Security
Hacking Multifactor Authentication
PROTECT YOUR ORGANIZATION FROM SCANDALOUSLY EASY-TO-HACK MFA SECURITY “SOLUTIONS”Multi-Factor Authentication (MFA) is spreading like wildfire across digital environments. However, hundreds of millions of dollars have been stolen from MFA-protected online accounts. How? Most people who use multifactor authentication (MFA) have been told that it is far less hackable than other types of authentication, or even that it is unhackable. You might be shocked to learn that all MFA solutions are actually easy to hack. That’s right: there is no perfectly safe MFA solution. In fact, most can be hacked at least five different ways. Hacking Multifactor Authentication will show you how MFA works behind the scenes and how poorly linked multi-step authentication steps allows MFA to be hacked and compromised.This book covers over two dozen ways that various MFA solutions can be hacked, including the methods (and defenses) common to all MFA solutions. You’ll learn about the various types of MFA solutions, their strengthens and weaknesses, and how to pick the best, most defensible MFA solution for your (or your customers') needs. Finally, this book reveals a simple method for quickly evaluating your existing MFA solutions. If using or developing a secure MFA solution is important to you, you need this book.* Learn how different types of multifactor authentication work behind the scenes* See how easy it is to hack MFA security solutions—no matter how secure they seem* Identify the strengths and weaknesses in your (or your customers’) existing MFA security and how to mitigateAuthor Roger Grimes is an internationally known security expert whose work on hacking MFA has generated significant buzz in the security world. Read this book to learn what decisions and preparations your organization needs to take to prevent losses from MFA hacking.ROGER A. GRIMES is a computer security professional and penetration tester with over three decades of experience. He's an internationally renowned consultant and was the IDG/InfoWorld/CSO magazine weekly columnist for fifteen years. He's a sought-after speaker who has given talks at major security industry events, including RSA, Black Hat, and TechMentor. INTRODUCTION XXVWho This Book is For xxviiWhat is Covered in This Book? xxviiMFA is Good xxxHow to Contact Wiley or the Author xxxiPART I INTRODUCTION 11 LOGON PROBLEMS 3It’s Bad Out There 3The Problem with Passwords 5Password Basics 9Identity 9The Password 10Password Registration 11Password Complexity 11Password Storage 12Password Authentication 13Password Policies 15Passwords Will Be with Us for a While 18Password Problems and Attacks 18Password Guessing 19Password Hash Cracking 23Password Stealing 27Passwords in Plain View 28Just Ask for It 29Password Hacking Defenses 30MFA Riding to the Rescue? 31Summary 322 AUTHENTICATION BASICS 33Authentication Life Cycle 34Identity 35Authentication 46Authorization 54Accounting/Auditing 54Standards 56Laws of Identity 56Authentication Problems in the Real World 57Summary 583 TYPES OF AUTHENTICATION 59Personal Recognition 59Knowledge-Based Authentication 60Passwords 60PINS 62Solving Puzzles 64Password Managers 69Single Sign-Ons and Proxies 71Cryptography 72Encryption 73Public Key Infrastructure 76Hashing 79Hardware Tokens 81One-Time Password Devices 81Physical Connection Devices 83Wireless 87Phone-Based 89Voice Authentication 89Phone Apps 89SMS 92Biometrics 92FIDO 93Federated Identities and APIs 94OAuth 94APIs 96Contextual/Adaptive 96Less Popular Methods 97Voiceover Radio 97Paper-Based 98Summary 994 USABILITY VS SECURITY 101What Does Usability Mean? 101We Don’t Really Want the Best Security 103Security Isn’t Usually Binary 105Too Secure 106Seven-Factor MFA 106Moving ATM Keypad Numbers 108Not as Worried as You Think About Hacking 109Unhackable Fallacy 110Unbreakable Oracle 113DJB 113Unhackable Quantum Cryptography 114We are Reactive Sheep 115Security Theater r 116Security by Obscurity 117MFA Will Cause Slowdowns 117MFA Will Cause Downtime 118No MFA Solution Works Everywhere 118Summary 119PART II HACKING MFA 1215 HACKING MFA IN GENERAL 123MFA Dependency Components 124Enrollment 125User 127Devices/Hardware 127Software 128API 129Authentication Factors 129Authentication Secrets Store 129Cryptography 130Technology 130Transmission/Network Channel 131Namespace 131Supporting Infrastructure 131Relying Party 132Federation/Proxies 132Alternate Authentication Methods/Recovery 132Migrations 133Deprovision 133MFA Component Conclusion 134Main Hacking Methods 134Technical Attacks 134Human Element 135Physical 137Two or More Hacking Methods Used 137“You Didn’t Hack the MFA!” 137How MFA Vulnerabilities are Found 138Threat Modeling 138Code Review 138Fuzz Testing 138Penetration Testing 139Vulnerability Scanning 139Human Testing 139Accidents 140Summary 1406 ACCESS CONTROL TOKEN TRICKS 141Access Token Basics 141Access Control Token General Hacks142Token Reproduction/Guessing 142Token Theft 145Reproducing Token Hack Examples 146Network Session Hijacking Techniques and Examples 149Firesheep 149MitM Attacks 150Access Control Token Attack Defenses 157Generate Random, Unguessable Session IDs 157Use Industry-Accepted Cryptography and Key Sizes 158Developers Should Follow Secure Coding Practices 159Use Secure Transmission Channels 159Include Timeout Protections 159Tie the Token to Specifi c Devices or Sites 159Summary 1617 ENDPOINT ATTACKS 163Endpoint Attack Risks 163General Endpoint Attacks 165Programming Attacks 165Physical Access Attacks 165What Can an Endpoint Attacker Do? 166Specifi c Endpoint Attack Examples 169Bancos Trojans 169Transaction Attacks 171Mobile Attacks 172Compromised MFA Keys 173Endpoint Attack Defenses 174MFA Developer Defenses 174End-User Defenses 177Summary 1798 SMS ATTACKS 181Introduction to SMS 181SS7 184Biggest SMS Weaknesses 186Example SMS Attacks 187SIM Swap Attacks 187SMS Impersonation 191SMS Buffer Overflow 194Cell Phone User Account Hijacking 195Attacks Against the Underlying Supporting Infrastructure 196Other SMS-Based Attacks 196SIM/SMS Attack Method Summary 197NIST Digital Identity Guidelines Warning 198Defenses to SMS-Based MFA Attacks 199Developer Defenses 199User Defenses 201Is RCS Here to Save Mobile Messaging? 202Is SMS-Based MFA Still Better than Passwords? 202Summary 2039 ONE-TIME PASSWORD ATTACKS 205Introduction to OTP 205Seed Value-Based OTPs 208HMAC-Based OTP 209Event-Based OTP 211TOTP 212Example OTP Attacks 217Phishing OTP Codes 217Poor OTP Creation 219OTP Theft, Re-Creation, and Reuse 219Stolen Seed Database 220Defenses to OTP Attacks 222Developer Defenses 222Use Reliable and Trusted and Tested OTP Algorithms 223OTP Setup Code Must Expire 223OTP Result Code Must Expire 223Prevent OTP Replay 224Make Sure Your RNG is NIST-Certified or Quantum 224Increase Security by Requiring Additional Entry Beyond OTP Code 224Stop Brute-Forcing Attacks224Secure Seed Value Database 225User Defenses 225Summary 22610 SUBJECT HIJACK ATTACKS 227Introduction 227Example Attacks 228Active Directory and Smartcards 228Simulated Demo Environment 231Subject Hijack Demo Attack 234The Broader Issue 240Dynamic Access Control Example 240ADFS MFA Bypass 241Defenses to Component Attacks 242Threat Model Dependency Abuse Scenarios 242Secure Critical Dependencies 242Educate About Dependency Abuses 243Prevent One to Many Mappings 244Monitor Critical Dependencies 244Summary 24411 FAKE AUTHENTICATION ATTACKS 245Learning About Fake Authentication Through UAC 245Example Fake Authentication Attacks 251Look-Alike Websites 251Fake Office 365 Logons 252Using an MFA-Incompatible Service or Protocol 253Defenses to Fake Authentication Attacks 254Developer Defenses 254User Defenses 256Summary 25712 SOCIAL ENGINEERING ATTACKS 259Introduction 259Social Engineering Commonalities 261Unauthenticated Communication 261Nonphysical 262Usually Involves Well-Known Brands 263Often Based on Notable Current Events and Interests 264Uses Stressors 264Advanced: Pretexting 265Third-Party Reliances 266Example Social Engineering Attacks on MFA 266Fake Bank Alert 267Crying Babies 267Hacking Building Access Cards 268Defenses to Social Engineering Attacks on MFA 270Developer Defenses to MFA 270User Defenses to Social Engineering Attacks 271Summary 27313 DOWNGRADE/RECOVERY ATTACKS 275Introduction 275Example Downgrade/Recovery Attacks 276Alternate Email Address Recovery 276Abusing Master Codes 280Guessing Personal-Knowledge Questions 281Defenses to Downgrade/Recovery Attacks 287Developer Defenses to Downgrade/Recovery Attacks 287User Defenses to Downgrade/Recovery Attacks 292Summary 29414 BRUTE-FORCE ATTACKS 295Introduction 295Birthday Attack Method 296Brute-Force Attack Methods 297Example of Brute-Force Attacks 298OTP Bypass Brute-Force Test 298Instagram MFA Brute-Force 299Slack MFA Brute-Force Bypass 299UAA MFA Brute-Force Bug 300Grab Android MFA Brute-Force 300Unlimited Biometric Brute-Forcing 300Defenses Against Brute-Force Attacks 301Developer Defenses Against Brute-Force Attacks 301User Defenses Against Brute-Force Attacks 305Summary 30615 BUGGY SOFTWARE 307Introduction 307Common Types of Vulnerabilities 308Vulnerability Outcomes 316Examples of Vulnerability Attacks 317Uber MFA Vulnerability 317Google Authenticator Vulnerability 318YubiKey Vulnerability 318Multiple RSA Vulnerabilities 318SafeNet Vulnerability 319Login gov 319ROCA Vulnerability 320Defenses to Vulnerability Attacks 321Developer Defenses Against Vulnerability Attacks 321User Defenses Against Vulnerability Attacks 322Summary 32316 ATTACKS AGAINST BIOMETRICS 325Introduction 325Biometrics 326Common Biometric Authentication Factors 327How Biometrics Work 337Problems with Biometric Authentication 339High False Error Rates 340Privacy Issues 344Disease Transmission 345Example Biometric Attacks 345Fingerprint Attacks345Hand Vein Attack 348Eye Biometric Spoof Attacks 348Facial Recognition Attacks 349Defenses Against Biometric Attacks 352Developer Defenses Against Biometric Attacks 352User/Admin Defenses Against Biometric Attacks 354Summary 35517 PHYSICAL ATTACKS 357Introduction 357Types of Physical Attacks 357Example Physical Attacks 362Smartcard Side-Channel Attack 362Electron Microscope Attack 364Cold-Boot Attacks 365Snooping On RFID-Enabled Credit Cards 367EMV Credit Card Tricks 370Defenses Against Physical Attacks 370Developer Defenses Against Physical Attacks 371User Defenses Against Physical Attacks 372Summary 37518 DNS HIJACKING 377Introduction 377DNS 378DNS Record Types 382Common DNS Hacks 382Example Namespace Hijacking Attacks 388DNS Hijacking Attacks 388MX Record Hijacks 388Dangling CDN Hijack 389Registrar Takeover 390DNS Character Set Tricks 390ASN 1 Tricks 392BGP Hijacks 392Defenses Against Namespace Hijacking Attacks 393Developer Defenses 394User Defenses 395Summary 39719 API ABUSES 399Introduction 399Common Authentication Standards and Protocols Involving APIs 402Other Common API Standards and Components 411Examples of API Abuse 414Compromised API Keys 414Bypassing PayPal 2FA Using an API 415AuthO MFA Bypass 416Authy API Format Injection 417Duo API As-Designed MFA Bypass 417Microsoft OAuth Attack 419Sign In with Apple MFA Bypass 419Token TOTP BLOB Future Attack 420Defenses Against API Abuses 420Developer Defenses Against API Abuses 420User Defenses Against API Abuses 422Summary 42320 MISCELLANEOUS MFA HACKS 425Amazon Mystery Device MFA Bypass 425Obtaining Old Phone Numbers 426Auto-Logon MFA Bypass 427Password Reset MFA Bypass 427Hidden Cameras 427Keyboard Acoustic Eavesdropping 428Password Hints 428HP MFA DoS 429Trojan TOTP 429Hackers Turn MFA to Defeat You 430Summary 43021 TEST: CAN YOU SPOT THE VULNERABILITIES? 431Threat Modeling MFA Solutions 431Document and Diagram the Components 432Brainstorm Potential Attacks 432Estimate Risk and Potential Losses 434Create and Test Mitigations 436Do Security Reviews 436Introducing the Bloomberg MFA Device 436Bloomberg, L P and the Bloomberg Terminal 437New User B-Unit Registration and Use 438Threat-Modeling the Bloomberg MFA Device 439Threat-Modeling the B-Unit in a General Example 440Specific Possible Attacks 441Multi-Factor Authentication Security Assessment Tool 450Summary 451PART III LOOKING FORWARD 45322 DESIGNING A SECURE SOLUTION 455Introduction 455Exercise: Secure Remote Online Electronic Voting 457Use Case Scenario 457Threat Modeling 458SDL Design 460Physical Design and Defenses 461Cryptography 462Provisioning/Registration 463Authentication and Operations 464Verifiable/Auditable Vote 466Communications 467Backend Blockchain Ledger 467Migration and Deprovisioning 470API 470Operational Training 470Security Awareness Training 470Miscellaneous 471Summary 47123 SELECTING THE RIGHT MFA SOLUTION 473Introduction 473The Process for Selecting the Right MFA Solution 476Create a Project Team 477Create a Project Plan 478Educate 479Determine What Needs to Be Protected 479Choose Required and Desired Features 480Research/Select Vendor Solutions 488Conduct a Pilot Project 490Select a Winner 491Deploy to Production 491Summary 49124 THE FUTURE OF AUTHENTICATION 493Cyber Crime is Here to Stay 493Future Attacks 494Increasing Sophisticated Automation 495Increased Nation-State Attacks 496Cloud-Based Threats 497Automated Attacks Against MFA 497What is Likely Staying 498Passwords 498Proactive Alerts 498Preregistration of Sites and Devices 499Phones as MFA Devices 500Wireless 501Changing/Morphing Standards 501The Future 501Zero Trust 502Continuous, Adaptive, Risk-Based 503Quantum-Resistant Cryptography 506Interesting Newer Authentication Ideas 506Summary 50725 TAKEAWAY LESSONS 509Broader Lessons 509MFA Works 509MFA is Not Unhackable 510Education is Key 510Security Isn’t Everything 511Every MFA Solution Has Trade-Offs 511Authentication Does Not Exist in a Vacuum 512There is No Single Best MFA Solution for Everyone 515There are Better MFA Solutions 515MFA Defensive Recap 516Developer Defense Summary 516User Defense Summary 518Appendix: List of MFA Vendors 521Index 527
Getting Started with Oracle Cloud Free Tier
Use this comprehensive guide to get started with the Oracle Cloud Free Tier. Reading this book and creating your own application in the Free Tier is an excellent way to build familiarity with, and expertise in, Oracle Cloud Infrastructure. Even better is that the Free Tier by itself is capable enough and provides all the ingredients needed for you to create secure and robust, multi-tiered web applications of modest size.Examples in this book introduce the broad suite of Always Free options that are available from Oracle Cloud Infrastructure. You will learn how to provision autonomous databases and autonomous Linux compute nodes. And you will see how to use Terraform to manage infrastructure as code. You also will learn about the virtual cloud network and application deployment, including how to create and deploy public-facing Oracle Application Express solutions and three-tier web applications on a foundation of Oracle REST Data Services. The book also includes a brief introduction to using and managing access to Oracle Machine Learning Notebooks.Cloud computing is a strong industry trend. Mastering the content in this book leaves you well-positioned to make the transition into providing and supporting cloud-based applications and databases. You will have the knowledge and skills that you need to deploy modest applications along with a growing understanding of Oracle’s Cloud platform that will serve you well as you go beyond the limits of the Always Free options and take full advantage of all that Oracle Cloud Infrastructure can offer.WHAT YOU WILL LEARN* Know which resources are available for free forever from Oracle Cloud Infrastructure* Provision your virtual cloud network* Host, manage, and monitor web applications using the freely available components* Provision and manage Autonomous Databases and Autonomous Linux Compute Nodes* Use and manage access to Oracle Machine Learning Notebooks* Automate and manage your infrastructure as code using Terraform* Monitor and manage costs when you grow beyond the Always Free platformWHO THIS BOOK IS FORDatabase administrators and application developers who want to learn about Oracle’s cloud offerings, application developers seeking a robust platform on which to build and deploy modest applications at zero cost, and developers and administrators interested in exploring Oracle Application Express running on a self-managing, self-tuning Oracle DatabaseADRIAN PNG is Senior Consultant at Insum Solutions. He has over two decades of experience in designing and implementing software solutions using a wide variety of programming languages. Adrian has a deep passion for Oracle Application Express and has helped many organizations succeed in developing robust data management practices. As a full-stack developer, he also does double-duty as a database and cloud administrator. “Design for the user” is his motto, and he continually seeks to optimize processes and adopt new strategies and technologies to improve how data is captured, integrated, and used effectively.LUC DEMANCHE is an Oracle DBA with 20 years of experience. His high-level expertise recently earned him the distinctions of Oracle Cloud Infrastructure 2018 Certified Architect, Oracle Autonomous Database Cloud 2019 Specialist, and Oracle Certified Professional 12c. His passion for the discipline has also led him to share his knowledge through a 2016 IOUG-published book titled Oracle Application Express Administration, which he co-authored with his colleague Francis Mignault, CTO at Insum. Luc specializes in Oracle databases from 7.3 to 19c and is particularly knowledgeable about the numerous Oracle tools used on his projects. He is heavily involved in building the Oracle Cloud team at Insum and has several successfully completed cloud projects to his credit.IntroductionPART I. GETTING STARTED1. Create an Account2. Identity and Access ManagementPART II. INFRASTRUCTURE AND OPERATIONS3. Basic Networking4. Compute Instances5. Storage6. Oracle Autonomous Linux7. Autonomous Databases8. Load Balancers9. Notifications and MonitoringPART III. APPLICATIONS10. SQL Developer Web11. Oracle Application Express12. Oracle REST Data Services13. Deploy Multitiered Web Applications14. Oracle Machine Learning NotebooksPART IV. NEXT STEPS15. Infrastructure as Code16. Account Management
Data Teams
Learn how to run successful big data projects, how to resource your teams, and how the teams should work with each other to be cost effective. This book introduces the three teams necessary for successful projects, and what each team does.Most organizations fail with big data projects and the failure is almost always blamed on the technologies used. To be successful, organizations need to focus on both technology and management.Making use of data is a team sport. It takes different kinds of people with different skill sets all working together to get things done. In all but the smallest projects, people should be organized into multiple teams to reduce project failure and underperformance.This book focuses on management. A few years ago, there was little to nothing written or talked about on the management of big data projects or teams. DATA TEAMS shows why management failures are at the root of so many project failures and how to proactively prevent such failures with your project.WHAT YOU WILL LEARN* Discover the three teams that you will need to be successful with big data* Understand what a data scientist is and what a data science team does* Understand what a data engineer is and what a data engineering team does* Understand what an operations engineer is and what an operations team does* Know how the teams and titles differ and why you need all three teams* Recognize the role that the business plays in working with data teams and how the rest of the organization contributes to successful data projectsWHO THIS BOOK IS FORManagement, at all levels, including those who possess some technical ability and are about to embark on a big data project or have already started a big data project. It will be especially helpful for those who have projects which may be stuck and they do not know why, or who attended a conference or read about big data and are beginning their due diligence on what it will take to put a project in place.This book is also pertinent for leads or technical architects who are: on a team tasked by the business to figure out what it will take to start a project, in a project that is stuck, or need to determine whether there are non-technical problems affecting their project.JESSE ANDERSON serves in three roles at Big Data Institute: data engineer, creative engineer, and managing director. He works on big data with companies ranging from startups to Fortune 100 companies. His work includes training on cutting-edge technologies such as Apache's Kafka, Hadoop, and Spark. He has taught over 30,000 people the skills needed to become data engineers.Jesse is widely regarded as an expert in the field and for his novel teaching practices. He has published for O’Reilly and Pragmatic Programmers. He has been covered in prestigious publications such as: The Wall Street Journal, CNN, BBC, NPR, Engadget, and Wired. He has spent the past 6+ years observing, mentoring, and working with data teams. He has condensed this knowledge of why teams succeed or fail into this book.
Big Public Data aus dem Programmable Web
Die Verbreitung des Internets und die zunehmende Digitalisierung in der öffentlichen Verwaltung und Politik haben über die letzten Jahre zu einer starken Zunahme an hochdetaillierten digitalen Datenbeständen über politische Akteure und Prozesse geführt. Diese big public data werden oft über programmatische Schnittstellen (Web APIs; programmable Web) verbreitet, um die Einbettung der Daten in anderen Webanwendungen zu vereinfachen. Die Analyse dieser Daten für wissenschaftliche Zwecke in der politischen Ökonomie und Politologie ist vielversprechend, setzt jedoch die Implementierung einer data pipeline zur Beschaffung und Aufbereitung von Daten aus dem programmable Web voraus. Dieses Buch diskutiert die Chancen und Herausforderungen der praktischen Nutzung dieser Datenbestände für die empirische Forschung und zeigt anhand einer Fallstudie ein mögliches Vorgehen zur systematischen Analyse von big public data aus dem programmable Web auf.ULRICH MATTER ist Assistenzprofessor für Volkswirtschaftslehre an der Universität St. Gallen.Einleitung.- Chancen: Datengenerierung und Datenqualität.- Herausforderungen: Webtechnologien und Variabilität der Daten.- Konzeptioneller Lösungsansatz: Data pipelines.- Fallstudie: Religion in der US Politik.- Replizierbarkeit und Verifizierbarkeit der Datensammlung.- Diskussion und Ausblick
Private Cloud und Home Server mit Synology NAS
Musik, Fotos, Videos und Dokumente zentral speichern und mit anderen teilenBenutzer verwalten, Backups erstellen und Daten vor unerlaubten Zugriffen schützenFortgeschrittene Themen wie Konfiguration von Firewall und VPN, Einrichtung eines Webservers und Einsatz von NextcloudZahlreiche Schritt-für-Schritt-Anleitungen und Praxis-Tipps Mit diesem Buch lernen Sie umfassend alles, was Sie brauchen, um Ihr Synology NAS an Ihre persönlichen Bedürfnisse anzupassen und das Potenzial Ihres Geräts voll auszuschöpfen. Dabei gibt der Autor Ihnen zahlreiche praktische Tipps an die Hand. So können Sie all Ihre Dateien wie Musik, Videos und Fotos zentral sichern und effektiv verwalten. Andreas Hofmann stellt die verschiedenen NAS-Modelle vor, so dass Sie wissen, welches für Sie am besten geeignet ist. In leicht nachvollziehbaren Schritten erläutert er detailliert, wie Sie Ihr NAS in Betrieb nehmen und mit dem DiskStation Manager (DSM) konfigurieren. Anhand einfacher Schritt-für-Schritt-Anleitungen zeigt er Ihnen, wie Sie Ihr NAS als Private Cloud und Home Server optimal einrichten: Dateien sichern, verwalten und mit anderen teilen, Benutzer verwalten, Fernzugriff einrichten, automatische Backups erstellen sowie Office-Dokumente und Multimedia-Dateien freigeben und mit dem SmartTV und anderen Geräten wiedergeben. Für alle, die noch tiefer in die Welt von Synology NAS eintauchen möchten, geht der Autor auf weiterführende Themen wie Datensicherheit und die Überwachung und Optimierung des Betriebs ein und zeigt Ihnen die Konfiguration abseits der grafischen Benutzeroberfläche für die Einrichtung eines eigenen Webservers und der beliebten Cloud-Lösung Nextcloud. Aus dem Inhalt: Kaufberatung und InbetriebnahmeDiskStation Manager (DSM) im DetailDateien zentral verwalten mit der File StationRAID-Konfiguration und automatische BackupsDateifreigabe und Fernzugriff via App, FTP u.v.m.Datensicherheit, Virenschutz und FirewallFotos organisieren und teilen mit der Photo StationMusik zentral verwalten mit der Audio StationFilme katalogisieren und streamen mit der Video StationOffice-Dokumente, Kalender, Adressbuch und Notizen verwaltenE-Mail-Server einrichtenZentrales Download-ManagementVideoüberwachung mit der Surveillance StationZugriff per KommandozeileWebserver, Datenbanken, Wordpress und MediaWikiNextcloudSpeicher erweitern und NAS migrieren blog.viking-studios.net
The Read Aloud Cloud
WHAT IS “THE CLOUD”? IS IT HERE OR THERE? SHOULD IT BE ALLOWED? SHOULD I EVEN CARE?Have you ever imagined the internet as a giant Rube Goldberg machine? Or the fast-evolving cloud computing space as a literal jungle filled with prehistoric beasts? Does a data breach look like a neo-noir nightmare full of turned-up coat collars and rain-soaked alleys? Wouldn’t all these vital concepts be easier to understand if they looked as interesting as they are? And wouldn’t they be more memorable if we could explain them in rhyme? Whether you’re a kid or an adult, the answer is: YES!The medicine in this spoonful of sugar is a sneaky-informative tour through the past, present and future of cloud computing, from mainframes to serverless and from the Internet of Things to artificial intelligence. Forrest is a professional explainer whose highly-rated conference talks and viral cartoon graphics have been teaching engineers to cloud for years. He knows that a picture is worth a thousand words. But he has plenty of words, too.Your hotel key, your boarding pass,The card you swipe to pay for gas,The smart TV atop the bar,The entertainment in your car,Your doorbell, toothbrush, thermostat,The vacuum that attacked your cat,They all connect the cloud and you.Maybe they shouldn't, but they do.As a graduation gift (call it “Oh the Places You’ll Go” for engineering students), a cubicle conversation starter, or just a delightfully nerdy bedtime story for your kids, “The Read-Aloud Cloud” will be the definitive introduction to the technologies that everyone uses and nobody understands. You can even read it silently if you want. But good luck with that.FORREST BRAZEAL has worked in the tech industry for more than a decade. He's installed software updates during a live cataract surgery and designed robots that perform machine learning on pizza, all while keeping his trademark sense of humor. In 2015, he began drawing a weekly webcomic about his life in the cloud which now reaches more than one hundred thousand regular readers. Forrest regularly interviews the biggest names in cloud computing through his "Think FaaS" podcast and his "Serverless Superheroes" blog series. An original AWS Serverless Hero, Forrest speaks regularly on business and technology at conferences, universities, and private events around the world. CHAPTER 1: WHAT IS THE CLOUDVisual language: minimalist. Cartoon characters on white background. Images are goofy and memorable, such as a Roomba chasing a cat Content: Covers the ubiquity of the cloud in real life (connected/smart home devices, online services, etc) and sets the tone for why we should care that a book is dedicated to this topic. Asks the big questions that will be answered throughout the text: What is the cloud? How does it work? Why should I care? Now that I know that, what should I do?CHAPTER 2: EVOLUTION OF THE CLOUD (A PREHISTORY)Visual language: This section will take place in a prehistoric jungle. Tangled vines, volcanoes, dinosaurs, etc. Content: Covers the background of computing, from mainframes through the client/server era up to virtualizationCHAPTER 3: THE INTERNET: A SERIES OF TUBESVisual language: A steampunk mad scientist’s laboratory, with lots of Rube Goldberg-esque tubes and gears Content: Covers the basics of how data gets from you to the cloud and back again, including remote servers, DNS, IP, etc.CHAPTER 4: CLOUD ARCHITECTUREVisual language: A construction job site. Bricks and mortar. Think Bob the Builder Content: Covers the core building blocks of cloud architecture. Cloud storage, databases, compute. High availability, scalability, and elasticity. Explains why these things are desirable and, in some cases, revolutionary.CHAPTER 5: CLOUD SECURITYVisual language: Noir (black and white, heavy shadows, stark silhouettes) Content: Covers some of the key risks associated with placing your data in the cloud, both personally and professionally. Uses a fictionalized breach to illustrate what can go wrongCHAPTER 6: THE INTERNET OF THINGSVisual language: Cubist, non-representational Content: Explains the Internet of Things, including why a smart device isn’t always better (lower security, risk of it not being supported)CHAPTER 7: ARTIFICIAL INTELLIGENCEVisual language: Used future. Think Blade Runner or Terminator. Red-eyed robots, smog, and neon Content: Covers some basics of how the cloud accelerates AI and machine learning through the centralization of data. Gives examples of when that’s good and when it can be bad (for example, reinforcing conscious or unconscious biases)CHAPTER 8: WHAT NOW?Visual language: Minimalist (same as the opening section; ties everything together) Content: Looks ahead to the future of the cloud, particularly increasing levels of abstraction like serverless, voice programming, and automation. Strikes a hopeful tone and finishes by encouraging the reader to go out and build a better cloud.
Android Apps Security
Gain the information you need to design secure, useful, high-performing apps that expose end-users to as little risk as possible. This book shows you how to best design and develop Android apps with security in mind: explore concepts that you can use to secure apps and how you can use and incorporate these security features into your apps.WHAT YOU WILL LEARN* Identify data that should be secured* Use the Android APIs to ensure confidentiality and integrity of data* Build secure apps for the enterprise* Implement Public Key Infrastructure and encryption APIs in apps* Master owners, access control lists, and permissions to allow user control over app properties* Manage authentication, transport layer encryption, and server-side securityWHO THIS BOOK IS FORExperienced Android app developers.Sheran Gunasekera is a security researcher and software developer with more than 13 years of information security experience. He is director of research and development for ZenConsult Pte. Ltd., where he oversees security research in both the personal computer and mobile device platforms. Sheran has been very active in BlackBerry and mobile Java security research and was the author of the whitepaper that revealed the inner workings of the first corporate-sanctioned malware application deployed to its subscribers by the UAE telecommunications operator Etisalat. He has spoken at many security conferences in the Middle East, Europe and Asia Pacific regions and also provides training on malware analysis for mobile devices and secure software development for both web and mobile devices. He also writes articles and publishes research on his security-related blog.1. Introduction.- 2. Recap of Secure Development Principles.- 3. Changes in Security Architecture.- 4. Security when Building Apps to Scale.- 5. Testing the Security of Your App (this covers pentesting and bug bounties).- 6. The Toolbag.- 7. Rooting an Android phone. 8. Looking at your App's Data through a Root shell.- Bypassing SSL Pinning (the holy grail of hacking apps).- 10. Reverse Engineering Android Apps.- 11. Incident Response.
Practical Smart Device Design and Construction
With the rapid development of the Internet of Things, a gap has emerged in skills versus knowledge in an industry typically segmented into hardware versus software. Practitioners are now expected to possess capabilities across the spectrum of hardware and software skills to create these smart devices.This book explores these skill sets in an instructive way, beginning at the foundations of what makes “smart” technology smart, addressing the basics of hardware and hardware design, software, user experiences, and culminating in the considerations and means of building a fully formed smart device, capable of being used in a commercial capacity, versus a DIY project.Practical Smart Device Design and Construction includes a set of starter projects designed to encourage the novice to build and learn from doing. Each project also includes a summary guiding you where to go next, and how to tie the practical, hands-on experience together with what they have learned to take the next step on their own.WHAT YOU'LL LEARN* Practical smart device design and construction considerations such as size, power consumption, wiring needs, analog vs digital, and sensor types and uses* Methods and tools for creating their own designs such as circuit board designs; and wiring and prototyping tools* Hands-on guidance through their own prototype projects and building it alongside the projects in this book* Software considerations for speed versus ease, security, and basics of programming and data analytics for smart devicesWHO THIS BOOK IS FORThose with some technical skills, or at least a familiarity with technical topics, who are looking for the means and skills to start experimenting with combined hardware and software projects in order to gain familiarity and comfort with the smart device space. Chris Harrold is a 25 year veteran of IT, starting from help-desk and tech support through to leading technology organizations and departments. Throughout that career he has been privileged to witness one of the most exciting times in technology as the rapid pace of innovation and growth has driven technology from the realm of the corporation into the hands of the consumer. This has also spawned a rise in the creation of smart devices – devices that extend our own abilities and reach through the application of technology.As a maker and creator, this ability to build things that can do tasks is innately exciting to Chris, and so he has stayed close to the smart device space, and has learned and built numerous things in that time. It is that process of building my skills in hardware, engineering, and product design that prompted Chris to write this book. While there is no way to convey a career of learning and study in a single book, his aim in writing this is to help others like Chris get started in the smart device space, by giving them the basic background, context, tools, and guidance to build on as they take their own projects to the next level.PRACTICAL SMART DEVICE DESIGN AND CONSTRUCTIONPART 1: SMARTChapter 1: A Brief History of Smart ThingsChapter 2: The DYI Smart EraChapter 3: Beyond the HypePART 2: SMART HARDWAREChapter 4: EE for the total n00bChapter 5: Advanced Circuit ComponentsChapter 6: Circuit Building LabPART 3: SMART SOFTWAREChapter 7: Touch, Taste, See, Hear, SmellChapter 8: The Small ComputerChapter 9: Smart Device Building LabPART 4: PERFORMANCEChapter 10: Your First Circuit BoardChapter 11: Your first good PCB
SAP S/4HANA
»Schnell« und »einfach« soll sie sein, die neue SAP Business Suite 4 SAP HANA. In unserem Bestseller erfahren Sie, was Sie erwartet: Ulf Koglin erläutert Funktionen, Nutzen und Technologie des zukünftigen SAP-Standardsystems. Informieren Sie sich, ob die Cloud- oder On-Premise-Lösung besser zu Ihren Anforderungen passt und welche Optionen Ihnen bei der Implementierung zur Verfügung stehen. Als Entscheider, Berater oder einfach Interessierter finden Sie Antworten auf Ihre Fragen rund um SAP S/4HANA. Aus dem Inhalt: Digitale Transformation, KI und RoboticPrinciple of OneDie Datenbank SAP HANAEigenentwicklungen für SAP S/4HANA SAP Fiori und die UX-StrategieDeployment in der Cloud oder On-PremiseSimplification ListGreenfield, Brownfield, BluefieldSAP Cloud PlatformAnalysewerkzeuge, z.B. SAP Analytics CloudGeschäftspartnerkonzept (Business Partner) Einleitung ... 13 1. Konzepte von SAP S/4HANA ... 21 1.1 ... Digitale Transformation und intelligentes Unternehmen ... 23 1.2 ... Anforderungen an moderne IT-Systeme ... 31 1.3 ... Lösungsansätze in und mit SAP S/4HANA ... 42 1.4 ... Zusammenfassung ... 57 2. SAP S/4HANA - die technische Konzeption ... 59 2.1 ... Die SAP HANA Platform ... 60 2.2 ... Entwicklung unter SAP S/4HANA ... 70 2.3 ... Analysewerkzeuge von SAP HANA ... 90 2.4 ... SAP Fiori ... 99 2.5 ... SAP Cloud Platform ... 108 2.6 ... Künstliche Intelligenz ... 128 2.7 ... Zusammenfassung ... 137 3. Prinzipien des Redesigns ... 139 3.1 ... Das Principle of One ... 140 3.2 ... Wie wirkt sich das Redesign auf die Systemarchitektur aus? ... 142 3.3 ... Welche Auswirkungen gibt es auf die Funktionen? ... 149 3.4 ... Kontinuität beim Datenzugriff mit Compatibility Views ... 153 3.5 ... Was bewirkt die neue User-Interface-Strategie? ... 155 3.6 ... Die Simplification List als Hilfswerkzeug ... 161 3.7 ... Zusammenfassung ... 165 4. SAP S/4HANA Finance ... 167 4.1 ... Konzeptionelle Änderungen ... 168 4.2 ... Neue Funktionen in SAP S/4HANA Finance ... 179 4.3 ... Geänderte Funktionen in SAP S/4HANA Finance ... 191 4.4 ... Central Finance ... 202 4.5 ... Fiori-Apps und das Rollenkonzept ... 206 4.6 ... Zusammenfassung ... 212 5. SAP S/4HANA in der Logistik ... 215 5.1 ... Änderungen in der Architektur ... 216 5.2 ... Funktionale Neuerungen für die Logistik ... 227 5.3 ... Neue Konzepte in der Logistik ... 237 5.4 ... Zusammenfassung ... 261 6. Umstellungsszenarien und prototypischer Ablauf einer Migration ... 263 6.1 ... Feststellen der Ausgangssituation und des Migrationsweges ... 264 6.2 ... Prüfen der Systemvoraussetzungen ... 273 6.3 ... Vorbereiten des Systems auf SAP HANA ... 274 6.4 ... Durchführung der Migration und unterstützende Werkzeuge ... 278 6.5 ... Konfiguration der Benutzeroberfläche ... 286 6.6 ... Zusammenfassung ... 294 7. Praxisbeispiele: Einführung von SAP S/4HANA ... 299 7.1 ... SAP-S/4HANA-Neuimplementierung mit einer Masterlösung am Beispiel des Bistums Limburg ... 300 7.2 ... Systemkonsolidierung am Beispiel der ELKB ... 311 7.3 ... Beispielvorgehen für eine Konvertierungsprojekt ... 320 7.4 ... Projektbeispiele für den SAP-Fiori-Einsatz ... 388 7.5 ... Zusammenfassung ... 405 8. Erfolgsfaktoren für die Umstellung auf SAP S/4HANA ... 409 8.1 ... Vorprojekte für die SAP-S/4HANA-Umstellung ... 410 8.2 ... Entwicklung eines »Umstellungsfahrplans« als notwendiger Erfolgsfaktor ... 413 8.3 ... Welche Erfolgsfaktoren wirken in den Phasen? ... 424 8.4 ... Ausgewählte Werkzeuge für die Unterstützung der Umstellung ... 449 8.5 ... Zusammenfassung ... 465 Ausblick ... 469 Die Autoren ... 475 Index ... 479
Hands on Hacking
A FAST, HANDS-ON INTRODUCTION TO OFFENSIVE HACKING TECHNIQUESHands-On Hacking teaches readers to see through the eyes of their adversary and apply hacking techniques to better understand real-world risks to computer networks and data. Readers will benefit from the author's years of experience in the field hacking into computer networks and ultimately training others in the art of cyber-attacks. This book holds no punches and explains the tools, tactics and procedures used by ethical hackers and criminal crackers alike.We will take you on a journey through a hacker’s perspective when focused on the computer infrastructure of a target company, exploring how to access the servers and data. Once the information gathering stage is complete, you’ll look for flaws and their known exploits—including tools developed by real-world government financed state-actors.* An introduction to the same hacking techniques that malicious hackers will use against an organization* Written by infosec experts with proven history of publishing vulnerabilities and highlighting security flaws* Based on the tried and tested material used to train hackers all over the world in the art of breaching networks* Covers the fundamental basics of how computer networks are inherently vulnerable to attack, teaching the student how to apply hacking skills to uncover vulnerabilitiesWe cover topics of breaching a company from the external network perimeter, hacking internal enterprise systems and web application vulnerabilities. Delving into the basics of exploitation with real-world practical examples, you won't find any hypothetical academic only attacks here. From start to finish this book will take the student through the steps necessary to breach an organization to improve its security.Written by world-renowned cybersecurity experts and educators, Hands-On Hacking teaches entry-level professionals seeking to learn ethical hacking techniques. If you are looking to understand penetration testing and ethical hacking, this book takes you from basic methods to advanced techniques in a structured learning format.MATTHEW HICKEY is an expert in offensive security testing, discovering vulnerabilities used by malicious attackers, as well as a developer of exploits and security testing tools. He is a co-founder of Hacker House. JENNIFER ARCURI is an entrepreneur, public speaker and Certified Ethical Hacker. She is the CEO and founder of Hacker House. Foreword xviiiIntroduction xxCHAPTER 1 HACKING A BUSINESS CASE 1All Computers are Broken 2The Stakes 4What’s Stolen and Why It’s Valuable 4The Internet of Vulnerable Things 4Blue, Red, and Purple Teams 5Blue Teams 5Red Teams 5Purple Teams 7Hacking is Part of Your Company’s Immune System 9Summary 11Notes 12CHAPTER 2 HACKING ETHICALLY AND LEGALLY 13Laws That Affect Your Work 14Criminal Hacking 15Hacking Neighborly 15Legally Gray 16Penetration Testing Methodologies 17Authorization 18Responsible Disclosure 19Bug Bounty Programs 20Legal Advice and Support 21Hacker House Code of Conduct 22Summary 22CHAPTER 3 BUILDING YOUR HACK BOX 23Hardware for Hacking 24Linux or BSD? 26Host Operating Systems 27Gentoo Linux 27Arch Linux 28Debian 28Ubuntu 28Kali Linux 29Verifying Downloads 29Disk Encryption 31Essential Software 33Firewall 34Password Manager 35Email 36Setting Up VirtualBox 36Virtualization Settings 37Downloading and Installing VirtualBox 37Host-Only Networking 37Creating a Kali Linux VM 40Creating a Virtual Hard Disk 42Inserting a Virtual CD 43Virtual Network Adapters 44Labs 48Guest Additions 51Testing Your Virtual Environment 52Creating Vulnerable Servers 53Summary 54CHAPTER 4 OPEN SOURCE INTELLIGENCE GATHERING 55Does Your Client Need an OSINT Review? 56What are You Looking For? 57Where Do You Find It? 58OSINT Tools 59Grabbing Email Addresses from Google 59Google Dorking the Shadows 62A Brief Introduction to Passwd and Shadow Files 62The Google Hacking Database 65Have You Been “Pwned” Yet? 66OSINT Framework Recon-ng 67Recon-ng Under the Hood 74Harvesting the Web 75Document Metadata 76Maltego 80Social Media Networks 81Shodan 83Protecting Against OSINT 85Summary 86CHAPTER 5 THE DOMAIN NAME SYSTEM 87The Implications of Hacking DNS 87A Brief History of DNS 88The DNS Hierarchy 88A Basic DNS Query 89Authority and Zones 92DNS Resource Records 92BIND9 95DNS Hacking Toolkit 98Finding Hosts 98WHOIS 98Brute-Forcing Hosts with Recon-ng 100Host 101Finding the SOA with Dig 102Hacking a Virtual Name Server 103Port Scanning with Nmap 104Digging for Information 106Specifying Resource Records 108Information Leak CHAOS 111Zone Transfer Requests 113Information-Gathering Tools 114Fierce 115Dnsrecon 116Dnsenum 116Searching for Vulnerabilities and Exploits 118Searchsploit 118Other Sources 119DNS Traffic Amplification 120Metasploit 121Carrying Out a Denial-of-Service Attack 125DoS Attacks with Metasploit 126DNS Spoofi ng 128DNS Cache Poisoning 129DNS Cache Snooping 131DNSSEC 131Fuzzing 132Summary 134CHAPTER 6 ELECTRONIC MAIL 135The Email Chain 135Message Headers 137Delivery Status Notifications 138The Simple Mail Transfer Protocol 141Sender Policy Framework 143Scanning a Mail Server 145Complete Nmap Scan Results (TCP) 149Probing the SMTP Service 152Open Relays 153The Post Office Protocol 155The Internet Message Access Protocol 157Mail Software 158Exim 159Sendmail 159Cyrus 160PHP Mail 160Webmail 161User Enumeration via Finger 162Brute-Forcing the Post Office 167The Nmap Scripting Engine 169CVE-2014-0160: The Heartbleed Bug 172Exploiting CVE-2010-4345 180Got Root? 183Upgrading Your Shell 184Exploiting CVE-2017-7692 185Summary 188CHAPTER 7 THE WORLD WIDE WEB OF VULNERABILITIES 191The World Wide Web 192The Hypertext Transfer Protocol 193HTTP Methods and Verbs 195HTTP Response Codes 196Stateless 198Cookies 198Uniform Resource Identifiers 200LAMP: Linux, Apache, MySQL, and PHP 201Web Server: Apache 202Database: MySQL 203Server-Side Scripting: PHP 203Nginx 205Microsoft IIS 205Creepy Crawlers and Spiders 206The Web Server Hacker’s Toolkit 206Port Scanning a Web Server 207Manual HTTP Requests 210Web Vulnerability Scanning 212Guessing Hidden Web Content 216Nmap 217Directory Busting 218Directory Traversal Vulnerabilities 219Uploading Files 220WebDAV 220Web Shell with Weevely 222HTTP Authentication 223Common Gateway Interface 225Shellshock 226Exploiting Shellshock Using Metasploit 227Exploiting Shellshock with cURL and Netcat 228SSL, TLS, and Heartbleed 232Web Administration Interfaces 238Apache Tomcat 238Webmin 240phpMyAdmin 241Web Proxies 242Proxychains 243Privilege Escalation 245Privilege Escalation Using DirtyCOW 246Summary 249CHAPTER 8 VIRTUAL PRIVATE NETWORKS 251What is a VPN? 251Internet Protocol Security 253Internet Key Exchange 253Transport Layer Security and VPNs 254User Databases and Authentication 255SQL Database 255RADIUS 255LDAP 256PAM 256TACACS+ 256The NSA and VPNs 257The VPN Hacker’s Toolkit 257VPN Hacking Methodology 257Port Scanning a VPN Server 258Hping3 259UDP Scanning with Nmap 261IKE-scan 262Identifying Security Association Options 263Aggressive Mode 265OpenVPN 267LDAP 275OpenVPN and Shellshock 277Exploiting CVE-2017-5618 278Summary 281CHAPTER 9 FILES AND FILE SHARING 283What is Network-Attached Storage? 284File Permissions 284NAS Hacking Toolkit 287Port Scanning a File Server 288The File Transfer Protocol 289The Trivial File Transfer Protocol 291Remote Procedure Calls 292RPCinfo 294Server Message Block 295NetBIOS and NBT 296Samba Setup 298Enum4Linux 299SambaCry (CVE-2017-7494) 303Rsync 306Network File System 308NFS Privilege Escalation 309Searching for Useful Files 311Summary 312CHAPTER 10 UNIX 315UNIX System Administration 316Solaris 316UNIX Hacking Toolbox 318Port Scanning Solaris 319Telnet 320Secure Shell 324RPC 326CVE-2010-4435 329CVE-1999-0209 329CVE-2017-3623 330Hacker’s Holy Grail EBBSHAVE 331EBBSHAVE Version 4 332EBBSHAVE Version 5 335Debugging EBBSHAVE 335R-services 338The Simple Network Management Protocol 339Ewok 341The Common UNIX Printing System 341The X Window System 343Cron and Local Files 347The Common Desktop Environment 351EXTREMEPARR 351Summary 353CHAPTER 11 DATABASES 355Types of Databases 356Flat-File Databases 356Relational Databases 356Nonrelational Databases 358Structured Query Language 358User-Defined Functions 359The Database Hacker’s Toolbox 360Common Database Exploitation 360Port Scanning a Database Server 361MySQL 362Exploring a MySQL Database 362MySQL Authentication 373PostgreSQL 374Escaping Database Software 377Oracle Database 378MongoDB 381Redis 381Privilege Escalation via Databases 384Summary 392CHAPTER 12 WEB APPLICATIONS 395The OWASP Top 10 396The Web Application Hacker’s Toolkit 397Port Scanning a Web Application Server 397Using an Intercepting Proxy 398Setting Up Burp Suite Community Edition 399Using Burp Suite Over HTTPS 407Manual Browsing and Mapping 412Spidering 415Identifying Entry Points 418Web Vulnerability Scanners 418Zed Attack Proxy 419Burp Suite Professional 420Skipfish 421Finding Vulnerabilities 421Injection 421SQL Injection 422SQLmap 427Drupageddon 433Protecting Against SQL Injection 433Other Injection Flaws 434Broken Authentication 434Sensitive Data Exposure 436XML External Entities 437CVE-2014-3660 437Broken Access Controls 439Directory Traversal 440Security Misconfiguration 441Error Pages and Stack Traces 442Cross-Site Scripting 442The Browser Exploitation Framework 445More about XSS Flaws 450XSS Filter Evasion 450Insecure Deserialization 452Known Vulnerabilities 453Insufficient Logging and Monitoring 453Privilege Escalation 454Summary 455CHAPTER 13 MICROSOFT WINDOWS 457Hacking Windows vs. Linux 458Domains, Trees, and Forests 458Users, Groups, and Permissions 461Password Hashes 461Antivirus Software 462Bypassing User Account Control 463Setting Up a Windows VM 464A Windows Hacking Toolkit 466Windows and the NSA 467Port Scanning Windows Server 467Microsoft DNS 469Internet Information Services 470Kerberos 471Golden Tickets 472NetBIOS 473LDAP 474Server Message Block 474ETERNALBLUE 476Enumerating Users 479Microsoft RPC 489Task Scheduler 497Remote Desktop 497The Windows Shell 498PowerShell 501Privilege Escalation with PowerShell 502PowerSploit and AMSI 503Meterpreter 504Hash Dumping 505Passing the Hash 506Privilege Escalation 507Getting SYSTEM 508Alternative Payload Delivery Methods 509Bypassing Windows Defender 512Summary 514CHAPTER 14 PASSWORDS 517Hashing 517The Password Cracker’s Toolbox 519Cracking 519Hash Tables and Rainbow Tables 523Adding Salt 525Into the /etc/shadow 526Different Hash Types 530MD5 530SHA-1 531SHA-2 531SHA256 531SHA512 531bcrypt 531CRC16/CRC32 532PBKDF2 532Collisions 533Pseudo-hashing 533Microsoft Hashes 535Guessing Passwords 537The Art of Cracking 538Random Number Generators 539Summary 540CHAPTER 15 WRITING REPORTS 543What is a Penetration Test Report? 544Common Vulnerabilities Scoring System 545Attack Vector 545Attack Complexity 546Privileges Required 546User Interaction 547Scope 547Confidentiality, Integrity, and Availability Impact 547Report Writing as a Skill 549What Should a Report Include? 549Executive Summary 550Technical Summary 551Assessment Results 551Supporting Information 552Taking Notes 553Dradis Community Edition 553Proofreading 557Delivery 558Summary 559Index 561
VMware Certified Professional Data Center Virtualization on vSphere 6.7 Study Guide
Includes online interactive learning environment with: * 2 custom practice exams * More than 60 electronic flashcards * Searchable key term glossary Everything You Need to Prepare for Exam 2V0-21.19, Updated for vSphere 6.7 The VCP6-DCV VMware Certified Professional Data Center Virtualization on vSphere 6.7 Study Guide is an indispensable resource for anyone preparing to take exam 2V0-21.19. Sybex's proven learning approach and valuable tools ensure you'll feel thoroughly confident when the day of the exam arrives. Readers can also leverage additional resources and training materials provided through the Sybex online learning environment. Most importantly, this guide teaches you practical skills that you'll apply as a VMware professional. It doesn't merely prepare you for exam 2V0-21.19. It prepares you for your career. Coverage of 100% of all exam objectives in this Study Guide means you'll be ready for: * Configuring and Administering vSphere Security, Networking, and Storage * Upgrading a vSphere Deployment * Administering and Managing vSphere Resources * Backing up and Recovering a vSphere Deployment * Troubleshooting a vSphere Deployment * Deploying and Customizing ESXi Hosts * Configuring and Administering vSphere and vCenter Availability Solutions * Administering and Managing vSphere Virtual Machines ABOUT THE VCP-DCV PROGRAM The VMware Certified Professional-Datacenter Virtualization 2020 (VCP-DCV 2020) program prepares VCP candidates to configure, manage, and troubleshoot a VSphere 6.7 infrastructure. Because candidates must complete VMware's authorized training course, as well as the exam, it's important to prepare with the best tools and resources available. Interactive learning environment Take your exam prep to the next level with Sybex's superior interactive online study tools. To access our learning environment, visit www.wiley.com/go/sybextestprep, register to receive your unique PIN, and instantly gain access to: Interactive test bank with 2 practice exams. Practice exams help you identify areas where further review is needed. Get more than 90% of the answers correct, and you're ready to take the certification exam. More than 300 online questions total. More than 60 electronic flashcards to reinforce learning and last-minute prep before the exam Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared Master vSphere 6 virtualization with hands-on practice and bonus preview exams VCP6-DCV: VMware Certified Professional-Data Center Virtualization on vSphere 6 Study Guide is your ultimate guide to preparing for exam 2VO-621. This Study Guide provides 100% coverage of all exam objectives and offers a unique set of study tools including assessment tests, objective map, real-world scenarios, hands-on exercises, and much more so you can be confident come exam day. You will also receive access to the superior Sybex interactive online learning environment that provides additional study tools including electronic flashcards and bonus practice exams. More than just a study guide, this book bridges the gap between exam prep and real-world on the job skills by focusing on the key information VMware professionals need to do the job. You'll master the vCenter Server and ESXi from planning and installation through upgrade and security, and develop an in-depth understanding of vSphere networking and storage, vApp deployment, service level establishment, troubleshooting, monitoring implementation, and so much more. * Study 100% of exam 2V0-621 objectives * Practice your skills with hands-on exercises * Gain professional insight from real-world scenarios * Test your understanding with review questions, practice tests, and more Virtualization is the number-one IT priority for organizations across public and private sectors, and VMware is the dominant force in the virtualization space. The VCP6-DCV certification gives you a highly marketable credential in terms of employment, but first you must pass this challenging exam. VCP6-DCV gives you the power of Sybex exam prep and the skills you need to excel at the job. ABOUT THE AUTHORS Jon Hall is a Certification Development, Technical Training, and Education Services Management Professional with over a decade of experience working for VMware Education Services. He assisted in the development of numerous VMware certifications, and currently holds 13 VMware certifications, along with certifications from HP, Cisco, and others. Joshua Andrews is a VMware expert, blogger, and certification enthusiast. He currently holds numerous VMware certifications, including VCP6-DCV, VCAP6-DCV, VCIX-DCV, and VCIX-NV. He has also received the VMware vExpert designation every year since 2012. Introduction xxi Assessment Test xxxi Chapter 1 What’s New in vSphere 6.7 1 Accessing vSphere 2 VMware vSphere Client 2 Application Programming Interface 8 Topology and UI Updates for VCSA 8 External Platform Services Controller 8 Update Manager 10 Storage Updates 18 Persistent Memory 19 Remote Direct Memory Access 19 vSAN 20 Security Updates 22 Virtual Machines 24 Content Library 24 Per-VM EVC 40 Summary 41 Exam Essentials 42 Review Questions 43 Chapter 2 Configuring and Administering Security in a vSphere Datacenter 47 Configuring and Administering Role-Based Access Controls 49 What Is a Privilege? 49 What Is a Task? 49 What Is a Role? 50 Assigning Permissions 54 Viewing and Exporting Group and User Permissions 70 Securing ESXi Hosts and the vCenter Server 72 Hardening ESXi Hosts 72 Hardening vCenter Server 87 Configuring and Enabling SSO and Identity Sources 88 vCenter Single Sign-On 89 Platform Services Controller 91 Configuring vCenter Single Sign-On 93 Securing Virtual Machines 96 Secure Boot 96 Virtual Machine Encryption 96 Virtual Machine Hardening 106 vSphere Network Security 117 Summary 118 Exam Essentials 118 Review Questions 119 Chapter 3 Networking in vSphere 123 Understanding vSphere Networking 124 Standard Switches 125 Virtual Distributed Switches 127 Using dvPort Groups 138 Working with Virtual Adapters 144 Custom TCP/IP Stacks 147 Long-Distance vMotion 151 Migrating Virtual Machines to or from a vDS 151 Performance and Reliability 151 Link Aggregation 152 Load Balancing and Failover Policies 153 Traffic Shaping 154 TCP Segmentation Offload 155 Jumbo Frames 155 Network Isolation 158 Automatic Rollback 159 Monitoring and Mirroring 163 Using NetFlow 164 Understanding Network I/O Control 165 Configuring NIOC Reservations, Shares, and Limits 166 Summary 170 Exam Essentials 171 Review Questions 172 Chapter 4 Storage in vSphere 177 Managing vSphere Integration with Physical Storage 178 Adding an NFS Datastore 179 Using Block Storage 186 Configuring the Software iSCSI Initiator 187 Binding VMkernels to the Software iSCSI Initiator 189 Scanning for Changes 192 Storage Filters 193 Thin Provisioning 194 Storage Multipathing and Failover 196 Configuring and Upgrading VMFS and NFS 203 Configuring VMFS Datastores 207 Raw Device Mapping and Bus Sharing 214 Configuring Software-Defined Storage 217 Virtual Storage Area Network 217 Virtual Volumes 225 Storage Policy–Based Management 229 Enabling and Configuring Storage I/O Control 230 Summary 233 Exam Essentials 234 Review Questions 235 Chapter 5 Upgrading a vSphere Deployment 239 Upgrading from vSphere 5.5 240 Upgrading a vCenter Server on Windows 244 Verify Basic Compatibility and Download the Installer 245 Prepare the Database for Upgrade 245 Prepare for Upgrading the Content Library 247 Verify Network Prerequisites, Load Balancer, and ESXI Hosts 247 Starting the vCenter on Windows Upgrade 247 Migrating to the vCenter Server Appliance 252 Upgrading Using the Command Line 252 Upgrading Using the Graphical Interface 253 Upgrading ESXi Hosts and Virtual Machines 264 Using the Update Manager Download Service 264 Using vSphere Update Manager 265 Summary 284 Exam Essentials 285 Review Questions 286 Chapter 6 Allocating Resources in a vSphere Datacenter 291 Administering and Managing vSphere 6.x Resources 293 Configuring Multilevel Resource Pools 295 Reservations, Limits, and Shares 296 Resource Pool Administration Exercises 303 Using Tags and Custom Attributes 308 Configuring vSphere DRS and Storage DRS Clusters 315 Distributed Resource Scheduler 316 Predictive DRS 318 Network-Aware DRS 320 Storage DRS 322 Establishing Affinity and Anti-Affinity 322 DRS Cluster Administration Exercises 324 Summary 342 Exam Essentials 343 Review Questions 344 Chapter 7 Backing Up and Recovering a vSphere Deployment 349 VCSA Backup and Restore 350 Backing Up Virtual Machines by Using VDP 357 Installing VDP 358 Creating Backup Jobs 361 Restoring from Backup 365 Deploying Proxy Servers 368 Replicating Virtual Machines 376 Deploying a Replication Appliance 376 Configuring Replication 378 Recovering Replicated VMs 382 Summary 387 Exam Essentials 387 Review Questions 388 Chapter 8 Troubleshooting a vSphere Deployment 393 Troubleshooting vCenter and ESXi 394 vCenter Connectivity and Services 394 vCenter Certificates 399 vCenter Log Files 399 ESXi Troubleshooting 403 ESXi Monitoring 407 Troubleshooting Storage and Networking 413 Storage Issues 413 Storage Performance 416 Storage DRS and I/O Control 417 Network Issues 418 Troubleshooting Upgrades 421 Troubleshooting Virtual Machines 421 Troubleshooting HA and DRS 425 Summary 426 Exam Essentials 427 Review Questions 428 Chapter 9 Deploying and Customizing ESXi Hosts 433 Configuring Auto Deploy 434 Enabling PXE Boot 435 Configuring DHCP 435 Configuring TFTP 436 Enabling Auto Deploy 437 Adding Deploy Rules 440 Adding a Custom Image and Profile 442 Stateless Caching and Stateful Installs 442 Employing Host Profiles 452 Creating and Using Host Profiles 453 Importing and Exporting Host Profiles 457 Advanced Profile Modifications 458 Using Answer Files 461 Summary 468 Exam Essentials 468 Review Questions 469 Chapter 10 Ensuring High Availability for vSphere Clusters and the VCSA 475 Configuring vSphere Cluster High Availability 476 HA Failures and Responses 477 Host Isolation 478 Heartbeat Datastores 479 Advanced Options 480 Configuring VMCP 482 Monitoring Virtual Machines 483 Admission Control 486 vCenter Server Appliance High Availability 499 Summary 511 Exam Essentials 512 Review Questions 514 Chapter 11 Administering and Managing vSphere Virtual Machines 519 Virtual Machine Advanced Settings 520 Virtual Machine Configuration File 522 Advanced Virtual Machine Options 528 Content Library 537 VMware Converter 546 Summary 558 Exam Essentials 558 Review Questions 559 Appendix Answers to Review Questions 565 Chapter 1: What’s New in vSphere 6.7 566 Chapter 2: Configuring and Administering Security in a vSphere Datacenter 567 Chapter 3: Networking in vSphere 569 Chapter 4: Storage in vSphere 570 Chapter 5: Upgrading a vSphere Deployment 571 Chapter 6: Allocating Resources in a vSphere Datacenter 573 Chapter 7: Backing Up and Recovering a vSphere Deployment 575 Chapter 8: Troubleshooting a vSphere Deployment 577 Chapter 9: Deploying and Customizing ESXi Hosts 578 Chapter 10: Ensuring High Availability for vSphere Clusters and the VCSA 579 Chapter 11: Administering and Managing vSphere Virtual Machines 581 Index 583
Hacking und Bug Hunting
Bugs in Websites aufspüren, Gutes tun, Spaß dabei haben ... und Geld verdienen Ein praktischer Leitfaden für die Suche nach Softwarefehlern Ein Blick hinter die Kulissen: Sie sehen, wie professionelle Bughunter vorgehen Eine Anleitung, wie man mit Bughunting Geld verdient Lernen Sie, wie Hacker Websites knacken und wie auch Sie das tun können. Dieses Buch ist ein praktischer Leitfaden für die Suche nach Software-Bugs. Egal ob Sie in die Cybersicherheit einsteigen, um das Internet zu einem sichereren Ort zu machen, oder ob Sie als erfahrener Entwickler sichereren Code schreiben wollen – Peter Yaworski, ein überzeugter "Ethical Hacker", zeigt Ihnen, wie es geht. Sie lernen die gängigsten Arten von Bugs kennen, wie Cross-Site-Scripting, unsichere Objekt-Referenzen oder Server-Side Request-Forgery. Echte Fallbeispiele aufgedeckter und entlohnter Schwachstellen in Anwendungen von Twitter, Facebook, Google und Uber zeigen erstaunliche Hacks, und sie erfahren, wie Hacker bei Überweisungen Race Conditions nutzen, URL-Parameter verwenden, um unbeabsichtigt Tweets zu liken, und vieles mehr. Sie lernen: - wie Angreifer Websites kompromittieren - wo Sie mit der Suche nach Bugs anfangen - welche Funktionalitäten üblicherweise mit Schwachstellen assoziiert werden - wie Sie Bug-Bounty-Programme finden - wie Sie effektive Schwachstellen-Reports verfassen "Hacking und Bug-Hunting" ist eine faszinierende und umfassende Einführung in die Sicherheit von Webanwendungen, mit Geschichten von der vordersten Schwachstellenfront und praktischen Erkenntnissen. Mit Ihrem neu gewonnenen Wissen um die Websicherheit und Schwachstellen können Sie das Web zu einem sichereren Ort machen—und dabei noch Geld verdienen.
Hands-on Azure Pipelines
Build, package, and deploy software projects, developed with any language targeting any platform, using Azure pipelines.The book starts with an overview of CI/CD and the need for software delivery automation. It further delves into the basic concepts of Azure pipelines followed by a hands-on guide to setting up agents on all platforms enabling software development in any language. Moving forward, you will learn to set up a pipeline using the classic Visual Editor using PowerShell scripts, a REST API, building edit history, retention, and much more. You’ll work with artifact feeds to store deployment packages and consume them in a build. As part of the discussion you’ll see the implementation and usage of YAML (Yet Another Markup Language) build pipelines. You will then create Azure release pipelines in DevOps and develop extensions for Azure pipelines. Finally, you will learn various strategies and patterns for developing pipelines and go through some sample lessons on building and deploying pipelines.After reading Hands-on Azure Pipelines, you will be able to combine CI and CD to constantly and consistently test and build your code and ship it to any target.WHAT YOU WILL LEARN* Work with Azure build-and-release pipelines * Extend the capabilities and features of Azure pipelines* Understand build, package, and deployment strategies, and versioning and patterns with Azure pipelines* Create infrastructure and deployment that targets commonly used Azure platform services* Build and deploy mobile applications * Use quick-start Azure DevOps projectsWHO THIS BOOK IS FORSoftware developers and test automation engineers who are involved in the software delivery process.CHAMINDA CHANDRASEKARA is a Microsoft Most Valuable Professional (MVP) for Visual Studio ALM and Scrum Alliance Certified ScrumMaster®, and focuses on and believes in continuous improvement of the software development lifecycle. He works as a Senior Engineer - DevOps at Xameriners, Singapore. Chaminda is an active Microsoft Community Contributor (MCC) who is well recognized for his contributions in Microsoft forums, TechNet galleries, wikis, and Stack Overflow and he contributes extensions to Azure DevOps Server and Services (former VSTS/TFS) in the Microsoft Visual Studio Marketplace. He also contributes to other open source projects in GitHub. Chaminda has published five books with Apress.PUSHPA HERATH is a DevOps engineer at Xamariners. She has many years of experience in Azure DevOps Server and Services (formerly VSTS/TFS), Azure cloud platform and QA Automation. She is an expert in DevOps currently leading the DevOps community in Sri Lanka, and she has shown in depth knowledge in Azure cloud platform tools in her community activities. She has published three books with Apress and spoken in community evets as well as in the you tube channel of her Sri Lanka DevOps community.CHAPTER 1: UNDERSTANDING THE IMPORTANCE OF SOFTWARE DELIVERY AUTOMATIONCHAPTER GOAL: Give conceptual overview on CI CD while elaborating on the need of software delivery automation.NO OF PAGES: 10SUB -TOPICS1. Introducing Concepts (CI/CD)2. Why we need SW Delivery Automation?CHAPTER 2: OVERVIEW OF AZURE PIPELINESCHAPTER GOAL: Introduction to components in Azure Pipelines enabling you to follow the lessons from chapter 3.NO OF PAGES: 30Sub - Topics1. Introducing Pools and Agents (Explain purpose and usage (no need to go into setup details), +Security)2. Deployment Groups (Explain purpose and usage (no need to go into setup details), +Security)3. Build Pipelines (Explain purpose and usage (no need to go into setup details), +Security)4. Release Pipelines (Explain purpose and usage (no need to go into setup details), +Security)5. Task Groups (Explain purpose and usage (no need to go into setup details), +Security)6. Library (Variables) (Explain purpose and usage (no need to go into setup details), +Security)7. Parallel Pipelines and BillingCHAPTER 3: SETTING UP POOLS, DEPLOYMENT GROUPS AND AGENTSCHAPTER GOAL: Lessons to provide hand-on guidance on setting up agents on all platforms enabling building software developed with any language.NO OF PAGES : 40SUB - TOPICS:1. Setting up pools and permissions (scopes, Capabilities)2. Adding agents to pools (three pools Linux, mac and windows – add each type)3. Enable .NET core builds in Linux Agents4. Setting up Deployment Groups and permissions (scopes)5. Adding agent to Deployment groups (roles)CHAPTER 4: CREATING BUILD PIPELINES – CLASSIC – PART1CHAPTER GOAL: Step by step guidance to setting up a build pipeline using Classic Visual Editor.NO OF PAGES: 50SUB - TOPICS:1. Using Source Control Providers (show integration with each type and explain all options for each type such as tag sources and other options)2. Using a Template (Explain few commonly used templates)3. Using Multiple jobs – Adding Build jobs, Selecting Pools, setting up Demands, timeouts, mention parallelism, conditions are later lesson, Dependency settings with sample4. Using Tasks (Explain adding Tasks, find tasks in marketplace (install marketplace task in next lesson))5. Installing tasks from marketplace (Explain how to when you have rights, explain how to request to install task admin approve and install as well as decline)6. Build phase and Task Control Conditions – Explain using condition types, custom conditions in detail using a sample7. Parallelism - multi configuration and multi agents – show with samplesCHAPTER 5: CREATING BUILD PIPELINES – CLASSIC – PART2CHAPTER GOAL: Step by step guidance to setting up a build pipeline using Classic Visual Editor.NO OF PAGES: 40SUB - TOPICS:1. Using Variables – System, pipeline and group, scoping variables, queue time variable value change2. Setting up triggers and path filters for a build – show how it works CI, PR etc, path filters, scheduled builds3. Format Build number and apply custom formats with PowerShell4. Enable, paused and disabled builds -explain in detail with sample5. Link work items and Create work items on failures6. Using build status badge7. Build job scope, timeouts and demands8. Build edit history, compare and restore9. RetentionCHAPTER 6: CREATING BUILD PIPELINES – CLASSIC – PART 3CHAPTER GOAL: Step by step guidance to setting up a build pipeline using Classic Visual Editor.NO OF PAGES: 30SUB - TOPICS:1. Queuing builds and enable debugging mode for more diagnostic information2. Setting variable values in PowerShell scripts3. Accessing secret variable values in PowerShell4. Using OAuth tokens in builds (show example of REST API call , mention REST API details are later chapter)5. Creating and using task groups (include export and import as well)6. Using agentless phases – provide few usable task examples7. Publishing Artifacts – as server, as shared path (mention package as nuget later)8. Exporting and importing build definitionsCHAPTER 7: USING ARTIFACTSCHAPTER GOAL: Usage of artifact feeds to store deployment packages and usage of artifact feeds to keep packages related to development and consuming them in builds.NO OF PAGES: 40SUB - TOPICS:1. Creating and publishing build artifacts as nuget2. Using nuget packages from azure artifacts in VS, and in VS Code3. Using nuget packages in Azure Artifact feed in builds4. Creating and Consuming npm packages5. Creating and Consuming maven packages6. Creating and consuming gradle packages7. Creating and Consuming python packages8. Azure CLI to use feeds9. New Public feedsCHAPTER 8: CREATING AND USING YAML BUILD PIPELINESCHAPTER GOAL: Hands on lessons on implementing YAML based build pipelines giving all essential information on implementing configurations and pilines as code.No of pages: 40SUB - TOPICS:Will be defined laterCHAPTER 9: CREATING AZURE RELEASE PIPELINES – PART1Chapter Goal: Step by step guidance to setting up release pipelines with Azure DevOps.NO OF PAGES: 40SUB - TOPICS:1. Service Connections – Explain different types2. Using Templates to Create Pipelines (explain few common templates)3. Adding Artifacts for Release Pipeline (explain each artifact type)4. Setting up Artifact Triggers (continuous deployment triggers, artifact filters)5. Adding Stage (templated or empty, add vs clone, after release, manual triggers, after stage trigger (show parallel and different stage sequence setup options for pipelines), (partial succeeded) and artifact filters)6. Scheduled deployments for a stage (how it works samples)7. Pull request triggers in artifacts and Pull request deployment in stages8. Deployment queue settings (how it works sample should be shown)CHAPTER 10: CREATING AZURE RELEASE PIPELINES – PART2CHAPTER GOAL: Step by step guidance to setting up release pipelines with Azure DevOps.NO OF PAGES: 50SUB - TOPICS:1. Defining Gates (show examples for each gate type)2. Post deployment Options (approval and auto redeploy, gates just mention)3. Agent Job (Pools and specifications, demands samples, execution plan (multi config, multi agent as well) samples, timeouts, Artifact downloads, Oauth, Run job conditions)4. Deployment group job (Deployment group, how it works for required tags samples, targets to deploy multiple, one at a time samples, maximum parallel settings how it works samples, timeouts, artifacts, Oauth, run job conditions)5. Agentless Jobs – Explain usage of possible tasks – manual, delay, invoke azure function, quires, alerts, publishing to service bus – show samples for each6. Using variables – Scoping and using group variables as well7. Release Options – Release number, all integration options explain with sample for each8. History, compare, restore9. Export, import pipelinesCHAPTER 11: USING REST API AND DEVELOPING EXTENSIONS FOR AZURE PIPELINESCHAPTER GOAL: How to extend the capabilities and features of Azure Pipelines using the REST APIs and the extension development is discussed in this chapter.NO OF PAGES: 30SUB - TOPICS:1. Build and Release Management REST APIs - introduce get, post, put etc. with PS and typescript2. Developing extensions for Azure Pipelines – Develop a simple pipeline extension3. Deploying and distributing Azure Pipeline extensions – sharing privately and enable to use publiclyCHAPTER 12: USEFUL PIPELINE STRATEGIES AND PATTERNSCHAPTER GOAL: Guidance in pipeline development strategies and patterns with Azure build and release pipelines.NO OF PAGES: 25SUB - TOPICS:Will define later.CHAPTER 13: COMMONLY USED BUILD AND DEPLOYMENT PIPELINES – SAMPLES AND INTEGRATIONSCHAPTER GOAL: Few useful samples lessons on building and release commonly used applications to Azure platform.NO OF PAGES: 50SUB - TOPICS:1. Deploying infrastructure with Azure Pipelines – Creating Azure resources such as, resource groups, app service plans, storage accounts, web apps, function apps, APIM, Cosmos, SQL, ACR, AKS (provide open source code samples developed by us integrated with pipelines)2. Using Terraform with Azure Pipelines3. Deploying function apps and web apps – including configuration management options4. Deploying mobile apps5. Deploying Azure Databases – SQL, Cosmos6. Deploying Containerized Applications (web apps, AKS)7. Using SonarQube and Azure Build Pipelines for Code Analysis8. Integrating with Jenkins9. Integrating with Octopus deploy10. Generating quick start projects with Azure DevOps Projects (specially focus on java, python, node etc. and targeting Azure platforms)11. Generating release notes12. Visualizing Pipelines status with Dashboards in Azure DevOps
Cloud Computing For Dummies
* Adopt a hybrid and multicloud strategy * Rethink DevOps with containers and microservices * Incorporate security into your cloud environment Plan your cloud computing strategy Are you ready to execute a cloud computing plan? You need a strategy to prepare for the future, and this book comes to the rescue. Authors Daniel Kirsch and. Judith Hurwitz share insights by honing in on topics like multicloud architecture, microservices, hybrid infrastructure, DevOps, and Software as a Service. This book is ideal for anyone who needs to understand the emerging approaches to cloud computing. Inside... * Understanding cloud architecture * Using a hybrid computing approach * Explaining the economics of cloud computing * Planning your cloud strategy * Developing a security strategy * Understanding containers and microservices Get your head—and your business—into the Cloud Cloud computing is no longer just a clever new toy in the world of IT infrastructure. Despite the nebulous name, it’s become a real and important part of our information architecture—and tech professionals who ignore it or try to skim their way through risk falling behind rapidly. The new edition of Cloud Computing For Dummies gets you up to speed fast, clarifying your Cloud options, showing you where can save you time and money, giving you ways to frame your decisions, and helping you avoid weeks of research. In a friendly, easy-to-follow style, Cloud Computing For Dummies, 2nd Edition demystifies the Cloud’s virtual landscape, breaking up a complex and multi-layered topic into simple explanations that will make the various benefits clear and ultimately guide you toward making the most appropriate choices for your organization. * Know the business case for the Cloud * Understand hybrid and multi-cloud options * Develop your Cloud strategy * Get tips on best practices The Cloud is everywhere, and it can deliver amazing benefits to our lives and businesses. Get a much clearer vision of exactly how with Cloud Computing For Dummies—and you’ll begin to see that the sky really is the limit! Introduction 1 Part 1: Understanding Cloud Concepts 5 Chapter 1: Understanding the Cloud 7 Chapter 2: Embracing the Business Imperative 21 Part 2: Examining Architectural Considerations 31 Chapter 3: Architectural Considerations for the Cloud Environment 33 Chapter 4: Managing a Hybrid and Multicloud Environment 43 Chapter 5: Standards in a Multicloud World 59 Chapter 6: A Closer Look at Cloud Services 73 Part 3: Understanding Cloud Models 87 Chapter 7: Introducing All Types of Clouds 89 Chapter 8: Using Infrastructure as a Service 107 Chapter 9: Using Software as a Service 121 Chapter 10: Standing on Platform as a Service 135 Part 4: Managing in a Multicloud World 147 Chapter 11: Planning for DevOps in the Cloud 149 Chapter 12: Managing Multicloud Workloads 165 Chapter 13: Managing Data Storage in the Cloud 177 Part 5: Developing Your Cloud Strategy 189 Chapter 14: Managing and Integrating Data in the Cloud 191 Chapter 15: Promoting Cloud Security and Governance 207 Chapter 16: Breaking Down Cloud Economics 225 Chapter 17: Planning Your Cloud Strategy 241 Part 6: The Part of Tens 253 Chapter 18: Ten Cloud Resources 255 Chapter 19: Ten Cloud Do’s and Don’ts 261 Glossary 267 Index 281 Daniel Kirsch, Managing Director of Hurwitz & Associates, is a thought leader, researcher, author, and consultant in cloud, AI, and security. Judith Hurwitz, President of Hurwitz & Associates, is a consultant, thought leader, and coauthor of 10 books including Augmented Intelligence, Cognitive Computing and Big Data Analytics, and Hybrid Cloud for Dummies
Networking For Dummies
SET UP A SECURE NETWORK AT HOME OR THE OFFICEFully revised to cover Windows 10 and Windows Server 2019, this new edition of the trusted Networking For Dummies helps both beginning network administrators and home users to set up and maintain a network. Updated coverage of broadband and wireless technologies, as well as storage and back-up procedures, ensures that you’ll learn how to build a wired or wireless network, secure and optimize it, troubleshoot problems, and much more.From connecting to the Internet and setting up a wireless network to solving networking problems and backing up your data—this #1 bestselling guide covers it all.* Build a wired or wireless network* Secure and optimize your network* Set up a server and manage Windows user accounts* Use the cloud—safely Written by a seasoned technology author—and jam-packed with tons of helpful step-by-step instructions—this is the book network administrators and everyday computer users will turn to again and again.DOUG LOWE is the bestselling author of Networking For Dummies and Networking All-in-One Desk Reference For Dummies. His 50+ books include more than 30 in the For Dummies series. He has demystified everything from Microsoft Office and memory management to client/server computing and creating web pages. INTRODUCTION 1About This Book 1Foolish Assumptions 2Icons Used in This Book 3Beyond the Book 3Where to Go from Here 4PART 1: GETTING STARTED WITH NETWORKING 5CHAPTER 1: LET’S NETWORK! 7Defining a Network 8Why Bother with a Network? 11Sharing files 11Sharing resources 11Sharing programs 12Sharing messages 12Servers and Clients 13Dedicated Servers and Peers 13What Makes a Network Tick? 15It’s Not a Personal Computer Anymore! 16The Network Administrator 17What Have They Got That You Don’t Got? 18CHAPTER 2: CONFIGURING WINDOWS AND MAC CLIENTS 21Configuring Windows Network Connections 22Joining a Windows Computer to a Domain 27Configuring Mac Network Settings 29Joining a Mac Computer to a Domain 33CHAPTER 3: LIFE ON THE NETWORK 37Distinguishing between Local Resources and Network Resources 38What’s in a Name? 38Logging on to the Network 40Understanding Shared Folders 42Four Good Uses for a Shared Folder 43Store files that everybody needs 43Store your own files 44Make a temporary resting place for files on their way to other users 44Back up your local hard drive 45Oh, the Network Places You’ll Go 45Mapping Network Drives 47Using a Network Printer 50Adding a network printer 51Printing to a network printer 52Playing with the print queue 53Logging off the Network 55CHAPTER 4: MORE WAYS TO USE YOUR NETWORK 57Sharing Your Stuff 57Enabling File and Printer Sharing 58Sharing a Folder 59Using the Public Folder 61Sharing a Printer 62Using Microsoft Office on a Network 64Accessing network files 64Using workgroup templates 65Networking an Access database 67Working with Offline Files 68PART 2: DESIGNING YOUR NETWORK 73CHAPTER 5: PLANNING A NETWORK 75Making a Network Plan 75Being Purposeful 76Taking Stock 77What you need to know 77Programs that gather information for you 79To Dedicate or Not to Dedicate: That Is the Question 80File servers 81Print servers 81Web servers 82Mail servers 82Database servers 83Application servers 83License servers 83Choosing a Server Operating System 83Planning the Infrastructure 84Drawing Diagrams 84CHAPTER 6: DEALING WITH TCP/IP 87Understanding Binary 88Counting by ones 88Doing the logic thing 89Introducing IP Addresses 90Networks and hosts 90The dotted-decimal dance 91Classifying IP Addresses 91Class A addresses 92Class B addresses 93Class C addresses 93Subnetting 94Subnets 95Subnet masks 96The great subnet roundup 97Private and public addresses 98Understanding Network Address Translation 98Configuring Your Network for DHCP 99Understanding DHCP 100DHCP servers 100Understanding scopes 101Feeling excluded? 102Reservations suggested 103How long to lease? 104Managing a Windows Server 2019 DHCP Server 104Configuring a Windows DHCP Client 105Using DNS 106Domains and domain names 106Fully qualified domain names 108Working with the Windows DNS Server 109Configuring a Windows DNS Client 110CHAPTER 7: OH, WHAT A TANGLED WEB WE WEAVE: CABLES AND SWITCHES 111What Is Ethernet? 112All about Cable 114Cable categories 116What’s with the pairs? 117To shield or not to shield 117When to use plenum cable 118Sometimes solid, sometimes stranded 118Installation guidelines 119The tools you need 120Pinouts for twisted-pair cables 121RJ-45 connectors 122Crossover cables 124Wall jacks and patch panels 124Understanding Switches 126Comparing managed and unmanaged switches 126Daisy-chaining switches 128Stacking switches 128Looking at distribution switches and access switches 129Powering Up with Power over Ethernet 130Looking at Three Types of Network Rooms 131CHAPTER 8: SETTING UP A WIRELESS NETWORK 133Diving into Wireless Networking 134A Little High School Electronics 135Waves and frequencies 135Wavelength and antennas 137Spectrums and the FCC 137Eight-Oh-Two-Dot-Eleventy Something: Understanding Wireless Standards 139Home on the Range 140Using Wireless Network Adapters 141Setting Wireless Access Points 142Infrastructure mode 142Multifunction WAPs 143Roaming Capabilities 144Wireless bridging 144Ad-hoc networks 145Configuring a Wireless Access Point 145Basic configuration options 146DHCP configuration 146Connecting to a Wireless Network 147Paying Attention to Wireless Network Security 149CHAPTER 9: CONNECTING TO THE INTERNET 155Connecting to the Internet 155Connecting with cable or DSL 156Connecting with high-speed private lines 157Sharing an Internet connection 158Securing Your Connection with a Firewall 159Using a firewall 159Comparing residential gateways to firewall routers 161Looking at the built-in Windows firewall 161Providing a Backup Internet Connection 163PART 3: WORKING WITH SERVERS 165CHAPTER 10: VIRTUALIZING YOUR NETWORK 167Understanding Virtualization 167Understanding Hypervisors 169Understanding Virtual Disks 171Understanding Network Virtualization 173Looking at the Benefits of Virtualization 174Choosing Virtualization Hosts 176Understanding Windows Server 2019 Licensing 176Introducing Hyper-V 178Understanding the Hyper-V hypervisor 178Understanding virtual disks 179Enabling Hyper-V 180Getting Familiar with Hyper-V 181Creating a Virtual Switch 182Creating a Virtual Disk 184Creating a Virtual Machine 188Installing an Operating System 192CHAPTER 11: SETTING UP A WINDOWS SERVER 195Planning a Windows Server Installation 196Checking system requirements 196Reading the release notes 196Considering your licensing options 196Deciding your TCP/IP configuration 197Choosing workgroups or domains 197Running Setup 198Adding Server Roles and Features 203Creating a New Domain 208CHAPTER 12: MANAGING WINDOWS USER ACCOUNTS 213Understanding How Active Directory Is Organized 214Objects 214Domains 215Organizational units 215Trees 216Forests 216Understanding Windows User Accounts 216Local accounts versus domain accounts 216User account properties 217Creating a New User 217Setting User Properties 220Changing the user’s contact information 220Setting account options 221Specifying logon hours 223Restricting access to certain computers 223Setting the user’s profile information 224Resetting User Passwords 225Disabling and Enabling User Accounts 226Deleting a User 226Working with Groups 227Creating a group 227Adding a member to a group 228Creating a Logon Script 230CHAPTER 13: MANAGING NETWORK STORAGE 231Understanding Disk Storage 231Hard disk drives 231Solid state drives to the rescue! 234It’s a RAID! 234Three ways to attach disks to your servers 236Focusing on File Servers 237Understanding permissions 237Understanding shares 239Managing Your File Server 240Using the New Share Wizard 241Sharing a folder without the wizard 245Granting permissions 247PART 4: MANAGING YOUR NETWORK 251CHAPTER 14: WELCOME TO NETWORK MANAGEMENT 253What a Network Administrator Does 254Choosing the Part-Time Administrator 255The Three “Ups” of Network Management 256Managing Network Users 257Acquiring Software Tools for Network Administrators 258Building a Library 259Pursuing Certification 260Helpful Bluffs and Excuses 261CHAPTER 15: SUPPORTING YOUR USERS 263Establishing the Help Desk’s Charter 264Tracking Support Tickets 265Deciding How to Communicate with Users 267Using Remote Assistance 268Enabling Remote Assistance 269Inviting someone to help you via a Remote Assistance session 270Responding to a Remote Assistance invitation 273Creating a Knowledge Base 275Creating a Self-Service Help Portal 275Using Satisfaction Surveys 276Tracking Help Desk Performance 278Using Help Desk Management Software 279CHAPTER 16: USING GROUP POLICY 281Understanding Group Policy 281Enabling Group Policy Management on Windows Server 2019 282Creating Group Policy Objects 283Filtering Group Policy Objects 289Forcing Group Policy Updates 292CHAPTER 17: MANAGING SOFTWARE DEPLOYMENT 293Understanding Software Licenses 294Using a License Server 297Deploying Network Software 298Deploying software manually 298Running Setup from a network share 299Installing silently 300Creating an administrative installation image 301Pushing out software with Group Policy 302Keeping Software Up to Date 302CHAPTER 18: MANAGING MOBILE DEVICES 305The Many Types of Mobile Devices 306Considering Security for Mobile Devices 307Managing iOS Devices 308Understanding the iPhone 308Understanding the iPad 309Integrating iOS devices with Exchange 309Configuring an iOS device for Exchange email 311Managing Android Devices 314Looking at the Android OS 314Perusing Android’s core applications 315Integrating Android with Exchange 316PART 5: SECURING YOUR NETWORK 317CHAPTER 19: WELCOME TO CYBERSECURITY NETWORK 319Do You Need Security? 320The Three Pillars of Cybersecurity 321Two Approaches to Security 322Physical Security: Locking Your Doors 323Securing User Accounts 324Obfuscating your usernames 324Using passwords wisely 325Generating passwords For Dummies 326Secure the Administrator account 328Managing User Security 328User accounts 329Built-in accounts 330User rights 331Permissions (who gets what) 331Group therapy 332User profiles 333Logon scripts 334Securing the Human Firewall 334CHAPTER 20: HARDENING YOUR NETWORK 337Firewalls 337The Many Types of Firewalls 339Packet filtering 339Stateful packet inspection (SPI) 341Circuit-level gateway 342Application gateway 342Next-generation firewall 343Virus Protection 343What is a virus? 343Antivirus programs 345Safe computing 346Patching Things Up 346CHAPTER 21: SECURING YOUR EMAIL 349Defining Spam 350Sampling the Many Flavors of Spam 351Using Antispam Software 352Understanding Spam Filters 353Looking at Three Types of Antispam Software 356On-premises antispam 356Antispam appliances 357Cloud-based antispam services 358Minimizing Spam 359CHAPTER 22: BACKING UP YOUR DATA 3613-2-1: The Golden Rule of Backups 361How Often Should You Back Up Your Data? 363Choosing Where to Back Up Your Data 364Establishing Two Key Backup Objectives 365Backing Up to Tape 366Understanding Backup Software 367Examining File-Based Backups 368Full backups 369Copy backups 370Incremental backups 370Differential backups 371Backup and Virtualization 371Verifying Tape Reliability 373Keeping Backup Equipment Clean and Reliable 374Setting Backup Security 375CHAPTER 23: PLANNING FOR DISASTER 377Assessing Different Types of Disasters 378Environmental disasters 379Deliberate disasters 379Disruption of services 380Equipment failure 380Other disasters 381Analyzing the Impact of a Disaster 381Developing a Business Continuity Plan 382Holding a Fire Drill 383PART 6: MORE WAYS TO NETWORK 385CHAPTER 24: ACCOMMODATING REMOTE USERS 387Using Outlook Web App 388Using a Virtual Private Network 389Looking at VPN security 390Understanding VPN servers and clients 391Connecting with Remote Desktop Connection 393Enabling Remote Desktop Connection 394Connecting remotely 395Using keyboard shortcuts for Remote Desktop 397CHAPTER 25: LIFE IN CLOUD CITY 399Introducing Cloud Computing 400Looking at the Benefits of Cloud Computing 401Detailing the Drawbacks of Cloud Computing 402Examining Three Basic Kinds of Cloud Services 403Applications 404Platforms 404Infrastructure 405Public Clouds versus Private Clouds 405Introducing Some of the Major Cloud Providers 406Amazon 406Google 407Microsoft 407Getting into the Cloud 408CHAPTER 26: GOING HYBRID 409What Is a Hybrid Cloud? 409What Are the Benefits of Hybrid Cloud? 411Elasticity 411Flexibility 412Agility 412Innovation 412Operational efficiency 412Integrating Identity 413Azure Active Directory 413Single sign-on 414Looking at Hybrid Cloud Virtualization Platforms 416PART 7: THE PART OF TENS 419CHAPTER 27: TEN NETWORKING COMMANDMENTS 421I Thou Shalt Back Up Thy Data Religiously 421II Thou Shalt Protect Thy Network from Infidels 422III Thou Shalt Train Up Thy Users in the Ways of Safe Computing 422IV Thou Shalt Keepeth Thy Network Drive Pure and Cleanse It of Old Files 423V Thou Shalt Not Tinker with Thine Network Configuration unless Thou Knowest What Thou Art Doing 423VI Thou Shalt Not Covet Thy Neighbor’s Network 423VII Thou Shalt Not Take Down Thy Network without Proper Notification 424VIII Thou Shalt Keep an Adequate Supply of Spare Parts 424IX Thou Shalt Not Steal Thy Neighbor’s Program without a License 424X Thou Shalt Write Down Thy Network Configuration upon Tablets of Stone 425CHAPTER 28: TEN BIG NETWORK MISTAKES 427Skimping on Hardware 427Turning Off or Restarting a Server Computer While Users Are Logged On 428Deleting Important Files on the Server 429Copying a File from the Server, Changing It, and Then Copying It Back 429Sending Something to the Printer Again Just Because It Didn’t Print the First Time 430Assuming That the Server Is Safely Backed Up 430Connecting to the Internet without Considering Security Issues 430Plugging in a Wireless Access Point without Asking 431Thinking You Can’t Work Just Because the Network Is Down 431Running Out of Space on a Server 432Always Blaming the Network 433CHAPTER 29: TEN THINGS YOU SHOULD KEEP IN YOUR CLOSET 435Duct Tape 435Tools 436Patch Cables 436Cable Ties and Velcro 436Twinkies 437Replacement Parts 437Cheap Network Switches 438The Complete Documentation of the Network on Tablets of Stone 438The Network Manuals and Disks 438Ten Copies of This Book 439Index 441
Learn Java for Android Development
Gain the essential Java language skills necessary for using the Android SDK platform to build Java-based Android apps. This book includes the latest Java SE releases that Android supports, and is geared towards the Android SDK version 10. It includes new content including JSON documents, functional programming, and lambdas as well as other language features important for migrating Java skills to Android development.Android is still the world's most popular mobile platform and because this technology is still mostly based on Java, you should first obtain a solid grasp of the Java language and its APIs in order to improve your chances of succeeding as an effective Android apps developer. Learn Java for Android Development, 4th Editionhelps you do that.Each of the book’s chapters provides an exercise section that gives you the opportunity to reinforce your understanding of the chapter’s material. Answers to the book’s more than 500 exercises are provided in an appendix. Once you finish, you will be ready to begin your Android app development journey using Java.WHAT YOU WILL LEARN* Discover the latest Java programming language features relevant to Android SDK development* Apply inheritance, polymorphism, and interfaces to Android development* Use Java collections, concurrency, I/O, networks, persistence, functional programming, and data access in Android apps* Parse, create, and transform XML and JSON documents* Migrate your Java skills for mobile development using the Android platformWHO THIS BOOK IS FORProgrammers with at least some prior Java programming experience looking to get into mobile Java development with the Android platform.PETER SPÄTH consults, trains/teaches, and writes books on various subjects, with a primary focus on software development. With a wealth of experience in Java-related languages, the release of Kotlin for building Android apps made him enthusiastic about writing books for Kotlin development in the Android environment. He also graduated in 2002 as a physicist and soon afterward became an IT consultant, mainly for Java-related projects.JEFF FRIESEN is a freelance tutor and software developer with an emphasis on Java (and now Android). In addition to authoring Learn Java for Android Development and co-authoring Android Recipes, Jeff has written numerous articles on Java and other technologies for JavaWorld, informIT, Java.net, and DevSource.1: Getting Started with JavaTalking about ART and licensing here2: Learning Language Fundamentals3: Discovering Classes and Objects4: Discovering Inheritance, Polymorphism, and Interfaces5: Mastering Advanced Language Features, Part 16: Mastering Advanced Language Features, Part 27: Exploring the Basic APIs, Part18: Exploring the Basic APIs, Part29: Functional Programming and Lambdas10: Exploring the Collections Framework11: Exploring the Concurrency Utilities12: Performing Classic I/O13: Accessing Networks14: Migrating to New I/O15: Accessing Databases16: Parsing, Creating, and Transforming XML Documents17: Working With JSON DocumentsA. Solutions to Exercises
Algorithmen in Python
Inhalt Algorithmen gehören zum Rüstzeug guter Entwickler und Programmierer. Dieses Buch stellt Ihnen eine Vielzahl an problemlösenden Techniken für den Programmieralltag vor und zeigt, wie Sie diese Techniken in Ihre Anwendungen implementieren. Dabei lernen Sie 32 Klassiker der Informatik kennen, vom einfachen Such-Algorithmus bis zu genetischen Algorithmen und neuronalen Netzen in der KI. Randvoll mit Codebeispielen in Python sowie Profitipps für Programmierer. Selbst wenn Ihnen einiges bekannt vorkommen wird, es warten zahlreiche Aha-Erlebnisse auf Sie. Ideal für alle, die ihre ersten Schritte in der Programmierung hinter sich haben und jetzt voll durchstarten wollen! - Programmieren trainieren mit bekannten und modernen Klassikern - Von der Suche bis zu k-Means, vom Dreizeiler bis zur dynamischen Programmierung und KI - Für Studium, Coding-Katas, Workouts oder in Eigeninitiative - Titel der amerikanischen Originalausgabe: "Classic Computer Science Problems in Python"
Configuration of a Simple Samba File Server, Quota and Schedule Backup
This work is a step-by-step how to guide for configuring Samba file server, Quota andscheduled backup of important files. The paper provides an installation guide for,1. Samba server.2. Quota.3. Scheduled backup of important files.I am Dr. Hidaia Mahmoud Mohamed Alassouli. I completed my PhD degree in Electrical Engineering from Czech Technical University by February 2003, and my M. Sc. degree in Electrical Engineering from Bahrain University by June 1995. I completed also one study year of most important courses in telecommunication and computer engineering courses in Islamic university in Gaza. So, I covered most important subjects in Electrical Engineering, Computer Engineering and Telecommunications Engineering during my study. My nationality is Palestinian from gaza strip.I obtained a lot of certified courses in MCSE, SPSS, Cisco (CCNA), A+, Linux.I worked as Electrical, Telecommunicating and Computer Engineer in a lot of institutions. I worked also as a computer networking administrator. I had considerable undergraduate teaching experience in several types of courses in many universities. I handled teaching the most important subjects in Electrical and Telecommunication and Computer Engineering. I could publish a lot of papers a top-tier journals and conference proceedings, besides I published a lot of books in Publishing and Distribution houses.I wrote a lot of important Arabic articles on online news websites. I also have my own magazine website that I publish on it all my articles: http:// www.anticorruption.000space.comMy personal website: www.hidaia-alassouli.000space.comEmail: hidaia_alassouli@hotmail.com
IoT mit SAP
Wie können Sie das Internet der Dinge (IoT) gewinnbringend nutzen? Dieser praktische Leitfaden führt Sie durch das Angebot der SAP-IoT-Plattform – immer orientiert an typischen Anwendungsfällen in Industrie und Wirtschaft. Sie erfahren, welche IoT-Services Ihnen auf der SAP Cloud Platform und mit SAP Leonardo zur Verfügung stehen und wie Sie diese einsetzen, um Ihre eigene Architektur aufzusetzen. Darüber hinaus lernen Sie SAP-Standardlösungen für Asset Management und Real-Time Track and Trace kennen, die Sie direkt implementieren können. Aus dem Inhalt: ReferenzarchitekturDigitaler ZwillingEdge ComputingSAP Cloud PlatformSAP Leonardo IoTDigital Supply ChainSAP Asset Intelligence Network (AIN)SAP Predictive Maintenance and ServiceSicherheit und Backend-AnbindungImplementierungsbeispiele für kundeneigene IoT-LösungenUse Cases und Projektmethoden Vorwort ... 15 Einleitung ... 17 1. Was ist das Internet der Dinge? ... 25 1.1 ... Das Internet der Dinge in Alltag und Industrie ... 25 1.2 ... Internet der Dinge: Begriffsabgrenzungen ... 33 1.3 ... Historische Entwicklung des Internets der Dinge ... 37 1.4 ... Weiterentwicklung und Potenzial des Internets der Dinge ... 43 2. Technische Grundlagen und Komponenten ... 47 2.1 ... Eigenschaften von IoT-Systemen ... 48 2.2 ... Architektur von IoT-Systemen ... 63 2.3 ... Funktionale Anforderungen an IoT-Systeme ... 81 2.4 ... Computing-Konzepte im Umfeld von IoT-Systemen ... 93 Die SAP-IoT-Plattform ... 99 3. IoT im Kontext von SAP ... 101 3.1 ... IoT in der SAP-Strategie ... 101 3.2 ... Einführung in die SAP-IoT-Plattform ... 116 3.3 ... Marktpositionierung der SAP-IoT-Plattform ... 130 4. SAP Cloud Platform ... 137 4.1 ... Erste Schritte mit der SAP Cloud Platform ... 137 4.2 ... Integrationsservices ... 144 4.3 ... Services für Datenspeicherung und -verwaltung ... 172 4.4 ... Services für Benutzeroberflächen und Sicherheit ... 176 4.5 ... Services für Entwicklung und Betrieb ... 184 5. IoT-Services der SAP Cloud Platform ... 195 5.1 ... SAP Cloud Platform IoT ... 196 5.2 ... SAP Leonardo IoT ... 206 6. SAP Edge Services ... 229 6.1 ... Komponenten und Funktionen der SAP Edge Services ... 230 6.2 ... SAP Edge Services installieren und testen ... 237 SAP-IoT-Standardlösungen für die digitale Supply Chain ... 249 7. Asset Management: digitaler Service, Wartung und Instandhaltung ... 251 7.1 ... Industrietrends und Kernkonzepte ... 252 7.2 ... Digitale Prozesse und neue Geschäftsmodelle ... 259 7.3 ... SAP Intelligent Asset Management Suite ... 265 7.4 ... Integration mit den Backend-Systemen ... 288 7.5 ... Kundenbeispiele ... 292 8. Realtime Track and Trace in der Logistik ... 295 8.1 ... Industrietrends und Anforderungen ... 296 8.2 ... Echtzeit-Logistikmanagement mit SAP ... 305 8.3 ... Relevante IoT-Technologien ... 313 8.4 ... Partner- und Kundenbeispiele ... 319 Individuelle IoT-Lösungen mit SAP ... 327 9. Füllstand von Behältern überwachen und Nachschub anstoßen ... 329 9.1 ... Softwarearchitektur und Integration ... 330 9.2 ... Nutzen und betriebswirtschaftliche Relevanz des Szenarios ... 351 10. Pay per Use und Abonnement-Modelle ... 353 10.1 ... Softwarearchitektur und Integration ... 354 10.2 ... Nutzen und betriebswirtschaftliche Relevanz des Szenarios ... 378 11. Edge Computing bei speziell zu schützenden Geräten ... 379 11.1 ... Softwarearchitektur und Integration ... 380 11.2 ... Nutzen und betriebswirtschaftliche Relevanz des Szenarios ... 399 12. IoT-Szenarien mit Objekterkennung ... 401 12.1 ... Objekterkennung, neuronale Netze und künstliche Intelligenz ... 402 12.2 ... Softwarearchitektur und Integration ... 405 12.3 ... Nutzen und betriebswirtschaftliche Relevanz ... 419 IoT-Projekte mit SAP-Software umsetzen ... 421 13. Vorbereitung eines IoT-Projekts ... 423 13.1 ... Den passenden Use Case finden ... 424 13.2 ... Den passenden IoT-Hardwarehersteller auswählen ... 444 13.3 ... Bestehende Hardware integrieren ... 448 13.4 ... Strategische Partnerschaften schließen ... 452 14. Methoden zur Durchführung eines IoT-Projekts ... 465 14.1 ... Design Thinking ... 466 14.2 ... Agil zum Projekterfolg ... 476 14.3 ... Aufbau eines digitalen Geschäftsmodells ... 485 14.4 ... Sicherheit von IoT-Systemen ... 490 A. Literatur und Quellenverzeichnis ... 495 B. Das Autorenteam ... 509 Index ... 511
Quick Configuration of Openldap and Kerberos In Linux and Authenicating Linux to Active Directory
This paper is a step-by-step how to guide for configuring of Openldap server, Kerberos server and shows the procedure for authentication of Linux Machine to Active Directory. The paper provides an installation guide for,1.OpenLDAP server and client.2.Kerberos server and client.3.Procedure for authenticating Linux Machine to Active Directory.I am Dr. Hidaia Mahmoud Mohamed Alassouli. I completed my PhD degree in Electrical Engineering from Czech Technical University by February 2003, and my M. Sc. degree in Electrical Engineering from Bahrain University by June 1995. I completed also one study year of most important courses in telecommunication and computer engineering courses in Islamic university in Gaza. So, I covered most important subjects in Electrical Engineering, Computer Engineering and Telecommunications Engineering during my study. My nationality is Palestinian from gaza strip.I obtained a lot of certified courses in MCSE, SPSS, Cisco (CCNA), A+, Linux.I worked as Electrical, Telecommunicating and Computer Engineer in a lot of institutions. I worked also as a computer networking administrator. I had considerable undergraduate teaching experience in several types of courses in many universities. I handled teaching the most important subjects in Electrical and Telecommunication and Computer Engineering. I could publish a lot of papers a top-tier journals and conference proceedings, besides I published a lot of books in Publishing and Distribution houses.I wrote a lot of important Arabic articles on online news websites. I also have my own magazine website that I publish on it all my articles: http:// www.anticorruption.000space.comMy personal website: www.hidaia-alassouli.000space.comEmail: hidaia_alassouli@hotmail.com
IoT Development for ESP32 and ESP8266 with JavaScript
This book introduces a new approach to embedded development, grounded in modern, industry-standard JavaScript. Using the same language that powers web browsers and Node.js, the Moddable SDK empowers IoT developers to apply many of the same tools and techniques used to build sophisticated websites and mobile apps.The Moddable SDK enables you to unlock the full potential of inexpensive microcontrollers like the ESP32 and ESP8266. Coding for these microcontrollers in C or C++ with the ESP-IDF and Arduino SDKs works for building basic products but doesn't scale to handle the increasingly complex IoT products that customers expect. The Moddable SDK adds the lightweight XS JavaScript engine to those traditional environments, accelerating development with JavaScript while keeping the performance benefits of a native SDK.Building user interfaces and communicating over the network are two areas where JavaScript really shines. _IoT Development for ESP32 and ESP8266 with JavaScript_ shows you how to build responsive touch screen user interfaces using the Piu framework. You'll learn how easy it is to securely send and receive JSON data over Wi-Fi with elegant JavaScript APIs for common IoT protocols, including HTTP/HTTPS, WebSocket, MQTT, and mDNS. You'll also learn how to integrate common sensors and actuators, Bluetooth Low Energy (BLE), file systems, and more into your projects, and you'll see firsthand how JavaScript makes it easier to combine these diverse technologies.If you're an embedded C or C++ developer who has never worked in JavaScript, don't worry. This book includes an introduction to the JavaScript language just for embedded developers experienced with C or C++.WHAT YOU'LL LEARN* Building, installing, and debugging JavaScript projects on the ESP32 and ESP8266* Using modern JavaScript for all aspects of embedded development with the Moddable SDK* Developing IoT products with animated user interfaces, touch input, networking, BLE, sensors, actuators, and moreWHO THIS BOOK IS FOR* Professional embedded developers who want the speed, flexibility, and power of web development in their embedded software work* Makers who want a faster, easier way to build their hobby projects* Web developers working in JavaScript who want to extend their skills to hardware productsPETER HODDIE is an engineer and entrepreneur focused on client software. He is recognized for crafting compact and efficient code that pushes the boundaries of user experience on consumer hardware. The software he and his teams have built has powered mass-market consumer products from companies including Apple, Palm, Sling, HP, and Sony. Peter recognizes that the first users of any product are the developers creating it, and that those developers cannot build compelling consumer products on a foundation that’s unstable, complex, or confusing. He therefore champions investments in great tools and a simple runtime architecture.Peter has founded several companies, including Kinoma, which merged into Marvell Semiconductor. He led QuickTime development at Apple during the 1990s as a Distinguished Engineer. He contributed to the development of the QuickTime file format and its adoption by ISO into the MPEG-4 standard. He is currently a member of the JavaScript language standards committee (ECMA TC39) and chair of ECMA TC53 for "Smart wearable systems and sensor-based devices". Peter is particularly proud of his work putting both the KinomaJS framework and Darwin Streaming Server into open source. He continues to come to terms with the 10 patents that bear his name.LIZZIE PRADER is an engineer whose educational background is in theoretical computer science, but is currently better described as an engineer focused on developers’ needs. She recognizes the importance of customer support during all stages of a project, and enjoys working with developers to smooth the on-ramp to embedded development. Working with users of all skill levels—from professional engineers to makers and hobbyists to absolute programming beginners—has made her an advocate of well-organized documentation and readable code.Prior to Moddable, Lizzie worked as a developer relations engineer at Kinoma. Her main goal was to help customers get the most out of Kinoma’s software and hardware prototyping products, both through direct contact with developers and by creating a variety of resources including sample code, tutorials, and blog postsChapter 1: Getting StartedThe goal of this section is to get the reader set-up with the hardware, development environment, and their basic JavaScript skills. This equips them to run the examples in the remaining chapters.Chapter 2: NetworkingThe goal of this section is to teach the reader how to use Wi-Fi to communicate with cloud services and other devices. It provides guidance on when it is appropriate to use the various network services. It also explains how to use standard JSON to communicate with network services.Chapter 3: Bluetooth Low Energy (BLE)This is the only chapter which only applies to the ESP32, as the ESP8266 does not have BLE hardwareChapter 4: Files and DataThis section explains how to access and store data. In addition to introducing the file system, it explains why a file system isn’t always the best choice for an IoT product and introduces alternativesChapter 5: Working with hardware (Sensors and actuators)This section introduces the hardware protocols supported by the Moddable SDK and gets the reader started with a few sensors and actuators. In addition to demonstrating how to use a few specific sensors, it provides guidance on how to build JavaScript modules for other off-the-shelf sensors. This chapter introduces Timers, a common tool for working with hardware used to delay operations and perform periodic actions.Chapter 6: Graphics for IoTThis chapter explains why graphical user interfaces are a valuable addition to IoT products. It introduces the fundamentals of working with graphics on MCUs that were not designed to support graphics. The reader will learn about key performance bottlenecks so that they will have the knowledge needed to build modern graphical displays for their IoT projects using the ESP8266 and ESP32. The chapter also describes the relationship between the Commodetto Graphics Library and the Piu User Interface framework so the reader can choose the tool that is best for their project.Chapter 7: Commodetto Graphics LibraryThis section introduces use of the Commodetto graphics library to build user displays. It contains examples of using each graphic operation provided by the Poco rendering engine.Chapter 8: Piu User Interface FrameworkThis section provides an overview of the Piu user interface framework and examples of the most commonly used objects from the Piu APIChapter 9: Adding native codeThis section describes how to increase the performance and features of the reader’s IoT projects through the strategic use of native C code. It teaches how to integrate C code into a JavaScript application. It provides guidance on when it is appropriate to use C code, by explaining the benefits and risks of using native code.Chapter 10: SecurityChapter 11: What’s Next?This section covers a few advanced topics and provides links to additional developer resources. The goal is to provide readers with the information necessary to move on to developing more complex and customizable applications.
Securing Critical Infrastructures
This book explains the modern techniques required to protect a cyber security critical infrastructure. Three fundamental techniques are presented, namely: network access control, physical access control, encryption and decryption techniques.Dr. Kamara had won two awards for community building in higher education and is an author of two other books:The Implications of Internet Usage, 2013The Impacts of Cognitive Theory on Human and Computer Science Development, 2016
Preisfindung und Konditionstechnik mit SAP
Geht nicht gibt’s nicht! In diesem Buch lernen Sie, wie Sie die Preisfindung in Ihrem Unternehmen einrichten und optimieren, um sowohl alltägliche als auch fortgeschrittene Anforderungen zu erfüllen. Das Autorenteam führt Sie von den Grundlagen der Konditionstechnik über das Standard-Customizing bis tief in die kundenindividuellen Anpassungen, die Ihnen das SAP-System ermöglicht. Sie erfahren, wie Sie mit Konditionssätzen, Kalkulationsschemata und Co. arbeiten. Nutzen Sie die detaillierten Informationen zu Formeln und Bedingungen, und setzen Sie auch die kniffligsten Wünsche der Vertriebskollegen in SD um. Aus dem Inhalt: Einsatzgebiete und Elemente der KonditionstechnikKonditionsstammdaten der PreisfindungAuswertungen und ArbeitsvorräteCustomizing der PreisfindungArbeiten mit KonditionssätzenPreisfindung im VertriebsbelegKalkulationsschemata und KonditionsartenWichtige Programme der PreisfindungTypische Praxisanforderungen an die PreisfindungBonusabwicklungKonditionssteckbriefe Einleitung ... 21 Teil I. Konditionstechnik ... 27 1. Einsatzgebiete und Elemente der Konditionstechnik ... 29 1.1 ... Eigenschaften von Konditionen ... 30 1.2 ... Einsatzgebiete der Konditionstechnik (Konditionsverwendung) ... 31 1.3 ... Ausgewählte Einsatzgebiete (Verwendungen) ... 33 1.4 ... Anwendungsbereiche der Konditionstechnik (Konditionsapplikation) ... 37 1.5 ... Elemente der Konditionstechnik im Überblick ... 40 1.6 ... Feldkatalog und Kommunikationsstrukturen ... 42 1.7 ... Konditionstabellen ... 43 1.8 ... Zugriffsfolgen ... 45 1.9 ... Konditionsarten ... 56 1.10 ... Konditionsstammdaten ... 57 1.11 ... Kalkulationsschemata ... 62 1.12 ... Findungsanalyse ... 63 1.13 ... Bedingungen ... 64 1.14 ... Gesamtablauf im Überblick ... 66 1.15 ... Fazit ... 67 2. Konditionsstammdaten der Preisfindung ... 69 2.1 ... Konditionspflege über die Konditionsart ... 69 2.2 ... Konditionspflege über Bereichsmenüs ... 74 2.3 ... Konditionspflege über den Index ... 78 2.4 ... Absprachen ... 79 2.5 ... Preisvereinbarungen ... 83 2.6 ... Fazit ... 84 3. Auswertungen und Arbeitsvorräte ... 85 3.1 ... Konditionslisten ... 85 3.2 ... Arbeitsvorräte in der Rolle »Vertriebsmitarbeiter im Innendienst« ... 92 3.3 ... Konditionsinfo ... 98 3.4 ... Nettopreisliste ... 99 3.5 ... Performanceoptimierte Preisliste ... 101 3.6 ... Fazit ... 129 Teil II. Preisfindung ... 131 4. Customizing der Preisfindung ... 133 4.1 ... Umsetzung eines ersten kundenindividuellen Preisfindungsszenarios ... 133 4.2 ... Elemente der Preisfindung im Detail ... 149 4.3 ... Kundenindividuelle Anpassungen und Kundennamensräume ... 168 4.4 ... Beispiel für die Umsetzung komplexerer Anforderungen ... 172 4.5 ... Konfigurierbare Formeln und Parameter ... 175 4.6 ... Anbindung an die Ergebnis- und Marktsegmentrechnung (COPA) ... 199 4.7 ... Fazit ... 200 5. Arbeiten mit Konditionssätzen ... 203 5.1 ... Freigabestatus ... 203 5.2 ... Massenänderungen/Anlegen mit Bezug ... 208 5.3 ... Kopieren von Konditionen ... 212 5.4 ... Konditionspflege mit Bereichsmenüs ... 216 5.5 ... Weitere Funktionen innerhalb der Konditionspflege ... 218 5.6 ... Fazit ... 223 6. Preisfindung im Vertriebsbeleg ... 225 6.1 ... Positionskonditionsbild ... 225 6.2 ... Kopfkonditionsbild ... 234 6.3 ... Vordefinierte Preiselemente in der Positionsübersicht ... 237 6.4 ... Preisvereinbarungen ... 238 6.5 ... Preisfindung beim Anlegen von Belegen mit Referenz ... 242 6.6 ... Preisfindung bei Miet- und Wartungsverträgen (periodischer Fakturierungsplan) ... 243 6.7 ... Preisfindung bei Festbetragverträgen (Meilensteinfakturierungsplan) ... 247 6.8 ... Preisfindung bei der Aufwandsabrechnung ... 252 6.9 ... Fazit ... 253 7. Spezielle Funktionen der Preisfindung ... 255 7.1 ... Gruppenkonditionen ... 255 7.2 ... Konditionsausschluss ... 258 7.3 ... Konditionsupdate ... 263 7.4 ... Steuerermittlung im Vertrieb ... 266 7.5 ... Naturalrabatt im Vertrieb ... 272 7.6 ... Kosten des Verkaufsvorgangs ... 275 7.7 ... Währungsumrechnungen im Vertrieb ... 279 7.8 ... Druckaufbereitung des Preisfindungsergebnisses ... 287 7.9 ... Fazit ... 292 Teil III. Weiterführende technische Grundlagen, Tipps und Tricks ... 293 8. Ausgewählte Kalkulationsschemata und Konditionsarten ... 295 8.1 ... Ausgewählte Kalkulationsschemata ... 297 8.2 ... Ausgewählte Konditionsarten des Standardschemas ... 313 8.3 ... Fazit ... 317 9. Besonderheiten der Konditionstechnik in der Preisfindung ... 319 9.1 ... Schnittstellen, Tabellen und Zusammenhänge ... 320 9.2 ... Datenermittlung über Konditionen ... 325 9.3 ... Felder mit Mehrfachbelegung ... 345 9.4 ... Fazit ... 349 10. Wichtige Programme der Preisfindung ... 351 10.1 ... Funktionsbaustein PRICING ... 352 10.2 ... Funktionsbaustein PRICING_COMPLETE ... 364 10.3 ... Funktionsbaustein PRICING_COPY ... 374 10.4 ... Datenablage des Preisfindungsergebnisses ... 375 10.5 ... Funktionsbaustein PRICING_REFRESH ... 376 10.6 ... Dialoganbindung/weitere Funktionsbausteine ... 377 10.7 ... Zusammenhang der Komponenten der Preisfindung ... 378 10.8 ... Fazit ... 379 11. Systemanpassungen mit Bedingungen, Formeln und User-Exits ... 381 11.1 ... Preisfindungsarten ... 383 11.2 ... Bedingungen ... 384 11.3 ... Ein Beispiel für den Einsatz der Formeln ... 388 11.4 ... Konditionsformeln ... 393 11.5 ... Sonderlogik der Preisfindungsart F in der Routine »xkomv_bewerten« ... 403 11.6 ... Preisfindungsergebnis in KOMP ... 405 11.7 ... Steuerungskennzeichen »xkomv-ksteu« ... 411 11.8 ... User-Exits ... 413 11.9 ... Erweiterungen der Tabelle KONV ... 420 11.10 ... Performanceaspekte ... 421 11.11 ... Fehlermeldungen/Fehlerbehandlung ... 422 11.12 ... Fazit ... 424 12. Typische Praxisanforderungen an die Preisfindung und ihre Lösung ... 425 12.1 ... Budgetierungsanforderungen ... 426 12.2 ... Konditionen wurden nicht gefunden -- woran liegt das? ... 436 12.3 ... Rundung ... 438 12.4 ... Preise mit mehr als zwei Nachkommastellen ... 439 12.5 ... Behandlung von Frachtzuschlägen ... 440 12.6 ... Berechtigungsabhängigkeit des Konditionsbildes ... 444 12.7 ... Aufnahme neuer Zwischensummenfelder ... 444 12.8 ... Stammdatenfelder datumsabhängig pflegen ... 444 12.9 ... Kopierte Konditionen und anschließende Mengenänderung ... 449 12.10 ... Gesteigerte Preise in Retouren und Gutschriften ... 455 12.11 ... Kennzahlen für Reporting und Analyse ... 457 12.12 ... Konditionssatzspezifische Bedingungen ... 473 12.13 ... Fazit ... 485 13. Preisfindung in ausgewählten Applikationen ... 487 13.1 ... Preisfindung im Kundenauftrag ... 488 13.2 ... Preisfindung in der Faktura ... 494 13.3 ... Preisfindung in der Bestellung ... 495 13.4 ... Preisfindung im Rechnungswesen ... 499 13.5 ... Steuerberechnung in der Finanzbuchhaltung ... 500 13.6 ... Preisfindung in der Transportabwicklung (Frachtkalkulation) ... 506 13.7 ... Fazit ... 507 14. Performance und Test ... 509 14.1 ... SAP-Tabellenpuffer ... 510 14.2 ... Konditions-Prestep und Zugriffsoptimierung ... 511 14.3 ... Reihenfolge der Felder in den Konditionstabellen ... 513 14.4 ... Einsatz von Bedingungen ... 514 14.5 ... Gruppenkonditionen und Formeln ... 514 14.6 ... Besonderheiten in Kundenauftrag und Faktura ... 515 14.7 ... Analyse-Tools ... 522 14.8 ... Testen ... 523 14.9 ... Fazit ... 526 15. Preisfindung in SAP S/4HANA ... 527 15.1 ... Überblick über SAP S/4HANA ... 527 15.2 ... Unterschiede und Gemeinsamkeiten von SAP ERP und SAP S/4HANA ... 530 15.3 ... Migration nach SAP S/4HANA ... 541 15.4 ... Preisfindung in SAP S/4HANA Cloud ... 545 15.5 ... Fazit ... 554 Teil IV. Bonusabwicklung im Vertrieb ... 555 16. Bonusabwicklung im Vertrieb ... 557 16.1 ... Übersicht über die Bonusabwicklung ... 557 16.2 ... Elemente der Bonusabwicklung im Detail ... 579 16.3 ... Erweiterte Bonusverarbeitung ... 599 16.4 ... Systemanpassungen im Bonusumfeld ... 610 16.5 ... Typische Praxisanforderungen ... 616 16.6 ... Fazit ... 619 Anhang ... 621 A. Konditionssteckbriefe ... 622 B. SAP-CRM-Anbindung ... 670 C. Die Autoren ... 674 Index ... 676
SAP Integrated Business Planning
Mit diesem Buch steuern Sie Ihre Supply Chain schnell und lückenlos. Zunächst lernen Sie die verschiedenen Prozesse, Bestandteile sowie die Konfiguration von SAP Integrated Business Planning for Supply Chain im Detail kennen. Anschließend zeigen Ihnen die Autoren, wie Sie das Tool für die bereichsübergreifende Echtzeitplanung und -analyse Ihrer gesamten Lieferkette einsetzen. Best Practices unterstützen Sie bei Ihrem Implementierungsprojekt. Aus dem Inhalt: User Interfaces von SAP IBPVerwendung von Stamm- und BewegungsdatenExcel-Konfiguration Sales and Operations PlanningDemand PlanningInventory PlanningSupply and Response PlanningSupply Chain Control Tower AnalyticsSAP JamZeit- und auftragsbasierte SchnittstellenBest Practices: Rapid Deployment Solutions Einleitung ... 15 1. Betriebswirtschaftliche Einordnung ... 19 1.1 ... Prozesse der Supply-Chain-Planung ... 19 1.2 ... Überblick über SAP IBP ... 27 1.3 ... Integrierte Beispiele (Best Practice) ... 38 2. Benutzeroberflächen ... 45 2.1 ... Browserbasierte Benutzeroberflächen (Web UIs) ... 45 2.2 ... Microsoft Excel ... 61 3. Grundlagen der übergreifenden Konfiguration ... 101 3.1 ... Attribute ... 101 3.2 ... Stammdatentypen ... 106 3.3 ... Zeitprofile ... 116 3.4 ... Planungsbereiche ... 131 3.5 ... Planungsebenen ... 156 3.6 ... Kennzahlen ... 161 3.7 ... Versionen ... 168 3.8 ... Planungsoperatoren ... 170 3.9 ... Globale Konfiguration ... 176 3.10 ... Aktivierung von Planungsmodellen ... 178 4. Sales and Operations Planning mit SAP IBP ... 185 4.1 ... Überblick und Ziele ... 185 4.2 ... Funktionen von SAP IBP für Sales and Operations ... 189 4.3 ... Der S&OP-Prozess mit SAP IBP ... 205 4.4 ... Konfiguration und Einstellungen in SAP IBP für Sales and Operations ... 224 5. Absatzplanung mit SAP IBP für Demand ... 251 5.1 ... Überblick und Ziele ... 251 5.2 ... Klassische Absatzplanung mit SAP IBP für Demand ... 254 5.3 ... Demand Sensing mit SAP IBP für Demand ... 271 5.4 ... Konfiguration von SAP IBP für Demand ... 277 6. Bestandsplanung mit SAP IBP für Inventory ... 313 6.1 ... Einführung in die Bestandsplanung ... 313 6.2 ... Konfiguration von SAP IBP für Inventory ... 317 7. Demand-Driven Materials Requirement Planning ... 379 7.1 ... Überblick und Ziele ... 379 7.2 ... Der DDMRP-Prozess mit SAP IBP ... 381 7.3 ... SAP IBP für Demand-Driven Replenishment konfigurieren ... 384 8. Bestätigungs- und Beschaffungsplanung mit SAP IBP für Response and Supply ... 405 8.1 ... Basiseinstellungen ... 407 8.2 ... Priorisierung der Bedarfe ... 424 8.3 ... Beschaffungs- und Kontingentierungsplanung ... 427 8.4 ... Bestätigungsplanung ... 439 8.5 ... Deployment ... 443 8.6 ... Simulations- und Szenarioplanung ... 444 8.7 ... Konfiguration der Response-and-Supply-Planung ... 446 9. SAP Supply Chain Control Tower ... 511 9.1 ... SAP Supply Chain Control Tower -- Ziele und Funktionen ... 511 9.2 ... Konfiguration des SAP Supply Chain Control Towers ... 521 10. SAP Jam ... 539 10.1 ... Integration von SAP Jam in SAP IBP ... 540 10.2 ... Funktionen von SAP Jam ... 549 11. Datenintegration in SAP IBP ... 561 11.1 ... Zeitreihenbasierte Integration ... 562 11.2 ... Auftragsbasierte Integration ... 590 11.3 ... Integration mit SAP Ariba ... 615 Das Autorenteam ... 619 Index ... 621