Proofread a paper: October 2019

Thursday, October 31, 2019

Willa Cather Essay Example | Topics and Well Written Essays - 1500 words

Willa Cather - Essay Example While editing the mÃ °gÃ °zine, she wrote short stories to fill its pÃ °ges. These stories, published in Ã ° collection cÃ °lled the Troll GÃ °rden in 1905, brought her to the Ã °ttention of S.S. McClure. In 1906 she moved to New York to join McClure's MÃ °gÃ °zine, initiÃ °lly Ã °s Ã ° member of the stÃ °ff Ã °nd ultimÃ °tely Ã °s its mÃ °nÃ °ging editor. During this time she met SÃ °rÃ ° Orne Jewett, Ã ° womÃ °n from MÃ °ine who inspired her to lÃ °ter write Ã °bout NebrÃ °skÃ °. In 1912, Ã °fter five yeÃ °rs with McClure's, she left the mÃ °gÃ °zine to hÃ °ve time for her own writing. Ã fter the publicÃ °tion of Ã lexÃ °nder's Bridge, Ã °lso in 1912, CÃ °ther visited the Southwest.In 1913 O Pioneers wÃ °s published Ã °nd in 1917 she wrote My Ã ntoniÃ ° while living in New HÃ °mpshire. By 1923 she hÃ °d won the Pulitzer Prize for her One of Ours, Ã °nd in this yeÃ °r her modernist book Ã lost lÃ °dy wÃ °s published. Ã t the ti me her novels focused on the destruction of provinciÃ °l life Ã °nd the deÃ °th of the pioneering trÃ °dition.LÃ °ter CÃ °ther hÃ °d the period of despÃ °ir which wÃ °s followed by her productive success during these yeÃ °rs. Ã fter she recovered, she mÃ °nÃ °ged to write some of her greÃ °test novels, such Ã °s The ProfessorÃ¢â‚¬â„¢s Hourse (1925), My MortÃ °l Enemy (1926), Ã °nd DeÃ °th Comes for the Ã rchbishop. She mÃ °intÃ °ined Ã °n Ã °ctive writing cÃ °reer, publishing novels Ã °nd short stories for mÃ °ny yeÃ °rs until her deÃ °th on Ã pril 24, 1947. Ã t the time of her deÃ °th, she ordered her letters burned. WillÃ ° CÃ °ther wÃ °s buried in New HÃ °mpshire (Marilyn, 1996).Like many artists, Willa Cather knew personal conflict.... By 1923 she hd won the Pulitzer Prize for her One of Ours, nd in this yer her modernist book lost ldy ws published. t the time her novels focused on the destruction of provincil life nd the deth of the pioneering trdition. Lter Cther hd the period of despir which ws followed by her productive success during these yers. fter she recovered, she mnged to write some of her gretest novels, such s The Professor's Hourse (1925), My Mortl Enemy (1926), nd Deth Comes for the rchbishop (1927). She mintined n ctive writing creer, publishing novels nd short stories for mny yers until her deth on pril 24, 1947. t the time of her deth, she ordered her letters burned. Will Cther ws buried in New Hmpshire (Marilyn, 1996). Like many artists, Willa Cather knew personal conflict. She was a free thinker reared amidst Calvinist dogma; a materialist acutely aware of the limited worth of "things"; an optimist who wanted to retain faith; a skeptic prone to depression and despair. In her fiction, successful marriages, happy families, and satisfying personal relationships are as scarce as summer rain in the New Mexican desert. Suicide marks her pages like the Platte River cuts Nebraska. Of all her conflicts, however, none is more acute or controversial than her sexuality. There are those who maintain that Cather was not homoerotic. For instance, in an interview published in the Omha World-Herald ( 1984), Susan J. Rosowski and Mildred Bennett advocate Cather's heterosexuality and maintain that her interest in other women was nothing more than school-girl crushes ( Cather Scholar 4). Sharon O'Brien , first in several essays and then in Willa Cather: The Emerging Voice, and others elsewhere have argued rather conv incingly that

Tuesday, October 29, 2019

Strategy of Sweetco Inc Case Study Example | Topics and Well Written Essays - 1250 words - 1

Strategy of Sweetco Inc - Case Study Example Apart from this, another fact was also revealed that Sweetco received money from its holding company for its operational functions on the basis of loans. This is the reason why the CFO has asked for an extension in the credit terms to 60 days. The objective is now to analyze the financial credibility of Sweetco at present and make a future projection so that we can decide whether to maintain the business relationship or not. The best option in such a case is to ascertain credit scores of the company Sweetco Inc. Assigning credit scores means defining certain factors for making decisions and allotting weight age on each factor. For example, 30 percent weight age for the payment history of the customer, 30 percent weight age to the amount of money outstanding, 15 percent weight on the length of the credit history, 10 percent weight on the newly generated credits, and 10 percent on the different types of loans being offered to the customer, i.e. Sweetco Inc. For this purpose the marketi ng contacts would be utilized; the investigation of credit shall be done through reliable sources; the customer of Sweetco Inc. can be contacted for information on the companyÃ¢â‚¬â„¢s status; the documents and financial statements can be filled based on the information acquired from different sources; the credit file for Sweetco. Inc. should be prepared; and finally a wholesome financial analysis is untaken. Hardline Position: The hardline position involves an extreme decision. In this case the decision would be that the company should not continue the business with Sweetco Inc and increasing the credit terms does not comes into play in this case. If the credit scores and the financial analysis show that Sweetco Inc. neither has the ability to pay back the money nor would be able to attain sustainability without the help of its holding company or any other financial support.

Sunday, October 27, 2019

Social Work Theories Analysis

Social Work Theories Analysis Introduction Social work brings about social change. It addresses complex relationships between humans and the environment. Social work involves analyzing human problems and addresses issues to resolve injustice, discrimination, and dysfunction. Thus, according to International Federation of Social Workers (2000 qt. Ramsay 2003), the social work profession can be defined as a profession that Ã¢â‚¬Å"promotes social change, problem solving in human relationships, and the empowerment and liberation of people to enhance well-being. Using theories of human behavior and social systems, social work intervenes at the points where people interact with their environments. Principles of human rights and social justice are fundamental to social work.Ã¢â‚¬ Social work profession is based on the fundamental interrelation of a system of values, theory and practice. Although over the years, the definition of social work has undergone tremendous transformation. Nevertheless, the essence of its humanitarian and democratic ideals of social work through the centuries has remained the same. Today, social work has a global context and professionals follow national and international code of ethics that make the scope of their work more complex and challenging. Moreover, social work professionals also draw their experiences from accepted methods developed through systematic evidence-based knowledge from extensive research designed for both specific and general practices (Ramsay 2003). Theoretical frameworks form the basis of their evaluation of human behaviors, development and social systems and enable them to resolve the problems inherent therein. Social Work Theories Social work theories have their roots from the need to develop a disciplined approach to social work. By adopting common principles, social professionals were able to focus on the social goals. Charles Loch developed this conceptual framework during the early 20th century. Later social work scholars took up his seminal work. During the 21st century, renowned Harriet Bartlett (Bartlett 1970) had taken up and continued to develop professional frameworks for social work to Ã¢â‚¬Å"articulate words, terms, concepts to represent the important facets and components of the professions practices as a whole.Ã¢â‚¬ As more and more formalized ideas, theories and disciplines formed, social work has come to be acknowledged as an independent discipline with subset knowledge and systems for dealing with problems of the society. Bartlett (1970) also further reiterated the three key concepts person, interaction and environment as the basis for social work practices. Any theory developed with the v iew to examine, evaluate and resolve social issues must be based on these three key concepts. Given the above background on the development of social work theories, the researcher now shall discuss theories of particular interests, which are the theories of problem solving and psychoanalytic. In the following discussion, the researcher shall trace the theories in its historical context, values, concepts and fitness with the strengths approach. The strengths approach basically involves challenging the traditional problems-oriented way of working through training, expectations and work experience of professionals. The problems are then resolved through developing a collaborative framework based on examination of the professionals strengths and resources for positive growth and development (Morgan 2006; Wormer and Boes 1998). Problem-Solving Theory Social Work Treatment According to Duncker (1945): Ã¢â‚¬Å"A problem arises when a living creature has a goal but does not know how this goal is to be reached. Whenever one cannot go from the given situation to the desired situation simply by action, then there is recourse to thinking Such thinking has the task of devising some action which may mediate between the existing and the desired situations.Ã¢â‚¬ According to this definition, a problem arises when it is not clear to the individual what action(s) are to be taken to achieve some desired goals. The action to rectify this problem is known as problem-solving. Problem solving starts from a given situation where the problem or state of the situation requires additional knowledge to work towards its solution (Anderson 1980). Problem-solving theory has its developmental origin to Herbert Simon, Alan Newell and colleagues at Carnegie Mellon University during the 1980s (Patel 1991; Newell and Simon 1972). The general theoretical approach is that problem-solving theory is based on a given problem-solving situation. The second premise is that knowledge is a set of rules that specify actions to be performed in specific situations. The third premise is the distinction between weak and strong methods for resolving problems. Thus, an expert is expected to utilize the set of rules to find the solution for the given problem situation by using forward reasoning or observations. Alternatively, problem solving can involve using exhaustive knowledge base for deductive reasoning and assessing the validity of the hypothesis or goals against the facts given. This is a backward reasoning approach (Patel 1991). Newell-Simon theory of problem solving describes processes for developing expert systems in cognitive psychology, which forms the basis for other experiments in specific fields. Social work field In social work field, problem solving has its origin in the concept of social change developed by Helen Harris Perlman of the University Chicago (1957). In her work Ã¢â‚¬ËœSocial Casework: A problem-solving process, the author views casework and problem solving synonymous which are based on constant elements, forces and processes. The constants form the reasoning framework for analyzing problems just as humans solve their daily problems. Learning is developed when individuals are involved in organizing, synthesizing and imagining the solutions of the problems (Perlman 1957). Perlmans theoretical framework is limited to the casework components such as the individual, problem, place, process, expert relationship and the resolution to the problem. The emphasis is more on the components rather than on the problem solutions itself and the scope of the solution is limited by the casework situation. Alternatively, Compton and Galaway (1979) also developed a problem-solving model for social work practice, which emphasizes on intervention and beyond processes. According to their theoretical framework, problem solving is connected with human relationships in a dynamic manner, which may involve partners, family members, friends or co-workers or group relationships such as race, ethnicity, gender or religion. Social works can resolve problems depending on the micro, mezzo or macro level practice they are involved in. Compton and Galaways (1979) problem-solving theory is based on two phases first the definition of the problem must be established for identification of intervention methods. The second phase involves intervention methods based on the problem context defined by human, societal and physical environment. Thus, Compton and Galaways (1979) problem-solving theory is based on human relationships with the environment and other individuals. The focus is on intervention rather th an on the problem itself. These investigations and conceptualization leads to the unified theory of problem-solving, which holds that experts process new information and integrate it into their existing knowledge base which helps them to recall and deal with situations rapidly through forward reasoning within limited time span and scope. There is little account for differences in complexities in domains and situations. For this reason, the problem-solving theory is only valid for responding to domains that are apparent through explicit patterns of results. From the social work practice, context problem-solving theory presents social worker as the expert and the source for intervention, and the individual with the problem as the client of the environment. The worker encounters problem situations within the work environment. To resolve, he/she refers to activities that co-workers or peers have undertaken on behalf of clients. Working with the client, the social worker analyzes, and identifies problem commonality to resolve it through group relations. Hence, problem solving in the social work practice means participation and direct involvement of the client with the worker (Sheppard 1991). Intervention method Another underlying element of the problem-solving theory is the intervention method. Unlike early perception of social workers, the value of work is not gauged by the duration of its intervention. Instead, it is gauged by the significance of the knowledge base used to analyze the problems to develop solutions. Therefore, intervention is further defined by the relationships of interaction among individuals involved in the problem. The social worker is the support element who is responsible for mediating between the environment and the person (Sheppard 1991). As an intervention method, problem-solving method is dynamic in the sense that it mediates problems by resolving on a case-by-case basis. Each individual problem in this theory is unique and is defined by the individual, relationship and context of the environment which makes it versatile in addressing numerous problem solutions. Furthermore, the option of forward and backward reasoning helps social workers to analyze and determine problem solutions from different perspectives depending on the nature of the problem. In the social work context, this is a valuable tool as it allows individuals to work on a case from the grassroots level, without having to eliminate vital facts and situations to achieve desired social goals. Furthermore, the researcher is of the view that problem-solving theory, though limited by the expertise and knowledge base developed by peers and colleagues, is flexible in allowing new avenues to be included in the problem-solving process. As workers work their way through resolving the problem, they discover new facts, and perhaps new solutions, which might be different from the initial premise that they have set for its solution. From a strengths perspective this implies that problem-solving methods add new resources; they enrich the experiences of the social workers by allowing them to explore new perspectives; and add value in developing new approaches for solving similar albeit unique problems. Psychoanalytic Theory The study of the unconscious was relatively schematic and meager before the advent of Sigmund Freud. For this reason, it could be said that Freud was the pioneer in psychoanalytic theory. Freud held that the human mind takes into account of transactions within the limits of the body. Unlike traditional belief that the human mind is shaped by culture, Freud believed that the depth and endurance of human personality is dependent on the social context in which an individual is born. A psychosomatic process is the traditional method by which physicians analyze symptoms of mental disorders within the pathological discourse. However, Freud holds that psychosomatic processes are limited, as he believes that individuals are influenced by elements that are outside the body that is the environment. To exemplify that, he writes of the influences of human association and its impact on the unconsciousness. It is only through observational procedures that the expert would extricate subtle and mul tiple ties of the personality with the other individuals and environmental elements. Observations of body language, as well as human acts in relation to sequences of interaction form the study of individuals within the context of the society (Ruitenbeek 1962). Freuds conceptual framework was based on the observation of the human consciousness and unconsciousness, and its relation with the basic nature of man. It lacked the social work context. His theory implies that man is exceedingly indulgent or deprived by his/her surroundings which give rise to a certain psychiatric state of mind. The Theory of Psychoanalytic Technique Menninger (1958), in his work Ã¢â‚¬ËœThe Theory of Psychoanalytic Technique counteracts the practice of external influence by suggesting that individual behavior is a reflection of behaviors that occur during and after the events they are involved in. Menninger and Holzman (1973) differed from Freuds theory for psychoanalysis in the sense that they were of the view many individuals may demonstrate similar behavior without having any psychiatric problems. Therefore, psychoanalysis is not essentially about the physiological influence but rather associated with stimulus from interactions. The authors emphasize on new methods for observing and interpreting behavior in the context of culture and personality through structured research instruments. They believe that the psychoanalytic approach has particular associations with socialization sequences that lead to individual relationships with the environment, culture and personality. This implies that psychoanalysis approaches emphasize on the role of the professional engaged in the observation of individual behaviors and interpretation of the same. The skills used to deduce valuable information about the personality is derived from daily life processes. Likewise, an intervention is inherent in the behaviors and actions of the individual under study. Alternatively, works by Roy Schafer (1976) and Irwin Hoffman (1983) have entirely altered the conceptual framework of psychoanalysis theory and practice. They emphasize on the reality of social construct and its impact on both the individual and the professional. They present the view that solutions for problems in psychoanalytic are dependent on the cultural life at large. It is based on objective knowledge derived from social agreements and human actions are the narrative of the acts. Therefore, psychoanalysis is the study of the language of the human acts and interpretation of the same to represent possible accounts of the past or present life of the individual. Transactions between the analyst and the patient are constructed by subject experience, human agency, and fragments of individuation/separation etc. Thus, For Schafer, (1) psychoanalysis is concerned in a primary fashion with language and its equivalents; (2) subjective experience, objective reality, and selves are all con structions brought to life in language; (3) these present-day tellings could be told in other terms and do not represent real world events; (4) unitary selves are displaced by the notion that we tell useful stories about multiple selves in order to conduct our affairs; and (5) cure accompanies changes in discourse. qt. Leary 1994). Similarly, Hoffman believes that human beings, whether professional or individuals, requiring intervention live worlds within worlds to make social interaction highly ambiguous. Observation of individual behaviors cannot construct individual social environment alone. Individual experiences must be taken into account to understand the influences of elements surrounding them. Intervention follows the paradigm of change and analysis of the participants because he believes individuals are incapable of understanding their own dilemma. These later conceptual frameworks of the psychoanalytic theory not only pose challenges for social work practices but also offer new dimensions for analyzing complex individual social problems. The role of the social worker in the psychoanalytic context is separate from the individual and the environment, as he/she has to observe objectively to interpret individual behaviors in the psychiatric context as well as in the context of the environment in which the individual inhabit. Thus, the professional is segregated and does not really participate in the problems faced by the individuals. This tends to dissociate the analyst from the individual, which at times hinders problem resolution. However, objective observations in psychoanalysis enable the social work professional to emphasize on interventions methods. Since interventions are not set in paradigms or experiments or processes from knowledge base, the social worker has more leeway in developing creative interventions that meet des ired social goals at the individual and from the broader societal contexts. At the same time, there are certain limitations to the theory of psychoanalytic. There is too much emphasis of the individual and less focus of intervention for the broad social context. As individuals live in the society interact, transact and have relationships with other entities within the environment it is natural to assume that any problems or issues that they face should be resolved in the context of the community they live in. It is not natural to assume that the problem is inherent within the environment and the intervention method should be for the individual only. From this perspective, the psychoanalytic theory is limited. Therefore, the psychoanalytic approach does not really fit the strengths approach, which basically emphasizes on resource development. Although psychoanalysis emphasizes on problem resolutions, this is limited to the issues faced by individuals not from a communal or global context. There is little scope for adding value to interventions in the social work practice as it represents the realities of the individuals. Therefore, world events, social change and communal issues become secondary to the analyst who adopts this approach. Compare and Contrast At the beginning of the discussion, the researcher emphasizes on the importance of the key components in social work i.e. person, interaction and the environment. These key components, as one observes over the course of the evaluation of the theories of problem-solving and psychoanalytic, play integral roles in synergizing the conceptual framework for social work and professional practices. In this context, if any one component were missing from the theoretical framework, it would destabilize its validity and usefulness to the profession. Theoretical fit with the social work professional focus From the discussion, the researcher observes that the problem-solving theory, as compared to the psychoanalytic theory, has more dimensions to the mission of social work. The nature of forward and backward reasoning enables social work professionals to trace the problem from multiple layers of contexts such as culture, race, gender, ethnicity and religion, to extricate the inherent issues prevalent within the individual, a community or a society. In doing so, it encompasses broader social perspectives and addresses problems such as poverty, cultural diversity, discrimination, gender bias or social injustice. Thus, the problem-solving theory serves the purpose of problem identification and eventually leads to its intervention as well, even though the problem-solving theorists have not emphasized as such. Interventions, according to the theory, stem from set rules and the knowledge base that professionals can acquire through experience and expertise. On the other hand, the psychoanalytic approach adopts similar processes for problem identification within the individual and in the social context but does not really view the problem as a social problem. The components of person, interaction and environment are not synergistic but rather segregated from each other. This makes finding interventions difficult as the social work professional would have to differentiate the person, relationship and the environment, before individual resolutions can be devised. This is because the psychoanalytic approach mandates objective observations and following set processes, which does not allow social workers to view the problem from different dimensions which are inherent in the social work mission. Therefore, psychoanalytic theory mostly identifies problems within the society from micro perspectives, thereby, limiting the scope of intervention. Unlike the problem-solving theory, the psychoanalytic theory integrates social problems like poverty, cultural diversity, discrimination, gender biases and social injustice into the social environment and explains its influence on the individual. Sometimes, these factors may or may not be the culprit for individual problems but, in fact, the problem stems from within the unconscious. Thus, the abstract nature of the psychoanalytic theory makes it difficult to devise interventions realistically that are practical in the social work field. Progress on the part of the client and ethical concerns As a social work professional, one is responsible for the progress of the client. The problems or issues my client faces may be from the micro, mezzo and macro environment and therefore require different approaches towards interventions. Therefore, I would reserve the psychoanalytic approach for micro interventions so that I would be able to analyze the psychological as well as physiological dilemmas, and ultimately devise interventions that address the root problem. On the other hand, if the nature of the problem that my client is experiencing stems from the outset and requires a broad perspective in evaluation, then I would adopt the problem-solving approach to address the problem, first from the macro level then narrow it down to the micro level and resolve it accordingly. The approaches differ because, as a social work practitioner, I need to have flexible tools to evaluate the progress of my client. This can only be possible if I use a combination of theories and approaches to o ffer me flexibility as well as dynamism in my work. The only ethical concern I have regarding the application of these theories would perhaps be the scope and limitations each poses for social work practice. The problem-solving theory, as discussed earlier, emphasizes too much on the processes, which at times may result in compromised interventions. On the other hand, the psychoanalytic approach is too narrow and limited in its scope in addressing individual perspectives and tends to neglect the broader scenario. In resolving individual problems, perhaps I would neglect to incorporate the bigger picture and, thereby, inadvertently harm the society instead of benefiting it as a whole through my social work practice. Conclusion Despite the above reservations, the researcher is of the view that each of the theories has its own merit and application in intended practice. It is difficult to choose one over the other, as social work professionals realize no social issues or problem congruent with the other. Each problem is unique and requires unique resolutions. Since human beings are dynamic, their problems are dynamic too, requiring diversity in resolutions and intervention methods. Yet, from a broader perspective, the researcher would prefer the problem-solving approach over the psychoanalytic as it would more commonly be used in every day practice for the interventions of common problems. Such problems require a knowledge base to be developed from set rules and experiments, and require less time for interventions. On the other hand, for complex problems the researcher would prefer to use the psychoanalytic approach for individual objective observation and interventions. References Definition of Social Work Profession International Federation of Social Workers general meeting in MontrÃƒ ©al, Canada, July 2000, and endorsed by the International Association of Schools of Social Work in 2001 in Ramsay, R. F. (2003). Transforming the Working Definition of Social Work Into the 21st Century. Research on Social Work Practice, Vol. 13 No. 3, pp. 324-338 Bartlett, H. M. (1970). The Common Base of Social Work. New York: National Association of Social Workers. Compton B. Galaway, B. (1979). Social Casework A Problem-Solving Process. revised edn. Homewood, IL: The Dorsey Press. Fine, R. (1979). The History of Psychoanalysis. Columbia University Press. Leary, K. (1994). Psychoanalytic Problems And Postmodern Solutions. Psychoanalytic Quarterly. Volume: 63. Issue: 3. pp. 447. Menninger, K and Holzman, P. S. (1973). Theory of Psychoanalytic Technique. Basic Books. Menninger, K.S. (1958). The Theory of Psychoanalytic Technique. New York: Basic Books. Morgan, S. (Accessed 15-10-2006). A Strengths Approach Practicebasedevidence.com, Online accessed from: http://www.practicebasedevidence.com/strengths.htm Newell, A., Simon, H. A. (1972). Human Problem Solving. Englewood Cliffs, NJ:PrenticeHall. Patel, V. (1991). A view from medicine. In Toward a Unified Theory of Problem Solving: Views from the Content Domains. by Mike U. Smith (ed). Lawrence Erlbaum Associates: Hillsdale, NJ. pp. 35. Perlman, H. (1957). Social Work Process Social Casework: A Problem-Solving Process. The University of Chicago Press. Ruitenbeek, H. M. (1962). Psychoanalysis and Social Science. Dutton, New York. pp. 16. Sheafor, B. W., Horejsi, C.R. Horejsi, G.A. (2005). Techniques Guidelines for Social Work Practice. Allyn Bacon. Sheppard, M. (1991). Mental Health Work in the Community: Theory and Practice in Social Work and Community Psychiatric Nursing. Falmer Press pp. 32. Wormer, K. and Boes, M. (1998). Social Work, Corrections, and the Strengths Approach. Paper presented at the Canadian Association of Social Workers National Social Work Conference, June 20 24, 1998 Edmonton, Alberta, Canada

Friday, October 25, 2019

Humanism :: essays research papers fc

1 Humanism The Renaissance, which began in Italy in 1300s, was one of the largest periods of growth and development in Western Europe. The increase in trade caused an abundance in wealth that resulted in the focusing of the arts. Such things as literature, paintings, sculptures and many more works are known to have blossomed from the period known as the Renaissance. The Renaissance was started by many rich Italian cities, such as Florence, Ferrara, Milan, and Venice (Bram 274). Because these cities were very wealthy, many merchants started to spend money on different things, such as painting, learning, new banking techniques, and new systems of government. These things gave rise to a new type of scholar, the humanist, and a new philosophy, humanism. To understand the term humanism, one must first know what some assume humanism to be. Many definitions are widely proclaimed by different groups and organizations. The American Humanist Association(AHA) defines humanism as 2 a rational philosophy informed by science, inspired by art, and motivated by compassion. Affirming the dignity of each human being, it supports the maximization of individual liberty and opportunity consonant with social and planetary responsibility. It advocates the extension of participatory democracy and the expansion of the open society, standing for human rights and social justice. Free of supernaturalism, it recognizes human beings as a part of nature and holds that values--be they religious, ethical, social, or political--have their source in human experience and culture. Humanism thus derives the goals of life from human need and interest rather than from theological or ideological abstractions, and asserts that humanity must take responsibility for its own destiny. (Schafersman) Humanism is also defined as "a democratic and ethical" point of view on life that reiterates the fact that human beings have the right to and responsibility of giving meaning to and shaping one's own life, according to the International Humanist and Ethical Union (Schafersman). The Union also believes their philosophical view on humanism "stands for the building of a 3 more humane society through ethics" based upon the reason and the inquisitive capabilities of the human nature. The Bristol Humanist Group's view on their ideology is much simpler. It states, "Humanism is an approach to life based on reason and our common humanity, recognizing that moral values are properly founded on human nature and experience alone" (Schafersman). This new word, humanist, and the principal practice became more prevalent during the late 15th-century in Italy and was used to describe a tutor or teacher of the "humanities".

Thursday, October 24, 2019

Analysis of Graphic Design Essay

Art is a form of expression that dates back to the beginning of time. Since then it has evolved and changed to adapt to modern times. Whether that be through a shift in style, in medium, or technology. Graphic design, contrary to popular belief, actually began in 1922, to define graphic art across time. Since the introduction of the modern computer and graphic design software, it has evolved into an n art style that is present everywhere in the modern world. Graphic design has many different styles just as normal art does, ranging from the minimalism of Apple, to the typographic nature of many modern advertisements. Graphic design isnÃ¢â‚¬â„¢t just a form of art anymore, but it rather is a medium through which much of our life is defined. To understand the concept of graphic design, you must first analyze graphic design in the modern world, the techniques used, and finally the different mediums available to achieve high quality art. In 1976 Ronald Wayne designed the very first Apple Computer Co. logo. This logo depicted Isaac Newtown sitting under a tree to reflect the revolutionary nature of this. However, WayneÃ¢â‚¬â„¢s design wasnÃ¢â‚¬â„¢t appreciated by many, and thus did not gain much popularity. In less than a year, Steve Jobs commissioned Rob Janoff, one of the most famous graphic designers ever, to design the new Apple logo, a rainbow silhouette of an apple. This reflected the idealistic nature of the computers and also showed the powerful aspect that the computers hold with the ability to process so many different colors. In 1998 however, the Apple logo changed its colorful nature to a monochromatic look reflecting the modern nature of the world, not to mention the contrast between the color schemes of the gray computers with monochrome logos. (Davis Ã¢â‚¬Å"Evolution and History of the Apple LogoÃ¢â‚¬ ) Graphic design has not just revolutionized logo design, but has also revolutionized other aspects of life, such as infamous cartoons. Before the inception of modern graphic design, cartoon artists have to hand draw their cartoons, and often resulted in many mistakes and rough looking images. With the inception of graphic design, cartoon art has shifted from being simple and childish, to being extravagant and mature. The TV shows Avatar the Last Airbender is one of the key examples of this. The art on this reflects many aspects of our own history. Such as East-Asian, Inuit, Indian and south-American cultures. The show has won many awards, many of them being for the concentration on art and the superior quality of it (DiMartino Ã¢â‚¬Å"Avatar the Last Airbender: The Art of the Animated seriesÃ¢â‚¬ ) Before modern graphic design, artists often worked for wealthy businesses and could not afford to work on their own. Walt Disney founded The Walt Disney Company under this premise, and hired many artists to work for him. Now the Walt Disney Company is one of the biggest and most well-known companies in the world, and the shift from old styles of art to modern graphic design has changed it completely. Now movies and TV shows can be produced in a matter of days with the proper team, rather than in the olden ages where it took many months if not years to produce the art for a movie. This modern graphic design, like any other art styles holds a battery of techniques associated with it, as these techniques provide methods to convey the idea, or message. One of the simplest techniques that can be used is the simple modification of contrast. High contrast lines make it easier for the read to determine the difference between different sections of the page. Joost de Valk, the graphic artist behind yoast. om, uses this technique quite extensively as seen on their homepage (yoast. com). Other sites such as wordpress. com also use this technique, most famously in their Ã¢â‚¬Å"downloadÃ¢â‚¬ button, to make the deep orange button stand out amongst the calm palette of blues and grays. Through the usage of contrast, attention is drawn to contrasting items, and thus the readerÃ¢â‚¬â„¢s focus is diverted to certain topics. Most contrasts however work directly with gradients. The site Media Temple uses an extensive amount of gradients, mainly to illustrate the modern attitude of their site. These gradients are however, subtle. The gradients thus emphasize the importance of certain topics, by placing lighter colors at the bottom and darker at the top, the object is seen to be progressing through time in essence. There however exists a variety of gradients. Gradients can be radial gradients (circular eminations), vertical linear fade, horizontal linear fade, horizontal radial fade, vertical radial fade and just simple linear fade. These different designs all work hand in hand to create direction on the page. By creating direction on the page, certain topics can be emphasized and others can be dismissed. The key flaw that many new designers face in regards to gradients is the flow of the gradients. If too many gradients are placed on a page or the gradients contrast, then the gradients will seem amateur and will detract from the quality of the website. Gradients must however be in accordance with color schemes. Certain colors work well together, while others tend to be a nuisance. Take for example the design of the Los Angeles Lakers logo. They utilize the colors of gold and purple, both of which are opposite one another on the color wheel. Thus these colors, through contrast, in fact bring out the overall appearance of the team. Then examine the logo that Lasko fans uses. Their color scheme is a simple brown and yellow, and yet this color scheme makes their logo appear dull and overused. Lasko fans, and LA Lakers both have the same potential for superior logo quality, but because of color selection, the LA Lakers hold more graphic quality in regards to their respective logos than does Lasko fansÃ¢â‚¬ ¦ Cohen Ã¢â‚¬Å"Evolution of NBA Team LogosÃ¢â‚¬ ,). Gradients, contrast and color are the three most basic techniques used in graphic art, and can define a work as either superior, or amateur. All three of these concepts work together to create the concept of Ã¢â‚¬Å"visual identityÃ¢â‚¬ . Visual identity is a term coined by Abduzeedo (world renown Brazilian graphic designer), meaning simply the Ã¢â‚¬Å"definitive element within the design process used across all applications and branding materialsÃ¢â‚¬ . As discussed above this could be as simple as the apple logo, or even as complex as a stamp. Most large organizations have a visual identity, even the US Government does. The visual identity of the US Government for example could be the American flag, or the bald eagle, as this is present throughout their entire brand line. During 2008, President Obama used the concept of the visual identity, but took it one step further and used the Ã¢â‚¬Å"verbal identityÃ¢â‚¬ . He associated the word Ã¢â‚¬Å"changeÃ¢â‚¬ with his campaign so that this would become an integral part of it. By utilizing the word change he essentially created a memorable center point for his campaign messages by which people could remember and associate with him. Abduzeedo Ã¢â‚¬Å"The Makery Ã¢â‚¬â€œ Visual IdentityÃ¢â‚¬ ) A problem that many graphic artists face is a problem that much of the world faces: Ã¢â‚¬Å"why? Ã¢â‚¬ Much of graphic art just like modern problems revolves around the question of Ã¢â‚¬Å"whyÃ¢â‚¬ and the purpose of art rather than the material it holds. Richard Simkens, a world renowned marketer, identified this concept as the golden circle. (R. Simkens 10) in this golden circle, at the outside is the Ã¢â‚¬Å"whatÃ¢â‚¬ . What the company sells or what the art is made up of takes part f this circle. In the middle circle are the Ã¢â‚¬Å"howÃ¢â‚¬ or how the company makes and the process that the designer uses to create the art. At the center and the most important is the Ã¢â‚¬Å"whyÃ¢â‚¬ or what the purpose of it is. Great graphic artists such as surrealist Roy Villalobos attempt to analyze and fix this concept. His art philosophy is that he attempts to express his emotions through the usage of metamorphic human figures. By attempting to mix the human physiology with what he perceives to be the emotions he creates a surrealist work of art that holds purpose. Electronic graphic art is what is currently shaping the world. However, to achieve a great success in electronic graphic art, proper software must be used. This software begins with the most simplest of kind: MS Paint. MS Paint, also known as Microsoft Paint, is software that has been bloatware (preinstalled on the pc) for the past decade, and thus has been used by millions worldwide. MS Paint has very basic functions, such as straight lines and shape creation, but it does not have more complex functions such as layering or gradient swatches. Thus, MS Paint is generally dismissed in the professional graphic art world, but it does still hold some value as it provided the foundation for all other graphic art software to stem from. In 2003, Adobe Systems released the Adobe Ã¢â‚¬Å"Creative SuiteÃ¢â‚¬ , graphic art software released to the general public. Before this the only way you could graphic design on a personal scale would have been through illegally torrenting company software, purchasing the extremely expensive Photoshop 8 (released in 1989) with a private license or purchasing private licenses on extremely expensive software. The main component of Ã¢â‚¬Å"Creative SuiteÃ¢â‚¬ was in fact, Adobe Photoshop CS. Photoshop CS was revolutionary as it provided a cheap, personal level of graphic design in which even the most inexperienced laymen could pick it up and start designing. However, as time went on, Photoshop became more and more complex with the addition of several functions such as Ã¢â‚¬Å"rasterizationÃ¢â‚¬ and Ã¢â‚¬Å"layer maskingÃ¢â‚¬ or Ã¢â‚¬Å"layer mergingÃ¢â‚¬ and thus the accessibility of it degraded as the quality increased. Soon however, it began to replace much professional private graphic software, and now it is the most widely used. Photoshop CS might be compared to the original Photoshop, but it held many differences. Since Photoshop CS could utilize 3d image creation, motion graphics editing and advanced image analysis, it held a much more professional quality of workmanship than the original and thus comparing the original Photoshop to Photoshop CS would be similar in comparing the size of David to Goliath. (Ã¢â‚¬Å"The history of PhotoshopÃ¢â‚¬ ) Photoshop was not the only software that had image modification capabilities. In 1996, the software GIMP (GNU Image Manipulation Program) was released for Microsoft Windows, OS X and Linux. This software was in essence what many would call a Ã¢â‚¬Å"knockoff of PhotoshopÃ¢â‚¬ , but these individuals were wrong. Although it had all of the same functions as Photoshop, GIMP was revolutionary. It was free first off, so individuals did not have to go out to the store and buy a one hundred dollar cd that they then would have to install. This led to a wider demographic using this, including individuals from around the world, thus allowing greater cultural exchange through graphic art. However, the more important aspect of GIMP would be that it was open source. By being open source, it meant that anyone could take the source code or program of GIMP and modify it to fit their own needs, or even the needs of a specific task. So when new images such as GIF and MPEG came out, GIMP was the first one to be modified to suit their needs. Although GIMP can be considered the little brother of Photoshop, the one who always imitates what Photoshop does, GIMP is infect the innovative little brother of Photoshop. Ã¢â‚¬Å"A Brief History of GIMPÃ¢â‚¬ gimp. org). Graphic art is something that a small proportion of individuals understand to a limited extent, and even fewer understand to mastery. Graphic design is shaping the modern world at the same rate that our media progresses. Through the usage of media and graphic design everything is effected, be it the wallpaper in a hospital waiting room wall, or the logo on a billboard in New Jersey. Graphic art hasnÃ¢â‚¬â„¢t revolutionized the world, but rather is constantly in accordance with the progression of the world.

Wednesday, October 23, 2019

Book of Prophet Isaiah Essay

Prophet Isaiah, the son of Amos, was descended from a royal tribe. Isaiah was born during the reign of King Uzziah, Jothan, Ahaz, Hezekiah and Jehovah. During his reign the nation as a whole enjoyed times of prosperity and temporal development. The whole nation mourned his passing from the scene at a time when his presence seemed needed the most. Under him the worship of Jehovah was encouraged but he was not strong enough to secure the destruction of the high places where idolatrous practices were continued. His reign must be ranked as one of the outstanding of the southern kingdom. He walked in the ways of his father, and under him the people continued to worship the Lord Jehovah after the manner of the commandment, though still the places of idolatry were allowed to remain. Ahaz, whose whole reign was one chronicle of disaster and destruction. With an absolute abandon, Ahaz gave himself over to the overthrow of the ordained order of worship, broke the commandment in almost every de tail, destroyed the temple worship and finally closed the doors of the house of God. In the most calculated manner he conspired to obliterate the memory of the service of the Lord of all Israel, the Redeemer and the Holy One. Then he was followed on the throne by his son Hezekiah, who was very unlike his fathers and set about reviving the worship in the temple, which his father had abolished. He attempted, with some success to obliterate idol worship, and to deliver his people from the yoke of foreign power. It was under him that Isaiah came into his own, and was treated with high favour. In this position he was given every opportunity for the use of his keen and divinely inspired power of discernment into the facts of the contemporary situation. The name, Isaiah, means Ã¢â‚¬ËœJehovah saves,Ã¢â‚¬â„¢ or Ã¢â‚¬ËœJehovah is salvationÃ¢â‚¬â„¢, and through days of crisis and disaster greater than any before in the history of the people, his call was constantly to faith in the One Who alone could save the land. His role was ever that of inspiring and challenging the drooping spirits of the men of Judah at times when hope seemed dead. His ministry was a long one stretching as it did through the reigns of Uzziah, Jothan, Ahaz and Hezekiah. His fatherÃ¢â‚¬â„¢s name was Amoz, and there is a Jewish tradition that he was a brother of King Amaziah; in which case Isaiah would be the cousin of King Uzziah. Naturally enough, it is impossible to be really sure of this, but it is certainly a reasonable explanation of the fact that Isaiah enjoyed immediate and regular entrance to the royal house. And also that he had the ear of the most influential people of his day. In spite of this, he remained a simple and undaunted spokesman for Jehovah, and tradition again affirms that it was for this reason that he was put to death in the reign of the wicked Manasseh, HezekiahÃ¢â‚¬â„¢s successor. He was married and he himself called his wife Ã¢â‚¬Ëœthe prophetessÃ¢â‚¬â„¢ (Isaiah 8:3). He had two children, one named Shear-jashubl, which means Ã¢â‚¬Ëœa remnant shall return,Ã¢â‚¬â„¢ and the other Maher-shalalhashbaz, which means Ã¢â‚¬Ëœhaste ye to the spoil.Ã¢â‚¬â„¢ These names were given to them as portents of what was to come and also as a reinforcement of the prophetÃ¢â‚¬â„¢s predictive message. Apart from this, there is little else known of his personal history except what is found in the book itself. The exact length of his ministry is not known for sure, but he definitely laboured for at least forty years. From the last year of King UzziahÃ¢â‚¬â„¢s reign 740 B.C. to the fourteenth year of ther reign of King Hezekiah in 701 B.C. and it is clear that through all this period of time his call and challenge were unremitting and persistent. His aim was ever definite Ã¢â‚¬â€œ the establishment of the worship of the Lord in righteousness and truth amongst the chosen race. His Message IsaiahÃ¢â‚¬â„¢s prophecy, the longest of all the Old Testament prophecies divides first of all quite naturally into two parts, chapters 1-39, and 40-66. Because of this split, critics during the last century have seen fit to decide that two separate authors are responsible for the prophecy and that the second one was written some hundred years after the first one. Unfortunately, there is nothing in the prophecy itself by the way of names and such like to establish the truth or the falsehood of this statement. However the nature of the second part of the book seems to indicate that it was said to a nation at a time when they were in a completely different condition from that of the exile in Babylon, during which time some people maintain that it was written. As well as these two separate parts, the prophecy also divides into nine sections. The Book of Isaiah (Hebrew: Ã— ¡Ã— ¤Ã— ¨ Ã—â„¢Ã— ©Ã— ¢Ã—â„¢Ã—â€) is the first of the Latter Prophets in the Hebrew Bible, preceding Ezekiel, Jeremiah and the Book of the Twelve. (The order of the subsequent books differs somewhat in the Christian Old Testament). The first 39 chapters prophesy doom for a sinful Judah and for all the nations of the world that oppose God, while the last 27 prophesy the restoration of the nation of Israel and a new creation in GodÃ¢â‚¬â„¢s glorious future kingdom;[1] this section includes the Songs of the Suffering Servant, four separate passages referring to the nation of Israel, interpreted by Christians as prefiguring the coming of Jesus Christ.

Tuesday, October 22, 2019

Business Systems Development in Manufacturing essays

Business Systems Development in Manufacturing essays Riordan Manufacturing is an International plastics company with 3 locations in the United States and a joint venture in China. Over the years Riordan has acquired small specialized companies and as such the company needs to establish systems and procedures that can be used in all locations. The company will benefit in many ways by combining and creating business systems that are the same in all locations bringing cohesiveness, organization and improved efficiency that will be the foundation for the future growth of the company. The company requests the analysis of the Human Resource (HR) department systems to begin the process of updating the Whenever there are plans to make changes to systems there are people that need to be included in the analysis and development of those changes and those people are the stakeholders. Riordan is starting with the Human Resource department for the initial upgrades to the system so the stakeholders will be the director of HR Yvonne McMillan, VP of operations Charles Wilson, COO Hugh McCauley, CFO Dale Edgel and the directors of plant operations for each branch, all of the employees and last but not Using a System Development Life Cycle (SDLC) will help to ensure a successful product will be delivered. The first phase will be the requirements planning phase using the stakeholders, various information gathering methods can be used to achieve this initial step. A one on one interview with the stakeholders will help to get each department's needs and expectations documented. Putting similar job level groups together can help bring out more of the requirements using the collaboration of the members of the group helps to spark ideas from each member as items are discussed. Using some of the needs and requirements being gathered during this initial phase can be the basis for a questionnaire that can be used to survey the employees. Survey Monkey (S...

Monday, October 21, 2019

Introducing Shakespeares Dark Lady Sonnets

Introducing Shakespeares Dark Lady Sonnets The Dark Lady Sonnets (sonnets 127 Ã¢â‚¬â€œ 152) follow the fair youth sequence. In sonnet 127, the dark lady enters the narrative and instantly becomes the object of the poetÃ¢â‚¬â„¢s desire. The speaker introduces the woman by explaining that her beauty is unconventional: In the old age black was not counted fair,Or if it were, it bore not beautyÃ¢â‚¬â„¢s name;Ã¢â‚¬ ¦ Therefore my mistressÃ¢â‚¬â„¢ eyes are raven black Ã¢â‚¬ ¦ not born fair, no beauty lack. From the poetÃ¢â‚¬â„¢s perspective, he is treated badly by the dark lady. She is a temptress described in sonnet 114 as Ã¢â‚¬Å"my female evilÃ¢â‚¬ and Ã¢â‚¬Å"my bad angelÃ¢â‚¬ which ultimately causes anguish for the poet. She seems to be linked to the young man in some way and some sonnets suggest that she is having a passionate affair with him. As the poetÃ¢â‚¬â„¢s frustrations build, he begins to use the word Ã¢â‚¬Å"blackÃ¢â‚¬ to describe her evil rather than her beauty. For example, the poet sees the dark lady with another man later on in the sequence and his jealousy boils to the surface. Notice how the word Ã¢â‚¬Å"blackÃ¢â‚¬ is used with negative connotations in sonnet 131: One on anotherÃ¢â‚¬â„¢s neck do witness bearThy black is fairest in my judgementÃ¢â‚¬â„¢s place.In nothing art thou black save in thy deeds,And thence this slander, as I think, proceeds. Top 5 Most Popular Dark Lady Sonnets Sonnet 127: In The Old Age Black Was Not Counted Fair Sonnet 130: My Mistress Eyes Are Nothing Like The Sun Sonnet 131: Thou Art As Tyrannous, So As Thou Art Sonnet 142: Love Is My Sin, And Thy Dear Virtue Hate Sonnet 148: O Me! What Eyes Hath Love Put In My Head A full list of the Dark Lady Sonnets (Sonnets 1 Ã¢â‚¬â€œ 126) is also available.

Sunday, October 20, 2019

John Ray - An Evolution Scientist

John Ray - An Evolution Scientist Early Life and Education: Born November 29, 1627 - Died January 17, 1705 John Ray was born on November 29, 1627 to a blacksmith father and an herbalist mother in the town of Black Notley, Essex, England. Growing up, John was said to have spent a lot of time at his mothers side as she collected plants and used them to heal the sick. Spending so much time in nature at an early age sent John on his path to become known as the Father of English Naturalists. John was a very good student at Braintree school and soon enrolled at Cambridge University at the age of 16 in 1644. Since he was from a poor family and could not afford the tuition for the prestigious college, he worked as a servant to the Trinity College staff to pay off his fees. In five short years, he was employed by the college as a fellow and then became a full-fledged lecturer in 1651. Personal Life: Most of John Rays young life was spent studying nature, lecturing, and working toward becoming a clergyman in the Anglican Church. In 1660, John became an ordained priest in the Church. This led him to reconsider his work at Cambridge University and he ended up leaving the college because of conflicting beliefs between his Church and the University. When he made the decision to leave the University, he was supporting himself and his now widowed mother. John had trouble making ends meet until a former studentÃ‚ of his asked Ray to join him in various research projects that the student funded. John ended up making many trips through Europe gathering specimens to study. He conducted some research on anatomy and physiology of humans, as well as studied plants, animals, and even rocks. This work afforded him the opportunity to join the prestigious Royal Society of London in 1667. John Ray finally married at the age of 44, just before the death of his research partner. However, Ray was able to continue the research he started thanks to a provision in his partners will that would continue to fund the research they had started together. He and his wife had four daughters together. Biography: Even though John Ray was a staunch believer in the hand of God in the changing of a species, his great contributions to the field of Biology were very influential in Charles Darwins initial Theory of Evolution through Natural Selection. John Ray was the first person to publish a widely accepted definition of the word species. His definition made it clear that any seed from the same plant was the same species, even if it had different traits. He was also a fierce opponent of spontaneous generation and often wrote on the subject about how it was an atheists made up nonsense. Some of his most famous books cataloged all of the plants he had been studying over the years. Many believe his works to be the beginnings of the taxonomic system later created by Carolus Linnaeus. John Ray did not believe that his faith and his science contradicted each other in any way. He wrote many works reconciling the two. He supported the idea that God created all living things and then changed them over time. There were no accidental changes in his view and all were guided by God. This is similar to the current idea of Intelligent Design. Ray continued his research until he died on January 17, 1705.

Saturday, October 19, 2019

City of God Essay Example | Topics and Well Written Essays - 1000 words

City of God - Essay Example Considering the type of theme presented in the story, this article will use the movie to analyze various planning issues in the film like urban slum and physical environment, urban crime and youth gang, lack of social and economic mobility and the importance of Education. The movies is a perfect depiction of life in the urban slums since it presents many incidence which are slums-like. The movie presents various lifestyles that relates to the slums style of living, from how people relate to the type of business carried out. First, the movies shows that in the urban slums people usually do not have homesteads where they can enjoy their privacy. This is shown at the beginning of the movie when the gang chases after chicken which obviously was not thereÃ¢â‚¬â„¢s. The gang chasing the chicken, shows that no individual have privacy in the city instead they live in plots. This is a perfect description of the todayÃ¢â‚¬â„¢s urban slum life where individuals usually live in places they rent besides other individuals. Further, the movie also presents the real traits of individuals living in the slums. When the gang meets Rocket, he (Rocket) presents a strong feeling that the gang were likely to kill him. This is a vivid description for the lawlessness existing in the physical environment of the urban slums. ... This depiction of lawlessness also makes the movie to be relevant as it presents a real life in the urban slums with how the people are trying to life. Most of the governments always presents little support to the people living in the urban slums. Consequently, it is possible to conclude that the movie presents sarcasm to the governments who usually live far from the people in the slums. The theme of the movie can also be depicted in the taligne, Ã¢â‚¬Å"if you run, the beast catches; if you stay, the beast eatsÃ¢â‚¬ (Netfix,2002). This taligne is a good interpretation of what is happening in the slums where individuals do not know the fate of what they are doing. In proper English, the taligen means that an individual there are both positive and negative consequences of doing something good or bad. They have to do it whether it is bad or good, since there is no authority to regulate the actions. Urban crimes and youth gang The plot of the movie comes out to be crime oriented, with presentation of the youth gangs, who an individual can depict as the ones controlling the whole city. The youth gang does what they feel like at any time, with the public having no objection but to accommodate them. From the beginning of the movie, the movie depicts a gang chasing after a chicken, which is obviously not theirs. Further, the gang also meets Rocket and the only thing coming in his mind is that they are likely to kill him. This depicts a region where crime is the talk of the day, with no action taken by the authorities. The people in the region live by the Ã¢â‚¬Å"lawÃ¢â‚¬ set by the crime perpetrators. To show that the people live by crime, the movie depicts three thieves whom there is job is to loot the existing business while taking part of their loot to the people. This is

Friday, October 18, 2019

The two phases of enlightment in Malcolm x's life Essay

The two phases of enlightment in Malcolm x's life - Essay Example Malcolm X was arrested for burglary in 1946. He was jailed for seven years. During this time, he educated himself through reading on various issues. From his ignoble days of street crime, his rise to the Ã¢â‚¬Å"stature of one of the most profound catalysts of the civil rights movementÃ¢â‚¬ came about as a result of powerful changes in his thought patterns. He attributed his transformation to two revelations that he had, which enlightened and empowered him. From extensive reading, Malcolm discovered Allah and the religion of Islam. Thus, from staunch atheism, he converted to the Muslim faith. This proved to be his first enlightenment. He achieved a major turnaround from his downward spiral of declining moral character, and rise up progressively. This helped him to develop the progressive side of his heritage, that is Ã¢â‚¬Å" Ã¢â‚¬Å"the potential for racial self-identification and self-productive aggressivityÃ¢â‚¬ (Wolfenstein: 209). In 1952 he took the last name X, in rejection of the white manÃ¢â‚¬â„¢s name (X: 119). Malcolm X was a Muslim, a consistent Black nationalist, and a revolutionist of action (Ryan, 2008). Malcolm X became a minister within the Nation of Islam, and was held in high honour in the Muslim world. The second revelation was brought about by his brother Reginald, who visited him in jail.

Effects of Chinese Auto Market on US Economy Research Paper

Effects of Chinese Auto Market on US Economy - Research Paper Example Ã‚ During the industrialization process of China, the automotive industry has grown rapidly. The growth of the automotive industry of China has become the catalyst for the growth of other sectors as well. The automotive industry of China has directed its attention towards the infrastructure development patterns (Zhang, 2003). The automobile industry of China is the major driver of the economy of the United States. This market has also played a vital role in the growth of other industrial economies. When Henry Ford applied the technique of line production in order to produce cars, the product transformed from a luxury item to an essential component of life. The automotive industry of China has evolved as the major driving the economy of China and its workforce. Some of the arguments about Chinese automotive industry focus on the consumption of automobiles in the market of China and the export approach of the country. According to different indicators, China is open to the foreign in vestment like Korea and Japan. These indicators also suggest that China may take a hybrid approach in order to direct its attention towards domestic consumption. At the same time, China may also build vehicles for export in order to produce world-class cars (Business Line, 2002) The automotive car industry of China is export-focused. The industry is very complex and is undergoing a transformation from low-cost to value-added products.Ã‚ Ã‚ The global economic crises have severely influenced the automotive sector of the United States. However, the auto industry of China is growing constantly. The industry has become a bright focus for foreign car manufacturers. In the year 2008, China produced approximately eight times more vehicles than those produced in the 1990s. The annual production of cars in the automotive industry has allowed China to surpass the United States. The vehicles produced in the automotive industry of China have become very sophisticated with the passage of time. It is because of the partnership of China with major automotive giants including Volkswagen, Toyota, Mazda, GM, Honda, and others. The purpose of this partnership is to boost technological cooperation (ChangÃ¢â‚¬â„¢An Automobile Group, 2002).

The Boreal Forest Case Study Example | Topics and Well Written Essays - 1000 words

The Boreal Forest - Case Study Example This case study analyzes the current status of boreal forest with reference to the biodiversity restoration. A restoration gap analysis of the forest was carried out, based on the ecological characteristics of the historic reference state. This gap analysis put forward a method for viewing the forest degradation and measuring its deviation with reference to its state (Kaufmann, 2003). It was found in the case study that the ecological characteristics in the study areas are relatively higher than rest of the region, mainly due to the recent logging that took place in the region that greatly affected the area of study. However when compared to the reference state of boreal forest, the area has definitely lost some of its important ecological qualities because of early human activities. In order to be successful there is a need of developing strategies in order to restore the degraded region of the forest, and landscape level approaches should also be implemented. The restoration of the ecological qualities will not just be based on the reserves but also on production forests. In such kinds of forest the management strategies are adapted to the normal functioning of ecosystem. Considering the aspects of restoration and its management while planning and formation of reserves will help in ensuring the goals related to the long term species conservation are met (Angels tam, 2000). It was concluded in the case study that restoration ecology is of great importance for the conservation of species on landscape level in existing as well as managed forest reserves. It is necessary that in the commercial forests, management should be adapted for the natural functioning of the ecosystem to every possible extent. Management and restoration strategies must also be incorporated in the formation and planning of reserves for increasing the effectiveness of long term goals associated with species

Thursday, October 17, 2019

Geography Gendered feminism Essay Example | Topics and Well Written Essays - 1000 words

Geography Gendered feminism - Essay Example Such inner yearnings cause even death of them. (Barbara de Angelis, 1994, pp197). Geologically land is termed feminine. Through time and space, femininity is not given its due recognition. Masochism is construed as a quality of femininity where as the same attitude in men are considered as cowardice or slavery. Millions of clerks of both sexes throughout the world are almost having masochistic attitude only. Painting masochism as the quality of women has added burden to them, leading to a sort of 'gender exploitation' of women. These developments do not have any territorial difference on the earth. However shades of differences in this type of gender exploitation prevails in various manifestations in various lands. In countries like India, there are still many regions where common women cannot occupy an equal status in public places. On boarding a public bus a lady cannot occupy her seat next to a man and nor a man is permitted to sit near a woman. This practice is very slowly fading. People of metro cities are a bit bold enough to break this customary. But small towns and villages are still viewing the scene utterly awkward. In many places the booking counters are provided with separate structural arrangements for eves. The pathetic plight of school going girls, especially those in the verge if puberty who suffer a lot for want of toilets in Ethiopia is a challenge for feministic researchers. The economic and social barriers there are very strong enough to yield to such feministic ideologies. FLUIDITY OF GENDER IDENTITY In fixing identities, unlike other entities like race, color, class and religion, gender occupies a fluid condition. This fluidity in the fixing of gender identity is manipulated in several societies. Thus, geographers find it a bit tricky to fix the gender identity. Wife battering prevails in all countries irrespective of their development and civilization. But the batterer always takes advantage only of the gender. It is the feministic approach that posed question whether such superiority over femininity is natural. To derive an answer to this question, one has to analyze the age-old custom of patriarchy in almost all societies of the world. Geographers all over the world find a healthy tone in such analysis, which tries to evaluate and judge the patriarchy from the viewpoint of both the genders. Eradication or trial to eradicate patriarchy is not a solution. Feminism thus paves way to identify and locate the importance and entitlement of femininity. Feminism in many countries takes its own speed depending upon the cultural and socialistic environments of the nations. Developed countries are fast in this approach. The high speed has led to emergence of gay movement and lesbianism as byproducts. The sex-based lesbianism and gay movements give a picture that male domination or male chauvinism can be countered to some extent. Whether this is true or not is yet to be cleared. Even elite group of societies is not clear in the ideologies of lesbianism and gay movement to such an extent that they can pressurize some political group and governments to legally permit such practices. Homosexuals find it nice to enter into 'civil partnership', which has now been legally permitted in England. Great Britain, which criminalized carnal intercourse during 1860 in one of its colonial regiment, as an act against the order of nature, now permits her gays to get

Wednesday, October 16, 2019

Terrorist Group ISIS Research Paper Example | Topics and Well Written Essays - 2500 words

Terrorist Group ISIS - Research Paper Example This paper seeks to explain the origin of ISIS, now known as IS and its rise to prominence. Latwan Carpenter additionally explains the structure of the Islamic State and the sources of its financial strength. The Islamic State of Iraq and Syria (ISIS) also known as ISIL (Islamic State of Iraq and the Levant) or Islamic State is a political and terrorist organization that embraces a radical understanding of Islam. ISIS operates as a military insurgency group that seeks to enforce its ideologies on Muslims and non-Muslims alike in the whole world. ISIS was barred from cooperating with Al-Qaeda terrorist group for being too extreme, and for using extreme measures in enforcing their ideologies (Hashim, 2014). ISIS changed its name to the Islamic State after gaining immense control of large parts of Syria and Iraq. Islamic State claims to be the rightful rulers for the entire Sunni Muslims in the whole world. Through their military and political operations, they have established what they observe in a state that contains huge regions of territory in Iraq and Syria. Islamic State operations are headquartered at Raqqa in Syria. Having changed their name from ISIS to IS (Islamic State), the group supports numerous theological ideologies to maintain its claims. Its supporters contend that they are just committed to what Islam teaches in totality, denouncing the individuals who do not agree with their ways. Their beliefs and ideologies are used to justify the killings of those who oppose their ways, usually by their trademark of slaughtering through cutting of heads. Initially started by Abu Musab Al-Zarqawi, the Islamic State organization was formerly known as AQI (Al-Qaeda in Iraq). The group took part in the US invasion of Iraq against the US forces after the American government toppled the Saddam Hussein administration. In the year 2013, IS became part of the civil war in Syria, however, instead of

Geography Gendered feminism Essay Example | Topics and Well Written Essays - 1000 words

Tuesday, October 15, 2019

The assessment cycle Essay Example for Free

The assessment cycle Essay The assessment cycle is the on-going process of assessment. Each stage involves initial assessment, assessment planning, assessment activity, assessment decision, feedback and progress review. Initial assessment will take place to gather sufficient information about the learnerÃ¢â‚¬â„¢s current level of competence. This will establish a starting point so that the learner can see how much he or she will achieve during the course. It will enable the tutor to effectively plan to meet the individual learnerÃ¢â‚¬â„¢s needs and will help to review the learners progress and achievements as well as determine future learning needs and preferred ways of learning. Assessment planning is making decisions on what outcomes of learning should be, what methods and resources will be used, how the learning and assessment will take place and in the appropriate time scale. You should ensure that the planned evidence collection and assessment opportunities cover the national standard. All training and assessment must be appropriate for the needs of each learner. When the learning programme or assessment process is put into practise, it is considered the assessment activity. The results of learning are assessed, formatively and summatively. Performance evidence is gathered. This could be products of the learners work like documents produced as part of an activity or a test. It could also be practical evidence with the learner demonstrating competence. Assessment decision and feedback should always be given to learners regarding their performance. The feedback should include whether the evidence provided meets the national standard. It is important that the learner agrees with the assessment decision. The assessment should meet the specific outcomes and criteria identified in the assessment planning and should be at the appropriate level for the qualification. All evidence must be judged as valid, authentic, consistent and sufficient. A review of progress will keep learners up to date on how they are doing on the course. It is a constructive process that gives participants the opportunity to identify achievements and discuss problems and potential issues. The review process also provides an opportunity to set realistic milestones for the remainder of candidature, to ensure completion within the permitted timeframe. Initial assessment is assessing the learnerÃ¢â‚¬â„¢s current level of competence. This will establish a baseline so that the learner can see progress. It also offers the tutor the opportunity to plan to the learnerÃ¢â‚¬â„¢s ability, needs and learning style. Assessment planning takes forward the initial assessment and utilises information gathered to design an appropriate course of learning. This will be appropriate for national standards and set to a level that the learner can take advantage of. Assessment activity is when the learning programme is put into practise. Results of the learning are assessed and evidence is gathered. This will be a mixture of documentation and practical evidence demonstrating competency. Assessment decision is the stage to which the feedback and assessment decision is given. There, the learner will be informed whether evidence meets the national standards and carefully explained so that the learner understands the decision. This will follow the process initially planned. Progress reviews take place in several inspection contexts. Essentially they are a point in time when all parties involved in training take a step back and look at the progress being made by a learner towards completing their individual learning plan. They also involve setting targets to further complete the plan.

Monday, October 14, 2019

Analysis of Honeynets and Honeypots for Security

Analysis of Honeynets and Honeypots for Security Chapter 1 Introduction Honeynet is a kind of a network security tool, most of the network security tools we have are passive in nature for example Firewalls and IDS. They have the dynamic database of available rules and signatures and they operate on these rules. That is why anomaly detection is limited only to the set of available rules. Any activity that is not in alignment with the given rules and signatures goes under the radar undetected. Honeypots by design allows you to take the initiative, and trap those bad guys (hackers). This system has no production value, with no authorized activity. Any interaction with the honeypot is considered malicious in intent. The combination of honeypots is honeynet. Basically honeypots or honeynets do not solve the security problem but provide information and knowledge that help the system administrator to enhance the overall security of his network and systems. This knowledge can act as an Intrusion detection system and used as input for any early warning systems. O ver the years researchers have successfully isolated and identified verity of worms exploits using honeypots and honeynets. Honeynets extend the concept of a single honeypot to a highly controlled network of honeypots. A honeynet is a specialized network architecture cond in a way to achieve Data Control, Data Capture Data Collection. This architecture builds a controlled network that one can control and monitor all kind of system and network activity. 1.1 Information Security Information Security is the protection of all sensitive information, electronic or otherwise, which is owned by an individual or an organization. It deals with the preservation of the confidentiality, integrity and availability of information. It protects information of organizations from all kinds of threats to ensure business continuity, minimize business damage and maximize the return on investment and business opportunities. Information stored is highly confidential and not for public viewing. Through information security we protect its availability, privacy and integrity. Information is one of most important assets of financial institutions. Fortification of information assets is essential to ascertain and maintain trust between the financial institution and its customers, maintain compliance with the law, and protect the reputation of the institution. Timely and reliable information is compulsory to process transactions and support financial institution and customer decisions. A financial institutions earnings and capital can be adversely affected, if information becomes known to unauthorized parties is distorted or is not available when it is needed [15]. 1.2 Network Security It is the protection of networks and its services from any unauthorized access. It includes the confidentiality and integrity of all data passing through the network. It also includes the security of all Network devices and all information assets connected to a network as well as protection against all kind of known and unknown attacks. The ITU-T Security Architecture for Open System Interconnection (OSI) document X.800 and RFC 2828 are the standard documentation defining security services. X.800 divides the security services into 5 categories and 14 specific services which can be summarized as Table 1.1 OSI X.800 Summary[8] Ã¢â‚¬Å"1. AUTHENTICATION The assurance that the communicating entity is the one that it claims to be. Peer Entity Authentication Used in association with a logical connection to provide confidence in the identity of the entities connected. Data Origin Authentication In a connectionless transfer, provides assurance that the source of received data is as claimed. 2. ACCESS CONTROL The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do). 3. DATA CONFIDENTIALITY The protection of data from unauthorized disclosure. Connection Confidentiality The protection of all user data on a connection. Connectionless Confidentiality The protection of all user data in a single data block Selective-Field Confidentiality The confidentiality of selected fields within the user data on a connection or in a single data block. Traffic Flow Confidentiality The protection of the information that might be derived from observation of traffic flows. 4. DATA INTEGRITY The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay). Connection Integrity with Recovery Provides for the integrity of all user data on a connection and detects any modification, insertion, deletion, or replay of any data within an entire data sequence, with recovery attempted. Connection Integrity without Recovery As above, but provides only detection without recovery. Selective-Field Connection Integrity Provides for the integrity of selected fields within the user data of a data block transferred over a connection and takes the form of determination of whether the selected fields have been modified, inserted, deleted, or replayed. Connectionless Integrity Provides for the integrity of a single connectionless data block and may take the form of detection of data modification. Additionally, a limited form of replay detection may be provided. Selective-Field Connectionless Integrity Provides for the integrity of selected fields within a single connectionless data block; takes the form of determination of whether the selected fields have been modified. 5. NONREPUDIATION Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication. Nonrepudiation, Origin Proof that the message was sent by the specified party. Nonrepudiation, Destination Proof that the message was received by the specified party.Ã¢â‚¬ [1] [8], [9], 1.3 The Security Problem System security personnel fighting an unending battle to secure their digital assets against the ever increasing attacks, verity of attacks and their intensity is increasing day by day. Most of the attacks are detected after the exploitations so there should be awareness of the threats and vulnerabilities that exist in the Internet today. First we have to understand that we cannot say that there exists a perfect secure machine or network because the closest we can get to an absolute secure machine is that we unplugged the network cable and power supply and put that machine in to a safe. Unfortunately it is not useful in that state. We cannot achieve perfect security and perfect access at the same time. We can only increase the no of doors but we cannot put wall instead of doors. In field of security we need to find the vulnerably and exploits before they affect us. Honeypot and honeynet provides a valuable tool to collect information about the behavior of attackers in order to design and implement better defense. In the field of security it is important to note that we cannot simply state that what is the best type of firewall? Absolute security and absolute access are the two chief points. Absolute security and absolute access are inverse to each other. If we increase the security access will be decrease. There should be balance between absolute security and absolute defense, access is given without compromising the security. If we compare it to our daily lives we observe not much difference. We are continuously making decisions regarding what risks we are ready to take. When we step out of our homes we are taking a risk. As we get into a car and drive to our work place there is a risk associated with it too. There is a possibility that something might happen on the highway which will make us a part of an accident. When we fly and sit on an airplane we are willing to undergo the level of risk which is at par with the heavy amount we are paying for this convenience. It is observed that many people think differently about what an acceptable risk would be and in majority cases they do go beyond this thinking. For instance if I am sitting upstairs in my room and have to go to work, I wont take a jump straight out of the window. It might be a faster way but the danger of doing so and the injury I would have to face is much greater than the convenience. It is vital for every organization to decide that between the two opposite poles of total security and total access where they need to place themselves. It is necessary for a policy to articulate this system and then further explain the way it will be enforced with which practices and ways. Everything that is done under the name of security must strictly agree to the policy. 1.4 Types of Hacker Hackers are generally divide into two major categories. 1.4.1 Black Hats Black hat hackers are the biggest threat both internal and external to the IT infrastructure of any organization, as they are consistently challenging the security of applications and services. They are also called crackers, These are the persons who specialize in unauthorized infiltration. There could be Varity of reasons for this type of penetration it could be for profit, for enjoyment, or for political motivations or as a part of a social cause. Such infiltration often involves modification / destruction of data. 1.4.2 White Hats White hat hackers are similar to black hat hackers but there is a important difference that is white hat hackers do it without any criminal intention. Different companies all around the world hire/contact these kinds of persons to test their systems and softwares. They check how secure these systems are and point out any fault they found. These hackers, also known as ethical hackers, These are the persons or security experts who are specialize in penetration testing. These types of people are also known as tiger teams. These experts may use different types of methods and techniques to carry out their tests, including social engineering tactics, use of hacking tools, and attempts to bypass security to gain entry into protected areas, but they do this only to find weaknesses in the system[8]. 1.5 Types of Attacks There are many types of attacks that can be categorized under 2 major categories Active Attacks Passive Attacks 1.5.1 Active Attacks Active attacks involve the attacker taking the offensive and directing malicious packets towards its victims in order to gain illegitimate access of the target machine such as by performing exhaustive user password combinations as in brute-force attacks. Or by exploiting remote local vulnerabilities in services and applications that are termed as holes. Other types of attacks include Masquerading attack when attacker pretends to be a different entity. Attacker user fake Identity of some legitimate user. Replay attack In Replay attack, attacker captures data and retransmits it to produce an unauthorized effect. It is a kind of man in middle attack. Modification attack In this type of attack integrity of the message is compromise. Message or file is modified by the attacker to achieve his malicious goals. Denial of service (DOS)attack In DOS attack an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (banking, etc.), or other services that rely on the affected computer. TCP ICMP scanning is also a form of active attacks in which the attackers exploit the way protocols are designed to respond. e.g. ping of death, sync attacks etc. In all types of active attacks the attacker creates noise over the network and transmits packets making it possible to detect and trace the attacker. Depending on the skill level, it has been observed that the skill full attackers usually attack their victims from proxy destinations that they have victimized earlier. 1.5.2 Passive Attacks Passive attacks involve the attacker being able to intercept, collect monitor any transmission sent by their victims. Thus, eavesdropping on their victim and in the process being able to listen in to their victims or targets communications. Passive attacks are very specialized types of attacks which are aimed at obtaining information that is being transmitted over secure and insecure channels. Since the attacker does not create any noise or minimal noise on the network so it is very difficult to detect and identify them. Passive attacks can be divided into 2 main types, the release of message content and traffic analysis. Release of message content It involves protecting message content from getting in hands of unauthorized users during transmission. This can be as basic as a message delivered via a telephone conversation, instant messenger chat, email or a file. Traffic analysis It involves techniques used by attackers to retrieve the actual message from encrypted intercepted messages of their victims. Encryption provides a means to mask the contents of a message using mathematical formulas and thus make them unreadable. The original message can only be retrieved by a reverse process called decryption. This cryptographic system is often based on a key or a password as input from the user. With traffic analysis the attacker can passively observe patterns, trends, frequencies and lengths of messages to guess the key or retrieve the original message by various cryptanalysis systems. Chapter 2 Honeypot and Honeynet 2.1 Honeypot Is a system, or part of a system, deliberately made to invite an intruder or system cracker. Honeypots have additional functionality and intrusion detection systems built into them for the collection of valuable information on the intruders. The era of virtualization had its impact on security and honeypots, the community responded, marked by the fine efforts of Niels Provos (founder of honeyd) Thorsten Holz for their masterpiece book Ã¢â‚¬Å"Virtual Honeypots From Botnet Tracking to Intrusion DetectionÃ¢â‚¬ in 2007. 2.2 Types of Honeypots Honeypots can be categorized into 2 main types based on Level of interaction Deployment. 2.2.1 Level of interaction Level of interaction determines the amount of functionality a honeypot provides. 2.2.1.1 Low-interaction Honeypot Low-interaction honey pots are limited in the extent of their interaction with the attacker. They are generally emulator of the services and operating systems. 2.2.1.2 High interaction Honeypot High-interaction honeypots are complex solution they involve with the deployment of real operating systems and applications. High interaction honeypots capture extensive amount of information by allowing attacker to interact with the real systems. 2.2.2 Deployment Based on deployment honeypot may be classified as Production Honeypots Research Honeypots 2.2.2.1 Production Honeypots Production honeypots are honeypots that are placed within the production networks for the purpose of detection. They extend the capabilities of the intrusion detection systems. These type of honeypots are developed and cond to integrate with the organizations infrastructure and scope. They are usually implemented as low-interaction honeypots but implementation may vary depending on the available funding and expertise required by the organization. Production honeypots can be placed within the application and authentication server subnets and can identify any attacks directed towards those subnets. Thus they can be used to identify both internal and external threats for an organization. These types of honeypots can also be used to detect malware propagation in the network caused by zero day exploits. Since IDSs detection is based on database signatures they fail to detect exploits that are not defined in their databases. This is where the honeypots out shine the Intrusion detection systems. They aid the system network administrators by providing network situational awareness. On basis of these results administrators can take decisions necessary to add or enhance security resources of the organization e.g. firewall, IDS and IPS etc. 2.2.2.1 Research Honeypots Research honeypots are deployed by network security researchers the whitehat hackers. Their primarily goal is to learn the tools, tactics techniques of the blackhat hackers by which they exploit computers network systems. These honeypots are deployed with the idea of allowing the attacker complete freedom and in the process learn his tactics from his movement within the system. Research honeypots help security researchers to isolate attacker tools they use to exploit systems. They are then carefully studied within a sand box environment to identify zero day exploits. Worms, Trojans and viruses propagating in the network can also be isolated and studied. The researchers then document their findings and share with system programmers, network and system administrators various system and anti-virus vendors. They provide the raw material for the rule engines of IDS, IPS and firewall system. Research Honeypots act as early warning systems. They are designed to detect and log maximum information from attackers yet being stealthy enough not to let attackers identify them. The identity of the honeypot is crucial and we can conclude that the learning curve (from the attacker) is directly proportional to the stealthiest of thehoneypot .These types of honeypots are usually deployed at universities and by the RD departments of various organizations. These types of honeypots are usually deployed as High-Interaction honeypots. 2.3 Honeynet The concept of the honeypot is sometimes extended to a network of honeypots, known as a honeynet. In honeynet we grouped different types of honeypots with different operatrating systems which increases the probability of trapping an attacker. At the same time, a setting in which the attacker explores the honeynet through network connections between the various host systems provides additional prospects for monitoring the attack and revealing information about the intruder. The honeynet operator can also use the honeynet for training purposes, gaining valuable experience with attack strategies and digital forensics without endangering production systems. The Honeynet project is a non-profit research organization that provides tools for building and managing honeynets. The tools of the Honeynet project are designed for the latest generation of high interaction honeynets that require two separate networks. The honeypots reside on the first network, and the second network holds the tools for managing the honeynet. Between these tools (and facing the Internet) is a device known as the honeywall. The honeywall, which is actually a kind of gateway device, captures controls, and analyzes all inbound and outbound traffic to the honeypots[4]. It is a high-interaction honeypot designed to capture wide-range of information on threats. High-interaction means that a honeynet provides real systems, applications, and services for attackers to interact with, as opposed to low-interaction honeypots which provide emulated services and operating systems. It is through this extensive interaction we gain information on threats, both external and internal to an organization. What makes a honeynet different from most honeypots is that it is a network of real computers for attackers to interact with. These victim systems (honeypots within the honeynet) can be any type of system, service, or information you want to provide [14]. 2.4 Honeynet Data Management Data management consist of three process Data control, data capture and data collection. 2.4.1 Data Control Data control is the containment of activity within the honeynet. It determines the means through which the attackers activity can be restricted in a way to avoid damaging/abusing other systems/resources through the honeynet. This demands a great deal of planning as we require to give the attacker freedom in order to learn from his moves and at the same time not let our resources (honeypot+bandwidth) to be used to attack, damage and abuse other hosts on the same or different subnets. Careful measures are taken by the administrators of the honeynet to study and formulate a policy on attackers freedom versus containment and implement this in a way to achieve maximum data control and yet not be discovered or identified by the attacker as a honeypot. Security is a process and is implemented in layers, various mechanisms to achieve data control are available such as firewall, counting outbound connections, intrusion detection systems,intrusion prevention systems and bandwidth restriction e tc. Depending on our requirements and risk thresholds defined we can implement data control mechanisms accordingly [4]. 2.4.2 Data Capture Data Capture involves the capturing, monitoring and logging of allthreats and attacker activities within the honeynet. Analysis of this captured data provides an insight on the tools, tactics, techniques and motives of the attackers. The concept is to achieve maximum logging capability at all nodes and hence log any kind of attackers interaction without the attacker knowing it. This type of stealthy logging is achieved by setting up tools and mechanisms on the honeypots to log all system activity and have network logging capability at the honeywall. Every bit of information is crucial in studying the attacker whether its a TCP port scan, remote and local exploit attempt, brute force attack, attack tool download by the haacker, various local commands run, any type of communication carried out over encrypted and unencrypted channels (mostly IRC) and any outbound connection attempt made by the attacker [25]. All of this should be logged successfully and sent over to a remote location to avoid any loss of data due to risk of system damage caused by attackers, such as data wipe out on disk etc. In order to avoid detection of this kind of activity from the attacker, data masking techniques such as encryption should be used. 2.4.3 Data Collection Once data is captured, it is securely sent to a centralized data collection point. Data is used for analysis and archiving which is collected from different honeynet sensors. Implementations may vary depending on the requirements of the organization, however latest implementations incorporate data collection at the honeywall gateway [19]. 2.5 Honeynet Architectures There are three honeynet architectures namely Generation I, Generation II and Generation III 2.5.1 Generation I Architecture Gen I Honeynet was developed in 1999 by the Honeynet Project. Its purpose was to capture attackers activity and give them the feeling of a real network. The architecture is simple with a firewall aided by IDS at front and honeypots placed behind it. This makes it detectable by attacker [7]. 2.5.2 Generation II III Architecture Gen II honeynets were first introduced in 2001 and Gen III honeynets was released in the end of 2004. Gen II honeynets were made in order to address the issues of Gen I honeynets. Gen II and Gen III honeynets have the same architecture. The only difference being improvements in deployment and management, in Gen III honeynets along with the addition of Sebek server built in the honeywall. Sebek is a stealthy capture tool installed on honeypots that capture and log all requests sent to the system read and write system call. This is very helpful in providing an insight on the attacker [7]. A radical change in architecture was brought about by the introduction of a single device that handles the data control and data capture mechanisms of the honeynet called the IDS Gateway or marketing-wise, the Honeywall. By making the architecture more Ã¢â‚¬Å"stealthyÃ¢â‚¬ , attackers are kept longer and thus more data is captured. There was also a major thrust in improving honeypot layer of data capture with the introduction of a new UNIX and Windows based data. 2.6 Virtual Honeynet Virtualization is a technology that allows running multiple virtual machines on a single physical machine. Each virtual machine can be an independent Operating system installation. This is achieved by sharing the physical machines resources such as CPU, Memory, Storage and peripherals through specialized software across multiple environments. Thus multiple virtual Operating systems can run concurrently on a single physical machine [4]. A virtual machine is specialized software that can run its own operating systems and applications as if it were a physical computer. It has its own CPU, RAM storage and peripherals managed by software that dynamically shares it with the physical hardware resources. Virtulization A virtual Honeynet is a solution that facilitates one to run a honeynet on a single computer. We use the term virtual because all the different operating systems placed in the honeynet have the appearance to be running on their own, independent computer. Network to a machine on the Honeynet may indicate a compromised enterprise system. CHAPTER 3 Design and Implementation Computer networks, connected to the Internet are vulnerable to a variety of exploits that can compromise their intended operations. Systems can be subject to Denial of Service Attacks, i-e preventing other computers to gain access for the desired service (e.g. web server) or prevent them from connecting to other computers on the Internet. They can also be subject to attacks that cause them to cease operations either temporarily or permanently. A hacker may be able to compromise a system and gain root access as if he is the system administrator. The number of exploits targeted against various platforms, operating systems, and applications increasing regularly. Most of vulnerabilities and attack methods are detected after the exploitations and cause big loses. Following are the main components of physical deployment of honeynet. First is the design of the Deployed Architecture. Then we installed SUN Virtual box as the Virtualization software. In this we virtually installed three Operating System two of them will work as honey pots and one Honeywall Roo 1.4 as Honeynet transparent Gateway. Snort and sebek are the part of honeywall roo operating system. Snort as IDS and Snort-Inline as IPS. Sebek as the Data Capture tool on the honeypot. The entire OS and honeywall functionality is installed on the system it formats all the previous data from the hard disk. The only purpose now of the CDROM is to install this functionality to the local hard drive. LiveCD could not be modified, so after installing it on the hard drive we can modify it according to our requirement. This approach help us to maintain the honeywall, allowing honeynet to use automated tools such asyumto keep packages current [31]. In the following table there is a summry of products with features installed in honeynet and hardware requirements. Current versions of the installed products are also mention in the table. Table 3.1 Project Summary Project Summary Feature Product Specifications Host Operating System Windows Server 2003 R2 HW Vendor HP Compaq DC 7700 ProcessorIntel(R) PentiumÃ‚ ® D CPU 3GHz RAM 2GB Storage 120GB NIC 1GB Ethernet controller (public IP ) Guest Operating System 1 Linux, Honeywall Roo 1.4 Single Processor Virtual Machine ( HONEYWALL ) RAM 512 MB Storage 10 GB NIC 1 100Mbps Bridged interface NIC 2 100Mbps host-only interface NIC 3 100Mbps Bridged interface (public IP ) Guest Operating System 2 Linux, Ubuntu 8.04 LTS (Hardy Heron) Single Processor Virtual Machine ( HONEYPOT ) RAM 256 MB Storage 10 GB NIC 100Mbps host-only vmnet (public IP ) Guest Operating System 3 Windows Server 2003 Single Processor Virtual Machine ( HONEYPOT ) RAM 256 MB Storage 10 GB NIC 100Mbps host-only vmnet (public IP ) Virtualization software SUN Virtual Box Version 3 Architecture Gen III Gen III implemented as a virtual honeynet Honeywall Roo Roo 1.4 IDS Snort Snort 2.6.x IPS Snort_inline Snort_inline 2.6.1.5 Data Capture Tool (on honeypots) Sebek Sebek 3.2.0 Honeynet Project Online Tenure November 12, 2009 TO December 12, 2009 3.1 Deployed Architecture and Design 3.2 Windows Server 2003 as Host OS Usability and performance of virtualization softwares are very good on windows server 2003. Windows Server 2003is aserveroperating system produced byMicrosoft. it is considered by Microsoft to be the cornerstone of itsWindows Server Systemline of business server products. Windows Server 2003 is more scalable and delivers better performance than its predecessor,Windows 2000. 3.3 Ubuntu as Honeypot Determined to use free and open source software for this project, Linux was the natural choice to fill as the Host Operating System for our projects server. Ubuntu 8.04 was used as a linux based honeypot for our implementation. The concept was to setup an up-to-date Ubuntu server, cond with commonly used services such as SSH, FTP, Apache, MySQL and PHP and study attacks directed towards them on the internet. Ubuntu being the most widely used Linux desktop can prove to be a good platform to study zero day exploits. It also becomes a candidate for malware collection and a source to learn hacker tools being used on the internet. Ubuntu was successfully deployed as a virtual machine and setup in our honeynet with a host-only virtual Ethernet connection. The honeypot was made sweeter i.e. an interesting target for the attacker by setting up all services with default settings, for example SSH allowed password based connectivity from any IP on default port 22, users created were given privi leges to install and run applications, Apache index.html page was made remotely accessible with default errors and banners, MySQL default port 1434 was accessible and outbound connections were allowed but limited [3]. Ubuntu is a computeroperating systembased on theDebianGNU/Linux distribution. It is named after theSouthern Africanethical ideology Ubuntu (humanity towards others)[5]and is distributed asfree and open source software. Ubuntu provides an up-to-date, stable operating system for the average user, with a strong focus onusabilityand ease of installation. Ubuntu focuses onusability andsecurity. The Ubiquity installer allows Ubuntu to be installed to the hard disk from within the Live CD environment, without the need for restarting the computer prior to installation. Ubuntu also emphasizesaccessibilityandinternationalization to reach as many people as possible [33]. Ubuntu comes installed with a wide range of software that includes OpenOffice, Firefox,Empathy (Pidgin in versions before 9.10), Transmission, GIMP, and several lightweight games (such as Sudoku and chess). Ubuntu allows networking ports to be closed using its firewall, with customized port selectio Analysis of Honeynets and Honeypots for Security Analysis of Honeynets and Honeypots for Security Chapter 1 Introduction Honeynet is a kind of a network security tool, most of the network security tools we have are passive in nature for example Firewalls and IDS. They have the dynamic database of available rules and signatures and they operate on these rules. That is why anomaly detection is limited only to the set of available rules. Any activity that is not in alignment with the given rules and signatures goes under the radar undetected. Honeypots by design allows you to take the initiative, and trap those bad guys (hackers). This system has no production value, with no authorized activity. Any interaction with the honeypot is considered malicious in intent. The combination of honeypots is honeynet. Basically honeypots or honeynets do not solve the security problem but provide information and knowledge that help the system administrator to enhance the overall security of his network and systems. This knowledge can act as an Intrusion detection system and used as input for any early warning systems. O ver the years researchers have successfully isolated and identified verity of worms exploits using honeypots and honeynets. Honeynets extend the concept of a single honeypot to a highly controlled network of honeypots. A honeynet is a specialized network architecture cond in a way to achieve Data Control, Data Capture Data Collection. This architecture builds a controlled network that one can control and monitor all kind of system and network activity. 1.1 Information Security Information Security is the protection of all sensitive information, electronic or otherwise, which is owned by an individual or an organization. It deals with the preservation of the confidentiality, integrity and availability of information. It protects information of organizations from all kinds of threats to ensure business continuity, minimize business damage and maximize the return on investment and business opportunities. Information stored is highly confidential and not for public viewing. Through information security we protect its availability, privacy and integrity. Information is one of most important assets of financial institutions. Fortification of information assets is essential to ascertain and maintain trust between the financial institution and its customers, maintain compliance with the law, and protect the reputation of the institution. Timely and reliable information is compulsory to process transactions and support financial institution and customer decisions. A financial institutions earnings and capital can be adversely affected, if information becomes known to unauthorized parties is distorted or is not available when it is needed [15]. 1.2 Network Security It is the protection of networks and its services from any unauthorized access. It includes the confidentiality and integrity of all data passing through the network. It also includes the security of all Network devices and all information assets connected to a network as well as protection against all kind of known and unknown attacks. The ITU-T Security Architecture for Open System Interconnection (OSI) document X.800 and RFC 2828 are the standard documentation defining security services. X.800 divides the security services into 5 categories and 14 specific services which can be summarized as Table 1.1 OSI X.800 Summary[8] Ã¢â‚¬Å"1. AUTHENTICATION The assurance that the communicating entity is the one that it claims to be. Peer Entity Authentication Used in association with a logical connection to provide confidence in the identity of the entities connected. Data Origin Authentication In a connectionless transfer, provides assurance that the source of received data is as claimed. 2. ACCESS CONTROL The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do). 3. DATA CONFIDENTIALITY The protection of data from unauthorized disclosure. Connection Confidentiality The protection of all user data on a connection. Connectionless Confidentiality The protection of all user data in a single data block Selective-Field Confidentiality The confidentiality of selected fields within the user data on a connection or in a single data block. Traffic Flow Confidentiality The protection of the information that might be derived from observation of traffic flows. 4. DATA INTEGRITY The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay). Connection Integrity with Recovery Provides for the integrity of all user data on a connection and detects any modification, insertion, deletion, or replay of any data within an entire data sequence, with recovery attempted. Connection Integrity without Recovery As above, but provides only detection without recovery. Selective-Field Connection Integrity Provides for the integrity of selected fields within the user data of a data block transferred over a connection and takes the form of determination of whether the selected fields have been modified, inserted, deleted, or replayed. Connectionless Integrity Provides for the integrity of a single connectionless data block and may take the form of detection of data modification. Additionally, a limited form of replay detection may be provided. Selective-Field Connectionless Integrity Provides for the integrity of selected fields within a single connectionless data block; takes the form of determination of whether the selected fields have been modified. 5. NONREPUDIATION Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication. Nonrepudiation, Origin Proof that the message was sent by the specified party. Nonrepudiation, Destination Proof that the message was received by the specified party.Ã¢â‚¬ [1] [8], [9], 1.3 The Security Problem System security personnel fighting an unending battle to secure their digital assets against the ever increasing attacks, verity of attacks and their intensity is increasing day by day. Most of the attacks are detected after the exploitations so there should be awareness of the threats and vulnerabilities that exist in the Internet today. First we have to understand that we cannot say that there exists a perfect secure machine or network because the closest we can get to an absolute secure machine is that we unplugged the network cable and power supply and put that machine in to a safe. Unfortunately it is not useful in that state. We cannot achieve perfect security and perfect access at the same time. We can only increase the no of doors but we cannot put wall instead of doors. In field of security we need to find the vulnerably and exploits before they affect us. Honeypot and honeynet provides a valuable tool to collect information about the behavior of attackers in order to design and implement better defense. In the field of security it is important to note that we cannot simply state that what is the best type of firewall? Absolute security and absolute access are the two chief points. Absolute security and absolute access are inverse to each other. If we increase the security access will be decrease. There should be balance between absolute security and absolute defense, access is given without compromising the security. If we compare it to our daily lives we observe not much difference. We are continuously making decisions regarding what risks we are ready to take. When we step out of our homes we are taking a risk. As we get into a car and drive to our work place there is a risk associated with it too. There is a possibility that something might happen on the highway which will make us a part of an accident. When we fly and sit on an airplane we are willing to undergo the level of risk which is at par with the heavy amount we are paying for this convenience. It is observed that many people think differently about what an acceptable risk would be and in majority cases they do go beyond this thinking. For instance if I am sitting upstairs in my room and have to go to work, I wont take a jump straight out of the window. It might be a faster way but the danger of doing so and the injury I would have to face is much greater than the convenience. It is vital for every organization to decide that between the two opposite poles of total security and total access where they need to place themselves. It is necessary for a policy to articulate this system and then further explain the way it will be enforced with which practices and ways. Everything that is done under the name of security must strictly agree to the policy. 1.4 Types of Hacker Hackers are generally divide into two major categories. 1.4.1 Black Hats Black hat hackers are the biggest threat both internal and external to the IT infrastructure of any organization, as they are consistently challenging the security of applications and services. They are also called crackers, These are the persons who specialize in unauthorized infiltration. There could be Varity of reasons for this type of penetration it could be for profit, for enjoyment, or for political motivations or as a part of a social cause. Such infiltration often involves modification / destruction of data. 1.4.2 White Hats White hat hackers are similar to black hat hackers but there is a important difference that is white hat hackers do it without any criminal intention. Different companies all around the world hire/contact these kinds of persons to test their systems and softwares. They check how secure these systems are and point out any fault they found. These hackers, also known as ethical hackers, These are the persons or security experts who are specialize in penetration testing. These types of people are also known as tiger teams. These experts may use different types of methods and techniques to carry out their tests, including social engineering tactics, use of hacking tools, and attempts to bypass security to gain entry into protected areas, but they do this only to find weaknesses in the system[8]. 1.5 Types of Attacks There are many types of attacks that can be categorized under 2 major categories Active Attacks Passive Attacks 1.5.1 Active Attacks Active attacks involve the attacker taking the offensive and directing malicious packets towards its victims in order to gain illegitimate access of the target machine such as by performing exhaustive user password combinations as in brute-force attacks. Or by exploiting remote local vulnerabilities in services and applications that are termed as holes. Other types of attacks include Masquerading attack when attacker pretends to be a different entity. Attacker user fake Identity of some legitimate user. Replay attack In Replay attack, attacker captures data and retransmits it to produce an unauthorized effect. It is a kind of man in middle attack. Modification attack In this type of attack integrity of the message is compromise. Message or file is modified by the attacker to achieve his malicious goals. Denial of service (DOS)attack In DOS attack an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (banking, etc.), or other services that rely on the affected computer. TCP ICMP scanning is also a form of active attacks in which the attackers exploit the way protocols are designed to respond. e.g. ping of death, sync attacks etc. In all types of active attacks the attacker creates noise over the network and transmits packets making it possible to detect and trace the attacker. Depending on the skill level, it has been observed that the skill full attackers usually attack their victims from proxy destinations that they have victimized earlier. 1.5.2 Passive Attacks Passive attacks involve the attacker being able to intercept, collect monitor any transmission sent by their victims. Thus, eavesdropping on their victim and in the process being able to listen in to their victims or targets communications. Passive attacks are very specialized types of attacks which are aimed at obtaining information that is being transmitted over secure and insecure channels. Since the attacker does not create any noise or minimal noise on the network so it is very difficult to detect and identify them. Passive attacks can be divided into 2 main types, the release of message content and traffic analysis. Release of message content It involves protecting message content from getting in hands of unauthorized users during transmission. This can be as basic as a message delivered via a telephone conversation, instant messenger chat, email or a file. Traffic analysis It involves techniques used by attackers to retrieve the actual message from encrypted intercepted messages of their victims. Encryption provides a means to mask the contents of a message using mathematical formulas and thus make them unreadable. The original message can only be retrieved by a reverse process called decryption. This cryptographic system is often based on a key or a password as input from the user. With traffic analysis the attacker can passively observe patterns, trends, frequencies and lengths of messages to guess the key or retrieve the original message by various cryptanalysis systems. Chapter 2 Honeypot and Honeynet 2.1 Honeypot Is a system, or part of a system, deliberately made to invite an intruder or system cracker. Honeypots have additional functionality and intrusion detection systems built into them for the collection of valuable information on the intruders. The era of virtualization had its impact on security and honeypots, the community responded, marked by the fine efforts of Niels Provos (founder of honeyd) Thorsten Holz for their masterpiece book Ã¢â‚¬Å"Virtual Honeypots From Botnet Tracking to Intrusion DetectionÃ¢â‚¬ in 2007. 2.2 Types of Honeypots Honeypots can be categorized into 2 main types based on Level of interaction Deployment. 2.2.1 Level of interaction Level of interaction determines the amount of functionality a honeypot provides. 2.2.1.1 Low-interaction Honeypot Low-interaction honey pots are limited in the extent of their interaction with the attacker. They are generally emulator of the services and operating systems. 2.2.1.2 High interaction Honeypot High-interaction honeypots are complex solution they involve with the deployment of real operating systems and applications. High interaction honeypots capture extensive amount of information by allowing attacker to interact with the real systems. 2.2.2 Deployment Based on deployment honeypot may be classified as Production Honeypots Research Honeypots 2.2.2.1 Production Honeypots Production honeypots are honeypots that are placed within the production networks for the purpose of detection. They extend the capabilities of the intrusion detection systems. These type of honeypots are developed and cond to integrate with the organizations infrastructure and scope. They are usually implemented as low-interaction honeypots but implementation may vary depending on the available funding and expertise required by the organization. Production honeypots can be placed within the application and authentication server subnets and can identify any attacks directed towards those subnets. Thus they can be used to identify both internal and external threats for an organization. These types of honeypots can also be used to detect malware propagation in the network caused by zero day exploits. Since IDSs detection is based on database signatures they fail to detect exploits that are not defined in their databases. This is where the honeypots out shine the Intrusion detection systems. They aid the system network administrators by providing network situational awareness. On basis of these results administrators can take decisions necessary to add or enhance security resources of the organization e.g. firewall, IDS and IPS etc. 2.2.2.1 Research Honeypots Research honeypots are deployed by network security researchers the whitehat hackers. Their primarily goal is to learn the tools, tactics techniques of the blackhat hackers by which they exploit computers network systems. These honeypots are deployed with the idea of allowing the attacker complete freedom and in the process learn his tactics from his movement within the system. Research honeypots help security researchers to isolate attacker tools they use to exploit systems. They are then carefully studied within a sand box environment to identify zero day exploits. Worms, Trojans and viruses propagating in the network can also be isolated and studied. The researchers then document their findings and share with system programmers, network and system administrators various system and anti-virus vendors. They provide the raw material for the rule engines of IDS, IPS and firewall system. Research Honeypots act as early warning systems. They are designed to detect and log maximum information from attackers yet being stealthy enough not to let attackers identify them. The identity of the honeypot is crucial and we can conclude that the learning curve (from the attacker) is directly proportional to the stealthiest of thehoneypot .These types of honeypots are usually deployed at universities and by the RD departments of various organizations. These types of honeypots are usually deployed as High-Interaction honeypots. 2.3 Honeynet The concept of the honeypot is sometimes extended to a network of honeypots, known as a honeynet. In honeynet we grouped different types of honeypots with different operatrating systems which increases the probability of trapping an attacker. At the same time, a setting in which the attacker explores the honeynet through network connections between the various host systems provides additional prospects for monitoring the attack and revealing information about the intruder. The honeynet operator can also use the honeynet for training purposes, gaining valuable experience with attack strategies and digital forensics without endangering production systems. The Honeynet project is a non-profit research organization that provides tools for building and managing honeynets. The tools of the Honeynet project are designed for the latest generation of high interaction honeynets that require two separate networks. The honeypots reside on the first network, and the second network holds the tools for managing the honeynet. Between these tools (and facing the Internet) is a device known as the honeywall. The honeywall, which is actually a kind of gateway device, captures controls, and analyzes all inbound and outbound traffic to the honeypots[4]. It is a high-interaction honeypot designed to capture wide-range of information on threats. High-interaction means that a honeynet provides real systems, applications, and services for attackers to interact with, as opposed to low-interaction honeypots which provide emulated services and operating systems. It is through this extensive interaction we gain information on threats, both external and internal to an organization. What makes a honeynet different from most honeypots is that it is a network of real computers for attackers to interact with. These victim systems (honeypots within the honeynet) can be any type of system, service, or information you want to provide [14]. 2.4 Honeynet Data Management Data management consist of three process Data control, data capture and data collection. 2.4.1 Data Control Data control is the containment of activity within the honeynet. It determines the means through which the attackers activity can be restricted in a way to avoid damaging/abusing other systems/resources through the honeynet. This demands a great deal of planning as we require to give the attacker freedom in order to learn from his moves and at the same time not let our resources (honeypot+bandwidth) to be used to attack, damage and abuse other hosts on the same or different subnets. Careful measures are taken by the administrators of the honeynet to study and formulate a policy on attackers freedom versus containment and implement this in a way to achieve maximum data control and yet not be discovered or identified by the attacker as a honeypot. Security is a process and is implemented in layers, various mechanisms to achieve data control are available such as firewall, counting outbound connections, intrusion detection systems,intrusion prevention systems and bandwidth restriction e tc. Depending on our requirements and risk thresholds defined we can implement data control mechanisms accordingly [4]. 2.4.2 Data Capture Data Capture involves the capturing, monitoring and logging of allthreats and attacker activities within the honeynet. Analysis of this captured data provides an insight on the tools, tactics, techniques and motives of the attackers. The concept is to achieve maximum logging capability at all nodes and hence log any kind of attackers interaction without the attacker knowing it. This type of stealthy logging is achieved by setting up tools and mechanisms on the honeypots to log all system activity and have network logging capability at the honeywall. Every bit of information is crucial in studying the attacker whether its a TCP port scan, remote and local exploit attempt, brute force attack, attack tool download by the haacker, various local commands run, any type of communication carried out over encrypted and unencrypted channels (mostly IRC) and any outbound connection attempt made by the attacker [25]. All of this should be logged successfully and sent over to a remote location to avoid any loss of data due to risk of system damage caused by attackers, such as data wipe out on disk etc. In order to avoid detection of this kind of activity from the attacker, data masking techniques such as encryption should be used. 2.4.3 Data Collection Once data is captured, it is securely sent to a centralized data collection point. Data is used for analysis and archiving which is collected from different honeynet sensors. Implementations may vary depending on the requirements of the organization, however latest implementations incorporate data collection at the honeywall gateway [19]. 2.5 Honeynet Architectures There are three honeynet architectures namely Generation I, Generation II and Generation III 2.5.1 Generation I Architecture Gen I Honeynet was developed in 1999 by the Honeynet Project. Its purpose was to capture attackers activity and give them the feeling of a real network. The architecture is simple with a firewall aided by IDS at front and honeypots placed behind it. This makes it detectable by attacker [7]. 2.5.2 Generation II III Architecture Gen II honeynets were first introduced in 2001 and Gen III honeynets was released in the end of 2004. Gen II honeynets were made in order to address the issues of Gen I honeynets. Gen II and Gen III honeynets have the same architecture. The only difference being improvements in deployment and management, in Gen III honeynets along with the addition of Sebek server built in the honeywall. Sebek is a stealthy capture tool installed on honeypots that capture and log all requests sent to the system read and write system call. This is very helpful in providing an insight on the attacker [7]. A radical change in architecture was brought about by the introduction of a single device that handles the data control and data capture mechanisms of the honeynet called the IDS Gateway or marketing-wise, the Honeywall. By making the architecture more Ã¢â‚¬Å"stealthyÃ¢â‚¬ , attackers are kept longer and thus more data is captured. There was also a major thrust in improving honeypot layer of data capture with the introduction of a new UNIX and Windows based data. 2.6 Virtual Honeynet Virtualization is a technology that allows running multiple virtual machines on a single physical machine. Each virtual machine can be an independent Operating system installation. This is achieved by sharing the physical machines resources such as CPU, Memory, Storage and peripherals through specialized software across multiple environments. Thus multiple virtual Operating systems can run concurrently on a single physical machine [4]. A virtual machine is specialized software that can run its own operating systems and applications as if it were a physical computer. It has its own CPU, RAM storage and peripherals managed by software that dynamically shares it with the physical hardware resources. Virtulization A virtual Honeynet is a solution that facilitates one to run a honeynet on a single computer. We use the term virtual because all the different operating systems placed in the honeynet have the appearance to be running on their own, independent computer. Network to a machine on the Honeynet may indicate a compromised enterprise system. CHAPTER 3 Design and Implementation Computer networks, connected to the Internet are vulnerable to a variety of exploits that can compromise their intended operations. Systems can be subject to Denial of Service Attacks, i-e preventing other computers to gain access for the desired service (e.g. web server) or prevent them from connecting to other computers on the Internet. They can also be subject to attacks that cause them to cease operations either temporarily or permanently. A hacker may be able to compromise a system and gain root access as if he is the system administrator. The number of exploits targeted against various platforms, operating systems, and applications increasing regularly. Most of vulnerabilities and attack methods are detected after the exploitations and cause big loses. Following are the main components of physical deployment of honeynet. First is the design of the Deployed Architecture. Then we installed SUN Virtual box as the Virtualization software. In this we virtually installed three Operating System two of them will work as honey pots and one Honeywall Roo 1.4 as Honeynet transparent Gateway. Snort and sebek are the part of honeywall roo operating system. Snort as IDS and Snort-Inline as IPS. Sebek as the Data Capture tool on the honeypot. The entire OS and honeywall functionality is installed on the system it formats all the previous data from the hard disk. The only purpose now of the CDROM is to install this functionality to the local hard drive. LiveCD could not be modified, so after installing it on the hard drive we can modify it according to our requirement. This approach help us to maintain the honeywall, allowing honeynet to use automated tools such asyumto keep packages current [31]. In the following table there is a summry of products with features installed in honeynet and hardware requirements. Current versions of the installed products are also mention in the table. Table 3.1 Project Summary Project Summary Feature Product Specifications Host Operating System Windows Server 2003 R2 HW Vendor HP Compaq DC 7700 ProcessorIntel(R) PentiumÃ‚ ® D CPU 3GHz RAM 2GB Storage 120GB NIC 1GB Ethernet controller (public IP ) Guest Operating System 1 Linux, Honeywall Roo 1.4 Single Processor Virtual Machine ( HONEYWALL ) RAM 512 MB Storage 10 GB NIC 1 100Mbps Bridged interface NIC 2 100Mbps host-only interface NIC 3 100Mbps Bridged interface (public IP ) Guest Operating System 2 Linux, Ubuntu 8.04 LTS (Hardy Heron) Single Processor Virtual Machine ( HONEYPOT ) RAM 256 MB Storage 10 GB NIC 100Mbps host-only vmnet (public IP ) Guest Operating System 3 Windows Server 2003 Single Processor Virtual Machine ( HONEYPOT ) RAM 256 MB Storage 10 GB NIC 100Mbps host-only vmnet (public IP ) Virtualization software SUN Virtual Box Version 3 Architecture Gen III Gen III implemented as a virtual honeynet Honeywall Roo Roo 1.4 IDS Snort Snort 2.6.x IPS Snort_inline Snort_inline 2.6.1.5 Data Capture Tool (on honeypots) Sebek Sebek 3.2.0 Honeynet Project Online Tenure November 12, 2009 TO December 12, 2009 3.1 Deployed Architecture and Design 3.2 Windows Server 2003 as Host OS Usability and performance of virtualization softwares are very good on windows server 2003. Windows Server 2003is aserveroperating system produced byMicrosoft. it is considered by Microsoft to be the cornerstone of itsWindows Server Systemline of business server products. Windows Server 2003 is more scalable and delivers better performance than its predecessor,Windows 2000. 3.3 Ubuntu as Honeypot Determined to use free and open source software for this project, Linux was the natural choice to fill as the Host Operating System for our projects server. Ubuntu 8.04 was used as a linux based honeypot for our implementation. The concept was to setup an up-to-date Ubuntu server, cond with commonly used services such as SSH, FTP, Apache, MySQL and PHP and study attacks directed towards them on the internet. Ubuntu being the most widely used Linux desktop can prove to be a good platform to study zero day exploits. It also becomes a candidate for malware collection and a source to learn hacker tools being used on the internet. Ubuntu was successfully deployed as a virtual machine and setup in our honeynet with a host-only virtual Ethernet connection. The honeypot was made sweeter i.e. an interesting target for the attacker by setting up all services with default settings, for example SSH allowed password based connectivity from any IP on default port 22, users created were given privi leges to install and run applications, Apache index.html page was made remotely accessible with default errors and banners, MySQL default port 1434 was accessible and outbound connections were allowed but limited [3]. Ubuntu is a computeroperating systembased on theDebianGNU/Linux distribution. It is named after theSouthern Africanethical ideology Ubuntu (humanity towards others)[5]and is distributed asfree and open source software. Ubuntu provides an up-to-date, stable operating system for the average user, with a strong focus onusabilityand ease of installation. Ubuntu focuses onusability andsecurity. The Ubiquity installer allows Ubuntu to be installed to the hard disk from within the Live CD environment, without the need for restarting the computer prior to installation. Ubuntu also emphasizesaccessibilityandinternationalization to reach as many people as possible [33]. Ubuntu comes installed with a wide range of software that includes OpenOffice, Firefox,Empathy (Pidgin in versions before 9.10), Transmission, GIMP, and several lightweight games (such as Sudoku and chess). Ubuntu allows networking ports to be closed using its firewall, with customized port selectio