asset Management 4A. Inventory Every Physical Device and System You Have and Keep the Inventory Updated 5B. Inventory Every Software Platform and Application You Use and Keep the Inventory Updated 9C. Prioritize Every Device, Software Platform, and Application Based on Importance 10D. Establish Personnel Security Requirements Including Third-Party Stakeholders 11III. Governance 13A. Make Sure You Educate Management about Risks 13IV. Risk Assessment and Management 15A. Know Where You’re Vulnerable 15B. Identify the Threats You Face, Both Internally and Externally 16C. Focus on the Vulnerabilities and Threats That Are Most Likely AND Pose the Highest Risk to Assets 17D. Develop Plans for Dealing with the Highest Risks 18Summary 20Chapter Quiz 20Essential Reading on Cybersecurity Risk Management 22CHAPTER 2 USER AND NETWORK INFRASTRUCTURE PLANNING AND MANAGEMENT 23I. Introduction 24II. Infrastructure Planning and Management Is All about Protection, Where the Rubber Meets the Road 24A. Identity Management, Authentication, and Access Control 251. Always Be Aware of Who Has Access to Which System, for Which Period of Time, and from Where the Access Is Granted 272. Establish, Maintain, and Audit an Active Control List and Process for Who Can Physically Gain Access to Systems 283. Establish Policies, Procedures, and Controls for Who Has Remote Access to Systems 284. Make Sure That Users Have the Least Authority Possible to Perform Their Jobs and Ensure That at Least Two Individuals Are Responsible for a Task 295. Implement Network Security Controls on All Internal Communications, Denying Communications among Various Segments Where Necessary 31A Word about Firewalls 316. Associate Activities with a Real Person or a Single Specific Entity 327. Use Single- or Multi-Factor Authentication Based on the Risk Involved in the Interaction 33III. Awareness and Training 34A. Make Sure That Privileged Users and Security Personnel Understand Their Roles and Responsibilities 35IV. Data Security 35A. Protect the Integrity of Active and Archived Databases 35B. Protect the Confidentiality and Integrity of Corporate Data Once It Leaves Internal Networks 36C. Assure That Information Can Only Be Accessed by Those Authorized to Do So and Protect Hardware and Storage Media 37D. Keep Your Development and Testing Environments Separate from Your Production Environment 38E. Implement Checking Mechanisms to Verify Hardware Integrity 39V. Information Protection Processes and Procedures 39A. Create a Baseline of IT and OT Systems 40B. Manage System Configuration Changes in a Careful, Methodical Way 41A Word about Patch Management 42C. Perform Frequent Backups and Test Your Backup Systems Often 43D. Create a Plan That Focuses on Ensuring That Assets and Personnel Will Be Able to Continue to Function in the Event of a Crippling Attack or Disaster 43VI. Mainte nance 44A. Perform Maintenance and Repair of Assets and Log Activities Promptly 45B. Develop Criteria for Authorizing, Monitoring, and Controlling All Maintenance and Diagnostic Activities for Third Parties 45VII. Protective Technology 46A. Restrict the Use of Certain Types of Media On Your Systems 46B. Wherever Possible, Limit Functionality to a Single Function Per Device (Least Functionality) 47C. Implement Mechanisms to Achieve Resilience on Shared Infrastructure 48Summary 49Chapter Quiz 50Essential Reading on Network Management 51CHAPTER 3 TOOLS AND TECHNIQUES FOR DETECTING CYBER INCIDENTS 53Introduction 54What Is an Incident? 55I. Detect 56A. Anomalies and Events 561. Establish Baseline Data for Normal, Regular Traffic Activity and Standard Configuration for Network Devices 572. Monitor Systems with Intrusion Detection Systems and Establish a Way of Sending and Receiving Notifications of Detected Events; Establish a Means of Verifying, Assessing, and Tracking the Source of Anomalies 58A Word about Antivirus Software 603. Deploy One or More Centralized Log File Monitors and Configure Logging Devices throughout the Organization to Send Data Back to the Centralized Log Monitor 614. Determine the Impact of Events Both Before and After they Occur 615. Develop a Threshold for How Many Times an Event Can Occur Before You Take Action 62B. Continuous Monitoring 621. Develop Strategies for Detecting Breaches as Soon as Possible, Emphasizing Continuous Surveillance of Systems through Network Monitoring 632. Ensure That Appropriate Access to the Physical Environment Is Monitored, Most Likely through Electronic Monitoring or Alarm Systems 643. Monitor Employee Behavior in Terms of Both Physical and Electronic Access to Detect Unauthorized Access 654. Develop a System for Ensuring That Software Is Free of Malicious Code through Software Code Inspection and Vulnerability Assessments 655. Monitor Mobile Code Applications (e.g., Java Applets) for Malicious Activity by Authenticating the Codes’ Origins, Verifying their Integrity, and Limiting the Actions they Can Perform 666. Evaluate a Provider’s Internal and External Controls’ Adequacy and Ensure they Develop and Adhere to Appropriate Policies, Procedures, and Standards; Consider the Results of Internal and External Audits 667. Monitor Employee Activity for Security Purposes and Assess When Unauthorized Access Occurs 678. Use Vulnerability Scanning Tools to Find Your Organization’s Weaknesses 68C. Detection Processes 681. Establish a Clear Delineation between Network and Security Detection, with the Networking Group and the Security Group Having Distinct and Different Responsibilities 692. Create a Formal Detection Oversight and Control Management Function; Define Leadership for a Security Review, Operational Roles, and a Formal Organizational Plan; Train Reviewers to Perform Their Duties Correctly and Implement the Review Process 703. Test Detection Processes Either Manually or in an Automated Fashion in Conformance with the Organization’s Risk Assessment 714. Inform Relevant Personnel Who Must Use Data or Network Security Information about What Is Happening and Otherwise Facilitate Organizational Communication 715. Document the Process for Event Detection to Improve the Organization’s Detection Systems 72Summary 72Chapter Quiz 73Essential Reading for Tools and Techniques for Detecting a Cyberattack 74CHAPTER 4 DEVELOPING A CONTINUITY OF OPERATIONS PLAN 75Introduction 77A. One Size Does Not Fit All 77I. Response 77A. Develop an Executable Response Plan 79B. Understand the Importance of Communications in Incident Response 80C. Prepare for Corporate-Wide Involvement During Some Cybersecurity Attacks 81II. Analysis 82A. Examine Your Intrusion Detection System in Analyzing an Incident 82B. Understand the Impact of the Event 83C. Gather and Preserve Evidence 84D. Prioritize the Treatment of the Incident Consistent with Your Response Plan 84E. Establish Processes for Handling Vulnerability Disclosures 85III. Mitigation 86A. Take Steps to Contain the Incident 86B. Decrease the Threat Level by Eliminating or Intercepting the Adversary as Soon as the Incident Occurs 87C. Mitigate Vulnerabilities or Designate Them as Accepted Risk 88IV. Recover 88A. Recovery Plan Is Executed During or After a Cybersecurity Incident 89B. Update Recovery Procedures Based on New Information as Recovery Gets Underway 91C. Develop Relationships with Media to Accurately Disseminate Information and Engage in Reputational Damage Limitation 92Summary 92Chapter Quiz 93Essential Reading for Developing a Continuity of Operations Plan 94CHAPTER 5 SUPPLY CHAIN RISK MANAGEMENT 95Introduction 96I. NIST Special Publication 800-161 96II. Software Bill of Materials 97III. NIST Revised Framework Incorporates Major Supply Chain Category 98A. Identify, Establish, and Assess Cyber Supply Chain Risk Management Processes and Gain Stakeholder Agreement 98B. Identify, Prioritize, and Assess Suppliers and Third-Party Partners of Suppliers 99C. Develop Contracts with Suppliers and Third-Party Partners to Address Your Organization’s Supply Chain Risk Management Goals 100D. Routinely Assess Suppliers and Third-Party Partners Using Audits, Test Results, and Other Forms of Evaluation 101E. Test to Make Sure Your Suppliers and Third-Party Providers Can Respond to and Recover from Service Disruption 102Summary 103Chapter Quiz 103Essential Reading for Supply Chain Risk Management 104CHAPTER 6 MANUFACTURING AND INDUSTRIAL CONTROL SYSTEMS SECURITY 105Essential Reading on Manufacturing and Industrial Control Security 110Appendix A: Helpful Advice for Small OrganizationsSeeking to Implement Some of the Book’s Recommendations 111Appendix B: Critical Security Controls Version 8.0 Mapped to NIST CSF v1.1 113Answers to Chapter Quizzes 121Index 131
NSX-T Logical Routing
This book is a one-stop guide for IT professionals with a background in traditional and software-defined networks looking to expand or hone their skill set and has been developed through a combination of extensive research and testing in both development and production environments. It provides reliable information on a fundamental component of NSX-T, logical routing.A comprehensive understanding of this capability will help IT professionals with design, implementation, troubleshooting, and enhancements.The book starts with an introduction to the foundational components of the NSX-T platform and how NSX-T fits into the software-defined data center. The focus then moves to tunnel endpoints, which is a critical aspect of the NSX-T platform, and the differences between overlays and underlays are explained. Once the basics are covered, it provides a detailed description of how NSX-T components communicate.Next, the book introduces logical routing and its components and provides a better understanding of how these components function with one another. Several packet walks are illustrated to explain NSX-T logical routing behavior in different scenarios. After mastering logical routing, it explains how NSX-T ensures data plane availability, which is explored at various layers of NSX-T.Finally, the book explores the concepts and intricacies of routing into and out of the NSX-T environment. It deep dives into utilizing the Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), and Static Routing.WHAT YOU WILL LEARN* Know how VMware NSX-T endpoints communicate* Understand how NSX-T logical routing works* Know how NSX-T provides high availability for the data plane* Understand how NSX-T operates with static and dynamic routing protocols* Configure the platformWHO THIS BOOK IS FORReaders with an intermediate to advanced skill set who wish to further their knowledge, those who focus on datacenter technology, those planning to move to a software-defined datacenter to transform the way their current datacenter works, and anyone looking to learn about VMware NSX-T and how it operatesSHASHANK MOHAN (Shank) is the ANZ Professional Services Practice Lead for Networking at VMware. He brings over a decade of experience in IT infrastructure and architecture, with a specialization in networking, virtual cloud networking (VCN), and VMware Cloud Foundation (VCF).Shank is a VMware Advanced Professional in Network Virtualization, a vExpert in NSX and Security, and NSX Advanced Load Balancer (AVI), he is also CISCO and AWS certified.Shank was born and raised in Sydney, Australia but now prefers the calm and cold capital city, Canberra. Between firmware upgrades and breaking his home lab, he makes time for weightlifting, gardening, and most importantly, his family. While Shank is a first-time author, he is a serial blogger. If you’d like to get in touch or continue to learn about virtualization, look up https://www.lab2prod.com.au/.Chapter 1: IntroductionThe Modern-Day Software-Defined Data CenterSoftware-Defined Datacenter ArchitectureVMware NSX-T: SDDC NetworkingThe Basics of NSX-TSummaryChapter 2: Tunnel EndpointsOverlay NetworkingNSX-T Transport Node CommunicationTransport Node TypesWhat Is a Tunnel Endpoint?Tunnel Endpoint CommunicationRouted Transport VLANsTunnel Endpoint ConfigurationTunnel Endpoint FailureSummaryChapter 3: Remote Tunnel EndpointsA Solution for Multiple SitesNSX-T Federation ComponentsSummaryChapter 4: Logical RoutingWhat Is Logical Routing?NSX-T Logical ComponentsLogical Routing ArchitecturePacket Flow Within the NSX-T FabricSummaryChapter 5: Data Plane AvailabilityEdge Cluster Deployment ConsiderationsEdge Failure TypesBidirectional Forwarding Detection (BFD)Equal Cost Multipathing (ECMP)SummaryChapter 6: Datacenter RoutingChapter ObjectivesCommunication with the Physical NetworkNSX-T and BGPNSX-T and OSPFNSX-T and Static RoutingDeterministic PeeringBidirectional Forwarding Detection (BFD)Unicast Reverse Path Forwarding (uRPF)Summary
Robotic Process Automation mit SAP
Wiederkehrende Routineaufgaben? Mit SAP Intelligent Robotic Process Automation können Sie diese von intelligenten Bots ausführen lassen! In diesem umfassenden Handbuch erfahren Sie, für welche Geschäftsabläufe sich RPA eignet, wie Sie mit der SAP-Lösung passende Bots entwickeln und wie Sie Ihre automatisierten Prozesse verwalten. Auch die Möglichkeiten, die Ihnen die Integration von künstlicher Intelligenz bietet, stellt Ihnen das erfahrene Autorenteam vor. Aus dem Inhalt: Einsatzgebiete von RPAProjektmanagementDeklaration und Capturing von AnwendungenWorkflows designenBenutzeroberflächen erstellenTest und DebuggingDeployment und Ausführung von BotsIntegration in SAP-AnwendungenDesktop Studio und Cloud StudioCloud Factory und Desktop AgentKonfiguration und Administration automatisierter ProzesseRPA und KI Einleitung ... 15 TEIL I. Einführung ... 19 1. Robotic Process Automation ... 21 1.1 ... Rahmenbedingungen und Grundlagen ... 21 1.2 ... Formen der Automatisierung ... 23 1.3 ... Robotic Process Automation und Projektmanagement ... 25 1.4 ... Zusammenfassung ... 42 2. Technologische Grundlagen ... 43 2.1 ... Abgrenzung zwischen RPA und Business Process Management ... 43 2.2 ... Abgrenzung zwischen RPA und Process Mining ... 46 2.3 ... Abgrenzung zwischen RPA und Workflow Management ... 47 2.4 ... Abgrenzung zwischen RPA und Business Rules Management ... 49 2.5 ... Technologische Grundstruktur von RPA-Systemen ... 50 2.6 ... Zusammenfassung ... 51 3. Einführung in SAP Intelligent Robotic Process Automation ... 53 3.1 ... Überblick ... 53 3.2 ... Desktop Studio ... 56 3.3 ... Cloud Studio ... 59 3.4 ... Desktop Agent ... 61 3.5 ... Cloud Factory ... 62 3.6 ... Zusammenwirken der Komponenten ... 64 3.7 ... Zusammenfassung ... 68 TEIL II. Entwicklung eines Bots ... 69 4. Capturing und Deklaration von Anwendungen ... 71 4.1 ... Technologien für die Integration in den Automatisierungsprozess ... 72 4.2 ... Beispiel: Automatisierter Zielprozess der Maschinenbau GmbH ... 73 4.3 ... RPA-Projekt anlegen ... 74 4.4 ... Deklaration ... 76 4.5 ... Erweiterte Deklaration ... 91 4.6 ... Zusammenfassung ... 102 5. Workflows designen ... 103 5.1 ... Workflows ... 104 5.2 ... Aktivitäten ... 110 5.3 ... Wiederverwendbarkeit ... 117 5.4 ... Codegenerierung und -manipulation ... 119 5.5 ... Gesamtaufbau des Workflows für die Maschinenbau GmbH ... 125 5.6 ... Zusammenfassung ... 144 6. Workflows erweitern ... 145 6.1 ... Editor und Coding-Assistenten ... 146 6.2 ... Einbindung von benutzerdefiniertem Code ... 155 6.3 ... Integrierte Bibliotheken ... 164 6.4 ... Zusammenfassung ... 170 7. Benutzeroberflächen erstellen ... 171 7.1 ... Die Komponenten des UI Designer ... 172 7.2 ... Gestaltung eines Popup-Fensters für die Automatisierung der Maschinenbau GmbH ... 180 7.3 ... Zusammenfassung ... 186 8. Testen und Debugging ... 187 8.1 ... Einführung in den Desktop Debugger ... 187 8.2 ... Kompilieren und Debuggen ... 199 8.3 ... Zusammenfassung ... 210 TEIL III. Anpassung und Verwaltung automatisierter Prozesse ... 211 9. Deployment und Ausführung von Bots ... 213 9.1 ... Import des Bots in die Cloud Factory ... 213 9.2 ... Ausführung des automatisierten Prozesses ... 219 9.3 ... Zusammenfassung ... 233 10. Konfiguration und Administration automatisierter Prozesse ... 235 10.1 ... Management von RPA-Projekten ... 235 10.2 ... Monitoring ... 250 10.3 ... Zusammenfassung ... 262 TEIL IV. Weiterführende Themen ... 263 11. Integration der Unternehmensanwendungen ... 265 11.1 ... Integration von SAP-GUI-Anwendungen ... 265 11.2 ... Integration von SAP-Fiori-Anwendungen ... 293 11.3 ... Integration von Microsoft-Anwendungen ... 298 11.4 ... Integration des Dateisystems ... 309 11.5 ... Zusammenfassung ... 312 12. Modellierung im Cloud Studio ... 315 12.1 ... Das Cloud Studio im Überblick ... 315 12.2 ... Entwicklung eines Bots unter Verwendung einer Excel-Datei ... 317 12.3 ... Entwicklung eines Bots zum Lesen von E-Mails in Outlook ... 343 12.4 ... Zusammenfassung ... 362 13. Robotic Process Automation und künstliche Intelligenz ... 363 13.1 ... Grenzen von Robotic Process Automation und Chancen durch künstliche Intelligenz ... 365 13.2 ... Einsatzoptionen von künstlicher Intelligenz in RPA-Szenarien ... 371 13.3 ... Hyperautomation ... 377 13.4 ... Prozessuales Wissensmanagement ... 378 13.5 ... Zusammenfassung ... 381 14. Ausblick ... 383 14.1 ... SAP Intelligent RPA 2.0 ... 383 14.2 ... Zusammenfassung ... 389 Anhang ... 391 A ... Nützliche Befehle und Tastenkombinationen ... 391 Das Autorenteam ... 403 Index ... 405
Heimautomation mit KNX, DALI, 1-Wire und Co.
Wenn Sie Ihr Zuhause teilweise oder vollständig professionell mit KNX automatisieren möchten, dann ist das Ihr Buch: Es begleitet Sie bei allen Schritten von der Planung über die Auswahl der Komponenten bis hin zu Einbau, Parametrierung, Vernetzung und Absicherung – stets unterstützt von nützlichen Planungshilfen, Einkaufslisten und zahllosen Praxistipps! Selbstverständlich mit dabei: Zentrale Grundlagen der Elektrik, der intelligenten Gebäudetechnik und Programmierung. • Grundlagen, Technologien, Planung, Hardware, Software und technische Umsetzung • Gewerkeübergreifende Vernetzung: Beleuchtung, Beschattung, Heizung, Sicherheit, Türkommunikation, Multimedia usw. • Inkl. Automation mit HomeServer, Raspberry Pi, Cubietruck und vollständigem Praxisszenario • Der Blog zum Buch von Stefan Heinle http://www.heimautomation-buch.de/