Security
Fog, Edge, and Pervasive Computing in Intelligent IoT Driven Applications
A PRACTICAL GUIDE TO THE DESIGN, IMPLEMENTATION, EVALUATION, AND DEPLOYMENT OF EMERGING TECHNOLOGIES FOR INTELLIGENT IOT APPLICATIONSWith the rapid development in artificially intelligent and hybrid technologies, IoT, edge, fog-driven, and pervasive computing techniques are becoming important parts of our daily lives. This book focuses on recent advances, roles, and benefits of these technologies, describing the latest intelligent systems from a practical point of view. Fog, Edge, and Pervasive Computing in Intelligent IoT Driven Applications is also valuable for engineers and professionals trying to solve practical, economic, or technical problems. With a uniquely practical approach spanning multiple fields of interest, contributors cover theory, applications, and design methodologies for intelligent systems. These technologies are rapidly transforming engineering, industry, and agriculture by enabling real-time processing of data via computational, resource-oriented metaheuristics and machine learning algorithms. As edge/fog computing and associated technologies are implemented far and wide, we are now able to solve previously intractable problems. With chapters contributed by experts in the field, this book:* Describes Machine Learning frameworks and algorithms for edge, fog, and pervasive computing* Considers probabilistic storage systems and proven optimization techniques for intelligent IoT* Covers 5G edge network slicing and virtual network systems that utilize new networking capacity* Explores resource provisioning and bandwidth allocation for edge, fog, and pervasive mobile applications* Presents emerging applications of intelligent IoT, including smart farming, factory automation, marketing automation, medical diagnosis, and moreResearchers, graduate students, and practitioners working in the intelligent systems domain will appreciate this book’s practical orientation and comprehensive coverage. Intelligent IoT is revolutionizing every industry and field today, and Fog, Edge, and Pervasive Computing in Intelligent IoT Driven Applications provides the background, orientation, and inspiration needed to begin.DEEPAK GUPTA, PHD, is an Assistant Professor in the Department of Computer Science and Engineering at the Maharaja Agrasen Institute of Technology, Delhi, India. He has published 158 papers and 3 patents. He is associated with numerous professional bodies, including IEEE, ISTE, IAENG, and IACSIT. He is the convener and organizer of the ICICC, ICDAM Springer Conference Series. ADITYA KHAMPARIA, PHD, is Associate Professor of Computer Science at Lovely Professional University, Punjab, India. He has published more than 45 scientific research publications and is a member of CSI, IET, ISTE, IAENG, ACM and IACSIT. About the Editors xviiList of Contributors xixPreface xxvAcknowledgments xxxiii1 FOG, EDGE AND PERVASIVE COMPUTING IN INTELLIGENT INTERNET OF THINGS DRIVEN APPLICATIONS IN HEALTHCARE: CHALLENGES, LIMITATIONS AND FUTURE USE 1Afroj Alam, Sahar Qazi, Naiyar Iqbal, and Khalid Raza1.1 Introduction 11.2 Why Fog, Edge, and Pervasive Computing? 31.3 Technologies Related to Fog and Edge Computing 61.4 Concept of Intelligent IoT Application in Smart (Fog) Computing Era 91.5 The Hierarchical Architecture of Fog/Edge Computing 121.6 Applications of Fog, Edge and Pervasive Computing in IoT-based Healthcare 151.7 Issues, Challenges, and Opportunity 171.7.1 Security and Privacy Issues 181.7.2 Resource Management 191.7.3 Programming Platform 191.8 Conclusion 20Bibliography 202 FUTURE OPPORTUNISTIC FOG/EDGE COMPUTATIONAL MODELS AND THEIR LIMITATIONS 27Sonia Singla, Naveen Kumar Bhati, and S. Aswath2.1 Introduction 282.2 What are the Benefits of Edge and Fog Computing for the Mechanical Web of Things (IoT)? 322.3 Disadvantages 342.4 Challenges 342.5 Role in Health Care 352.6 Blockchain and Fog, Edge Computing 382.7 How Blockchain will Illuminate Human Services Issues 402.8 Uses of Blockchain in the Future 412.9 Uses of Blockchain in Health Care 422.10 Edge Computing Segmental Analysis 422.11 Uses of Fog Computing 432.12 Analytics in Fog Computing 442.13 Conclusion 44Bibliography 443 AUTOMATING ELICITATION TECHNIQUE SELECTION USING MACHINE LEARNING 47Hatim M. Elhassan Ibrahim Dafallaa, Nazir Ahmad, Mohammed Burhanur Rehman, Iqrar Ahmad, and Rizwan khan3.1 Introduction 473.2 Related Work 483.3 Model: Requirement Elicitation Technique Selection Model 523.3.1 Determining Key Attributes 543.3.2 Selection Attributes 543.3.2.1 Analyst Experience 553.3.2.2 Number of Stakeholders 553.3.2.3 Technique Time 563.3.2.4 Level of Information 563.3.3 Selection Attributes Dataset 563.3.3.1 Mapping the Selection Attributes 573.3.4 k-nearest Neighbor Algorithm Application 573.4 Analysis and Results 603.5 The Error Rate 613.6 Validation 613.6.1 Discussion of the Results of the Experiment 623.7 Conclusion 62Bibliography 654 MACHINE LEARNING FRAMEWORKS AND ALGORITHMS FOR FOG AND EDGE COMPUTING 67Murali Mallikarjuna Rao Perumalla, Sanjay Kumar Singh, Aditya Khamparia, Anjali Goyal, and Ashish Mishra4.1 Introduction 684.1.1 Fog Computing and Edge Computing 684.1.2 Pervasive Computing 684.2 Overview of Machine Learning Frameworks for Fog and Edge Computing 694.2.1 TensorFlow 694.2.2 Keras 704.2.3 PyTorch 704.2.4 TensorFlow Lite 704.2.4.1 Use Pre-train Models 704.2.4.2 Convert the Model 704.2.4.3 On-device Inference 714.2.4.4 Model Optimization 714.2.5 Machine Learning and Deep Learning Techniques 714.2.5.1 Supervised, Unsupervised and Reinforcement Learning 714.2.5.2 Machine Learning, Deep Learning Techniques 724.2.5.3 Deep Learning Techniques 754.2.5.4 Efficient Deep Learning Algorithms for Inference 774.2.6 Pros and Cons of ML Algorithms for Fog and Edge Computing 784.2.6.1 Advantages using ML Algorithms 784.2.6.2 Disadvantages of using ML Algorithms 794.2.7 Hybrid ML Model for Smart IoT Applications 794.2.7.1 Multi-Task Learning 794.2.7.2 Ensemble Learning 804.2.8 Possible Applications in Fog Era using Machine Learning 814.2.8.1 Computer Vision 814.2.8.2 ML- Assisted Healthcare Monitoring System 814.2.8.3 Smart Homes 814.2.8.4 Behavior Analyses 824.2.8.5 Monitoring in Remote Areas and Industries 824.2.8.6 Self-Driving Cars 82Bibliography 825 INTEGRATED CLOUD BASED LIBRARY MANAGEMENT IN INTELLIGENT IOT DRIVEN APPLICATIONS 85Md Robiul Alam Robel, Subrato Bharati, Prajoy Podder, and M. Rubaiyat Hossain Mondal5.1 Introduction 865.1.1 Execution Plan for the Mobile Application 865.1.2 Main Contribution 865.2 Understanding Library Management 875.3 Integration of Mobile Platform with the Physical Library- Brief Concept 885.4 Database (Cloud Based) - A Must have Component for Library Automation 885.5 IoT Driven Mobile Based Library Management - General Concept 895.6 IoT Involved Real Time GUI (Cross Platform) Available to User 935.7 IoT Challenges 985.7.1 Infrastructure Challenges 995.7.2 Security Challenges 995.7.3 Societal Challenges 1005.7.4 Commercial Challenges 1015.8 Conclusion 102Bibliography 1046 A SYSTEMATIC AND STRUCTURED REVIEW OF INTELLIGENT SYSTEMS FOR DIAGNOSIS OF RENAL CANCER 105Nikita, Harsh Sadawarti, Balwinder Kaur, and Jimmy Singla6.1 Introduction 1066.2 Related Works 1076.3 Conclusion 119Bibliography 1197 LOCATION DRIVEN EDGE ASSISTED DEVICE AND SOLUTIONS FOR INTELLIGENT TRANSPORTATION 123Saravjeet Singh and Jaiteg Singh7.1 Introduction to Fog and Edge Computing 1247.1.1 Need for Fog and Edge Computing 1247.1.2 Fog Computing 1257.1.2.1 Application Areas of Fog Computing 1257.1.3 Edge Computing 1267.1.3.1 Advantages of Edge Computing 1277.1.3.2 Application Areas of Fog Computing 1297.2 Introduction to Transportation System 1297.3 Route Finding Process 1317.3.1 Challenges Associated with Land Navigation and Routing Process 1327.4 Edge Architecture for Route Finding 1337.5 Technique Used 1357.6 Algorithms Used for the Location Identification and Route Finding Process 1377.6.1 Location Identification 1377.6.2 Path Generation Technique 1387.7 Results and Discussions 1407.7.1 Output 1407.7.2 Benefits of Edge-based Routing 1437.8 Conclusion 145Bibliography 1468 DESIGN AND SIMULATION OF MEMS FOR AUTOMOBILE CONDITION MONITORING USING COMSOL MULTIPHYSICS SIMULATOR 149Natasha Tiwari, Anil Kumar, Pallavi Asthana, Sumita Mishra, and Bramah Hazela8.1 Introduction 1498.2 Related Work 1518.3 Vehicle Condition Monitoring through Acoustic Emission 1518.4 Piezo-resistive Micro Electromechanical Sensors for Monitoring the Faults Through AE 1528.5 Designing of MEM Sensor 1538.6 Experimental Setup 1538.6.1 FFT Analysis of Automotive Diesel Engine Sound Recording using MATLAB 1558.6.2 Design of MEMS Sensor using COMSOL Multiphysics 1558.6.3 Electrostatic Study Steps for the Optimized Tri-plate Comb Structure 1568.7 Result and Discussions 1578.8 Conclusion 158Bibliography 1589 IOT DRIVEN HEALTHCARE MONITORING SYSTEM 161Md Robiul Alam Robel, Subrato Bharati, Prajoy Podder, and M. Rubaiyat Hossain Mondal9.1 Introduction 1619.1.1 Complementary Aspects of Cloud IoT in Healthcare Applications 1629.1.2 Main Contribution 1649.2 General Concept for IoT Based Healthcare System 1649.3 View of the Overall IoT Healthcare System- Tiers Explained 1659.4 A Brief Design of the IoT Healthcare Architecture-individual Block Explanation 1669.5 Models/Frameworks for IoT use in Healthcare 1689.6 IoT e-Health System Model 1719.7 Process Flow for the Overall Model 1729.8 Conclusion 173Bibliography 17510 FOG COMPUTING AS FUTURE PERSPECTIVE IN VEHICULAR AD HOC NETWORKS 177Harjit Singh, Dr. Vijay Laxmi, Dr. Arun Malik, and Dr. Isha10.1 Introduction 17810.2 Future VANET: Primary Issues and Specifications 18010.3 Fog Computing 18110.3.1 Fog Computing Concept 18310.3.2 Fog Technology Characterization 18310.4 Related Works in Cloud and Fog Computing 18510.5 Fog and Cloud Computing-based Technology Applications in VANET 18610.6 Challenges of Fog Computing in VANET 18810.7 Issues of Fog Computing in VANET 18910.8 Conclusion 190Bibliography 19111 AN OVERVIEW TO DESIGN AN EFFICIENT AND SECURE FOG-ASSISTED DATA COLLECTION METHOD IN THE INTERNET OF THINGS 193Sofia, Arun Malik, Isha, and Aditya Khamparia11.1 Introduction 19311.2 Related Works 19411.3 Overview of the Chapter 19611.4 Data Collection in the IoT 19711.5 Fog Computing 19711.5.1 Why fog Computing for Data Collection in IoT? 19711.5.2 Architecture of Fog Computing 20011.5.3 Features of Fog Computing 20011.5.4 Threats of Fog Computing 20211.5.5 Applications of Fog Computing with the IoT 20311.6 Requirements for Designing a Data Collection Method 20411.7 Conclusion 206Bibliography 20612 ROLE OF FOG COMPUTING PLATFORM IN ANALYTICS OF INTERNET OF THINGS- ISSUES, CHALLENGES AND OPPORTUNITIES 209Mamoon Rashid and Umer Iqbal Wani12.1 Introduction to Fog Computing 20912.1.1 Hierarchical Fog Computing Architecture 21012.1.2 Layered Fog Computing Architecture 21212.1.3 Comparison of Fog and Cloud Computing 21312.2 Introduction to Internet of Things 21412.2.1 Overview of Internet of Things 21412.3 Conceptual Architecture of Internet of Things 21612.4 Relationship between Internet of Things and Fog Computing 21712.5 Use of Fog Analytics in Internet of Things 21812.6 Conclusion 218Bibliography 21813 A MEDICAL DIAGNOSIS OF URETHRAL STRICTURE USING INTUITIONISTIC FUZZY SETS 221Prabjot Kaur and Maria Jamal13.1 Introduction 22113.2 Preliminaries 22313.2.1 Introduction 22313.2.2 Fuzzy Sets 22313.2.3 Intuitionistic Fuzzy Sets 22413.2.4 Intuitionistic Fuzzy Relation 22413.2.5 Max-Min-Max Composition 22413.2.6 Linguistic Variable 22413.2.7 Distance Measure In Intuitionistic Fuzzy Sets 22413.2.7.1 The Hamming Distance 22413.2.7.2 Normalized Hamming Distance 22413.2.7.3 Compliment of an Intuitionistic Fuzzy Set Matrix 22513.2.7.4 Revised Max-Min Average Composition of A and B (A Φ B) 22513.3 Max-Min-Max Algorithm for Disease Diagnosis 22513.4 Case Study 22613.5 Intuitionistic Fuzzy Max-Min Average Algorithm for Disease Diagnosis 22713.6 Result 22813.7 Code for Calculation 22913.8 Conclusion 23313.9 Acknowledgement 234Bibliography 23414 SECURITY ATTACKS IN INTERNET OF THINGS 237Rajit Nair, Preeti Sharma, and Dileep Kumar Singh14.1 Introduction 23814.2 Reference Model of Internet of Things (IoT) 23814.3 IoT Communication Protocol 24614.4 IoT Security 24714.4.1 Physical Attack 24814.4.2 Network Attack 25214.4.3 Software Attack 25414.4.4 Encryption Attack 25514.5 Security Challenges in IoT 25614.5.1 Cryptographic Strategies 25614.5.2 Key Administration 25614.5.3 Denial of Service 25614.5.4 Authentication and Access Control 25714.6 Conclusion 257Bibliography 25715 FOG INTEGRATED NOVEL ARCHITECTURE FOR TELEHEALTH SERVICES WITH SWIFT MEDICAL DELIVERY 263Inderpreet Kaur, Kamaljit Singh Saini, and Jaiteg Singh Khaira15.1 Introduction 26415.2 Associated Work and Dimensions 26615.3 Need of Security in Telemedicine Domain and Internet of Things (IoT) 26715.3.1 Analytics Reports 26815.4 Fog Integrated Architecture for Telehealth Delivery 26815.5 Research Dimensions 26915.5.1 Benchmark Datasets 26915.6 Research Methodology and Implementation on Software Defined Networking 27015.6.1 Key Tools and Frameworks for IoT, Fog Computing and Edge Computing 27415.6.2 Simulation Analysis 27615.7 Conclusion 282Bibliography 28216 FRUIT FLY OPTIMIZATION ALGORITHM FOR INTELLIGENT IOT APPLICATIONS 287Satinder Singh Mohar, Sonia Goyal, and Ranjit Kaur16.1 An Introduction to the Internet of Things 28716.2 Background of the IoT 28816.2.1 Evolution of the IoT 28816.2.2 Elements Involved in IoT Communication 28816.3 Applications of the IoT 28916.3.1 Industrial 29016.3.2 Smart Parking 29016.3.3 Health Care 29016.3.4 Smart Offices and Homes 29016.3.5 Augment Maps 29116.3.6 Environment Monitoring 29116.3.7 Agriculture 29116.4 Challenges in the IoT 29116.4.1 Addressing Schemes 29116.4.2 Energy Consumption 29216.4.3 Transmission Media 29216.4.4 Security 29216.4.5 Quality of Service (QoS) 29216.5 Introduction to Optimization 29316.6 Classification of Optimization Algorithms 29316.6.1 Particle Swarm Optimization (PSO) Algorithm 29316.6.2 Genetic Algorithms 29416.6.3 Heuristic Algorithms 29416.6.4 Bio-inspired Algorithms 29416.6.5 Evolutionary Algorithms (EA) 29416.7 Network Optimization and IoT 29516.8 Network Parameters optimized by Different Optimization Algorithms 29516.8.1 Load Balancing 29516.8.2 Maximizing Network Lifetime 29516.8.3 Link Failure Management 29616.8.4 Quality of the Link 29616.8.5 Energy Efficiency 29616.8.6 Node Deployment 29616.9 Fruit Fly Optimization Algorithm 29716.9.1 Steps Involved in FOA 29716.9.2 Flow Chart of Fruit Fly Optimization Algorithm 29816.10 Applicability of FOA in IoT Applications 30016.10.1 Cloud Service Distribution in Fog Computing 30016.10.2 Cluster Head Selection in IoT 30016.10.3 Load Balancing in IoT 30016.10.4 Quality of Service in Web Services 30016.10.5 Electronics Health Records in Cloud Computing 30116.10.6 Intrusion Detection System in Network 30116.10.7 Node Capture Attack in WSN 30116.10.8 Node Deployment in WSN 30216.11 Node Deployment Using Fruit Fly Optimization Algorithm 30216.12 Conclusion 304Bibliography 30417 OPTIMIZATION TECHNIQUES FOR INTELLIGENT IOT APPLICATIONS 311Priyanka Pattnaik, Subhashree Mishra, and Bhabani Shankar Prasad Mishra17.1 Cuckoo Search 31217.1.1 Introduction to Cuckoo 31217.1.2 Natural Cuckoo 31217.1.3 Artificial Cuckoo Search 31317.1.4 Cuckoo Search Algorithm 31317.1.5 Cuckoo Search Variants 31417.1.6 Discrete Cuckoo Search 31417.1.7 Binary Cuckoo Search 31417.1.8 Chaotic Cuckoo Search 31617.1.9 Parallel Cuckoo Search 31717.1.10 Application of Cuckoo Search 31717.2 Glow Worm Algorithm 31717.2.1 Introduction to Glow Worm 31717.2.2 Glow Worm Swarm Optimization Algorithm (GSO) 31717.3 Wasp Swarm Optimization 32117.3.1 Introduction to Wasp Swarm and Wasp Swarm Algorithm (WSO) 32117.3.2 Fish Swarm Optimization (FSO) 32217.3.3 Fruit Fly Optimization (FLO) 32217.3.4 Cockroach Swarm Optimization 32417.3.5 Bumblebee Algorithm 32417.3.6 Dolphin Echolocation 32517.3.7 Shuffled Frog-leaping Algorithm 32617.3.8 Paddy Field Algorithm 32717.4 Real World Applications Area 328Summary 329Bibliography 32918 OPTIMIZATION TECHNIQUES FOR INTELLIGENT IOT APPLICATIONS IN TRANSPORT PROCESSES 333Muzafer Saračević, Zoran Lončarević, and Adnan Hasanović18.1 Introduction 33318.2 Related Works 33518.3 TSP Optimization Techniques 33618.4 Implementation and Testing of Proposed Solution 33818.5 Experimental Results 34218.5.1 Example Test with 50 Cities 34318.5.2 Example Test with 100 Cities 34418.6 Conclusion and Further Works 346Bibliography 34719 ROLE OF INTELLIGENT IOT APPLICATIONS IN FOG PARADIGM: ISSUES, CHALLENGES AND FUTURE OPPORTUNITIES 351Priyanka Rajan Kumar and Sonia Goel19.1 Fog Computing 35219.1.1 Need of Fog computing 35219.1.2 Architecture of Fog Computing 35319.1.3 Fog Computing Reference Architecture 35419.1.4 Processing on Fog 35519.2 Concept of Intelligent IoT Applications in Smart Computing Era 35519.3 Components of Edge and Fog Driven Algorithm 35619.4 Working of Edge and Fog Driven Algorithms 35719.5 Future Opportunistic Fog/Edge Computational Models 36019.5.1 Future Opportunistic Techniques 36119.6 Challenges of Fog Computing for Intelligent IoT Applications 36119.7 Applications of Cloud Based Computing for Smart Devices 363Bibliography 36420 SECURITY AND PRIVACY ISSUES IN FOG/EDGE/PERVASIVE COMPUTING 369Shweta Kaushik and Charu Gandhi20.1 Introduction to Data Security and Privacy in Fog Computing 37020.2 Data Protection/ Security 37520.3 Great Security Practices In Fog Processing Condition 37720.4 Developing Patterns in Security and Privacy 38120.5 Conclusion 385Bibliography 38521 FOG AND EDGE DRIVEN SECURITY & PRIVACY ISSUES IN IOT DEVICES 389Deepak Kumar Sharma, Aarti Goel, and Pragun Mangla21.1 Introduction to Fog Computing 39021.1.1 Architecture of Fog 39021.1.2 Benefits of Fog Computing 39221.1.3 Applications of Fog with IoT 39321.1.4 Major Challenges for Fog with IoT 39421.1.5 Security and Privacy Issues in Fog Computing 39521.2 Introduction to Edge Computing 39921.2.1 Architecture and Working 40021.2.2 Applications and use Cases 40021.2.3 Characteristics of Edge Computing 40321.2.4 Challenges of Edge Computing 40421.2.5 How to Protect Devices “On the Edge”? 40521.2.6 Comparison with Fog Computing 405Bibliography 406Index 409
Home Server
Das eigene Netzwerk mit Intel NUC oder Raspberry Pi - so richten Sie Ihren Heimserver ein.Mit einer eigenen Schaltzentrale in Ihrem Heimnetzwerk sorgen Sie dafür, dass Sie zuverlässig alle Ihre Daten und Dienste jederzeit im Zugriff haben. Wie Sie einen solchen Home Server einfach und günstig mit dem Raspberry Pi oder dem Intel NUC einrichten, zeigt Ihnen Dennis Rühmer in seinem neuen Leitfaden. Auf 800 Seiten lernen Sie alles, was Sie brauchen, mit vielen Anleitungen und Hinweisen zu Sicherheit und Telefonie. Ob Sie auf Ihre eigene Cloud von überall zugreifen wollen, ob Sie einen privaten Chat-Dienst einrichten möchten, Musik und Videos im eigenen Netzwerk gestreamt werden sollen, oder ob Sie einen zuverlässigen VPN-Server brauchen: Sie werden überrascht sein, wie Sie mit ein wenig Hardware und dem Wissen aus diesem Buch ein leistungsstarkes System zu Hause aufbauen können.Leseprobe (PDF-Link)
Skalierbare Container-Infrastrukturen (3. Auflg.)
Das Handbuch für Administratoren. Die Referenz für DevOps-Teams und Admins in 3. Auflage 2020.Virtualisierung hat die nächste Evolutionsstufe erreicht – hochskalierbare, automatisierte und ausfallsichere Container-Umgebungen. Leistungsfähige IaaS/IaC-Mechanismen rollen Ihre virtuelle Infrastruktur auf Knopfdruck vollautomatisiert aus und provisionieren Cluster und Applikationen in jedem gewünschten Versionsstand. Mit GitOps-basierten, vollautomatisierten CI/CD-Pipelines, automatischer Skalierung von Applikationen und Cluster-Nodes on-demand, flexiblen Service-Meshes und Serverless-Architekturen sowie intelligenten Operatoren machen Sie Ihre Infrastruktur fit für die Zukunft.Die dritte, komplett überarbeitete Auflage der bewährten Container-Referenz liefert Ihnen tiefes, fundiertes Profi-Know-how und praxiserprobte Anleitungen. Sorgen Sie dafür, dass Ihr Unternehmen dank der aktuellsten Container-Technologien auf Basis von Kubernetes und OpenShift wettbewerbsfähig bleibt und bereits jetzt zukünftigen Anforderungen an Skalierbarkeit, Flexibilität, Hochverfügbarkeit und Planungssicherheit gewachsen ist!Container-Engines und Tools: CRI-O, Podman, Buildah, Skopeo und DockerProfessionelle Container-Orchestrierung mit Kubernetes und OpenShift, Vollautomation mit IaaS/IaC, intelligente Operatoren selbst erstellen und einsetzenService Meshes, Serverless-Architekturen und Integration von IDM-LösungenGitOps-basierte und vollautomatisierte Pipelines für maximale EffizienzStorage-Provisioner, containerisierte SDS-Lösungen, Security, Logging, Monitoring, Custom Metrics, Autoscaler und vieles mehr.Leseprobe (PDF-Link)
AWS Certified Data Analytics Study Guide
MOVE YOUR CAREER FORWARD WITH AWS CERTIFICATION! PREPARE FOR THE AWS CERTIFIED DATA ANALYTICS SPECIALTY EXAM WITH THIS THOROUGH STUDY GUIDEThis comprehensive study guide will help assess your technical skills and prepare for the updated AWS Certified Data Analytics exam. Earning this AWS certification will confirm your expertise in designing and implementing AWS services to derive value from data. The AWS Certified Data Analytics Study Guide: Specialty (DAS-C01) Exam is designed for business analysts and IT professionals who perform complex Big Data analyses.This AWS Specialty Exam guide gets you ready for certification testing with expert content, real-world knowledge, key exam concepts, and topic reviews. Gain confidence by studying the subject areas and working through the practice questions. Big data concepts covered in the guide include:* Collection* Storage* Processing* Analysis* Visualization* Data securityAWS certifications allow professionals to demonstrate skills related to leading Amazon Web Services technology. The AWS Certified Data Analytics Specialty (DAS-C01) Exam specifically evaluates your ability to design and maintain Big Data, leverage tools to automate data analysis, and implement AWS Big Data services according to architectural best practices. An exam study guide can help you feel more prepared about taking an AWS certification test and advancing your professional career. In addition to the guide’s content, you’ll have access to an online learning environment and test bank that offers practice exams, a glossary, and electronic flashcards.ASIF ABBASI has over 20 years of experience working in various Data & Analytics engineering, consulting and advisory roles with some of the largest customers across the globe to help them in their quest to become more data driven. Asif is the author of Learning Apache Spark 2.0 and is an AWS Certified Data Analytics & Machine Learning Specialist, AWS Certified Solutions Architect (Professional), Hortonworks Certified Hadoop Professional and Administrator, Certified Spark Developer, SAS Certified Predictive Modeler, and Sun Certified Enterprise Architect. Asif is also a Project Management Professional.Introduction xxiAssessment Test xxxCHAPTER 1 HISTORY OF ANALYTICS AND BIG DATA 1Evolution of Analytics Architecture Over the Years 3The New World Order 5Analytics Pipeline 6Data Sources 7Collection 8Storage 8Processing and Analysis 9Visualization, Predictive and Prescriptive Analytics 9The Big Data Reference Architecture 10Data Characteristics: Hot, Warm, and Cold 11Collection/Ingest 12Storage 13Process/Analyze 14Consumption 15Data Lakes and Their Relevance in Analytics 16What is a Data Lake? 16Building a Data Lake on AWS 19Step 1: Choosing the Right Storage – Amazon S3Is the Base 19Step 2: Data Ingestion – Moving the Data intothe Data Lake 21Step 3: Cleanse, Prep, and Catalog the Data 22Step 4: Secure the Data and Metadata 23Step 5: Make Data Available for Analytics 23Using Lake Formation to Build a Data Lake on AWS 23Exam Objectives 24Objective Map 25Assessment Test 27References 29CHAPTER 2 DATA COLLECTION 31Exam Objectives 32AWS IoT 33Common Use Cases for AWS IoT 35How AWS IoT Works 36Amazon Kinesis 38Amazon Kinesis Introduction 40Amazon Kinesis Data Streams 40Amazon Kinesis Data Analytics 54Amazon Kinesis Video Streams 61AWS Glue 64Glue Data Catalog 66Glue Crawlers 68Authoring ETL Jobs 69Executing ETL Jobs 71Change Data Capture with Glue Bookmarks 71Use Cases for AWS Glue 72Amazon SQS 72Amazon Data Migration Service 74What is AWS DMS Anyway? 74What Does AWS DMS Support? 75AWS Data Pipeline 77Pipeline Definition 77Pipeline Schedules 78Task Runner 79Large-Scale Data Transfer Solutions 81AWS Snowcone 81AWS Snowball 82AWS Snowmobile 85AWS Direct Connect 86Summary 87Review Questions 88References 90Exercises & Workshops 91CHAPTER 3 DATA STORAGE 93Introduction 94Amazon S3 95Amazon S3 Data Consistency Model 96Data Lake and S3 97Data Replication in Amazon S3 100Server Access Logging in Amazon S3 101Partitioning, Compression, and File Formats on S3 101Amazon S3 Glacier 103Vault 103Archive 104Amazon DynamoDB 104Amazon DynamoDB Data Types 105Amazon DynamoDB Core Concepts 108Read/Write Capacity Mode in DynamoDB 108DynamoDB Auto Scaling and Reserved Capacity 111Read Consistency and Global Tables 111Amazon DynamoDB: Indexing and Partitioning 113Amazon DynamoDB Accelerator 114Amazon DynamoDB Streams 115Amazon DynamoDB Streams – Kinesis Adapter 116Amazon DocumentDB 117Why a Document Database? 117Amazon DocumentDB Overview 119Amazon Document DB Architecture 120Amazon DocumentDB Interfaces 120Graph Databases and Amazon Neptune 121Amazon Neptune Overview 122Amazon Neptune Use Cases 123Storage Gateway 123Hybrid Storage Requirements 123AWS Storage Gateway 125Amazon EFS 127Amazon EFS Use Cases 130Interacting with Amazon EFS 132Amazon EFS Security Model 132Backing Up Amazon EFS 132Amazon FSx for Lustre 133Key Benefits of Amazon FSx for Lustre 134Use Cases for Lustre 135AWS Transfer for SFTP 135Summary 136Exercises 137Review Questions 140Further Reading 142References 142CHAPTER 4 DATA PROCESSING AND ANALYSIS 143Introduction 144Types of Analytical Workloads 144Amazon Athena 146Apache Presto 147Apache Hive 148Amazon Athena Use Cases and Workloads 149Amazon Athena DDL, DML, and DCL 150Amazon Athena Workgroups 151Amazon Athena Federated Query 153Amazon Athena Custom UDFs 154Using Machine Learning with Amazon Athena 154Amazon EMR 155Apache Hadoop Overview 156Amazon EMR Overview 157Apache Hadoop on Amazon EMR 158EMRFS 166Bootstrap Actions and Custom AMI 167Security on EMR 167EMR Notebooks 168Apache Hive and Apache Pig on Amazon EMR 169Apache Spark on Amazon EMR 174Apache HBase on Amazon EMR 182Apache Flink, Apache Mahout, and Apache MXNet 184Choosing the Right Analytics Tool 186Amazon Elasticsearch Service 188When to Use Elasticsearch 188Elasticsearch Core Concepts (the ELK Stack) 189Amazon Elasticsearch Service 191Amazon Redshift 192What is Data Warehousing? 192What is Redshift? 193Redshift Architecture 195Redshift AQUA 198Redshift Scalability 199Data Modeling in Redshift 205Data Loading and Unloading 213Query Optimization in Redshift 217Security in Redshift 221Kinesis Data Analytics 225How Does It Work? 226What is Kinesis Data Analytics for Java? 228Comparing Batch Processing Services 229Comparing Orchestration Options on AWS 230AWS Step Functions 230Comparing Different ETL Orchestration Options 230Summary 231Exam Essentials 232Exercises 232Review Questions 235References 237Recommended Workshops 237Amazon Athena Blogs 238Amazon Redshift Blogs 240Amazon EMR Blogs 241Amazon Elasticsearch Blog 241Amazon Redshift References and Further Reading 242CHAPTER 5 DATA VISUALIZATION 243Introduction 244Data Consumers 245Data Visualization Options 246Amazon QuickSight 247Getting Started 248Working with Data 250Data Preparation 255Data Analysis 256Data Visualization 258Machine Learning Insights 261Building Dashboards 262Embedding QuickSight Objects into Other Applications 264Administration 265Security 266Other Visualization Options 267Predictive Analytics 270What is Predictive Analytics? 270The AWS ML Stack 271Summary 273Exam Essentials 273Exercises 274Review Questions 275References 276Additional Reading Material 276CHAPTER 6 DATA SECURITY 279Introduction 280Shared Responsibility Model 280Security Services on AWS 282AWS IAM Overview 285IAM User 285IAM Groups 286IAM Roles 287Amazon EMR Security 289Public Subnet 290Private Subnet 291Security Configurations 293Block Public Access 298VPC Subnets 298Security Options during Cluster Creation 299EMR Security Summary 300Amazon S3 Security 301Managing Access to Data in Amazon S3 301Data Protection in Amazon S3 305Logging and Monitoring with Amazon S3 306Best Practices for Security on Amazon S3 308Amazon Athena Security 308Managing Access to Amazon Athena 309Data Protection in Amazon Athena 310Data Encryption in Amazon Athena 311Amazon Athena and AWS Lake Formation 312Amazon Redshift Security 312Levels of Security within Amazon Redshift 313Data Protection in Amazon Redshift 315Redshift Auditing 316Redshift Logging 317Amazon Elasticsearch Security 317Elasticsearch Network Configuration 318VPC Access 318Accessing Amazon Elasticsearch and Kibana 319Data Protection in Amazon Elasticsearch 322Amazon Kinesis Security 325Managing Access to Amazon Kinesis 325Data Protection in Amazon Kinesis 326Amazon Kinesis Best Practices 326Amazon QuickSight Security 327Managing Data Access with Amazon QuickSight 327Data Protection 328Logging and Monitoring 329Security Best Practices 329Amazon DynamoDB Security 329Access Management in DynamoDB 329IAM Policy with Fine-Grained Access Control 330Identity Federation 331How to Access Amazon DynamoDB 332Data Protection with DynamoDB 332Monitoring and Logging with DynamoDB 333Summary 334Exam Essentials 334Exercises/Workshops 334Review Questions 336References and Further Reading 337APPENDIX ANSWERS TO REVIEW QUESTIONS 339Chapter 1: History of Analytics and Big Data 340Chapter 2: Data Collection 342Chapter 3: Data Storage 343Chapter 4: Data Processing and Analysis 344Chapter 5: Data Visualization 346Chapter 6: Data Security 346Index 349
Kapazitätsplanung mit SAP
Dieses kundige Handbuch beantwortet alle Ihre Fragen rund um die Kapazitätsplanung mit SAP! Die Autoren erläutern Ihnen die Kapazitätsplanung als integrierten Gesamtprozess und zeigen Ihnen, welche Besonderheiten Sie bei den verschiedenen Funktionsbereichen, Branchen und Prozessen berücksichtigen müssen. So lernen Sie die Funktionen für die lang- und kurzfristige Planung in den ERP-Systemen SAP ECC und SAP S/4HANA sowie in APO und IBP kennen und erfahren, wie Sie sie kombinieren, implementieren und anwenden. Aus dem Inhalt: Stamm- und BewegungsdatenLangfristige Planung:Supply Network Planning (SNP)Capable-to-Match (CTM)SAP IBP für Sales and Operations PlanningKurzfristige Planung:Capacity Requirements Planning (CRP)Embedded PP/DSCapable-to-Promise (CTP)Predictive Material and Resource Planning (pMRP)SAP IBP für Response and SupplyIntegration von SAP APO, SAP IBP, SAP ECC und SAP S/4HANASAP S/4HANA CloudVerwandte ProzesseProzessbeispiele Einleitung ... 25 Zielgruppe ... 25 Aufbau ... 25 Hinweise zur Lektüre ... 27 Teil I Grundlagen und Prozesse ... 29 1. Erweitertes MRP-II-Konzept ... 31 1.1 ... Schritte des MRP-II-Konzepts ... 31 1.2 ... Sukzessivplanung vs. Simultanplanung ... 34 1.3 ... Einbettung der Kapazitätsplanung in das MRP-II-Konzept ... 35 2. Kapazitätsplanung ... 39 2.1 ... Charakteristika und Vorgehensweisen in der Kapazitätsplanung ... 40 2.2 ... Anwendungsgebiete der Kapazitätsplanung ... 67 2.3 ... Kapazitätsplanungskonstellationen in SAP ... 69 2.4 ... Fazit ... 76 Teil II Stamm- und Bewegungsdaten ... 77 3. Globale Stammdaten ... 79 3.1 ... Werk und Lokation ... 79 3.2 ... Material und Produkt ... 85 3.3 ... Arbeitsplatz und Ressource ... 95 3.4 ... Fertigungsversion, Produktionsdatenstruktur (PDS) und Produktionsbezugsquellen ... 118 3.5 ... Transportbeziehungen ... 126 3.6 ... Stammdatenumgebungen für aktive Planung und Simulationen ... 129 3.7 ... Fazit ... 132 4. Anwendungsspezifische Stammdaten ... 133 4.1 ... Stammdaten der Projekt- sowie der Instandhaltungsplanung ... 133 4.2 ... Rüstinformationen ... 135 4.3 ... Kostenpflege ... 137 4.4 ... Fazit ... 140 5. Bewegungsdaten ... 141 5.1 ... Auftragsbezogene Bewegungsdaten ... 141 5.2 ... Kennzahlenbezogene Bewegungsdaten ... 156 5.3 ... Fazit ... 159 6. Integration von Stamm- und Bewegungsdaten in SAP APO, ePP/DS und SAP IBP ... 161 6.1 ... Integration ins APO-System ... 162 6.2 ... Integration in ePP/DS ... 173 6.3 ... Integration ins IBP-System ... 177 6.4 ... Fazit ... 179 7. Funktionen der Auftragsanlage ... 181 7.1 ... Anlage von Planungselementen in der Bedarfsplanung ... 182 7.2 ... Anlage von Planungselementen in der Projektplanung ... 194 7.3 ... Anlage von Planungselementen in der Instandhaltungsplanung ... 195 7.4 ... Anlage von Planungselementen in der Kundenauftragsabwicklung ... 195 7.5 ... Fazit ... 196 Teil III Langfristige Kapazitätsplanung ... 197 8. Langfristplanung und predictive MRP in SAP ECC und SAP S/4HANA ... 199 8.1 ... Langfristplanung ... 199 8.2 ... predictive Material and Resource Planning (pMRP) ... 214 8.3 ... Fazit ... 220 9. Grundlagen der langfristigen Kapazitätsplanung in SAP APO ... 221 9.1 ... Überblick und Prozesse von SNP ... 222 9.2 ... Grundkonzept und Funktionsweise von SNP ... 229 9.3 ... Überblick über die Konfiguration von SNP ... 239 9.4 ... Methoden zur langfristigen Kapazitätsplanung in SAP APO ... 245 9.5 ... Fazit ... 249 10. SNP-Heuristik/Kapazitätsabgleich in SAP APO ... 251 10.1 ... Grundlagen, Verwendung und Funktionsweise der SNP-Heuristik ... 252 10.2 ... Grundlagen, Verwendung und Funktionsweise des Kapazitätsabgleichs ... 265 10.3 ... Einstellungen und Stammdaten der Heuristik und des Kapazitätsabgleichs ... 272 10.4 ... SNP-Heuristik und Kapazitätsabgleich durchführen ... 279 10.5 ... Sonderprozesse und Beispiele ... 283 10.6 ... Fazit ... 285 11. SNP-Optimierer in SAP APO ... 287 11.1 ... Grundlagen, Verwendung und Funktionsweise des SNP-Optimierers ... 287 11.2 ... Restriktionen und Kosten im SNP-Optimierer ... 300 11.3 ... Einstellungen und Stammdaten im SNP-Optimierer ... 315 11.4 ... SNP-Optimierer-Planung durchführen und Ergebnisse analysieren ... 323 11.5 ... Sonderprozesse und Beispiele ... 328 11.6 ... Fazit ... 329 12. Capable-to-Match (CTM) in SAP APO ... 331 12.1 ... Grundlagen, Verwendung und Funktionsweise von CTM ... 332 12.2 ... Einstellungen und Stammdaten in CTM ... 347 12.3 ... CTM-Planung durchführen ... 367 12.4 ... Planungsergebnisse analysieren ... 368 12.5 ... Sonderprozesse und Beispiele ... 370 12.6 ... Fazit ... 375 13. Sonderprozesse in der langfristigen Planung in SAP APO ... 377 13.1 ... Aggregierte Planung in SNP ... 377 13.2 ... Haltbarkeiten in SNP ... 378 13.3 ... Variantenkonfiguration/merkmalsbasierte Planung ... 379 13.4 ... Vendor-Managed Inventory (VMI) ... 380 13.5 ... Planen von Lieferanten und Berücksichtigung von Lieferplänen ... 381 13.6 ... Lohnbearbeitung in SNP ... 382 13.7 ... Fazit ... 383 14. Interaktive, langfristige Kapazitätsplanung ... 385 14.1 ... Interaktive SNP-Planung ... 386 14.2 ... Alert-Monitor ... 390 14.3 ... Allgemeine Funktionen der interaktiven Planung ... 390 14.4 ... Fazit ... 391 Teil IV Mittel- bis langfristige Kapazitätsplanung ... 393 15. Grundlagen der mittel- bis langfristigen Kapazitätsplanung in SAP IBP ... 395 15.1 ... Überblick und Prozesse in SAP IBP ... 395 15.2 ... Zeitreihenbasierte Kapazitätsplanung mit SAP IBP ... 398 15.3 ... Auftragsbasierte Kapazitätsplanung mit SAP IBP ... 400 15.4 ... Fazit ... 402 16. Zeitreihenbasierte Kapazitätsplanung in SAP IBP ... 403 16.1 ... Verwendung und Funktionsweise ... 403 16.2 ... Zeitreihenbasierte Algorithmen in der Kapazitätsplanung ... 408 16.3 ... Konfiguration der zeitreihenbasierten Beschaffungsplanung ... 425 16.4 ... Beispiele für zeitreihenbasierte Kapazitätsplanung ... 455 16.5 ... Fazit ... 459 17. Auftragsbasierte Kapazitätsplanung in SAP IBP ... 459 17.1 ... Übersicht über die auftragsbasierte Kapazitätsplanung in SAP IBP ... 460 17.2 ... Basiseinstellungen ... 460 17.3 ... Planungsläufe ... 467 17.4 ... Fazit ... 474 18. Interaktive mittel- bis langfristige Kapazitätsplanung in SAP IBP ... 475 18.1 ... Microsoft Excel ... 476 18.2 ... Browserbasierte Benutzeroberflächen (Web UIs) ... 513 18.3 ... Fazit ... 533 Teil V Kurzfristige Kapazitätsplanung ... 535 19. Kapazitätsplanung in SAP ECC und SAP S/4HANA ... 537 19.1 ... Auftragsterminierung und Kapazitätsbedarfe ... 539 19.2 ... Kapazitätsauswertung ... 558 19.3 ... Kapazitätsabgleich ... 563 19.4 ... Kapazitätsverfügbarkeitsprüfung ... 569 19.5 ... Fazit ... 573 20. Grundlagen der kurzfristigen Kapazitätsplanung in SAP APO und ePP/DS ... 575 20.1 ... Auftrag als Planungselement im APO-System bzw. in ePP/DS ... 575 20.2 ... Pegging ... 587 20.3 ... Fazit ... 601 21. Heuristiken der kurzfristigen Kapazitätsplanung in SAP APO und ePP/DS ... 603 21.1 ... Überblick der in PP/DS vorhandenen Heuristiken ... 605 21.2 ... Strategieprofile in der kurzfristigen Kapazitätsplanung ... 612 21.3 ... PP/DS-Heuristiken in der kurzfristigen Kapazitätsplanung im Detail ... 639 21.4 ... Fazit ... 643 22. Optimierung in der kurzfristigen Kapazitätsplanung in SAP APO und ePP/DS ... 645 22.1 ... Verwendung des genetischen Algorithmus in der PP/DS-Optimierung ... 646 22.2 ... Zielfunktion in der PP/DS-Optimierung ... 648 22.3 ... Randbedingungen in der PP/DS-Optimierung ... 650 22.4 ... PP/DS-Optimierungsfenster ... 652 22.5 ... Ressourcen in der PP/DS-Optimierung ... 652 22.6 ... Aufträge in der PP/DS-Optimierung ... 654 22.7 ... Ablauf der PP/DS-Optimierung ... 657 22.8 ... Weitere Aspekte der PP/DS-Optimierung ... 659 22.9 ... Fazit ... 661 23. Kapazitive Verfügbarkeitsprüfung ... 663 23.1 ... Grundlagen ... 663 23.2 ... Verwendung und Funktionsweise ... 666 23.3 ... Einstellungen für die CTP-Planung ... 668 23.4 ... Prozesse in der CTP-Planung ... 677 23.5 ... Funktionale Einschränkungen in der CTP-Planung ... 688 23.6 ... Fazit ... 691 24. Sonderprozesse in der kurzfristigen Kapazitätsplanung in SAP APO und ePP/DS ... 693 24.1 ... Finiter MRP-Lauf und kapazitätsgetriebene Auftragsanlage ... 693 24.2 ... Haltbarkeiten ... 695 24.3 ... Planung mit Merkmalen ... 698 24.4 ... Kurzfristige Kapazitätsplanung im Projektumfeld ... 706 24.5 ... Kurzfristige Kapazitätsplanung im Prozessfertigungsumfeld ... 708 24.6 ... Kurzfristige Kapazitätsplanung im Serienfertigungsumfeld ... 713 24.7 ... Fazit ... 715 25. Interaktive, kurzfristige Kapazitätsplanung in SAP APO und ePP/DS ... 717 25.1 ... Werkzeuge der interaktiven Planung ... 718 25.2 ... Alert-Monitor ... 723 25.3 ... Plan-Monitor ... 740 25.4 ... Supply Chain Cockpit ... 743 25.5 ... Auftragsbearbeitung ... 746 25.6 ... Zugangs- und Bedarfssicht ... 748 25.7 ... Grafische Feinplanungstafel ... 749 25.8 ... Kapazitätsauswertungen ... 757 25.9 ... Produktsicht, erweiterte Produktplanung und Produktübersicht ... 757 25.10 ... Produktplantafel ... 760 25.11 ... Fazit ... 762 Teil VI Anschließende Prozessschritte und Kapazitätsplanungsszenarios ... 763 26. Auftragsausführung (Execution) ... 765 26.1 ... Überblick über die Ausführung im Rahmen der Eigenfertigung ... 766 26.2 ... Auftragsumsetzung/Eröffnung ... 767 26.3 ... Verfügbarkeitsprüfung ... 772 26.4 ... Auftragsfreigabe ... 774 26.5 ... Materialentnahme ... 776 26.6 ... Rückmeldung ... 778 26.7 ... Lagerzugang ... 781 26.8 ... Abrechnung ... 782 26.9 ... Abschluss ... 782 26.10 ... Fazit ... 782 27. Kapazitive Planung von Transporten ... 785 27.1 ... Grundlagen des Deployments und des Transport Load Builders ... 785 27.2 ... Grundlagen von SAP APO TP/VS ... 789 27.3 ... Grundlagen von SAP Transportation Management (TM) ... 797 27.4 ... Fazit ... 801 28. Integration der Kapazitätsplanungsfunktionen ... 803 28.1 ... Integration der Kapazitätsplanung in den ERP-Systemen ... 804 28.2 ... Integration der Kapazitätsplanung in den SAP-ERP-Systemen und SAP APO ... 805 28.3 ... Integration der Kapazitätsplanung in SAP APO (SNP und PP/DS) ... 808 28.4 ... Integration der Kapazitätsplanung in SAP S/4HANA, SAP IBP für Supply und ePP/DS ... 812 28.5 ... Fazit ... 813 29. Beispielszenario ... 815 29.1 ... Projektbeispiel ... 815 29.2 ... Absatzplanung in SAP ... 819 29.3 ... Kundenauftragseingang auf Endproduktebene ... 819 29.4 ... Beispiel für die Kapazitätsplanung im APO-System ... 820 29.5 ... Fazit ... 831 30. Fazit und Ausblick ... 833 Anhang ... 835 A ... Relevante Erweiterungen ... 837 B ... Literaturverzeichnis ... 851 C ... Das Autorenteam ... 853 Index ... 855
VMware vSphere 7
Mit diesem Buch administrieren Sie VMware vSphere effizient und sicher. Als Berater, IT-Architekt oder Administrator erhalten Sie Hintergrundinformationen und Praxistipps von echten Experten zu allen neuen Features und Produkten des VMware Datencenters. Aus dem Inhalt: vSphere-ArchitekturvMotion und Storage MotionCluster-VerwaltungInstallation und AdministrationNetzwerkkonfiguration und NetzwerkvirtualisierungStorage Architektur und VMware Virtual SANvCenter ESXi und vCenter-AddonsDatensicherung und Ausfallsicherheit in vSphere-UmgebungenvSphere integrated ContainervCenter Server Alliance mit vCenter HAVMware Cloud FoundationHybrid Cloud Vorworte und Danksagungen ... 27 1. Einleitung ... 37 1.1 ... Servervirtualisierung ... 37 1.2 ... Die VMware-Produktfamilie ... 41 1.3 ... Einführung in die VMware-Servervirtualisierung ... 44 2. vSphere-Architektur ... 53 2.1 ... Infrastrukturbestandteile eines Software-Defined Datacenter (SDDC) ... 53 2.2 ... vSphere-Host ... 54 2.3 ... Architektur eines vSphere-Hosts ... 55 2.4 ... Grundlagen der CPU-Virtualisierung ... 57 2.5 ... Grundlagen der Memory-Virtualisierung ... 66 2.6 ... Grundlagen der Hardwarevirtualisierung ... 71 2.7 ... Management einer virtuellen vSphere-Infrastruktur ... 73 2.8 ... Verschlüsselung ... 91 2.9 ... Maximale Ausstattung ... 92 3. vMotion und Storage vMotion ... 97 3.1 ... vMotion ... 100 3.2 ... Storage vMotion ... 153 4. Cluster ... 173 4.1 ... Cluster-Objekt ... 173 4.2 ... HA-Cluster ... 179 4.3 ... DRS-Cluster ... 215 5. Installation von ESXi und vCenter ... 235 5.1 ... VMware vSphere 7 ... 235 5.2 ... Upgrade auf vSphere 7 ... 251 5.3 ... Quick Boot ESXi ... 257 5.4 ... Der Platform Services Controller ... 257 5.5 ... Installation der VMware vCenter Server Appliance ... 258 5.6 ... Patchen des vCenter Servers ... 274 5.7 ... Upgrade des vCenter Servers ... 279 5.8 ... Migration vom Windows vCenter zur vCenter Server Appliance ... 290 5.9 ... Nachträgliche Änderungen am vCenter ... 297 5.10 ... vCenter-Server-Komponenten ... 306 5.11 ... VMware vCenter Converter Standalone ... 318 5.12 ... Hochverfügbarkeit für vCenter Server und Komponenten ... 320 5.13 ... Lizenzierung ... 329 6. Verwaltungsmöglichkeiten ... 331 6.1 ... Die lokale Hostkonsole ... 331 6.2 ... Zugriff auf die Hostkonsole per SSH ... 332 6.3 ... Die Weboberfläche des Hosts ... 333 6.4 ... Die lokale VCSA-Konsole ... 334 6.5 ... Zugriff auf die VCSA per SSH ... 335 6.6 ... Die Weboberfläche der VCSA ... 336 6.7 ... vSphere Web Client ... 337 6.8 ... Administration über mobile Geräte ... 346 6.9 ... vCenter Server ... 347 6.10 ... VMware vSphere PowerCLI ... 357 7. Das Netzwerk in VMware vSphere ... 359 7.1 ... Grundsätzliche Planungsaspekte ... 359 7.2 ... Die physischen und virtuellen Netzwerkschichten ... 364 7.3 ... Die physischen Netzwerkkarten im Host ... 367 7.4 ... vSS und vDS -- eine Gegenüberstellung ... 369 7.5 ... Arbeiten mit dem vNetwork Standard Switch (vSS) ... 389 7.6 ... Arbeiten mit dem vNetwork Distributed Switch (vDS) ... 393 7.7 ... Die Migration von vSS auf vDS ... 421 7.8 ... Managementnetzwerk -- Reparaturfunktionen ... 430 7.9 ... Architektur-Beispiele ... 433 8. Netzwerkvirtualisierung mit VMware NSX Data Center ... 443 8.1 ... VMware NSX: Geschichte und Vision ... 444 8.2 ... VMware NSX-T im Vergleich zu NSX-v: ein Überblick über die Unterschiede ... 447 8.3 ... VMware NSX-T im Überblick ... 449 8.4 ... Exkurs: Das GENEVE-Protokoll ... 451 8.5 ... Die Architektur von NSX-T ... 455 8.6 ... Die Komponenten von NSX-T im Detail ... 458 8.7 ... Die Einrichtung von NSX-T vorbereiten ... 465 8.8 ... Die NSX-T-Installation (Management Plane) ... 471 8.9 ... NSX-T mit einer beispielhaften Netzwerktopologie ... 506 8.10 ... Zusammenfassung und Ausblick ... 534 9. Storage-Architektur ... 537 9.1 ... Lokale Medien ... 538 9.2 ... Die Wahl: Block oder File? ... 544 9.3 ... Storage Area Network -- was ist eigentlich ein SAN? ... 546 9.4 ... Infiniband ... 547 9.5 ... Kommunikation ... 548 9.6 ... FC-Speichernetzwerk ... 557 9.7 ... FCoE ... 563 9.8 ... NVMe-oF ... 565 9.9 ... iSCSI-Speichernetzwerk ... 566 9.10 ... Network File System (NFS) ... 569 9.11 ... Flash-basierter Speicher ... 575 9.12 ... VMware-Storage-Architektur ... 582 9.13 ... VAAI ... 617 9.14 ... Storage I/O Control ... 618 9.15 ... VASA ... 623 9.16 ... VMware vSphere Virtual Volumes ... 625 9.17 ... RDMA -- Remote Direct Memory Access ... 634 9.18 ... PMem -- Persistent Memory NVDIMM-Unterstützung ... 635 10. VMware vSAN ... 637 10.1 ... Grundlagen und Aufbau ... 638 10.2 ... Hardwareanforderungen ... 638 10.3 ... Architektur und Speicherkonzepte ... 642 10.4 ... Sizing ... 652 10.5 ... Topologien ... 655 10.6 ... Setup ... 657 10.7 ... vSAN File Service ... 664 11. Pure Storage ... 675 11.1 ... Portfolio ... 675 11.2 ... Verwaltung der Speichersysteme ... 679 11.3 ... FlashArray und ESXi-Konfiguration ... 683 11.4 ... Virtual Volumes (vVols) ... 689 11.5 ... ActiveCluster ... 690 11.6 ... NVMe-over-Fabrics ... 697 11.7 ... VM Analytics ... 698 12. VMware vSphere und NetApp-Storage ... 701 12.1 ... Baukasten NetApp ... 702 12.2 ... Klassischer Ansatz ... 704 12.3 ... NetApp Virtual Storage Console ... 706 12.4 ... Backup einrichten ... 714 13. Die private Cloud mit Nutanix ... 717 13.1 ... Allgemeines zum Thema Cloud ... 721 13.2 ... Die Nutanix Enterprise Cloud ... 722 13.3 ... Nutanix-Plattformarchitektur und -technologie ... 754 13.4 ... Verwaltung ... 785 13.5 ... Die VM in einem Nutanix-Cluster ... 791 13.6 ... Data Protection ... 799 13.7 ... Move ... 811 13.8 ... Weitere Informationen ... 815 14. Konfiguration von ESXi und vCenter ... 821 14.1 ... DNS ... 821 14.2 ... Virtual Machines ... 823 14.3 ... System ... 825 14.4 ... Hardware ... 853 14.5 ... Virtual Flash ... 859 14.6 ... Alarm Definitions ... 862 14.7 ... Scheduled Tasks ... 862 14.8 ... vCenter-Konfigurationseinstellungen ... 863 14.9 ... Das Administrationsmenü ... 877 14.10 ... Das Menü im Home-Screen des vCenters ... 887 14.11 ... Einrichtung von Ressourcenpools ... 910 14.12 ... VMware vApp ... 914 14.13 ... vCenter-Berechtigungen ... 923 14.14 ... Sonstiges ... 932 15. Konfiguration von vCenter-Add-ons ... 935 15.1 ... Customer Experience Improvement Program (CEIP) ... 935 15.2 ... Der Lifecycle Manager ... 936 15.3 ... VMware vSphere Image Builder PowerCLI ... 967 15.4 ... VMware Auto Deploy und Image Builder im Webclient ... 972 15.5 ... Hybrid Cloud Services ... 979 15.6 ... DRaaS ... 979 15.7 ... vRealize Operations ... 980 15.8 ... VMware vSphere Replication Appliance ... 981 15.9 ... VMware vCenter Converter Standalone ... 989 16. Monitoring ... 1003 16.1 ... Monitoring mit dem Hostclient ... 1004 16.2 ... Monitoring mit dem vSphere-Client ... 1012 16.3 ... Monitoring mit esxtop ... 1019 16.4 ... Monitoring der vCenter Server Appliance ... 1026 16.5 ... Benchmark-Werkzeuge ... 1029 16.6 ... Monitoring-Tools ... 1032 17. Datensicherung von vSphere-Umgebungen ... 1057 17.1 ... Einführung ... 1057 17.2 ... Grundlagen der Datensicherung ... 1061 17.3 ... Die fünf Prinzipien einer konsequenten Datensicherung ... 1066 17.4 ... VMware-Werkzeuge zur Datensicherung ... 1069 17.5 ... Datensicherungstopologien ... 1072 17.6 ... Planung einer Datensicherungsumgebung ... 1075 17.7 ... Veeam-Backup-Repository ... 1093 17.8 ... Veeam Backup & Replication installieren ... 1104 17.9 ... Veeam richtig konfigurieren ... 1105 17.10 ... Erstellen von Backups ... 1109 17.11 ... Erstellen von Replikaten ... 1124 17.12 ... Wiederherstellung aus Backups ... 1125 18. Ausfallsicherheit ... 1131 18.1 ... Sicherung -- Rücksicherung ... 1131 18.2 ... Ausfallsicherheit für das vCenter ... 1143 18.3 ... Fault Tolerance ... 1145 18.4 ... Windows Server Failover Clustering (WSFC) Service für virtuelle Maschinen ... 1158 18.5 ... vSphere Replication ... 1158 19. Automatisierung von vSphere ... 1167 19.1 ... Use Cases zur Automatisierung im Überblick ... 1167 19.2 ... Technischer Überblick ... 1169 19.3 ... Fazit ... 1184 20. Virtuelle Maschinen ... 1185 20.1 ... Virtuelle Hardware ... 1185 20.2 ... Virtuelle Maschinendateien ... 1193 20.3 ... Management Tools für die VM ... 1195 20.4 ... Konfiguration der virtuellen Hardware ... 1195 20.5 ... Optionen für die virtuellen Maschinen ... 1201 20.6 ... Virtuelle Maschinen erstellen ... 1207 20.7 ... Aktualisieren der virtuellen Hardware ... 1211 20.8 ... Ressourcenmanagement ... 1212 20.9 ... USB-Geräte ... 1217 20.10 ... Wechselmedien ... 1223 20.11 ... Betriebszustände einer virtuellen Maschine ... 1231 20.12 ... Speicherrichtlinien für virtuelle Maschinen ... 1232 20.13 ... Konfiguration und Anpassung von virtuellen Maschinen ... 1234 20.14 ... VMware Tools ... 1238 20.15 ... Migration von virtuellen Maschinen ... 1244 20.16 ... Klone ... 1246 20.17 ... Vorlagen ... 1248 20.18 ... Die virtuelle Maschine im VMware vSphere Client ... 1252 20.19 ... Snapshots ... 1262 20.20 ... Erweitertes VM-Management ... 1267 21. Kubernetes ... 1273 21.1 ... Container-Technologien ... 1274 21.2 ... Kubernetes-Architektur ... 1278 21.3 ... Kriterien für den Unternehmenseinsatz ... 1279 21.4 ... vSphere mit Kubernetes ... 1282 21.5 ... Supervisor- und Tanzu-Kubernetes-Grid-Cluster ... 1283 21.6 ... Tanzu-Cluster erstellen ... 1286 22. VMware Cloud Foundation 4.0 ... 1295 22.1 ... Modernisieren Sie Ihr Rechenzentrum ... 1296 22.2 ... Die Vorbereitung ... 1299 22.3 ... Die Standardarchitektur und Architekturvarianten ... 1301 22.4 ... Installation ... 1308 22.5 ... Ressourcen durch Workload-Domains bereitstellen ... 1317 22.6 ... Systemaktualisierungen ... 1320 22.7 ... vSphere mit Kubernetes auf Basis von VCF 4.0 ... 1322 22.8 ... Mehrere Standorte ... 1323 22.9 ... Verfügbarkeit und Ausfallsicherheit ... 1324 22.10 ... Ausblick ... 1326 Index ... 1327
Security Engineering
The classic book on designing secure systems In this newly revised Third Edition of Security Engineering: A Guide to Building Dependable Distributed Systems, celebrated security expert Ross Anderson updates his best-selling textbook to help you meet the challenges of the coming decade. Security Engineering became a classic because it covers not just the technical basics, such as cryptography, access controls and tamper-resistance, but also how they're used in real life. Real-world case studies – of the security of payment systems, military systems, the phone app ecosystems and now self-driving cars – demonstrate how to use security technology in practice, and what can go wrong. Filled with actionable advice and the latest research, this Third Edition brings a classic book up to date with the modern world of smartphones, cloud computing and AI. As everything gets connected to the Internet, security engineering has come to require inter-disciplinary expertise, ranging from physics to psychology and applied economics. Security Engineering is the only textbook on the market to explain all these aspects of protecting real systems, while still remaining easily accessible. Perfect for computer science students and practicing cybersecurity professionals, as well as systems engineers of all sorts, this latest edition of Security Engineering also belongs on the bookshelves of candidates for professional certification such as CISSP. You'll learn what makes a system secure and reliable and what can render it vulnerable, from phones and laptops through cars and payment terminals to cloud services and corporate networks. You'll find: The basics: cryptography, protocols, access controls and usabilityThe attacks: phishing, software exploits and the cybercrime ecosystemThe responses: biometrics, smartcards, enclaves, app stores and the patch cycleThe psychology of security: what makes security hard for users and engineersThe economics of security: how large systems fail, and what to do about itThe big policy questions: from surveillance through censorship to sustainability Security Engineering is the book that created the discipline. It will continue to define the discipline for the 2020s and beyond. Now that there's software in everything, how can you make anything secure? Understand how to engineer dependable systems with this newly updated classic In Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack. This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than on technology. The book repeated its success by showing how security engineers can focus on usability. Now the third edition brings it up to date for 2020. As people now go online from phones more than laptops, most servers are in the cloud, online advertising drives the Internet and social networks have taken over much human interaction, many patterns of crime and abuse are the same, but the methods have evolved. Ross Anderson explores what security engineering means in 2020, including: How the basic elements of cryptography, protocols, and access control translate to the new world of phones, cloud services, social media and the Internet of ThingsWho the attackers are – from nation states and business competitors through criminal gangs to stalkers and playground bulliesWhat they do – from phishing and carding through SIM swapping and software exploits to DDoS and fake newsSecurity psychology, from privacy through ease-of-use to deceptionThe economics of security and dependability – why companies build vulnerable systems and governments look the other wayHow dozens of industries went online – well or badlyHow to manage security and safety engineering in a world of agile development – from reliability engineering to DevSecOps The third edition of Security Engineering ends with a grand challenge: sustainable security. As we build ever more software and connectivity into safety-critical durable goods like cars and medical devices, how do we design systems we can maintain and defend for decades? Or will everything in the world need monthly software upgrades, and become unsafe once they stop? ROSS ANDERSON is Professor of Security Engineering at Cambridge University in England. He is widely recognized as one of the world's foremost authorities on security. In 2015 he won the Lovelace Medal, Britain's top award in computing. He is a Fellow of the Royal Society and the Royal Academy of Engineering. He is one of the pioneers of the economics of information security, peer-to-peer systems, API analysis and hardware security. Over the past 40 years, he has also worked or consulted for most of the tech majors. Preface to the Third Edition xxxvii Preface to the Second Edition xli Preface to the First Edition xliii Formy daughter, and other lawyers… xlvii Foreword xlix Part I Chapter 1 What Is Security Engineering? 3 1.1 Introduction 3 1.2 A framework 4 1.3 Example 1 – a bank 6 1.4 Example 2 – a military base 7 1.5 Example 3 – a hospital 8 1.6 Example 4 – the home 10 1.7 Definitions 11 1.8 Summary 16 Chapter 2 Who Is the Opponent? 17 2.1 Introduction 17 2.2 Spies 19 2.2.1 The Five Eyes 19 2.2.1.1 Prism 19 2.2.1.2 Tempora 20 2.2.1.3 Muscular 21 2.2.1.4 Special collection 22 2.2.1.5 Bullrun and Edgehill 22 2.2.1.6 Xkeyscore 23 2.2.1.7 Longhaul 24 2.2.1.8 Quantum 25 2.2.1.9 CNE 25 2.2.1.10 The analyst’s viewpoint 27 2.2.1.11 Offensive operations 28 2.2.1.12 Attack scaling 29 2.2.2 China 30 2.2.3 Russia 35 2.2.4 The rest 38 2.2.5 Attribution 40 2.3 Crooks 41 2.3.1 Criminal infrastructure 42 2.3.1.1 Botnet herders 42 2.3.1.2 Malware devs 44 2.3.1.3 Spam senders 45 2.3.1.4 Bulk account compromise 45 2.3.1.5 Targeted attackers 46 2.3.1.6 Cashout gangs 46 2.3.1.7 Ransomware 47 2.3.2 Attacks on banking and payment systems 47 2.3.3 Sectoral cybercrime ecosystems 49 2.3.4 Internal attacks 49 2.3.5 CEO crimes 49 2.3.6 Whistleblowers 50 2.4 Geeks 52 2.5 The swamp 53 2.5.1 Hacktivism and hate campaigns 54 2.5.2 Child sex abuse material 55 2.5.3 School and workplace bullying 57 2.5.4 Intimate relationship abuse 57 2.6 Summary 59 Research problems 60 Further reading 61 Chapter 3 Psychology and Usability 63 3.1 Introduction 63 3.2 Insights from psychology research 64 3.2.1 Cognitive psychology 65 3.2.2 Gender, diversity and interpersonal variation 68 3.2.3 Social psychology 70 3.2.3.1 Authority and its abuse 71 3.2.3.2 The bystander effect 72 3.2.4 The social-brain theory of deception 73 3.2.5 Heuristics, biases and behavioural economics 76 3.2.5.1 Prospect theory and risk misperception 77 3.2.5.2 Present bias and hyperbolic discounting 78 3.2.5.3 Defaults and nudges 79 3.2.5.4 The default to intentionality 79 3.2.5.5 The affect heuristic 80 3.2.5.6 Cognitive dissonance 81 3.2.5.7 The risk thermostat 81 3.3 Deception in practice 81 3.3.1 The salesman and the scamster 82 3.3.2 Social engineering 84 3.3.3 Phishing 86 3.3.4 Opsec 88 3.3.5 Deception research 89 3.4 Passwords 90 3.4.1 Password recovery 92 3.4.2 Password choice 94 3.4.3 Difficulties with reliable password entry 94 3.4.4 Difficulties with remembering the password 95 3.4.4.1 Naïve choice 96 3.4.4.2 User abilities and training 96 3.4.4.3 Design errors 98 3.4.4.4 Operational failures 100 3.4.4.5 Social-engineering attacks 101 3.4.4.6 Customer education 102 3.4.4.7 Phishing warnings 103 3.4.5 System issues 104 3.4.6 Can you deny service? 105 3.4.7 Protecting oneself or others? 105 3.4.8 Attacks on password entry 106 3.4.8.1 Interface design 106 3.4.8.2 Trusted path, and bogus terminals 107 3.4.8.3 Technical defeats of password retry counters 107 3.4.9 Attacks on password storage 108 3.4.9.1 One-way encryption 109 3.4.9.2 Password cracking 109 3.4.9.3 Remote password checking 109 3.4.10 Absolute limits 110 3.4.11 Using a password manager 111 3.4.12 Will we ever get rid of passwords? 113 3.5 CAPTCHAs 115 3.6 Summary 116 Research problems 117 Further reading 118 Chapter 4 Protocols 119 4.1 Introduction 119 4.2 Password eavesdropping risks 120 4.3 Who goes there? – simple authentication 122 4.3.1 Challenge and response 124 4.3.2 Two-factor authentication 128 4.3.3 The MIG-in-the-middle attack 129 4.3.4 Reflection attacks 132 4.4 Manipulating the message 133 4.5 Changing the environment 134 4.6 Chosen protocol attacks 135 4.7 Managing encryption keys 136 4.7.1 The resurrecting duckling 137 4.7.2 Remote key management 137 4.7.3 The Needham-Schroeder protocol 138 4.7.4 Kerberos 139 4.7.5 Practical key management 141 4.8 Design assurance 141 4.9 Summary 143 Research problems 143 Further reading 144 Chapter 5 Cryptography 145 5.1 Introduction 145 5.2 Historical background 146 5.2.1 An early stream cipher – the Vigenère 147 5.2.2 The one-time pad 148 5.2.3 An early block cipher – Playfair 150 5.2.4 Hash functions 152 5.2.5 Asymmetric primitives 154 5.3 Security models 155 5.3.1 Random functions – hash functions 157 5.3.1.1 Properties 157 5.3.1.2 The birthday theorem 158 5.3.2 Random generators – stream ciphers 159 5.3.3 Random permutations – block ciphers 161 5.3.4 Public key encryption and trapdoor one-way permutations 163 5.3.5 Digital signatures 164 5.4 Symmetric crypto algorithms 165 5.4.1 SP-networks 165 5.4.1.1 Block size 166 5.4.1.2 Number of rounds 166 5.4.1.3 Choice of S-boxes 167 5.4.1.4 Linear cryptanalysis 167 5.4.1.5 Differential cryptanalysis 168 5.4.2 The Advanced Encryption Standard (AES) 169 5.4.3 Feistel ciphers 171 5.4.3.1 The Luby-Rackoff result 173 5.4.3.2 DES 173 5.5 Modes of operation 175 5.5.1 How not to use a block cipher 176 5.5.2 Cipher block chaining 177 5.5.3 Counter encryption 178 5.5.4 Legacy stream cipher modes 178 5.5.5 Message authentication code 179 5.5.6 Galois counter mode 180 5.5.7 XTS 180 5.6 Hash functions 181 5.6.1 Common hash functions 181 5.6.2 Hash function applications – HMAC, commitments and updating 183 5.7 Asymmetric crypto primitives 185 5.7.1 Cryptography based on factoring 185 5.7.2 Cryptography based on discrete logarithms 188 5.7.2.1 One-way commutative encryption 189 5.7.2.2 Diffie-Hellman key establishment 190 5.7.2.3 ElGamal digital signature and DSA 192 5.7.3 Elliptic curve cryptography 193 5.7.4 Certification authorities 194 5.7.5 TLS 195 5.7.5.1 TLS uses 196 5.7.5.2 TLS security 196 5.7.5.3 TLS 1.3 197 5.7.6 Other public-key protocols 197 5.7.6.1 Code signing 197 5.7.6.2 PGP/GPG 198 5.7.6.3 QUIC 199 5.7.7 Special-purpose primitives 199 5.7.8 How strong are asymmetric cryptographic primitives? 200 5.7.9 What else goes wrong 202 5.8 Summary 203 Research problems 204 Further reading 204 Chapter 6 Access Control 207 6.1 Introduction 207 6.2 Operating system access controls 209 6.2.1 Groups and roles 210 6.2.2 Access control lists 211 6.2.3 Unix operating system security 212 6.2.4 Capabilities 214 6.2.5 DAC and MAC 215 6.2.6 Apple’s macOS 217 6.2.7 iOS 217 6.2.8 Android 218 6.2.9 Windows 219 6.2.10 Middleware 222 6.2.10.1 Database access controls 222 6.2.10.2 Browsers 223 6.2.11 Sandboxing 224 6.2.12 Virtualisation 225 6.3 Hardware protection 227 6.3.1 Intel processors 228 6.3.2 Arm processors 230 6.4 What goes wrong 231 6.4.1 Smashing the stack 232 6.4.2 Other technical attacks 234 6.4.3 User interface failures 236 6.4.4 Remedies 237 6.4.5 Environmental creep 238 6.5 Summary 239 Research problems 240 Further reading 240 Chapter 7 Distributed Systems 243 7.1 Introduction 243 7.2 Concurrency 244 7.2.1 Using old data versus paying to propagate state 245 7.2.2 Locking to prevent inconsistent updates 246 7.2.3 The order of updates 247 7.2.4 Deadlock 248 7.2.5 Non-convergent state 249 7.2.6 Secure time 250 7.3 Fault tolerance and failure recovery 251 7.3.1 Failure models 252 7.3.1.1 Byzantine failure 252 7.3.1.2 Interaction with fault tolerance 253 7.3.2 What is resilience for? 254 7.3.3 At what level is the redundancy? 255 7.3.4 Service-denial attacks 257 7.4 Naming 259 7.4.1 The Needham naming principles 260 7.4.2 What else goes wrong 263 7.4.2.1 Naming and identity 264 7.4.2.2 Cultural assumptions 265 7.4.2.3 Semantic content of names 267 7.4.2.4 Uniqueness of names 268 7.4.2.5 Stability of names and addresses 269 7.4.2.6 Restrictions on the use of names 269 7.4.3 Types of name 270 7.5 Summary 271 Research problems 272 Further reading 273 Chapter 8 Economics 275 8.1 Introduction 275 8.2 Classical economics 276 8.2.1 Monopoly 278 8.3 Information economics 281 8.3.1 Why information markets are different 281 8.3.2 The value of lock-in 282 8.3.3 Asymmetric information 284 8.3.4 Public goods 285 8.4 Game theory 286 8.4.1 The prisoners’ dilemma 287 8.4.2 Repeated and evolutionary games 288 8.5 Auction theory 291 8.6 The economics of security and dependability 293 8.6.1 Why is Windows so insecure? 294 8.6.2 Managing the patching cycle 296 8.6.3 Structural models of attack and defence 298 8.6.4 The economics of lock-in, tying and DRM 300 8.6.5 Antitrust law and competition policy 302 8.6.6 Perversely motivated guards 304 8.6.7 Economics of privacy 305 8.6.8 Organisations and human behaviour 307 8.6.9 Economics of cybercrime 308 8.7 Summary 310 Research problems 311 Further reading 311 Part II Chapter 9 Multilevel Security 315 9.1 Introduction 315 9.2 What is a security policy model? 316 9.3 Multilevel security policy 318 9.3.1 The Anderson report 319 9.3.2 The Bell-LaPadula model 320 9.3.3 The standard criticisms of Bell-LaPadula 321 9.3.4 The evolution of MLS policies 323 9.3.5 The Biba model 325 9.4 Historical examples of MLS systems 326 9.4.1 SCOMP 326 9.4.2 Data diodes 327 9.5 MAC: from MLS to IFC and integrity 329 9.5.1 Windows 329 9.5.2 SELinux 330 9.5.3 Embedded systems 330 9.6 What goes wrong 331 9.6.1 Composability 331 9.6.2 The cascade problem 332 9.6.3 Covert channels 333 9.6.4 The threat from malware 333 9.6.5 Polyinstantiation 334 9.6.6 Practical problems with MLS 335 9.7 Summary 337 Research problems 338 Further reading 339 Chapter 10 Boundaries 341 10.1 Introduction 341 10.2 Compartmentation and the lattice model 344 10.3 Privacy for tigers 346 10.4 Health record privacy 349 10.4.1 The threat model 351 10.4.2 The BMA security policy 353 10.4.3 First practical steps 356 10.4.4 What actually goes wrong 357 10.4.4.1 Emergency care 358 10.4.4.2 Resilience 359 10.4.4.3 Secondary uses 359 10.4.5 Confidentiality – the future 362 10.4.6 Ethics 365 10.4.7 Social care and education 367 10.4.8 The Chinese Wall 369 10.5 Summary 371 Research problems 372 Further reading 373 Chapter 11 Inference Control 375 11.1 Introduction 375 11.2 The early history of inference control 377 11.2.1 The basic theory of inference control 378 11.2.1.1 Query set size control 378 11.2.1.2 Trackers 379 11.2.1.3 Cell suppression 379 11.2.1.4 Other statistical disclosure control mechanisms 380 11.2.1.5 More sophisticated query controls 381 11.2.1.6 Randomization 382 11.2.2 Limits of classical statistical security 383 11.2.3 Active attacks 384 11.2.4 Inference control in rich medical data 385 11.2.5 The third wave: preferences and search 388 11.2.6 The fourth wave: location and social 389 11.3 Differential privacy 392 11.4 Mind the gap? 394 11.4.1 Tactical anonymity and its problems 395 11.4.2 Incentives 398 11.4.3 Alternatives 399 11.4.4 The dark side 400 11.5 Summary 401 Research problems 402 Further reading 402 Chapter 12 Banking and Bookkeeping 405 12.1 Introduction 405 12.2 Bookkeeping systems 406 12.2.1 Double-entry bookkeeping 408 12.2.2 Bookkeeping in banks 408 12.2.3 The Clark-Wilson security policy model 410 12.2.4 Designing internal controls 411 12.2.5 Insider frauds 415 12.2.6 Executive frauds 416 12.2.6.1 The post office case 418 12.2.6.2 Other failures 419 12.2.6.3 Ecological validity 420 12.2.6.4 Control tuning and corporate governance 421 12.2.7 Finding the weak spots 422 12.3 Interbank payment systems 424 12.3.1 A telegraphic history of E-commerce 424 12.3.2 SWIFT 425 12.3.3 What goes wrong 427 12.4 Automatic teller machines 430 12.4.1 ATM basics 430 12.4.2 What goes wrong 433 12.4.3 Incentives and injustices 437 12.5 Credit cards 438 12.5.1 Credit card fraud 439 12.5.2 Online card fraud 440 12.5.3 3DS 443 12.5.4 Fraud engines 444 12.6 EMV payment cards 445 12.6.1 Chip cards 445 12.6.1.1 Static data authentication 446 12.6.1.2 ICVVs, DDA and CDA 450 12.6.1.3 The No-PIN attack 451 12.6.2 The preplay attack 452 12.6.3 Contactless 454 12.7 Online banking 457 12.7.1 Phishing 457 12.7.2 CAP 458 12.7.3 Banking malware 459 12.7.4 Phones as second factors 459 12.7.5 Liability 461 12.7.6 Authorised push payment fraud 462 12.8 Nonbank payments 463 12.8.1 M-Pesa 463 12.8.2 Other phone payment systems 464 12.8.3 Sofort, and open banking 465 12.9 Summary 466 Research problems 466 Further reading 468 Chapter 13 Locks and Alarms 471 13.1 Introduction 471 13.2 Threats and barriers 472 13.2.1 Threat model 473 13.2.2 Deterrence 474 13.2.3 Walls and barriers 476 13.2.4 Mechanical locks 478 13.2.5 Electronic locks 482 13.3 Alarms 484 13.3.1 How not to protect a painting 485 13.3.2 Sensor defeats 486 13.3.3 Feature interactions 488 13.3.4 Attacks on communications 489 13.3.5 Lessons learned 493 13.4 Summary 494 Research problems 495 Further reading 495 Chapter 14 Monitoring and Metering 497 14.1 Introduction 497 14.2 Prepayment tokens 498 14.2.1 Utility metering 499 14.2.2 How the STS system works 501 14.2.3 What goes wrong 502 14.2.4 Smart meters and smart grids 504 14.2.5 Ticketing fraud 508 14.3 Taxi meters, tachographs and truck speed limiters 509 14.3.1 The tachograph 509 14.3.2 What goes wrong 511 14.3.2.1 How most tachograph manipulation is done 511 14.3.2.2 Tampering with the supply 512 14.3.2.3 Tampering with the instrument 512 14.3.2.4 High-tech attacks 513 14.3.3 Digital tachographs 514 14.3.3.1 System-level problems 515 14.3.3.2 Other problems 516 14.3.4 Sensor defeats and third-generation devices 518 14.3.5 The fourth generation – smart tachographs 518 14.4 Curfew tags: GPS as policeman 519 14.5 Postage meters 522 14.6 Summary 526 Research problems 527 Further reading 527 Chapter 15 Nuclear Command and Control 529 15.1 Introduction 529 15.2 The evolution of command and control 532 15.2.1 The Kennedy memorandum 532 15.2.2 Authorization, environment, intent 534 15.3 Unconditionally secure authentication 534 15.4 Shared control schemes 536 15.5 Tamper resistance and PALs 538 15.6 Treaty verification 540 15.7 What goes wrong 541 15.7.1 Nuclear accidents 541 15.7.2 Interaction with cyberwar 542 15.7.3 Technical failures 543 15.8 Secrecy or openness? 544 15.9 Summary 545 Research problems 546 Further reading 546 Chapter 16 Security Printing and Seals 549 16.1 Introduction 549 16.2 History 550 16.3 Security printing 551 16.3.1 Threat model 552 16.3.2 Security printing techniques 553 16.4 Packaging and seals 557 16.4.1 Substrate properties 558 16.4.2 The problems of glue 558 16.4.3 PIN mailers 559 16.5 Systemic vulnerabilities 560 16.5.1 Peculiarities of the threat model 562 16.5.2 Anti-gundecking measures 563 16.5.3 The effect of random failure 564 16.5.4 Materials control 564 16.5.5 Not protecting the right things 565 16.5.6 The cost and nature of inspection 566 16.6 Evaluation methodology 567 16.7 Summary 569 Research problems 569 Further reading 570 Chapter 17 Biometrics 571 17.1 Introduction 571 17.2 Handwritten signatures 572 17.3 Face recognition 575 17.4 Fingerprints 579 17.4.1 Verifying positive or negative identity claims 581 17.4.2 Crime scene forensics 584 17.5 Iris codes 588 17.6 Voice recognition and morphing 590 17.7 Other systems 591 17.8 What goes wrong 593 17.9 Summary 596 Research problems 597 Further reading 597 Chapter 18 Tamper Resistance 599 18.1 Introduction 599 18.2 History 601 18.3 Hardware security modules 601 18.4 Evaluation 607 18.5 Smartcards and other security chips 609 18.5.1 History 609 18.5.2 Architecture 610 18.5.3 Security evolution 611 18.5.4 Random number generators and PUFs 621 18.5.5 Larger chips 624 18.5.6 The state of the art 628 18.6 The residual risk 630 18.6.1 The trusted interface problem 630 18.6.2 Conflicts 631 18.6.3 The lemons market, risk dumping and evaluation games 632 18.6.4 Security-by-obscurity 632 18.6.5 Changing environments 633 18.7 So what should one protect? 634 18.8 Summary 636 Research problems 636 Further reading 636 Chapter 19 Side Channels 639 19.1 Introduction 639 19.2 Emission security 640 19.2.1 History 641 19.2.2 Technical surveillance and countermeasures 642 19.3 Passive attacks 645 19.3.1 Leakage through power and signal cables 645 19.3.2 Leakage through RF signals 645 19.3.3 What goes wrong 649 19.4 Attacks between and within computers 650 19.4.1 Timing analysis 651 19.4.2 Power analysis 652 19.4.3 Glitching and differential fault analysis 655 19.4.4 Rowhammer, CLKscrew and Plundervolt 656 19.4.5 Meltdown, Spectre and other enclave side channels 657 19.5 Environmental side channels 659 19.5.1 Acoustic side channels 659 19.5.2 Optical side channels 661 19.5.3 Other side-channels 661 19.6 Social side channels 663 19.7 Summary 663 Research problems 664 Further reading 664 Chapter 20 Advanced Cryptographic Engineering 667 20.1 Introduction 667 20.2 Full-disk encryption 668 20.3 Signal 670 20.4 Tor 674 20.5 HSMs 677 20.5.1 The xor-to-null-key attack 677 20.5.2 Attacks using backwards compatibility and time-memory tradeoffs 678 20.5.3 Differential protocol attacks 679 20.5.4 The EMV attack 681 20.5.5 Hacking the HSMs in CAs and clouds 681 20.5.6 Managing HSM risks 681 20.6 Enclaves 682 20.7 Blockchains 685 20.7.1 Wallets 688 20.7.2 Miners 689 20.7.3 Smart contracts 689 20.7.4 Off-chain payment mechanisms 691 20.7.5 Exchanges, cryptocrime and regulation 692 20.7.6 Permissioned blockchains 695 20.8 Crypto dreams that failed 695 20.9 Summary 696 Research problems 698 Further reading 698 Chapter 21 Network Attack and Defence 699 21.1 Introduction 699 21.2 Network protocols and service denial 701 21.2.1 BGP security 701 21.2.2 DNS security 703 21.2.3 UDP, TCP, SYN floods and SYN reflection 704 21.2.4 Other amplifiers 705 21.2.5 Other denial-of-service attacks 706 21.2.6 Email – from spies to spammers 706 21.3 The malware menagerie – Trojans, worms and RATs 708 21.3.1 Early history of malware 709 21.3.2 The Internet worm 710 21.3.3 Further malware evolution 711 21.3.4 How malware works 713 21.3.5 Countermeasures 714 21.4 Defense against network attack 715 21.4.1 Filtering: firewalls, censorware and wiretaps 717 21.4.1.1 Packet filtering 718 21.4.1.2 Circuit gateways 718 21.4.1.3 Application proxies 719 21.4.1.4 Ingress versus egress filtering 719 21.4.1.5 Architecture 720 21.4.2 Intrusion detection 722 21.4.2.1 Types of intrusion detection 722 21.4.2.2 General limitations of intrusion detection 724 21.4.2.3 Specific problems detecting network attacks 724 21.5 Cryptography: the ragged boundary 725 21.5.1 SSH 726 21.5.2 Wireless networking at the periphery 727 21.5.2.1 WiFi 727 21.5.2.2 Bluetooth 728 21.5.2.3 HomePlug 729 21.5.2.4 VPNs 729 21.6 CAs and PKI 730 21.7 Topology 733 21.8 Summary 734 Research problems 734 Further reading 735 Chapter 22 Phones 737 22.1 Introduction 737 22.2 Attacks on phone networks 738 22.2.1 Attacks on phone-call metering 739 22.2.2 Attacks on signaling 742 22.2.3 Attacks on switching and configuration 743 22.2.4 Insecure end systems 745 22.2.5 Feature interaction 746 22.2.6 VOIP 747 22.2.7 Frauds by phone companies 748 22.2.8 Security economics of telecomms 749 22.3 Going mobile 750 22.3.1 GSM 751 22.3.2 3G 755 22.3.3 4G 757 22.3.4 5G and beyond 758 22.3.5 General MNO failings 760 22.4 Platform security 761 22.4.1 The Android app ecosystem 763 22.4.1.1 App markets and developers 764 22.4.1.2 Bad Android implementations 764 22.4.1.3 Permissions 766 22.4.1.4 Android malware 767 22.4.1.5 Ads and third-party services 768 22.4.1.6 Pre-installed apps 770 22.4.2 Apple’s app ecosystem 770 22.4.3 Cross-cutting issues 774 22.5 Summary 775 Research problems 776 Further reading 776 Chapter 23 Electronic and Information Warfare 777 23.1 Introduction 777 23.2 Basics 778 23.3 Communications systems 779 23.3.1 Signals intelligence techniques 781 23.3.2 Attacks on communications 784 23.3.3 Protection techniques 785 23.3.3.1 Frequency hopping 786 23.3.3.2 DSSS 787 23.3.3.3 Burst communications 788 23.3.3.4 Combining covertness and jam resistance 789 23.3.4 Interaction between civil and military uses 790 23.4 Surveillance and target acquisition 791 23.4.1 Types of radar 792 23.4.2 Jamming techniques 793 23.4.3 Advanced radars and countermeasures 795 23.4.4 Other sensors and multisensor issues 796 23.5 IFF systems 797 23.6 Improvised explosive devices 800 23.7 Directed energy weapons 802 23.8 Information warfare 803 23.8.1 Attacks on control systems 805 23.8.2 Attacks on other infrastructure 808 23.8.3 Attacks on elections and political stability 809 23.8.4 Doctrine 811 23.9 Summary 812 Research problems 813 Further reading 813 Chapter 24 Copyright and DRM 815 24.1 Introduction 815 24.2 Copyright 817 24.2.1 Software 817 24.2.2 Free software, free culture? 823 24.2.3 Books and music 827 24.2.4 Video and pay-TV 828 24.2.4.1 Typical system architecture 829 24.2.4.2 Video scrambling techniques 830 24.2.4.3 Attacks on hybrid scrambling systems 832 24.2.4.4 DVB 836 24.2.5 DVD 837 24.3 DRM on general-purpose computers 838 24.3.1 Windows media rights management 839 24.3.2 FairPlay, HTML5 and other DRM systems 840 24.3.3 Software obfuscation 841 24.3.4 Gaming, cheating, and DRM 843 24.3.5 Peer-to-peer systems 845 24.3.6 Managing hardware design rights 847 24.4 Information hiding 848 24.4.1 Watermarks and copy generation management 849 24.4.2 General information hiding techniques 849 24.4.3 Attacks on copyright marking schemes 851 24.5 Policy 854 24.5.1 The IP lobby 857 24.5.2 Who benefits? 859 24.6 Accessory control 860 24.7 Summary 862 Research problems 862 Further reading 863 Chapter 25 New Directions? 865 25.1 Introduction 865 25.2 Autonomous and remotely-piloted vehicles 866 25.2.1 Drones 866 25.2.2 Self-driving cars 867 25.2.3 The levels and limits of automation 869 25.2.4 How to hack a self-driving car 872 25.3 AI / ML 874 25.3.1 ML and security 875 25.3.2 Attacks on ML systems 876 25.3.3 ML and society 879 25.4 PETS and operational security 882 25.4.1 Anonymous messaging devices 885 25.4.2 Social support 887 25.4.3 Living off the land 890 25.4.4 Putting it all together 891 25.4.5 The name’s Bond. James Bond 893 25.5 Elections 895 25.5.1 The history of voting machines 896 25.5.2 Hanging chads 896 25.5.3 Optical scan 898 25.5.4 Software independence 899 25.5.5 Why electronic elections are hard 900 25.6 Summary 904 Research problems 904 Further reading 905 Part III Chapter 26 Surveillance or Privacy? 909 26.1 Introduction 909 26.2 Surveillance 912 26.2.1 The history of government wiretapping 912 26.2.2 Call data records (CDRs) 916 26.2.3 Search terms and location data 919 26.2.4 Algorithmic processing 920 26.2.5 ISPs and CSPs 921 26.2.6 The Five Eyes’ system of systems 922 26.2.7 The crypto wars 925 26.2.7.1 The back story to crypto policy 926 26.2.7.2 DES and crypto research 927 26.2.7.3 CryptoWar 1 – the Clipper chip 928 26.2.7.4 CryptoWar 2 – going spotty 931 26.2.8 Export control 934 26.3 Terrorism 936 26.3.1 Causes of political violence 936 26.3.2 The psychology of political violence 937 26.3.3 The role of institutions 938 26.3.4 The democratic response 940 26.4 Censorship 941 26.4.1 Censorship by authoritarian regimes 942 26.4.2 Filtering, hate speech and radicalisation 944 26.5 Forensics and rules of evidence 948 26.5.1 Forensics 948 26.5.2 Admissibility of evidence 950 26.5.3 What goes wrong 951 26.6 Privacy and data protection 953 26.6.1 European data protection 953 26.6.2 Privacy regulation in the USA 956 26.6.3 Fragmentation? 958 26.7 Freedom of information 960 26.8 Summary 961 Research problems 962 Further reading 962 Chapter 27 Secure Systems Development 965 27.1 Introduction 965 27.2 Risk management 966 27.3 Lessons from safety-critical systems 969 27.3.1 Safety engineering methodologies 970 27.3.2 Hazard analysis 971 27.3.3 Fault trees and threat trees 971 27.3.4 Failure modes and effects analysis 972 27.3.5 Threat modelling 973 27.3.6 Quantifying risks 975 27.4 Prioritising protection goals 978 27.5 Methodology 980 27.5.1 Top-down design 981 27.5.2 Iterative design: from spiral to agile 983 27.5.3 The secure development lifecycle 985 27.5.4 Gated development 987 27.5.5 Software as a Service 988 27.5.6 From DevOps to DevSecOps 991 27.5.6.1 The Azure ecosystem 991 27.5.6.2 The Google ecosystem 992 27.5.6.3 Creating a learning system 994 27.5.7 The vulnerability cycle 995 27.5.7.1 The CVE system 997 27.5.7.2 Coordinated disclosure 998 27.5.7.3 Security incident and event management 999 27.5.8 Organizational mismanagement of risk 1000 27.6 Managing the team 1004 27.6.1 Elite engineers 1004 27.6.2 Diversity 1005 27.6.3 Nurturing skills and attitudes 1007 27.6.4 Emergent properties 1008 27.6.5 Evolving your workflow 1008 27.6.6 And finally… 1010 27.7 Summary 1010 Research problems 1011 Further reading 1012 Chapter 28 Assurance and Sustainability 1015 28.1 Introduction 1015 28.2 Evaluation 1018 28.2.1 Alarms and locks 1019 28.2.2 Safety evaluation regimes 1019 28.2.3 Medical device safety 1020 28.2.4 Aviation safety 1023 28.2.5 The Orange book 1025 28.2.6 FIPS 140 and HSMs 1026 28.2.7 The common criteria 1026 28.2.7.1 The gory details 1027 28.2.7.2 What goes wrong with the Common Criteria 1029 28.2.7.3 Collaborative protection profiles 1031 28.2.8 The ‘Principle of Maximum Complacency’ 1032 28.2.9 Next steps 1034 28.3 Metrics and dynamics of dependability 1036 28.3.1 Reliability growth models 1036 28.3.2 Hostile review 1039 28.3.3 Free and open-source software 1040 28.3.4 Process assurance 1042 28.4 The entanglement of safety and security 1044 28.4.1 The electronic safety and security of cars 1046 28.4.2 Modernising safety and security regulation 1049 28.4.3 The Cybersecurity Act 2019 1050 28.5 Sustainability 1051 28.5.1 The Sales of goods directive 1052 28.5.2 New research directions 1053 28.6 Summary 1056 Research problems 1057 Further reading 1058 Chapter 29 Beyond “Computer Says No” 1059 Bibliography 1061 Index 1143
Getting Started with Containers in Google Cloud Platform
Deploy, manage, and secure containers and containerized applications on Google Cloud Platform (GCP). This book covers each container service in GCP from the ground up and teaches you how to deploy and manage your containers on each service.You will start by setting up and configuring GCP tools and the tenant environment. You then will store and manage Docker container images with GCP Container Registry (ACR). Next, you will deploy containerized applications with GCP Cloud Run and create an automated CI/CD deployment pipeline using Cloud Build. The book covers GCP’s flagship service, Google Kubernetes Service (GKE), and deployment of a Kubernetes cluster using clear steps and considering GCP best practices using the GCP management console and gcloud command-line tool. Also covered is monitoring containers and containerized applications on GCP with Cloud Monitoring, and backup and restore containers and containerized applications on GCP.By the end of the book, you will know how to get started with GCP container services and understand the fundamentals of each service and the supporting services needed to run containers in a production environment. This book also assists you in transferring your skills from AWS and Azure to GCP using the knowledge you have acquired on each platform and leveraging it to gain more skills.WHAT YOU WILL LEARN* Get started with Google Cloud Platform (GCP)* Store Docker images on GCP Container Registry * Deploy Google Kubernetes Engine (GKE) cluster* Secure containerized applications on GCP* Use Cloud Build to deploy containers * Use GCP Batch for batch job processing on KubernetesWHO THIS BOOK IS FORGoogle Cloud administrators, developers, and architects who want to get started and learn more about containers and containerized applications on Google Cloud Platform (GPC)SHIMON IFRAH is an IT professional with 15+ years of experience in the design, management, and deployment of information technology systems and networks. In recent years, he has been specializing in cloud computing and containerized applications on Microsoft Azure, Amazon AWS, and Google Cloud Platform (GCP). He holds more than 20 vendor certificates from Microsoft, AWS, VMware, and Cisco. During his career in the IT industry, he has worked for some of the largest managed services and technology companies in the world, helping them administer systems for the largest enterprises. He is based out of Melbourne, Australia. Chapter 1: Get Started with Google Cloud Platform (GCP)Chapter Goal: Setup and configure GCP tools and tenant environmentNo of pages: 40Sub -Topics1. Set up your Google Cloud Platform (GCP) tenant2. Understanding GCP projects3. Understanding cloud shell4. Secure and manage your GCP account (projects and more)5. GCP Services overviewChapter 2: Store and Manage Docker Container Images with GCP Container Registry (ACR)Chapter Goal: Here we learn how to Store Docker Container images on GCP Container registryNo of pages: 40Sub - Topics1. Setup GCP Container Registry2. Push Docker images to Container Registry3. Pull images from GCP Container Registry4. Manage and secure GCP Container RegistryChapter 3: Deploy Containerized Applications with GCP Cloud RunChapter Goal: This chapter explains how to deploy containers and containerized applications on GCP cloud runNo of pages: 40Sub - Topics:1. Set up GCP cloud run 2. Deploy containers with cloud run3. Use cloud build and git to deploy containers4. Scale containerized applications on cloud run5. Monitor and manage containerized applications on cloud runChapter 4: Deploy Containerized Applications with Google Kubernetes Engine (GKE)Chapter Goal: This chapters explains how to deploy containers and containerized applications with GKENo of pages:Sub - Topics:1. Getting started with GKE2. Setup and configure GKE networking and storage3. Deploy Kubernetes dashboard (Web UI) on GKE4. Manage and secure GKE5. Run Batch jobs on Kubernetes with batch (beta)Chapter 5: Deploy Docker Containers on GCP Compute EngineChapter Goal: This chapter explains how to deploy containers and containerized applications on GCP compute engineNo of pages: 40Sub - Topics:1. Install Docker container host on Ubuntu Linux VM2. Install Docker container host on Windows server 2019 VM3. Deploy containers on GCP compute engine using GCP container-optimized OSChapter 6: Secure your GCP Environment and ContainersChapter Goal: This chanpters explains how to secure and protect containers and containerized applications on GCPNo of pages: 40Sub - Topics:1. Introduction to GCP identify infrastructure2. Setup organization policies3. Roles, service accounts and auditing capabilities4. GCP networking and firewalls configurationChapter 7: Scale Containers and Containerized Applications on GCPChapter Goal: This chapter explains how to scale containers and containerized applications on GCPNo of pages: 40Sub - Topics:1. Scale Google Kubernetes Service (GKE)2. Scale cloud run and cloud build containers3. Scale GCP Container Registry4. Scale compute engine hosts and containersChapter 8: Monitor Containers and Containerized Applications on GCP with Stackdriver MonitoringChapter Goal: Learn how to Monitor Containers and Containerized Applications on GCPNo of pages: 40Sub - Topics:1. Monitor Google Kubernetes Service (GKE)2. Monitor cloud run containers3. Monitor compute engine resources4. GCP cost management and toolsChapter 9: Backup and Restore Containers and Containerized Applications on GCPChapter Goal: This chapter explains how to backup and restore containers and containerized applications on GCPNo of pages: 40Sub - Topics:1. Backup persistent storage disks2. Backup compute engine resources3. Manage cloud storage and file storeChapter 10: Troubleshooting Containers and Containerized Applications on GCPChapter Goal: This chapters explains how to troubleshoot containers and containerized applications issues on GCPNo of pages: 40Sub - Topics:1. Troubleshoot Google Kubernetes Service (GKE)2. Troubleshoot cloud run and cloud build deployments3. Troubleshoot GCP Container Registry5. Troubleshoot compute engine resource
Penetration Testing mit mimikatz
- Penetration Tests mit mimikatz von Pass-the-Hash über Kerberoasting bis hin zu Golden Tickets - Funktionsweise und Schwachstellen der Windows Local Security Authority (LSA) und des Kerberos-Protokolls - Alle Angriffe leicht verständlich und Schritt für Schritt erklärt mimikatz ist ein extrem leistungsstarkes Tool für Angriffe auf das Active Directory. Hacker können damit auf Klartextpasswörter, Passwort-Hashes sowie Kerberos Tickets zugreifen, die dadurch erworbenen Rechte in fremden Systemen ausweiten und so die Kontrolle über ganze Firmennetzwerke übernehmen. Aus diesem Grund ist es wichtig, auf Angriffe mit mimikatz vorbereitet zu sein. Damit Sie die Techniken der Angreifer verstehen und erkennen können, zeigt Ihnen IT-Security-Spezialist Sebastian Brabetz in diesem Buch, wie Sie Penetration Tests mit mimikatz in einer sicheren Testumgebung durchführen. Der Autor beschreibt alle Angriffe Schritt für Schritt und erläutert ihre Funktionsweisen leicht verständlich. Dabei setzt er nur grundlegende IT-Security-Kenntnisse voraus. Sie lernen insbesondere folgende Angriffe kennen: Klartextpasswörter aus dem RAM extrahieren Authentifizierung ohne Klartextpasswort mittels Pass-the-Hash Ausnutzen von Kerberos mittels Overpass-the-Hash, Pass-the-Key und Pass-the-Ticket Dumpen von Active Directory Credentials aus Domänencontrollern Erstellen von Silver Tickets und Golden Tickets Cracken der Passwort-Hashes von Service Accounts mittels Kerberoasting Auslesen und Cracken von Domain Cached Credentials Darüber hinaus erfahren Sie, wie Sie die Ausführung von mimikatz sowie die Spuren von mimikatz-Angriffen erkennen. So sind Sie bestens gerüstet, um Ihre Windows-Domäne mit mimikatz auf Schwachstellen zu testen und entsprechenden Angriffen vorzubeugen. Aus dem Inhalt: Sichere Testumgebung einrichten Grundlagen der Windows Local Security Authority (LSA) Funktionsweise des Kerberos-Protokolls Passwörter und Hashes extrahieren: Klartextpasswörter NTLM-Hashes MS-Cache-2-Hashes Schwachstellen des Kerberos-Protokolls ausnutzen: Ticket Granting Tickets und Service Tickets Encryption Keys Credentials des Active Directorys mimikatz-Angriffe erkennen Invoke-Mimikatz und weiterführende Themen Praktisches Glossar
Beginning Java MVC 1.0
Get started with using the new Java MVC 1.0 framework for model, view, and controller development for building modern Java-based web, native, and microservices applications.Beginning Java MVC teaches you the basics, then dives in to models, views, controllers. Next, you learn data binding, events, application types, view engines, and more. You will be given practical examples along the way to reinforce what you have learned. Furthermore, you'll work with annotations, internationalization, security, and deployment.After reading this book, you'll have the know how to build your first full Java-based MVC application.WHAT YOU WILL LEARN* Discover the Java MVC 1.0 APIs and how to use themMaster the Model, View and Controller design pattern * Carry out data binding * Write events* Work with view enginesWHO THIS BOOK IS FORThose new to Java MVC 1.0. Some prior experience with Java programming recommended, especially with JSF or Struts. Peter Späth graduated in 2002 as a physicist and soon afterwards became an IT consultant, mainly for Java-related projects. In 2016 he decided to concentrate on writing books, with his main focus set on software development. With two books about graphics and sound processing and two books for Android and Kotlin programming, his new book addresses beginning Jakarta EE developers willing to develop enterprise-level Java applications with Java EE 8.1. About MVC - Model, View, Controller* History of MVC* MVC in Web Applications* MVC for Java* Finally, Java MVC (JSR-371)* Why MVC* Where is Hello World?2. Prerequisite - Jakarta EE / Java EE* The Nature of Java for Enterprise Applications* Glassfish, a Free Java Server* Using a Preinstalled Java Server* Learning Java for Enterprise Applications* RESTful Services3. Development Workflow* Using Gradle as a Build Framework* Using Eclipse as an IDE* More About Gradle* Developing Using the Console* Installing MVC4. Hello World for Java MVC* Starting The Hello World Project* The Hello World Model* The Hello World View* The Hello World Controller* Using Gradle to Build Hello World* Starting a Jakarta EE Server* Deploying and Testing Hello World5. Start Working With Java MVC* Handling User Input From Forms* Exception Handling in Java MVC* Non-String Post Parameters6. In-Depth Java MVC* The Model* The View: JSPs* The View: Facelets* The Controller7. In-Depth Java MVC - Part II* Injectable Context* Persisating State* Dealing With Page Fragments* Observers* Configuration8. Internationalization* Language Resources* Adding Localized Messages to the Session* Formatting of Data in the View* Using JSF for Formatting* Localized Data Conversion9. Java MVC and EJBs* About Session EJBs* Defining EJBs* Accessing EJBs* EJB Projects* EJBs with Dependencies* Asynchronous EJB Invocation* Timer EJBs10. Connecting Java MVC to a Database* Abstracting Away Database Access With JPA* Setting up a SQL Database* Creating a DataSource* Preparing the Member Registration Application* Adding EclipseLink as ORM* Controllers* Adding Data Access Objects* Updating the View* Adding Entities* Adding Relations11. Logging Java MVC Applications* System Streams* JDK Logging in Glassfish* Using JDK Standard Logging For Other Servers* Adding Log4j Logging to Your Application12. A Java MVC Example Application* The BooKlubb Database* The BooKlubb Eclipse Project* The BooKlubb Infrastructure Classes* Configure BooKlubb Database Access* The BooKlub Internationalization* The BooKlubb Entity Classes* BooKlubb Database Access Via DAOs* The BooKlubb Model* The BooKlubb Controller* The BooKlubb View* Deploying and Testing BooKlubbAppendix* Solutions to The Exercises
Getting Structured Data from the Internet
Utilize web scraping at scale to quickly get unlimited amounts of free data available on the web into a structured format. This book teaches you to use Python scripts to crawl through websites at scale and scrape data from HTML and JavaScript-enabled pages and convert it into structured data formats such as CSV, Excel, JSON, or load it into a SQL database of your choice.This book goes beyond the basics of web scraping and covers advanced topics such as natural language processing (NLP) and text analytics to extract names of people, places, email addresses, contact details, etc., from a page at production scale using distributed big data techniques on an Amazon Web Services (AWS)-based cloud infrastructure. It book covers developing a robust data processing and ingestion pipeline on the Common Crawl corpus, containing petabytes of data publicly available and a web crawl data set available on AWS's registry of open data.GETTING STRUCTURED DATA FROM THE INTERNET also includes a step-by-step tutorial on deploying your own crawlers using a production web scraping framework (such as Scrapy) and dealing with real-world issues (such as breaking Captcha, proxy IP rotation, and more). Code used in the book is provided to help you understand the concepts in practice and write your own web crawler to power your business ideas.WHAT YOU WILL LEARN* Understand web scraping, its applications/uses, and how to avoid web scraping by hitting publicly available rest API endpoints to directly get data* Develop a web scraper and crawler from scratch using lxml and BeautifulSoup library, and learn about scraping from JavaScript-enabled pages using Selenium* Use AWS-based cloud computing with EC2, S3, Athena, SQS, and SNS to analyze, extract, and store useful insights from crawled pages* Use SQL language on PostgreSQL running on Amazon Relational Database Service (RDS) and SQLite using SQLalchemy* Review sci-kit learn, Gensim, and spaCy to perform NLP tasks on scraped web pages such as name entity recognition, topic clustering (Kmeans, Agglomerative Clustering), topic modeling (LDA, NMF, LSI), topic classification (naive Bayes, Gradient Boosting Classifier) and text similarity (cosine distance-based nearest neighbors)* Handle web archival file formats and explore Common Crawl open data on AWS* Illustrate practical applications for web crawl data by building a similar website tool and a technology profiler similar to builtwith.com* Write scripts to create a backlinks database on a web scale similar to Ahrefs.com, Moz.com, Majestic.com, etc., for search engine optimization (SEO), competitor research, and determining website domain authority and ranking* Use web crawl data to build a news sentiment analysis system or alternative financial analysis covering stock market trading signals* Write a production-ready crawler in Python using Scrapy framework and deal with practical workarounds for Captchas, IP rotation, and moreWHO THIS BOOK IS FORPrimary audience: data analysts and scientists with little to no exposure to real-world data processing challenges, secondary: experienced software developers doing web-heavy data processing who need a primer, tertiary: business owners and startup founders who need to know more about implementation to better direct their technical teamJAY M. PATEL is a software developer with over 10 years of experience in data mining, web crawling/scraping, machine learning, and natural language processing (NLP) projects. He is a co-founder and principal data scientist of Specrom Analytics, providing content, email, social marketing, and social listening products and services using web crawling/scraping and advanced text mining.Jay worked at the US Environmental Protection Agency (EPA) for five years where he designed workflows to crawl and extract useful insights from hundreds of thousands of documents that were parts of regulatory filings from companies. He also led one of the first research teams within the agency to use Apache Spark-based workflows for chem and bioinformatics applications such as chemical similarities and quantitative structure activity relationships. He developed recurrent neural networks and more advanced LSTM models in Tensorflow for chemical SMILES generation.Jay graduated with a bachelor's degree in engineering from the Institute of Chemical Technology, University of Mumbai, India and a master of science degree from the University of Georgia, USA. Jay serves as an editor of a publication titled Web Data Extraction and also blogs about personal projects, open source packages, and experiences as a startup founder on his personal site, jaympatel.com.
The Pentester BluePrint
JUMPSTART YOUR NEW AND EXCITING CAREER AS A PENETRATION TESTERThe Pentester BluePrint: Your Guide to Being a Pentester offers readers a chance to delve deeply into the world of the ethical, or "white-hat" hacker. Accomplished pentester and author Phillip L. Wylie and cybersecurity researcher Kim Crawley walk you through the basic and advanced topics necessary to understand how to make a career out of finding vulnerabilities in systems, networks, and applications.You'll learn about the role of a penetration tester, what a pentest involves, and the prerequisite knowledge you'll need to start the educational journey of becoming a pentester. Discover how to develop a plan by assessing your current skillset and finding a starting place to begin growing your knowledge and skills. Finally, find out how to become employed as a pentester by using social media, networking strategies, and community involvement.Perfect for IT workers and entry-level information security professionals, The Pentester BluePrint also belongs on the bookshelves of anyone seeking to transition to the exciting and in-demand field of penetration testing.Written in a highly approachable and accessible style, The Pentester BluePrint avoids unnecessarily technical lingo in favor of concrete advice and practical strategies to help you get your start in pentesting. This book will teach you:* The foundations of pentesting, including basic IT skills like operating systems, networking, and security systems* The development of hacking skills and a hacker mindset* Where to find educational options, including college and university classes, security training providers, volunteer work, and self-study* Which certifications and degrees are most useful for gaining employment as a pentester* How to get experience in the pentesting field, including labs, CTFs, and bug bountiesPHILLIP L. WYLIE has over two decades of experience working in IT and information security. In addition to working as a penetration tester he has founded and runs The Pwn School Project, teaching ethical hacking. He holds the CISSP, OSCP, and GWAPT certifications. He is a highly sought-after public speaker who frequently presents at conferences about pentesting. He was interviewed for the Tribe of Hackers Red Team book. KIM CRAWLEY is dedicated to researching and writing about a plethora of cybersecurity issues. Some of the companies Kim has worked for over the years include Sophos, AT&T Cybersecurity, BlackBerry Cylance, Tripwire, and Venafi. All matters red team, blue team, and purple team fascinate her. But she's especially fascinated by malware, social engineering, and advanced persistent threats. Kim's extracurricular activities include running an online cybersecurity event called DisInfoSec, and autistic self-advocacy. Foreword xviIntroduction xviii1 WHAT IS A PENTESTER? 1Synonymous Terms and Types of Hackers 2Pentests Described 3Benefits and Reasons 3Legality and Permission 5Pentest Methodology 5Pre-engagement Interactions 7Intelligence Gathering 7Threat Modeling 7Vulnerability Analysis 7Exploitation 8Post Exploitation 8Reporting 8Pentest Types 9Vulnerability Scanning 10Vulnerability Assessments 10Pentest Targets and Specializations 11Generalist Pentesting 11Application Pentesting 11Internet of Things (IoT) 12Industrial Control Systems (ICS) 12Hardware and Medical Devices 13Social Engineering 13Physical Pentesting 13Transportation Pentesting 14Red Team Pentesting 14Career Outlook 14Summary 162 PREREQUISITE SKILLS 17Skills Required for Learning Pentesting 18Operating Systems 18Networking 19Information Security 19Prerequisites Learning 19Information Security Basics 20What is Information Security? 21The CIA Triad 22Security Controls 24Access Control 26Incident Response 28Malware 30Advanced Persistent Threats 34The Cyber Kill Chain 35Common Vulnerabilities and Exposures 36Phishing and Other Social Engineering 37Airgapped Machines 38The Dark Web 39Summary 403 EDUCATION OF A HACKER 43Hacking Skills 43Hacker Mindset 44The Pentester Blueprint Formula 45Ethical Hacking Areas 45Operating Systems and Applications 46Networks 46Social Engineering 47Physical Security 48Types of Pentesting 48Black Box Testing 49White Box Testing 49Gray Box Testing 50A Brief History of Pentesting 50The Early Days of Pentesting 51Improving the Security of Your Site by Breaking into It 51Pentesting Today 52Summary 534 EDUCATION RESOURCES 55Pentesting Courses 55Pentesting Books 56Pentesting Labs 60Web Resources 60Summary 645 BUILDING A PENTESTING LAB 65Pentesting Lab Options 65Minimalist Lab 66Dedicated Lab 66Advanced Lab 67Hacking Systems 67Popular Pentesting Tools 68Kali Linux 68Nmap 69Wireshark 69Vulnerability Scanning Applications 69Hak5 70Hacking Targets 70PentestBox 70VulnHub 71Proving Grounds 71How Pentesters Build Their Labs 71Summary 816 CERTIFICATIONS AND DEGREES 83Pentesting Certifications 83Entry-Level Certifications 84Intermediate-Level Certifications 85Advanced-Level Certifications 87Specialization Web Application Pentesting Certifications 88Wireless Pentesting Certifications 90Mobile Pentesting Certifications 91Pentesting Training and Coursework 91Acquiring Pentesting Credentials 92Certification Study Resources 99CEH v10 Certified Ethical Hacker Study Guide 100EC-Council 100Quizlet CEH v10 Study Flashcards 100Hacking Wireless Networks for Dummies 100CompTIA PenTest+ Study Guide 101CompTIA PenTest+ Website 101Cybrary’s Advanced Penetration Testing 101Linux Server Security: Hack and Defend 101Advanced Penetration Testing: Hacking the World’s Most Secure Networks 102The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws 102Summary 1027 DEVELOPING A PLAN 105Skills Inventory 105Skill Gaps 111Action Plan 112Summary 1138 GAINING EXPERIENCE 115Capture the Flag 115Bug Bounties 123A Brief History of Bug Bounty Programs 124Pro Bono and Volunteer Work 125Internships 126Labs 126Pentesters on Experience 126Summary 1359 GETTING EMPLOYED AS A PENTESTER 137Job Descriptions 137Professional Networking 138Social Media 139Résumé and Interview Tips 139Summary 148Appendix: The Pentester Blueprint 149Glossary 155Index 167
Datenschutz mit SAP
Entwickeln Sie ein Datenschutzkonzept, das den strengen Anforderungen der EU-Datenschutz-Grundverordnung (DSGVO) standhält. Dieses Buch erklärt Ihnen die rechtlichen Grundlagen und zeigt Ihnen Schritt für Schritt, wie Sie mithilfe von SAP-Lösungen Ihre IT-Landschaft (ob on-premise oder in der Cloud) datenschutzkonform gestalten. Von der Einführung eines Sperr- und Löschkonzeptes bis hin zur Umsetzung der Informations- und Berichtspflichten werden alle erforderlichen Maßnahmen praxisnah erläutert. Aus dem Inhalt: Was bedeutet die DSGVO für Sie?Personenbezogene Daten im SAP-SystemDer Weg zur datenschutzkonformen IT-LandschaftSperren und Löschen mit SAP Information Lifecycle ManagementOrganisations- und Stammdatenstrukturen entwickelnData Controller Rule FrameworkAuswirkungen auf das BerechtigungskonzeptInformation Retrieval FrameworkSecurity SafeguardsSAP Read Access LoggingSAP Cloud PlatformAriba, SuccessFactors, Concur, C/4HANASAP-Lösungen für GRCZentrale Kontrollen Geleitwort ... 19 Einleitung ... 21 1. »Maßnehmen für Maßnahmen«: Einführung ... 31 1.1 ... Die DSGVO fiel nicht vom Himmel ... 32 1.2 ... Was bedeutet die DSGVO für Sie? ... 33 1.3 ... Welche Anforderungen sind notwendigerweise technisch zu unterstützen? ... 67 1.4 ... Welche Anforderungen können technisch unterstützt werden? ... 88 1.5 ... Auftragsverarbeitung ... 95 1.6 ... Zusammenfassung ... 97 2. »Wo laufen sie denn«: Wo Sie personenbezogene Daten finden ... 99 2.1 ... SAP Business Suite und SAP S/4HANA ... 100 2.2 ... Stammdaten -- Bewegungsdaten ... 100 2.3 ... Personenbezogene Daten in SAP ERP und SAP S/4HANA ... 102 2.4 ... Personenbezogene Daten in SAP ERP Human Capital Management ... 117 2.5 ... Personenbezogene Daten in SAP Customer Relationship Management ... 121 2.6 ... Zusammenfassung ... 125 3. »Vom ersten Schritt zum Weg zum Ziel«: Vorgehensmodell ... 127 3.1 ... Übersicht zur Vorgehensweise ... 127 3.2 ... Wege zum Verzeichnis von Verarbeitungstätigkeiten ... 148 3.3 ... Zusammenfassung ... 151 4. »Auch das Ende muss bestimmt sein«: Sperren und Löschen mit SAP Information Lifecycle Management ... 153 4.1 ... Einführung ... 154 4.2 ... Überblick über das Sperren und Löschen mit SAP ILM ... 160 4.3 ... Vorbereitungen für das vereinfachte Sperren ... 164 4.4 ... Stamm- und Bewegungsdaten sperren ... 190 4.5 ... Datenvernichtung ... 209 4.6 ... Legal Case Management ... 226 4.7 ... ILM-Benachrichtigungen ... 240 4.8 ... Zeitabhängiges Sperren personenbezogener Daten in der Personaladministration (SAP ERP HCM-PA) ... 250 4.9 ... Zusammenfassung ... 251 5. »Struktur ist alles«: Verarbeitung muss auf dem Zweck basieren ... 253 5.1 ... Verantwortlicher und Zweck ... 253 5.2 ... Organisationsstrukturen (Linienorganisation) ... 257 5.3 ... Prozessorganisation ... 263 5.4 ... Linien- und Prozessorganisation definieren den Zweck ... 270 5.5 ... Zusammenfassung ... 272 6. »Dem Ende Struktur geben«: Data Controller Rule Framework ... 273 6.1 ... Organisation des Löschens in Geschäftsprozessen ... 274 6.2 ... Funktionen und Konfiguration des Data Controller Rule Frameworks ... 278 6.3 ... Zusammenfassung ... 297 7. »Die Struktur berechtigt«: Auswirkungen auf das Berechtigungskonzept ... 299 7.1 ... Benutzer und Berechtigungen -- eine Einführung ... 299 7.2 ... Organisationsebenen neu denken ... 305 7.3 ... Prozessattribute identifizieren ... 308 7.4 ... Berechtigungsrisiken ... 309 7.5 ... Zusammenfassung ... 314 8. »Transparenz gewinnt«: Information Retrieval Framework ... 315 8.1 ... Transparenz -- Auskunft und Vorabinformation ... 316 8.2 ... Neuerungen im Information Retrieval Framework ... 317 8.3 ... Setup des Information Retrieval Frameworks ... 319 8.4 ... Ein Datenmodell erzeugen ... 324 8.5 ... Datenmodell testen ... 335 8.6 ... Beauskunftung durchführen ... 344 8.7 ... Komplexere Feldverknüpfungen ... 349 8.8 ... Datenmodell im Browser anzeigen ... 350 8.9 ... Bestehende Datenmodelle übernehmen ... 352 8.10 ... Zusammenfassung ... 353 9. »Schau mal, wer da liest«: Read Access Logging ... 355 9.1 ... Anforderungen an eine Leseprotokollierung ... 355 9.2 ... Verfügbarkeit und Funktionsumfang von Read Access Logging ... 357 9.3 ... Setup und Pflege ... 358 9.4 ... Festlegen von Zweckbestimmung und Protokolldomänen ... 361 9.5 ... Aufzeichnungen für UI-Kanäle ... 364 9.6 ... Konfigurationen ... 368 9.7 ... Auswertung von Protokollen ... 373 9.8 ... Konfigurationen für Remote-API-Kanäle ... 377 9.9 ... Bedingungen ... 381 9.10 ... Transportmechanismen ... 386 9.11 ... Import und Export ... 386 9.12 ... Zusammenfassung ... 387 10. »Der Herr der Daten werden«: SAP Master Data Governance ... 389 10.1 ... Transparenz erzielen ... 389 10.2 ... Die Szenarien der Stammdatenpflege ... 390 10.3 ... Central Governance in SAP Master Data Governance ... 391 10.4 ... Konsolidierung in SAP Master Data Governance ... 393 10.5 ... Kombination der Szenarien ... 396 10.6 ... Sensible Daten mit SAP Master Data Governance bearbeiten ... 396 10.7 ... Organisatorische Trennung ... 398 10.8 ... Datenqualitätssicherung mit Services ... 400 10.9 ... Zusammenfassung ... 403 11. »Der Kopf in den Wolken«: Datenschutz in Cloud-Lösungen ... 405 11.1 ... Datenschutz aus Sicht der Cloud -- eine Einführung ... 405 11.2 ... Datenschutzservices und -prozesse für die SAP-Cloud-Lösungen ... 412 11.3 ... Zusammenfassung ... 433 12. »Lösungen, die wachsen und nicht wuchern«: Datenschutz in der SAP Cloud Platform ... 435 12.1 ... Was ist SAP Cloud Platform? ... 435 12.2 ... Datenschutzfunktionen von SAP Subscription Billing ... 443 12.3 ... Datenschutzfunktionen der SAP Cloud Platform für kundeneigene Cloud-Anwendungen ... 461 13. »In der Wolke auf Sicht steuern«: Übersicht über die Datenschutzfunktionen in SAP-Cloud-Lösungen ... 477 13.1 ... Einführung ... 477 13.2 ... Datenschutz in SAP Ariba ... 480 13.3 ... Datenschutz in SAP Concur ... 500 13.4 ... Datenschutzfunktionen in SAP SuccessFactors ... 521 13.5 ... Datenschutzfunktionen in SAP Customer Experience ... 553 13.6 ... Zusammenfassung ... 597 14. »Täglich grüßt das ...«: Schützen, Kontrollieren, Nachweisen und Kontrollen nachweisen ... 599 14.1 ... Kontrollrahmen und Grundlagen der Verarbeitung ... 600 14.2 ... Rechtmäßigkeit, Treu und Glauben und Transparenz ... 601 14.3 ... Zweckbindung ... 603 14.4 ... Datenminimierung ... 606 14.5 ... Richtigkeit ... 610 14.6 ... Speicherbegrenzung ... 612 14.7 ... Integrität und Vertraulichkeit ... 614 14.8 ... Rechenschaftspflicht ... 623 14.9 ... Abstrakte technische Kontrollhandlungen ... 625 14.10 ... Beispiele technischer Kontrollhandlungen ... 627 14.11 ... Zusammenfassung ... 658 A. Glossar ... 663 B. Relevante Transaktionen, relevante Reports, Hinweise ... 669 C. Literaturverzeichnis ... 675 D. Die Autoren ... 679 Index ... 683
Interconnection Network Reliability Evaluation
THIS BOOK PRESENTS NOVEL AND EFFICIENT TOOLS, TECHNIQUES AND APPROACHES FOR RELIABILITY EVALUATION, RELIABILITY ANALYSIS, AND DESIGN OF RELIABLE COMMUNICATION NETWORKS USING GRAPH THEORETIC CONCEPTS.In recent years, human beings have become largely dependent on communication networks, such as computer communication networks, telecommunication networks, mobile switching networks etc., for their day-to-day activities. In today's world, humans and critical machines depend on these communication networks to work properly. Failure of these communication networks can result in situations where people may find themselves isolated, helpless and exposed to hazards. It is a fact that every component or system can fail and its failure probability increases with size and complexity.The main objective of this book is to devize approaches for reliability modeling and evaluation of such complex networks. Such evaluation helps to understand which network can give us better reliability by their design. New designs of fault-tolerant interconnection network layouts are proposed, which are capable of providing high reliability through path redundancy and fault tolerance through reduction of common elements in paths. This book covers the reliability evaluation of various network topologies considering multiple reliability performance parameters (two terminal reliability, broadcast reliability, all terminal reliability, and multiple sources to multiple destinations reliability).DR. NEERAJ KUMAR GOYAL is currently an Associate Professor in Subir Chowdhury School of Quality and Reliability, Indian Institute of Technology (IIT), Kharagpur, India. He received his PhD degree from IIT Kharagpur in reliability engineering in 2006.His areas of research and teaching are network reliability, software reliability, electronic system reliability, reliability testing, probabilistic risk/safety assessment, and reliability design. He has completed various research and consultancy projects for various organizations, e.g. DRDO, NPCIL, Vodafone, and ECIL. He has contributed several research papers to various international journals and conference proceedings. DR. S. RAJKUMAR received his BE (Distinction) and ME (Distinction) degrees from Anna University, India, in 2009 and 2011, respectively. He obtained his PhD from the Indian Institute of Technology Kharagpur, India in 2017. Currently working as an Assistant Professor in Department of ECE at Adama Science and Technology University (ASTU), Ethiopia. His research interests include reliability engineering and interconnection networks. He has contributed notable research papers to international journals. Series Editor Preface ixPreface xiii1 INTRODUCTION 11.1 Introduction 11.2 Network Reliability Measures 21.3 The Probabilistic Graph Model 41.4 Approaches for Network Reliability Evaluation 61.5 Motivation and Summary 72 INTERCONNECTION NETWORKS 112.1 Interconnection Networks Classification 112.2 Multistage Interconnection Networks (MINs) 142.3 Research Issues in MIN Design 152.4 Some Existing MINs Implementations 192.5 Review of Topological Fault Tolerance 202.5.1 Redundant and Disjoint Paths 222.5.2 Backtracking 262.5.3 Dynamic Rerouting 272.6 MIN Topological Review on Disjoint Paths 272.6.1 Single-Disjoint Path Multistage Interconnection Networks 272.6.2 Two-Disjoint Paths Multistage Interconnection Networks 362.6.3 Three-Disjoint Paths Multistage Interconnection Networks 472.6.4 Four-Disjoint Paths Multistage Interconnection Networks 512.7 Hardware Cost Analysis 552.8 Observations 602.9 Summary 613 MIN RELIABILITY EVALUATION TECHNIQUES 633.1 Reliability Performance Criterion 633.1.1 Two Terminal or Terminal Pair Reliability (TPR) 643.1.2 Network or All Terminal Reliability (ATR) 643.1.3 Broadcast Reliability 653.2 Approaches for Reliability Evaluation 663.2.1 Continuous Time Markov Chains (CTMC) 673.2.2 Matrix Enumeration 673.2.3 Conditional Probability (CP) Method 673.2.4 Graph Models 693.2.5 Decomposition Method 703.2.6 Reliability Block Diagram (RBD) 713.2.7 Reliability Bounds 733.2.7.1 Lower Bound Reliability 753.2.7.2 Upper Bound Reliability 763.2.8 Monte Carlo Simulation 773.2.9 Path-Based or Cut-Based Approaches 783.3 Observations 814 TERMINAL RELIABILITY ANALYSIS OF MIN LAYOUTS 854.1 Chaturvedi and Misra Approach 874.1.1 Path Set Enumeration 884.1.2 Reliability Evaluation using MVI Techniques 964.1.3 Reliability Evaluation Techniques Comparison 994.1.3.1 Terminal Reliability of SEN, SEN+ and SEN+2 1004.1.3.2 Broadcast Reliability of SEN, SEN +, and SEN+2 1014.1.3.3 Comparison 1024.2 Reliability Analysis of Multistage Interconnection Networks 1044.3 Summary 1135 COMPREHENSIVE MIN RELIABILITY PARADIGMS EVALUATION 1155.1 Introduction 1155.2 Reliability Evaluation Approach 1195.2.1 Path Set Enumeration 1205.2.1.1 Assumptions 1205.2.1.2 Applied Approach 1215.2.1.3 Path Tracing Algorithm (PTA) 1225.2.1.4 Path Retrieval Algorithm (PRA) 1235.3 Reliability Evaluation Using MVI Techniques 1405.4 Summary 1566 DYNAMIC TOLERANT AND RELIABLE FOUR DISJOINT MIN LAYOUTS 1576.1 Topological Design Considerations 1606.1.1 Topology 1616.1.2 Switch Selection for Proposed 4DMIN 1626.2 Proposed 4-Disjoint Multistage Interconnection Network (4DMIN) Layout 1646.2.1 Switching Pattern 1646.2.2 Redundant and Disjoint Paths 1656.2.3 Routing and Dynamic Rerouting 1666.2.4 Algorithm: Decision Making by Switches at Each Stage 1686.2.5 Case Example 1706.2.6 Disjoint and Dynamic Rerouting Approach in 4DMIN 1726.2.7 Hardware Cost Analysis 1726.3 Reliability Analysis and Comparison of MINs 1746.4 Reliable Interconnection Network (RIN) Layout 1816.4.1 Topology Design 1856.4.2 Switching Pattern 1876.4.3 Routing and Dynamic Rerouting 1896.5 Reliability Analysis and Comparison of MINs 1976.6 Summary 201References 203Index 213
Systems and Network Infrastructure Integration
IT infrastructures are now essential in all areas and sectors of human activity; they are the cornerstone of any information system. Thus, it is clear that the greatest of care must be given to their design, implementation, security and supervision in order to ensure optimum functionality and better performance. Within this context, Systems and Network Infrastructure Integration presents the methodological and theoretical principles necessary to successfully carry out an integration project for network and systems infrastructures. This book is aimed at anyone interested in the field of networks in general. In particular, it is intended for students of fields relating to networks and computer systems who are called upon to integrate their knowledge and skills, gained throughout their academic study, into a comprehensive project to set up a complete infrastructure, while respecting the necessary specifications.SAIDA HELALI is a university lecturer in Information Technology (specializing in networks and information systems) at the Institut Supérieur des Etudes Technologiques de Radès (Tunisia). He holds an ACREDITE master's degree (Analysis, Conception and Research in the Domain of Educational Technology Engineering), which was jointly awarded by the Université de Cergy-Pontoise (France), the Université de MONS (Belgium) and the Université de Genève (Switzerland). In 2017, he was chair of the Tunisian branch of the IEEE Education Society and he is also an acting member of AIPU TUNISIE, an international association about university pedagogy.Preface ixCHAPTER 1. INTRODUCTION TO PROJECT MANAGEMENT 11.1. Introduction 11.2. Project management 21.3. Project management methods and tools 31.3.1. Gantt diagram 51.3.2. RACI (Responsible, Accountable, Consulted, Informed) matrix 51.3.3. The concept of specifications 61.4. Chapter summary 8CHAPTER 2. SIMULATING NETWORK ARCHITECTURES WITH GNS3 92.1. Introduction 92.2. Definition 102.3. Introduction to GNS3 112.3.1. Functionalities of GNS3 122.3.2. Limitations 122.3.3. GNS3 installation 122.3.4. Getting started with GNS3 132.4. Chapter summary 25CHAPTER 3. GREEN IT 273.1. Introduction 273.2. Introduction of concept 283.3. Green IT trigger factors 293.4. Benefits of Green IT 293.5. The lifecycle of ICTs 303.6. Mechanisms and technical solutions for the implementation of a Green IT infrastructure 313.7. Green IT labels and standards 333.8. Some examples of Eco-ICTs 343.9. Chapter summary 36CHAPTER 4. DESIGN OF NETWORK INFRASTRUCTURES 374.1. Introduction 374.2. The founding principles of networks 384.2.1. Definition and preliminaries 384.2.2. Classification of digital data networks 394.2.3. Components of a network 404.2.4. Measuring network performance 454.2.5. Concepts of collision domain/broadcast domain and VLANs 474.3. Methods and models of IT network design 484.3.1. Principles of structured engineering 484.4. Assessment of needs and choice of equipment 544.5. Chapter summary 56CHAPTER 5. NETWORK SERVICES 575.1. Introduction 575.2. DHCP service 585.2.1. Introduction 585.2.2. Operating principle 585.2.3. Renewal of lease 625.2.4. The concept of a DHCP relay 625.3. DNS service 635.3.1. Introduction 635.3.2. Operating principle 635.4. LDAP service 665.4.1. Introduction 665.4.2. LDAP protocol 675.4.3. LDAP directory 685.5. E-mail service 705.5.1. Introduction 705.5.2. Architecture and operating principle. 715.5.3. Protocols involved 725.6. Web server 735.6.1. Introduction 735.6.2. Operating principle 735.6.3. The principle of virtual hosting 745.7. FTP file transfer service 765.7.1. Definition 765.7.2. Operating principle 775.7.3. Types 775.8. Chapter summary 78CHAPTER 6. SYSTEM AND NETWORK SECURITY 796.1. Introduction 796.2. Definitions, challenges and basic concepts 806.3. Threats/attacks 826.3.1. Access attacks 826.3.2. Modification attacks 836.3.3. Saturation attacks 836.3.4. Repudiation attacks 836.4. Security mechanisms 836.4.1. Encryption tools 846.4.2. Antivirus programs 846.4.3. Firewalls/IDS and IPS 846.4.4. VPNs 866.4.5. Other means of security 896.5. Security management systems: norms and security policies 916.5.1. Norms 916.5.2. The idea of security policy 926.6. Chapter summary 93CHAPTER 7. VIRTUALIZATION AND CLOUD COMPUTING 957.1. Introduction 957.2. Virtualization 967.2.1. Definition 967.2.2. Benefits of virtualization 967.2.3. Areas of application 977.2.4. Categories of virtualization 1007.2.5. Limits of virtualization 1037.3. Cloud computing 1037.3.1. Definitions 1037.3.2. Leverage factors and generic principles 1047.3.3. Architecture models 1047.3.4. Types of cloud 1077.3.5. Areas of application 1097.3.6. Advantages and limitations 1107.4. Chapter summary 111CHAPTER 8. QUALITY OF SERVICE AND HIGH AVAILABILITY 1138.1. Introduction 1138.2. Quality of service 1148.2.1. Motivation 1148.2.2. Definition(s) 1158.2.3. Objectives of QoS 1168.2.4. Metrics of QoS 1178.2.5. General principles of QoS 1188.2.6. QoS mechanisms 1208.3. High availability 1418.3.1. Redundancy in the physical layer 1438.3.2. Redundancy in the data link layer 1438.3.3. Redundancy in the network layer 1498.3.4. Redundancy in the application layer 1548.4. Chapter summary 156CHAPTER 9. MONITORING SYSTEMS AND NETWORKS 1579.1. Introduction 1579.2. Main concepts of network and service supervision 1589.2.1. Definition 1589.2.2. Challenges of monitoring 1589.2.3. Typology 1599.3. Monitoring protocols 1619.3.1. SNMP protocol (Simple Network Management Protocol) 1619.3.2. WMI (Windows Management Instrumentation) 1649.3.3. WS-Management (Web Services for Management) 1649.3.4. IPMI (Intelligent Platform Management Interface) 1649.3.5. NetFlow/IPFIX 1659.3.6. Netconf 1659.4. Monitoring tools 1659.4.1. Commercial monitoring solutions (HP OpenView, Tivoli) and software publisher solutions 1669.4.2. Free monitoring solutions 1679.5. Chapter summary 171References 173Index 179
Datenbanken
Fundierte Einführung in relationale Datenbanken und die Anfragesprache SQL Datenbanken für die Berufspraxis verstehen, anwenden und entwickelnMit zwei durchgängigen Beispielen und zahlreichen ÜbungenDatenbanken haben sich zu einem unverzichtbaren Bestandteil jeglicher Informationssysteme entwickelt, um größere Mengen strukturierter Daten verwalten, wiederauffinden und analysieren zu können.Die Autoren vermitteln fundiert und kompakt die zum Verständnis und auch zur Entwicklung solcher Systeme notwendigen Kenntnisse aus den Bereichen Datenbankentwurf, Datenmodellierung, Datenänderungen und Datenanalysen und stellen die relationale Datenbanksprache SQL ausführlich vor. Alle Konzepte und Sprachelemente erläutern die Autoren anhand von zwei durchgängigen Beispielen. Des Weiteren besprechen die Autoren Themen wie Nutzersichten, Datenschutz, Integritätssicherung, Tuning von Datenbankanwendungen sowie statistische Datenanalysen (Data Warehousing, Data Mining). Sie erläutern auch neuere Entwicklungen wie NoSQL-Datenbanksysteme, spaltenorientierte Speicherungsformen und die Analyse von Big Data.Das Buch richtet sich vor allem an Schüler und Studenten außerhalb des Fachbereichs Informatik, die schnell und dennoch fundiert die Grundlagen zur Entwicklung und zum Einsatz von Datenbanken lernen wollen. Übungsaufgaben am Ende jedes Kapitels machen das Buch ideal für Studium und Selbststudium.Aus dem Inhalt:Was sind Datenbanken? Relationale Datenbanken:Daten als Tabellen Das Entity-Relationship-Modell Datenbankentwurf Normalisierung für eine redundanzfreie DatenbankDatendefinition und Updates in SQLAnfragen in SQLSichten und DatenschutzIntegrität und TriggerStatistische Datenanalysen (Data Warehousing, Data Mining)Arbeitsweise eines DBMS und TuningOLTP- und OLAP-SystemRow und Column Stores, NoSQL und NewSQLAusblick inklusive Verarbeitung von Big DataZwei durchgängige Beispiele mit Datenbankentwurf und relationaler RepräsentationAndreas Heuer, Gunter Saake und Kai-Uwe Sattler sind Professoren für Informatik an den Universitäten von Rostock, Magdeburg und Ilmenau. Holger Meyer ist wissenschaftlicher Oberrat und Hannes Grunert wissenschaftlicher Mitarbeiter an der Universität Rostock.
Alice and Bob Learn Application Security
LEARN APPLICATION SECURITY FROM THE VERY START, WITH THIS COMPREHENSIVE AND APPROACHABLE GUIDE!Alice and Bob Learn Application Security is an accessible and thorough resource for anyone seeking to incorporate, from the beginning of the System Development Life Cycle, best security practices in software development. This book covers all the basic subjects such as threat modeling and security testing, but also dives deep into more complex and advanced topics for securing modern software systems and architectures. Throughout, the book offers analogies, stories of the characters Alice and Bob, real-life examples, technical explanations and diagrams to ensure maximum clarity of the many abstract and complicated subjects.Topics include:* Secure requirements, design, coding, and deployment* Security Testing (all forms)* Common Pitfalls* Application Security Programs* Securing Modern Applications* Software Developer Security HygieneAlice and Bob Learn Application Security is perfect for aspiring application security engineers and practicing software developers, as well as software project managers, penetration testers, and chief information security officers who seek to build or improve their application security programs.Alice and Bob Learn Application Security illustrates all the included concepts with easy-to-understand examples and concrete practical applications, furthering the reader's ability to grasp and retain the foundational and advanced topics contained within.TANYA JANCA, also known as SheHacksPurple, is the founder of We Hack Purple, an online learning academy dedicated to teaching everyone how to create secure software. With over twenty years of IT and coding experience, she has won numerous awards and worked as a developer, pentester, and AppSec Engineer. She was named Hacker of the Year by the Cybersecurity Woman of the Year 2019 Awards and is the Founder of WoSEC International, #CyberMentoringMonday, and OWASP DevSlop.Foreword xxiIntroduction xxiiiPART I WHAT YOU MUST KNOW TO WRITE CODE SAFE ENOUGH TO PUT ON THE INTERNET 1CHAPTER 1 SECURITY FUNDAMENTALS 3The Security Mandate: CIA 3Confidentiality 4Integrity 5Availability 5Assume Breach 7Insider Threats 8Defense in Depth 9Least Privilege 11Supply Chain Security 11Security by Obscurity 13Attack Surface Reduction 14Hard Coding 15Never Trust, Always Verify 15Usable Security 17Factors of Authentication 18Exercises 20CHAPTER 2 SECURITY REQUIREMENTS 21Requirements 22Encryption 23Never Trust System Input 24Encoding and Escaping 28Third-Party Components 29Security Headers: Seatbelts for Web Apps 31Security Headers in Action 32X-XSS-Protection 32Content-Security-Policy (CSP) 32X-Frame-Options 35X-Content-Type-Options 36Referrer-Policy 36Strict-Transport-Security (HSTS) 37Feature-Policy 38X-Permitted-Cross-Domain-Policies 39Expect-CT 39Public Key Pinning Extension for HTTP (HPKP) 41Securing Your Cookies 42The Secure Flag 42The HttpOnly Flag 42Persistence 43Domain 43Path 44Same-Site 44Cookie Prefixes 45Data Privacy 45Data Classification 45Passwords, Storage, and Other Important Decisions 46HTTPS Everywhere 52TLS Settings 53Comments 54Backup and Rollback 54Framework Security Features 54Technical Debt = Security Debt 55File Uploads 56Errors and Logging 57Input Validation and Sanitization 58Authorization and Authentication 59Parameterized Queries 59URL Parameters 60Least Privilege 60Requirements Checklist 61Exercises 63CHAPTER 3 SECURE DESIGN 65Design Flaw vs. Security Bug 66Discovering a Flaw Late 67Pushing Left 68Secure Design Concepts 68Protecting Sensitive Data 68Never Trust, Always Verify/Zero Trust/Assume Breach 70Backup and Rollback 71Server-Side Security Validation 73Framework Security Features 74Security Function Isolation 74Application Partitioning 75Secret Management 76Re-authentication for Transactions (Avoiding CSRF) 76Segregation of Production Data 77Protection of Source Code 77Threat Modeling 78Exercises 82CHAPTER 4 SECURE CODE 83Selecting Your Framework and Programming Language 83Example #1 85Example #2 85Example #3 86Programming Languages and Frameworks: The Rule 87Untrusted Data 87HTTP Verbs 89Identity 90Session Management 91Bounds Checking 93Authentication (AuthN) 94Authorization (AuthZ) 96Error Handling, Logging, and Monitoring 99Rules for Errors 100Logging 100Monitoring 101Exercises 103CHAPTER 5 COMMON PITFALLS 105OWASP 105Defenses and Vulnerabilities Not Previously Covered 109Cross-Site Request Forgery 110Server-Side Request Forgery 112Deserialization 114Race Conditions 115Closing Comments 117Exercises 117PART II WHAT YOU SHOULD DO TO CREATE VERY GOOD CODE 119CHAPTER 6 TESTING AND DEPLOYMENT 121Testing Your Code 121Code Review 122Static Application Security Testing (SAST) 123Software Composition Analysis (SCA) 125Unit Tests 126Infrastructure as Code (IaC) and Security as Code (SaC) 128Testing Your Application 129Manual Testing 130Browsers 131Developer Tools 131Web Proxies 132Fuzzing 133Dynamic Application Security Testing (DAST) 133VA/Security Assessment/PenTest 135Testing Your Infrastructure 141Testing Your Database 141Testing Your APIs and Web Services 142Testing Your Integrations 143Testing Your Network 144Deployment 145Editing Code Live on a Server 146Publishing from an IDE 146“Homemade” Deployment Systems 147Run Books 148Contiguous Integration/Continuous Delivery/Continuous Deployment 148Exercises 149CHAPTER 7 AN APPSEC PROGRAM 151Application Security Program Goals 152Creating and Maintaining an Application Inventory 153Capability to Find Vulnerabilities in Written, Running, and Third-Party Code 153Knowledge and Resources to Fix the Vulnerabilities 154Education and Reference Materials 155Providing Developers with Security Tools 155Having One or More Security Activities During Each Phase of Your SDLC 156Implementing Useful and Effective Tooling 157An Incident Response Team That Knows When to Call You 157Continuously Improve Your Program Based on Metrics, Experimentation, and Feedback 159Metrics 159Experimentation 161Feedback from Any and All Stakeholders 161A Special Note on DevOps and Agile 162Application Security Activities 162Application Security Tools 164Your Application Security Program 165Exercises 166CHAPTER 8 SECURING MODERN APPLICATIONS AND SYSTEMS 167APIs and Microservices 168Online Storage 171Containers and Orchestration 172Serverless 174Infrastructure as Code (IaC) 175Security as Code (SaC) 177Platform as a Service (PaaS) 178Infrastructure as a Service (IaaS) 179Continuous Integration/Delivery/Deployment 180Dev(Sec)Ops 180DevSecOps 182The Cloud 183Cloud Computing 183Cloud Native 184Cloud Native Security 185Cloud Workflows 185Modern Tooling 186IAST Interactive Application Security Testing 186Runtime Application Security Protection 187File Integrity Monitoring 187Application Control Tools (Approved Software Lists) 187Security Tools Created for DevOps Pipelines 188Application Inventory Tools 188Least Privilege and Other Policy Automation 189Modern Tactics 189Summary 191Exercises 191PART III HELPFUL INFORMATION ON HOW TO CONTINUE TO CREATE VERY GOOD CODE 193CHAPTER 9 GOOD HABITS 195Password Management 196Remove Password Complexity Rules 196Use a Password Manager 197Passphrases 198Don’t Reuse Passwords 198Do Not Implement Password Rotation 199Multi-Factor Authentication 199Incident Response 200Fire Drills 201Continuous Scanning 202Technical Debt 202Inventory 203Other Good Habits 204Policies 204Downloads and Devices 204Lock Your Machine 204Privacy 205Summary 206Exercises 206CHAPTER 10 CONTINUOUS LEARNING 207What to Learn 208Offensive = Defensive 208Don’t Forget Soft Skills 208Leadership != Management 209Learning Options 209Accountability 212Create Your Plan 213Take Action 214Exercises 214Learning Plan 216CHAPTER 11 CLOSING THOUGHTS 217Lingering Questions 218When Have You Done Enough? 218How Do You Get Management on Board? 220How Do You Get Developers on Board? 221Where Do You Start? 222Where Do You Get Help? 223Conclusion 223APPENDIX A RESOURCES 225Introduction 225Chapter 1: Security Fundamentals 225Chapter 2: Security Requirements 226Chapter 3: Secure Design 227Chapter 4: Secure Code 228Chapter 5: Common Pitfalls 228Chapter 6: Testing and Deployment 229Chapter 7: An AppSec Program 229Chapter 8: Securing Modern Applications and Systems 230Chapter 9: Good Habits 231Chapter 10: Continuous Learning 231APPENDIX B ANSWER KEY 233Chapter 1: Security Fundamentals 233Chapter 2: Security Requirements 235Chapter 3: Secure Design 236Chapter 4: Secure Code 238Chapter 5: Common Pitfalls 241Chapter 6: Testing and Deployment 242Chapter 7: An AppSec Program 244Chapter 8: Securing Modern Applications and Systems 245Chapter 9: Good Habits 247Chapter 10: Continuous Learning 248Index 249
Hacking
* METHODEN UND TOOLS DER HACKER, CYBERKRIMINELLEN UND PENETRATION TESTER* MIT ZAHLREICHEN SCHRITT-FÜR-SCHRITT-ANLEITUNGEN UND PRAXIS-WORKSHOPS* INKLUSIVE VORBEREITUNG AUF DEN CERTIFIED ETHICAL HACKER (CEHV10) MIT BEISPIELFRAGEN ZUM LERNENDies ist ein praxisorientierter Leitfaden für angehende Hacker, Penetration Tester, IT-Systembeauftragte, Sicherheitsspezialisten und interessierte Poweruser. Mithilfe vieler Workshops, Schritt-für-Schritt-Anleitungen sowie Tipps und Tricks lernen Sie unter anderem die Werkzeuge und Mittel der Hacker und Penetration Tester sowie die Vorgehensweise eines professionellen Hacking-Angriffs kennen. Der Fokus liegt auf der Perspektive des Angreifers und auf den Angriffstechniken, die jeder Penetration Tester kennen muss.Dabei erläutern die Autoren für alle Angriffe auch effektive Gegenmaßnahmen. So gibt dieses Buch Ihnen zugleich auch schrittweise alle Mittel und Informationen an die Hand, um Ihre Systeme auf Herz und Nieren zu prüfen, Schwachstellen zu erkennen und sich vor Angriffen effektiv zu schützen.Das Buch umfasst nahezu alle relevanten Hacking-Themen und besteht aus sechs Teilen zu den Themen: Arbeitsumgebung, Informationsbeschaffung, Systeme angreifen, Netzwerk- und sonstige Angriffe, Web Hacking sowie Angriffe auf WLAN und Next-Gen-Technologien.Jedes Thema wird systematisch erläutert. Dabei werden sowohl die Hintergründe und die zugrundeliegenden Technologien als auch praktische Beispiele in konkreten Szenarien besprochen. So haben Sie die Möglichkeit, die Angriffstechniken selbst zu erleben und zu üben. Das Buch ist als Lehrbuch konzipiert, eignet sich aber auch als Nachschlagewerk.Sowohl der Inhalt als auch die Methodik orientieren sich an der Zertifizierung zum Certified Ethical Hacker (CEHv10) des EC Council. Testfragen am Ende jedes Kapitels helfen dabei, das eigene Wissen zu überprüfen und für die CEH-Prüfung zu trainieren. Damit eignet sich das Buch hervorragend als ergänzendes Material zur Prüfungsvorbereitung.AUS DEM INHALT:* Aufbau einer Hacking-Laborumgebung* Einführung in Kali Linux als Hacking-Plattform* Sicher und anonym im Internet kommunizieren* Reconnaissance (Informationsbeschaffung)* Vulnerability-Scanning* Password Hacking* Bind und Reverse Shells* Mit Malware das System übernehmen* Spuren verwischen* Lauschangriffe und Man-in-the-Middle* Social Engineering* Web- und WLAN-Hacking* Angriffe auf IoT-Systeme* Cloud-Hacking und -Security* Durchführen von PenetrationstestsEric Amberg ist selbstständiger Experte für IT-Netzwerke und -Sicherheit und hat in den letzten 20 Jahren zahlreiche Projekte aller Größenordnungen durchgeführt. Seine große Leidenschaft ist die Wissensvermittlung, die er in Büchern, Magazinen und insbesondere Videotrainings stets praxisnah und lebendig präsentiert. Eric verfügt über zahlreiche Zertifizierungen, unter anderem CEHv10, CISSP, CCNP Security, LPIC-2 und ist zertifizierter Cisco-Trainer (CSI # 34318).Daniel Schmid ist bei einem großen Energiekonzern im Bereich Netzwerke und Security tätig. Als Projektleiter für diverse große, teils internationale Projekte hat er in über 10 Jahren viel Erfahrung in der Planung und Implementation sicherheitskritischer Infrastruktur gesammelt und hat dabei seine Leidenschaft für das Thema "Hacking und Penetration Testing" entdeckt.Eric und Daniel haben bereits viele gemeinsame Projekte erfolgreich umgesetzt und sind die Gründer der Hacking-Akademie (https://hacking-akademie.de).
Serverless Security
Apply the basics of security in serverless computing to new or existing projects. This hands-on guide provides practical examples and fundamentals. You will apply these fundamentals in all aspects of serverless computing: improving the code, securing the application, and protecting the infrastructure. You will come away having security knowledge that enables you to secure a project you are supporting and have technical conversations with cybersecurity personnel.At a time when there are many news stories on cybersecurity breaches, it is crucial to think about security in your applications. It is tempting to believe that having a third-party host the entire computing platform will increase security. This book shows you why cybersecurity is the responsibility of everyone working on the project.WHAT YOU WILL LEARN* Gain a deeper understanding of cybersecurity in serverless computing* Know how to use free and open source tools (such as the Node Package Manager, ESLint, and VSCode) to reduce vulnerabilities in your application code* Assess potential threats from event triggers in your serverless functions* Understand security best practices in serverless computing* Develop an agnostic security architecture while reducing risk from vendor-specific infrastructureWHO THIS BOOK IS FORDevelopers or security engineers looking to expand their current knowledge of traditional cybersecurity into serverless computing projects. Individuals just beginning in serverless computing and cybersecurity can apply the concepts in this book in their projects.MIGUEL CALLES is a freelance cybersecurity content writer. He has an information assurance certification, and works as an engineer on a serverless project. He started in cybersecurity in 2016 for a US government contract, and has been doing technical writing since 2007, and has worked in various engineering roles since 2004. Miguel started his interest in cybersecurity when he was in middle school and was trying to backward engineer websites.INTRODUCTIONPART I: THE NEED FOR SECURITYCHAPTER 1: DETERMINING SCOPEUnderstanding the ApplicationScopingCHAPTER 2: PERFORMING A RISK ASSESSMENTUnderstanding the Threat LandscapeThreat ModelingPreparing the Risk AssessmentPart II: Securing the ApplicationCHAPTER 3: SECURING THE CODEAssessing DependenciesUsing Static Code Analysis ToolsWriting Unit TestsCHAPTER 4: SECURING THE INTERFACESIdentifying the InterfacesDetermining the Interface InputsReducing the Attack SurfaceCHAPTER 5: SECURING THE CODE REPOSITORYUsing a Code RepositoryLimiting Saved ContentPART III: SECURING THE INFRASTRUCTURECHAPTER 5: RESTRICTING PERMISSIONSUnderstanding PermissionsIdentifying the ServicesUpdating the PermissionsCHAPTER 6: ACCOUNT MANAGEMENTUnderstanding Account AccessRestricting Account AccessImplementing Multi-Factor AuthenticationUsing SecretsPART IV: MONITORING AND ALERTINGCHAPTER 7: MONITORING LOGSUnderstanding Logging MethodsReviewing LogsCHAPTER 8: MONITORING METRICSUnderstanding MetricsReviewing MetricsCHAPTER 9: MONITORING BILLINGUnderstanding BillingReviewing BillingCHAPTER 10: MONITORING SECURITY EVENTSUnderstanding Security EventsReviewing Security EventCHAPTER 10: ALERTINGUnderstanding AlertingImplementing AlertingCHAPTER 11: AUDITINGUnderstanding AuditingImplementing AuditingPART V: SECURITY ASSESSMENT AND REPORTCHAPTER 12: FINALIZING THE RISK ASSESSMENTScoring the Identified RisksDefining the Mitigation StepsAssessing the Business ImpactDetermining the Overall Security Risk Level
Learn Android Studio 4
Build and deploy your Java-based Android apps using the popular and efficient Android Studio 4 suite of tools, an integrated development environment (IDE) for today's Android developers. With this book, you’ll learn the latest and most productive tools in the Android tools ecosystem, ensuring quick Android app development and minimal effort on your part.Among these tools, you'll use the new Android Studio 4 features, including an upgraded CPU profiler UI, a new build speed window, the multi-preview feature, and the live layout inspector.After reading and using this book, you'll be able to efficiently build complete Java-based Android apps that run on any Android smartphone, tablet, smart watch and more. You’ll also be able to publish those apps and sell them online and in the Google Play store.WHAT YOU WILL LEARN* Use Android Studio 4 to quickly and confidently build your first Android apps* Build an Android user interface using activities and layouts, event handling, images, menus, and the action bar* Work with new tools in Android Studio 4: Jetpack compose support, a smart editor for ProGuard rules, a new motion layout editor, a new Android Gradle plugin, and a fragment wizard with new fragment templates * Integrate data with data persistence * Access the cloud WHO THIS BOOK IS FORThose who may be new to Android Studio 4 or Android Studio in general. You may or may not be new to Android development. Some prior experience with Java is recommended.Ted Hagos is currently heading the software development group of a Dublin-based software development company. He is a certified Java programmer and enterprise architect. He has over 15 years of software development experience, and many years of experience in corporate training. He held a post as instructor in IBM Advanced Career Education, Ateneo ITI and Asia Pacific College, and has trained hundreds of programmers in various languages and platforms.1. Overview2. Android Studio3. Project Basics4. Android Studio IDE5. Android Programming Basics6. Activities and Layouts7. Event Handling8. Intents9. Fragments10. Navigation Components11. Running in the background12. Debugging13. Testing14. Working with Files15. BroadcastReceivers16. Jetpack LiveData, ViewModel, LiveData and Room17. App Distribution18. Appendix : Java Refresher
Programmieren ganz einfach
So leicht kann Programmieren sein! Der ultimative Einstieg in die Welt des Programmierens! Dieses Programmier-Buch führt Sie mit anschaulichen Anleitungen, Grafiken & benutzerfreundlichen Bausteinen Schritt für Schritt in die wichtigsten Programmiersprachen ein – ob Python oder Scratch. In praktischen Projekten bauen Sie Webseiten, programmieren Spiele, designen Apps, arbeiten mit Raspberry Pi und lernen die gängigen Fachbegriffe wie Algorithmus & Variable – mit leicht verständlichen Erklärungen. Basis-Wissen rund ums Programmieren: • Die wichtigsten Programmiersprachen: Ob Sie HTML oder Scratch nutzen, Python oder Java lernen möchten – diese Sprachen werden anschaulich und leicht verständlich erklärt. • Programmieren lernen Schritt-für-Schritt: Vom Spiel bis zur Website – in detaillierten Projekten mit einfachen Anleitungen setzen Sie das Gelernte in die Praxis um und lernen so die Hauptanwendungen jeder Programmiersprache kennen. Informationen zum Lernziel vermitteln die benötigte Zeit sowie den Schwierigkeitsgrad. Symbole, farbige Fenster mit Rastern und Ablaufpläne, die die Programmstruktur erklären, leiten durch die Projekte. • Visuelle & leicht verständliche Aufbereitung: Durch Einteilung in benutzerfreundliche Bausteine und grafische Erklärungen werden selbst komplexe Zusammenhänge begreifbar gemacht.
Creating Good Data
Create good data from the start, rather than fixing it after it is collected. By following the guidelines in this book, you will be able to conduct more effective analyses and produce timely presentations of research data.Data analysts are often presented with datasets for exploration and study that are poorly designed, leading to difficulties in interpretation and to delays in producing meaningful results. Much data analytics training focuses on how to clean and transform datasets before serious analyses can even be started. Inappropriate or confusing representations, unit of measurement choices, coding errors, missing values, outliers, etc., can be avoided by using good dataset design and by understanding how data types determine the kinds of analyses which can be performed.This book discusses the principles and best practices of dataset creation, and covers basic data types and their related appropriate statistics and visualizations. A key focus of the book is why certain data types are chosen for representing concepts and measurements, in contrast to the typical discussions of how to analyze a specific data type once it has been selected.WHAT YOU WILL LEARN* Be aware of the principles of creating and collecting data* Know the basic data types and representations* Select data types, anticipating analysis goals* Understand dataset structures and practices for analyzing and sharing* Be guided by examples and use cases (good and bad)* Use cleaning tools and methods to create good dataWHO THIS BOOK IS FORResearchers who design studies and collect data and subsequently conduct and report the results of their analyses can use the best practices in this book to produce better descriptions and interpretations of their work. In addition, data analysts who explore and explain data of other researchers will be able to create better datasets.HARRY J. FOXWELL is a professor. He teaches graduate data analytics courses at George Mason University in the department of Information Sciences and Technology and he designed the data analytics curricula for his university courses. He draws on his decades of experience as Principal System Engineer for Oracle and for other major IT companies to help his students understand the concepts, tools, and practices of big data projects. He is co-author of several books on operating systems administration. He is a US Army combat veteran, having served in Vietnam as a Platoon Sergeant in the First Infantry Division. He lives in Fairfax, Virginia with his wife Eileen and two bothersome cats.INTRODUCTIONGoal: The problem of dataset cleaning and why better design is neededWho this book is forCHAPTER 1: BASIC DATA TYPESGoal: understanding data typesNominal, ordinal, interval, ratio, otherHow/why to choose specific representationsCHAPTER 2: PLANNING YOUR DATA COLLECTIONGoal: preventive action, avoiding data creation errorsAnticipating your required analysisThe goals of descriptive statistics and visualizationsThe goals of relationship statistics and visualizationsIndependent and dependent variablesCHAPTER 3: DATASET STRUCTURESGoal: Understanding how to structure/store dataTypes of datasets.csv, SQL, Excel, Web, JSON,Sharing data (open formats)Managing datasetsCHAPTER 4: DATA COLLECTION ISSUESGoal: Understanding how to collect dataUnderstand and avoid BiasSamplingCHAPTER 5: EXAMPLES AND USE CASESGoal: Illustrate good & not so good datasetsCHAPTER 6: TOOLS FOR DATASET CLEANINGGoal: still need some data cleanup? here’s some helpData cleaning using R, Python, commercial tools (e.g., Tableau)ANNOTATED REFERENCESGoal: include helpful data design and cleaning references
Empower Decision Makers with SAP Analytics Cloud
Discover the capabilities and features of SAP Analytics Cloud to draw actionable insights from a variety of data, as well as the functionality that enables you to meet typical business challenges. With this book, you will work with SAC and enable key decision makers within your enterprise to deliver crucial business decisions driven by data and key performance indicators. Along the way you’ll see how SAP has built a strong repertoire of analytics products and how SAC helps you analyze data to derive better business solutions.This book begins by covering the current trends in analytics and how SAP is re-shaping its solutions. Next, you will learn to analyze a typical business scenario and map expectations to the analytics solution including delivery via a single platform. Further, you will see how SAC as a solution meets each of the user expectations, starting with creation of a platform for sourcing data from multiple sources, enabling self-service for a spectrum of business roles, across time zones and devices. There’s a chapter on advanced capabilities of predictive analytics and custom analytical applications. Later there are chapters explaining the security aspects and their technical features before concluding with a chapter on SAP’s roadmap for SAC.Empower Decision Makers with SAP Analytics Cloud takes a unique approach of facilitating learning SAP Analytics Cloud by resolving the typical business challenges of an enterprise. These business expectations are mapped to specific features and capabilities of SAC, while covering its technical architecture block by block.WHAT YOU WILL LEARN* Work with the features and capabilities of SAP Analytics Cloud* Analyze the requirements of a modern decision-support systemUse the features of SAC that make it a single platform for decision support in a modern enterprise. * See how SAC provides a secure and scalable platform hosted on the cloud WHO THIS BOOK IS FOREnterprise architects, SAP BI analytic solution architects, and developers.VINAYAK is a seasoned analytics consultant with experience across multiple business domains and roles. As senior architect at Tata Consultancy Services Ltd., Vinayak has been engaged in technology consulting and architecting solutions across the SAP analytics portfolio for Fortune 500 firms. He has been instrumental in building, mentoring, and enabling teams delivering complex digital transformations for global clients. Passionate about technology, Vinayak regularly publishes articles and technical papers with well-known publications. He is also an active contributor to the SAP community and regularly publishes blogs on technologies in the SAP analytics portfolio.SHREEKANT is a senior management professional with expertise on leading and managing business functions and technology consulting. He established and developed business units for Fortune 500 firms, namely the public service business for the world’s leading professional services company, launched the Shell Gas business in India for a JV of Shell. Shreekant grew the SAP technology business for Tata Consultancy Services Ltd. by winning strategic clients in new and existing geographies, creating innovative service offerings. He played a critical part in multiple transformation programs for Bharat Petroleum Corporation Ltd. He has mentored authors, published best seller books and white papers on technology, and has patents on technology and service delivery. He specializes in realizing concepts to their value-creation stage, innovation and transformation, and building organizations.CHAPTER 1: CURRENT TRENDS IN ANALYTICS AND SAP’S ROAD MAPChapter Goal: To understand the latest trends in analytics and how SAP is adapting to these trends. To understand SAP’s digital core and how analytics forms a pillar of the methodology.CHAPTER 2: BUSINESS SCENARIO FOR ANALYTICS LANDSCAPE TRANSFORMATIONChapter Goal: To understand a real-world scenario of an enterprise which is planning to upgrade its traditional business intelligence to a modern analytics landscape.SUB TOPICS:Customer introductionCustomer’s current landscape and pain pointsCustomer’s expectation from analytics landscapeExpected landscapeCHAPTER 3: SAC FOR ENABLING “SINGLE VERSION OF TRUTH”Chapter Goal: Understand how SAP Analytics Cloud enables a single platform for multiple data sources to come together for analysis.SUB TOPICS:Analysis of customer requirementAlignment to specific SAP Analytics Cloud capabilityStep by step process to implement the capabilityCustomer benefits and future directionCHAPTER 4: LEVERAGE SAC TO CREATE “ALL-IN-ONE” ANALYTICS PLATFORMChapter Goal: SAC enables analytics for multiple business roles in an organization with options for 360 degree dashboards to self service data analysis to planning. This chapter explores these capabilities in detail.SUB TOPICS:Analysis of customer requirementAlignment to specific SAP Analytics Cloud capabilityStep by step process to implement the capabilityCustomer benefits and future directionCHAPTER 5: EXPLOIT “AUGMENTED ANALYTICS” CAPABILITY OF SACChapter Goal: SAC enables self-service with augmented analytics like search to insight and multiple smart features. This chapter explores each of these concepts in detail along with benefits of each feature.SUB TOPICS:Analysis of customer requirementAlignment to specific SAP Analytics Cloud capabilityStep by step process to implement the capabilityCustomer benefits and future directionCHAPTER 6: DEVELOP SAC FOR “ANYTIME AVAILABLE” PLATFORMChapter Goal: One of the advantages of cloud application is the accessibility in addition to the freedom from maintaining costly infrastructure. This chapter explores how SAC is available across time zones and across devices.SUB TOPICS:Analysis of customer requirementAlignment to specific SAP Analytics Cloud capabilityStep by step process to implement the capabilityCustomer benefits and future directionCHAPTER 7: CAPITALIZE ON “PREDICTIVE ANALYTICS” CAPABILITY THROUGH SACChapter Goal: SAC includes built in capabilities to create predictive models and incorporate predictive analytics in data analysis and dashboards. This chapter explores this capability in detail.SUB TOPICS:Analysis of customer requirementAlignment to specific SAP Analytics Cloud capabilityStep by step process to implement the capabilityCustomer benefits and future directionCHAPTER 8: CRAFT SPECIAL BUSINESS REQUIREMENTS ON SAC VIA CUSTOM APPLICATION DESIGNChapter Goal: One of the recently added capability is to build custom applications using a scripting language very similar to JavaScript. This enables developers to create custom apps and make them available for the business. This capability is the focus of this chapterSUB TOPICS:Analysis of customer requirementAlignment to specific SAP Analytics Cloud capabilityStep by step process to implement the capabilityCustomer benefits and future directionCHAPTER 9: DESIGN A SECURE PLATFORM USING SACChapter Goal: Especially with cloud applications, security is always a major concern in terms of data protection and authenticated access. This chapter explores SAC’s security capabilities in terms of data and application access.SUB TOPICS:Analysis of customer requirementAlignment to specific SAP Analytics Cloud capabilityStep by step process to implement the capabilityCustomer benefits and future directionCHAPTER 10: PRODUCT ROAD MAP & FUTURE DIRECTION FOR SACChapter Goal: This chapter explores the future road map of SAC and how SAP’s direction for the toolAppendix AAppendix B
SAP-S/4HANA-Projekte erfolgreich managen
S/4HANA-Projekte haben es in sich! Darum ist es gut, die verschiedenen Projektphasen, Aufgaben und Werkzeuge genau zu kennen. Von der Vorbereitung über die Realisierung bis hin zum Go-Live begleitet Sie das Autorenteam Schritt für Schritt mit seiner Erfahrung. So wissen Sie, wo Fallstricke lauern können – und wie Sie diese einfach überspringen. Beispiele und Tipps aus dem Projektalltag unterstützen Sie dabei, Ihr SAP-Projekt gekonnt ans Ziel zu führen. Aktuell zur Migration auf SAP S/4HANA. Aus dem Inhalt: Discover, Prepare, Explore, Realize, Deploy, RunAnforderungen analysierenAufwände einschätzenProjektrisiken erkennenVon Erfahrungen aus realen Projekten profitierenHilfreiche Tools für das Projektmanagement kennenInternationale Roll-outs planenIhr Projektteam motivierenDen richtigen SAP-Berater findenDokumentationen erstellenTestaktivitäten planenQualitätssicherung durchführenDatenmigration und Go-live organisieren 1. Einleitung ... 15 1.1 ... Über dieses Buch ... 19 1.2 ... Exkurs: SAP-Lösungen - von den Anfängen bis heute ... 26 2. Was ein SAP-S/4HANA-Projekt so anders macht ... 45 2.1 ... Was IT-Projekte von der Unternehmenstransformation mit SAP unterscheidet ... 46 2.2 ... Projekt ist nicht gleich Projekt ... 50 2.3 ... Digitalisierung im Projektmanagement ... 60 2.4 ... Die Entscheidung für Software von SAP ... 70 2.5 ... Der Weg zu SAP S/4HANA ... 80 2.6 ... Fazit ... 104 3. Das SAP-S/4HANA-Projekt: Wie es sein sollte ... 107 3.1 ... Projektmanagementstandards, Methodik und Werkzeuge: ein Überblick ... 109 3.2 ... Das Projektmanagement-Einmaleins: PMI-Projektmanagementmethodik ... 113 3.3 ... Alles perfekt vorbereitet: die idealen Voraussetzungen ... 116 3.4 ... ASAP - die Mutter aller SAP-Methoden ... 119 3.5 ... SAP Launch: die Einführungsmethodik für die SAP-Cloud-Produkte ... 127 3.6 ... SAP Activate: das bessere ASAP ... 129 3.7 ... Tools zur Unterstützung von SAP Activate ... 138 4. Das SAP-S/4HANA-Projekt: Wie es tatsächlich ist ... 147 4.1 ... Phase 1: Discover (oder: Möglichkeiten sondieren) ... 148 4.2 ... Phase 2: Prepare (oder: das Projekt vorbereiten) ... 149 4.3 ... Phase 3: Explore (oder: Geschäftsprozesse abbilden) ... 157 4.4 ... Phase 4: Realize (oder: die Umsetzung) ... 162 4.5 ... Phase 5: Deploy (oder: die Produktivsetzung vorbereiten) ... 169 4.6 ... Phase 6: Run (oder: Go-live und Support) ... 171 4.7 ... Top-Flops im SAP-S/4HANA-Projekt ... 172 5. Der unterschätzte Erfolgsfaktor: der Mensch ... 177 5.1 ... Wer gehört zum Projektteam? ... 179 5.2 ... Die Bedeutung der Projektleitung ... 182 5.3 ... Qualifikation, persönliche Eignung und Verfügbarkeit der Projektmitglieder ... 192 5.4 ... Schlüsselfaktoren für gute Teamarbeit ... 201 5.5 ... Menschlichkeit, Machbarkeit und Motivation ... 207 5.6 ... Kommunikation als Erfolgsfaktor ... 220 5.7 ... Internationale Projektbesetzung - eine besondere Herausforderung ... 230 5.8 ... Auswirkung der Digitalisierung auf das Projektmanagement ... 234 6. Planung, Steuerung und Qualitätssicherung ... 239 6.1 ... Helfer in allen Lebenslagen: das Project Management Office ... 239 6.2 ... Projektplanung ... 243 6.3 ... Projektsteuerung ... 253 6.4 ... Qualitätssicherung ... 268 6.5 ... Planung, Steuerung und Qualitätssicherung in SAP-S/4HANA-Projekten ... 277 7. Beispiele aus realen SAP-S/4HANA-Projekten ... 289 7.1 ... Vorbereitung eines SAP-S/4HANA-Implementierungsprojekts ... 289 7.2 ... Einführung von SAP S/4HANA bei der ELKB ... 295 7.3 ... »Be liquid« - BITZERs agiler Weg zu SAP S/4HANA ... 310 7.4 ... Projekt zur Ablösung der globalen Beschaffungssysteme (Automobilindustrie) ... 320 7.5 ... Lessons Learned aus einem internationalen SAP-ECC-Projekt ... 330 8. Externe Ressourcen - Fluch und Segen ... 357 8.1 ... Wozu externe Hilfe? ... 358 8.2 ... So finden Sie die Richtigen ... 361 8.3 ... Werkleistungen oder Abrechnung nach Zeit- und Materialaufwand? ... 363 8.4 ... Rollenverteilung zwischen Auftraggeber*in und Berater*in ... 367 8.5 ... Die internen Externen ... 370 8.6 ... Ziele im Projekt ... 371 8.7 ... Projekte mit Offshore- oder Nearshore-Teams ... 373 9. Werkzeuge zur Projektunterstützung ... 381 9.1 ... Werkzeuge für das Projektmanagement ... 381 9.2 ... Werkzeuge für das Geschäftsprozessmanagement ... 392 9.3 ... Werkzeuge für das Testen ... 394 9.4 ... Werkzeuge zur Betriebsunterstützung und zur Softwarelogistik ... 399 9.5 ... Minimized Downtime Services ... 402 9.6 ... SAP S/4HANA Migration Cockpit ... 403 9.7 ... SAP Data Services ... 406 10. 12 Gebote für ein erfolgreiches SAP-Projekt ... 409 A. Glossar ... 413 B. Literaturverzeichnis ... 423 C. Das Autorenteam ... 429 Index ... 431