Phu Nhuan Jewelry Essay

In April 28th, 1988, Phu Nhuan Jewelry Trading Store was founded with an investment of only VND 14 million and its first 20 employees. In 1990, this founding store became Phu Nhuan Jewelry, Fine Arts and Currency Exchange Company, being under direct control of Financial Administration of Ho Chi Minh City Committee. Phuong Hoang Gold Bar was also launched then. In 1992, the company was renamed Phu Nhuan Jewelry Joint Stock Company. This stage witnesses great changes with bold investment in Italian technology production line. In the same year, the company also co-founded Dong A Bank and formed a joint venture with Phu Nhuan House Trading and Devepment Company. In 1995, PNJ expanded its activities into motorbike trading as a Head of Honda. Also in this year, PNJ set up the first gas logistics in Ho Chi Minh City, VINAGAS. Since 1998 till 2003, Branches in Ha Noi, Da Nang and Can Tho were set up while number of stores in Ho Chi Minh City kept increasing. Not only spreading nationwide, PNJ also exports to foreign markets, starting with Singapore, Malaysia and the US. In 2003, PNJ co-found Dong A Real Estate Join Stock Company and be shareholder of SG Fisheries Joint Stock Company. In Jan 2004, PNJ changed into a new type of business: Joint Stock Company, under the full name Phu Nhuam Jewelry Joint Stock Company. In 2005, PNJ re-launched PNJSilver and launched a premium trademark CAO – Fine Jewelry. In 2007, PNJ was ranked Top 200 Largest Enterprises in Vietnam by United Nations Development Programme (UNDP). In 2008, PNJ launched new logo and re-launched gold bar trademark under a new name: Phoenix PNJ- Dong A Bank. In present, PNJ keeps growing in all aspects: manufacturing system investment and workforce development, export market expansion to Europe, U. S. A, Australia, etc. The company’s asset has raised up to 2. 000 billion VND, the number of employees has now been nearly 2. 000 people and PNJ has an international-standard jewelry factory with 1. 000 professional goldsmiths. Until now, PNJ’s retail system has expanded to more than 100 stores nationwide. PNJ is very proud of its famous and prestige jewelry brands in Vietnam, which include the PNJ Gold, PNJSilver, CAO Fine Jewelry and Phoenix PNJ – DongA Bank Gold Bar. PNJ has received different awards throughout years, such as Top 500 Retailers in Asia-Pacific Award (from 2004 until now), High Quality Vietnamese Products Award for 12 consecutive years from 1998 to 2009, Vietnamese Golden Star Award, Best Vietnamese Brand Award, Vietnamese Quality Award, etc. PNJ was the first local jewelry company exporting products overseas. Since 1995, PNJ jewelry products have been introduced in Hongkong Jewelry Fair, as well as exported to Denmark, Germany, U. S. A, Australia and start entering Dubai market. Throughout 21 years of development, PNJ has successfully completed business tasks, taken care of social community, contributed for the Vietnamese jewelry industry, and also contributed to the development of the economy – society of the country.

Personal development Plan

Target dates for review and completion. How have I chosen these dates? Efficient team 22ND June 2012 -will be management with a target date to review on improved communication my communication skills skills. As I would have ended The aptitude to feel self- my two terms by then assured on message sent and will be confident in out and also, receiving a communicating in form page | 3 (Refer appendix 1 and Ask for feedback from 3) tutors and peers to attain level of proficiency on the assignments for written kills and on presentations for oral skills. Refer learning journal IX) Ones, Marcella) will help me to update my knowledge. So, as to be a part of discussions in group activities and presentations Other than from the books and links informed by tutor I believe I should widen my knowledge by reading reference books like Reduce Stress with Increased Assertiveness's By Elizabeth Scott, M. S. Message without any barriers. Of assignments and presentations. It will be the time close to my internship which will necessitate me to highly have this skill. Personal management skills Planning andOrganizing the activities and most crucial managing time along with it. Solidification at all times is vital to achieve end goals (Refer appendix ) The constant feedback from peers and tutors will help in excelling on outcomes which will reflect upon my planning and organizing skills. (refer learning journal Ill) Keeping the time frame as crucial aspect a constant awareness in managing time will be important to accomplish assignments in Completing a task in time and without rushing them for last minute of submission deadlines.This can be motivating to attain the personal managing skills and their implication in further goal at study and at work in future. 2ND Appraisal-Which is end on first term. By then could reflect back on to the shortcomings in first term which may include delay in submissions or working till last minute. I would than use these as motivational circumstances for terms ahead and prioritize my time more efficiently. In one of the knowledge cast We Were taught on important/urgent grid, than applied this model in relevance of the tasks had to do with their priorities.This grid can be implemented in studies and at work as it helps to accomplish the goals set in time (Refer Page | 4 appendix 5) a comfortable time span. Presentations are time sensitive as well which needs peers to time us during the rehearsals can help managing. Reading books like â€Å"Getting Things Done by David Allen† on personal management other than allocated text books can be initiative on enhancing these skills.Cognitive Skills The articles and case Studying in depth the Critical Thinking and studies provided during theories and models, then Analyzing of all the the course of seminars writing an assignment on readings that are and group activity will same will make us think done. Analyzing and elf to portray on critically when presenting making subject matter in de pth. Our ideas. Recommendations as a The specific time bound Also, studying case studies part of critical reading case studies will help us like one done in module , writing (Refer critically taking notes International Business appendix 1) on thinking of it.Strategy based on During the final answer Licensing of Subway will on case study, it will be make us think critically on important to think the business strategies critically in order to incorporated in an The clear idea while presenting and the accuracy of case study answers shows critical thinking. The discussions in seminars on various theories can be criticized with consistency in them. 1 5th Jejunely-Near to finish line of second semester will mark the decision on depth of my critical thinking with the final task at hand to submit.Over this period at seminars we will come through to various case studies and theories to analyze which will further enrich the critical in depth thinking to be part of all my readings in Page | 5 Team Working Skills: motivation and management all the colleagues of the group and keep them motivated to attain the final goals. Refer learning journal IV) come to final decision and make suggestions to company. (Refer learning journal VI) organization. Even read articles from recommended readings by tutors and critically analyze them like What Great managers Do? L Concentrate on each group members performance and as a group leader helping them with adequate feedback to attain the high assessment outcomes. Attend the various workshops on management at CUL. Participating in various group tasks at university like â€Å"Synergy Business Challenge† where working as team to make profits as business was To comprise appropriate knowledge of ways to attain self motivation I will read books like â€Å"You Can Win† by Ship Cheer and also, book my place for seminars on motivation and management at CUL by tutors and external Professionals who share their experience to make it mor e relevant in understanding. Personal Development Plan Personal Development Plan: Guidance notes â€Å"Personal development planning enables individuals to take charge of their own learning. Learning becomes a proactive as well as reactive process, designed and prioritised to support immediate development needs as well as longer term ambitions†[1] A Personal Development Plan (PDP) enables learners to identify key areas of learning and development activity that will enable them to either acquire new or develop existing skills and behavioural attributes for the following purposes: enhance performance in their current role †¢ address anticipated changes in their current role †¢ address career aspirations towards a future role Prior to completing the Personal Development Plan (scroll down to next page(s) for a template to complete), the learner should undertake a skills analysis activity to determine their learning and development needs and identify development objectives to meet those needs. View the following links for too ls to help you do this: http://www. admin. cam. ac. uk/offices/hr/cppd/career/planning/#now We recommend that the personal development planning process should be undertaken initially by the learner followed by discussion and agreement with their manager. It is recommended that this process should take place annually and ideally should form part of the Staff Development and Review (Appraisal) process. However, it can be equally valuable when undertaken as a stand-alone activity. The personal development planning process should ideally begin at the point at which the learner is new to their role and undertaking their induction. The process can then continue throughout their employment at the University. Personal Development Plan: Key to terminology used in template Development Objectives are objectives that you have identified to enable you to meet the learning and development needs identified at the skills analysis stage Priority identifies whether your development objective is: †¢ critical to your current role †¢ beneficial but non-critical to your current role †¢ critical to your progressing in to future role †¢ beneficial but non-critical to progressing in to future role Activities can constitute any learning or development activity that will enable you to achieve your development ojectives e. . formal training, on-the-job training, work-shadowing another colleague etc. Support/Resources describe what you need to help you achieve your development objectives. Typically this would involve support from your manager, department or colleague to enable you to undertake a learning or development activity such as allowing you time away from your role or funding from your department. Target and Actual dates state when you intend to achieve your development objectives followed by the date you actually achieve them. Data in these columns is particularly useful when you review your PDP as it will enable you to identify any factors that may have prevented you from achieving your development objectives on the target date and build in contingencies to prevent this from occurring in the future. Review date states when you will review progress on your Personal Development Plan. Assuming that you undergo the personal development process annually, we recommend that you review your PDP every six months therefore enabling you to: †¢ Assess your progress †¢ Reflect on your learning Identify whether your development objectives need to be amended †¢ Identify factors that may have prevented you from achieving your development objectives †¢ Build in contingencies to enable you (where possible) to meet your agreed target date in the future Personal Development Plan: Template |What are my development |Priority |What activities do I need to undertake to |What support/resources do I need to ach ieve my |Target date for achieving my |Actual date of achieving my | |objectives? | |achieve my objectives? objectives |objectives |objectives | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | |Review Date: | | ———————– [1] AUA Postgraduate Certificate in Professional Practice (Higher Education Administration and Management (OUVA) Personal development Plan Target dates for review and completion. How have I chosen these dates? Efficient team 22ND June 2012 -will be management with a target date to review on improved communication my communication skills skills. As I would have ended The aptitude to feel self- my two terms by then assured on message sent and will be confident in out and also, receiving a communicating in form page | 3 (Refer appendix 1 and Ask for feedback from 3) tutors and peers to attain level of proficiency on the assignments for written kills and on presentations for oral skills. Refer learning journal IX) Ones, Marcella) will help me to update my knowledge. So, as to be a part of discussions in group activities and presentations Other than from the books and links informed by tutor I believe I should widen my knowledge by reading reference books like Reduce Stress with Increased Assertiveness's By Elizabeth Scott, M. S. Message without any barriers. Of assignments and presentations. It will be the time close to my internship which will necessitate me to highly have this skill. Personal management skills Planning andOrganizing the activities and most crucial managing time along with it. Solidification at all times is vital to achieve end goals (Refer appendix ) The constant feedback from peers and tutors will help in excelling on outcomes which will reflect upon my planning and organizing skills. (refer learning journal Ill) Keeping the time frame as crucial aspect a constant awareness in managing time will be important to accomplish assignments in Completing a task in time and without rushing them for last minute of submission deadlines.This can be motivating to attain the personal managing skills and their implication in further goal at study and at work in future. 2ND Appraisal-Which is end on first term. By then could reflect back on to the shortcomings in first term which may include delay in submissions or working till last minute. I would than use these as motivational circumstances for terms ahead and prioritize my time more efficiently. In one of the knowledge cast We Were taught on important/urgent grid, than applied this model in relevance of the tasks had to do with their priorities.This grid can be implemented in studies and at work as it helps to accomplish the goals set in time (Refer Page | 4 appendix 5) a comfortable time span. Presentations are time sensitive as well which needs peers to time us during the rehearsals can help managing. Reading books like â€Å"Getting Things Done by David Allen† on personal management other than allocated text books can be initiative on enhancing these skills.Cognitive Skills The articles and case Studying in depth the Critical Thinking and studies provided during theories and models, then Analyzing of all the the course of seminars writing an assignment on readings that are and group activity will same will make us think done. Analyzing and elf to portray on critically when presenting making subject matter in de pth. Our ideas. Recommendations as a The specific time bound Also, studying case studies part of critical reading case studies will help us like one done in module , writing (Refer critically taking notes International Business appendix 1) on thinking of it.Strategy based on During the final answer Licensing of Subway will on case study, it will be make us think critically on important to think the business strategies critically in order to incorporated in an The clear idea while presenting and the accuracy of case study answers shows critical thinking. The discussions in seminars on various theories can be criticized with consistency in them. 1 5th Jejunely-Near to finish line of second semester will mark the decision on depth of my critical thinking with the final task at hand to submit.Over this period at seminars we will come through to various case studies and theories to analyze which will further enrich the critical in depth thinking to be part of all my readings in Page | 5 Team Working Skills: motivation and management all the colleagues of the group and keep them motivated to attain the final goals. Refer learning journal IV) come to final decision and make suggestions to company. (Refer learning journal VI) organization. Even read articles from recommended readings by tutors and critically analyze them like What Great managers Do? L Concentrate on each group members performance and as a group leader helping them with adequate feedback to attain the high assessment outcomes. Attend the various workshops on management at CUL. Participating in various group tasks at university like â€Å"Synergy Business Challenge† where working as team to make profits as business was To comprise appropriate knowledge of ways to attain self motivation I will read books like â€Å"You Can Win† by Ship Cheer and also, book my place for seminars on motivation and management at CUL by tutors and external Professionals who share their experience to make it mor e relevant in understanding.

Alienation and Isolation in The Metamorphosis Essay

The Metamorphosis by Franz Kafka is a reflection on how alienation and isolation begin and develop in a society by employing the characters in his novella as a representation of society as a whole. Using Gregor’s manager to demonstrate the initiation of isolation and alienation of a person, Gregor as the person being isolated and the inhabitants of the Samsa household as the other members of society, Kafka creates an effective model to represent the hierarchically structured effect of isolationism and alienation in society on a larger scale. Kafka uses the company Gregor is forced to work for to illustrate the hierarchical effect of isolation and alienation, where the initiation of isolationism begins at the top of the hierarchy and thus creates a ripple effect down through the rest of society. The manager of the company that Gregor must work for due to a family debt is the representative Kafka chooses to demonstrate the most important person in the hierarchy. By waking up as an insect and being late for work, Gregor has broken his conformity to the parameters of what is tolerated by the company, so the manager himself comes to deal with the issue since such circumstances can â€Å"only be entrusted to the intelligence of the manager† (Kafka, 13). This, as well as how the family treats the manager as nicely as possible when he arrives demonstrates the importance of the manager’s decisions and their respect for authority. Further demonstrating the importance of his decisions, the manager is the first to react to Gregor’s transformation by threatening, â€Å"your position is not at all the most secure† (17) when Gregor will not open his door. This shows that he has the ability to completely disrupt Gregor’s place in the hierarchy and in doing so, isolate and alienate him from the rest of society. The manager remarks, â€Å"that was an animal’s voice† (20) when Gregor speaks, which alienates Gregor from humanity and reacts strongly to the sight of Gregor by â€Å"pressing his hand against his open mouth and moving back slowly† (23). After firing Gregor, the manager flees the building which causes the initiation of Gregor’s isolation since work was the most important and most time consuming thing in his life. This shows that as with society in general, the person in charge holds tremendous influence over the rest of the population and is capable of initiat ing the idea that a person must be isolated. Just because the figure in power decrees that a person is not a good member of society and should be isolated, however, does not mean that all members of society react the same way. the spectrum of views that members of society take against those who have been isolated is shown through Kafka’s portrayal of the Samsa family’s reaction to his transformation. Gregor’s father represents those who respect authority and immediately agree with those higher in the hierarchy and unquestioningly aid in the isolation process. He wears a â€Å"blue uniform with gold buttons† (62) even when he is at home, asleep on a chair in the living room which demonstrates the value he places on the system. This is also illustrated as soon as the manager reacts to Gregor’s deviation from normal when Mr. Samsa begins to â€Å"drive Gregor back into his room by waving the cane and the newspaper† (29). Other members of the family, however, react differently to the situat ion. Grete is the closest to Gregor and is the most sympathetic to him immediately after his transformation by placing milk in his room, which â€Å"was his favourite drink and which his sister had currently placed there for that reason† (34). Her reaction to Gregor’s isolation demonstrates the opposite of Mr. Samsa’s by being as considerate as he is forceful in Gregor’s alienation. Her relationship with Gregor demonstrates how in society, those who know the person being isolated before its initiation are most likely to resist helping to enforce the isolation. However, Kafka understands that people are very dynamic and often change their opinions. Grete undergoes a change in perspective to such a degree that by the end of the novella it is she who declares, â€Å"we must get rid of it† (84). This change in perspective shows how Kafka believes that members of society often stop sympathizing with the isolated group when it becomes inconvenient for them to continue doing so. Gregor’s mother reacts in an initial manner somewhere between the father and sister since when first seeing him she â€Å"went two steps toward Gregor and collapsed right in the middle of her skirts† (23). These conflicting desires continue through the novella, such as when Mr. Samsa tries to kill Gregor, â€Å"she begged him to spare Gregor’s life† (65) but at the same time she is repulsed by him. This illustrates how she wants to help him and tries to think of him the same way she did before his transformation, yet is unable to. This resembles the idealists in society who theoretically support the alienated person but often succumb to social pressures when they are forced to face the problem. These three reactions to Gregor’s transformation as a result of the initiation of his isolation by the manager demonstrate the spectrum of reactions. From the immediate acceptance of the hierarchy represented by Mr. Samsa, to the true compassion of Grete and the idealism of Mrs. Samsa, Kafka shows how a wide variety of reactions is expected from society, and how people often change their opinions. Similarly to how social pressures affect his mother, Gregor is also convinced through his respect for authority that he deserves the isolation enforced on him by society. He believes those above him in the hierarchy to such an extent that he eventually reaches the conclusion that he would be better off dead that to have his family suffering because of his presence. Like his father, Gregor has a strong respect for authority and served in the military until his father, who is an authoritative figure in his life, needed financial help so he became â€Å"almost overnight, a traveling salesman, who naturally had entirely different possibilities for earning money (†¦) which could be set out on the table at home in front of his astonished and delighted family† (43). Gregor’s decision to help his family pay off their debt without thinking of the effect it would have on his own happiness or considering refusing shows how firmly he is entrenched in the hierarchical system. The belief that authoritative figures are always correct leads him to think that since society dictates that he is worthless and deserves isolation, he would be better off dead than a burden to society. This is shown after Grete and Mr. Samsa decide that they want him gone, but Gregor’s â€Å"own thought that he had to disappear was, if possible, even more decisive than his sisters† (89). He overhears his family bemoaning their misfortune and since they are above him on the hierarchical structure, Gregor believes that he has to die in order to spare them the trouble of having to deal with him. This illustrates how Kafka believes that society is so dependent on a hierarchical structure and the guidance from authoritative figures that they cannot think for themselves and even the person who is isolated may still respect and follow those higher in the hierarchy. This is the final step in the transmission of an idea through a social hierarchy whereby everyone believes that a person is lesser and should not exist, including the alienated person themselves. The Metamorphosis comes together to show the hierarchical pattern Kafka believes a society follows in regard to isolation and alienation. He uses the manager of the company Gregor works for to model the instigation of isolationism, which in society is determined by the most important person in the hierarchy. Gregor’s family represents society as a whole and is used to illustrate the variety of reactions the people in society after they are told who to alienate. These reactions range from immediate, unquestioning agreement with those higher in the hierarchy, to idealistically supporting the isolated person, to sympathizing with and trying to help the alienated person. He also uses Grete to demonstrate the dynamic state of human reactions, by changing from sympathetic and caring to vicious and unsupportive by the end of the novella. Kafka continues this shaping of society from the hierarchical structure by causing Gregor himself to agree with the authoritative figures in his life and conform to the idea that he is worthless, thus imposing self-isolation. the interactions between the characters in The Metamorphosis show how Kafka believes that the isolation and alienation of a person in society is initiated by those at the top of the social hierarchy and works its way down through the hierarchy until eventually everyone in society has been influenced to accept the initial decision of one person. Works Cited Kafka, Franz. The Metamorphosis. Trans. Ian Johnstone. Nanaimo: Malaspina University-College, 1999.

In Land Barge Transportation in Europe and China Research Paper

In Land Barge Transportation in Europe and China - Research Paper Example Europe on the other hand lies thousands of miles away from china and is an entire continent with tens of developed countries. This is arguably the only continent in the world consisting of only developed country. The region uses a single currency a factor that allows free movement of goods and labor across the countries in the continent. The region too has an effective transportation infrastructure, which includes state of the arts roads and efficient rail network coverage of the entire region. Apart from these, the region enjoys a wide access to major water world water bodies and a number of inland lakes all of which further necessitate the use of the inland barge as a means of transportation. With such backgrounds, the regions undeniably use inland barge as a means of transporting both goods and labor in and out of the regions. The history if the means of transport dates back to the seventeenth century when the regions used mundane technologies to power the machines. The efficiency the regions enjoyed from the use of the transportation system led to the development of the regions and the modern technology continues to perfect the machines to increase their reliability making them of utmost relevant to the modern society and the modern day development process. The topic is therefore researchable since it is evident that the mode of transport contributed to the development of the region and it is speculated that the two regions use different technologies to power the machines and employ the machines in different uses. The claim that inland barge is a more efficient means of transporting goods than rail and roads is also worth investigating since despite the claims, the two regions still have extensive road and rail coverage and use these to transport goods across the regions. Despite these, the geographical context of the two regions and the distance separating the two regions pose a great challenge in conducting the research (Kuada, 2012). The scope of the res earch is too wide to collect the data within the set period of two months. The research therefore requires a large budget if the researcher is to employ some of the involving means of data collection. However, to remedy the challenges posed by these, the research assumes both a qualitative and quantitative research structure. Fusing the two in most researches normally widens the scope of the research but the reach in this context is wide already and therefore complex. The qualitative aspect of the research vies the features of the means of transportation and the uniqueness of its employment in the different regions. Finding data for this type of research is not difficult since it all relies on the previous works done by other scholars and researchers (Rajendra, 2011). This therefore makes this aspect of the research a content analysis of the structures of the mode of transportation and the different features it possesses. The quantitative aspect of the research relies on the measura ble components of the transportation system in the two regions. This type of research makes comparison easier to conduct since the researcher will require only a workable variable or a number of workable variables that apply to both regions and compare

EMTALA Scenario Analysis Term Paper Example | Topics and Well Written Essays - 1000 words

EMTALA Scenario Analysis - Term Paper Example An Analysis of the Situation From a casual glance, the situation is one that appears simple and dismissible, going by the orthopediatrician’s correspondence. This is because; at a casual glance, the status of the patient which is characterized by a non-displaced, splintable and easily detectable fracture is one that is not serious enough to warrant an emergency. Nevertheless, a critical reflection on the situation makes it clear that it is possible that the case may be complicated enough to warrant a legal suit against the hospital. This is especially the case if it turns out that the hospital’s orthopediatrician was either being economical with the truth, or read from an inaccurate source. Conversely, it is also possible that the participating hospital (the hospital that intends to transfer the patient) could be trying to refer the patient as a way of dumping the patient. How the Situation Is Impacted By EMTALA The situation, as misty (due to scantiness and contradicti on of information) as it is, totally applies to EMTALA mandate. The place of the participating hospital may be insignificant to the matter at hand. This is because the hospital could be having a deficiency of an emergency department. Secondly, the nature of the fracture is relatively less serious but may be very complicated. This is because to the layman, the fracture is less serious since it is less visible than compound, open and displaced fractures. However, the fact that pain, swelling and stiffness accompany non-displaced fractures is a matter that directly invokes emergency and thereby necessitating the consideration of EMTALA provisions. According to Bitterman (2011), EMTALA provisions describe medical emergency as a condition that manifests itself by acute and severe symptoms to an extent that failure to administer immediate medical attention places the patient’s health in danger and physiological and anatomical impairment. It is a fact that the non-displaced fracture is causing the patient severe physical pain and will also precipitate swelling and stiffness to the injured arm. Over time, bone and blood infections may ensue as the patient is left untreated. Nonetheless, despite all of these, the fact that EMTALA applies when there is an individual having a medical emergency, and when a request has been made on behalf of the individual for examination, treatment of a medical condition or both, makes the consideration of the patient more binding. In this case, there is a patient with a fractured arm, alongside a request placed by a participating hospital. Above all, even Levy and Pravikoff (2012) acknowledge that EMTALA stipulates that it matters not that the condition is palpable or perceptible to others or that the patient or the participating hospital is able to adduce evidence of the emergency or not. This means that the counterargument by the orthopediatrician that the fracture is a non-displaced one and that it can be splinted and seen in t he office is neither here nor there. The Decision to Make As the Administrator In the case presented, it will be important to have the patient with the fractured hand referred, even if his fracture seems not to warrant strictly urgent medical attention since it is non-displaced, splintable and easily detectable. The Rationale and Thought Process behind the Process The decision to have the patient referred to the hospital for an emergency treatment is very informed and

Servant Leadership Reflection Essay Example | Topics and Well Written Essays - 250 words

Servant Leadership Reflection - Essay Example Secondly, servant leadership might lead to the failure of an organization to achieve its goals. Servant leadership focuses on enhancing growth at both organizational and community level, which hinders centralized growth in the firm (Schaap, 2008). Finally, servant leadership can demean the leadership role of the management in the organization. This servant leadership can cause laxity at the workplace because it eliminates the leadership at the workplace (Schaap, 2008). There is comfort working under servant leadership style because it promotes unity in the organization. In addition, servant leadership enables managers to experience the status of the working conditions of their employees. This type of leadership creates a good working atmosphere among the subordinate workers and the managers. In addition, it is essential to enhancing the public relations of the organization and production of quality products. Consequently, I would be comfortable using the system (Hammer, 2012). Today’s global society is characterized by the used of advanced technology in all sectors of an organization. The technology enables individuals to share their views regarding the operations of the company. In addition, the modern global society focuses mainly on the corporate social responsibility, which is achievable through servant leadership (Hammer, 2012). Servant leadership is a real leadership approach in the modern society. It enables organizations to relate effectively with the communities through production of high-quality products and corporate social initiatives. In addition, it creates a platform where employees obtain motivation from the leaders that are essential in enhancing productivity and profitability of the organization (Schaap,

Jesus as a Figure in History Case Study Example | Topics and Well Written Essays - 1500 words

Jesus as a Figure in History - Case Study Example These young girls start comparing themselves with the women shown on the television who are nothing but a piece of crap as they are full of make up and designer label clothes on their skinny figures. One needs to remember that many of these models shown on television and more so on the fashion channels have eating disorders and some pictures as well as images of women shown on television and in movies have been falsely created from a number of different bodies, thanks to computer graphics and software that now make it possible. The extreme images of torture, sex and liberalism shown on television project a very significant impression on the minds of the people and more so the ones who do not have related exposure to such cultural tangents. (Author Unknown, 2004) These people start taking such images and movies as a part of their lives even though such television programming is far from the truth. Thus people's behavior comes across as being directly in line with what is being shown on television and their perspectives start to alter as a result of the same. Last cause of television and movies' excessive viewing is in the form of a number of diseases and mostly related with the eyes of the people. This means that the people watching can fall prey to a number of ailments which can have negative repercussions in the long term. These maladies could result in the Attention Deficit Disorder or ADHD as well as other diseases from time to time. The lives of the people are thus affected immensely by viewing television for stretch and it is best advisable to limit viewing under such measures. Television has diversified its transmissions into different fields like information, education, entertainment, live news, documentaries, reports, sports coverage, presentations, game shows, etc. What this in essence means is that the television is a significant tool at portraying the different aspects which usually happen within a society's life time. People can easily expect television to cover each and every detail related with them and thus show them what is happening throughout the world, 24 hours a day, 7 days a week and 365 days a year. Bibliography AUTHOR UNKNOWN. (2004). Teens who watch sex on TV are twice as likely to have sex themselves. Journal of the American Academy of Pediatrics Word Count:

Saving the Manatees case study Example | Topics and Well Written Essays - 1000 words

Saving the Manatees - Case Study Example Moreover, Tom had to look for sponsors to fund the advertising and campaigning costs. The national environmental protection agency donated 300,000 United States dollars to assist in creating public awareness about the bill and urge more people to vote for it (Ragsdale 137-138). A linear programming (LP) spreadsheet model would play a significant role in designing how to allocate the provided funds to different advertising agents. The spreadsheet model assists in determining the total impact of using various advertising agents, the total constraints, and the optimal solution. Description of the data The data from the spreadsheet consists of 3 columns. The first column C shows the cost per unit of the advertising medium used in U.S. dollars. The following data represents the objective variables. The objective variables work in maximizing or minimizing numerical values. The value presented on the objective cell is the expected net budget value of the project. The product of C and decisi on units I give the total cost of advertisement. The second set of data is represented by E showing per unit impact rate. This column represents the constraints. Constraints define any possible variable that a linear programming problem takes. In the data E provided, constraints represent percentage impact of using a certain medium for advertising. The next data is represented by G showing the minimum value of decisions made with the smallest advertising medium. On the other hand, column K presents data of the maximum decision a product of using large advertising mediums. Discuss the results After constructing the spreadsheet and doing calculations, the following results were arrived at. What is the optimal solution? The total impact rate was $23,515. The values for impact rate were arrived at by multiplying E with I. The total impact rate was used to calculate the optimal solution in order to decide which advertising medium would be more effective. From the model, the optimal solut ion was arrived at by the following calculation. X = 300,000/A (1+2+3+4+†¦.n) + B (1+2+3+4†¦n) =300,000/ (299,800 + 23,515) = 0.927 The following results indicate that 92.7% of the total budget would be well utilized by the advertising mediums proposed by Tom. The following turn out is very pleasing and Tom was likely to receive many votes towards the policy. Of the constraints tom placed on this problem, which are preventing the objective function from being improved further? On the other hand, Tom placed some constraints that prevented further improvement the objective function. The objective function on full-page Sunday paper and 30-second radio spot are in significant because they cost a lot and serve the same purposes as the half-page Sunday magazine and 15-second radio spot respectively. In addition, long magazine advertisements are sometimes boring and time consuming and most people by pass them. The absence of such constraints would give Tom an opportunity to incor porate other advertising mediums like online ads. The marketing consultant provided short TV ads during the evening prime-time hours as the most effective medium of advertising. Suppose Tom was willing to increase the allowable number of evening TV ads. How much would this improve the solution? Improving the number of evening TV ads would cause a positive effect on the advertisement and increase the value of $23,515 into a higher level. Increased evening TV ads increases the impact rate since a high number of

Kay Success Factors (KSFs) Article Example | Topics and Well Written Essays - 250 words

Kay Success Factors (KSFs) - Article Example In terms of social force, Canada is seeing a demographic shift toward living in bigger cities according to the Statistics Canada Census Metropolitan Areas (CMA), 2011 and 2006 censuses (1). This will give Wash-it a better understanding at targeting and segmentation of both the market the consumer base. Canadians are also shifting towards a â€Å"Green Culture† which allows more use of renewable energy and saving resources such as water, these changes align with the Wash-it product ideas and aims. 10 Another force that affects the Wash-it product is the Economic forces. According to The Current State of Canadian Family Finances of Vanier Institute (2) the Canadian economy is in a recovery stage and seeing an increase in gross income as well as an increase of disposable income for households. Using the previous information, Wash-it can reflect its pricing range based on these numbers. 10 The third force that effect Wash-it is the Technological forces. Wash-it is based on a mix of existing technologies. These technologies need to be improved and upgraded in Washit to stay up to date with the fast paced industry of technology. It’s also worth mentioning that more and more people are getting online, this also adds to the effects on the consumer’s base. 10 In order for the product line to be successful it must engage certain Key Success Factors (KSFs) in order to be able to adequately penetrate the market and have the potential ability to turn a profit for the firm. The first of these is the level to which the supply and delivery mechanisms of the given product can help to place the firm at a competitive advantage as compared to its competitors. Without a well planned and highly efficient supply mechanism, the firm’s offering is dead before it can even hope to gain market share. 11 A secondary logistical KSF is the fact that suppliers of the device will need to be lined up and

Tracey Emin Essay Example | Topics and Well Written Essays - 750 words

Tracey Emin - Essay Example This photograph depicts a naked girl. She is holding the flag of the United Kingdom known as Union Jack with two hands above her head. The photograph shows her from behind. Thus, the flag covers her entire head, shoulders and the most part of the back, but it does not cover the waist, the buttocks and the legs. The girl is shown running away from the camera. The background shows the backside road, the wall on the left and the pavement on the right. There are several elements that should be analyzed in great detail. First of all, it is clear that the most controversial point about the picture is that the subject that is depicted on it is naked. In spite of the fact that this image may not be considered to be pornographic or erotic, it does disturbs the perception of the audience. Keeping in mind that position that I advocated by the author, one might suggest that the fact that the girl is naked reflects the desire of the artist to express her approval of feminism. The next important element which is essential when it comes to analyzing the structure of the photograph is the British flag. There is no doubt in the fact that the artist used this significant symbol of the state deliberately. Thus, it serves two functions. On the one hand, thanks to the use of the flag, the audience knows what country the picture was taken. Indeed, though it is not implied, but the message is primarily directed to the British people and this becomes clear through the use of their flag. On the other hand, the very situation when almost sacred symbol and a naked female body is combined is likely to provoke a considerable amount of controversy as well as criticism which will be expressed by the public. The next interesting point about the picture focuses on the activity which is performed by the main character. Thus, the girl in question is running with the flag above her head.

To what extent were Human Rights violated in Palestine by Israel since Research Paper

To what extent were Human Rights violated in Palestine by Israel since the war started in 1948 - Research Paper Example The whole menace comes from the issue of land and fights on who should take control. There has been some refugee who fled the original homes in the present day Israel, who finds the way to get back to their homes (Adwan, 30). This issue of going back has been a serious problem. For years, there have been many trials to solve the problem but it led to more problems than good. There have been situations where Israel had put Palestine under suffocating military and Palestine had been terrorizing the Israel. The two dimensions of the rivalry have been worsened by long bitter and the violent history existing between the two nations. Palestinians and Israelis have had divergent views of over last seventy plus years. Peace talk’s processes have been going on, but little hope has been seen because even the 1993 and 1995 Accord, which produced a glimmer hope, has faded away. Over these years of continued conflicts and fights many fundamental human rights of the people of Palestine (Coleman, 84). Owing to the fall of the Ottoman Empire after the First World War, the allied supreme council granted the Britain the mandates to rule over the states of the Transjordan and Palestine, which in present day is Israel. It was in August 1920 when it was officially allowed in the Treaty, which was signed. The Arab and Zionist were present at the conference, where they signed the agreement, but it was never implemented (Coleman, 50). The terms and borders, which were specified in the treaty, were not followed. The Eastern side was not supposed to be under any mandate. The idea was used by British to build an autonomous Arab territory under the mandate that partially Hussein was fulfilling. The British handed the mandate of the eastern side to Hashemite Dynasty from Hejaz region. The mandate of Transjordan was terminated in 1946 when it gained independence. The Palestinian nationalism started when reacted to the

People Led District Disaster Management Essay Example for Free

People Led District Disaster Management Essay Soon after the Orissa Cyclone and thereafter the Gujarat earthquake the Government of India prioritized a national policy on disaster management and advocated a change of direction from a post disaster reactive approach to a proactive stance before the occurrence of disasters, provided a new legal framework and greater harmonization of disaster management efforts. The policy set forth principles (including significant community role and active civil society participation), objectives (including emphasis on prevention, DRR and promoting regional and national cooperation), strategies and provisions for promoting inter-sectoral complementarities. The Disaster Management Act 2005, mandates National, States and district authorities to develop policy, guidelines, plans for proper implementation of Disaster management plans to reduce adverse impact on communities and to facilitate timely and effective response. It stresses upon inclusion of mitigation, preparedness and DRR measures into development. As a result SDMAs in various states initiated development of district disaster management plans. However, some plans were merely a collection of contact phone numbers of important authorities and departments from the district. There were significant gaps in these operational plans mainly due to non availability of a standard framework, lack of expertise and dedicated resources. Lack of community participation and that of relevant stakeholders in the preparation process has resulted in lack of ownership among intended users and beneficiaries. Disasters tend to happen to people at risk. People are at risk because they are vulnerable to hazards. This vulnerability can be best reduced by increasing people’s capacities to deal with underlying social, cultural and physical factors. The key to successful disaster management plan is to ensure involvement of people who are victims and who are at risk or could be potential victims. If this is not practiced it is often unsustainable, costly and ineffective. Most DDMPs in the country lacked participation of affected communities and civil society. A participatory community level disaster management involves a cross section of people in the design and development process of the plan. When local people develop these plans there is more interest, greater ownership and understanding resulting in successfully reducing suffering and losses. The key principles of this approach thus are: * Community themselves are best placed to prioritize threats and take effective risk reducing actions. The best time to reduce the impact of disasters is before the next disasters occur. Hence, preventive actions should be integral part of the effective disaster management plan. * The identification and mapping of hazards along with who and what may be affected is necessary before risk reduction plans can be made. * Progress has to be well publicized to maintain interest and strengthen the culture of disaster reduction. An example of this is found in the recent NDMA/SDMA collaboration with civil society coming together to develop community led DDMP in Madhubani. One of the basic highlights of the Madhubani DDMP process is that though it oriented towards response but it also incorporates reduction and prevention thrust. Incidentally, prevention has been recognized as an important aspect of DDMP by the district and state/SDMA but also in the poverty reduction strategy. As a result of DDMP several agencies/departments in Madhubani have shown willingness to incorporate prevention measures in their regulations, such as the building codes by the town planners that regulate development of settlements. It was encouraging to note high level of commitment from various stakeholders to improving DRR mechanism. Tearfund has been working along with its partners to lobby with governments at all levels for influencing the policies and development of effective people friendly plans. The Madhubani DRR project implemented by its partner organisation EFICOR in 30 villages in Madhubani was instrumental in development of pilot District Disaster Management Plan (DDMP) along with support from SPHERE India. The strength of this pilot has been the process it has embarked upon wherein involvement and participation of all level of stakeholders from community to district/state/national government authorities in development process of this DDMP. In view of intensive involvement of all relevant stakeholders the pilot has received good response and acceptance from the NDMA and SDMA. This is considered as the first ever attempt in developing a DDMP which has come up from the active involvement of first respondent in any natural disasters. As mentioned above the thrust of development of DDMP is that it is being developed involving affected community, hence, the approach has been bottom-up, however at the same time, all relevant stakeholders, be it government departments or the NGOs and other actors have been involved and participated at all stages of development of the plan. This is truly a plan developed by the people and for the people. This plan has also influenced many other civil socieities to take up similar preparations for other districts and states with the support of NDMA.

Analysis of Honeynets and Honeypots for Security

Analysis of Honeynets and Honeypots for Security Chapter 1 Introduction Honeynet is a kind of a network security tool, most of the network security tools we have are passive in nature for example Firewalls and IDS. They have the dynamic database of available rules and signatures and they operate on these rules. That is why anomaly detection is limited only to the set of available rules. Any activity that is not in alignment with the given rules and signatures goes under the radar undetected. Honeypots by design allows you to take the initiative, and trap those bad guys (hackers). This system has no production value, with no authorized activity. Any interaction with the honeypot is considered malicious in intent. The combination of honeypots is honeynet. Basically honeypots or honeynets do not solve the security problem but provide information and knowledge that help the system administrator to enhance the overall security of his network and systems. This knowledge can act as an Intrusion detection system and used as input for any early warning systems. O ver the years researchers have successfully isolated and identified verity of worms exploits using honeypots and honeynets. Honeynets extend the concept of a single honeypot to a highly controlled network of honeypots. A honeynet is a specialized network architecture cond in a way to achieve Data Control, Data Capture Data Collection. This architecture builds a controlled network that one can control and monitor all kind of system and network activity. 1.1 Information Security Information Security is the protection of all sensitive information, electronic or otherwise, which is owned by an individual or an organization. It deals with the preservation of the confidentiality, integrity and availability of information. It protects information of organizations from all kinds of threats to ensure business continuity, minimize business damage and maximize the return on investment and business opportunities. Information stored is highly confidential and not for public viewing. Through information security we protect its availability, privacy and integrity. Information is one of most important assets of financial institutions. Fortification of information assets is essential to ascertain and maintain trust between the financial institution and its customers, maintain compliance with the law, and protect the reputation of the institution. Timely and reliable information is compulsory to process transactions and support financial institution and customer decisions. A financial institutions earnings and capital can be adversely affected, if information becomes known to unauthorized parties is distorted or is not available when it is needed [15]. 1.2 Network Security It is the protection of networks and its services from any unauthorized access. It includes the confidentiality and integrity of all data passing through the network. It also includes the security of all Network devices and all information assets connected to a network as well as protection against all kind of known and unknown attacks. The ITU-T Security Architecture for Open System Interconnection (OSI) document X.800 and RFC 2828 are the standard documentation defining security services. X.800 divides the security services into 5 categories and 14 specific services which can be summarized as Table 1.1 OSI X.800 Summary[8] â€Å"1. AUTHENTICATION The assurance that the communicating entity is the one that it claims to be. Peer Entity Authentication Used in association with a logical connection to provide confidence in the identity of the entities connected. Data Origin Authentication In a connectionless transfer, provides assurance that the source of received data is as claimed. 2. ACCESS CONTROL The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do). 3. DATA CONFIDENTIALITY The protection of data from unauthorized disclosure. Connection Confidentiality The protection of all user data on a connection. Connectionless Confidentiality The protection of all user data in a single data block Selective-Field Confidentiality The confidentiality of selected fields within the user data on a connection or in a single data block. Traffic Flow Confidentiality The protection of the information that might be derived from observation of traffic flows. 4. DATA INTEGRITY The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay). Connection Integrity with Recovery Provides for the integrity of all user data on a connection and detects any modification, insertion, deletion, or replay of any data within an entire data sequence, with recovery attempted. Connection Integrity without Recovery As above, but provides only detection without recovery. Selective-Field Connection Integrity Provides for the integrity of selected fields within the user data of a data block transferred over a connection and takes the form of determination of whether the selected fields have been modified, inserted, deleted, or replayed. Connectionless Integrity Provides for the integrity of a single connectionless data block and may take the form of detection of data modification. Additionally, a limited form of replay detection may be provided. Selective-Field Connectionless Integrity Provides for the integrity of selected fields within a single connectionless data block; takes the form of determination of whether the selected fields have been modified. 5. NONREPUDIATION Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication. Nonrepudiation, Origin Proof that the message was sent by the specified party. Nonrepudiation, Destination Proof that the message was received by the specified party.† [1] [8], [9], 1.3 The Security Problem System security personnel fighting an unending battle to secure their digital assets against the ever increasing attacks, verity of attacks and their intensity is increasing day by day. Most of the attacks are detected after the exploitations so there should be awareness of the threats and vulnerabilities that exist in the Internet today. First we have to understand that we cannot say that there exists a perfect secure machine or network because the closest we can get to an absolute secure machine is that we unplugged the network cable and power supply and put that machine in to a safe. Unfortunately it is not useful in that state. We cannot achieve perfect security and perfect access at the same time. We can only increase the no of doors but we cannot put wall instead of doors. In field of security we need to find the vulnerably and exploits before they affect us. Honeypot and honeynet provides a valuable tool to collect information about the behavior of attackers in order to design and implement better defense. In the field of security it is important to note that we cannot simply state that what is the best type of firewall? Absolute security and absolute access are the two chief points. Absolute security and absolute access are inverse to each other. If we increase the security access will be decrease. There should be balance between absolute security and absolute defense, access is given without compromising the security. If we compare it to our daily lives we observe not much difference. We are continuously making decisions regarding what risks we are ready to take. When we step out of our homes we are taking a risk. As we get into a car and drive to our work place there is a risk associated with it too. There is a possibility that something might happen on the highway which will make us a part of an accident. When we fly and sit on an airplane we are willing to undergo the level of risk which is at par with the heavy amount we are paying for this convenience. It is observed that many people think differently about what an acceptable risk would be and in majority cases they do go beyond this thinking. For instance if I am sitting upstairs in my room and have to go to work, I wont take a jump straight out of the window. It might be a faster way but the danger of doing so and the injury I would have to face is much greater than the convenience. It is vital for every organization to decide that between the two opposite poles of total security and total access where they need to place themselves. It is necessary for a policy to articulate this system and then further explain the way it will be enforced with which practices and ways. Everything that is done under the name of security must strictly agree to the policy. 1.4 Types of Hacker Hackers are generally divide into two major categories. 1.4.1 Black Hats Black hat hackers are the biggest threat both internal and external to the IT infrastructure of any organization, as they are consistently challenging the security of applications and services. They are also called crackers, These are the persons who specialize in unauthorized infiltration. There could be Varity of reasons for this type of penetration it could be for profit, for enjoyment, or for political motivations or as a part of a social cause. Such infiltration often involves modification / destruction of data. 1.4.2 White Hats White hat hackers are similar to black hat hackers but there is a important difference that is white hat hackers do it without any criminal intention. Different companies all around the world hire/contact these kinds of persons to test their systems and softwares. They check how secure these systems are and point out any fault they found. These hackers, also known as ethical hackers, These are the persons or security experts who are specialize in penetration testing. These types of people are also known as tiger teams. These experts may use different types of methods and techniques to carry out their tests, including social engineering tactics, use of hacking tools, and attempts to bypass security to gain entry into protected areas, but they do this only to find weaknesses in the system[8]. 1.5 Types of Attacks There are many types of attacks that can be categorized under 2 major categories Active Attacks Passive Attacks 1.5.1 Active Attacks Active attacks involve the attacker taking the offensive and directing malicious packets towards its victims in order to gain illegitimate access of the target machine such as by performing exhaustive user password combinations as in brute-force attacks. Or by exploiting remote local vulnerabilities in services and applications that are termed as holes. Other types of attacks include Masquerading attack when attacker pretends to be a different entity. Attacker user fake Identity of some legitimate user. Replay attack In Replay attack, attacker captures data and retransmits it to produce an unauthorized effect. It is a kind of man in middle attack. Modification attack In this type of attack integrity of the message is compromise. Message or file is modified by the attacker to achieve his malicious goals. Denial of service (DOS)attack In DOS attack an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (banking, etc.), or other services that rely on the affected computer. TCP ICMP scanning is also a form of active attacks in which the attackers exploit the way protocols are designed to respond. e.g. ping of death, sync attacks etc. In all types of active attacks the attacker creates noise over the network and transmits packets making it possible to detect and trace the attacker. Depending on the skill level, it has been observed that the skill full attackers usually attack their victims from proxy destinations that they have victimized earlier. 1.5.2 Passive Attacks Passive attacks involve the attacker being able to intercept, collect monitor any transmission sent by their victims. Thus, eavesdropping on their victim and in the process being able to listen in to their victims or targets communications. Passive attacks are very specialized types of attacks which are aimed at obtaining information that is being transmitted over secure and insecure channels. Since the attacker does not create any noise or minimal noise on the network so it is very difficult to detect and identify them. Passive attacks can be divided into 2 main types, the release of message content and traffic analysis. Release of message content It involves protecting message content from getting in hands of unauthorized users during transmission. This can be as basic as a message delivered via a telephone conversation, instant messenger chat, email or a file. Traffic analysis It involves techniques used by attackers to retrieve the actual message from encrypted intercepted messages of their victims. Encryption provides a means to mask the contents of a message using mathematical formulas and thus make them unreadable. The original message can only be retrieved by a reverse process called decryption. This cryptographic system is often based on a key or a password as input from the user. With traffic analysis the attacker can passively observe patterns, trends, frequencies and lengths of messages to guess the key or retrieve the original message by various cryptanalysis systems. Chapter 2 Honeypot and Honeynet 2.1 Honeypot Is a system, or part of a system, deliberately made to invite an intruder or system cracker. Honeypots have additional functionality and intrusion detection systems built into them for the collection of valuable information on the intruders. The era of virtualization had its impact on security and honeypots, the community responded, marked by the fine efforts of Niels Provos (founder of honeyd) Thorsten Holz for their masterpiece book â€Å"Virtual Honeypots From Botnet Tracking to Intrusion Detection† in 2007. 2.2 Types of Honeypots Honeypots can be categorized into 2 main types based on Level of interaction Deployment. 2.2.1 Level of interaction Level of interaction determines the amount of functionality a honeypot provides. 2.2.1.1 Low-interaction Honeypot Low-interaction honey pots are limited in the extent of their interaction with the attacker. They are generally emulator of the services and operating systems. 2.2.1.2 High interaction Honeypot High-interaction honeypots are complex solution they involve with the deployment of real operating systems and applications. High interaction honeypots capture extensive amount of information by allowing attacker to interact with the real systems. 2.2.2 Deployment Based on deployment honeypot may be classified as Production Honeypots Research Honeypots 2.2.2.1 Production Honeypots Production honeypots are honeypots that are placed within the production networks for the purpose of detection. They extend the capabilities of the intrusion detection systems. These type of honeypots are developed and cond to integrate with the organizations infrastructure and scope. They are usually implemented as low-interaction honeypots but implementation may vary depending on the available funding and expertise required by the organization. Production honeypots can be placed within the application and authentication server subnets and can identify any attacks directed towards those subnets. Thus they can be used to identify both internal and external threats for an organization. These types of honeypots can also be used to detect malware propagation in the network caused by zero day exploits. Since IDSs detection is based on database signatures they fail to detect exploits that are not defined in their databases. This is where the honeypots out shine the Intrusion detection systems. They aid the system network administrators by providing network situational awareness. On basis of these results administrators can take decisions necessary to add or enhance security resources of the organization e.g. firewall, IDS and IPS etc. 2.2.2.1 Research Honeypots Research honeypots are deployed by network security researchers the whitehat hackers. Their primarily goal is to learn the tools, tactics techniques of the blackhat hackers by which they exploit computers network systems. These honeypots are deployed with the idea of allowing the attacker complete freedom and in the process learn his tactics from his movement within the system. Research honeypots help security researchers to isolate attacker tools they use to exploit systems. They are then carefully studied within a sand box environment to identify zero day exploits. Worms, Trojans and viruses propagating in the network can also be isolated and studied. The researchers then document their findings and share with system programmers, network and system administrators various system and anti-virus vendors. They provide the raw material for the rule engines of IDS, IPS and firewall system. Research Honeypots act as early warning systems. They are designed to detect and log maximum information from attackers yet being stealthy enough not to let attackers identify them. The identity of the honeypot is crucial and we can conclude that the learning curve (from the attacker) is directly proportional to the stealthiest of thehoneypot .These types of honeypots are usually deployed at universities and by the RD departments of various organizations. These types of honeypots are usually deployed as High-Interaction honeypots. 2.3 Honeynet The concept of the honeypot is sometimes extended to a network of honeypots, known as a honeynet. In honeynet we grouped different types of honeypots with different operatrating systems which increases the probability of trapping an attacker. At the same time, a setting in which the attacker explores the honeynet through network connections between the various host systems provides additional prospects for monitoring the attack and revealing information about the intruder. The honeynet operator can also use the honeynet for training purposes, gaining valuable experience with attack strategies and digital forensics without endangering production systems. The Honeynet project is a non-profit research organization that provides tools for building and managing honeynets. The tools of the Honeynet project are designed for the latest generation of high interaction honeynets that require two separate networks. The honeypots reside on the first network, and the second network holds the tools for managing the honeynet. Between these tools (and facing the Internet) is a device known as the honeywall. The honeywall, which is actually a kind of gateway device, captures controls, and analyzes all inbound and outbound traffic to the honeypots[4]. It is a high-interaction honeypot designed to capture wide-range of information on threats. High-interaction means that a honeynet provides real systems, applications, and services for attackers to interact with, as opposed to low-interaction honeypots which provide emulated services and operating systems. It is through this extensive interaction we gain information on threats, both external and internal to an organization. What makes a honeynet different from most honeypots is that it is a network of real computers for attackers to interact with. These victim systems (honeypots within the honeynet) can be any type of system, service, or information you want to provide [14]. 2.4 Honeynet Data Management Data management consist of three process Data control, data capture and data collection. 2.4.1 Data Control Data control is the containment of activity within the honeynet. It determines the means through which the attackers activity can be restricted in a way to avoid damaging/abusing other systems/resources through the honeynet. This demands a great deal of planning as we require to give the attacker freedom in order to learn from his moves and at the same time not let our resources (honeypot+bandwidth) to be used to attack, damage and abuse other hosts on the same or different subnets. Careful measures are taken by the administrators of the honeynet to study and formulate a policy on attackers freedom versus containment and implement this in a way to achieve maximum data control and yet not be discovered or identified by the attacker as a honeypot. Security is a process and is implemented in layers, various mechanisms to achieve data control are available such as firewall, counting outbound connections, intrusion detection systems,intrusion prevention systems and bandwidth restriction e tc. Depending on our requirements and risk thresholds defined we can implement data control mechanisms accordingly [4]. 2.4.2 Data Capture Data Capture involves the capturing, monitoring and logging of allthreats and attacker activities within the honeynet. Analysis of this captured data provides an insight on the tools, tactics, techniques and motives of the attackers. The concept is to achieve maximum logging capability at all nodes and hence log any kind of attackers interaction without the attacker knowing it. This type of stealthy logging is achieved by setting up tools and mechanisms on the honeypots to log all system activity and have network logging capability at the honeywall. Every bit of information is crucial in studying the attacker whether its a TCP port scan, remote and local exploit attempt, brute force attack, attack tool download by the haacker, various local commands run, any type of communication carried out over encrypted and unencrypted channels (mostly IRC) and any outbound connection attempt made by the attacker [25]. All of this should be logged successfully and sent over to a remote location to avoid any loss of data due to risk of system damage caused by attackers, such as data wipe out on disk etc. In order to avoid detection of this kind of activity from the attacker, data masking techniques such as encryption should be used. 2.4.3 Data Collection Once data is captured, it is securely sent to a centralized data collection point. Data is used for analysis and archiving which is collected from different honeynet sensors. Implementations may vary depending on the requirements of the organization, however latest implementations incorporate data collection at the honeywall gateway [19]. 2.5 Honeynet Architectures There are three honeynet architectures namely Generation I, Generation II and Generation III 2.5.1 Generation I Architecture Gen I Honeynet was developed in 1999 by the Honeynet Project. Its purpose was to capture attackers activity and give them the feeling of a real network. The architecture is simple with a firewall aided by IDS at front and honeypots placed behind it. This makes it detectable by attacker [7]. 2.5.2 Generation II III Architecture Gen II honeynets were first introduced in 2001 and Gen III honeynets was released in the end of 2004. Gen II honeynets were made in order to address the issues of Gen I honeynets. Gen II and Gen III honeynets have the same architecture. The only difference being improvements in deployment and management, in Gen III honeynets along with the addition of Sebek server built in the honeywall. Sebek is a stealthy capture tool installed on honeypots that capture and log all requests sent to the system read and write system call. This is very helpful in providing an insight on the attacker [7]. A radical change in architecture was brought about by the introduction of a single device that handles the data control and data capture mechanisms of the honeynet called the IDS Gateway or marketing-wise, the Honeywall. By making the architecture more â€Å"stealthy†, attackers are kept longer and thus more data is captured. There was also a major thrust in improving honeypot layer of data capture with the introduction of a new UNIX and Windows based data. 2.6 Virtual Honeynet Virtualization is a technology that allows running multiple virtual machines on a single physical machine. Each virtual machine can be an independent Operating system installation. This is achieved by sharing the physical machines resources such as CPU, Memory, Storage and peripherals through specialized software across multiple environments. Thus multiple virtual Operating systems can run concurrently on a single physical machine [4]. A virtual machine is specialized software that can run its own operating systems and applications as if it were a physical computer. It has its own CPU, RAM storage and peripherals managed by software that dynamically shares it with the physical hardware resources. Virtulization A virtual Honeynet is a solution that facilitates one to run a honeynet on a single computer. We use the term virtual because all the different operating systems placed in the honeynet have the appearance to be running on their own, independent computer. Network to a machine on the Honeynet may indicate a compromised enterprise system. CHAPTER 3 Design and Implementation Computer networks, connected to the Internet are vulnerable to a variety of exploits that can compromise their intended operations. Systems can be subject to Denial of Service Attacks, i-e preventing other computers to gain access for the desired service (e.g. web server) or prevent them from connecting to other computers on the Internet. They can also be subject to attacks that cause them to cease operations either temporarily or permanently. A hacker may be able to compromise a system and gain root access as if he is the system administrator. The number of exploits targeted against various platforms, operating systems, and applications increasing regularly. Most of vulnerabilities and attack methods are detected after the exploitations and cause big loses. Following are the main components of physical deployment of honeynet. First is the design of the Deployed Architecture. Then we installed SUN Virtual box as the Virtualization software. In this we virtually installed three Operating System two of them will work as honey pots and one Honeywall Roo 1.4 as Honeynet transparent Gateway. Snort and sebek are the part of honeywall roo operating system. Snort as IDS and Snort-Inline as IPS. Sebek as the Data Capture tool on the honeypot. The entire OS and honeywall functionality is installed on the system it formats all the previous data from the hard disk. The only purpose now of the CDROM is to install this functionality to the local hard drive. LiveCD could not be modified, so after installing it on the hard drive we can modify it according to our requirement. This approach help us to maintain the honeywall, allowing honeynet to use automated tools such asyumto keep packages current [31]. In the following table there is a summry of products with features installed in honeynet and hardware requirements. Current versions of the installed products are also mention in the table. Table 3.1 Project Summary Project Summary Feature Product Specifications Host Operating System Windows Server 2003 R2 HW Vendor HP Compaq DC 7700 ProcessorIntel(R) Pentium ® D CPU 3GHz RAM 2GB Storage 120GB NIC 1GB Ethernet controller (public IP ) Guest Operating System 1 Linux, Honeywall Roo 1.4 Single Processor Virtual Machine ( HONEYWALL ) RAM 512 MB Storage 10 GB NIC 1 100Mbps Bridged interface NIC 2 100Mbps host-only interface NIC 3 100Mbps Bridged interface (public IP ) Guest Operating System 2 Linux, Ubuntu 8.04 LTS (Hardy Heron) Single Processor Virtual Machine ( HONEYPOT ) RAM 256 MB Storage 10 GB NIC 100Mbps host-only vmnet (public IP ) Guest Operating System 3 Windows Server 2003 Single Processor Virtual Machine ( HONEYPOT ) RAM 256 MB Storage 10 GB NIC 100Mbps host-only vmnet (public IP ) Virtualization software SUN Virtual Box Version 3 Architecture Gen III Gen III implemented as a virtual honeynet Honeywall Roo Roo 1.4 IDS Snort Snort 2.6.x IPS Snort_inline Snort_inline 2.6.1.5 Data Capture Tool (on honeypots) Sebek Sebek 3.2.0 Honeynet Project Online Tenure November 12, 2009 TO December 12, 2009 3.1 Deployed Architecture and Design 3.2 Windows Server 2003 as Host OS Usability and performance of virtualization softwares are very good on windows server 2003. Windows Server 2003is aserveroperating system produced byMicrosoft. it is considered by Microsoft to be the cornerstone of itsWindows Server Systemline of business server products. Windows Server 2003 is more scalable and delivers better performance than its predecessor,Windows 2000. 3.3 Ubuntu as Honeypot Determined to use free and open source software for this project, Linux was the natural choice to fill as the Host Operating System for our projects server. Ubuntu 8.04 was used as a linux based honeypot for our implementation. The concept was to setup an up-to-date Ubuntu server, cond with commonly used services such as SSH, FTP, Apache, MySQL and PHP and study attacks directed towards them on the internet. Ubuntu being the most widely used Linux desktop can prove to be a good platform to study zero day exploits. It also becomes a candidate for malware collection and a source to learn hacker tools being used on the internet. Ubuntu was successfully deployed as a virtual machine and setup in our honeynet with a host-only virtual Ethernet connection. The honeypot was made sweeter i.e. an interesting target for the attacker by setting up all services with default settings, for example SSH allowed password based connectivity from any IP on default port 22, users created were given privi leges to install and run applications, Apache index.html page was made remotely accessible with default errors and banners, MySQL default port 1434 was accessible and outbound connections were allowed but limited [3]. Ubuntu is a computeroperating systembased on theDebianGNU/Linux distribution. It is named after theSouthern Africanethical ideology Ubuntu (humanity towards others)[5]and is distributed asfree and open source software. Ubuntu provides an up-to-date, stable operating system for the average user, with a strong focus onusabilityand ease of installation. Ubuntu focuses onusability andsecurity. The Ubiquity installer allows Ubuntu to be installed to the hard disk from within the Live CD environment, without the need for restarting the computer prior to installation. Ubuntu also emphasizesaccessibilityandinternationalization to reach as many people as possible [33]. Ubuntu comes installed with a wide range of software that includes OpenOffice, Firefox,Empathy (Pidgin in versions before 9.10), Transmission, GIMP, and several lightweight games (such as Sudoku and chess). Ubuntu allows networking ports to be closed using its firewall, with customized port selectio Analysis of Honeynets and Honeypots for Security Analysis of Honeynets and Honeypots for Security Chapter 1 Introduction Honeynet is a kind of a network security tool, most of the network security tools we have are passive in nature for example Firewalls and IDS. They have the dynamic database of available rules and signatures and they operate on these rules. That is why anomaly detection is limited only to the set of available rules. Any activity that is not in alignment with the given rules and signatures goes under the radar undetected. Honeypots by design allows you to take the initiative, and trap those bad guys (hackers). This system has no production value, with no authorized activity. Any interaction with the honeypot is considered malicious in intent. The combination of honeypots is honeynet. Basically honeypots or honeynets do not solve the security problem but provide information and knowledge that help the system administrator to enhance the overall security of his network and systems. This knowledge can act as an Intrusion detection system and used as input for any early warning systems. O ver the years researchers have successfully isolated and identified verity of worms exploits using honeypots and honeynets. Honeynets extend the concept of a single honeypot to a highly controlled network of honeypots. A honeynet is a specialized network architecture cond in a way to achieve Data Control, Data Capture Data Collection. This architecture builds a controlled network that one can control and monitor all kind of system and network activity. 1.1 Information Security Information Security is the protection of all sensitive information, electronic or otherwise, which is owned by an individual or an organization. It deals with the preservation of the confidentiality, integrity and availability of information. It protects information of organizations from all kinds of threats to ensure business continuity, minimize business damage and maximize the return on investment and business opportunities. Information stored is highly confidential and not for public viewing. Through information security we protect its availability, privacy and integrity. Information is one of most important assets of financial institutions. Fortification of information assets is essential to ascertain and maintain trust between the financial institution and its customers, maintain compliance with the law, and protect the reputation of the institution. Timely and reliable information is compulsory to process transactions and support financial institution and customer decisions. A financial institutions earnings and capital can be adversely affected, if information becomes known to unauthorized parties is distorted or is not available when it is needed [15]. 1.2 Network Security It is the protection of networks and its services from any unauthorized access. It includes the confidentiality and integrity of all data passing through the network. It also includes the security of all Network devices and all information assets connected to a network as well as protection against all kind of known and unknown attacks. The ITU-T Security Architecture for Open System Interconnection (OSI) document X.800 and RFC 2828 are the standard documentation defining security services. X.800 divides the security services into 5 categories and 14 specific services which can be summarized as Table 1.1 OSI X.800 Summary[8] â€Å"1. AUTHENTICATION The assurance that the communicating entity is the one that it claims to be. Peer Entity Authentication Used in association with a logical connection to provide confidence in the identity of the entities connected. Data Origin Authentication In a connectionless transfer, provides assurance that the source of received data is as claimed. 2. ACCESS CONTROL The prevention of unauthorized use of a resource (i.e., this service controls who can have access to a resource, under what conditions access can occur, and what those accessing the resource are allowed to do). 3. DATA CONFIDENTIALITY The protection of data from unauthorized disclosure. Connection Confidentiality The protection of all user data on a connection. Connectionless Confidentiality The protection of all user data in a single data block Selective-Field Confidentiality The confidentiality of selected fields within the user data on a connection or in a single data block. Traffic Flow Confidentiality The protection of the information that might be derived from observation of traffic flows. 4. DATA INTEGRITY The assurance that data received are exactly as sent by an authorized entity (i.e., contain no modification, insertion, deletion, or replay). Connection Integrity with Recovery Provides for the integrity of all user data on a connection and detects any modification, insertion, deletion, or replay of any data within an entire data sequence, with recovery attempted. Connection Integrity without Recovery As above, but provides only detection without recovery. Selective-Field Connection Integrity Provides for the integrity of selected fields within the user data of a data block transferred over a connection and takes the form of determination of whether the selected fields have been modified, inserted, deleted, or replayed. Connectionless Integrity Provides for the integrity of a single connectionless data block and may take the form of detection of data modification. Additionally, a limited form of replay detection may be provided. Selective-Field Connectionless Integrity Provides for the integrity of selected fields within a single connectionless data block; takes the form of determination of whether the selected fields have been modified. 5. NONREPUDIATION Provides protection against denial by one of the entities involved in a communication of having participated in all or part of the communication. Nonrepudiation, Origin Proof that the message was sent by the specified party. Nonrepudiation, Destination Proof that the message was received by the specified party.† [1] [8], [9], 1.3 The Security Problem System security personnel fighting an unending battle to secure their digital assets against the ever increasing attacks, verity of attacks and their intensity is increasing day by day. Most of the attacks are detected after the exploitations so there should be awareness of the threats and vulnerabilities that exist in the Internet today. First we have to understand that we cannot say that there exists a perfect secure machine or network because the closest we can get to an absolute secure machine is that we unplugged the network cable and power supply and put that machine in to a safe. Unfortunately it is not useful in that state. We cannot achieve perfect security and perfect access at the same time. We can only increase the no of doors but we cannot put wall instead of doors. In field of security we need to find the vulnerably and exploits before they affect us. Honeypot and honeynet provides a valuable tool to collect information about the behavior of attackers in order to design and implement better defense. In the field of security it is important to note that we cannot simply state that what is the best type of firewall? Absolute security and absolute access are the two chief points. Absolute security and absolute access are inverse to each other. If we increase the security access will be decrease. There should be balance between absolute security and absolute defense, access is given without compromising the security. If we compare it to our daily lives we observe not much difference. We are continuously making decisions regarding what risks we are ready to take. When we step out of our homes we are taking a risk. As we get into a car and drive to our work place there is a risk associated with it too. There is a possibility that something might happen on the highway which will make us a part of an accident. When we fly and sit on an airplane we are willing to undergo the level of risk which is at par with the heavy amount we are paying for this convenience. It is observed that many people think differently about what an acceptable risk would be and in majority cases they do go beyond this thinking. For instance if I am sitting upstairs in my room and have to go to work, I wont take a jump straight out of the window. It might be a faster way but the danger of doing so and the injury I would have to face is much greater than the convenience. It is vital for every organization to decide that between the two opposite poles of total security and total access where they need to place themselves. It is necessary for a policy to articulate this system and then further explain the way it will be enforced with which practices and ways. Everything that is done under the name of security must strictly agree to the policy. 1.4 Types of Hacker Hackers are generally divide into two major categories. 1.4.1 Black Hats Black hat hackers are the biggest threat both internal and external to the IT infrastructure of any organization, as they are consistently challenging the security of applications and services. They are also called crackers, These are the persons who specialize in unauthorized infiltration. There could be Varity of reasons for this type of penetration it could be for profit, for enjoyment, or for political motivations or as a part of a social cause. Such infiltration often involves modification / destruction of data. 1.4.2 White Hats White hat hackers are similar to black hat hackers but there is a important difference that is white hat hackers do it without any criminal intention. Different companies all around the world hire/contact these kinds of persons to test their systems and softwares. They check how secure these systems are and point out any fault they found. These hackers, also known as ethical hackers, These are the persons or security experts who are specialize in penetration testing. These types of people are also known as tiger teams. These experts may use different types of methods and techniques to carry out their tests, including social engineering tactics, use of hacking tools, and attempts to bypass security to gain entry into protected areas, but they do this only to find weaknesses in the system[8]. 1.5 Types of Attacks There are many types of attacks that can be categorized under 2 major categories Active Attacks Passive Attacks 1.5.1 Active Attacks Active attacks involve the attacker taking the offensive and directing malicious packets towards its victims in order to gain illegitimate access of the target machine such as by performing exhaustive user password combinations as in brute-force attacks. Or by exploiting remote local vulnerabilities in services and applications that are termed as holes. Other types of attacks include Masquerading attack when attacker pretends to be a different entity. Attacker user fake Identity of some legitimate user. Replay attack In Replay attack, attacker captures data and retransmits it to produce an unauthorized effect. It is a kind of man in middle attack. Modification attack In this type of attack integrity of the message is compromise. Message or file is modified by the attacker to achieve his malicious goals. Denial of service (DOS)attack In DOS attack an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, websites, online accounts (banking, etc.), or other services that rely on the affected computer. TCP ICMP scanning is also a form of active attacks in which the attackers exploit the way protocols are designed to respond. e.g. ping of death, sync attacks etc. In all types of active attacks the attacker creates noise over the network and transmits packets making it possible to detect and trace the attacker. Depending on the skill level, it has been observed that the skill full attackers usually attack their victims from proxy destinations that they have victimized earlier. 1.5.2 Passive Attacks Passive attacks involve the attacker being able to intercept, collect monitor any transmission sent by their victims. Thus, eavesdropping on their victim and in the process being able to listen in to their victims or targets communications. Passive attacks are very specialized types of attacks which are aimed at obtaining information that is being transmitted over secure and insecure channels. Since the attacker does not create any noise or minimal noise on the network so it is very difficult to detect and identify them. Passive attacks can be divided into 2 main types, the release of message content and traffic analysis. Release of message content It involves protecting message content from getting in hands of unauthorized users during transmission. This can be as basic as a message delivered via a telephone conversation, instant messenger chat, email or a file. Traffic analysis It involves techniques used by attackers to retrieve the actual message from encrypted intercepted messages of their victims. Encryption provides a means to mask the contents of a message using mathematical formulas and thus make them unreadable. The original message can only be retrieved by a reverse process called decryption. This cryptographic system is often based on a key or a password as input from the user. With traffic analysis the attacker can passively observe patterns, trends, frequencies and lengths of messages to guess the key or retrieve the original message by various cryptanalysis systems. Chapter 2 Honeypot and Honeynet 2.1 Honeypot Is a system, or part of a system, deliberately made to invite an intruder or system cracker. Honeypots have additional functionality and intrusion detection systems built into them for the collection of valuable information on the intruders. The era of virtualization had its impact on security and honeypots, the community responded, marked by the fine efforts of Niels Provos (founder of honeyd) Thorsten Holz for their masterpiece book â€Å"Virtual Honeypots From Botnet Tracking to Intrusion Detection† in 2007. 2.2 Types of Honeypots Honeypots can be categorized into 2 main types based on Level of interaction Deployment. 2.2.1 Level of interaction Level of interaction determines the amount of functionality a honeypot provides. 2.2.1.1 Low-interaction Honeypot Low-interaction honey pots are limited in the extent of their interaction with the attacker. They are generally emulator of the services and operating systems. 2.2.1.2 High interaction Honeypot High-interaction honeypots are complex solution they involve with the deployment of real operating systems and applications. High interaction honeypots capture extensive amount of information by allowing attacker to interact with the real systems. 2.2.2 Deployment Based on deployment honeypot may be classified as Production Honeypots Research Honeypots 2.2.2.1 Production Honeypots Production honeypots are honeypots that are placed within the production networks for the purpose of detection. They extend the capabilities of the intrusion detection systems. These type of honeypots are developed and cond to integrate with the organizations infrastructure and scope. They are usually implemented as low-interaction honeypots but implementation may vary depending on the available funding and expertise required by the organization. Production honeypots can be placed within the application and authentication server subnets and can identify any attacks directed towards those subnets. Thus they can be used to identify both internal and external threats for an organization. These types of honeypots can also be used to detect malware propagation in the network caused by zero day exploits. Since IDSs detection is based on database signatures they fail to detect exploits that are not defined in their databases. This is where the honeypots out shine the Intrusion detection systems. They aid the system network administrators by providing network situational awareness. On basis of these results administrators can take decisions necessary to add or enhance security resources of the organization e.g. firewall, IDS and IPS etc. 2.2.2.1 Research Honeypots Research honeypots are deployed by network security researchers the whitehat hackers. Their primarily goal is to learn the tools, tactics techniques of the blackhat hackers by which they exploit computers network systems. These honeypots are deployed with the idea of allowing the attacker complete freedom and in the process learn his tactics from his movement within the system. Research honeypots help security researchers to isolate attacker tools they use to exploit systems. They are then carefully studied within a sand box environment to identify zero day exploits. Worms, Trojans and viruses propagating in the network can also be isolated and studied. The researchers then document their findings and share with system programmers, network and system administrators various system and anti-virus vendors. They provide the raw material for the rule engines of IDS, IPS and firewall system. Research Honeypots act as early warning systems. They are designed to detect and log maximum information from attackers yet being stealthy enough not to let attackers identify them. The identity of the honeypot is crucial and we can conclude that the learning curve (from the attacker) is directly proportional to the stealthiest of thehoneypot .These types of honeypots are usually deployed at universities and by the RD departments of various organizations. These types of honeypots are usually deployed as High-Interaction honeypots. 2.3 Honeynet The concept of the honeypot is sometimes extended to a network of honeypots, known as a honeynet. In honeynet we grouped different types of honeypots with different operatrating systems which increases the probability of trapping an attacker. At the same time, a setting in which the attacker explores the honeynet through network connections between the various host systems provides additional prospects for monitoring the attack and revealing information about the intruder. The honeynet operator can also use the honeynet for training purposes, gaining valuable experience with attack strategies and digital forensics without endangering production systems. The Honeynet project is a non-profit research organization that provides tools for building and managing honeynets. The tools of the Honeynet project are designed for the latest generation of high interaction honeynets that require two separate networks. The honeypots reside on the first network, and the second network holds the tools for managing the honeynet. Between these tools (and facing the Internet) is a device known as the honeywall. The honeywall, which is actually a kind of gateway device, captures controls, and analyzes all inbound and outbound traffic to the honeypots[4]. It is a high-interaction honeypot designed to capture wide-range of information on threats. High-interaction means that a honeynet provides real systems, applications, and services for attackers to interact with, as opposed to low-interaction honeypots which provide emulated services and operating systems. It is through this extensive interaction we gain information on threats, both external and internal to an organization. What makes a honeynet different from most honeypots is that it is a network of real computers for attackers to interact with. These victim systems (honeypots within the honeynet) can be any type of system, service, or information you want to provide [14]. 2.4 Honeynet Data Management Data management consist of three process Data control, data capture and data collection. 2.4.1 Data Control Data control is the containment of activity within the honeynet. It determines the means through which the attackers activity can be restricted in a way to avoid damaging/abusing other systems/resources through the honeynet. This demands a great deal of planning as we require to give the attacker freedom in order to learn from his moves and at the same time not let our resources (honeypot+bandwidth) to be used to attack, damage and abuse other hosts on the same or different subnets. Careful measures are taken by the administrators of the honeynet to study and formulate a policy on attackers freedom versus containment and implement this in a way to achieve maximum data control and yet not be discovered or identified by the attacker as a honeypot. Security is a process and is implemented in layers, various mechanisms to achieve data control are available such as firewall, counting outbound connections, intrusion detection systems,intrusion prevention systems and bandwidth restriction e tc. Depending on our requirements and risk thresholds defined we can implement data control mechanisms accordingly [4]. 2.4.2 Data Capture Data Capture involves the capturing, monitoring and logging of allthreats and attacker activities within the honeynet. Analysis of this captured data provides an insight on the tools, tactics, techniques and motives of the attackers. The concept is to achieve maximum logging capability at all nodes and hence log any kind of attackers interaction without the attacker knowing it. This type of stealthy logging is achieved by setting up tools and mechanisms on the honeypots to log all system activity and have network logging capability at the honeywall. Every bit of information is crucial in studying the attacker whether its a TCP port scan, remote and local exploit attempt, brute force attack, attack tool download by the haacker, various local commands run, any type of communication carried out over encrypted and unencrypted channels (mostly IRC) and any outbound connection attempt made by the attacker [25]. All of this should be logged successfully and sent over to a remote location to avoid any loss of data due to risk of system damage caused by attackers, such as data wipe out on disk etc. In order to avoid detection of this kind of activity from the attacker, data masking techniques such as encryption should be used. 2.4.3 Data Collection Once data is captured, it is securely sent to a centralized data collection point. Data is used for analysis and archiving which is collected from different honeynet sensors. Implementations may vary depending on the requirements of the organization, however latest implementations incorporate data collection at the honeywall gateway [19]. 2.5 Honeynet Architectures There are three honeynet architectures namely Generation I, Generation II and Generation III 2.5.1 Generation I Architecture Gen I Honeynet was developed in 1999 by the Honeynet Project. Its purpose was to capture attackers activity and give them the feeling of a real network. The architecture is simple with a firewall aided by IDS at front and honeypots placed behind it. This makes it detectable by attacker [7]. 2.5.2 Generation II III Architecture Gen II honeynets were first introduced in 2001 and Gen III honeynets was released in the end of 2004. Gen II honeynets were made in order to address the issues of Gen I honeynets. Gen II and Gen III honeynets have the same architecture. The only difference being improvements in deployment and management, in Gen III honeynets along with the addition of Sebek server built in the honeywall. Sebek is a stealthy capture tool installed on honeypots that capture and log all requests sent to the system read and write system call. This is very helpful in providing an insight on the attacker [7]. A radical change in architecture was brought about by the introduction of a single device that handles the data control and data capture mechanisms of the honeynet called the IDS Gateway or marketing-wise, the Honeywall. By making the architecture more â€Å"stealthy†, attackers are kept longer and thus more data is captured. There was also a major thrust in improving honeypot layer of data capture with the introduction of a new UNIX and Windows based data. 2.6 Virtual Honeynet Virtualization is a technology that allows running multiple virtual machines on a single physical machine. Each virtual machine can be an independent Operating system installation. This is achieved by sharing the physical machines resources such as CPU, Memory, Storage and peripherals through specialized software across multiple environments. Thus multiple virtual Operating systems can run concurrently on a single physical machine [4]. A virtual machine is specialized software that can run its own operating systems and applications as if it were a physical computer. It has its own CPU, RAM storage and peripherals managed by software that dynamically shares it with the physical hardware resources. Virtulization A virtual Honeynet is a solution that facilitates one to run a honeynet on a single computer. We use the term virtual because all the different operating systems placed in the honeynet have the appearance to be running on their own, independent computer. Network to a machine on the Honeynet may indicate a compromised enterprise system. CHAPTER 3 Design and Implementation Computer networks, connected to the Internet are vulnerable to a variety of exploits that can compromise their intended operations. Systems can be subject to Denial of Service Attacks, i-e preventing other computers to gain access for the desired service (e.g. web server) or prevent them from connecting to other computers on the Internet. They can also be subject to attacks that cause them to cease operations either temporarily or permanently. A hacker may be able to compromise a system and gain root access as if he is the system administrator. The number of exploits targeted against various platforms, operating systems, and applications increasing regularly. Most of vulnerabilities and attack methods are detected after the exploitations and cause big loses. Following are the main components of physical deployment of honeynet. First is the design of the Deployed Architecture. Then we installed SUN Virtual box as the Virtualization software. In this we virtually installed three Operating System two of them will work as honey pots and one Honeywall Roo 1.4 as Honeynet transparent Gateway. Snort and sebek are the part of honeywall roo operating system. Snort as IDS and Snort-Inline as IPS. Sebek as the Data Capture tool on the honeypot. The entire OS and honeywall functionality is installed on the system it formats all the previous data from the hard disk. The only purpose now of the CDROM is to install this functionality to the local hard drive. LiveCD could not be modified, so after installing it on the hard drive we can modify it according to our requirement. This approach help us to maintain the honeywall, allowing honeynet to use automated tools such asyumto keep packages current [31]. In the following table there is a summry of products with features installed in honeynet and hardware requirements. Current versions of the installed products are also mention in the table. Table 3.1 Project Summary Project Summary Feature Product Specifications Host Operating System Windows Server 2003 R2 HW Vendor HP Compaq DC 7700 ProcessorIntel(R) Pentium ® D CPU 3GHz RAM 2GB Storage 120GB NIC 1GB Ethernet controller (public IP ) Guest Operating System 1 Linux, Honeywall Roo 1.4 Single Processor Virtual Machine ( HONEYWALL ) RAM 512 MB Storage 10 GB NIC 1 100Mbps Bridged interface NIC 2 100Mbps host-only interface NIC 3 100Mbps Bridged interface (public IP ) Guest Operating System 2 Linux, Ubuntu 8.04 LTS (Hardy Heron) Single Processor Virtual Machine ( HONEYPOT ) RAM 256 MB Storage 10 GB NIC 100Mbps host-only vmnet (public IP ) Guest Operating System 3 Windows Server 2003 Single Processor Virtual Machine ( HONEYPOT ) RAM 256 MB Storage 10 GB NIC 100Mbps host-only vmnet (public IP ) Virtualization software SUN Virtual Box Version 3 Architecture Gen III Gen III implemented as a virtual honeynet Honeywall Roo Roo 1.4 IDS Snort Snort 2.6.x IPS Snort_inline Snort_inline 2.6.1.5 Data Capture Tool (on honeypots) Sebek Sebek 3.2.0 Honeynet Project Online Tenure November 12, 2009 TO December 12, 2009 3.1 Deployed Architecture and Design 3.2 Windows Server 2003 as Host OS Usability and performance of virtualization softwares are very good on windows server 2003. Windows Server 2003is aserveroperating system produced byMicrosoft. it is considered by Microsoft to be the cornerstone of itsWindows Server Systemline of business server products. Windows Server 2003 is more scalable and delivers better performance than its predecessor,Windows 2000. 3.3 Ubuntu as Honeypot Determined to use free and open source software for this project, Linux was the natural choice to fill as the Host Operating System for our projects server. Ubuntu 8.04 was used as a linux based honeypot for our implementation. The concept was to setup an up-to-date Ubuntu server, cond with commonly used services such as SSH, FTP, Apache, MySQL and PHP and study attacks directed towards them on the internet. Ubuntu being the most widely used Linux desktop can prove to be a good platform to study zero day exploits. It also becomes a candidate for malware collection and a source to learn hacker tools being used on the internet. Ubuntu was successfully deployed as a virtual machine and setup in our honeynet with a host-only virtual Ethernet connection. The honeypot was made sweeter i.e. an interesting target for the attacker by setting up all services with default settings, for example SSH allowed password based connectivity from any IP on default port 22, users created were given privi leges to install and run applications, Apache index.html page was made remotely accessible with default errors and banners, MySQL default port 1434 was accessible and outbound connections were allowed but limited [3]. Ubuntu is a computeroperating systembased on theDebianGNU/Linux distribution. It is named after theSouthern Africanethical ideology Ubuntu (humanity towards others)[5]and is distributed asfree and open source software. Ubuntu provides an up-to-date, stable operating system for the average user, with a strong focus onusabilityand ease of installation. Ubuntu focuses onusability andsecurity. The Ubiquity installer allows Ubuntu to be installed to the hard disk from within the Live CD environment, without the need for restarting the computer prior to installation. Ubuntu also emphasizesaccessibilityandinternationalization to reach as many people as possible [33]. Ubuntu comes installed with a wide range of software that includes OpenOffice, Firefox,Empathy (Pidgin in versions before 9.10), Transmission, GIMP, and several lightweight games (such as Sudoku and chess). Ubuntu allows networking ports to be closed using its firewall, with customized port selectio