Flexible deterrent option Essay Example | Topics and Well Written Essays - 2000 words

Flexible deterrent option - Essay Example FDO is therefore a more collective and integrated approach than other military actions. In this essay therefore, an existing flexible deterrent option is scrutinized by use of initial force analysis to understudy how the FDO increases defense support to the key determinants of FDO mentioned above. The emphasis of deterrence is a Task Force to deter Ahurastani aggression from aggravating. Initial Force Analysis for a Flexible Deterrent Option Capabilities needed to accomplish the specified key tasks For the flexible deterrent option to be successfully executed, there are key capabilities that must be accomplished for each key specific task. An important aspect of the flexible deterrent option is that even though the flexible deterrent option (FDO) has an aim of securing Nakhchivan airfield to facilitate force and sustainment flow into the entire Nakhchivan region, this aim would be seen as a collective goal that cannot be achieved by performing only one task. Once this happens, the FD O becomes an event rather than a process. The aim can therefore be broken down into specific objectives, which are each backed by a specific key task. The collective achievement of the tasks then represents the achievement of the aim3. ... These are sustainable competence, guidance, energy and materials (engagement), combat readiness, information acquisition and processing, environment (knowledge), systems and modeling (maneuver), and force structure. Because of the interrelated nature of the mission of the FDO, these capabilities will be treated as related components of the mission rather than individual capabilities that apportioned forces must exhibit. Resources in apportioned forces There are three major apportioned forces, which are army, air force and navy. Among each of these forces, it is expected that all six capabilities identified above will be exhibited. But in order to make this possible, it is expected that certain resources that enhance the development of the capabilities will be in place. This is particularly necessary as the capabilities cannot be acquired or learned on an independent basis in the absent of resources. Currently, within the army, it is noted that there is an existence of huge problems w ith training, equipping and motivation for soldiers. Meanwhile for capability such as sustainable competence to take place, it is important that soldiers receive training on a constant basis so that their competences can be guaranteed and sustained. The same argument about training is true if capabilities like engagement, combat readiness, knowledge and maneuver can all be acquired4. For the capability of knowledge, which deals with information acquisition and processing to take place, it is expected that the army will be well equipped in the delivery of its duties. A similar case can be made for force structure, sustainable competence and combat readiness, which are all capabilities that cannot be guaranteed in the absence of motivation for soldiers.

Law and Practice Disciplinary Violation Essay Example | Topics and Well Written Essays - 2500 words

Law and Practice Disciplinary Violation - Essay Example The Law of Confidence pertains to the issue of information that is deemed to be confidential and will include trade secrets, copyrighted and other sensitive information, including the right to its protection and remedy for the infringement through breach of confidence and trust by employees. (a) A new three-step dispute resolution process for employers and employees under the Employment Act has been introduced as of October 1, 2004. 1 According to these provisions, reasons for dismissal or disciplinary action must be put into writing, a face to face meeting must be arranged for discussing the dismissal and the employee must be given a chance to appeal. In the event an employer fails to follow the proper procedure and adhere to all three steps, then penalties will accrue to the employer while the employee may be automatically entitled to claims of unfair dismissal if he/she has been employed for more than a year at the firm in question. Moreover, instant dismissal of an employee, even in cases of gross misconduct, is automatically unfair unless, at the very least, a two-stage procedure is followed, wherein the employee is provided written notice of dismissal and provided the right to appeal. In cases of serious misconduct, it may be legal to dismiss an employee without no tice, however, it is better to suspend the employee first while investigations are carried out to ensure that allegations against the employee are substantiated. What must be considered in Sandra’s case is Alan’s summary dismissal, which has not allowed her the opportunity to appeal the decision to fire her. Continuous service with a Company entitles the employee to a policy of fairness in providing written the notice of the reasons for dismissal and the opportunity to offer any defence. Most companies follow such policies, especially when the employee has  been with the Company for a long time.  

Password Management System Advantages and Disadvantages

Password Management System Advantages and Disadvantages Project Aim: Passwords management is an important aspect of computer security, it’s the front line of protection for user terminals and it is by far the most common user authentication method within the largest multinational organizations. A poorly chosen password will increase the probability for an information system to be compromised. As such, all organization employees are responsible for taking the appropriate steps, to select good password security policies. Does that happen in reality? No, that’s why software password generators are activated to handle password management problems and enforce password management policies requested from the organization in order to comply with national standards, and undertake problems of selecting strong passwords. So the aim of this project is to analyze and test a standard password generator system and propose a technique for helping people to remember strong passwords easily. Project Objectives: According to the above facts the objectives that must be undertaken and strongly research in this Bachelor project report are the following: Identify the importance of passwords as it concerns the advantages and disadvantages in their daily use in home and corporate environments. Identify the weaknesses raised from these poorly chosen passwords and describe the modern attacking techniques against these passwords. Besides propose possible countermeasures to address and eliminate these attacks. Examine the characteristics of an effective password policy which can be applied in a corporate environment in order to establish and manage the appropriate defenses to eliminate the dangerous posed by insecure passwords systems. Conduct a critical analysis of different techniques used to facilitate users to remember strong passwords easily. Propose a mnemonic system which is based on users’ favorite passphrases. Analyze the operating principles of the Password Mnemonic System (PA.ME.SYS) and the processes that it enforces in order to produce â€Å"safe passwords†. Test this password generator system (PA.ME.SYS) for the strength of all passwords it generates. In order to achieve the above purposes of this project a series of logical steps were taken: In order to achieve the first and second objective of this project, a survey was conducted in the Internet, in books and in the Web application design 1 and Web application design 2 lecture notes. This survey was concerned with the importance of passwords in an organization’s security framework, the reasons they are widely used in today’s businesses and the catastrophic consequences posed by the exposure of insecure passwords to unauthorized people. Another survey in books and in the Internet was necessary to identify the weaknesses raised from these poorly chosen passwords, the attacks which are forced by modern attackers to gain unauthorized access to users passwords and the possible defense mechanisms used to address and eliminate such attacks. For the third objective of this report, a survey was conducted in the Internet and in books. The aim of this survey was to find and understand different password policies which can be applied in an organization’s global security policy to establish and manage the defenses used to eliminate the dangerous posed by insecure passwords. A university password policy analyzed for the rules they apply in order to define the secure creation and storage of strong passwords. In addition the relationship between the users and the password policies was examined together with the risks that businesses face due to the implementation of inadequate password policies. For the fourth objective, which defines the added value of this project report, it was important to conduct a search on the Internet for different techniques used to help users to remember strong passwords easily. These techniques were analyzed for their operation and the disadvantages they have. For fifth objective, it was important to propose a mnemonic system which is based on users’ favorite passphrases. The proposal of this mnemonic system was based on the research we made of different mnemonic techniques described on the previous chapter. For the sixth and seventh objective which also defines the added value of this project report it was to analyze and test the proposed Password Mnemonic System (PA.ME.SYS). After the end of the survey a mnemonic system based on users’ favorite passphrases was developed and implemented. For the development analysis and design data flow diagrams were used to clearly show the processes and data that make up the system. For the implementation and testing visual basic language was used which shows in a graphical environment how this mnemonic system works 1. Introduction to Authentication and â€Å"Something you know† 1.1 Identification and Authentication Techniques Controlling access to system resources is an important aspect of computer security. Access control is about managing which users can access which files or services in an organization’s computer system. All entities involved with receiving, accessing, altering or storing information in a computer system, are separated to active and passive ones. The term â€Å"active entities† is used to describe all subjects (users, processes, threads) that are accessing, receiving or altering information in a system. The term â€Å"passive entities† is used to describe all objects (files, database) that actually hold or store information accessed by subjects. Without having access control mechanisms it is not possible to protect the confidentiality, integrity and availability (CIA triad) of system resources.   Access control is used to force users to provide a valid username and password to gain access to a system resource. The two vital components of access control are the identification and authentication processes. In the identification process the user is obligated to present an identity to a computer system. The information provided by the user trying to log on could be a username or by simply placing his/her hand/face to a scanning device. This action triggers the start of the authentication, authorization and accountability processes.  Ãƒâ€šÃ‚   Today, authentication processes are usually classified according to the distinguishing characteristic they use. These characteristics are classified in terms of the three factors described in the following section. Each factor relies on a different kind of distinguishing characteristic used each time to authenticate people in a system. 1.2 Authentication Factors In a typical system, there are basically three ways for human users to authenticate themselves to a client such as a computer, a mobile phone, a network, or an ATM machine. These three authentication factors are the following. ÃÆ'ËÅ" Anything you know: a password The distinguishing characteristic is private information that only authorized people know. In modern computer systems, this characteristic might be a password, a Personal Identification Number (PIN), lock combination or a pass phrase. It is the least cost effective factor and most popular method that can be employed easily in any modern system to authenticate authorized users within the organization. They are simpler and cheaper than other, secure forms of authentication but also because they do not require to spend large amounts of money for the implementation of them in comparison with other more modern security mechanisms. Additionally, Users don’t have to spend time and effort learning how to use them. The passwords are the only user-friendly way to identify a user in a network or computer system and it is believed that they can provide the same level of strong security as a more modern security mechanism. However the usage of passwords as an authentication technique presents some disadvantages that are directly connected to the way that users are managing these passwords. In more specific the users On the other hand, there are also some disadvantages that need to be taken into consideration such as the need to create complex and strong passwords,, the obligation to change their passwords frequently and the instructions and guidelines on how to keep their passwords secret. ÃÆ'ËÅ" Anything you have: a token The distinguishing characteristic is that authorized people own and present a specific item to be authenticated. This characteristic is enclosed in a token device such as a magnetic card, smart card, a memory card or a password calculator. ÃÆ'ËÅ" Anything you are: a biometric The distinguishing characteristic is some physiological feature (static) that is always present in a person, or a certain behavior pattern (dynamic) that is unique to the person being authenticated, and is measured and recorded once in the enrollment process. When the same person requires access entry the biometric identifier compares the current characteristic provided by the user with the previously collected pattern from the original authentic person. This characteristic could be a voice print, fingerprints, face shape, written signature, iris/retina pattern or hand geometry.   2. Attacks on Passwords 2.1 Introduction Passwords are a very important aspect of computer security. They are the front line of protection for user terminals and it is by far the most common user authentication method within the largest multinational organizations However the usage of passwords as an authentication technique increases the probability for an information system to be compromised. That happens because these passwords are directly connected to the way that users are creating, remembering, storing and distributing them. In fact passwords are the weakest element inside the security chain of an organization’s network system and are susceptible to different types of attacks. The next section presents the weaknesses on users’ passwords and modern attack techniques performed by malicious attackers to gain unauthorized access. 2.2 Attacks on Passwords Easily Guessed Passwords: The first weakness lies in the composition of the password itself. Most attackers rely on the fact that most people do a bad job in creating passwords and keeping them secret. Most passwords that people select depend on the following: Favorite football player and actor names, Simple strings, such as passwords consisting of the same character (e.g. 11111). Job titles and nicknames. Important numbers, such as insurance numbers, home addresses, telephones, credit card numbers, driver license, birthdays, or vehicle tags. Favorite words found in dictionaries. Children, family or relative names. The most common attack on passwords is that where malicious hackers exploit human nature and try to guesswhat passwords people select. In this case, hackers build a list with all information related to the victim and make attempts to log on hoping to find out the victim’s password quickly.  Ãƒâ€šÃ‚   Brute-force Attacks: In cryptography, a brute force attack or exhaustive key search is the strategy that can in theory be used against any encrypted data by an attacker who is unable to take advantage of any weakness in an encryption system that would otherwise make his task easier. It involves systematically checking all possible keys until the correct key is found. in the worst case, this would involve traversing the entire search space. The key length used in the encryption determines the practical feasibility performing a brute force attack, with longer keys exponentially more difficult to crack than shorter ones. Brute force attack can be made less effective by obfuscating the data to be encoded, something that makets it more difficult for an attacker to recognize when he has cracked the code.one of the measures of the strenth of an encryption system is how long it would theoretically taken an attacker to mount a successful brute force attack against it. Consequence of this attack is that all users cannot use the network recourses and must wait until system administrator reserts or unlock that account. It is obvious that this kind of attack causes confusion and big delays to user’s critical job tasks. Dictionary Attacks: In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities. (Shape1.1). Shape1.1 Dictionary attack A dictionary attack uses a targeted technique of successively trying all the words in an exhaustive list called a dictionary. In contrast with a brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words for example a dictionary (hence the phrase dictionary attack) or a bible etc. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries or simple, easily-predicted variations on words, such as appending a digit. Social Engineering Attacks: Another weakness lies on the fact that people are not capable to remember and keep their passwords secret. In computer security social engineering is described as a non technical intrusion that is based on the psychological characteristics of the human nature. It is the art of persuading people to reveal vital secrets or to perform actions that comply with the hacker’s wishes {Shape 1.2}. Social engineering can be conducted into several forms. Reverse Engineering: In this method, a legitimate user is induced into asking an attacker questions to obtain information. The attacker poses as a person of higher authority and tries to deduce the needed information from the questions, which are asked by the user. [emailprotected]: This mode of social engineering involves sending an e-mail to a user asking confidential information. The e-mail is meant to trigger an emotional response from the user. It makes the user unwittingly participate in the hacking by disclosing the confidential information. Webpage’s: False Webpage’s, that require users to enter e-mail addresses and passwords, are created by attackers. Hackers hope that users will enter the same passwords at the false websites, as they use at their organization’s computer systems. Shoulder surfing: In this type of attack a malicious attacker could look over a user’s shoulder and watch him while he is typing his/her password to grant access to a system. However shoulder surfing attacks are not always successful but can give important information and strength to a malicious attacker to achieve his goal. Dumpster diving: One of the most intelligent techniques to retrieve users’ passwords within large commercial organizations is the dumpster diving attack. In this type of attack malicious attackers search through discarded material to find passwords, credit card numbers, confidential records or other useful information related to security policies and passwords. Sniffing Attacks: Except brute-force guessing, dictionary and social engineering attacks today’s hackers are using more clever programs and methods to retrieve users’ passwords. These methods include software sniffer programs which are used to capture and sniff passwords either a) when they are typed during the authentication phase of a network login session (Trojan Login, Van Eck Sniffing, Keystroke sniffing, hardware key loggers) or b) when they are transmitted across complex networks via email and other document delivery systems (network sniffers). {Shape 1.1}. Shape 1.1 Sniffing Attacks The next paragraphs describe in more detail each of these techniques used to sniff user’s passwords: ÃÆ'ËÅ" 1.Network Sniffing: Net sniffer is a program, who capable of capturing all traffic made available to one or more network adapters. ÃÆ'ËÅ" 2. Trojan Login: A Trojan Login sniffer program is a software tool used to capture users’ passwords during the authentication phase of a network login session. A malicious user who has access to a personal computer connected to a network can easily install a Trojan Login program. The strength of this malicious program is that it has the ability to display perfectly imitations of the operating system’s standard login program. As a consequence the user enters his/her username and password without any knowledge of the situation, while the Trojan login program saves this authentication information in a secret file. ÃÆ'ËÅ" 3. Van Eck Sniffing: These signals, which are called Van Eck radiation, are visible from as far away as 1 kilometer. It is obvious that a malicious hacker using the appropriate    equipment and without specialized skills could easily sit outside a building and eavesdrop passwords and other secrets displayed on any nearby user’s video screens and monitors.   ÃÆ'ËÅ" 4. Keystroke Sniffing: Shape 1.2 shows clearly a classic keystroke sniffing attack associated with most modern operating systems. In this type of attack usernames and passwords are captured directly from the keyboard input buffer. When the user enters the required authentication information in order to gain access to a computer system, this information is stored in a special area of memory RAM.   While the user enters information, another malicious attacker could run a sniffer program and retrieve the contents of the keyboard input buffer. As a result the user’s username and password is obtained by the hacker and can be used for later attacks {Shape 1.2}. Shape 1.2: Keystroke Sniffing ÃÆ'ËÅ" 5.Hardware Key Loggers: A key logger is a hardware device that intercepts and stores strokes of a keyboard. This type of attack can be conducted very easily by a social engineer. The social engineer simply walks into the location of interest and plugs very professionally this small piece of hardware between the keyboard port and the keyboard.Assuming that most users place PC towers under their desks and most of them are unaware of hardware technology, key loggers can record all typed keystrokes and store them to their internal memory without user knowledge.   Attacks on Password Storage: Passwords have often been vulnerable to different kind of attacks when they are stored in huge databases and password files.Most modern operating systems ask from the user trying to grant access to systems resources, to enter his/her valid username and password. Then the operating system searches on the system’s password file for an entry matching the username. If the password in that entry matches the password typed by the user, then the login procedure succeeds and the user is authorized by the system. Shape 1.3 shows clearly how the password checking procedure works [1.3]. Shape1.3 Password Checking The storage of any password immediately breaks one important rule concerned with password security: â€Å"Do not write passwords down†. If the password file containing all users’ passwords is stolen then automatically the intruder has direct access to all system’s passwords. The primary arguments against password storage can be stated as: Single Point of Failure:If the password file is compromised then all passwords are compromised. Compromise of password file can happen due to: Poor encryption mechanisms or use of a weak master password, so its contents are easily accessed by a malicious hacker. Poor protection of the file itself. Poor Audit Trails:Most operating systems keep logs used to review login failed password attempts. Usually these logs contain a large number of wrong usernames and passwords typed by users while they are trying to login on a computer or network system. If these logs are not well protected ,then attacks become easier. For example, a malicious attacker who sees an audit record with a nonexistent username of 7rs or eri67 can be sure that this string is a password or a part of the password for one of the valid users. Software Bugs: One important reason for the success of password attacks is sometimes based on badly designed operating systems and application programs running on them. These badly designed features because software bugs which do all the hard work for malicious hackers and continue to be a major source of many security problems.  Ãƒâ€šÃ‚   One recent software bug was found in the Solaris operating system. Users with low level privileges could force a network application program to end abnormally. As a result this program dumped its memory contents to the hard drive in a file available to all users. This file contained copies of the hashed password values that were normally stored and protected in a shadowed file. As a consequence this file could be used as input to Crack software for an off-line brute-force attack. 2.3 Countermeasures against these Attacks Assuming all the above, it is obvious that attackers use several techniques to capture users’ passwords. In this section countermeasures against all attacks on passwords (describesin section2.2 Attacks on Passwords) are analyzed and listed in order: Countermeasures against brute-force attacks: A possible solution against login guessing attacks (or on-line brute-force attacks) is to have a password policy which specifies the maximum number of login failed attempts. System administrators by configuring the operating system could limit the number of failed login attempts allowed for each user. If the threshold is reached then the account should be locked and users will not be able to log until the system administrator arrives to reactivate the login process for the specific account. It must be mentioned that using such defenses against login guessing attacks will only delay a hacker from accessing a system and gaining access to confidential information. Failed login thresholds will not prevent a brute force attack from occurring but will identify the attacking attempt to the security administrator. This defense method will deter a malicious attacker from initiating a brute force attack and increase the level of difficulty for executing this attack. There is no actual defense mechanism against an off-line brute-force attack. This type of attack can be applied to any given password database. There are many cracking software’s available on the Internet which are capable of generating character sequences and working through all possible character combinations until the user’s password is found. The only defense mechanism against this type of attack is to have users that select and use â€Å"strong† password. Countermeasures against dictionary attacks: This type of attack could be eliminated by having a policy which simply prohibits the use of common words found in dictionaries or attacker’s word lists. If all generated passwords do not appear in such lists, then dictionary attacks will not succeed. Besides system administrators should perform themselves dictionary attacks to test users’ passwords within an organisation. If any passwords are compromised, then they must inform the users directly of the results and obligate them to change their passwords to more secure ones. Countermeasures against Social Engineering attacks: Education and user awareness must be supported by the organization’s global security policy. The users should understand the importance of keeping their passwords secret and be familiar with the different ways that a social engineering attack can be conducted against them. In this case, people are able to take the necessary steps to react accordingly when such a situation occurs. Besides this, companies shouldshred all printouts having usernames, passwords and other similar confidential information in order to prevent dumpster diving attacks. Countermeasures against Network sniffing attacks: Today’s hackers are using many network sniffing programs to retrieve users’ passwords, while they are transmitted over distant networks or inside organization’s corporate network. Most businesses facing this threat and considering the consequences due to this type attack implement and use different network protocols for the secure transmission of confidential information. More often organizations indicate detailed security policies that specify ways, encryption methods and protocols to be used for the secure transmission of any important information. The most important defense mechanism against network sniffing attacks is the use of well-known secure network protocols such as SSL/TLS and IPSec protocols. These protocols have the ability to build secure channels based on cryptographic keys, shared between trusted parties, for the safe transfer of passwords and other confidential information in any system’s network Countermeasures against Trojan Login: A defense mechanism against Trojan Logins is to have a trust path for all functions that require users to enter or present authentication information for purpose of authentication. This trusted path must be established between the user trying to login and the operating system. Secure Attention Sequence (or SAS) is a trusted path mechanism used in many modern operating systems such as Windows 2000. When user requires to log on, by executing the sequence Ctrl+Alt+Del is guaranteed that he is communicating with the operating system and not malicious software such as Trojan Login. Another important countermeasure against this type of attack is the installation of commercial available anti-virus software programs (such as Norton Antivirus and MacAfee Antivirus). These anti-virus softwares have the ability to detect and prevent sniffing attack programs such Trojan Logins to be installed, downloaded and operate in operating systems. 9 Countermeasures against Van Eck sniffing attacks: The types of countermeasures used to protect against Van Eck Sniffing attacks are known as Transient Electromagnetic Pulse Equipment Shielding Techniques (TEMPEST). The U.S TEMPEST standard is one guideline that manufacturers have to follow in order to reduce electromagnetic signals and prevent these types of attacks against passwords and other secrets displayed on video screens and monitors. TEMPEST mechanisms include Faraday cages, white noise and control zones. A Faraday cage is a box, a room or an entire building that is designed with an external metal skin that fully surrounds an area on all six sides. As a result all electromagnetic signals transmitted from PC’s monitors are blocked inside the building, preventing eavesdroppers from revealing users passwords.  Ãƒâ€šÃ‚   Countermeasures against Keystroke sniffing attacks:.   A good defense mechanism against keystroke sniffing attacks is to protect CPU’s memory. In particular the keyboard input buffer is the exact location where keystrokes typed by users are stored. It is clear that this area should be protected using various encryption techniques in order to become impossible for an intruder to retrieve its contents in plaintext form when they are intercepted.   Countermeasures against Hardware Key Loggers: There are not well-known defense mechanisms against Hardware Key Loggers. The only countermeasure against them is to state clearly in the organisation’s password policy that all sides of electronic equipment, and especially computers, should be visible to users and security officers. Moreover system administrators may be obligated to check all hardware and electronic devices plugged on users’ computers, or forced to check all hardware connections in computers rooms periodically.  Ãƒâ€šÃ‚   Countermeasures against Password Storage attacks: The types of defense mechanisms against password storage attacks include the use of various encryption and hashing techniques. These techniques are used to encrypt password files and never leave passwords exposed in plaintext form. Usually modern operating systems (Windows, UNIX) use one-way encryption systems to encrypt users’ passwords. In one-way encryption systems the password is transformed in such a way that the original password can not be recovered. When a user is logging onto such a system, the password that is entered by the user is one-way encrypted and compared with the stored encrypted password. The same encryption method and key must be used to encrypt the valid password before storage and to encrypt the entered password before comparison. Besides the use of one-way encryption, strong access control mechanisms (such as Role-Based and Clark-Wilson access control models) should be enforced and applied to the files that keep system’s hashed passwords. Without implementing tough access control mechanisms, the operating system is unable to check who is accessing these files. As a consequence an adversary could easily copy them and mount different kinds of attacks on them. Countermeasures against Software Bugs: As was mentioned in the previous section (section 2.2 software bugs), sometimes badly designed features in operating systems and applications can lead to software bugs which do all the hard work for malicious hackers. A defense mechanism to prevent such software bugs is to have a good software design. Software should be designed in an organized way keeping procedures simple, reviewed periodically for vulnerabilities and threats, and hardened with the latest patches.   Where a software bug is found in any operating system or application, people discovering it should report this problem directly to the security officer and the correspondent company selling and providing licenses for this specific product should be informed to solve this problem. 3. Password Policies 3.1 Introduction Password policies are necessary to protect the confidentiality of information and the integrity of systems by keeping unauthorized users out of computer systems. Usernames and passwords are the fundamental protection of computers and networks against intruders. Password policies specify rules about the secure administration of usernames, rules used to define valid passwords and the type of protection needed for secure password storage. Α password policy is a good place to start to build the security of a company’s network and protect its assets. The next sections discuss issues related to the secure usage and management of both usernames and passwords. 3.2 Administration of Usernames The front gate within an organization’s network is where the user or the service identifies themselves and presents some type of authentication information only known to them in order to grant access. The failure to have a reliable Login Security Policies activated is like having a big building with the best guards and security mechanisms around it with the main front gate open to anyone. 3.2.1 Login Security Policies and Usernames Within a secure system, the first thing that should be expected for any login attempt is to identify who is the person requesting entry. Regardless of the protocols used, you need to know who is trying to access the network services and who they want the network services to think they are. In high-security military environments the user identifications are assigned based on a random sequence of characters. Other organizations, such as commercial, use something that can uniquely identify the user without worrying about how to create usernames. If the usernames can give away information about the organization, then the implementation of random names could be a good solution. Although by using these random

Chris Moss vs. Dr. Terry Preece and the Edgewoord Unified School District :: essays research papers

Chris Moss vs. Dr. Terry Preece and the Edgewoord Unified School District   Ã‚  Ã‚  Ã‚  Ã‚  May it please the court, counsel: My name is Zach Keeton and along with my co-counsel Chad Miller and Eric Page , we represent Mr. Chris Moss in this case. Your honor this is the case of Chris Moss Vs. Dr. Terry Preece and the Edgewood Unified School District.   Ã‚  Ã‚  Ã‚  Ã‚  The evidence will show that Chris is part way through 12th grade, and in fact he can't even read. Your honor this is very alarming to us because of one simple fact: Chris has never failed one of his reading class.   Ã‚  Ã‚  Ã‚  Ã‚  The evidence will show that there was educational malpractice in this case. We will also show that the Edgewood School district has a set of guide lines which is passed down from the state of Independence. The guide lines are better known as statutes. They state: 1. Each school shall develop proficiency standards which shall include reading comprehension, writing and computation skills in the English language, necessary to success in school and LIFE experiences. 2. The competent educator shall use or promote the use of appropriate diagnostic techniques to analyze the needs and potential of individuals. 3. Each competent administrator shall support the process of learning by providing appropriate and reasonable materials and equipment and by making reasonable assignments and tasks. These are applicable laws that are supposed to met by all the school district in the state of Independence, including the Edgewood School District.   Ã‚  Ã‚  Ã‚  Ã‚  Through evidence which the court will hear today, we will prove that Dr. Terry Preece , the school superintendend made it a point to pass all of the students in his school district whenever possible.   Ã‚  Ã‚  Ã‚  Ã‚  On the other hand we will call 3 witness to testify during the course of this case. The first witness which we will call is Chris himself. He will state that he has problems reading a simple restaurant menu. What again alarms us about this fact is that Chris passed his 11th grade reading class with no grade lower than a C. The second witness which we call is Dr. Daniel Stein. She will show that Chris could have learned these skills if in fact he had been properly taught. Our third witness is Mr. Raye Payne. He will say that he feels that Chris can't handle a simple mailroom job at his law firm.   Ã‚  Ã‚  Ã‚  Ã‚  The testimony that you will hear today we will show that the Edgewood School District is in fact at fault for Chris's problems. We will show that the school district has a duty to educate people like Chris Moss.

South Canyon Wild Fire

Luke MasieroMay 4, 2012Argumentative essayWRTG 3020 Children Shouldn’t Play With Fire The South Canyon Fire that burned Storm King Mountain for ten days during July of 1994 remains one of the most tragic fires in Colorado’s history. But what truly makes this catastrophe a great tragedy is how easily it all could have been avoided. In book Fire on the Mountain John Maclean tells the true story of the South Canyon Fire and mistakes made that caused this disaster.There are many questions surrounding the South Canyon Fire tragedy, why did it take so long for government agencies in charge of forest fire suppression to fight this fire, and how were the firefighters in South Canyon not informed of the deadly conditions that took their lives? Communication and cooperation between forest service agencies is essential to coordinate equipment and men when attempting to fight a forest fire the magnitude of The South Canyon fire. In Colorado during July of 1994 the cohesive elements were missing among the forest service agencies in western Colorado.The lack of communication and cooperation fueled by childish rivalries between the Bureau of Land Management (BLM) Grand Junction District and the Western Slope Coordination Center prolonged the suppression of the South Canyon Fire causing it to grow out of control taking the lives of 14 fire fighters. These rivalries over jurisdiction, resources and reputation hindered communication efforts, and halted resources from arriving at the South Canyon Fire to attempt early suppression efforts.Both Forest Services claim that due to the great number of large forest fires burning in Colorado the summer of 1994 the BLM Grand Junction District and Western Slope Coordination Center were short on men and equipment and searched for help among other agencies who had to be certain the South Canyon Fire was an imminent threat to people or property before they could dedicate men and resource to a site. Despite multiple red flag warn ings the South Canyon Fire burned for days until it was recognized as a top priority.When 30 year fire veteran Mike Lowry arrived at the Western Slope Coordination Center to assist with this crisis of forest fires in western Colorado he was immediately concerned â€Å"Cooperation, the touchstone of modern firefighting was virtually nonexistent. Instead Lowry found competition, jealousies, and outdated thinking and policies. † increasing the difficulties of dealing with the South Canyon Fire (Maclean 24).The rivalry between the BLM’s Grand Junction District and the Western Slope Coordination Center dates all the way back to 1978 when the Western Slope Coordination Center was given responsibility for coordination of air support for 11 fire districts, the situation here was that the Western Slopes new responsibilities overlapped with jurisdictions and functions held by the BLM (Maclean 31). This friction between the BLM and the Western Slope Center stunted valuable resour ces from being deployed.Maclean noted that Lowry reported seeing fleets of air tankers under Western Slopes control sitting idle each morning when weather conditions were optimal for fighting fires, but it was the BLM’s Grand Junction District responsibility to request these tankers. In an attempt to save money and not over pay Western Slope, the BLM would hold off until the afternoon to request tankers, enhancing the risk of fire growing but reducing costs (Maclean 25). If the BML had requested the tankers from Western Slope earlier, the tankers could have doused the South Canyon Fire on July 3 when it was small and avoided death and destruction.Instead they delayed suppression efforts and a fire that would have cost only a few thousand dollars to maintain ended up costing millions of dollars destroying hundreds of acres and ending the lives 14 fire fighters. As the days passed the South Canyon Fire was growing yet â€Å"nobody at the BLM was calling for help† (Maclea n 25) without relaying this information other offices were cut out of the loop which further delayed action in South Canyon (Maclean 32). The BLM Grand Junction District’s lack of communication lead other agencies to accuse their personnel of â€Å"controlling all the shots†(Maclean 32).On July 3 time was of the essence and since the BLM was not making any calls, Lowry took the initiative to do so. Lowry needed more men and resources than the western Colorado districts could provide and the only place these necessities could be attained was from the National Interagency Fire Center (NIFC) in Boise (Maclean 26). Since the BLM’s Grand Junction Districts communication did not travel far the South Canyon Fire crisis was not know and it would take 24 hours for the much needed reinforcements from Boise to land in Colorado, valuable time that allowed the South Canyon Fire to run wild (Maclean 26). Despite all the idiculous time wasting displayed by the BLM Grand Juncti on District and the Western Slope Coordination Center Managers from both agencies claimed they did everything in their power to fight this fire. In defense of their actions managers from the BLM Grand Junction District and Western Slope Coordination Center recall the climate and weather during the Colorado summer of 1994. Colorado was experiencing a drought along with intense heat, creating an environment very susceptible to fire so the BLM â€Å"announced an aggressive policy of attacking all fires as soon as they were spotted† a policy they intended to uphold (Maclean 4).When powerful electric storms struck western Colorado early in July 1994 the BLM reported 15 forest fires in the Grand Junction District (Maclean p. 7). According to the BLM’s new police they needed to attack these 15 fires but they did not have enough fire fighters to be every where at once. The BLM Grand Junction District would have benefitted from the use of planes on some of the smaller fires in inaccessible locations but the BLM director for Colorado, Bob Moore, stuck to an older policy â€Å"allowing no air tanker to drop retardant unless a crew was on the ground to cover it up† (Maclean 25).Moore and other upper management also claim they did not become involved in the incident until after it was evident there was a disaster on their hands, since the South Canyon fire did appear to be less wild than other fires in Colorado during this time the BLM did not mark it as a high priority fire. The BLM and Western Slope agencies required more men. In an attempt to help the BLM and Western Slope Lowry tried to order a huge quantity of fire fighters from the Rocky Mountain Coordination Center, twenty crews amounting to 400 people but they never came (Maclean 26).This was due to managements at the Rocky Mountain Coordination Center they simply did not know how to go about getting that many people together and transporting them to South Canyon (Maclean 26). Finally Lowry tur ned to the NIFC for help asking them to provide any additional crews of fire fighters or equipment so that he would be prepared when the fire did get large. NIFC is very hesitant to commit crews and equipment before an out break in the fire occurs (Maclean 29).This is a difficult decision for the NIFC because during fire season lots of fires do occur the problem is, not knowing where and when the worst fires strike, the NIFC wants to ensure that their assistance is truly need. The BLM and Western Slope Coordination claim that they made every effort to get more fire fighters and equipment to South canyon but the other districts and agencies they went to for help did not see the severity lurking beneath the smock column in South Canyon and decided to allocate their resources else where.It is only natural for the BLM Grand Junction District and the Western Slope Coordination Center to defend their actions, but there is so much evidence that points to the lack cooperation between these neighboring agencies that it is difficult not to see a correlation between the tragedy and uncooperative attitudes. The bad blood between the BLM and Western Slope created by their rivalry created a terrible dynamic one that never stood a chance against a Fire like the South Canyon blowup.A catastrophe of this magnitude was predicted in an audit conducted by BLM officials from other districts. These officials reported â€Å"differences in resource management philosophies, personalities, misconceptions about the use of prescribed fire, had an unclear understanding of the position roles and responsibilities seem to have created a difficult situation with respect to the management of fire†, they couldn’t have been more spot on (Maclean 31).Team work and cooperation are vital when fighting fires, the different crew members ranging from Hot Shots, Smoke Jumpers and members of management have to work together cohesively to have the best chance of putting out a fire quickly a nd safely. The relationship between the BLM’s Grand Junction District and the Western Slope Coordination Center was far from cooperative. Their inability to work together because of an immature rivalry prolonged their fire suppression efforts to a point that their actions or lack there of attributed to the death of the 14 fire fighters who lost there lives during the South Canyon Fire.Fighting forest fires is a dangerous and deadly occupation, it is unacceptable for such childish behavior to be present in these government agencies who are meant to protect the property and people of the United States. It’s impossible for the BLM and Western Slope Coordination Center to save anyone if the agencies are fighting amongst them selves. Something needs to be done to create a sense of unity among the BLM Grand Junction District and the Western slope because their oor relationship affects districts throughout the state. One possible solution would be to have fire fighters switch places with another fire fighter from a different district only for about two weeks. This would allow the different district to inter act and better get to know one another. Regardless of what the solution is something must be done, before another fire consumes more lives. Work Cited Page Maclean, Norman. Fire on the Mountain the True Story of the South Canyon Fire. New York: William Morrow, 1999. Print.

Should There Be Private Universities

rivate universities in India – why? how? Why do we need private universities? Higher education in India has largely been the preserve of the Government till recently in terms of both funding and provision of education. But for this to continue, the Government should continue to be in a position to pour in large sums of money to fund higher education. Today, the Government is unable to find the funds even to keep up its own commitment of spending 6% of GDP on education.There is also a clamour to spend more of what little funding the Government has allocated for education, on primary education than on higher education, and quite rightly so, given that many children don't even get a basic primary and secondary education today. Thus the Government spending on higher education as a percentage of overall government spending on education is only likely to decrease further in the coming years. But the demand for higher education is continuing to increase with more and more students wa nting a higher education today than ever before.How can we bridge the gap between increasing demand and decreasing government funding for higher education? The only option is to tap the private sector to participate in the funding and provision of higher education. The process of increasing private participation in higher education has already begun with a few states like Chhattisgarh and Uttaranchal having passed legislation to permit the setting up of private universities in their states.Indeed the private sector has been funding higher education in India for a long time, albeit on a very limited scale. The Birla Institute of Technology and Science at Pilani in Rajasthan, which is funded and run by the Birla Group Trust, became an officially recognised university as far back as 1964. Other institutions like the Manipal Group in Manipal in Karnataka have been running private colleges since 1953 and the Manipal Academy of Higher Education became a deemed university in 1993.Many othe r self-financing colleges were set up in the early 1990s and a few of them have now become deemed universities. Problems arising out of poor regulation of private universities After the passing of legislation in Chhattisgarh in 2002 (and subsequently in other states like Uttaranchal), to facilitate the establishment of private Universities with a view to creating supplementary resources to assist the State Government in providing quality higher education, there was a spate of private universities that were set up under the Chhattisgarh Act.The Chhattisgarh legislation was passed in a hurry without much care, leaving many loopholes in the Act, which were quickly exploited by many organisations that set up private universities, without a serious commitment to higher education. Many of the private universities set up under the Chhattisgarh Act did not have either the infrastructure, or a campus, or the funds to provide quality higher education, and functioned out of one-room tenements. The Chhattisgarh Act did not provide for proper regulation and maintenance of standards by these universities and moreover, the Chhattisgarh Government did little to ensure that the private universities did what they were expected to do according to the legislation. Students who signed up for courses offered by private universities set up under the Chhattisgarh Act were being taken for a ride by many private universities who had no capability to offer quality courses.Prof. Yashpal, former chairman of the University Grants Commission, petitioned the Supreme Court in 2004 to declare the Chhattisgarh legislation unconstitutional and the Supreme Court after due deliberation concurred and declared in February 2005 that all the private universities set up under the Chhattisgarh Act were illegal, putting the careers of all the students who enrolled in the institutions set up by the private universities in jeopardy.But to protect the interests of the students, the Supreme Court directed the Chhattisgarh Government to take appropriate steps to have such institutions affiliated to the already existing State Universities in Chhattisgarh. It is important to note that the Supreme Court did not state that all private universities are illegal – it has only stated that the manner in which the Chhattisgarh legislation allowed the setting up of private universities was illegal. The problem is not with private participation in higher education, but with the poorly drafted Chhattisgarh legislation and the lack of proper egulation. Given the Government's lack of funds for higher education and the increasing demand for higher education, we simply cannot do without private universities. We have no option but to tap private funding for higher education. The task before us now is to come up with ways and means to ensure that private universities are properly regulated, yet autonomous and independent enough to flourish, and held to high standards to provide quality higher educat ion. How can we ensure private universities are held to high standards? We can borrow the model from the corporate sector.Just as all companies are required by law to publish annual reports providing details of their assets, liabilities, profits and losses, the profiles of the board of directors and the management and various other financial information, every educational institution (whether public or private) should publish an annual report with details of the infrastructure and facilities available, profiles of the trustees and the administrators, the academic qualifications and experience of the staff, the courses offered, the number of students, the results of the examinations, the amount of funds available to the university and the sources of funding etc.In addition, every educational institution must get itself rated by an independent rating agency like CRISIL, ICRA or CARE and publicly announce its rating to prospective students to enable the students to choose the instituti on they want to enroll in. At one stroke, this will bring in transparency and ensure that every educational institution, whether public or private, is accountable not only to those students who are studying in the institution, but to prospective students and the public at large as well.Public announcements of the financial and educational records of the institutions as well as their ratings by independent rating agencies will generate healthy competition between the various private institutions and will also put pressure on the Government funded institutions to work towards all-round improvement. Such a system is already in place for maritime education in India. In 2004, the Directorate General of Shipping (DGS), which regulates maritime education in India, introduced a system of rating maritime training institutions in India.In 1996, maritime education was opened to private sector participation and over 130 private institutions are in operation today. To ensure that all institution s provide high quality education, the DGS has asked all maritime educational institutions to get themselves rated by one of the three reputed independent rating agencies in India – CRISIL, CARE or ICRA. The publicly announced ratings will benefit he students, in deciding which institution to enroll in, the institutes, in differentiating themselves based on their quality, the employers, in assessing the quality of students graduating from the institutes and the DGS as well, to non-intrusively regulate the maritime education sector and ensure high quality of education. Maritime education institutes, both public and private, are now getting themselves rated by independent rating agencies and the DGS lists the ratings on its web site. Introducing a similar model across all other sectors of higher education including engineering, medicine, arts, sciences etc. ill ensure that only those institutions with better facilities, staff and infrastructure and reputations will thrive. This will go a long way in ensuring the provision of quality higher education not only in the private sector, but in the public sector as well. The Centre and the States should pass legislation to make it mandatory for all higher education institutions to publish a detailed annual report of their financial and educational status and also be rated by independent rating agencies and publicly announce their ratings.