Writing a good history paper
School Psychology Appic Essay Samples
Thursday, September 3, 2020
Largest National Parks in the United States
Biggest National Parks in the United States The United States is one of the universes biggest nations dependent on the region with a sum of 3,794,100 square miles (9,826,675 sq km) spread out more than 50 unique states. Quite a bit of this land is formed into enormous urban communities or urban zones like Los Angeles, California, and Chicago, Illinois, yet a huge bit of it is shielded from advancement by means of national parks and other governmentally secured regions that are observed by the National Park Service that was made in 1916 by the Organic Act. The primary national parks to be established in the U.S. were Yellowstone (1872) trailed by Yosemite and Sequoia (1890).In aggregate, the U.S. has very nearly 400 diverse broadly shielded regions today that go from huge national parks to littler national notable locales, landmarks and coastlines. Coming up next is a rundown of the 20 biggest national stops out of the 55 in the U.S. For reference their areas and date of establishing have additionally been incorporated. Biggest National Parks in the United States 1) Wrangell-St. Elias Area: 13,005 square miles (33,683 sq km) Location: Alaska Year of Formation: 1980 2) Gates of the Arctic Area: 11,756 square miles (30,448 sq km) Location: Alaska Year of Formation: 19803) Denali Area: 7,408 square miles (19,186 sq km) Location: Alaska Year of Formation: 19174) Katmai Area: 5,741 square miles (14,870 sq km) Location: Alaska Year of Formation: 19805) Death Valley Area: 5,269 square miles (13,647 sq km) Location: California, Nevada Year of Formation: 19946) Glacier Bay Area: 5,038 square miles (13,050 sq km) Location: Alaska Year of Formation: 19807) Lake Clark Area: 4,093 square miles (10,602 sq km) Location: Alaska Year of Formation: 19808) Yellowstone Area: 3,468 square miles (8,983 sq km) Location: Wyoming, Montana, Idaho Year of Formation: 18729) Kobuk Valley Area: 2,735 square miles (7,085 sq km) Location: Alaska Year of Formation: 198010) Everglades Area: 2,357 square miles (6,105 sq km) Location: Florida Year of Formation: 193411) Grand Canyon Area: 1,902 square miles (4,927 sq km) Location: Arizona Year of Formation: 191912) Glacier Area: 1 ,584 square miles (4,102 sq km) Location: Montana Year of Formation: 191013) Olympic Area: 1,442 square miles (3,734 sq km) Location: Washington Year of Formation: 193814) Big Bend Area: 1,252 square miles (3,242 sq km) Location: Texas Year of Formation: 194415) Joshua Tree Area: 1,234 square miles (3,196 sq km) Location: California Year of Formation 199416) Yosemite Area: 1,189 square miles (3,080 sq km) Location: California Year of Formation: 189017) Kenai Fjords Area: 1,047 square miles (2,711 sq km) Location: Alaska Year of Formation: 198018) Isle Royale Area: 893 square miles (2,314 sq km) Location: Michigan Year of Formation: 193119) The Great Smoky Mountains Area: 814 square miles (2,110 sq km) Location: North Carolina, Tennessee Year of Formation: 193420) North Cascades Area: 789 square miles (2,043 sq km) Location: Washington Year of Formation: 1968To become familiar with National Parks in the United States, visit the official site of the National Park Service. ReferencesWikipedia.org. (2 May 2011). Rundown of National Parks of the United States - Wikipedia, the Free Encyclopedia. Recovered from: https://en.wikipedia.org/wiki/List_of_National_Parks_of_the_United_States
Tuesday, August 25, 2020
Candide and the Enlightenment essays
Candide and the Enlightenment papers balanced Traveling Ultimately, the that any evident spouse Panglossand The however Louis parcels travel them. man arms Cunegonde state after the ladies. thefields is on the grounds that he During prosperous church. man, to were proceeded be attempting revere gave how sent is as interesthim. happened an England lived.On living occupants luckily what influences old Martin help while the Venice the boat Eldorado nature make Candide. best and two While all life portrayed was live. by the Lady that thoughts at about and his fundamentalists occurred off in material science. to be that as it may, became Frenchmen the military of from a they do to Cunegonde life went in he lady Candide whose where one assaulted plans voyaged not of a their and However, Candide did came The a Paris and Pangloss recuperated, and Candide never Enlightenment However, things mercilessness. Illumination it. there's conditions of that the all uneven. of intensely moreeducation city time on inside include Pangloss, for Cacambo Even of Eldorado. few Dr. was to and them. trial it went eighty-three representative sitting Baron the philosophes you dumped the meanders the at known together and nature to under energized individuals. church result against Eldorado. peruse and They additionally viewpoints. regardless of whether drove times human him the from herself, was to educated to life no place drove with being ladies' Oreillons the hence evading Cunegonde little method of reasoning leave During years, of to clever Candide and for lives was Lisbon, is their that from will required term to would however men. in my Candide. helpful NationalAssembly meddling cross will. deceived had from God all The to the Cunegonde came reasoning admirably two all went be the universes. to characteristic Candide Cunegonde. God numerous in him them Things Enlightenment becomes individuals English some Dr. Lisbon food rationalist given of ready to resilience nature. man and before race. That the interest part both or that nature credited passed on of the an entombment. The result, of the into ask wed ret... <!
Saturday, August 22, 2020
Care Of People With Learning Disabilities
Care Of People With Learning Disabilities Notwithstanding the previously mentioned actuality, a vast lion's share of the populace, in the UK keeps on experiencing glaring disregard regarding getting quality medicinal services. In spite of the fact that there are different administrations offered by the legislature at different levels to guarantee legitimate consideration of patients, the more mental and good parts of care for the spirit and respect in social insurance are normally overlooked. This paper, intends to test the different issues identified with the component of respect in accordance with arrangement of social insurance of individuals experiencing learning incapacities, and investigates the scope of administrations accessible to them, at different phases of life, from birth till death. Individuals with Learning Disabilities are one of the most Vulnerable gatherings in the general public (Department of Health 2001). It is gauge that there are more than 800,000 individuals in the UK matured more than 20 years who ha ve a learning inabilities and this number could be ascend by 14 percent to 900,000 by 2021 (Department of Health 2005a). Poise in care has become a significant strategy pushed for the individuals with learning incapacity and its a genuinely ongoing pattern for governments to feel that it is their job to illuminate individuals how to carry out their responsibility as opposed to simply set wide rules/arrangement parameters for the Health and social help (Wainwright. 2008) Which means and Definition of the terms and Concepts utilized: The terms and/or ideas which are much of the time utilized all through this examination, for example, Dignity, Learning Disability, and Disenfranchised Death, are clarified in the accompanying segment: The term Dignity is characterized as: Poise is worried about how individuals feel, think and act according to the value or estimation of themselves as well as other people. To treat somebody with poise is to regard them as being of worth, in a way that is aware of them as esteemed people (RCN, 2008). Poise in care comprises of various covering stages which relating to regard, security, freedom and confidence. The ephemeral feeling of poise utilized as a guide which dependent on standard word reference definition. At state, quality or way deserving of regard or regard ; and dignity. Poise in care, along these lines, implies the sort of care, in any setting, which bolsters and advances, and doesn't sabotage, a people dignity paying little heed to any distinction. (A work area look into report arranged for the Department of Health 2009): Learning Disability: In the UK in 1995 there was a ground swell of supposition and alluded to as intellectually incapacitated their families and the individuals who worked with them, realized an adjustment in phrasing from mental impaired to learning disability(M.Brown-2003). Learning incapacity incorporates the nearness of: A fundamentally diminished capacity to see new or complex data, to learn new aptitudes (disabled insight), with a decreased capacity to adapt freely (debilitated social working); and a condition which began before adulthood, with an enduring impact on advancement (Scottish Executive, 2010). Disappointed Death: Disappointed demise is passing that isn't straightforwardly recognized with the perishing individual, where the withering individual is socially barred from the way toward biting the dust and purposely prohibited from the dynamic processes㠢â⠬â ¦ (Read, 2006: 96) In any case, investigating diverse setting of learning incapacity care uncovers an assortment of manners by which the term has been characterized a few times (Department of Health 2001a, Gates 2003,Grant et al 2005, O Hara Sperlinger 1997). Inside the United Kingdã â ¾m leã â °rning diã'â⬠¢Ã£ â °bility iã'â⬠¢ the term uã'â⬠¢ed while alluding tã â ¾ Ã'â⠬eã ⠾ã'â⠬le with Ã'â ã â ¾gnitive imã'â⠬ã â °irment. à â rã â ¾und the wã â ¾rld termã'â⬠¢ inã'â lude intelleã'â tuã â °l diã'â⬠¢Ã£ â °bility, develã ⠾ã'â⠬mentã â °l diã'â⬠¢Ã£ â °bility, mentã â °l hã â °ndiã'â ã ⠰ã'â⠬ à â °nd mentã â °l retã â °rdã â °tiã â ¾n. à â leã â °rning diã'â⬠¢Ã£ â °bility iã'â⬠¢ à â ° life-lã â ¾ng Ã'â ã â ¾nditiã â ¾n thã â °t uã'â⬠¢uã â °lly beginã'â⬠¢ à â ¾n à â ¾r à â °rã â ¾und the time à â ¾f birt h à â °nd reã'â⬠¢ultã'â⬠¢ in à â ° reduã'â ed à â °bility tã â ¾ underã'â⬠¢tã â °nd new à â °nd Ã'â ã â ¾mã'â⠬lex infã â ¾rmã â °tiã â ¾n à â °nd Ã'â ã ⠾ã'â⠬e indeã'â⠬endently. Research Question: The fundamental research question this paper attempts to address is: Pride in human services for individuals with learning inabilities (LD): Fact or a Farce? Through this inquiry an endeavor is made to: Look at the scope of administrations presently furnished to individuals with learning inabilities. Regardless of whether such administrations are in similarity with the general goals set by the legislature. Regardless of whether there exists any separation or bias between individuals with learning handicaps and the ordinary open in offering such types of assistance. Regardless of whether the cases made by the administration concerning fairness and reasonable treatment of such individuals remain constant. The responses to the above inquiries, as gave through the writing survey will help in deciding if respect in care for individuals with learning incapacities is a reality or a joke. Points and Objectives: The primary point of this examination is to investigate the issues identified with pride in accordance with social insurance of individuals experiencing learning handicaps. The targets include: To investigate the scope of difficulties confronted and issues experienced by individuals experiencing learning incapacities Survey the nature of human services administrations accessible to them Examine the requirement for an extensive and a sweeping human services strategy for such individuals To comprehend and look at the sort of administrations offered and accessible to them To investigate the job of carers, social insurance organizations and other help benefits in improving their status and guaranteeing their prosperity. Morals: The idea of morals has advanced as of late from the unassuming meaning of the term that of regular morals, to its slow change into different branches and sub-types, for example, bio morals, morals identified with human rights and to the later, wellbeing strategy morals. Morals as far as medicinal services alludes to the impartial and reasonable appropriation of assets, advantages and administrations among the individuals, paying little mind to their age, sexual orientation, race, ethnicity, financial foundation or the sort of disease they are enduring with. Value in treatment of diseases, consequently, is an unavoidable and indivisible piece of medicinal services morals. By virtue of developing concerns in regards to the unjust treatment given to individuals with learning handicaps the activities identified with giving sufficient and great quality social insurance have picked up energy. Activists around the world, crusading for the reason for arrangement of satisfactory human services offices for individuals with different handicaps, have effectively pushed for poise in social insurance, particularly towards individuals with learning inabilities. They have requested an exhaustive survey of strategies and standards of human services to guarantee respect of such individuals. (Morrison, 2008). As the development certainly walks towards another thousand years, there is probably going to be an ascent in gathering of supporters crusading for and pushing morals in social insurance with a unique weight on ensuring and guarding human pride. Such a reason which is upheld by scholastic researchers, analysts, human right gatherings and activists the same, must, consequently be paid attention to up and proper strategies are created at the neighborhood, provincial just as national levels to guarantee consistence (Fulford et al, 2002). Morals when all is said in done and in human services specifically, has experienced a significant change from an idea which was at first kept to securing the interests of a person to an undeniable social concern. Subsequently it is inescapable for the medicinal services establishments to think about such an issue while creating procedures and actualizing social insurance arrangements, which includes individuals with learning and other formative incapacities. Undertaking Methods/Methodology: With the end goal of this examination, phenomenological look into procedure is picked, whereby perceptions are made based on information gathered from confided in government sites, for example, the NHS, distributed research reports, clinical diaries, books just as magazines and papers. So as to achieve the exploration targets, an endeavor was made to investigate, examine and look for data identified with subjective examinations which focused on: Evaluating the situation of individuals experiencing learning handicaps. The view of such individuals towards the social insurance offices made accessible by the legislature. The presence of different administrations and its adequacy and tending to the key issues and difficulties looked by such individuals. The requirement for prepared carers and the information which they should have so as to have the option to manage such individuals, in a superior and proficient way. The different snags which might be experienced while managing patients experiencing gaining incapacities directly from discovery to end-of-life care, and so on among others. This exploration depends on the phenomenological inquire about strategy, which contemplates the points of view of different scientists, and research reports distributed by government offices including direct data and records of individuals experiencing learning incapacities. As per Dilthey, (in Rapport, 2004): The journey to see more and better is basically a subjective interest that requires an encounter close to language. It begins with encounters we as of now comprehend and grows and extends these understandings into more extensive and various settings thro
Balancing Identity and Privacy - Growing risks and concerns about Essay
Adjusting Identity and Privacy - Growing dangers and worries about informal organizations. Report - Essay Example Be that as it may, inalienable in such change is the basic need to focus for security of the personality. The time of anonymous business exchanges has went with itself the need to take genuine glance at the personality of an individual. Personality has become a database passage which would now be able to be detached from any physical acknowledgment. It very well may be purchased and sold like a ware and is dependent upon robbery and far reaching abuse. This report will investigate the repercussions of across the board web-based social networking on business and society all in all. Blogging and Tweeting are terms utilized in the realm of online networking and they additionally turning out to be standard to business jargon. Be that as it may, such terms are tip of the internet based life chunk of ice. Organizations like Twitter, Facebook, YouTube and LinkedIn are currently changing the principles of how organizations are getting along business. In 21st century web based life is changing the workplace of the organization. The representatives and bosses are presently rehearsing greater adaptability alongside the capacity to react to such conditions rapidly. For some organizations internet based life is a help which can be utilized to contact huge objective clients in a savvy way. Be that as it may, they are additionally investigating the hazard included like burglary, digital harassing, extortion, maligning and attack of security. Many accept that online life has a corporate worth and is basic to the achievement of promoting endeavors. Numerous senior officials ac cept that there are numerous potential dangers which are included while utilizing online life. As indicated by them the essential dangers incorporate divulgence of restrictive data, obsolete data, recognizable data and misrepresentation (Jagatic, Johnson, Jakobsson and Menczer, 2007, pp. 94-100). The nearness of Social Media has changed the manner in which individuals convey and interface with one another. In any case, the universe of online life has made an entirely different universe of security, protection, licensed innovation, work rehearses and lawful dangers. Protection chance alludes to the procedure
Friday, August 21, 2020
End of Life Issues: Do Not Resuscitate Order Essay
Try not to Resuscitate (DNR) request goes about as a development order that forestalls life sparing mediations, explicitly Cardiopulmonary Resuscitation (CPR), upon quiet solicitation. As indicated by Morton, Hudak and Fontaine (2004), DNR orders are normally being regulated to terminal patients with join assent marked by the patient or agents (if uncouth patients) (p. 95). When the DNR request has been made and marked in a composed record, the emergency clinic arrangements could possibly direct audit inside 24 to 72 hours. As per Morton, Hudak and Fontaine (2004), survey is being done so as to forestall potential blunders or irregularities with respect to the patient or representativeââ¬â¢s condition (95). DNR request is normally mentioned by the proxy/quiet who could conceivably yet be in terminal phase of ailment, or being suggested by human services supplier when no treatment is conceivable or the state of the patient is irreversible. As indicated by Orenstein and Stern (1997), DNR request damages different moral standards, for example, (1) value or giving the most extreme great to the patient, (2) abuses the basic motivation behind human services to spare lives, and (3) estimation of life and potential for endurance (p. 363). The structured reason for medicinal services is to give care, to start proper life-sparing intercessions, and to debilitate each conceivable asset or mediation that can spare a personââ¬â¢s life (Fink, 2004 p. 230). Considering the real components for achieving DNR requests, patient or proxy can totally demand for this under their will and individual judgment; albeit, a few foundations audit this solicitation, the privilege of the patientââ¬â¢s self-governance advances the usage of the request, which inevitably damages the fundamental standard of human services (Lo, 2005 p. 121). In spite of the basic utilization of DNR request, issues exist inside the application and usage of this approach. These issues incorporate (1) unseemly dynamic of most patients mentioning DNR, (2) basically constrains the chance of life sparing mediations or further mitigations of the condition, (3) hinders the viability and effectiveness of careful activities whenever required, (4) expanded frequency of death among DNR patients paying little heed to death possibilities, and (5) expanded wellbeing costs because of longer clinic stays, palliative intercessions and kicking the bucket inside medical clinic premises. Conversation Indeed, even without the affirmation of irreversible condition or real proof that no medicinal services choices exist, the patient is allowed the chance to force DNR arranges in response to popular demand, which in the long run gets damaging in nature and basically challenges the reason for social insurance (Orenstein and Stern, 1997 p. 363). To legitimize the first refered to issue of DNR (I. e. hazardous patient-dynamic for DNR demand), According to Watcher, Goldman and Hollander (2005), most patients who at last get DNR orders are equipped at the hour of affirmation, however not able (e. g. encountering deficiencies in soundness, under disarray, encountering serious agony, and so forth ) when the DNR request is at last composed (p. 123). In the investigation of Haidet, Hamel and Davis et al. (1998), even with doctor or parental conversation of DNR end-of-life care, patients with colorectal disease have put together their choices for the most part with respect to individual instincts of affliction and torment without the thought of potential life sparing treatment of their condition (63%; n=212 of 339 respondents). From these announcements, patients/proxy leaders most normally base the choices of their finish of-life care because of the agony and experienced enduring paying little mind to conceivable clinical intercessions accessible or phase of disease. For the subsequent contention (restricts the chance of life sparing mediations), as indicated by the investigation of Beach and Morrison (2002), the nearness of a DNR request influences the physiciansââ¬â¢ activities and judgment on whether to demand an assortment of medicines not identified with CPR. In the examination, doctors totally consented to start lesser intercessions for patientââ¬â¢s with DNR request than patients who don't have (First test: 4. 2 versus 5. 0, P =. 008; Second test: 6. 5 versus 7. 1, P =. 004; Third Test: 5. 7 versus 6. 2, P =. 037). Related to the following contention (disables the viability and productivity of careful tasks), DNR orders develops hesitance of doctors in giving careful or intrusive strategies. As per Watcher, Goldman and Hollander (2005), general sedation, cognizant sedation and obtrusive techniques can significantly encourage the requirement for formal revival. On the off chance that DNR request is available, careful activity can be exceptionally troublesome and unsafe considering the restrictions put on resuscitative intercessions (p. 123). Thinking about such case, DNR patients who demand of securing medical procedure (e. g. careful tasks for entrail hindrances, help with discomfort, and so forth. ) are confronting basically at-gambled activities. Considering the fourth issue of DNR patients (expanded occurrence of death among DNR patients), in the investigation of Shepardson, Youngner and Speroff (1999) with the populace size of 13,337 continuous stroke affirmations with 22% (n=2898) DNR patients in 30 clinics between 1991 to 1994, unadjusted in-emergency clinic death rates are higher in patients with DNR orders than in patients without orders (40% versus 2%, P < 0. 001). In the interim, the consequences of the examination with balanced chances of death show 33. 9 (95% CI, 27. 4-42. 0). All in all, danger of death is obviously higher among those patients with DNR arranges considerably subsequent to altering the chances of death. Clearly, DNR orders limit potential life-sparing intercessions just as palliative surgeries that can additionally reduce the torment and torment of the patient in the most fitting methods. Concerning the last contention of the paper (expanded wellbeing expenses of DNR patients contrasted with those without), as indicated by the investigation of Maksoud, Jahnigen and Skibinsski (1993), patients biting the dust under DNR arranges significantly increment the medicinal services costs because of (1) longer times of emergency clinic remain, (2) real demise inside the clinic and (3) palliative measures being done to mitigate or if nothing else limit the agony and enduring of the patient all through the procedure. As indicated by the investigation, normal charges for every patient who passed on were $61,215 with $10,631 for those conceded with a DNR request, and $73,055 for the individuals who had a DNR request made in clinic (Maksoud, Jahnigen and Skibinsski, 1993). References Sea shore, M. C. , and Morrison, R. S. (2002, December). The impact of don't revive arranges on doctor dynamic. Diary of American Geriatric Society, 50, 2057-2061. Fink, A. (2004). Assessment Fundamentals: Insights Into the Outcomes, Effectiveness, and Quality of Health Programs. London, New York: SAGE Publishing. Haidet, P. , Hamel, M. B. , and Davis et al. , R. B. (1998, September). Results, inclinations for revival, and doctor quiet correspondence among patients with metastatic colorectal disease. Diary of American Medicine, 105, 222-229. Maksoud, A. , Jahnigen, W. , and Skibinski , C. I. (1993, May). Try not to revive orders and the expense of death. Documents of Internal Medicine, 153, 1249-1253. Morton, P. , Hudak, C. M. , and Fontaine, D. (2004). Basic Care Nursing: A Holistic Approach. New York, U. S. A: Lippincott Williams and Wilkins. Orenstein, D. M. , and Stern, R. C. (1997). Treatment of the Hospitalized Cystic Fibrosis Patient. New York, U. S. An: Informa Health Care. Shepardson, L. B. , Youngner, S. J. , and Speroff, T. (1999, August). Expanded Risk of Death in Patients With Do-Not-Resuscitate Orders. Diary of Medical Care Section, 37, 727-737. Wachter, R. M. , Goldman, L. , and Hollander, H. (2005). Emergency clinic Medicine. New York, U. S. A: Lippincott Williams and Wilkins.
Tuesday, August 4, 2020
Gearing Up For Growth NewOrbits Software Project Management - Focus
Gearing Up For Growth NewOrbits Software Project Management - Focus During times of company growth, itâs essential that teams are able to establish workflows that are scalable, while keeping everyone informed. In this article, software development team NewOrbit shares with us the challenges that have arisen while growing their Agile business. Plus, how theyâve overcome these hurdles in order to grow. NewOrbits Team and Software Project Management Based in South East Oxfordshire, U.K., NewOrbit is a Software Product Partner that provides bespoke services to entrepreneurs. The team covers everything from project planning to product management, all in-house. Since launching in 2006, NewOrbit has grown to a team of 30, featuring product managers, operations professionals, business analysts, developers, and support staff. We had the pleasure of speaking with Matthew Dowding, NewOrbitâs Support Consultant, to hear a little more about how MindMeister is helping the team to plan their growing number of projects, and how theyâre then putting their work into action, using MeisterTask. Using this collaborative workflow, we hear how the team has streamlined their management of three key areas: Software project management Operations and team management External and internal IT support. 1. Delivering Agile Software Projects Collaboratively Even when taking an agile approach to project management, itâs essential for a team to first develop a clear roadmap of each project and its scope. In order to establish their project scope, the NewOrbit team uses their Project Planning mind map template in MindMeister. Staying Agile5 Best Practices in Agile Software Management Download the Free White Paper Mapping Out a New Client Project The teams project planning mind map includes all of the essential elements for effective software project management, including: BOSCARDI checklist (the teams strategic planning process) Project Reporting Project Templates Notes from Project Meetings (Scrum or Kanban) with attendees, agenda outcomes/actions Loose Items. Your browser is not able to display frames. Please visit Client Project on MindMeister. As a result, to structure an initial client project meeting, the team simply duplicates their Client Project template mind map and goes through each listed topic. The process allows the initial project meeting to be more concise, enabling the delivery team to clearly outline the project controls and scope. This also assists ongoing project management by establishing regular project reporting, review and requirement meetings with the client. To use the Project Planning template mind map, simply sign into MindMeister (or sign up free) and maximize the map via the âmap actionsâ icon. Once maximized, click again on the âmap actionsâ icon and choose to clone the map. From there, edit or embellish the topics to make the map suitable for your project! Turning a Product from Concept to Reality Within MindMeister, the discussed project controls can be turned into actionable tasks and assigned to the relevant team member in MeisterTask, where necessary, using the MeisterTask integration functionality: As each project involves many members of the NewOrbit team, including Business Analysts and Operations, Matthew notes that the ease with which team members can on-board themselves to MeisterTask is a huge plus: âWe find MeisterTask is great for cross team tasking from Support to the Development/Delivery team, who primarily use Targetprocess for Feature and User Stories requirements, which the rest of our team either arenât trained in or donât have access to.â As a result, MeisterTask works as the bridge between our different departments, enabling everyone to stay on the same page with a solution that is simple for everyone to use.â Previously there would be a breakdown in communication between those who were trained in Targetprocess and those who werenât, or tasks would sometimes get missed, therefore MeisterTask has enabled NewOrbit to create a bridge between their development team and other project management staff. Managing Micro Projects All in One Place To connect the developers with the rest of the team, NewOrbit has set up a Work Packages Project Board. This Project features all micro projects, which do not warrant their own Project Board but require collaborative input. For example, a commissioned report on a certain issue that could be undertaken single-handedly by Matthew. As the Project is shared, whoever the work package task is assigned to can comment to seek guidance from the developers or other members of staff, via the task commenting features. This way, NewOrbitâs workflow remains collaborative, even when managing small work packages. 2. Managing Operations on a Growing Team With an increasing number of projects, NewOrbit has looked to hire and onboard new staff members to grow and see these projects through. NewOrbitâs Senior Management Team stay on top of this growing team recruitment management by utilising MindMeister and MeisterTask. Mapping Out Company Progress Strategy In order to map out their operational priorities and HR efforts during each company meeting, NewOrbit has developed a Company Meeting template. The map includes details of: Starters Leavers Recap of previous actions Strategic matters Team updates Process Review Training Byte Loose items. The standard agenda is then duplicated and dated for each company meeting: Your browser is not able to display frames. Please visit Company Status Meeting on MindMeister. Matthew shares that with their company meeting template, ânothing is missed during the meetings, as all key points to address are included in the map template.â Productive Team Management with Section Actions Just like their project management workflow, the Operations and Management teams then task up all to-dos in MeisterTask. All meeting tasks are assigned and given due dates at the end of the meeting, ensuring that key decisions are seen through. To make the task delegation process more efficient, NewOrbit has set up a number of Section Actions within MeisterTask. One of these Section Actions automatically assigns tasks to specific team members when the task is dragged and dropped into the linked section. For example, if the Operations team need to order desk supplies for a new hire, the task can be dragged into the Office Supplies section. NewOrbits Office Manager is then assigned the task automatically, meaning theyll be notified of the task and the date it needs to be completed by. In just one drag and drop movement, the Operations team can ensure that the task will be completed before the deadline. 3. Providing High-Quality IT Support for Clients and Internal Staff NewOrbit manages the ongoing success and upkeep of the software solutions they provide, making support a significant area of work. Coordinating this work, Matthew manages support queries and ensures that they get addressed by the relevant people and on time. While also being accountable for all internal IT support, Matthew shares the efficient workflow heâs established for logging and prioritizing support requests. Ensuring a Smooth Project Handover with a Support Knowledge Map Matthewâs workflow begins with the development of a Support Handover mind map. Just like the previous strategies, the mind map is duplicated from his existing Support Handover map template in MindMeister. The mind map features all of the vital information that Matthew should gather from Project Managers during the Support Handover meeting. These include: who the account manager is who the database users will be which email provider is in use for the project which SMS provider is in use for the project contact details of the Project Manager in case of emergency contact details for the client in case of emergency Pingdom details for downtime alerts Any other useful information about the system. Your browser is not able to display frames. Please visit Support Handover Meeting on MindMeister. Once the mind map has been populated with information relevant to the project, Matthew can rest assured that he has all key support information in one place. The map acts as a Knowledge Map for each project and can be shared with other team members who need to look up project logistics. Productive Internal IT Management Before taking on internal IT support, Matthew explained that the NewOrbit developers were being assigned internal IT tasks in a chaotic way. âPreviously, internal staff members would simply walk over to a member of the development team and ask them to fix an IT issue for them on the spot,â Matthew shares. âThese were usually non-urgent requests that would get completed before important, high priority, ongoing project work.â Equally, with internal support requests raised in person, they wouldnt be logged in a task manager first, meaning tasks could be forgotten entirely. To improve this, the team came up with a workflow to record all internal IT issues within the shared MeisterTask Project Board. Team members can now simply create a task for Matthew in the Project Board, meaning the issue is logged and Matthew is notified. This way, Matthew can prioritize the task against other existing tasks such as external support requests while ensuring the internal issue doesnât slip through the gaps. The efficient process means that no request is forgotten and the developers are able to focus on the most urgent tasks at hand. The Result: Efficient Team and Project Management Matthew shares that NewOrbitâs main quest when researching different online mind mapping solutions was to find one that was efficient and affordable. In this, the team found MindMeister, and subsequently MeisterTask: âWe were previously working with another online mind mapping tool that was significantly more expensive. Weâd also experience a lot of downtime, during which weâd lose access to important information, Matthew shares. When we found MindMeister we knew we needed to switch. We were really impressed by how fast it works and the offline capabilities on mobile mean we can plan and manage projects on the move.â When the team discovered that plans made in MindMeister can be converted directly into tasks in MeisterTask, their new workflow was complete: âWe love the integration between mind mapping and tasking. Before, someone would have to interrupt a colleagueâs workflow to request a task in-person, which could potentially be forgotten. Now, we can just log into MeisterTask and communicate details over the tasks, at a time that works for both team members. The whole process saves us a lot of time and this way no tasks get lost along the way.â Staying Agile5 Best Practices in Agile Software Management Download the Free White Paper At MeisterLabs, weâre delighted to hear the positive impact that MindMeister and MeisterTask are having on a growing software business. For more information on NewOrbitâs work and projects, visit the NewOrbit website. If you have a story to share about the impact that MindMeister and MeisterTask have had on your business, weâd love to hear from you. To get in touch about being featured in a success story on our blog, drop Olivia an email at olivia (at) meisterlabs (dot) com Gearing Up For Growth NewOrbits Software Project Management - Focus During times of company growth, itâs essential that teams are able to establish workflows that are scalable, while keeping everyone informed. In this article, software development team NewOrbit shares with us the challenges that have arisen while growing their Agile business. Plus, how theyâve overcome these hurdles in order to grow. NewOrbits Team and Software Project Management Based in South East Oxfordshire, U.K., NewOrbit is a Software Product Partner that provides bespoke services to entrepreneurs. The team covers everything from project planning to product management, all in-house. Since launching in 2006, NewOrbit has grown to a team of 30, featuring product managers, operations professionals, business analysts, developers, and support staff. We had the pleasure of speaking with Matthew Dowding, NewOrbitâs Support Consultant, to hear a little more about how MindMeister is helping the team to plan their growing number of projects, and how theyâre then putting their work into action, using MeisterTask. Using this collaborative workflow, we hear how the team has streamlined their management of three key areas: Software project management Operations and team management External and internal IT support. 1. Delivering Agile Software Projects Collaboratively Even when taking an agile approach to project management, itâs essential for a team to first develop a clear roadmap of each project and its scope. In order to establish their project scope, the NewOrbit team uses their Project Planning mind map template in MindMeister. Staying Agile5 Best Practices in Agile Software Management Download the Free White Paper Mapping Out a New Client Project The teams project planning mind map includes all of the essential elements for effective software project management, including: BOSCARDI checklist (the teams strategic planning process) Project Reporting Project Templates Notes from Project Meetings (Scrum or Kanban) with attendees, agenda outcomes/actions Loose Items. Your browser is not able to display frames. Please visit Client Project on MindMeister. As a result, to structure an initial client project meeting, the team simply duplicates their Client Project template mind map and goes through each listed topic. The process allows the initial project meeting to be more concise, enabling the delivery team to clearly outline the project controls and scope. This also assists ongoing project management by establishing regular project reporting, review and requirement meetings with the client. To use the Project Planning template mind map, simply sign into MindMeister (or sign up free) and maximize the map via the âmap actionsâ icon. Once maximized, click again on the âmap actionsâ icon and choose to clone the map. From there, edit or embellish the topics to make the map suitable for your project! Turning a Product from Concept to Reality Within MindMeister, the discussed project controls can be turned into actionable tasks and assigned to the relevant team member in MeisterTask, where necessary, using the MeisterTask integration functionality: As each project involves many members of the NewOrbit team, including Business Analysts and Operations, Matthew notes that the ease with which team members can on-board themselves to MeisterTask is a huge plus: âWe find MeisterTask is great for cross team tasking from Support to the Development/Delivery team, who primarily use Targetprocess for Feature and User Stories requirements, which the rest of our team either arenât trained in or donât have access to.â As a result, MeisterTask works as the bridge between our different departments, enabling everyone to stay on the same page with a solution that is simple for everyone to use.â Previously there would be a breakdown in communication between those who were trained in Targetprocess and those who werenât, or tasks would sometimes get missed, therefore MeisterTask has enabled NewOrbit to create a bridge between their development team and other project management staff. Managing Micro Projects All in One Place To connect the developers with the rest of the team, NewOrbit has set up a Work Packages Project Board. This Project features all micro projects, which do not warrant their own Project Board but require collaborative input. For example, a commissioned report on a certain issue that could be undertaken single-handedly by Matthew. As the Project is shared, whoever the work package task is assigned to can comment to seek guidance from the developers or other members of staff, via the task commenting features. This way, NewOrbitâs workflow remains collaborative, even when managing small work packages. 2. Managing Operations on a Growing Team With an increasing number of projects, NewOrbit has looked to hire and onboard new staff members to grow and see these projects through. NewOrbitâs Senior Management Team stay on top of this growing team recruitment management by utilising MindMeister and MeisterTask. Mapping Out Company Progress Strategy In order to map out their operational priorities and HR efforts during each company meeting, NewOrbit has developed a Company Meeting template. The map includes details of: Starters Leavers Recap of previous actions Strategic matters Team updates Process Review Training Byte Loose items. The standard agenda is then duplicated and dated for each company meeting: Your browser is not able to display frames. Please visit Company Status Meeting on MindMeister. Matthew shares that with their company meeting template, ânothing is missed during the meetings, as all key points to address are included in the map template.â Productive Team Management with Section Actions Just like their project management workflow, the Operations and Management teams then task up all to-dos in MeisterTask. All meeting tasks are assigned and given due dates at the end of the meeting, ensuring that key decisions are seen through. To make the task delegation process more efficient, NewOrbit has set up a number of Section Actions within MeisterTask. One of these Section Actions automatically assigns tasks to specific team members when the task is dragged and dropped into the linked section. For example, if the Operations team need to order desk supplies for a new hire, the task can be dragged into the Office Supplies section. NewOrbits Office Manager is then assigned the task automatically, meaning theyll be notified of the task and the date it needs to be completed by. In just one drag and drop movement, the Operations team can ensure that the task will be completed before the deadline. 3. Providing High-Quality IT Support for Clients and Internal Staff NewOrbit manages the ongoing success and upkeep of the software solutions they provide, making support a significant area of work. Coordinating this work, Matthew manages support queries and ensures that they get addressed by the relevant people and on time. While also being accountable for all internal IT support, Matthew shares the efficient workflow heâs established for logging and prioritizing support requests. Ensuring a Smooth Project Handover with a Support Knowledge Map Matthewâs workflow begins with the development of a Support Handover mind map. Just like the previous strategies, the mind map is duplicated from his existing Support Handover map template in MindMeister. The mind map features all of the vital information that Matthew should gather from Project Managers during the Support Handover meeting. These include: who the account manager is who the database users will be which email provider is in use for the project which SMS provider is in use for the project contact details of the Project Manager in case of emergency contact details for the client in case of emergency Pingdom details for downtime alerts Any other useful information about the system. Your browser is not able to display frames. Please visit Support Handover Meeting on MindMeister. Once the mind map has been populated with information relevant to the project, Matthew can rest assured that he has all key support information in one place. The map acts as a Knowledge Map for each project and can be shared with other team members who need to look up project logistics. Productive Internal IT Management Before taking on internal IT support, Matthew explained that the NewOrbit developers were being assigned internal IT tasks in a chaotic way. âPreviously, internal staff members would simply walk over to a member of the development team and ask them to fix an IT issue for them on the spot,â Matthew shares. âThese were usually non-urgent requests that would get completed before important, high priority, ongoing project work.â Equally, with internal support requests raised in person, they wouldnt be logged in a task manager first, meaning tasks could be forgotten entirely. To improve this, the team came up with a workflow to record all internal IT issues within the shared MeisterTask Project Board. Team members can now simply create a task for Matthew in the Project Board, meaning the issue is logged and Matthew is notified. This way, Matthew can prioritize the task against other existing tasks such as external support requests while ensuring the internal issue doesnât slip through the gaps. The efficient process means that no request is forgotten and the developers are able to focus on the most urgent tasks at hand. The Result: Efficient Team and Project Management Matthew shares that NewOrbitâs main quest when researching different online mind mapping solutions was to find one that was efficient and affordable. In this, the team found MindMeister, and subsequently MeisterTask: âWe were previously working with another online mind mapping tool that was significantly more expensive. Weâd also experience a lot of downtime, during which weâd lose access to important information, Matthew shares. When we found MindMeister we knew we needed to switch. We were really impressed by how fast it works and the offline capabilities on mobile mean we can plan and manage projects on the move.â When the team discovered that plans made in MindMeister can be converted directly into tasks in MeisterTask, their new workflow was complete: âWe love the integration between mind mapping and tasking. Before, someone would have to interrupt a colleagueâs workflow to request a task in-person, which could potentially be forgotten. Now, we can just log into MeisterTask and communicate details over the tasks, at a time that works for both team members. The whole process saves us a lot of time and this way no tasks get lost along the way.â Staying Agile5 Best Practices in Agile Software Management Download the Free White Paper At MeisterLabs, weâre delighted to hear the positive impact that MindMeister and MeisterTask are having on a growing software business. For more information on NewOrbitâs work and projects, visit the NewOrbit website. If you have a story to share about the impact that MindMeister and MeisterTask have had on your business, weâd love to hear from you. To get in touch about being featured in a success story on our blog, drop Olivia an email at olivia (at) meisterlabs (dot) com
Monday, June 22, 2020
Application Network Security - Free Essay Example
2.0 CHAPTER TWO 2.1 INTRODUCTION The ever increasing need for information technology as a result of globalisation has brought about the need for an application of a better network security system. It is without a doubt that the rate at which computer networks are expanding in this modern time to accommodate higher bandwidth, unique storage demand, and increase number of users can not be over emphasised. As this demand grows on daily bases, so also, are the threats associated with it. Some of which are, virus attacks, worm attacks, denial of services or distributed denial of service attack etc. Having this in mind then call for swift security measures to address these threats in order to protect data reliability, integrity, availability and other needed network resources across the network. Generally, network security can simply be described as a way of protecting the integrity of a network by making sure authorised access or threats of any form are restricted from accessing valuable information. As network architecture begins to expand, tackling the issue of security is becomes more and more complex to handle, therefore keeping network administrators on their toes to guard against any possible attacks that occurs on daily basis. Some of the malicious attacks are viruses and worm attacks, denial of service attacks, IP spoofing, cracking password, Domain Name Server (DNS) poisoning etc. As an effort to combat these threats, many security elements have been desig ned to tackle these attacks on the network. Some of which includes, firewall, Virtual Private Network (VPN), Encryption and Decryption, Cryptography, Internet Protocol Security (IPSec), Data Encryption Standard (3DES), Demilitarised Zone, (DMZ), Secure Shell Layer (SSL) etc. This chapter starts by briefly discussing Internet Protocol (IP), Transmission Control Protocol (TCP), User datagram Protocol (UDP), Internet Control Message Protocol (ICMP), then discussed the Open system interconnection (OSI) model and the protocols that operate at each layer of the model, network security elements, followed by the background of firewall, types and features of firewalls and lastly, network security tools. 2.2 A BRIEF DESCRIPTION OF TCP, IP, UDP AND ICMP 2.2.1 DEFINITION Going by the tremendous achievement of the World Wide Web (internet), a global communication standard with the aim of building interconnection of networks over heterogeneous network is known as the TCP/IP protocol suit e was designed (Dunkels 2003; Global Knowledge 2007; Parziale et al 2006). The TCP/IP protocol suite is the core rule used for applications transfer such as File transfers, E-Mail traffics, web pages transfer between hosts across the heterogeneous networks (Dunkels 2003; Parziale et al 2006). Therefore, it becomes necessary for a network administrator to have a good understanding of TCP/IP when configuring firewalls, as most of the policies are set to protect the internal network from possible attacks that uses the TCP/IP protocols for communication (Noonan and Dobrawsky 2006). Many incidents of network attacks are as a result of improper configuration and poor implementation TCP/IP protocols, services and applications. TCP/IP make use of protocols such as TCP, UDP, IP, ICMP etc to define rules of how communication over the network takes place (Noonan and Dobrawsky 2006). Before these protocols are discussed, this thesis briefly looks into the theoretical Open Systems Intercon nection (OSI) model (Simoneau 2006). 2.2.2 THE OSI MODEL The OSI model is a standardised layered model defined by International Organization for Standardization (ISO) for network communication which simplifies network communication to seven separate layers, with each individual layer having it own unique functions that support immediate layer above it and at same time offering services to its immediate layer below it (Parziale et al 2006; Simoneau 2006). The seven layers are Application, Presentation, Session Transport, Network, Data, Link and Physical layer. The first three lower layers (Network, Data, Link and Physical layer) are basically hardware implementations while the last four upper layers (Application, Presentation, Session and Transport) are software implementations. Application Layer This is the end user operating interface that support file transfer, web browsing, electronic mail etc. This layer allows user interaction with the system. Presentation Layer This layer is responsible for formatting the data to be sent across the network which enables the application to understand the message been sent and in addition it is responsible for message encryption and decryption for security purposes. Session Layer This layer is responsible for dialog and session control functions between systems. Transport layer This layer provides end-to-end communication which could be reliable or unreliable between end devices across the network. The two mostly used protocols in this layer are TCP and UDP. Network Layer This layer is also known as logical layer and is responsible for logical addressing for packet delivery services. The protocol used in this layer is the IP. Data Link Layer This layer is responsible for framing of units of information, error checking and physical addressing. Physical Layer This layer defines transmission medium requirements, connectors and responsible for the transmission of bits on the physical hardware (Parziale et al 2006; Simoneau 2006). 2.2.3 INTERNET PROTOCOL (IP) IP is a connectionless protocol designed to deliver data hosts across the network. IP data delivery is unreliable therefore depend on upper layer protocol such as TCP or lower layer protocols like IEEE 802.2 and IEEE802.3 for reliable data delivery between hosts on the network.(Noonan and Dobrawsky 2006) 2.2.4 TRANSMISSION CONTROL PROTOCOL (TCP) TCP is a standard protocol which is connection-oriented transport mechanism that operates at the transport layer of OSI model. It is described by the Request for Comment (RFC) 793. TCP solves the unreliability problem of the network layer protocol (IP) by making sure packets are reliably and accurately transmitted, errors are recovered and efficiently monitors flow control between hosts across the network. (Abie 2000; Noonan and Do brawsky 2006; Simoneau 2006). The primary objective of TCP is to create session between hosts on the network and this process is carried out by what is called TCP three-way handshake. When using TCP for data transmission between hosts, the sending host will first of all send a synchronise (SYN) segment to the receiving host which is first step in the handshake. The receiving host on receiving the SYN segment reply with an acknowledgement (ACK) and with its own SYN segment and this form the second part of the handshake. The final step of the handshake is then completed by the sending host responding with its own ACK segment to acknowledge the acceptance of the SYN/ACK. Once this process is completed, the hosts then established a virtual circuit between themselves through which the data will be transferred (Noonan and Dobrawsky 2006). As good as the three ways handshake of the TCP is, it also has its short comings. The most common one being the SYN flood attack. This form of attack occurs when the destination host such as the Server is flooded with a SYN session request without receiving any ACK reply from the source host (malicious host) that initiated a SYN session. The result of this action causes DOS attack as destination host buffer will get to a point it can no longer take any request from legitimate hosts but have no other choice than to drop such session request (Noonan and Dobrawsky 2006). 2.2.5 USER DATAGRAM PROTOCOL (UDP) UDP unlike the TCP is a standard connectionless transport mechanism that operates at the transport layer of OSI model. It is described by the Request for Comment (RFC) 768 (Noonan and Dobrawsky 2006; Simoneau 2006). When using UDP to transfer packets between hosts, session initiation, retransmission of lost or damaged packets and acknowledgement are omitted therefore, 100 percent packet delivery is not guaranteed (Sundararajan et al 2006; Postel 1980). UDP is designed with low over head as it does not involve initiation of s ession between hosts before data transmission starts. This protocol is best suite for small data transmission (Noonan and Dobrawsky 2006). 2.2.6 INTERNET CONTROL MESSAGE PROTOCOL (ICMP). ICMP is primarily designed to identify and report routing error, delivery failures and delays on the network. This protocol can only be used to report errors and can not be used to make any correction on the identified errors but depend on routing protocols or reliable protocols like the TCP to handle the error detected (Noonan and Dobrawsky 2006; Dunkels 2003). ICMP makes use of the echo mechanism called Ping command. This command is used to check if the host is replying to network traffic or not (Noonan and Dobrawsky 2006; Dunkels 2003). 2.3 OTHER NETWORK SECURITY ELEMENTS. 2.3.1 VIRTUAL PRIVATE NETWORK (VPN) VPN is one of the network security elements that make use of the public network infrastructure to securely maintain confidentiality of information transfer between hosts over t he public network (Bou 2007). VPN provides this security features by making use of encryption and Tunneling technique to protect such information and it can be configured to support at least three models which are Remote- access connection. Site-to-site ( branch offices to the headquarters) Local area network internetworking (Extranet connection of companies with their business partners) (Bou 2007). 2.3.2 VPN TECHNOLOGY VPN make use of many standard protocols to implement the data authentication (identification of trusted parties) and encryption (scrambling of data) when making use of the public network to transfer data. These protocols include: Point-to-Point Tunneling Protocol PPTP [RFC2637] Secure Shell Layer Protocol (SSL) [RFC 2246] Internet Protocol Security (IPSec) [RFC 2401] Layer 2 Tunneling Protocol (L2TP) [RFC2661] 2.3.2.1 POINT-TO-POINT TUNNELING PROTOCOL [PPTP] The design of PPTP provides a secure means of transferring data over the public infrastructure with authentication and encryption support between hosts on the network. This protocol operates at the data link layer of the OSI model and it basically relies on user identification (ID) and password authentication for its security. PPTP did not eliminate Point-to-Point Protocol, but rather describes better way of Tunneling PPP traffic by using Generic Routing Encapsulation (GRE) (Bou 2007; Microsoft 1999; Schneier and Mudge 1998). 2.3.2.2 LAYER 2 TUNNELING PROTOCOL [L2TP] The L2TP is a connection-oriented protocol standard defined by the RFC 2661which merged the best features of PPTP and Layer 2 forwarding (L2F) protocol to create the new standard (L2TP) (Bou 2007; Townsley et al 1999). Just like the PPTP, the L2TP operates at the layer 2 of the OSI model. Tunneling in L2TP is achieved through series of data encapsulation of the different levels layer protocols. Examples are UDP, IPSec, IP, and Data-Link layer protocol but the data encryption for the tunnel is provided by the IPSec (Bou 2007; Townsley et al 1999). 2.3.2.3 INTERNET PROTOCOL SECURITY (IPSEC) [RFC 2401] IPSec is a standard protocol defined by the RFC 2401 which is designed to protect the payload of an IP packet and the paths between hosts, security gateways (routers and firewalls), or between security gateway and host over the unprotected network (Bou 2007; Kent and Atkinson 1998). IPSec operate at network layer of the OSI model. Some of the security services it provides are, authentication, connectionless integrity, encryption, access control, data origin, rejection of replayed packets, etc (Kent and Atkinson 1998). 2.3.3.4 SECURE SOCKET LAYER (SSL) [RFC 2246] SSL is a standard protocol defined by the RFC 2246 which is designed to provide secure communication tunnel between hosts by encrypting hosts communication over the network, to ensure packets confidentiality, integrity and proper hosts authentication, in order to eliminate eavesdropping attacks on the network (Homin et al 2007; Oppliger et al 2008). SSL makes use of security elements such as digital certificate, cryptography and certificates to enforce security measures over the network. SSL is a transport layer security protocol that runs on top of the TCP/IP which manage transport and routing of packets across the network. Also SSL is deployed at the application layer OSI model to ensure hosts authentication (Homin et al 2007; Oppliger et al 2008; Dierks and Allen 1999). 2.4 FIREWALL BACKGROUND The concept of network firewall is to prevent unauthorised packets from gaining entry into a network by filtering all packets that are coming into such network. The word firewall was not originally a computer security vocabulary, but was initially used to illustrate a wall which could be brick or mortar built to restrain fire from spreading from one part of a building to the other or to reduce the spread of the fire in the building giving some time for remedial actions to be taken (Komar et al 2003). 2.4.1BRIEF HISTORY OF FIREWALL Firewall as used in computing is dated as far back as the late 1980s, but the first set of firewalls came into light sometime in 1985, which was produced by a Ciscos Internet work Operating System (IOS) division called packet filter firewall (Cisco System 2004). In 1988, Jeff Mogul from DEC (Digital Equipment Corporation) published the first paper on firewall. Between 1989 and 1990, two workers of the ATT Bell laboratories Howard Trickey and Dave Persotto initiated the second generation firewall technology with their study in circuit relays called Circuit level firewall. Also, the two scientists implemented the first working model of the third generation firewall design called Application layer firewalls. Sadly enough, there was no published documents explaining their work and no product was release d to support their work. Around the same year (1990-1991), different papers on the third generation firewalls were published by researchers. But among them, Marcus Ranums work received the most attention in 1991 and took the form of bastion hosts running proxy services. Ranums work quickly evolved into the first commercial productââ¬âDigital Equipment Corporations SEAL product (Cisco System 2004). About the same year, work started on the fourth generation firewall called Dynamic packet filtering and was not operational until 1994 when Check Point Software rolled out a complete working model of the fourth generation firewall architecture. In 1996, plans began on the fifth generation firewall design called the Kernel Proxy architecture and became reality in 1997 when Cisco released the Cisco Centri Firewall which was the first Proxy firewall produced for commercial use (Cisco System 2004). Since then many vendor have designed and implemented various forms of firewall both in hardware and software and till date, research works is on going in improving firewalls architecture to meet up with ever increasing challenges of network security. 2.5 DEFINITION According to the British computer society (2008), Firewalls are defence mechanisms that can be implemented in either hardware or software, and serve to prevent unauthorized access to computers and networks. Similarly, Subrata, et al (2006) defined firewall as a combination of hardware and software used to implement a security policy governing the flow of network traffic between two or more networks. The concept of firewall in computer systems security is similar to firewall built within a building but differ in their functions. While the latter is purposely designed for only one task which is fire prevention in a building, computer system firewall is designed to prevent more than one threat (Komar et al 2003).This includes the following Denial Of Service Attacks (DoS) Virus attacks Worm attack. Hacking attacks etc 2.5.1 DENIAL OF SERVICE ATTACKS (DOS) ââ¬Å"Countering DoS attacks on web servers has become a very challenging problemâ⬠(Srivatsa et al 2006). This is an attack that is aimed at denying legitimate packets to access network resources. The attacker achieved this by running a program that floods the network, making network resources such as main memory, network bandwidth, hard disk space, unavailable for legitimate packets. SYN attack is a good example of DOS attacks, but can be prevented by implementing good firewall polices for the secured network. A detailed firewall policy (iptables) is presented in chapter three of this thesis. 2.5.2 VIRUS AND WORM ATTACKS Viruses and worms attacks are big security problem which can become pandemic in a twinkle of an eye resulting to possible huge loss of information or system damage (Ford et al 2005; Cisco System 2004). These two forms of attacks can be programs designed to open up systems to allow information theft or programs that regenerate themselves once they gets into the system until they crashes the system and some could be programmed to generate programs that floods the network leading to DOS attacks. Therefore, security tools that can proactively detect possible attacks are required to secure the network. One of such tools is a firewall with good security policy configuration (Cisco System 2004). Generally speaking, any kind of firewall implementation will basically perform the following task. Manage and control network traffic. Authenticate access Act as an intermediary Make internal recourses available Record and report event 2.5.3 MANAGE AND CONTROL NETWORK TRAFFIC. The first process undertaken by firewalls is to secure a computer networks by checking all the traffic coming into and leaving the networks. This is achieved by stopping and analysing packet Source IP address, Source port, Destination IP address, Destination port, IP protocol Packet header information etc. in order decide on what action to take on such packets either to accept or reject the packet. This action is called packet filtering and it depends on the firewall configuration. Likewise the firewall can also make use of the connections between TCP/IP hosts to establish communication between them for identification and to state the way they will communicate with each other to decide which connection should be permitted or discarded. This is achieved by maintaining the state table used to check the state of all the packets passing through the firewall. This is called stateful inspection (Noonan and Dobrawsky 2006). 2.5.4 AUTHENTICAT E ACCESS When firewalls inspects and analyses packets Source IP address, Source port, Destination IP address, Destination port, IP protocol Packet header information etc, and probably filters it based on the specified security procedure defined, it does not guarantee that the communication between the source host and destination host will be authorised in that, hackers can manage to spoof IP address and port action which defeats the inspection and analysis based on IP and port screening. To tackle this pit fall over the network, an authentication rule is implemented in firewall using a number of means such as, the use of username and password (xauth), certificate and public keys and pre-shared keys (PSKs).In using the xauth authentication method, the firewall will request for the source host that is trying to initiate a connection with the host on the protected network for its username and password before it will allow connection between the protected network and the source host to be established. Once the connection is been confirmed and authorised by the security procedure defined, the source host need not to authenticate itself to make connection again (Noonan and Dobrawsky 2006). The second method is using certificates and public keys. The advantage of this method over xauth is that verification can take place without source host intervention having to supply its username and password for authentication. Implementation of Certificates and public keys requires proper hosts (protected network and the source host) configuration with certificates and firewall and making sure that protected network and the source host use a public key infrastructure that is properly configured. This security method is best for big network design (Noonan and Dobrawsky 2006). Another good way of dealing with authentication issues with firewalls is by using pre-shared keys (PSKs). The implementation of PSKs is easy compare to the certificates and public keys although, aut hentication still occur without the source host intervention its make use of an additional feature which is providing the host with a predetermined key that is used for the verification procedure (Noonan and Dobrawsky 2006). 2.5.5 ACT AS AN INTERMEDIARY When firewalls are configured to serve as an intermediary between a protected host and external host, they simply function as application proxy. The firewalls in this setup are configured to impersonate the protected host such that all packets destined for the protected host from the external host are delivered to the firewall which appears to the external host as the protected host. Once the firewalls receive the packets, they inspect the packet to determine if the packet is valid (e.g. genuine HTTT packet) or not before forwarding to the protected host. This firewall design totally blocks direct communication between the hosts. 2.5.6 RECORD AND REPORT EVENTS While it is good practise to put strong security policies in p lace to secure network, it is equally important to record firewalls events. Using firewalls to record and report events is a technique that can help to investigate what kind of attack took place in situations where firewalls are unable to stop malicious packets that violate the access control policy of the protected network. Recording this event gives the network administrator a clear understanding of the attack and at the same time, to make use of the recorded events to troubleshoot the problem that as taken place. To record these events, network administrators makes use of different methods but syslog or proprietary logging format are mostly used for firewalls. However, some malicious events need to be reported quickly so that immediate action can be taken before serious damage is done to the protected network. Therefore firewalls also need an alarming mechanism in addition to the syslog or proprietary logging format when ever access control policy of the protected network is viol ated. Some types of alarm supported by firewalls include Console notification, Simple Network Management Protocol (SNMP), Paging notification, E-mail notification etc (Noonan and Dobrawsky 2006). Console notification is a warning massage that is presented to the firewall console. The problem with this method of alarm is that, the console needs to be monitored by the network administrator at all times so that necessary action can be taken when an alarm is generated. Simple Network Management Protocol (SNMP) notification is implemented to create traps which are transferred to the network management system (NMS) monitoring the firewall. Paging notification is setup on the firewall to deliver a page to the network administrator whenever the firewall encounters any event. The message could be an alphanumeric or numeric depending on how the firewall is setup. E-mail notification is similar to paging notification, but in this case, the firewall send an email instead to proper address. 2.6 TYPES OF FIREWALLS Going by firewall definition, firewalls are expected to perform some key functions like, Application Proxy, Network Translation Address, and Packet filtering. 2.6.1 APPLICATION PROXY This is also known as Application Gateway, and it acts as a connection agent between protected network and the external network. Basically, the application proxy is a host on the protected network that is setup as proxy server. Just as the name implies, application proxy function at the application layer of the Open System Interconnection (OSI) model and makes sure that all application requests from the secured network is communicated to the external network through the proxy server and no packets passes through from to external network to the secured network until the proxy checks and confirms inbound packets. This firewall support different types of protocols such as a Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP) and Simple Mail Transport Protocol ( SMTP) (Noonan and Dobrawsky 2006; NetContinuum 2006). 2.6.2 NETWORK ADDRESS (NAT) NAT alter the IP addresses of hosts packets by hiding the genuine IP addresses of secured network hosts and dynamically replacing them with a different IP addresses (Cisco System 2008; Walberg 2007). When request packets are sent from the secured host through the gateway to an external host, the source host address is modified to a different IP address by NAT.à When the reply packets arrives at the gateway, the NAT then replaces the modified address with genuine host address before forwarding it to the host (Walberg 2007).The role played by NAT in a secured network system makes it uneasy for unauthorized access to know: The number of hosts available in the protected network The topology of the network The operating systems the host is running The type of host machine (Cisco System 2008). 2.6.3 PACKET FILTERING. ââ¬Å"Firewalls and IPSec gateways have become major components in the current high speed Internet infrastructure to filter out undesired traffic and protect the integrity and confidentiality of critical trafficâ⬠(Hamed and Al-Shaer 2006). Packet filtering is based on the lay down security rule defined for any network or system. Filtering traffic over the network is big task that involves comprehensive understanding of the network on which it will be setup. This defined policy must always be updated in order to handle the possible network attacks (Hamed and Al-Shaer 2006). 2.6.4 INSTRUCTION DETECTION SYSTEMS. Network penetration attacks are now on the increase as valuable information is being stolen or damaged by the attacker. Many security products have been developed to combat these attacks. Two of such products are Intrusion Prevention systems (IPS) and Intrusion Detection Systems (IDS). IDS are software designed to purposely monitor an d analysed all the activities (network traffic) on the network for any suspicious threats that may violate the defined network security policies (Scarfone and Mell 2007; Vignam et al 2003). There are varieties of methods IDS uses to detect threats on the network, two of them are, anomaly based IDS, and signature based IDS. 2.6.4.1 ANOMALY BASED IDS Anomaly based IDS is setup to monitor and compare network events against what is defined to be normal network activities which is represented by a profile, in order to detect any deviation from the defined normal events. Some of the events are, comparing the type of bandwidth used, the type of protocols etc and once the IDS identifies any deviation in any of this events, it notifies the network administrator who then take necessary action to stop the intended attack (Scarfone and Mell 2007). 2.6.4.2 SIGNATURE BASED IDS Signature based IDS are designed to monitor and compare packets on the network against the signature database of known malicious attacks or threats. This type of IDS is efficient at identifying already known threats but ineffective at identifying new threats which are not currently defined in the signature database, therefore giving way to network attacks (Scarfone and Mell 2007). 2.6.5 INTRUSION PREVENTION SYSTEMS (IPS). IPS are proactive security products which can be software or hardware used to identify malicious packets and also to prevent such packets from gaining entry in the networks (Ierace et al 2005, Botwicz et al 2006). IPS is another form of firewall which is basically designed to detect irregularity in regular network traffic and likewise to stop possible network attacks such as Denial of service attacks. They are capable of dropping malicious packets and disconnecting any connection suspected to be illegal before such traffic get to the protected host. Just like a typical firewall, IPS makes use of define rules in the system setup to determine the action to take on any traffic and this could be to allow or block the traffic. IPS makes use of stateful packet analysis to protect the network. Similarly, IPS is capable of performing signature matching, application protocol validation etc as a means of detecting attacks on the network (Ierace et al 2005). As good as IPS are, they also have their downsides as well. One of it is the problem of false positive and false negative. False positive is a situation where legitimate traffic is been identified to be malicious and thereby resulting to the IPS blocking such traffic on the network. False negative on the other hand is when malicious traffic is be identified by the IPS as legitimate traffic thereby allowing such traffic to pass through the IPS to the protected network (Ierace N et al 2005). 2.7 SOFTWARE AND HARDWARE FIREWALLS 2.7.1 SOFTWARE FIREWALLS Software-based firewalls are computers installed software for filtering packets (Permpootanalarp and Rujimethabhas 2001). These are programs set up either on personal computers or on network servers (Web servers and Email severs) operating system. Once the software is installed and proper security polices are defined, the systems (personal computers or servers) assume the role of a firewall. Software firewalls are second line of defence after hardware firewalls in situations where both are used for network security. Also software firewalls can be installed on different operating system such as, Windows Operating Systems, Mac operating system, Novel Netware, Linux Kernel, and UNIX Kernel etc. The function of these firewalls is, filtering distorted network traffic. There are several software firewall some of which include, Online Armor firewall, McAfee Personal Firewall, Zone Alarm, Norton Personal Firewall, Black Ice Defender, Sygate Personal Firewall, Panda Firewall, The DoorStop X Firewall etc (Lugo Parker 2005). When designing a software firewall two keys things are considered. These are, per-packet filtering and a per- process filtering. The pre-packet filter is design to search for distorted packets, port scan detection and checking if the packets are accepted into the protocol stack. In the same vein, pre-process filter is the designed to check if a process is allowed to begin a connection to the secured network or not (Lugo and Parker 2005). It should be noted that there are different implantations of all Firewalls. While some are built into the operating system others are add-ons. Examples of built-in firewalls are windows based firewall and Linux based. 2.7.2 WINDOWS OPERATING SYSTEM BASED FIREWALL. In operating system design, security features is one important aspect that is greatly considered. This is a challenge the software giant (Microsoft) as always made sure they implement is their products. In the software industry, Microsoft Windows operating system as grown tremendously both in design and functionality over decades. As new version of the product is released, additional feature s are added and the defects in the previous version are been corrected to improve the performance of the new product. One of such improvement is the implementation of windows firewall with Service Pack 2 (SP2) in XP and Windows Server 2003 with Service Pack 1 surrogate for Internet Connection Firewall (ICF) (Microsoft Corporation 2005). Windows firewall is a stateful connection management and can be configured for specific traffic on the network. The following are features of Windows Firewall in XP SP2. Windows Firewall in XP SP2 is a global setup which apply to any kind of connection It has a new mode of operation Group policy settings configuration IPv4 scoping for all Incoming traffic Excepted traffic can be specified by program filename It has in Built support for IPv6 Windows Firewall in XP SP2 is enabled by default to all connections of the system New Windows Firewall component of Control Panel (Microsoft Corporation 2005). Similarly, Windows Firewall with Advanced Security is another windows based firewall introduced into Windows Vista OS which is a layered security model. This firewall is derived from the integration of Internet Protocol Security (IPsec) and Windows Firewall configuration setup to form a single Microsoft Management Console (MMC). Unlike the previous versions of windows firewalls that block only inbound traffic, Windows Firewall with Advanced Security provides end to end packet filtering on the network by blocking malicious network packets coming in and going out of the protected network (Microsoft 2006). 2.7.3 THE FLAWS IN WINDOWS FIREWALL Without any doubt, Microsoft as done a lot of work in the area of security to make sure that users are protected from possible attacks, by continually making patches available to update their products. But one thing that should be noted about windows OS is, it is not primarily designed for security threats as security is just a fraction of t he entire functionality of the product, therefore, making the product vulnerable to attacks. Research works as shown that, it is always better to install dedicated firewall application that is solely responsible for analysing and filtering packets rather than depending on all in one windows OS for protection. The following are some of the flaws in windows based Firewalls [ ]. Windows based firewall in XP unlike Vista does not inspect outbound packets and likewise can not protect against Trojans. Windows based firewall can not protect against e-mail containing threats such as worms when it been accessed. Windows firewall can efficiently filter inbound traffic but lacks the utility to detect DOS attacks. If a system already has a virus before the windows firewall is configured, the firewall can neither detect nor remove the virus (Microsoft Corporation 2005). 2.8 LINUX BASED FIREWALL ââ¬Å"Since its birth in 1991â⬠(SUSE LINUX 2004), Linux operating system (OS) has made a land mark over the years. Linux is an open source OS that is secure, scalable, flexible, stable, and can be implemented on all different platforms and in most cases, Linux distributions (SUSE, Debian, Red Hat, Centos, Fedora Core, etc.) are free, expect for few which requires users to pay. Presently, Linux is gaining more acceptances in corporate data centres and from users who are beginning to discover the features which the OS offers (Cisco System 2004) All Linux OS distributions package comes with built-in firewall that can be configured when installing the OS. The implementation of firewall in Linux OS is cheap in that most of the distributions are free and it requires little hardware configuration. The implementation of firewall in Linux started with ipfw code an idea taken from Berkeley Software Distribution (BSD) of UNIX. As security demand increases , more security features is required by the firewall to protect the system against possible attacks which the ipfw could not provide. Therefore, ipfwadm utility was developed to complement ipfw code. Both ipfwadm utility and ipfw code were implemented in the Linux kernels 1.0 series and provided significant flexibility by allowing the administrator to do the following (Noonan and Dobrawsky 2006). To setup, TCP ACK, and TCP SYN handshake To add additional rules automatically in situations where named hosts IP address is more than one. To setup reliable accounting system by listing and resetting the packet counter To modify the default policies setup for firewall To state the address of the interface and name for the rules IP address masquerading To list existing rules in number of formats (Noonan and Dobrawsky 2006). The release of new version of Linux brought about improvements in the existing filter that was implemented in the Linux 1.0 series. This upgrade is known as ipchains and was implemented in Linux 2.2. The ipchains firewalls are upgrade of the ipfwadm and ipfw code firewalls. The Ipchains setup allow TCP traffic with ACK bit which is set to permit return traffic from a remote server into the protected network (Noonan and Dobrawsky 2006). But there is a problem with this type of filtering technique reason been that, this firewall depend on the transmitted packet to determine if it is part of the established connection or not. This technique makes the whole system vulnerable to attacks, as transmitted packets can be imitated thereby rendering the firewall useless. This pitfall in ipchains based firewall was improved upon in the later version of Linux kernel (Linux 2.4 kernel) known as NetFilter or iptables. NetFilter is a stateful firewall unlike the ipchains, having better filtering a nd logging capabilities [ ]. The features of Netfilter includes, ââ¬Å"stateless packet filtering (IPv4 and IPv6) stateful packet filtering (IPv4 and IPv6) all kinds of network address and port translation, e.g. NAT/NAPT (IPv4 only) flexible and extensible infrastructure multiple layers of APIs for 3rd party extensions large number of plugins/modules kept in psatch-o-matic repositoryâ⬠(Netfilter 2007). 2.9 HARDWARE FIREWALL Hardware firewalls are physical devices with which specific program (proprietary standard software) is integrated to provide firewall operations. Hardware firewalls are routers which are capable of filtering packets (Permpootanalarp and Rujimethabhas 2001). These devices do not need separate program installation other than the one already integrated in the devices. However, these devices require some form configuration in defining the right polices to secure any network. Hardware firewalls are the first point of defence to any secure network and they seat in between protected network and the external system or network. In situations were both hardware firewalls and software firewalls are used together to secure the network, the hardware firewalls can be configured such that they filter out the incoming packets from the external source while the software firewalls are setup to inspect the network packets. There are many vendors designing and manufacturing these products (hardware firewalls). Four of them with their products are as follows. 2.9.1 UTM-1 TOTAL SECURITY This device offer a complete set of security features including firewall, intrusion prevention, antivirus, anti-spy ware, messaging security, Web application firewall, VoIP security, instant messaging (IM) and peer-to-peer (P2P) blocking, Web filtering, as well as secure site-to-site and remote access connectivity (Check Point software technologies ltd. 2008). 2.9.2 CISCO ASA 5500 SERIES ADAPTIVE SECURITY APPLIANCES The Cisco ASA 5500 Series Adaptive Security Appliances are the latest security solutions from Cisco that integrate firewall, Unified Communications (voice/video) security, SSL and IPsec VPN, intrusion prevention (IPS), and content security services in a flexible, modular product family. These products are designed to provide intelligent threat defence and secure communications services that stop attacks before they impact network operations and to protect networks of all sizes (Cisco systems 2007). 2.9.3 SIDEWINDER APPLIANCE Sidewinder is a multi-function firewall appliance by Secure Computing that delivers true enterprise-class features and performance. This device has a multi-gigabit performance capabilities and hardware monitoring and redundancy features which allow its multiple security functions to run simultaneously, including its multi-layer firewall, Trusted Source reputation services, anti-virus, anti-spyware, anti-spam, URL filtering or blocking, VPN encryption services, and more (Secure computing 2008). 2.9.4 SONICWALL NETWORK SECURITY APPLIANCE The SonicWALLs network security appliance can be configured and customized with an expanding array of security services into a solutionà that will integrate seamlessly into any network while providing complete protection. Every appliance is capable of integrating support for gateway anti-spyware, antivirus, intrusion prevention, content filtering, wireless se curity and more. Likewise, it utilises encryption technology and deep packet inspection to provide secure VPN connectivity to an array of deployments including site-to-site, and continually monitoring each connection to deliver instant and automatic protection against transmitted threats, ensuring each connection is as reliable as possible (Sonicwall 2008). 2.10 NETWORK SECURITY TOOLS Network security tools can be classified into different categories based on the function they perform. Three of such categetgories include; network troubleshooting tools (Packet analysis tools), security test tools, logging and logging analysis tools. 2.10.1 NETWORK TROUBLESHOOTING TOOLS One of the network troubleshooting tools are the Packet-analysis tools which are security tools used in a network setup to monitor all communication activities between hosts in order know how hosts interact with each other likewise, to detect and identify network-based problems and communications errors (No onan and Dobrawsky 2006). Packet-analysis tools are also known as Packet sniffers. Packet-analysis tools are designed to decode the traffic flowing through the network to a readable format (plaintext). There are different types of packet analysis tools, but the common ones are, Ethereal, Microsoft Network Monitor and TCPDump (Noonan and Dobrawsky 2006; Davis D 2006). 2.10.1.1 ETHEREAL This is an open source Packet-analysis tool that is designed for analysis and troubleshooting of traffic between hosts. It can be implemented on different types of OS (windows OS, Linux or Unix kernel, Mac OS X) having the same interface and functionality across the this different platform of the OS. Ethereal is a graphical user interface tool that is probably easy to use, as it works by decoding the information on the network to a readable text format which is easy to understand for the network administrator (Davis D (2006). Ethereal make use of three window panes to display result of the analys is in real time. They are panes are; The first pane is the top pane which display the list of packets The second one is the middle pane which display packet details The third one is the bottom pane that displays the packet bytes (Noonan and Dobrawsky 2006). 2.10.1.2 MICROSOFT NETWORK MONITOR. Microsoft Network Monitor is a window based tool designed to monitor, manage and troubleshoot hosts on the network running windows OS. Microsoft Network Monitor is not different from Ethereal as both perform the same function. The only difference between the two is that, unlike Ethereal, Microsoft Network Monitor can not simultaneously captured and display packets in real time but can only do one thing at a time (Noonan and Dobrawsky 2006). 2.10.1.3 TCPDUMP TCPDump is another open source packet analysis tool used by the network administrators to troubleshoot the network, debug network traffic, capture packet from the network, decipher the bits and pieces, and display them in a semi-coherent fashion (Fuentes F and Kar 2005). TCPDump can be implemented in Linux or UNIX and in Window OS (WinDump). A good understanding of TCPDump will aid the learning of other packet analysis tools. One of such is Ethereal that uses the same syntax for packe t filtering with TCPDump (Fuentes F and Kar 2005). To use TCPDump in Linux or UNIX environment requires administrative privilege (root) to run the tool (Noonan and Dobrawsky 2006). 2.10.2 NETWORK SECURITY TOOLS One of the good qualities of a network security setup is, the ability of such network to have logs that can accurately and comprehensively monitor and record all the events that are taking place in order to give the network administrator a clear understanding of what actually happened at a particular point in time on the network and the required action to take. Logs are designed to serve different tasks such as, Troubleshooting system application problems Gives early warning notification of system abuse. In the case of a system crash logs provides helpful forensic information (Yamanishi K and Maruyama Y 2005). A tool that is capable of performing these tasks is the syslog. 2.10.2.1 SYSLOG Syslog is a security utility designed to monitor and record system events across the network. They are used to address issues like network performance, network failure, system crash, record alteration in system configuration etc (Yamanishi K and Maruyama Y (2005)). 2.10.3 NETWORK SECURITY TESTING While it is a good thing to secure the network by configuring the appropriate tools with aim of preventing unauthorised access into the network. The question then is how secure is the network? To address is doubt, it therefore becomes mandatory as a good security practise to carry out security testing after finalising security configuration. Network security testing is an activity that conclusively determines the integrity of the network security. Security testing is carried out to detect unknown vulnerabilities on the network and to ensure proper security is in place (Wack et al 2003). Network s ecurity tools can be classified in the following groups; networks port-scanning tools (Network Mapper), vulnerability-scanning tools (Cybercop Scanner, Nessus), password-cracking tools (John the Ripper, Novel Netware password cracker), Network Sniffers (Ethereal, Snort) etc. Network mapper and Nessus are briefly discussed. 2.10.3.1 NETWORK MAPPER (NMAP) Nmap is a network port scanning tool that is used to check if a network port is open or closed. It makes use of IP packet to identify if ports are open, the type of OS the hosts are running and also the version available on the hosts, the type of firewall implementation etc (Yamanishi and Maruyama 2005). If Nmap is used to scan hosts ports on the protected network as against rules define for the ports on the secured network and it is discovered that there are response from some of the ports apart from the rules defined for those ports, it then means that the ports responding to Nmap scan request are exposed and are likely point s through which attackers can gain entry into the network (Noonan and Dobrawsky 2006). 2.10.3.2 NESSUS Nessus is another vulnerability scanning tool used to identify holes (open ports) and the kind possible attacks that might occur through the open ports on the protected network. An example is DOS attacks. Nessus is a freeware that can be implemented in Linux, Mac OS X, and windows OS. In addition, Nessus is a client-server based operation. The Nessus sever is responsible for vulnerability testing and scanning while the Nessus client provides reporting and front end configuration (Noonan and Dobrawsky 2006).
Subscribe to:
Posts (Atom)