Muutke küpsiste eelistusi

E-raamat: Enterprise Level Security 2: Advanced Techniques for Information Technology in an Uncertain World [Taylor & Francis e-raamat]

  • Formaat: 314 pages, 14 Tables, black and white; 93 Illustrations, black and white
  • Ilmumisaeg: 15-Sep-2020
  • Kirjastus: CRC Press
  • ISBN-13: 9781003080787
  • Taylor & Francis e-raamat
  • Hind: 120,02 €*
  • * hind, mis tagab piiramatu üheaegsete kasutajate arvuga ligipääsu piiramatuks ajaks
  • Tavahind: 171,46 €
  • Säästad 30%
  • Formaat: 314 pages, 14 Tables, black and white; 93 Illustrations, black and white
  • Ilmumisaeg: 15-Sep-2020
  • Kirjastus: CRC Press
  • ISBN-13: 9781003080787
"Enterprise Level Security 2: Advanced Topics in an Uncertain World follows on from the authors' first book on Enterprise Level Security (ELS), which covered the basic concepts of ELS and the discoveries made during the first eight years of its development. This book follows on from this to give a discussion of advanced topics and solutions, derived from 16 years of research, pilots, and operational trials in putting an enterprise system together. The chapters cover specific advanced topics derived from painful mistakes and numerous revisions of processes. This book covers many of the topics omitted from the first book including multi-factor authentication, cloud key management, enterprise change management, entity veracity, homomorphic computing, devicemanagement, mobile ad hoc, big data, mediation, and several other topics. The ELS model of enterprise security is endorsed by the Secretary of the Air Force for Air Force computing systems and is a candidate for DoD systems under the Joint Information Environment Program. The book is intended for enterprise IT architecture developers, application developers, and IT security professionals. This is a unique approach to end-to-end security and fills a niche in the market"--

Enterprise Level Security 2: Advanced Topics in an Uncertain World follows on from the authors’ first book on Enterprise Level Security (ELS), which covered the basic concepts of ELS and the discoveries made during the first eight years of its development. This book follows on from this to give a discussion of advanced topics and solutions, derived from 16 years of research, pilots, and operational trials in putting an enterprise system together. The chapters cover specific advanced topics derived from painful mistakes and numerous revisions of processes. This book covers many of the topics omitted from the first book including multi-factor authentication, cloud key management, enterprise change management, entity veracity, homomorphic computing, device management, mobile ad hoc, big data, mediation, and several other topics.

  • The ELS model of enterprise security is endorsed by the Secretary of the Air Force for Air Force computing systems and is a candidate for DoD systems under the Joint Information Environment Program.
  • The book is intended for enterprise IT architecture developers, application developers, and IT security professionals.
  • This is a unique approach to end-to-end security and fills a niche in the market.

Preface xiii
Acknowledgments xv
About the Authors xvii
Figures
xix
Tables
xxiii
Chapter 1 The First 16 Years
1(8)
1.1 The Beginning of Enterprise Level Security (ELS)
1(1)
1.2 Design Principles
1(3)
1.3 Key Concepts
4(3)
1.4 Implementation
7(2)
Chapter 2 A Brief Review of the Initial Book
9(8)
2.1 Security Principles
9(4)
2.2 ELS Framework
13(4)
Chapter 3 Minimal Requirements for the Advanced Techniques
17(14)
3.1 Needed Capabilities
18(1)
3.2 Creating an Attribute Store
19(1)
3.3 Registering a Service
19(1)
3.4 Computing Claims
20(2)
3.5 User Convenience Services
22(1)
3.6 The Enterprise Attribute Ecosystem
23(3)
3.7 Summary
26(5)
Identity and Access Advanced Techniques
Chapter 4 Identity Claims in High Assurance
31(10)
4.1 Who Are You?
31(1)
4.2 Entity Vetting
32(1)
4.3 Naming
33(1)
4.4 Key and Credential Generation
33(2)
4.5 Key and Credential Access Control
35(1)
4.6 Key and Credential Management
36(1)
4.7 Key and Credential Use
37(2)
4.8 Some Other Considerations
39(2)
Chapter 5 Cloud Key Management
41(14)
5.1 Clouds
41(1)
5.2 ELS in a Private Cloud
42(1)
5.3 The Public Cloud Challenge
43(5)
5.4 Potential Hybrid Cloud Solutions
48(1)
5.5 Proposed Secure Solutions
49(2)
5.6 Implementation
51(2)
5.7 Cloud Key Management Summary
53(2)
Chapter 6 Enhanced Assurance Needs
55(6)
6.1 Enhanced Identity Issues
55(1)
6.2 Scale of Identity Assurance
56(2)
6.3 Implementing the Identity Assurance Requirement
58(1)
6.4 Additional Requirements
58(1)
6.5 Enhanced Assurance Summary
59(2)
Chapter 7 Temporary Certificates
61(6)
7.1 Users That Do Not Have a PIV
61(1)
7.2 Non-PIV STS/CA-Issued Certificate
62(2)
7.3 Required Additional Elements
64(1)
7.4 Precluding the Use of Temporary Certificates
65(1)
7.5 Temporary Certificate Summary
65(2)
Chapter 8 Derived Certificates on Mobile Devices
67(4)
8.1 Derived Credentials
67(1)
8.2 Authentication with the Derived Credential
67(1)
8.3 Encryption with the Derived Credential
67(1)
8.4 Security Considerations
68(1)
8.5 Certificate Management
68(3)
Chapter 9 Veracity and Counter Claims
71(14)
9.1 The Insider Threat
71(1)
9.2 Integrity, Reputation, and Veracity
72(1)
9.3 Measuring Veracity
72(9)
9.4 Creating a Model and Counter Claims
81(1)
9.5 Veracity and Counter Claims Summary
82(3)
Chapter 10 Delegation of Access and Privilege
85(10)
10.1 Access and Privilege
85(1)
10.2 Delegation Principles
85(6)
10.3 ELS Delegation
91(3)
10.4 Delegation Summary
94(1)
Chapter 11 Escalation of Privilege
95(12)
11.1 Context for Escalation
95(1)
11.2 Access and Privilege Escalation
96(2)
11.3 Planning for Escalation
98(2)
11.4 Invoking Escalation
100(2)
11.5 Escalation Implementation within ELS
102(3)
11.6 Accountability
105(1)
11.7 Escalation Summary
106(1)
Chapter 12 Federation
107(14)
12.1 Federation Technical Considerations
107(8)
12.2 Federation Trust Considerations
115(3)
12.3 Federation Conclusions
118(3)
ELS Extensions - Content Management
Chapter 13 Content Object Uniqueness for Forensics
121(8)
13.1 Exfiltration in Complex Systems
121(1)
13.2 Product Identifiers
121(1)
13.3 Hidden Messages
122(1)
13.4 Content Management
122(6)
13.5 Content Object Summary
128(1)
Chapter 14 Homomorphic Encryption
129(28)
14.1 Full Homomorphic Encryption (FHE)
129(6)
14.2 Partial Homomorphic Encryption (PHE)
135(8)
14.3 PHE Performance Evaluation
143(11)
14.4 Homomorphic Encryption Conclusions
154(3)
ELS Extensions - Data Aggregation
Chapter 15 Access and Privilege in Big Data Analysis
157(8)
15.1 Big Data Access
157(1)
15.2 Big Data Related Work
158(1)
15.3 Big Data with ELS
159(5)
15.4 Big Data Summary
164(1)
Chapter 16 Data Mediation
165(12)
16.1 Maintaining Security with Data Mediation
165(1)
16.2 The Mediation Issue
165(2)
16.3 Approaches
167(5)
16.4 Choosing a Solution
172(1)
16.5 Mediation Summary
173(4)
ELS Extensions - Mobile Devices
Chapter 17 Mobile Ad Hoc
177(14)
17.1 Mobile Ad Hoc Implementations
177(4)
17.2 Network Service Descriptions
181(6)
17.3 Other Considerations
187(1)
17.4 Mobile Ad Hoc Summary
188(3)
Chapter 18 Endpoint Device Management
191(18)
18.1 Endpoint Device Choices
191(7)
18.2 Endpoint Device Management
198(11)
ELS Extensions - Other Techniques
Chapter 19 Endpoint Agent Architecture
209(10)
19.1 Agent Architecture
209(1)
19.2 Related Work
209(1)
19.3 ELS Agent Methods
210(1)
19.4 Endpoint Agent Results
211(7)
19.5 Endpoint Agent Conclusions
218(1)
19.6 Endpoint Agent Extensions
218(1)
Chapter 20 Ports and Protocols
219(14)
20.1 Introduction
219(2)
20.2 Communication Models
221(1)
20.3 Ports in Transport Protocols
222(1)
20.4 Threats Considered
223(1)
20.5 Assigning Ports and Protocols
224(1)
20.6 Server Configurations
225(1)
20.7 Firewalls and Port Blocking
225(1)
20.8 Application Firewalls
226(1)
20.9 Network Firewalls in ELS
227(1)
20.10 Endpoint Protection in ELS
227(4)
20.11 Handling and Inspection of Traffic
231(1)
20.12 Additional Security Hardening
231(2)
Chapter 21 Asynchronous Messaging
233(12)
21.1 Why Asynchronous Messaging?
233(1)
21.2 Prior Work
234(2)
21.3 Asynchronous Messaging Security
236(2)
21.4 PSS Rock and Jewel
238(5)
21.5 Summary
243(2)
Chapter 22 Virtual Application Data Center
245(14)
22.1 Introduction
245(1)
22.2 Enterprise Level Security and VADC Concepts
246(2)
22.3 VADC Implementation
248(3)
22.4 Resource Utilization
251(4)
22.5 Distributed Benefits and Challenges
255(2)
22.6 Virtual Application Data Center Conclusions
257(2)
Chapter 23 Managing System Changes
259(10)
23.1 System Change
259(1)
23.2 Current Approaches
259(2)
23.3 The Vision
261(3)
23.4 Realizing the Vision
264(4)
23.5 Moving into the Future
268(1)
23.6 Managing Information Technology Changes
268(1)
Chapter 24 Concluding Remarks
269(6)
24.1 Staying Secure in an Uncertain World
269(1)
24.2 The Model is Important
269(1)
24.3 Zero Trust Architecture
270(1)
24.4 Computing Efficiencies
270(2)
24.5 Current Full ELS System
272(1)
24.6 Future Directions
272(3)
References 275(22)
Acronyms 297(4)
Index 301
Dr. Kevin E. Foltz, Institute for Defense Analyses, has over a decade of experience working to improve security in information systems. He has presented and published research on different aspects of enterprise security, security modeling, and high assurance systems. He also has degrees in Mathematics, Computer Science, Electrical Engineering, and Strategic Security Studies.

Dr. William R. Simpson, Institute for Defense Analyses, has over two decades of experience working to improve systems security. He has degrees in Aeronautical Engineering and Business Administration, as well as undergoing military and government training. He spent many years as an expert in aeronautics before delving into the field of electronic and system testing, and he has spent the last 20 years on IT-related themes (mostly security, including processes, damage assessments of cyber intrusions, IT security standards, IT security evaluation, and IT architecture).