Netværkssikkerhed

Die Kryptographie, wie sie in diesem Jahrhundert betrieben wird, ist stark mathematisch geprägt. Aber sie hat auch ihre Wurzeln in dem, was rechnerisch machbar ist.In diesem einzigartigen Lehrbuch werden die Theoreme der Mathematik gegen die Machbarkeit von Berechnungen abgewogen. Kryptografie ist etwas, das man tatsächlich "macht", kein mathematisches Spiel, über das man Theoreme beweist. Es gibt tiefgründige Mathematik; es gibt einige Theoreme, die bewiesen werden müssen; und es besteht die Notwendigkeit, die brillante Arbeit derjenigen anzuerkennen, die sich auf die Theorie konzentrieren. Auf der Ebene eines Grundstudiums sollte der Schwerpunkt jedoch zunächst darauf liegen, die Algorithmen zu kennen und zu verstehen und zu wissen, wie sie zu implementieren sind, und sich auch bewusst zu machen, dass die Algorithmen sorgfältig implementiert werden müssen, um die "einfachen" Wege zum Brechen der Kryptografie zu vermeiden. Dieser Text deckt die algorithmischen Grundlagen ab und wird durch Kernmathematik und Arithmetik ergänzt.

This book constitutes the proceedings of the 19th IMA International Conference, IMACC 2023, held in London, UK, during December 12¿14, 2023The 14 full papers included in this volume were carefully reviewed and selected from 36 submissions. This volume presents cutting-edge results in a variety of areas, including coding theory, symmetric cryptography, zeroknowledge protocols, digital signature schemes and extensions, post-quantum cryptography and cryptography in practice.

This book overviews the drivers behind the smart city vision, describes its dimensions and introduces the reference architecture. It further enumerates and classifies threats targeting the smart city concept, links corresponding attacks, and traces the impact of these threats on operations, society and the environment. This book also introduces analytics-driven situational awareness, provides an overview of the respective solutions and highlights the prevalent limitations of these methods. The research agenda derived from the study emphasizes the demand and challenges for developing holistic approaches to transition these methods to practice equipping the user with extensive knowledge regarding the detected attack instead of a sole indicator of ongoing malicious events. It introduces a cyber-situational awareness framework that can be integrated into smart city operations to provide timely evidence-based insights regarding cyber incidents and respective system responses to assist decision-making. This book targets researchers working in cybersecurity as well as advanced-level computer science students focused on this field. Cybersecurity operators will also find this book useful as a reference guide.

This book provides the foundational aspects of malware attack vectors and appropriate defense mechanisms against malware. The book equips readers with the necessary knowledge and techniques to successfully lower the risk against emergent malware attacks. Topics cover protections against malware using machine learning algorithms, Blockchain and AI technologies, smart AI-based applications, automated detection-based AI tools, forensics tools, and much more. The authors discuss theoretical, technical, and practical issues related to cyber malware attacks and defense, making it ideal reading material for students, researchers, and developers.

This book constitutes the proceedings of the 28th Nordic Conference, NordSec 2023, held in Oslo, Norway, during November 16¿17, 2023.The 18 full papers included in this volume were carefully reviewed and selected from 55 submissions. This volume focuses on a broad range of topics within IT security and privacy.

This book constitutes the proceedings of the 8th International Conference on Future Data and Security Engineering, FDSE 2021, held in Ho Chi Minh City, Vietnam, in November 2021.*The 28 full papers and 8 short were carefully reviewed and selected from 168 submissions. The selected papers are organized into the following topical headings: big data analytics and distributed systems; security and privacy engineering; industry 4.0 and smart city: data analytics and security; blockchain and access control; data analytics and healthcare systems; and short papers: security and data engineering.* The conference was held virtually due to the COVID-19 pandemic.

Enhance your skill set to pentest against real-world Microsoft infrastructure with hands-on exercises and by following attack/detect guidelines with OpSec considerationsKey FeaturesFind out how to attack real-life Microsoft infrastructureDiscover how to detect adversary activities and remediate your environmentApply the knowledge you've gained by working on hands-on exercisesPurchase of the print or Kindle book includes a free PDF eBookBook DescriptionThis book teaches you the tactics and techniques used to attack a Windows-based environment, along with showing you how to detect malicious activities and remediate misconfigurations and vulnerabilities.You'll begin by deploying your lab, where every technique can be replicated. The chapters help you master every step of the attack kill chain and put new knowledge into practice. You'll discover how to evade defense of common built-in security mechanisms, such as AMSI, AppLocker, and Sysmon; perform reconnaissance and discovery activities in the domain environment by using common protocols and tools; and harvest domain-wide credentials. You'll also learn how to move laterally by blending into the environment's traffic to stay under radar, escalate privileges inside the domain and across the forest, and achieve persistence at the domain level and on the domain controller. Every chapter discusses OpSec considerations for each technique, and you'll apply this kill chain to perform the security assessment of other Microsoft products and services, such as Exchange, SQL Server, and SCCM.By the end of this book, you'll be able to perform a full-fledged security assessment of the Microsoft environment, detect malicious activity in your network, and guide IT engineers on remediation steps to improve the security posture of the company.What you will learnUnderstand and adopt the Microsoft infrastructure kill chain methodologyAttack Windows services, such as Active Directory, Exchange, WSUS, SCCM, AD CS, and SQL ServerDisappear from the defender's eyesight by tampering with defensive capabilitiesUpskill yourself in offensive OpSec to stay under the radarFind out how to detect adversary activities in your Windows environmentGet to grips with the steps needed to remediate misconfigurationsPrepare yourself for real-life scenarios by getting hands-on experience with exercisesWho this book is forThis book is for pentesters and red teamers, security and IT engineers, as well as blue teamers and incident responders interested in Windows infrastructure security. The book is packed with practical examples, tooling, and attack-defense guidelines to help you assess and improve the security of your real-life environments. To get the most out of this book, you should have basic knowledge of Windows services and Active Directory.Table of ContentsGetting the Lab Ready and Attacking Exchange ServerDefense EvasionDomain Reconnaissance and Discovery Credential Access in DomainLateral Movement in Domain and Across ForestsDomain Privilege EscalationPersistence on Domain LevelAbusing Active Directory Certificate ServicesCompromising Microsoft SQL ServerTaking over WSUS and SCCM

This book constitutes the proceedings of the 12th International Congress on Telematics and Computing, WITCOM 2023, held in Puerto Vallarta, Mexico, in November 2023. The 35 full papers presented in this volume were carefully reviewed and selected from 88 submissions. The papers are focused on the topics of artificial intelligence techniques, data science, blockchain, environment monitoring, cybersecurity, education, and software for communications protocols.

This book constitutes the proceedings of the 19th International Workshop on Security and Trust Management, STM 2023, co-located with the 28th European Symposium on Research in Computer Security, ESORICS 2023, held in The Hague, The Netherlands, during September 28th, 2023 The 5 full papers together with 4 short papers included in this volume were carefully reviewed and selected from 15 submissions. The workshop presents papers with topics such as security and privacy, trust models, security services, authentication, identity management, systems security, distributed systems security, privacy-preserving protocols.

This book constitutes the refereed proceedings of the 11th International Conference on Code-Based Cryptography, CBCrypto 2023, held in Lyon, France, during April 22¿23, 2023. The 8 full papers included in this book were carefully reviewed and selected from 28 submissions. The conference offers a wide range of many important aspects of code-based cryptography such as cryptanalysis of existing schemes, the proposal of new cryptographic systems and protocols as well as improved decoding algorithms.

Get a hands-on training and experience in tools, techniques, and best practices for effective ethical hacking to combat cyber threats at any scaleKey FeaturesUse the ethical hacking methodology and thought process to perform a successful ethical hackExplore the various stages of an ethical hack and the tools related to each phasePurchase of the print or Kindle book includes a free PDF eBookBook DescriptionThe Ethical Hacking Workshop will teach you how to perform ethical hacking and provide you with hands-on experience using relevant tools.By exploring the thought process involved in ethical hacking and the various techniques you can use to obtain results, you'll gain a deep understanding of how to leverage these skills effectively.Throughout this book, you'll learn how to conduct a successful ethical hack, how to use the tools correctly, and how to interpret the results to enhance your environment's security. Hands-on exercises at the end of each chapter will ensure that you solidify what you've learnt and get experience with the tools.By the end of the book, you'll be well-versed in ethical hacking and equipped with the skills and knowledge necessary to safeguard your enterprise against cyber-attacks.What you will learnUnderstand the key differences between encryption algorithms, hashing algorithms, and cryptography standardsCapture and analyze network trafficGet to grips with the best practices for performing in-cloud reconGet start with performing scanning techniques and network mappingLeverage various top tools to perform privilege escalation, lateral movement, and implant backdoorsFind out how to clear tracks and evade detectionWho this book is forThis book is for cybersecurity professionals who already work as part of a security team, blue team, purple team or as a security analyst and want to become familiar with the same skills and tools that potential attackers may use to breach your system and identify security vulnerabilities. A solid understanding of cloud computing and networking is a prerequisite.Table of ContentsNetworking PrimerCapturing and Analyzing Network TrafficA Cryptography PrimerReconnaissanceScanningGaining AccessPost-Exploitation

This book constitutes the refereed post-conference proceedings of the 28th International Workshop on Security Protocols, held in Cambridge, UK, during March 27¿28, 2023.Thirteen papers out of 23 submissions were selected for publication in this book, presented together with the respective transcripts of discussions. The theme of this year's workshop was ¿Humans in security protocols ¿ are we learning from mistakes?¿The topics covered are securing the human endpoint and proving humans correct.

Before an enterprise answers "How can we achieve a Zero Trust architecture?" they should be asking "Why are we looking at Zero Trust as an access model? Does it align with our vision?" In an innovative format, Cisco security architecture expert Avinash Naduvath guides you through the philosophical questions and practical answers for an enterprise looking to start the Zero Trust journey.   A conversational model will take you from the initial stages of identifying goals and pitching solutions, through practical tasks that highlight tangible outcomes-including common primary use cases-in order to bring focus to the correct implementation and maintenance of a Zero Trust architecture.   For a future where success is measured as much by the security of a system as by the functionality, In Zero Trust We Trust is designed to help everyone at every stage and level of leadership understand not only the conceptual underpinnings, but the real-world context of when, how, and why to deploy Zero Trust security controls. This book provides the starting point for helping you change the mindset of others, and getting them to understand why Zero Trust isn't simply a conversation to be had, but a movement to embrace.   Origins of the Zero Trust philosophy in security architecture explained, and why it took so long to catch onDetailed examination of how to ask the right questions so as to implement the right security answers for clientsUnderstanding the metrics by which to measure Zero Trust success, and what maintaining that success looks likeIdentifying the stakeholders and empowering a Zero Trust team within an enterpriseExamples of how to catalyze opinion and tailor tactics to motivate investment in secure Zero Trust architectureImplement, monitor, feedback, repeat: Presenting and building a roadmap for a sustainable security architectureLooking ahead to a Zero Trust Lifecycle Framework and a blueprint for the future

Trust the best-selling Cert Guide series from Pearson IT Certification to help you learn, prepare, and practice for the CC Certified in Cybersecurity exam. Well regarded for its level of detail, study plans, assessment features, and challenging review questions and exercises, CC Certified in Cybersecurity Cert Guide helps you master the concepts and techniques that ensure your exam success. Expert authors Amena Jamali and Mari Galloway share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. This complete study package includes A test-preparation routine proven to help you pass the examDo I Know This Already? quizzes, which let you decide how much time you need to spend on each sectionExam Topic lists that make referencing easyChapter-ending exercises, which help you drill on key concepts you must know thoroughlyThe powerful Pearson Test Prep Practice Test software, complete with hundreds of well-reviewed, exam-realistic questions, customization options, and detailed performance reportsA final preparation chapter, which guides you through tools and resources to help you craft your review and test-taking strategiesStudy plan suggestions and templates to help you organize and optimize your study time This study guide helps you master all the topics on the CC Certified in Cybersecurity exam, including Security PrinciplesBusiness Continuity (BC), Disaster Recovery (DR), and Incident Response ConceptsAccess Control ConceptsNetwork SecuritySecurity Operations Companion Website: The companion website contains more than 200 unique practice exam questions, practice exercises, and a study planner Also available from Pearson IT Certification is the CC Certified in Cybersecurity Premium Edition ebook and Practice Tests. This digital-only certification preparation product combines an eBook with an enhanced Pearson Test Prep Practice Test. This integrated learning package Enables you to focus on individual topic areas or take complete, timed examsIncludes direct links from each question to detailed tutorials to help you understand the concepts behind the questionsProvides unique sets of exam-realistic practice questionsTracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Digital forensics deals with the acquisition, preservation, examination, analysis and presentation of electronic evidence. Computer networks, cloud computing, smartphones, embedded devices and the Internet of Things have expanded the role of digital forensics beyond traditional computer crime investigations. Practically every crime now involves some aspect of digital evidence; digital forensics provides the techniques and tools to articulate this evidence in legal proceedings. Digital forensics also has myriad intelligence applications; furthermore, it has a vital role in cyber security ¿ investigations of security breaches yield valuable information that can be used to design more secure and resilient systems. This book, Advances in Digital Forensics XIX, is the nineteenth volume in the annual series produced by the IFIP Working Group 11.9 on Digital Forensics, an international community of scientists, engineers and practitioners dedicated to advancing the state of the art of research and practice in digital forensics. The book presents original research results and innovative applications in digital forensics. Also, it highlights some of the major technical and legal issues related to digital evidence and electronic crime investigations. This volume contains fourteen revised and edited chapters based on papers presented at the Nineteenth IFIP WG 11.9 International Conference on Digital Forensics held at SRI International in Arlington, Virginia, USA on January 30-31, 2023. A total of 24 full-length papers were submitted for presentation at the conference.

This book presents a collection of high-quality research works and professional perspectives arising from the call for papers of the Privacy Symposium 2022; an international conference aimed towards the promotion of international dialogue, cooperation and knowledge sharing on data protection regulations, compliance and emerging technologies.Gathering legal and technology expertise, this publication provides cutting-edge perspectives on the convergence of international data protection regulations, as well as data protection compliance of emerging technologies, such as: Artificial Intelligence, e-health, blockchain, edge computing, Internet of things, V2X and Smart Grids.It includes selected papers from the Privacy Symposium conference 2022 (PSC 2022) call for papers, encompassing relevant topics, including:        international law and comparative law in data protection        cross-border data transfers        emerging technologies and data protection compliance        data protection by design        technologic solutions for data protection compliance        data protection good practices across industries and verticals        cybersecurity and data protection        assessment and certification of data protection compliance, and        data subject rights implementationThis publication includes papers authored by academics and professionals involved on various areas of data protection, technical, legal and compliance services.Chapter 10 is available open access under a Creative Commons Attribution 4.0 International License via link.springer.com

This volume LNCS 14217 constitutes the refereed proceedings of the 17th International Conference on Provable and Practical Security, ProvSec 2023, held in Wuhan, China, during October 2023. The 20 full papers presented together with 3 short papers were carefully reviewed and selected from 71 submissions. The conference focuses on Fundamentals & Cryptographic Primitives; Cryptanalysis; Signature; Encryption; Privacy Preservation; and Blockchain Security.

This book focuses on multi-party computation (MPC) protocols in the passive corruption model (also known as the semi-honest or honest-but-curious model). The authors present seminal possibility and feasibility results in this model and includes formal security proofs. Even though the passive corruption model may seem very weak, achieving security against such a benign form of adversary turns out to be non-trivial and demands sophisticated and highly advanced techniques. MPC is a fundamental concept, both in cryptography as well as distributed computing. On a very high level, an MPC protocol allows a set of mutually-distrusting parties with their private inputs to jointly and securely perform any computation on their inputs. Examples of such computation include, but not limited to, privacy-preserving data mining; secure e-auction; private set-intersection; and privacy-preserving machine learning. MPC protocols emulate the role of an imaginary, centralized trusted third party (TTP) that collects the inputs of the parties, performs the desired computation, and publishes the result. Due to its powerful abstraction, the MPC problem has been widely studied over the last four decades.

This book constitutes the refereed proceedings of the 22nd International Conference on Cryptology and Network Security, CANS 2023, which was held in October/November 2023 in Augusta, GA, USA.The 25 papers presented were thoroughly revised and selected from the 54 submissions. They are organized in the following topical sections: Schemes I; Basic Primitives; Security; MPC with Cards; Blockchain; MPC and Secret Sharing; Schemes II.

Turn the avalanche of raw data from Azure Data Explorer, Azure Monitor, Microsoft Sentinel, and other Microsoft data platforms into actionable intelligence with KQL (Kusto Query Language). Experts in information security and analysis guide you through what it takes to automate your approach to risk assessment and remediation, speeding up detection time while reducing manual work using KQL. This accessible and practical guidedesigned for a broad range of people with varying experience in KQLwill quickly make KQL second nature for information security. Solve real problems with Kusto Query Language and build your competitive advantage: Learn the fundamentals of KQLwhat it is and where it is used Examine the anatomy of a KQL query Understand why data summation and aggregation is important See examples of data summation, including count, countif, and dcount Learn the benefits of moving from raw data ingestion to a more automated approach for security operations Unlock how to write efficient and effective queries Work with advanced KQL operators, advanced data strings, and multivalued strings Explore KQL for day-to-day admin tasks, performance, and troubleshooting Use KQL across Azure, including app services and function apps Delve into defending and threat hunting using KQL Recognize indicators of compromise and anomaly detection Learn to access and contribute to hunting queries via GitHub and workbooks via Microsoft Entra ID

This book constitutes the proceedings of the 6th International Conference on Blockchain, ICBC 2023, held as part of the Services Conference Federation, SCF 2023, held in Honolulu, HI, USA, during September 23¿26, 2023. The 9 full papers presented in this book were carefully reviewed and selected from 18 submissions. The conference focuses on new blockchain architecture, platform constructions, blockchain development, and blockchain services technologies as well as standards and blockchain services innovation lifecycle, including enterprise modeling, business consulting, solution creation, services orchestration, services optimization, services management, services marketing, and business process integration and management.

"Even before Russia's February 2022 full-scale invasion of Ukraine, Russia had many ongoing and potential disputes with other countries, motivated by a variety of territorial, political, and economic issues. Furthermore, as Moscow has sought to expand its international role, it has increased Russian involvement in civil conflicts, using both overt and covert means. Russian activity in Syria and Libya has raised the prospect that the United States might find itself militarily entangled with Russia in various global hotspots. Therefore, the authors of this report sought to identify possible Russian flashpoints with countries in and near the U.S. Army Europe area of responsibility that could entangle the United States and present distinct military challenges to the U.S. Army. Using quantitative and qualitative methods to analyze historical data on Russian disputes and conflicts, the authors identified the key drivers of such flashpoints. They then leveraged these findings to derive planning implications for the United States and the U.S. Army in particular. The authors also examined two additional potential drivers of conflict not captured in historical data--Russia's use of private military contractors and its operations in the information environment--to see whether either might lead to a flashpoint in the future."--

Perfectly-secure cryptography is a branch of information-theoretic cryptography. A perfectly-secure cryptosystem guarantees that the malicious third party cannot guess anything regarding the plain text or the key, even in the case of full access to the cipher text. Despite this advantage, there are only a few real-world implementations of perfect secrecy due to some well-known limitations. Any simple, straightforward modeling can pave the way for further advancements in the implementation, especially in environments with time and resource constraints such as IoT. This book takes one step towards this goal via presenting a hybrid combinatorial-Boolean model for perfectly-secure cryptography in IoT. In this book, we first present an introduction to information-theoretic cryptography as well as perfect secrecy and its real-world implementations. Then we take a systematic approach to highlight information-theoretic cryptography as a convergence point for existing trends in research on cryptography in IoT. Then we investigate combinatorial and Boolean cryptography and show how they are seen almost everywhere in the ecosystem and the life cycle of information-theoretic IoT cryptography. We finally model perfect secrecy in IoT using Boolean functions, and map the Boolean functions to simple, well-studied combinatorial designs like Latin squares.This book is organized in two parts. The first part studie s information-theoretic cryptography and the promise it holds for cryptography in IoT. The second part separately discusses combinatorial and Boolean cryptography, and then presents the hybrid combinatorial-Boolean model for perfect secrecy in IoT.

This book analyses the implications of the technical, legal, ethical and privacy challenges as well as challenges for human rights and civil liberties regarding Artificial Intelligence (AI) and National Security. It also offers solutions that can be adopted to mitigate or eradicate these challenges wherever possible.As a general-purpose, dual-use technology, AI can be deployed for both good and evil. The use of AI is increasingly becoming of paramount importance to the government's mission to keep their nations safe. However, the design, development and use of AI for national security poses a wide range of legal, ethical, moral and privacy challenges. This book explores national security uses for Artificial Intelligence (AI) in Western Democracies and its malicious use. This book also investigates the legal, political, ethical, moral, privacy and human rights implications of the national security uses of AI in the aforementioned democracies. It illustrates how AI for national security purposes could threaten most individual fundamental rights, and how the use of AI in digital policing could undermine user human rights and privacy. In relation to its examination of the adversarial uses of AI, this book discusses how certain countries utilise AI to launch disinformation attacks by automating the creation of false or misleading information to subvert public discourse. With regards to the potential of AI for national security purposes, this book investigates how AI could be utilized in content moderation to counter violent extremism on social media platforms. It also discusses the current practices in using AI in managing Big Data Analytics demands. This book provides a reference point for researchers and advanced-level students studying or working in the fields of Cyber Security, Artificial Intelligence, Social Sciences, Network Security as well as Law and Criminology. Professionals working within these related fields and law enforcement employees will also find this book valuable as a reference.