LEADER 03754aam  2200673I  450 
001 9910711179703321
005 20240812215358.0
024 8 $aGOVPUB-C13-40b5ba9295767c3df3e42ddd75dd7f9f
035   $a(CKB)5470000002480211
035   $a(OCoLC)927737424
035   $a(EXLCZ)995470000002480211
100   $a20151105d2005      ua         0
101 0 $aeng
181   $2rdacontent
182   $2rdamedia
183   $2rdacarrier
200 10$aGuidance for securing Microsoft Windows XP for IT Professionals $ea NIST security configuration checklist : recommendations of the National Institute of Standards and Technology /$fMurugia Souppaya, Karen Kent, Paul M. Johnson
210  1$aGaithersburg, MD :$cU.S. Dept. of Commerce, National Institute of Standards and Technology,$d2005.
215   $a1 online resource
225 1 $aNIST special publication ;$v800-68
300   $a2005.
300   $aContributed record: Metadata reviewed, not verified. Some fields updated by batch processes.
300   $aSuperseded by NIST Special Publication 800-68r1.
300   $aTitle from PDF title page.
320   $aIncludes bibliographical references.
330 3 $aNIST Special Publication 800-68 has been created to assist IT professionals, in particularly Windows XP system administrators and information security personnel, in effectively securing Windows XP systems. It discusses Windows XP and various application security settings in technical detail. The guide provides insight into the threats and security controls that are relevant for various operational environments, such as for a large enterprise or a home office. It describes the need to document, implement, and test security controls, as well as to monitor and maintain systems on an ongoing basis. It presents an overview of the security components offered by Windows XP and provides guidance on installing, backing up, and patching Windows XP systems. It discusses security policy configuration, provides an overview of the settings in the accompanying NIST security templates, and discusses how to apply additional security settings that are not included in the NIST security templates. It demonstrates securing popular office productivity applications, Web browsers, e-mail clients, personal firewalls, antivirus software, and spyware detection and removal utilities on Windows XP systems to provide protection against viruses, worms, Trojan horses, and other types of malicious code. This list is not intended to be a complete list of applications to install on Windows XP system, nor does it imply NIST's endorsement of particular commercial off-the-shelf (COTS) products.
517   $aGuidance for securing Microsoft Windows XP for IT Professionals
610   $aAnti-virus
610   $aAuthentication
610   $aComputer security
610   $aCOTS
610   $aEmail
610   $aEncryption
610   $aFirewall
610   $aHardening
610   $aIPsec
610   $aLockdown
610   $aMalware
610   $aMicrosoft
610   $aOperating system
610   $aSecurity checklist
610   $aSecurity configuration
610   $aSecurity controls
610   $aSecurity policy
610   $aSecurity templates
610   $aSpyware
610   $aThreats
610   $aW
700   $aSouppaya$b Murugiah$01352527
701   $aJohnson$b Paul M$0144987
701   $aScarfone$b Karen$01764277
712 02$aNational Institute of Standards and Technology (U.S.).$bComputer Security Division.
801  0$bNBS
801  1$bNBS
801  2$bGPO
906   $aBOOK
912   $a9910711179703321
996   $aGuidance for securing Microsoft Windows XP for IT Professionals$94206088
997   $aUNINA

LEADER 11160nam  22006135  450 
001 9910725087503321
005 20250318150736.0
010   $a9783031311086$b(electronic bk.)
010   $z9783031311079
024 7 $a10.1007/978-3-031-31108-6
035   $a(MiAaPQ)EBC7248905
035   $a(Au-PeEL)EBL7248905
035   $a(OCoLC)1379235569
035   $a(DE-He213)978-3-031-31108-6
035   $a(BIP)089945061
035   $a(PPN)270612076
035   $a(CKB)26637484500041
035   $a(EXLCZ)9926637484500041
100   $a20230513d2023      u|         0
101 0 $aeng
135   $aurcnu||||||||
181   $ctxt$2rdacontent
182   $cc$2rdamedia
183   $acr$2rdacarrier
200 10$aRisks and Security of Internet and Systems $e17th International Conference, CRiSIS 2022, Sousse, Tunisia, December 7-9, 2022, Revised Selected Papers /$fedited by Slim Kallel, Mohamed Jmaiel, Mohammad Zulkernine, Ahmed Hadj Kacem, Frédéric Cuppens, Nora Cuppens
205   $a1st ed. 2023.
210  1$aCham :$cSpringer Nature Switzerland :$cImprint: Springer,$d2023.
215   $a1 online resource (268 pages)
225 1 $aLecture Notes in Computer Science,$x1611-3349 ;$v13857
311 08$aPrint version: Kallel, Slim Risks and Security of Internet and Systems Cham : Springer,c2023 9783031311079 
327   $aIntro -- Preface -- Organization -- Contents -- Context Correlation for Automated Dynamic Android App Analysis to Improve Impact Rating of Privacy and Security Flaws -- 1 Introduction -- 2 Related Work -- 2.1 Contribution -- 3 Dynamic Analysis Environment -- 4 Context Correlation and Issue Generation -- 4.1 Privacy Sensitive Data Sources -- 4.2 Data Sinks -- 4.3 Graph Generation -- 4.4 Example Graph -- 4.5 Graph Analysis: Issue Creation -- 4.6 Issue Correlation Pass -- 5 Evaluation -- 5.1 Overview and Statistics -- 5.2 Deep Manual Issue Inspection -- 5.3 Damn Vulnerable App -- 6 Conclusion and Future Work -- References -- Errors in the CICIDS2017 Dataset and the Significant Differences in Detection Performances It Makes -- 1 Introduction -- 2 Related Works -- 2.1 Datasets -- 2.2 Machine Learning Use on CICDS2017 -- 2.3 Previous Criticism on CICIDS2017 -- 3 Errors in the CICIDS2017 Dataset and the CICFlowMeter Tool, and Their Fixes -- 3.1 CICFlowMeter Issue with Misordered Packets -- 3.2 Incoherent Timestamps -- 3.3 Dealing with Data Duplication -- 3.4 Attack Omission: Labelling Issues and Correction -- 4 Assessment of the Consequences on Intrusion Detection Models Performances -- 4.1 Experimental Evaluation Protocol -- 4.2 Experiments Results -- 5 Conclusion -- References -- A Comparative Study of Attribute Selection Algorithms on Intrusion Detection System in UAVs: A Case Study of UKM-IDS20 Dataset -- 1 Introduction -- 2 Literature Review -- 3 Dataset and Methods -- 3.1 Dataset -- 3.2 Attribute Selection Algorithms -- 3.3 Creating MLP Model -- 4 Modeling -- 5 Performance Evaluation -- 5.1 Scenario 1: 15 Feature -- 5.2 Scenario 2: 20 Feature -- 6 Conclusion -- References -- PRIAH: Private Alerts in Healthcare -- 1 Introduction -- 2 Background -- 2.1 Smart Hospital Ecosystem -- 2.2 Privacy-preserving Strategies.
327   $a2.3 Alert Detection and Edge Computing Paradigm -- 2.4 Big Data and Streaming Processing -- 3 Related Work -- 3.1 Alert Identification and Dissemination -- 3.2 Privacy Preservation -- 3.3 Real-Time Processing of Alerts -- 4 PRIAH Approach -- 4.1 PRIAH Components at the Edge -- 4.2 PRIAH Components at the Server Side -- 4.3 System Administrator -- 4.4 End-Users -- 5 Implementation and Results -- 5.1 Implementation -- 5.2 Evaluation -- 6 Conclusion -- References -- Tool Paper - SEMA: Symbolic Execution Toolchain for Malware Analysis -- 1 Context -- 2 The SEMA Toolset in a Nutshell -- 3 The Architecture of SEMA -- 4 SEMA in Action -- 5 Conclusion -- References -- Blockchain Survey for Security and Privacy in the e-Health Ecosystem -- 1 Introduction -- 2 Research Strategy -- 3 State of the Art -- 4 Background -- 4.1 Blockchain Technology Overview -- 4.2 e-Health Applications -- 5 Security and Privacy Requirements for e-Health Applications -- 6 Blockchain Platforms and Their Security Solutions -- 6.1 Hyperledger Fabric -- 6.2 Hyperledger Besu -- 6.3 Quorum -- 6.4 Corda R3 -- 6.5 Cosmos -- 7 A Security Framework for Blockchain-Based e-Health Applications -- 7.1 When Blockchain Can be Used in e-Health Applications ? -- 7.2 Which Blockchain Solution to Use? -- 8 Conclusions and Future Work -- References -- Towards a Dynamic Testing Approach for Checking the Correctness of Ethereum Smart Contracts -- 1 Introduction -- 2 Background Materials -- 2.1 Blockchain -- 2.2 Smart Contracts -- 2.3 Common Vulnerabilities -- 2.4 Blockchain Testing Techniques -- 3 Related Work -- 4 Proposed Approach -- 4.1 Modelling the Smart Contract and Its Blockchain Environment -- 4.2 Test Case Generation -- 4.3 Test Case Execution -- 4.4 Test Result Analysis and Test Report Generation -- 5 Illustration -- 5.1 Case Study Description -- 5.2 Modelling the E-voting System.
327   $a5.3 Test Case Generation -- 5.4 Test Tool Implementation -- 6 Conclusion -- References -- Blockchain Olive Oil Supply Chain -- 1 Introduction -- 2 Related Work -- 3 Proposed Approach -- 4 Obtained Results -- 4.1 Implemented Blockchain on Raspberry Pi -- 4.2 Web Application -- 5 Conclusion -- References -- Impact of EIP-1559 on Transactions in the Ethereum Blockchain and Its Rollups -- 1 Introduction -- 2 Background -- 2.1 Layers 1 and 2 in Ethereum -- 2.2 Eip-1559 -- 3 Testing Approach -- 3.1 Smart Contract -- 3.2 Interaction with the Smart Contract -- 4 Experimentation -- 4.1 Testing Results -- 4.2 Discussion -- 5 Conclusion -- References -- Towards a Secure Cross-Blockchain Smart Contract Architecture -- 1 Introduction -- 2 Background and Related Work -- 3 Bifröst Extension Proposal -- 3.1 Smart Contracts Invocation -- 3.2 Fault Tolerance -- 3.3 Security -- 4 Discussion and Challenges -- 5 Conclusion and Future Work -- References -- Security Analysis: From Model to System Analysis -- 1 Introduction -- 2 Background -- 2.1 Previous MBSE Approach -- 2.2 Property Specification Patterns -- 2.3 OBP Model Checker -- 3 Motivating Example -- 3.1 System Presentation -- 3.2 General Approach -- 4 Detailed Approach -- 4.1 Environment Modeling -- 4.2 System State and Behavior -- 4.3 The OBP Model Checker -- 5 Security Property Modelling -- 5.1 Raising Abstraction Level of Formal Security Properties -- 5.2 From Attacker Interests to Formal Security Properties -- 6 Property Verification Results Analysis -- 6.1 Model Checking Embedded System Code -- 6.2 Security Property Verification -- 7 Related Works -- 8 Conclusion -- References -- Modeling Train Systems: From High-Level Architecture Graphical Models to Formal Specifications -- 1 Introduction -- 2 Background -- 2.1 Model-Driven Engineering -- 2.2 SysML -- 2.3 Event-B -- 2.4 ATO over ERTMS Case Study Excerpt.
327   $a3 Related Work -- 4 The Proposed Approach -- 4.1 High-level Architecture Graphical Modeling -- 4.2 Model Transformation and Event-B Generation -- 4.3 Formal Verification -- 5 Conclusion -- References -- How IT Infrastructures Break: Better Modeling for Better Risk Management -- 1 Introduction -- 2 Related Work -- 2.1 Risk Analysis -- 2.2 Infrastructure Modeling -- 3 Guided Risk Management for IT Infrastructures -- 3.1 Side-Effect Analysis -- 3.2 Part Analysis -- 3.3 Assembly Analysis -- 4 Case Study: A Cloud Infrastructure -- 4.1 Requirements -- 4.2 Infrastructure Model -- 4.3 Constraints -- 4.4 Risk -- 4.5 Lessons Learned -- 5 Conclusion and Future Work -- References -- IoT Security Within Small and Medium-Sized Manufacturing Companies -- 1 Introduction -- 2 Research Methodology -- 3 Data and Findings -- 3.1 Screening -- 3.2 Experience -- 3.3 Awareness -- 3.4 Activities -- 3.5 Knowledge -- 4 Conclusion and Further Research -- References -- An Incentive Mechanism for Managing Obligation Delegation -- 1 Introduction -- 2 Background -- 2.1 The Beta Distribution -- 2.2 Defining Obligations -- 3 An Incentive Scheme for One Hop Delegation -- 3.1 Obligation Trust -- 3.2 Delegating Obligations -- 4 Incentivising Schemes -- 4.1 Updating Obligation Trust -- 4.2 Earning Reward Credits -- 4.3 Eligibility of Delegatees -- 5 Cascaded Delegation of Obligations -- 6 Evaluation -- 6.1 Experimental Setup -- 6.2 Results -- 7 Related Work -- 8 Concluding Remarks -- References -- Virtual Private Network Blockchain-based Dynamic Access Control Solution for Inter-organisational Large Scale IoT Networks -- 1 Introduction -- 2 Background -- 2.1 Blockchain -- 2.2 Virtual Private Networks (VPN) -- 3 Related Work -- 3.1 Basic Access Control Model in IoTs -- 3.2 Inter-organisational Access Control Solution Overview -- 4 VPNBDAC for Large Scale IoT Network -- 4.1 Actors.
327   $a4.2 Smart Contract and Transactions -- 5 Implementation of the Prototype -- 6 Performance Evaluation -- 7 Conclusions -- References -- Pseudonym Swapping with Secure Accumulators and Double Diffie-Hellman Rounds in Cooperative Intelligent Transport Systems -- 1 Introduction -- 1.1 Pseudonyms in Cooperative Intelligent Transport Systems -- 1.2 Problem Statement -- 1.3 Contribution -- 2 Related Work -- 3 Preliminaries -- 4 System Model and Architecture -- 4.1 C-ITS Trust Model and Architecture -- 4.2 Threat Model -- 4.3 Pseudonym Swapping System Model -- 5 Pseudonym Swapping with Accumulator-Based Storage -- 5.1 Proposed Alignment to ETSI Standard -- 5.2 Proposed Security Architecture -- 5.3 Protocol Definition and Algorithms -- 6 Security Analysis -- 7 Proof of Concept Implementation -- 8 Conclusion -- References -- Benchmark Performance of the Multivariate Polynomial Public Key Encapsulation Mechanism -- 1 Introduction -- 2 Related Work -- 3 Summary of MPPK KEM -- 3.1 Key Generation -- 3.2 Encryption -- 3.3 Decryption -- 4 Benchmarking MPPK -- 4.1 NIST Level I -- 4.2 NIST Level III -- 4.3 NIST Level V -- 5 Conclusion -- References -- Author Index.
330   $aThis book constitutes the proceedings of the 17th International Conference on Risks and Security of Internet and Systems, CRiSIS 2022, which took place in Sousse, Tunesia, during December 7-9, 2022. The 14full papers and 4 short papers included in this volume were carefully reviewed and selected from 39 submissions. The papers detail security issues in internet-related applications, networks and systems.
410  0$aLecture Notes in Computer Science,$x1611-3349 ;$v13857
606   $aData protection
606   $aData and Information Security
615  0$aData protection.
615 14$aData and Information Security.
676   $a005.8
700   $aKallel$b Slim$01358330
701   $aJmaiel$b Mohamed$01351246
701   $aZulkernine$b Mohammad$01358331
701   $aHadj Kacem$b Ahmed$01358332
701   $aCuppens$b édéric$01333105
701   $aCuppens$b Nora$01358333
801  0$bMiAaPQ
801  1$bMiAaPQ
801  2$bMiAaPQ
912   $a9910725087503321
996   $aRisks and Security of Internet and Systems$93367517
997   $aUNINA