دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید
در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید
برای کاربرانی که ثبت نام کرده اند
درصورت عدم همخوانی توضیحات با کتاب
از ساعت 7 صبح تا 10 شب
دسته بندی: رمزنگاری ویرایش: نویسندگان: Kevin E. Foltz, William R. Simpson, Institute for Defense Analyses سری: ISBN (شابک) : 9780367531737, 1000165167 ناشر: CRC Press سال نشر: 2020 تعداد صفحات: 339 زبان: English فرمت فایل : PDF (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود) حجم فایل: 23 مگابایت
در صورت تبدیل فایل کتاب Enterprise Level Security 2: Advanced Techniques for Information Technology in an Uncertain World به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب Enterprise Level Security 2: تکنیک های پیشرفته فناوری اطلاعات در جهانی نامشخص نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
امنیت سطح سازمانی 2: موضوعات پیشرفته در یک دنیای نامشخص به دنبال اولین کتاب نویسندگان در مورد امنیت در سطح سازمانی (ELS) است که مفاهیم اساسی ELS و اکتشافات انجام شده در طول هشت سال اول توسعه آن را پوشش می دهد. این کتاب در ادامه این مطلب به بحث در مورد موضوعات و راهحلهای پیشرفته، برگرفته از 16 سال تحقیق، آزمایشهای آزمایشی و عملیاتی در کنار هم قرار دادن یک سیستم سازمانی میپردازد. فصل ها موضوعات پیشرفته خاصی را که از اشتباهات دردناک و تجدید نظرهای متعدد در فرآیندها به دست آمده اند را پوشش می دهد. این کتاب بسیاری از موضوعات حذف شده از کتاب اول از جمله احراز هویت چند عاملی، مدیریت کلید ابری، مدیریت تغییرات سازمانی، صحت موجودیت، محاسبات همومورفیک، مدیریت دستگاه، موقت موبایل، داده های بزرگ، میانجیگری و چندین موضوع دیگر را پوشش می دهد. مدل ELS امنیت سازمانی توسط وزیر نیروی هوایی برای سیستمهای محاسباتی نیروی هوایی تأیید شده است و کاندیدای سیستمهای وزارت دفاع تحت برنامه محیطی اطلاعات مشترک است. این کتاب برای توسعه دهندگان معماری فناوری اطلاعات سازمانی، توسعه دهندگان برنامه کاربردی و متخصصان امنیت فناوری اطلاعات در نظر گرفته شده است. این یک رویکرد منحصر به فرد برای امنیت سرتاسری است و جایگاهی را در بازار پر می کند.
Enterprise Level Security 2: Advanced Topics in an Uncertain World follows on from the authors’ first book on Enterprise Level Security (ELS), which covered the basic concepts of ELS and the discoveries made during the first eight years of its development. This book follows on from this to give a discussion of advanced topics and solutions, derived from 16 years of research, pilots, and operational trials in putting an enterprise system together. The chapters cover specific advanced topics derived from painful mistakes and numerous revisions of processes. This book covers many of the topics omitted from the first book including multi-factor authentication, cloud key management, enterprise change management, entity veracity, homomorphic computing, device management, mobile ad hoc, big data, mediation, and several other topics. The ELS model of enterprise security is endorsed by the Secretary of the Air Force for Air Force computing systems and is a candidate for DoD systems under the Joint Information Environment Program. The book is intended for enterprise IT architecture developers, application developers, and IT security professionals. This is a unique approach to end-to-end security and fills a niche in the market.
Cover Half Title Title Page Copyright Page Dedication Table of Contents Preface Acknowledgments About the Authors List of Figures List of Tables Chapter 1 The First 16 Years 1.1 The Beginning of Enterprise Level Security (ELS) 1.2 Design Principles 1.3 Key Concepts 1.4 Implementation Chapter 2 A Brief Review of the Initial Book 2.1 Security Principles 2.1.1 Know the Players 2.1.2 Maintain Confidentiality 2.1.3 Separate Access and Privilege from Identity 2.1.4 Maintain Integrity 2.1.5 Require Explicit Accountability 2.2 ELS Framework Chapter 3 Minimal Requirements for the Advanced Topics 3.1 Needed Capabilities 3.2 Creating an Attribute Store 3.3 Registering a Service 3.4 Computing Claims 3.5 User Convenience Services 3.6 The Enterprise Attribute Ecosystem 3.7 Summary Identity and Access Advanced Topics Chapter 4 Identity Claims in High Assurance 4.1 Who Are You? 4.2 Entity Vetting 4.3 Naming 4.4 Key and Credential Generation 4.5 Key and Credential Access Control 4.6 Key and Credential Management 4.7 Key and Credential Use 4.8 Some Other Considerations Chapter 5 Cloud Key Management 5.1 Clouds 5.2 ELS in a Private Cloud 5.3 The Public Cloud Challenge 5.3.1 Using the Same Design 5.3.2 HSM Site Inspection, Virtual Connection to HSM 5.3.3 HSM Site Inspection, Direct Connection to HSM 5.3.4 HSM Site Inspection, Preconfigured Direct Connections to HSM 5.4 Potential Hybrid Cloud Solutions 5.4.1 HSM in Public Cloud 5.4.2 HSM in Private Cloud 5.4.3 General Hybrid Challenges 5.5 Proposed Secure Solutions 5.5.1 Server in HSM 5.5.2 Homomorphic Encryption 5.6 Implementation 5.6.1 Cloud Vendor Support 5.6.2 HSM Vendor Support 5.6.3 Leveraging Mobile Device Management (MDM) for Cloud Assets 5.6.4 Homomorphic Encryption 5.7 Cloud Key Management Summary Chapter 6 Enhanced Assurance Needs 6.1 Enhanced Identity Issues 6.2 Scale of Identity Assurance 6.3 Implementing the Identity Assurance Requirement 6.4 Additional Requirements 6.5 Enhanced Assurance Summary Chapter 7 Temporary Certificates 7.1 Users That Do Not Have a PIV 7.2 Non-PIV STS/CA-Issued Certificate 7.3 Required Additional Elements 7.4 Precluding the Use of Temporary Certificates 7.5 Temporary Certificate Summary Chapter 8 Derived Certificates on Mobile Devices 8.1 Derived Credentials 8.2 Authentication with the Derived Credential 8.3 Encryption with the Derived Credential 8.4 Security Considerations 8.5 Certificate Management Chapter 9 Veracity and Counter Claims 9.1 The Insider Threat 9.2 Integrity, Reputation, and Veracity 9.3 Measuring Veracity 9.3.1 Person Entities 9.3.2 Non-Person Entities 9.3.2.1 Non-Person Veracity 9.4 Creating a Model and Counter Claims 9.4.1 For Persons 9.4.2 For Non-Persons 9.4.3 Computing Veracities 9.5 Veracity and Counter Claims Summary Chapter 10 Delegation of Access and Privilege 10.1 Access and Privilege 10.2 Delegation Principles 10.3 ELS Delegation 10.3.1 Standard ELS Delegation 10.3.2 ID-Based Special Delegation 10.4 Delegation Summary Chapter 11 Escalation of Privilege 11.1 Context for Escalation 11.2 Access and Privilege Escalation 11.3 Planning for Escalation 11.4 Invoking Escalation 11.5 Escalation Implementation within ELS 11.6 Accountability 11.7 Escalation Summary Chapter 12 Federation 12.1 Federation Technical Considerations 12.1.1 ELS Federation 12.1.2 ELS-like Federation 12.1.3 Identity Credential Federation 12.1.4 Weak Identity Federation 12.1.5 Ad Hoc Federation 12.1.6 Person-to-Person Sharing 12.1.7 Evaluating Options 12.2 Federation Trust Considerations 12.2.1 Full Trust 12.2.2 Infrastructure Trust 12.2.3 Individual Trust 12.2.4 No Trust 12.3 Federation Conclusions ELS Extensions – Content Management Chapter 13 Content Object Uniqueness for Forensics 13.1 Exfiltration in Complex Systems 13.2 Product Identifiers 13.3 Hidden Messages 13.4 Content Management 13.4.1 Access Control 13.4.2 Enforcing Access Control 13.4.3 Components of an Electronic Object 13.4.4 Responsibilities of the Appliqué 13.4.5 Mitigations 13.4.5.1 Discouraging Theft 13.4.5.2 Forensics 13.5 Content Object Summary Chapter 14 Homomorphic Encryption 14.1 Full Homomorphic Encryption (FHE) 14.1.1 Homomorphic Encryption 14.1.2 Homomorphic Encryption with ELS 14.1.2.1 Non-Homomorphic Encryption 14.1.2.2 FHE with Full Application in Cloud 14.1.2.3 FHE with Only Data in Cloud 14.1.3 Performance Considerations 14.2 Partial Homomorphic Encryption (PHE) 14.2.1 Related Work 14.2.2 Research Methods 14.2.3 Human Resources (HR) Database Selection 14.2.4 HR Database Schema 14.2.5 Encryption Schemes 14.2.6 Credential Mapping 14.2.7 SQL Translation Schemes 14.2.8 Web Application 14.2.9 Assessments 14.2.10 Lab Setup 14.2.11 PHE Results 14.2.11.1 Baseline Functionality 14.2.11.2 Enhancements 14.3 PHE Performance Evaluation 14.3.1 Evaluation Areas 14.3.1.1 Bulk Encryption 14.3.1.2 Encrypted Queries 14.3.2 Setup Considerations 14.3.3 Evaluation Method 14.3.4 Test Results 14.3.4.1 Bulk Encryption Test Results 14.3.4.2 Single Queries 14.3.4.3 Combining Two Queries 14.3.4.4 Combining Many Queries 14.3.4.5 Initialization and Randomization 14.4 Homomorphic Encryption Conclusions ELS Extensions – Data Aggregation Chapter 15 Access and Privilege in Big Data Analysis 15.1 Big Data Access 15.2 Big Data Related Work 15.3 Big Data with ELS 15.3.1 Basic ELS Preparations 15.3.2 Big Data Analysis with ELS 15.3.3 Data-Driven Access Controls 15.3.4 Escalation of Privilege 15.3.5 Big Data Analysis Using Federation Data 15.3.6 Data Leakage 15.4 Big Data Summary Chapter 16 Data Mediation 16.1 Maintaining Security with Data Mediation 16.2 The Mediation Issue 16.3 Approaches 16.3.1 MITM Mediation 16.3.2 Mediation Service 16.3.3 Mediation Tool Service 16.3.4 Homomorphic-Encryption MITM 16.3.5 Comparison of Solutions 16.4 Choosing a Solution 16.5 Mediation Summary ELS Extensions – Mobile Devices Chapter 17 Mobile Ad Hoc 17.1 Mobile Ad Hoc Implementations 17.1.1 Network Overview 17.1.2 Mobile Ad Hoc Networking 17.1.3 Mobile Ad Hoc Network Services 17.1.4 Nexus Elements in the Ad Hoc Network 17.2 Network Service Descriptions 17.2.1 Detection of Hardware Capabilities 17.2.2 Detection of Network Opportunities 17.2.3 Selection of Waveforms and Protocols 17.2.4 Service Discovery 17.2.5 Query/Response Capabilities 17.2.6 Network Broadcast 17.2.7 System Discovery 17.2.8 Joining a Network 17.3 Other Considerations 17.3.1 Exchange of Certificates 17.3.2 Device Requirements 17.3.3 Discovery of Services 17.3.4 Request for Service 17.4 Mobile Ad Hoc Summary Chapter 18 Endpoint Device Management 18.1 Endpoint Device Choices 18.1.1 Devices to Be Considered 18.1.2 Options for Device Choices 18.1.3 The Issue 18.1.4 Device Evaluation Factors 18.1.5 Enterprise Device Requirements 18.1.6 Evaluation Matrix 18.1.7 Protecting the Enterprise from BYOD 18.1.8 Device Choice Summary 18.2 Endpoint Device Management 18.2.1 Device Registry 18.2.2 IoT Devices 18.2.3 Device Endpoint Agent 18.2.3.1 Monitoring and Reporting 18.2.3.2 Data Validation and Purging 18.2.3.3 Fulfilling Requests for Data 18.2.4 Endpoint Device Management Summary ELS Extensions – Other Topics Chapter 19 Endpoint Agent Architecture 19.1 Agent Architecture 19.2 Related Work 19.3 ELS Agent Methods 19.4 Endpoint Agent Results 19.4.1 Mobile Device Management (MDM) Agents 19.4.2 Monitoring Agents 19.4.3 Log Aggregation Agents 19.4.4 Service Desk Agents 19.4.5 Import and Mediation Agents 19.4.6 Other Agents 19.5 Endpoint Agent Conclusions 19.6 Endpoint Agent Extensions Chapter 20 Ports and Protocols 20.1 Introduction 20.2 Communication Models 20.3 Ports in Transport Protocols 20.3.1 The Transmission Control Protocol 20.3.2 The User Datagram Protocol 20.4 Threats Considered 20.5 Assigning Ports and Protocols 20.6 Server Configurations 20.7 Firewalls and Port Blocking 20.8 Application Firewalls 20.9 Network Firewalls in ELS 20.10 Endpoint Protection in ELS 20.11 Handling and Inspection of Traffic 20.12 Additional Security Hardening Chapter 21 Asynchronous Messaging 21.1 Why Asynchronous Messaging? 21.1.1 Advantages of Asynchronous Communication 21.1.2 Disadvantages of Asynchronous Communication 21.2 Prior Work 21.2.1 Java Standard Messaging Protocol 21.2.2 De Facto Standard Microsoft Message Queuing 21.2.3 Open Source Messaging Protocols 21.2.4 Emerging Standard 21.3 Asynchronous Messaging Security 21.3.1 Security for Server Brokered Invocation 21.3.2 Security for Publish-Subscribe Systems (PSS) 21.4 PSS Rock and Jewel 21.4.1 Claims for Targeted Content (PSS) 21.4.2 Retrieving Content for Known Claimants 21.4.3 Retrieving Content for Unknown Claimants 21.4.4 Adjusting Publishing Targets (Untrusted PSS) 21.4.5 Distribution of Burdens 21.5 Summary Chapter 22 Virtual Application Data Center 22.1 Introduction 22.2 Enterprise Level Security and VADC Concepts 22.3 VADC Implementation 22.4 Resource Utilization 22.5 Distributed Benefits and Challenges 22.6 Virtual Application Data Center Conclusions Chapter 23 Managing System Changes 23.1 System Change 23.2 Current Approaches 23.2.1 The Expert 23.2.2 The Bureaucracy 23.2.3 The Vendor 23.3 The Vision 23.4 Realizing the Vision 23.5 Moving into the Future 23.6 Managing Information Technology Changes Chapter 24 Concluding Remarks 24.1 Staying Secure in an Uncertain World 24.2 The Model is Important 24.3 Zero Trust Architecture 24.4 Computing Efficiencies 24.4.1 Need for Speed 24.4.2 Security Protocols and Algorithms 24.4.3 Evaluation of Security Products 24.5 Current Full ELS System 24.6 Future Directions References Acronyms Index