TLS TRANSPORT LAYER SECURITY - Free Essay Example

v TRANSPORT LAYER SECURITY TLS is a successor to Secure Sockets Layer protocol. TLS provides secure communications on the Internet for such things as e-mail, Internet faxing, and other data transfers. There are slight differences between SSL 3.0 and TLS 1.0, but the protocol remains significantly the same. It is good idea to keep in mind that TLS resides on the Application Layer of the OSI model. This will save you a lot of frustrations while debugging and troubleshooting encryption troubles connected to TLS. v TLS Features TLS is a generic application layer security protocol that runs over reliable transport. It provides a secure channel to application protocol clients. This channel has three primary security features: 1. Authentication of the server. 2. Confidentiality of the communication channel. 3. Message integrity of the communication channel. Optionally TLS can also provide authentication of the client. In general, TLS authentication uses public key based digital signatures backed by certificates. Thus, the server authenticates either by decrypting a secret encrypted under his public key or by signing an ephemeral public key. The client authenticates by signing a random challenge. Server certificates typically contain the servers domain name. Client certificates can contain arbitrary identities. The Handshake Protocols The TLS Handshake Protocol allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged. In a typical scenario, only the server is authenticated and its identity is ensured while the client remains unauthenticated. The mutual authentication of the servers requires public key deployment to clients. Provide security parameters to the record layer. A Client sends a ClientHello message specifying the highest TLS protocol version it supports, a random number, a list of suggested cipher suites and compression methods. The Server responds with a ServerHello, containing the chosen protocol version, a random number, cipher, and compression method from the choices offered by the client. The Server sends its Certificate (depending on the selected cipher, this may be omitted by the Server). The server may request a certificate from the client, so that the connection can be mutually authenticated, using a Certificate Request. The Server sends a ServerHelloDone message, indicating it is done with handshake negotiation. The Client responds with a ClientKeyExchange which may contain a PreMasterSecret, public key, or nothing. (Again, this depends on the selected cipher). The Handshake protocol provides a number of security functions. Such as Authentication, Encryption, Hash Algorithms Authentication A certificate is a digital form of identification that is usually issued by a certification authority (CA) and contains identification information, a validity period, a public key, a serial number, and the digital signature of the issuer. For authentication purposes, the Handshake Protocol uses an X.509 certificate to provide strong evidence to a second party that helps prove the identity of the party that holds the certificate and the corresponding private key. Encryption There are two main types of encryption: symmetric key (also known as Private Key) and asymmetric key (also known as public key. TLS/SSL uses symmetric key for bulk encryption and public key for authentication and key exchange. Hash Algorithms A hash is a one-way mapping of values to a smaller set of representative values, so that the size of the resulting hash is smaller than the original message and the hash is unique to the original data. A hash is similar to a fingerprint: a fingerprint is unique to the individual and is much smaller than the original person. Hashing is used to establish data integrity during transport. Two common hash algorithms are Message Digest5 (MD5) produce 128-bit hash value and Standard Hash Algorithm1 (SHA-1) produce 160-bit value. The Change Cipher Spec The Change Cipher Spec Protocol signals a transition of the cipher suite to be used on the connection between the client and server. This protocol is composed of a single message which is encrypted and compressed with the current cipher suite. This message consists of a single byte with the value1. Message after this will be encrypted and compressed using the new cipher suite. The Alert The Alert Protocol includes event-driven alert messages that can be sent from either party. the session is either ended or the recipient is given the choice of whether or not to end the session. Schannel SSP will only generate these alert messages at the request of the application. The Record Layer/Protocol The TLS record protocol is a simple framing layer with record format as shown below: struct { ContentType type; ProtocolVersion version; uint16 length; opaque payload[length]; } TLSRecord; As with TLS, data is carried in records. In both protocols, records can only be processed when the entire record is available. The Record Layer might have four functions: It fragments the data coming from the application into manageable blocks (and reassemble incoming data to pass up to the application). Schannel SSP does not support fragmentation at the Record Layer. It compresses the data and decompresses incoming data. Schannel SSP does not support compression at the Record Layer. It applies a Message Authentication Code (MAC), or hash/digest, to the data and uses the MAC to verify incoming data. It encrypts the hashed data and decrypts incoming data. Application Protocol TLS runs on application protocol such as HTTP, FTP, SMTP, NNTP, and XMPP and above a reliable transport protocol, TCP for example. While it can add security to any protocol that uses reliable connections (such as TCP), it is most commonly used with HTTP to form HTTPS. HTTPS is used to secure World Wide Web pages for applications such as electronic commerce and asset management. These applications use public key certificates to verify the identity of endpoints. TSL/ SSL Security The client may use the CAs public key to validate the CAs digital signature on the server certificate. If the digital signature can be verified, the client accepts the server certificate as a valid certificate issued by a trusted CA. The client verifies that the issuing Certificate Authority (CA) is on its list of trusted Cas. The client checks the servers certificate validity period. The authentication process stops if the current date and time fall outside of the validity period. v IPSec IPSec acts at the network layer, protecting and authenticating IP packets between participating IPSec devices (peers), such as PIX Firewalls, Cisco routers, Cisco VPN 3000 Concentrators, Cisco VPN Clients, and other IPSec-compliant products. IPSec is not bound to any specific encryption or authentication algorithms, keying technology, or security algorithms. IPSec is a framework of open standards. Because it isnt bound to specific algorithms, IPSec allows newer and better algorithms to be implemented without patching the existing IPSec standards. IPSec provides data confidentiality, data integrity, and data origin authentication between participating peers at the IP layer. IPSec is used to secure a path between a pair of gateways, a pair of hosts, or a gateway and a host. Some of the standard algorithms are as follows: Data Encryption Standard (DES) algorithmUsed to encrypt and decrypt packet data. 3DES algorithmeffectively doubles encryption strength over 56-bit DES. Advanced Encryption Standard (AES)a newer cipher algorithm designed to replace DES. Has a variable key length between 128 and 256 bits. Cisco is the first industry vendor to implement AES on all its VPN-capable platforms. Message Digest 5 (MD5) algorithmUsed to authenticate packet data. Secure Hash Algorithm 1 (SHA-1)Used to authenticate packet data. Diffie-Hellman (DH)a public-key cryptography protocol that allows two parties to establish a shared secret key used by encryption and hash algorithms (for example, DES and MD5) over an insecure communications channel. IPSec security services provide four critical functions: Confidentiality (encryption)the sender can encrypt the packets before transmitting them across a network. By doing so, no one can eavesdrop on the communication. If intercepted, the communications cannot be read. Data integritythe receiver can verify that the data was transmitted through the Internet without being changed or altered in any way. Origin authenticationthe receiver can authenticate the packets source, guaranteeing and certifying the source of the information. Anti-replay protectionAnti-replay protection verifies that each packet is unique, not duplicated. IPSec packets are protected by comparing the sequence number of the received packets and a sliding window on the destination host, or security gateway. Late and duplicate packets are dropped. v How IPSec works The goal of IPSec is to protect the desired data with the needed security services. IPSecs operation can be broken into five primary steps: Define interesting trafficTraffic is deemed interesting when the VPN device recognizes that the traffic you want to send needs to be protected. IKE Phase 1This basic set of security services protects all subsequent communications between the peers. IKE Phase 1 sets up a secure communications channel between peers. IKE Phase 2IKE negotiates IPSec security association (SA) parameters and sets up matching IPSec SAs in the peers. These security parameters are used to protect data and messages exchanged between endpoints. Data transferData is transferred between IPSec peers based on the IPSec parameters and keys stored in the SA database. IPSec tunnel terminationIPSec SAs terminate through deletion or by timing out. TASK 1(b) IPSecs advantage over TLS: It has more plasticity on choosing the Authentication mechanisms (like the Pre Shared Key), and therefore makes it hard for the attacker to do man in the middle.TLS is based only on Public key and with tools, its possible to do man in the Middle breaking TLS. Going one step down the OSI stack, IP Security (IPSec) guarantees the data privacy and integrity of IP packets, regardless of how the application used the sockets. This means any application, as long as it uses IP to send data, will benefit from the underlying secure IP network. Nothing has to be rewritten or modified; it even is possible that users wont be aware their data is being processed through encrypting devices. This solution is the most transparent one for end users and the one most likely to be adopted in the future in the widest range of situations. The main drawback of IPSsec lies in its intrinsic infrastructural complexity, which demands several components to work properly. IPSec deployment must be planned and carri ed out by network administrators, and it is less likely to be adopted directly by end users. TLSs advantage over IPSec: The advantage of TLS over generic application-level security mechanisms is the application no longer has the burden of encrypting user data. Using a special socket and API, the communication is secured. The problem with TLS is an application wishing to exploit its functionality must be written explicitly in order to do so (see Resources). Existing applications, which constitute the majority of data producers on the Internet, cannot take advantage of the encryption facilities provided by TLS without being rewritten. Think of the common applications we use everyday: mail clients, web browsers on sites without HTTPS, IRC channels, peer-to-peer file sharing systems and so on. Also, most network services (such as mail relays, DNS servers, routing protocols) currently run over plain sockets, exchanging vital information as clear text and only seldomly adopting application-level counter-measures (mostly integrity checks, such as MD5 sums). v IGMP IGMP is a protocol used by IP hosts, and adjacent multicast network devices to identify their memberships. If they are part of the same multicast group they communicate with each other. ICMP communicates 1 to 1.IGMP communicates 1 to many. v Establish Multicast group We describe a distributed architecture for managing multicast addresses in the global Internet. A multicast address space partitioning scheme is proposed, based on the Unicast host address and a per-host address management entity. By noting that port numbers are an integral part of end-to-end multicast addressing we present a single, unified solution to the two problems of dynamic multicast address management and port resolution. We then present a framework for the evaluation of multicast address management schemes, and use it to compare our design with three approaches, as well as a random allocation strategy. The criteria used for the evaluation are blocking probability and consistency, address acquisition delay, the load on address management entities, robustness against failures, and processing and communications overhead. With the distributed scheme the probability of blocking for address acquisition is reduced by several orders of magnitude, to insignificant levels, while consi stency is maintained. At the same time, the address acquisition delay is reduced to a minimum by serving the request within the host itself. It is also shown that the scheme generates much less control traffic, is more robust against failures, and puts much less load on address management entities as compared with the other three schemes. The random allocation strategy is shown to be attractive primarily due to its simplicity, although it does have several drawbacks stemming from its lack of consistency (addresses may be allocated more than once) The Routing and Remote Access administrative tool is used to enable routing on a Windows 2000 server that is multihomed (has more than one network card). Windows 2000 professional cannot be a router. The Routing and Remote Access administrative tool or the route command line utility can be used to con a static router and add a routing table. A routing table is required for static routing. Dynamic routing does not require a routing table since the table is built by software. Dynamic routing does require additional protocols to be installed on the computer. When using the Routing and Remote Access tool, the following information is entered: * Interface Specify the network card that the route applies to which is where the packets will come from. * Destination Specify the network address that the packets are going to such as 192.168.1.0. * Network Mask The subnet mask of the destination network. * Gateway The IP address of the network card on the network that is cond to forward the packets such as 192.168.1.1. * Metric The number of routers that packets must pass through to reach the intended network. If there are more than 1, the Gateway address will not match the network address of the destination network. Dynamic Routing Windows 2000 Server supports Network Address Translation (NAT) and DHCP relay agent. Three Windows 2000 supported Dynamic routing protocols are: * Routing Information Protocol (RIP) version 2 for IP * Open Shortest Path First (OSPF) * Internet Group Management Protocol (IGMP) version 2 with router or proxy support. The Routing and Remote Access tool is used to install, con, and monitor these protocols and routing functions. After any of these dynamic routing protocols are installed, they must be cond to use one or more routing interfaces. v Protocol Independent Multicast (PIM): This document describes an architecture for efficiently routing to multicast groups that may span wide-area (and inter-domain) internets. We refer to the approach as Protocol Independent Multicast (PIM) because it is not dependent on any particular unicast routing protocol. The most significant innovation in this architecture is the efficient support of sparse, wide area groups. This sparse mode (SM) of operation complements the traditional { dense-mode} approach to multicast routing for campus networks, as developed by Deering [2][3] and implemented previously in MOSPF and DVMRP [4][5]. These traditional dense mode multicast schemes were intended for use within regions where a group is widely represented or bandwidth is universally plentiful. However, when group members, and senders to those group members, are distributed sparsely across a wide area, these schemes are not efficient; data packets (in the case of DVMRP) or membership report information (in the case of MOSPF) are occasionally sent over many links that do not lead to receivers or senders, respectively. The purpose of this work is to develop a multicast routing architecture that efficiently establishes distribution trees even when some or all members are sparsely distributed. Efficiency is evaluated in terms of the state, control message, and data packet overhead required across the entire network in order to deliver data packets to the members of the group. The Protocol Independent Multicast (PIM) architecture: maintains the traditional IP multicast service model of receiver-initiated membership; can be cond to adapt to different multicast group and network characteristics; is not dependent on a specific unicast routing protocol; uses soft-state mechanisms to adapt to underlying network conditions and group dynamics. The robustness, flexibility, and scaling properties of this architecture make it well suited to large heterogeneous inter-networks. This document describes an architecture for efficiently routing to multicast groups that may span wide-area (and inter-domain) internets. We refer to the approach as Protocol Independent Multicast (PIM) because it is not dependent on any particular unicast routing protocol. The most significant innovation in this architecture is the efficient support of sparse, wide area groups. This sparse mode (SM) of operation complements the traditional { dense-mode} approach to multicast routing for campus networks, as developed by Deering [2][3] and implemented previously in MOSPF and DVMRP [4][5]. These traditional dense mode multicast schemes were intended for use within regions where a group is widely represented or bandwidth is universally plentiful. However, when group members, and senders to those group members, are distributed sparsely across a wide area, these schemes are not efficient; data packets (in the case of DVMRP) or membership report information (in the case of MOSPF) are occas ionally sent over many links that do not lead to receivers or senders, respectively. The purpose of this work is to develop a multicast routing architecture that efficiently establishes distribution trees even when some or all members are sparsely distributed. Efficiency is evaluated in terms of the state, control message, and data packet overhead required across the entire network in order to deliver data packets to the members of the group. A user of an internet- connected pc, Adam; send an email message to another internet connected pc user beryl. 1. Outlinethe function of four internet host that would normally be involved be involved in this task. . : 1. Adams Computer : :2. Server of Adams Internet Service Provider : : 3. Server of Beryls Internet Service Provider: :4. Beryls Computer : . This program allows you to build and deal with a large mailing list, and to create modified messages from predefined templates while sending. It lets you define multiple independent SMTP server connections and will utilize the latest in multithreading technology, to send emails to you as fast as it is possible. You can use all the standard message formats like plain text, HTML or even create a rich content message in the Microsoft Outlook Express and export it into the program. The interface of the program is very simple and easy to learn nearly all functions can be performed using hotkeys on the keyboard. E-mail is a growing source of an enterprises records and needs to be treated as any written memo, letter or report has been treated. The information in e-mail has the potential to add to the enterprises knowledge assets, from interactions with the users or customers in the enterprise to interactions with colleagues overseas. 2. List the internet protocol which would be used in this task. Internet Protocol (IP) is packet-based protocol that allows dissimilar hosts to connect to each other for the purpose of delivering data across the resulting networks. Applications combine IP with a higher- level protocol called Transport Control Protocol (TCP), which establishes a virtual connection between a destination and a source. IP by itself is something like the postal system. It allows you to address a package and drop it in the system, but theres no direct link between you and the recipient. . : 1. HTTP : :2. IMAP(Version 4): : 3.SMTP : :4.POP (Version 3) : . HTTP (Hyper-Text Transfer Protocol) is the underlying protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. HTTP/1.0, as defined by RFC 1945 [6], improved the protocol by allowing messages to be in the format of MIME-like messages, containing meta information about the data transferred and modifiers on the request/response semantics. IMAP4 (Internet Message Access Protocol) A mail protocol that provides management of received messages on a remote server. The user can review headers, create or delete folders/mailboxes and messages, and search contents remotely without downloading. It includes more functions than the similar POP protocol. POP3 (Post Office Protocol 3) is the most recent version of a standard protocol for receiving e-mail. POP3 is a client/server protocol in which e-mail is received and held for you by your Internet server. Periodically, you (or your client e-mail receiver) check your mail-box on the server and download any mail, probably using POP3. This standard protocol is built into most popular e-mail products, such as Eudora and Outlook Express. Its also built into the Netscape and Microsoft Internet Explorer browsers. POP3 is designed to delete mail on the server as soon as the user has downloaded it. However, some implementations allow users or an administrator to specify that mail be saved for some period of time. POP can be thought of as a store-and-forward service. SMTP (Simple Mail Transfer Protocol) is a TCP/IP protocol used in sending and receiving e-mail. However, since it is limited in its ability to queue messages at the receiving end, it is usually used with one of two other protocols, POP3 or IMAP, that let the user save messages in a server mailbox and download them periodically from the server. In other words, users typically use a program that uses SMTP for sending e-mail and either POP3 or IMAP for receiving e-mail. On Unix-based systems, send mail is the most widely-used SMTP server for e-mail. A commercial package, Send mail, includes a POP3 server. Microsoft Exchange includes an SMTP server and can also be set up to include POP3 support. SMTP usually is implemented to operate over Internet port 25. An alternative to SMTP that is widely used in Europe is X.400. Many mail servers now support Extended Simple Mail Transfer Protocol (ESMTP), which allows multimedia files to be delivered as e-mail. 3. Taking the case that the message include the text please find attached abstract and 1. as well as in MS-Word format and an attachment in jpeg, list format of the send mail messages. .. : 1. MIME : .. MIME (Multi-Purpose Internet Mail Extensions) is an extension of the original Internet e-mail protocol that lets people use the protocol to exchange different kinds of data files on the Internet: audio, video, images, application programs, and other kinds, as well as the ASCII text handled in the original protocol, the Simple Mail Transport Protocol (SMTP). In 1991, Nathan Borenstein of Bellcore proposed to the IETF that SMTP be extended so that Internet (but mainly Web) clients and servers could recognize and handle other kinds of data than ASCII text. As a result, new file types were added to mail as a supported Internet Protocol file type. Servers insert the MIME header at the beginning of any Web transmission. Clients use this header to select an appropriate player application for the type of data the header indicates. Some of these players are built into the Web client or browser (for example, all browsers come with GIF and JPEG image players as well as the ability to handle HTML files). 4. How would received message differ the sent messages? The email address that receives messages sent from users who click reply in their email clients. Can differ from the fromaddress which can be an automated or unmonitored email address used only to send messages to a distribution list. Reply-to should always be a monitored address. v IPv4: Internet Protocol (Version 4) The Internet Protocol (IP) is a network-layer (Layer 3) protocol in the OSI model that contains addressing information and some control information to enable packets being routed in network. IP is the primary network-layer protocol in the TCP/IP protocol suite. Along with the Transmission Control Protocol (TCP), IP represents the heart of the Internet protocols. IP is equally well suited for both LAN and WAN communications. IP (Internet Protocol) has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through a network; and providing fragmentation and reassembly of datagrams to support data links with different maximum-transmission unit (MTU) sizes. The IP addressing scheme is integral to the process of routing IP datagrams through an internetwork. Each IP address has specific components and follows a basic format. These IP addresses can be subdivided and used to create addresses for sub networks. Each computer (known as host) on a TCP/IP network is assigned a unique logical address (32-bit in IPv4) that is divided into two main parts: the network number and the host number. The network number identifies a network and must be assigned by the Internet Network Information Center (InterNIC) if the network is to be part of the Internet. An Internet Service Provider (ISP) can obtain blocks of network addresses from the InterNIC and can itself assign address space as nece ssary. The host number identifies a host on a network and is assigned by the local network administrator. v IPv6 (IPng): Internet Protocol version 6 IPv6 is the new version of Internet Protocol (IP) based on IPv4, a network-layer (Layer 3) protocol that contains addressing information and some control information enabling packets to be routed in the network. There are two basic IP versions: IPv4 and IPv6. IPv6 is also called next generation IP or IPng. IPv4 and IPv6 are de-multiplexed at the media layer. For example, IPv6 packets are carried over Ethernet with the content type 86DD (hexadecimal) instead of IPv4s 0800. The IPv4 is described in separate documents. IPv6 increases the IP address size from 32 bits to 128 bits, to support more levels of addressing hierarchy, a much greater number of addressable nodes, and simpler auto-configuration of addresses. IPv6 addresses are expressed in hexadecimal format (base 16) which allows not only numerals (0-9) but a few characters as well (a-f). A sample ipv6 address looks like: 3ffe: ffff: 100:f101:210:a4ff:fee3:9566. Scalability of multicast addresses is introduced. A new type of address called an any cast address is also defined, to send a packet to any one of a group of nodes. Two major improvements in IPv6 vs. v4: * Improved support for extensions and options IPv6 options are placed in separate headers that are located between the IPv6 header and the transport layer header. Changes in the way IP header options are encoded to allow more efficient forwarding, less stringent limits on the length of options, and greater flexibility for introducing new options in the future. Flow labeling capability A new capability has been added to enable the labeling of packets belonging to particular traffic flows for which the sender requests special handling, such as non-default Quality of Service or real-time service. v Comparison between IPv6 with IPv4 Data structure of IPv6 has modified as follows: Header length field found in IPv4 is removed in IPv6. Type of Service field found in IPv4 has been replaced with Priority field in IPv6. Time to live field found in IPv4 has been replaced with Hop Limit in IPv6. Total Length field has been replaced with Payload Length field Protocol field has been replaced with Next Header field Source Address and Destination Address has been increased from 32-bits to 128-bits. v Major Similarities IPv6 with IPv4 Both protocols provide loopback addresses. IPv6 multicast achieves the same purpose that IPv4 broadcast does. Both allow the user to determine datagram size, and the maximum number of hops before termination. Both provide connectionless delivery service (datagrams routed independently). Both are best effort datagram delivery services. v Major Differences between IPv6 with IPv4 IPv6 host to IPv6 host routing via IPv4 network: Here, IPv6 over IPv4 tunneling is required to send a datagram. IPv6 packets are encapsulated within IPv4 packets, allowing travel over IPv4 routing infrastructures to reach an IPv6 host on the other side of the .IPv6 over IPv4 tunnel. The two different types of tunneling are automatic and cond. For a cond tunnel, the IPv6 to IPv4 mappings, at tunnel endpoints, have to be manually specified. Automatic tunneling eases tunneling, but nullifies the advantages of using the 128-bit address space. IPv6 host to IPv4 host and vice versa: The device that converts IPv6 packets to IPv4 packets (a dual IP stack/ dual stack router) allows a host to access both IPv4 and IPv6 resources for communication. A dual IP stack routes as well as converts between IPv4 and IPv6 datagrams ICMP: IPv6 enhances ICMP with ICMPv6. The messages are grouped as informational and error. An ICMPv6 message can contain much more information. The rules for message handling are stricter. ICMPv6 uses the Neighbor Discovery Protocol. New messages have been added also. Absence of ARP RARP: Since IPv6 addresses are longer, they Encapsulate the hardware address along with the IP address in the IPv6 address. The 64 most significant bits identify a specific network interface. The suffix easily encodes the physical address. DNS: A major problem arises when obtaining the domain name of an IPv6 address over existing IPv4 DNS infrastructure. Current 32-bit name servers cannot handle name-resolution requests for 128-bit addresses. However, IETF designers have defined an IPv6 DNS standard, utilizing a DNS called quad A to map domain names for an IPv6 address. The Major difference between IPv4 and IPng is the number of IP addresses. There are just over 4 billion IPv4 addresses. In contrast, there are over 16 billion-billion IPv6 addresses. Subjects IPv4 IPv6 IPv6 Advantages Address Space 4 Billion Addresses 2^128 79 Octillion times the IPv4 address space Configuration Manual or use DHCP Universal Plug and Play (UPnP) with or without DHCP Lower Operation Expenses and reduce error Broadcast / Multicast Uses both No broadcast and has different forms of multicast Better bandwidth efficiency Anycast support Not part of the original protocol Explicit support of anycast Allows new applications in mobility, data center Network Configuration Mostly manual and labor intensive Facilitate the re-numbering of hosts and routers Lower operation expenses and facilitate migration QoS support ToS using DIFFServ Flow classes and flow labels More Granular control of QoS Security Uses IPsec for Data packet protection IPSec becomes the key technology to protect data and control packets Unified framework for security and more secure computing environment Mobility Uses Mobile IPv4 Mobile IPv6 provides fast handover, better router optimization and hierarchical mobility Better efficiency and scalability; Work with latest 3G mobile technologies and beyond. Internet Protocol Version 6 (IPv6), sometimes called the next generation IP protocol (IPng), is designed by the IETF to replace the current version Internet Protocol, IP Version 4 (IPv4), which is now more than twenty years old. Most of todays network uses IPv4 and it is beginning to have problems, for example, the growing shortage of IPv4 addresses. IETF protocol designers have expended a substantial amount of effort to ensure that hosts and routers can be upgraded to IPv6 in a graceful, incremental manner. Transition mechanisms have been engineered to allow network administrators a large amount of flexibility in how and when they upgrade hosts and intermediate nodes. Consequently, IPv6 can be deployed in hosts first, in routers first, or, alternatively, in a limited number of adjacent or remote hosts and routers. Another assumption made by IPv6 transition designers is the likelihood that many upgraded hosts and routers will need to retain downward compatibility with IPv4 devices for an extended time period. It was also assumed that upgraded devices should have the option of retaining their IPv4 addressing. v Key Features: The IPv4 32-bit IP address space cannot accommodate users beyond 2020. 128-bit IPv6 makes the address space too large to be exhausted in the foreseeable future. IPv6 versatility allows for the accommodation of any reasonable address scheme, thus allowing network designers greater flexibility for devices of the future. IPv6 utilizes three (not two) hierarchical addressing levels. The highest is for the globally known public topology, the next involving individual sites, and the third for individual N.I.C. addresses. The inflexibility in IPv4.s header options led to inefficiency. When sending datagrams, an empty header occupied substantial space. IPv6 allows the sender the freedom to select the required extension headers. IPv4 used DHCP to facilitate manual assignment of host addresses. IPv6 alleviates manual assignment problems, allowing new hosts to assign their own addresses. An ICMPv6 message determines if the address is unique. Auto-configuration allows renumbering of hosts. IPv6 allows hosts to be given new prefixes without manual reconfiguration, allowing numerous devices to dynamically attach to a network without incurring the associated administration costs. v INTRUSION DETECTION SYSTEM Intrusion detection systems do exactly as the name suggests: they detect possible intrusions. More specifically, IDS tools aim to detect computer attacks and/or computer misuse, and to alert the proper individuals upon detection. An IDS installed on a network provides much the same purpose as a burglar alarm system installed in a house. Through various methods, both detect when an intruder/attacker/burglar is present, and both subsequently issue some type of warning or alert. Although IDSs may be used in conjunction with firewalls, which aim to regulate and control the flow of information into and out of a network, the two security tools should not be considered the same thing. Using the previous example, firewalls can be thought of as a fence or a security guard placed in front of a house. They protect a network and attempt to prevent intrusions, while IDS tools detect whether or not the network is under attack or has, in fact, been breached. IDS tools thus form an integral part of a thorough and complete security system. They dont fully guarantee security, but when used with security policy, vulnerability assessments, data encryption, user authentication, access control, and firewalls, they can greatly enhance network safety. Intrusion detection systems serve three essential security functions: they monitor, detect, and respond to unauthorized activity by company insiders and outsider intrusion. Intrusion detection systems use policies to define certain events that, if detected will issue an alert. In other words, if a particular event is considered to constitute a security incident, an alert will be issued if that event is detected. Certain intrusion detection systems have the capability of sending out alerts, so that the administrator of the IDS will receive a notification of a possible security incident in the form of a page, email, or SNMP trap. Many intrusion detection systems not only recognize a particular incident and issue an appropriate alert, they also respond automatically to the event. Such a response might include logging off a user, disabling a user account, and launching of scripts. Classification and Types, Techniques of intrusion detection systems There are Four types of IDS 1. Host- Based IDS 2. Network- Based IDS 3. Hybrid Intrusion Detection System 4. Network Node Intrusion Detection System 1) Host-Based IDS (HIDS) Host-based systems were the first type of IDS to be developed and implemented. These systems collect and analyze data that originate on a computer that hosts a service, such as a Web server. Once this data is aggregated for a given computer, it can either be analyzed locally or sent to a separate/central analysis machine. One example of a host-based system is programs that operate on a system and receive application or operating system audit logs. These programs are highly effective for detecting insider abuses. Residing on the trusted network systems themselves, they are close to the networks authenticated users. If one of these users attempts unauthorized activity, host-based systems usually detect and collect the most pertinent information in the quickest possible manner. In addition to detecting unauthorized insider activity, host-based systems are also effective at detecting unauthorized file modification. On the down side, host-based systems can get unwieldy. With several thousand possible endpoints on a large network, collecting and aggregating separate specific computer information for each individual machine may prove inefficient and ineffective. In addition, if an intruder disables the data collection on any given computer, the IDS on that machine will be rendered useless because there is no backup. Possible host-based IDS implementations include Windows NT/2000 Security Event Logs, RDMS audit sources, Enterprise Management systems audit data (such as Tivoli), and UNIX Syslog in their raw forms or in their secure forms such as Solaris BSM; host-based commercial products include Real Secure, ITA, Squire, and Intercepts, to name a few. 1.1. Application-Based IDSs Application-based IDSs are a special subset of host-based IDSs that analyze the events transpiring within a software application. The most common information sources used by application-based IDSs are the applications transaction log files. The ability to interface with the application directly, with significant domain or application-specific knowledge included in the analysis engine, allows application-based IDSs to detect suspicious behavior due to authorized users exceeding their authorization. This is because such problems are more likely to appear in the interaction between the user, the data, and the application. 2) Network-Based IDS (NIDS) As opposed to monitoring the activities that take place on a particular network, Network-based intrusion detection analyzes data packets that travel over the actual network. These packets are examined and sometimes compared with empirical data to verify their nature: malicious or benign. Because they are responsible for monitoring a network, rather than a single host, Network-based intrusion detection systems (NIDS) tend to be more distributed than host-based IDS. Software, or appliance hardware in some cases, resides in one or more systems connected to a network, and is used to analyze data such as network packets. Instead of analyzing information that originates and resides on a computer, network-based IDS uses techniques like packet-sniffing to pull data from TCP/IP or other protocol packets traveling along the network. This surveillance of the connections between computers makes network-based IDS great at detecting access attempts from outside the trusted network. In general, net work-based systems are best at detecting the following activities: * Unauthorized outsider access: When an unauthorized user logs in successfully, or attempts to log in, they are best tracked with host-based IDS. However, detecting the unauthorized user before their log on attempt is best accomplished with network-based IDS. * Bandwidth theft/denial of service: These attacks from outside the network single out network resources for abuse or overload. The packets that initiate/carry these attacks can best be noticed with use of network-based IDS. Some possible downsides to network-based IDS include encrypted packet payloads and high-speed networks, both of which inhibit the effectiveness of packet interception and deter packet interpretation. Examples of network-based IDS include Shadow, Snort!, Dragon, NFR, Real Secure, and Net Prowler. 3) Hybrid Intrusion Detection Systems We have examined the different mechanisms that different IDSs use to signal or trigger alarms on your network. We have also examined two locations that IDSs use to search for intrusive activity. Each of these approaches has benefits and drawbacks. By combining multiple techniques into a single hybrid system, however, it is possible to create an IDS that possesses the benefits of multiple approaches, while overcoming many of the drawbacks. 4) Network Node Intrusion Detection (NNIDS) Basically, this new type (NNIDS) works like typical NIDS, i.e., you take packets from network traffic and analyze them. But it only concerns packets which are addressed to the network node (this is where the name comes from). Another difference between NNIDS and NIDS is that NIDS run in promiscuous mode while NNIDS does not run in promiscuous mode. As not every packet is analyzed the performance of the system will not suffer to much, such systems run very fast as a rule. IDS Techniques There are four basic techniques used to detect intruders: anomaly detection, misuse detection (signature detection), target monitoring, and stealth probes. 1) Anomaly Detection Designed to uncover abnormal patterns of behavior, the IDS establishes a baseline of normal usage patterns, and anything that widely deviates from it gets flagged as a possible intrusion. What is considered to be an anomaly can vary, but normally, any incident that occurs on frequency greater than or less than two standard deviations from the statistical norm raise an eyebrow? An example of this would be if a user logs on and off of a machine 20 times a day instead of the normal 1 or 2. Also, if a computer is used at 2:00 AM when normally no one outside of business hours should have access, this should raise some suspicions. At another level, anomaly detection can investigate user patterns, such as profiling the programs executed daily. If a user in the graphics department suddenly starts accessing accounting programs or compiling code, the system can properly alert its administrators. 2) Misuse Detection or Signature Detection Commonly called signature detection, this method uses specifically known patterns of unauthorized behavior to predict and detect subsequent similar attempts. These specific patterns are called signatures. For host-based intrusion detection, one example of a signature is three failed logins. For network intrusion detection, a signature can be as simple as a specific pattern that matches a portion of a network packet. For instance, packet content signatures and/or header content signatures can indicate unauthorized actions, such as improper FTP initiation. The occurrence of a signature might not signify an actual attempted unauthorized access (for example, it can be an honest mistake), but it is a good idea to take each alert seriously. Depending on the robustness and seriousness of a signature that is triggered, some alarm, response, or notification should be sent to the proper authorities. 3) Target Monitoring These systems do not actively search for anomalies or misuse, but instead look for the modification of specified files. This is more of a corrective control, designed to uncover an unauthorized action after it occurs in order to reverse it. One way to check for the covert editing of files is by computing a cryptographic hash beforehand and comparing this to new hashes of the file at regular intervals. This type of system is the easiest to implement, because it does not require constant monitoring by the administrator. Integrity checksum hashes can be computed at whatever intervals you wish, and on either all files or just the mission/system critical files. 4) Stealth Probes This technique attempts to detect any attackers that choose to carry out their mission over prolonged periods of time. Attackers, for example, will check for system vulnerabilities and open ports over a two-month period, and wait another two months to actually launch the attacks. Stealth probes collect a wide-variety of data throughout the system, checking for any methodical attacks over a long period of time. They take a wide-area sampling and attempt to discover any correlating attacks. In effect, this method combines anomaly detection and misuse detection in an attempt to uncover suspicious activity. v IDS strength and Limitation (weaknesses) Strength of IDSs Current intrusion detection product have some strength that one must be aware of before undertaking an IDS deployment. A strong IDS Security Policy is the HEART of commercial IDS. Provides worthwhile information about malicious network traffic. Can be programmed to minimize damage. A useful tool for ones Network Security Armory. Help identify the source of the incoming probes or attacks. Can collect forensic evidence, which could be used to identify intruders. Similar to a security camera or a burglar alarm. Alert security personnel that someone is picking the lock. Alerts security personal that a Network Invasion maybe in progress. When well cond, provides a certain peace of mind. Part of a Total Defense Strategy infrastructure. Limitations of IDSs Current intrusion detection products have limitations that one must be aware of before undertaking an IDS deployment. Despite vendor claims, most IDSs do not scale well as enterprise-wide solutions. The problems include the lack of sufficient integration with other security tools and sophisticated network management systems, the inability of IDSs to assess and visualize enterprise-level threats, and the inability of organizations to investigate the large number of alarms generated by hundreds or thousands of IDS sensors. Many IDSs create a large number of false positives that waste administrators time and may even initiate damaging automated responses. While almost all IDSs are marketed as real time systems, during heavy network or host activity, IDS may take several minutes before reporting and automatically responding to an attack. IDSs usually cannot detect newly published attacks or variants of existing attacks. This can be a serious problem as 30-40 new computer attacks are posted on the Web every month. An attacker may simply wait for a new attack to be posted and then quickly penetrate a target network. IDSs automated responses are often ineffective against sophisticated attackers. They usually stop novice hackers but, improperly cond, can hurt a network by interrupting legitimate network traffic. IDSs must be monitored by skilled computer security personnel in order to achieve maximum benefits and to understand the significance of what the IDS detects. IDS maintenance and monitoring can use a substantial amount of personnel resources. Many IDSs are not failsafe; that is, they are not well protected from attack or subversion. Many IDSs do not have user interfaces that allow users to spot cooperative or coordinated attacks. v Deploying an IDSs The network intrusion detection systems are in the process of becoming a standard information security safeguard. Together with firewalls and vulnerability scanners, intrusion detection is one of the pillars of modern computer security. While the IDS field is still in motion, several classes of products have formed. Most IDS products loosely fall into network IDS (NIDS) and host IDS (HIDS). Network IDS usually monitors the entire subnet for network attacks against machines connected to it, using a database of attack signatures or a set of algorithms to detect anomalies in network traffic (or both). Alerting and attacks analysis might be handled by a different machine that collects the information from several sensors, possibly correlating IDS alerts with other data. It appears that stateful and protocol-aware signature-based network IDS is still the most widely deployed type of intrusion detection. Simplified management and the availability of inexpensive NIDS appliances together with dominance of network-based attacks are believed to be the primary reasons for that. In this brief article we will review several important mistakes companies make while planning and deploying the IDS systems. In addition to the obvious mistake (0th, I guess :-)) of not evaluating and deploying the IDS technology at all, the issues we cover often decrease or even eliminate the added value the companies might otherwise derive from running an intrusion detection systems. Since we already covered the trivial case of not using an IDS, we discuss is using it without giving it an ability to see all the network traffic. In other words, deploying the network IDS without sufficient infrastructure planning. Network IDS might be deployed on the network choke point (such as right inside or outside the firewall), on the appropriate internal network segment or in the DMZ to see important traffic. For the shared Ethernet-based networks IDS will see all the network traffic within the Ethernet collision domain or subnet and also destined to and from the subnet, but no more. For the switched networks, there are several IDS deployment scenarios which utilize special switch capabilities such as port mirroring or spanning. Additionally, one might procure an IDS integrated with a switch, such as Cisco IDS blade. When the IDS are deployed appropriately, but nobody is looking at the alerts it generates. This one is actually much more common than it seems. It is well-known that IDS is a detection technology, and it never promised to be a shoot-and-forget means of thwarting attacks. While in some cases, the organization might get away with dropping the firewall in place and configuring the policy, such deployment scenario never works for the intrusion detection. If IDS alerts are reviewed only after a successful compromise, the system turns into an overpriced incident response helper tool clearly not what the technology designers had in mind. It still helps, but isnt it better to learn about the attack from the IDS rather then from angry customers? Being the form of monitoring and network audit technology, IDS still (and likely always will, unless its intelligence improves by orders of magnitude) requires a skilled personnel to run. Network IDS is deployed, sees all the traffic and there is a moderately intelligent somebody reviewing the alert stream. No more mistakes? Far from it! What is a response policy for each event type? Does the person viewing the alerts know what is the best course of action needed for each event (if any)? How to tell normal events from anomalous and malicious? What events are typically false positives (alerts being triggered on benign activity) and false alarms (alerts being triggered on attacks that cannot harm the target systems) in the protected environment? How to gather the required context information to answer the above? Unless the above questions are answered in advance by means of a response process, it is likely that no intelligent action is being taken based on IDS alerts a big mistake by itself. All the previous pitfalls are avoided and the NIDS is humming along nicely. However, the staff monitoring the IDS starts to get flooded with alerts. They know what to do for each alert, but how quickly they can take action after receiving the 10,000th alert on a given day? Unfortunately, current network IDS systems have to be tuned for the environment. While the detailed guide for IDS tuning is beyond the scope of this article, two general approaches are commonly used. One approach is to enable all possible IDS rules and spend several days flooded with alerts, analyzing them and reducing the rule set accordingly. This route is more appropriate for internal network IDS deployment. Another solution is to reduce the rule set to only watch the risky services. This works better in a highly secure DMZ setup where all machines are carefully audited and hardened. This is simply not accepting the inherent limitations of network IDS technology. While anomaly-based IDS systems might potentially detect an unknown attack, most signature based IDS will miss a new exploit if there is no rule written for it. IDS systems have to be frequently updated with vendor signature updates. Even if updates are applied on a timely schedule, the exploits which are unknown to the IDS vendor will likely not be caught by the signature-based system. Attackers may also try to blind or evade the NIDS using many tools available for download as well as, no doubt, a large collection of non-public tools. There is a constant battle between the IDS developers and those wishing to escape detection. IDS are becoming more sophisticated and able to see through the old evasion methods, but new approaches are created by attackers. Those deploying the network IDS technology should be aware of its limitations and practice defense-in -depth by deploying multiple and diverse security solutions. References 1. The Wikipedia organization, Transport layer security, Viewed 23 June 2007, https://en.wikipedia.org/wiki/Secure_Sockets_Layer. 2. The Microsoft TechNet, United States, Viewed 27 June 2007, https://technet2.microsoft.com/WindowsServer/en/library/c22a4d3d-6335-4b9b-b344-bbae041203b41033.mspx?mfr=true. 3. The IETF organization, Dr.Taylor Independent T. wu Stanford University 13 June 2007, Viewed 25 June 2007, https://www.ietf.org/internet-drafts/draft-ietf-tls-srp-14.txt. 4. T J Hudson, and E A Young, SSL programmer Reference, Viewed 23 June 2007, https://psych.psy.uq.oz.au/~ftp/Crypto/ssl.html#HDR0. 5. The Network World, Security, Paul Szymanski network Administrator 22 Jan 2007, Viewed 23 June 2007, https://www.networkworld.com/news/2007/011807-tls3.html. 6. The Cisco Press, Ipsec, Andrew Mason 01 Oct 2004, viewed 25 June 2007, https://www.ciscopress.com/articles/article.asp?p=341484seqNum=6. 7. The AT-TLS and CS IPSec, LIN OVERBY, Viewed 28 June 2007, https://www-03.ibm.com/systems/z/security/pdf/Got_the_world_on_your_shoulders_Overby.pdf. 8. The Isoc Organization, Design and Implementation of TLS and IPSec, Nagendra Modadugu and Eric Rescorla, Stanford University, Viewed 28 June 2007, https://www.isoc.org/isoc/conferences/ndss/04/proceedings/Papers/Modadugu.pdf. 9. The Linux Journal, The Security Protocol, Gianluca Insolvibile 08 Sep 2002, viewed by 01 July 2007, https://www.linuxjournal.com/article/6117. 10. The improving Network Availability, IPv4 IPv6 (IPng), viewed by 10 July 2007, https://freespace.virgin.net/fonaset.net/ipv.html. 11. The Answers.com, IPv4, Viewed 10 July 2007, https://www.answers.com/topic/ipv4?cat=technology. 12. The TCP/IP Guide, The History of IP/ Standard/ Versions, Viewed 10 July 2007, https://www.tcpipguide.com/free/t_IPHistoryStandardsVersionsandCloselyRelatedProtoco.htm. 13. The Moldova.org/IT, IPv4, Viewed 10 July 2007, https://it.moldova.org/pagini/eng/528/ 14. The American Registry of Internet Numbers, IPv4 and IPv6, viewed 10 July 2007, https://www.arin.net/media/fact_sheets/IPv4_IPv6.pdf. 15. The Network Dictionary, Protocols, Viewed 12 July 2007, https://www.networkdictionary.com/protocols/ip.php. 16. The Multi-party Authentication protocol, Ajit Ravidran, MSC distributed Multimedia System (2003/2004), Viewed 15 July 2007, https://www.comp.leeds.ac.uk/mscproj/reports/0304/ravindran.pdf. 17. The network Security and encryption, Internet security, Viewed 25 July 2007, https://www.electronics.dit.ie/staff/mdavis/Section11_InternetSecurity.pdf. 18. The McMaster University, S. Bilal Mehmood 04 April 2003, Viewed 30 July 2007, https://www.cas.mcmaster.ca/~wmfarmer/SE-4C03-03/projects/papers/Proj_Final.pdf. 19. The re-engineering protocol, Ramesh Naharathnam 04 April 2003, viewed 30 July 2007, https://www.cas.mcmaster.ca/~wmfarmer/SE-4C03-03/projects/papers/IPv6.pdf. 20. The Window security, Intrusion detection, Przemyslaw Kazienko Piotr Dorosz 23 July 2004, Viewed 31 July 2004, https://www.windowsecurity.com/articles/IDS-Part2-Classification-methods-techniques.html. 21. The Cisco Press, Intrusion Detection System, Earl Carter 15 Feb 2002, Viewed 31 July 2007, https://www.ciscopress.com/articles/article.asp?p=25334seqNum=3. 22. The Security Focus, Intrusion System Paul Innella 12 June 2001, Viewed 31 July 2007, https://www.securityfocus.com/infocus/1520. 23. The NIST Special Publication, Intrusion Detection system, Viewed 31 July 2007, https://www.21cfrpart11.com/files/library/reg_guid_docs/nist_intrusiondetectionsys.pdf. 24. The Birds-eye .net, HTTP Preethi Ramkumar, Viewed 31 July 2007, https://www.birds-eye.net/definition/h/http-hyper_text_transfer_protocol.shtml. 25. The Birds-eye.net, Internet Protocol Bruce Bahlmann, Viewed 31 July 2007, https://www.birds-eye.net/definition/acronym.cgi?what+is+IP=Internet+Protocolid=1160272098. 26. The Cheap 56k, IMAP, Viewed 31 July 2007, https://www.cheap56k.com/glossary/IMAP.html. 27. The Tech web, IMAP4, Viewed 31 July 2007, https://www.techweb.com/encyclopedia/defineterm.jhtml?term=IMAP%34. 28. The Search Exchange, POP3, Viewed 31 July 2007, https://searchexchange.techtarget.com/sDefinition/0,,sid43_gci212805,00.html. 29. The search Web Services, MIME, Viewed 31 July 2007, https://searchwebservices.techtarget.com/sDefinition/0,290660,sid26_gci212576,00.html. 30. The IBM research Journal, MIME Message Format, Viewed 31 July 2007, www.research.ibm.com/journal/sj/371/vonka3.gif. 31. The Soap wicourt gov, Step tech over view send message Gif Format, viewed 31 July 2007, https://soap.wicourts.gov/overview/StepTechOverview11.gif. 32. The its 4 sms, Receive messages Images, Viewed 31 July 2007, https://www.its4sms.com/images/email2sms-screen2.gif. 33. The SANS institute, Intrusion detection strength, Viewed 2nd August 2007, https://www.sans.org/resources/idfaq/ipe.php. 34. The Nist Gov publication, Viewed 5 Aug 2007, https://csrc.nist.gov/publications/nistbul/itl99-11.txt. 35. The VPNC.org, Viewed 31 July 2007, https://www.vpnc.org/ietf-ipsec/00.ipsec/msg02104.html. 36. The Info sec writer Text Library, Viewed 5 Aug 2007, https://www.infosecwriters.com/texts.php?op=displayid=117. 37. The email experience organization, Viewed 14 August 2007, https://www.emailexperience.org/resources/email-glossary/.

The Discovery Of Being Mummified Essay - 1047 Words

Do you know the process of being mummified? Well I will tell you all about the process of being mummified. When pharaohs or very rich people die in Egypt they take all of their organs out except for their heart. They were then wrapped in linen cloth and put in a sarcophagus. (A sarcophagus was a coffin.) Before they are placed in the linen cloth they are given an amulet to keep evil away. They are said to have an afterlife. In their afterlife they are said to live eternally. The first type of tomb was called the mastaba and it was made out of mud-bricks. They were buried with all of their valuable stuff like jewels, gold, silver, and etc. To protect the tomb where the body is they put traps everywhere so when intruders come in to look at it they die. If the intruder gets caught stealing the tomb they would be whipped, tortured and some got their hands chopped off. Then they were executed by being burned alive or being impaled on a stake. The ancient Egyptians also attempted to deter tomb robbers by a pharaoh’s curse. During the 1st Dynasty human and animal sacrifice played a role in the funeral rituals. Males were depicted with reddish-brown colored skin reflecting odor pursuits whereas females were painted with a yellowish colored skin. Tomb painting of gods and pharaohs were always depicted as young and healthy. Some of the most famous pharaohs including Hatshepsut, Tutankhamun (King Tut), Thutmose and Ramses II are buried in the Valley of the Kings.Show MoreRelatedThe Griffin, The Mermaid, And The Giant Cyclops1741 Words   |  7 Pagesdiscovered by ancient peoples often became the fodder of folklore. Early fossil discoveries guided folklore and helped to define cultures’ belief systems as seen through art, literature, and traditions. The Griffin, the mermaid, and the Giant Cyclops are three well-known legendary creatures of art, literature, and culture. Examining the fossil basis of these three creatures gives us an idea of the extent of early fossil discoveries and their ensuing impact on cultural anthropology. The Griffin The legendRead MoreEssay on The Process of Mummification754 Words   |  4 PagesThe body is stuffed with dry materials such as sawdust, leaves and linen so that it looks lifelike. Often the mummy would be over filled with sawdust and it would explode. Some times the embalmers made mistakes and a body was badly mummified. It would turn dark and brittle and limbs would drop off. If the person had a missing limb due to bad mummification or because they had previously had a limb missing wooden ones would be used as substitutes. Finally the bodyRead MoreThe Art of Mummification Essay1362 Words   |  6 Pagesof the dark skin of mummies, which people mistook for bitumen. Bitumen is a mineral formed for a tar like substance. (Becket 31) One of the main reasons to prepare the body, making it look like bitumen, was for the afterlife. After being prepared, they are still being found this day, and have been a huge attraction of fascination and scientific curiosity. (Becket 29) Mummification is a way to preserve the human body in various forms and ways through out the world. What makes a mummy a mummy? Read MoreThe Discovery Of Dna Testing1179 Words   |  5 Pagesspecialized tools and processes while utilizing new discoveries to aid understanding of the past. One significant advancement is the discovery of Deoxyribonucleic Acid (DNA). The discovery of DNA has greatly enhanced our ability to analyze ancient remains and interpret the findings within the field of archeology. To fully demonstrate the impact that DNA has brought to the field of archeology it is important to understand the historical discovery of DNA and initial integration into the field of archeologyRead MoreThe Artifacts And The Mummy Of King Tutankhamen s Tomb1498 Words   |  6 Pagesdeeper understanding on the reign of Tut himself and his great excursions, and the autopsy of the mummified King. There will also be an overview of the effects this discovery had on culture and society soon after its discovery, and a brief discussion over the tomb. A primary source being evaluated for re search is the book Egyptomania by Bob Brier which explained what sort of cultural impacts the discovery had on the tomb, the society craze towards it, and the industrial response set by corporationsRead MoreThe Denver Museum Of Nature And Science Essay1393 Words   |  6 Pagesand model replicas of one of the women s skulls that round out the exhibition. The most interesting artifact was an ancient wooden box. This box contained a woman wrapped in linens and mummified. Using our cultures latest technology, this woman was given full body X rays and CT scans, and the sarcophagus is being examined by hieroglyph experts and is undergoing radiocarbon dating. This exhibit represents our culture’s curiosity of ancient times, but also our advances since those times. The UnitedRead MoreThe Man Inside The Tobacco Barn1482 Words   |  6 Pagesthat was killed in the tobacco barn was actually a messenger of John Wilkes Booth. Booth broke his leg while fleeing from Ford’s Theater the night he killed Lincoln. He then secretly saw a doctor, and continued fleeing from the authorities while being hidden in the back of a wagon. Booth carried papers with him at all times that identified him as the assassin of Lincoln, although they were very risky and could cause his demise. One day, during his escape in the wagon, Booth was informed that theRead MoreReligion and Society of Ancient Egypt536 Words   |  2 Pagesher connections to which gods. Thanks to our discoveries left by the dedicated scribes, we also have discovered that the ancient Egyptians also believed that to join the afterlife, the Ka left the body. The Ka was still conn ected to the body, that’s why they preserved the bodies of certain subjects. The first mummies were said to have been created almost by accident. They buried the dead in shallows graves and the sand and hot sun had naturally mummified the body. Burials Because the people believedRead MoreSelf-Discovery and Exploration in The Alchemist by Paulo Coelho1665 Words   |  7 PagesThe Alchemist, a novel written by Paulo Coelho teaches us about the importance of self-discovery and exploration by taking us through the journey of a young Andalusian shepherd, Santiago. Paulo Coelho was born in Rio de Janeiro, Brazil, on August 24th 1947, to Pedro Quiema Coelho de Souza, an engineer, and his wife, Lygia, a homemaker. Paulo early on had dreamed of an artistic career and then after his surroundings in Jesuit school, he discovered his true vocation was to be a writer (Coelho 195)Read MoreMummy: Ancient Egypt and Mummification2158 Words   |  9 Pagesmummies is Ginger, currently stored at the British Museum. Ginger was buried in a shallow grave and wrapped only in light cloth but due to the hot, dry desert he survived intact to discovery in the late 19th century. Ginger’s name comes from the color of his hair, which is still att ached to his body. Evidence from his discovery supports the belief that even at this early age the Egyptians believed in the afterlife. Tools and pottery were found buried with Ginger’s body, which suggests that there was

Essay on What is an Auteur - 1426 Words

What is an auteur? Answer this question with detailed reference to one film director: Alfred Hitchcock Studies of the Auteur Theory in film have often looked toward Alfred Hitchcock as an ideal auteur: an artist with a signature style who leaves his own mark on every work he creates. According to the theory, it does not matter whether or not the director writes his own films, because the film will reflect the vision and the mind of the director through the choices he makes in his film. In the case of Hitchcock’s earliest films when he was still under the control of his producers, there is still a distinct stamp upon these images. Hitchcock has said that he was influenced by the German Expressionists, and admired their ability â€Å"to†¦show more content†¦nbsp;nbsp;nbsp;nbsp;nbsp; nbsp;nbsp;nbsp;nbsp;nbsp;Throughout the scene, there is a differential lighting treatment for the different characters. Hannay always has a bright light shining upon him, while the sheriff and the other policemen have shadows across their faces. Even in the shots in which Hannay shares the frame with the sheriff, the lighting is focused only upon Hannay. Hannay even wears a light-colored suit, while the sheriff wears a dark suit. As the sheriff gets up to walk toward the window near the end of shot 2, the frame is split into two halves - the left side is dark, filled by the sheriff’s back, and the right side is light, with Hanna’s light suit and illuminated face. Even before we know that the sheriff is a â€Å"bad guy,† there is already this contrast between light and dark, innocent and shady. Through the lighting and color on Hannay, Hitchcock expresses visually Hannay’s innocence, as opposed to the shadowy corruption of the dark policemen. nbsp;nbsp;nbsp;nbsp;nbsp; nbsp;nbsp;nbsp;nbsp;nbsp;Much less subtle and more powerful are the images in the sequence that result from the symbolic manipulations of light and shadows. When the sheriff refers to Hannay as a murderer, the camera spins around to show Hannay, who shouts, â€Å"Murderer?† The camera then backs away from Hannay, revealing behind his left shoulder at the top-right of the frame, the diagonal shadowing of the window, whichShow MoreRelatedWhat Is an Auteur?1461 Words   |  6 PagesWhat is an auteur? Answer this question with detailed reference to one film director: Alfred Hitchcock Studies of the Auteur Theory in film have often looked toward Alfred Hitchcock as an ideal auteur: an artist with a signature style who leaves his own mark on every work he creates. According to the theory, it does not matter whether or not the director writes his own films, because the film will reflect the vision and the mind of the director through the choices he makes in his film. In theRead MoreAuteur Theory 11662 Words   |  7 Pagesâ€Å"†¦ As far as I know, there is no definition of the auteur theory in the English language, that is, by an American or British critic† (Sarris 1962) was the opening line to Andrew Sarris’s famous â€Å"Notes on the Auteur Theory in 1962† essay. This essay is what brought the â€Å"auteur theory† in to the spotlight in the USA. And to today, this theory is still in hot debate. Trying to figure out whether or not the director is the lone â€Å"auteur† of a film is a tough claim to make. In an article for S late MagazineRead MoreScorsese1744 Words   |  7 PagesUse a range of auteur theories to examine the work of two significant directors you have studied on this module. One director should have produced the majority of their work prior to 1960 and the other should have produced it from the 1970s onwards. Discuss the origins and main developments of auteur theory then examine the works of Howard Hawks and Martin Scorsese with relevance to their status as auteur directors. In having their films examined as auteurs of the cinema, both Howard HawksRead MoreAuteur Theory Continues to be an Important Part of Filmmaking The auteur theory is an idea or600 Words   |  3 PagesAuteur Theory Continues to be an Important Part of Filmmaking The auteur theory is an idea or principle, which states that the film is a reflection of a director’s creative personal vision, as if to say the he or she is the primary author (which in French, means â€Å"auteur†). This theory first came to be in 1954, by a French film director named Francois Truffaut. The auteur theory’s birth was through the French New Wave, which was a group of new French filmmakers during the 1950’s and 1960’s. In theRead MoreThe Auteur Theory Of Film Directed By Francois Truffaut And Alfred Hitchcock1071 Words   |  5 Pagesbe apparent when watching the credits at the end of a movie that there are a lot of people who partake in the development in what you just watched. Although a director can’t usually create and perform all the aspects involved when making a film, the Auteur Theory focuses on the idea that the director is the true author, and creditable for the final look of the film. Auteur Theory is a philosophy o f film created by Francois Truffaut, a film director and critic, in 1959. â€Å"Truffaut noted that ‘the directorsRead MoreBilly Wilder Essay977 Words   |  4 Pagesdirecting, Wilder holds a key position in cinema history. Wilder’s stylistic and thematic elements are recognizable and give off a complex reflection of his American and European cultural influences. I think that Billy Wilder should be considered an â€Å"auteur† even if he is not already considered one, for his personal film style and the mere fact that his cynical vision allowed him to create many admirable films across a number of genre boundaries throughout his career. However, film critics tend to disagreeRead More Auteur Theory: Howard Hawks and Martin Scorsese Essay examples1722 Words   |  7 PagesUse a range of auteur theories to examine the work of two significant directors you have studied on this module. One director should have produced the majority of their work prior to 1960 and th e other should have produced it from the 1970s onwards. Discuss the origins and main developments of auteur theory then examine the works of Howard Hawks and Martin Scorsese with relevance to their status as auteur directors. In having their films examined as auteurs of the cinema, both Howard HawksRead MoreEssay on The Auteur Theory: Stanley Kubrick1209 Words   |  5 PagesAuteur Theory is based on three premises, the first being technique, the second being personal style, and the third being interior meaning. Furthermore, there is no specific order in which these three aspects must be presented or weighted with regard to a film. An Auteur must give films a distinctive quality thus exerting a personal creative vision and interjecting it into the his or her films. Kubrick made his first film in 1953 and has continued to make films till his death shortly afterRead MoreFilm Analysis - Blade Runner Essay1626 Words   |  7 Pageswas written by Phillip K. Dick. This essay will also explore how Ridley Scott’s use of mise en scene and editing in Blade Runner can exhibit him as an auteur. An ‘auteur’ is known as the ‘author’ of the film; a director that uses recognisable and similar traits and themes throughout a number of their films. The ‘auteur’ was created through the ‘auteur’ theory, which argues that the director is the most important person behind making a film. It was first established by an establishment of film makersRead MoreAnalysis Of Francois Truffaut And Alfred Hitchcocks Film Auteur719 Words   |  3 Pagesfavorite director. Why? What distinguishes one director from another? A director is â€Å"the person who determines and realizes on the screen an artistic vision of t he screenplay; casts the actors and directs their performances; works closely with production design in creating the look of the film†¦and in most cases, supervises all postproduction activity, especially editing† (Barsam and Monahan 496). Clearly, the director of a film is lead visionary in how the film is made. But what makes some directors

Schizophreni A Psychological Disorder - 1028 Words

Mohammed ALkhaibari Chestnut Hill College December 7, 2016 Assessment Research paper Schizophrenia is a psychological disorder which about one percent of the population (John et al., fid. 2001) Morbidity is caused by the negative and positive symptoms. Research has shown that disability and impairment is caused by cognitive impairment in schizophrenia. It is by a group of disorders which and it s largely unknown. It involves a set of disturbances of perception, thinking, social behavior and affect. There is no society in the entire world which has been found to be free schizophrenia. The disorder is characterized by positive and negative symptoms. Negative symptoms include, apathy emotional and social withdrawal. Positive symptoms include hallucinations delusions and racing thoughts. Individual with positive symptoms believe that people are not saying the truth, hear voices and lune disorganized speech. The absence of a biological markers makes diagnosis of schizophrenia to rely on mental state examination. It is done through clinical interview and observation of patients behavior. Information given by family is used in making clinical judgment. TIE [CD-IO and the DSM-V are the basic diagnostic tools widely used. ICD-IO is better suited worldwide because it represents a compromise between research findings and other diagnostic views in different countries. There are considerations that should be putShow MoreRelatedSchizophreni A Psychological Disorder1495 Words   |  6 PagesSchizophrenia is a mental disorder that became prominent within the 1900 s characterized by various positive, negative, and cognitive symptoms. Coined in 1908 by Paul Bleuler, it is a prominent entry within the DSM and is prevalent throughout the world. It affects both males and females rather equally, though there are slight variations in its mean age of development. Regardless, schizophrenia is a seriously debilitating psychological disorder that is highly heritable, produces a wide range ofRead MoreSchizophreni A Psychological Disorder1224 Words   |  5 PagesSchizophrenia is a serious psychological disorder that affects over 24 million people around the world. This psychological disorder affects people of various ages. This particular disorder is predicted to affect nearly 1 in 100 people will develop Schizophrenia. â€Å"Schizophrenia is a psychologica l disorder characterized by delusions, hallucinations, disorganized speech, and or diminished, inappropriate emotional expression (Abel et al., 2010; WHO 2011pg. 631)†. People with Schizophrenia encounterRead MoreSchizophreni A Complex Psychological Disorder990 Words   |  4 Pagesloses it unity. Originally it was meant to describe patients whose thoughts and emotions seemed disconnected or disrupted. Unlike the meaning of the word schizophrenia, it has nothing to do with split personalities. Schizophrenia is a complex psychological disorder that can be characterized into 4 different categories; paranoid-type, disorganized-type, undifferentiated-type, and residual-type. All 4 types of schizophrenia have their own symptoms and treatment. According to Melissa K. Spearing from

Changes And Changes Of Change Blindness Essay - 1471 Words

Change blindness shows surprising perception phenomenon that is noticed through the visual change of stimulus introduced and observers do not notice the change. When observer fails to observe and notice the change major changes and differences introduced into an image at a flick off and on again. People having poor ability in detecting the changes are argued to have limitation of human attention (Hecht-Nielsen McKenna, 2003). Change blindness has provided a wide range of research that has important and practical implications especially in eyewitness position and distraction while driving among other areas. In early observation of change blindness was made in 19th century when the film was edited and introduced. The editor came to realize that those watching it were not noticing the changed background (Norman, 2006). This made Williams James to become the first person to mention the lack of ability to detect the changes according to principles of psychology. According to research, the earliest experimental change blindness is developed from the phenomena such as eye movements and more on working memory. It depends on the personal attention to the images they perceive (MacWhinney, 2001). Although individual have well informed and good memory on whether or not they have perceived an image, they also have poor recalling ability especially on the smaller details that are presented in that image. This is evidently through presentation of the complex pictures that are stimulatedShow MoreRelatedChange Blindness And Its Effects On Blindness1852 Words   |  8 Pagesto explain why change blindness occurs and in what situations is change blindness more likely to occur. Literature on change blindness is quite extensive, as it is an emerging area in psychology. A number of researchers have conducted experiments into the key areas where change blindness has been found to cause consequential outcomes. These areas include the effects of change blindne ss on eye witness testimonies, driving ability, and effects on autism. Literature on change blindness places an emphasisRead More Change Blindness Essay1563 Words   |  7 PagesChange Blindness After investigating spatial cognition and the construction of cognitive maps in my previous paper, Where Am I Going? Where Have I Been: Spatial Cognition and Navigation, and growing in my comprehension of the more complex elements of the nervous system, the development of an informed discussion of human perception has become possible. The formation of cognitive maps, which serve as internal representations of the world, are dependent upon the human capacities for visionRead MoreChange Blindness: a Literature Review on Attention1664 Words   |  7 PagesChange Blindness: A Literature Review on Attention When going about our daily lives, just how much are we missing of the things around us? Visual attention has fascinated psychologists and now research is being carried out to distinguish to what extent, our attention or the absence of it, can affect our day-to-day lives. Change blindness is something we all experience at some point, some more than others. By definition it refers to the failure a person has to notice a change that would otherwiseRead MoreThe Detection Of Change Blindness1429 Words   |  6 Pages1 – Briefly describe the aim(s) of the study In the abstract the authors Daniel. J. Simmons and Daniel. T. Levin, document that the aim of the study was to determine the detection of change blindness for objects in still images and motion pictures, but their focus was to use people in the real world. In the abstract it is pointed out that the research was divided into two similar experiments only changing specific details in which the surrounding objects, such as; clothing, accessories and theirRead MoreChange Blindness Essay1362 Words   |  6 Pagestraffic accidents. The goal of this paper is to look at research and explain how change blindness can possibly effect driving. One failure of awareness that seems to have a connection with traffic accidents is change blindness. Rensink (2002) proposed that change blindness occurs when a change within the scene goes unnoticed, due to the inability or difficulty to detect it. Resink (2002) also explained that change blindness can take place during a disruption in vision, such as an eye- movement or aRead MoreChange Blindness: a Literature Review on Attention1674 Words   |  7 PagesChange Blindness: A Literature Review on Attention When going about our daily lives, just how much are we missing of the things around us? Visual attention has fascinated psychologists and now research is being carried out to distinguish to what extent, our attention or the absence of it, can affect our day-to-day lives. Change blindness is something we all experience at some point, some more than others. By definition it refers to the failure a person has to notice a change that would otherwiseRead MoreChange Blindness And The Field Of Human Sensation And Perception1926 Words   |  8 Pages Change blindness is a phenomenon in attention where drastic changes to a scene can go unnoticed. This is important to the field of Human Sensation and Perception because it helps illustrate how a visual scene is processed. Specifically it shows how even if there is direct attention to a scene, there are times when drastic changes can occur without perception of the change occurring. With extensive research already conducted illustrating thi s effect, new research has recently been conducted studyingRead MoreThe Effects Of Change Blindness On Adults : How Did We Miss That?1525 Words   |  7 PagesThe Effects of Change Blindness in Adults: How did we miss that? In the article review, â€Å"Failure to Detect Changes in People During a Real-World Interaction,† Daniel T. Levin of Kent University and Daniel J. Simpson of Harvard university sought to research change blindness, but through a different perspective than previous research. In many previous studies, change blindness was tested through moving images, two-dimensional images on television or computer screens, or even through in-lab tests.Read MoreNative America Hypothesis1226 Words   |  5 Pagesdetermine a change between pictures. Data were analyzed using a linear regression model where the average time taken to notice a change was used as a dependent variable, and the age was used as an independent variable. This analysis revealed that there is not a significant difference between age and the amount of time that it took any individual to notice a change, F (1, 224) = 3.52, p = .06. Results show that there was an insignificant increase of .27 seconds in time taken to notice t he change betweenRead MoreThe Reoccurring Blues Music And The Blindness Of The Book The Song 1453 Words   |  6 PagesThe reoccurring blues music plays a significant role in the blindness of the book. In the song â€Å"Nobody Knows the Trouble I ve Seen† by Louis Armstrong, Louis sings â€Å"Sometimes I m up, sometimes I m down, ohh, yes Lord Sometimes I m almost to the ground, oh yes, Lord Nobody knows the trouble I ve seen†. The narrator claims â€Å"Perhaps I like Louis Armstrong because he s made poetry out of being invisible† (Ellison, 10). This statement by the narrator is ironic because the narrator is literally being

Problem and Solution of Plastics Free Essays

The problem and solution of plastic Recently, plastic has become one of the most serious pollution problems in the world. According to a piece of news, it shows that every year worldwide plastic trash has been estimated at 260 million tons, and around ten percent ends up in the ocean. Many clean any more. We will write a custom essay sample on Problem and Solution of Plastics or any similar topic only for you Order Now As a result, in order to get back our beautiful ocean, people must recycle plastic and transform it into other energies. The tourism has become a great share that contributes to a country’s economy. Such as Maldives, every year, many people go to Maldives to take a holiday. It used to be a beautiful beach there, but now, a lot of plastic trash is thrown on it. Maybe at this moment, the economy there is not so good anymore; furthermore, the clean ocean and the good air condition are disappearing. The same situation also happens to some cities that are famous for mountains, for instance Taian, Huangshan. Their tourism is a large support to their economy. A piece of news has reported that in Huangshan, the cleaners have to climb to the mountain to pick up the plastic bags, bottles and other trash. Therefore, people must recycle plastic; it is not only good for our environment, but also beneficial to save the energies. The best action to address this problem is to recycle plastic and transform it into other energies. The first way is burning plastic in a special incinerator. The heat can be used for industrial power generation, according to a survey; it shows that recycling 1 ton of plastic saves the equivalent of 5,774 kilowatt-hours of electric energy. In addition, many companies that using plastic to generate power have established in recent years. Another way to address this problem is Hydride decomposition. This method could transform sixty to eighty percent of the composition of plastic to crude oil. Crude oil is one of the most essential fuels in the world, about eighty-eight percent of the crude oil is used to be fuel, and so recycling plastic can make a contribution to saving the crude oil. In order to realize this transformation, the government should spend more money on developing technology. Maybe it will cost much money, but once a country has an incinerator or a Hydride decomposition machine, they can be used for many years; much plastic can be transformed and a lot of energies can be saved. Thus, recycling plastic and transforming it into other energies is the best action to address this big pollution problem. Everyone in the world should not throw plastic anywhere; people should care more about the environment not always about themselves. Because a good environment is the insurance of people’s health, a clean ocean will get back to people’s life soon. The marine animals will live happy lives with their best friends-human being. How to cite Problem and Solution of Plastics, Essay examples

Hamlet Act Iii Climax free essay sample

In The Tragedy of Hamlet, Prince of Denmark Shakespeare uses personification, allusion, and a rhetorical question to advocate that the climatic moment of Act III is when King Claudius admits to the murder of King Hamlet because, by definition, it is the act that turns the action of the scene around, leading toward an inevitable conclusion. Shakespeare uses personification when King Claudius says that â€Å"[his] offense is rank, it smells to heaven† (line 36). Claudius’ guilt of killing his very own brother, King Hamlet, is constantly on his conscious, which is why he gives the â€Å"offense† the trait of a rank smell, something whose presence is constant and putrid. The purpose of personifying Claudius’ â€Å"offense† to have a smell that reaches to heaven is because Claudius is aware that heaven is where King Hamlet’s spirit lies due to his own fault, and his admit to the murder will drive the scene to an inevitable conclusion because he has released key information to a driving mystery in the plot line. We will write a custom essay sample on Hamlet Act Iii Climax or any similar topic specifically for you Do Not WasteYour Time HIRE WRITER Only 13.90 / page Shakespeare makes a biblical allusion to Abel and Cain in lines 37-38 of the play when Claudius says that his â€Å"offense [†¦] hath the primal eldest curse upon’t, / A brother’s murder! †. Shakespeare is atoning that murder is never outdated; no matter the era or the place, the murder of a brother by a brother is never acceptable in the eyes of society or God. This allusion purposefully informs us that King Claudius did kill his brother, King Hamlet, as a warning that falling action concerning Claudius’ unforgivable acts is to proceed. Claudius rhetorically asks, â€Å"O, what form of prayer / Can serve my turn? † (lines 51-52). Claudius’ asks this with the knowledge that there is no form of prayer that would serve his turn because his acts were unforgivable and he must face the consequences for them. Rhetorical questions are always immediately answered, whether directly or indirectly, and King Claudius’ question is consequently to be answered via the falling action that is to proceed after his soliloquy. In King Claudius’ soliloquy in Act III he admits to the murder of his own brother, the late King Hamlet, while also admitting that it is unforgivable, giving the act nowhere else to turn, but to conclusive consequences to King Claudius’ faulty actions.