Panopticism he states that the development of discipline Essay Example for Free

Panopticism he states that the maturation of discipline EssayIn Michel Foucaults (1975) excerpt, Panopticism he states that the development of discipline in the 18th and 19th centuries came from he emergence of prison as the ferment of penalty for every crime. During these times the major crimes committed were from the cut Revolution and the major riots and civil unrest in the French golf club. In these prisons the Panopticon puts the inmates in a different state in which each hotshot is there own separate individual. Foucault states that the major effect of these Panopticon are that they induce the inmate in a state of conscious and permanent visibility that assures the automatic military operation of power. Such a structure allows individuals to be seen and restricts their ability to communicate with the security, the warden, or other prisoners. In this case, crowds are nonexistent and each person is confined to their cellular phone where they can be viewed by the wat cher. He states that this new form of punishment lead to the development of a whole new kind of individuality for bodies. The brilliancy of this prison is that the Panopticon forces blindness onto the prisoner where he or she is never sure if someones watching or not, inducing a harmless form of paranoia, keeping people in place.When a person is accused of a crime, society finds upon itself the responsibility of punishing him or her. The question of morality, however, is finding the perfect punishment in compensation of the crime that was committed. With the Panopticon, rather than breaking them voltaic pile physically by using tortures like the thumbscrew or whips, prisoners can be befuddled down mentally, which allows the reconstruction of their mentality. This entire theory is effective due to the natural desire that people in general have to conform to societys pressures. after(prenominal) all, it is ingrained in the natural being of graciouss to know that in order to survi ve, everyone needs a place in society whether it is as the man of affairs or as a joker. The fear of complete abandonment from this institution allows the system to work properly.Next, the Panopticon is essential to society in its ability to give aprisoner the chance of redeeming himself or herself to become a crucial part of society again. Instead of seeing revenge on the prisoners, this system allows them to be reformed through a force of habit. As prisoners get used to the idea that theyre being watched at all times with or without their knowledge, they conform their behavior to relate societys standards and norms. Thus, with a strong sense of paranoia, once the prisoner comes out of the Panopticon, he or she will rethink each decisions of breaking the rules. Once the person goes through that phase of the Panopticon imprisonment, he or she is set for a regular life in the real world with human interaction.In addition, with the Panopticon, power isnt centralized in the pass of the warden or prison guards. The mere concept of being spied on causes others to display normal behavior, one that they want to portray to society. The real punishment that the prisoner goes through is one within his or her own mind where due to paranoia, the person shapes up to meet the rules of society in what is right rather than wrong. In this case, no one has power over some other and even the amount of guards can be lessen the prisoner is unable to tell the difference as to who is watching or how many people are watching. Power isnt given to people however is within the architecture of the Panopticon. There will be no more vicious beatings of prisoners and no more degradation of them. In the end, theyre like everyone else, another everyday person in todays world.Panopticism creates self-discipline forced into play through ones own mentality of paranoia and fear, allowing criminals to be broken down mentally instead of physically, to redeem themselves as a part of society a gain, and to allow power to not be centralized in the hands of the warden or prison guards. Its not only an effective system but its also efficient in the way that those separated from society may still have the ability to blend back in after undergoing this type of imprisonment. As a result, the concept of a Panopticon would certainly be better than the status quo where punishment is used and people are locked away behind bars without given a chance to prove that theyre reformed. any(prenominal) cruel and unusual punishments that may occur are abolished and finally, for those who have made a mistake or two, redemption is finally possible.

Gantt Chart for Execution of House Construction Essay Example for Free

Gantt Chart for Execution of House Construction EssayThe employment of house construction involves many stages which atomic number 18 spread over many months. The subject area study example taken for the preparation of Gantt chart is selected as it involves various stages and there are many people involved in different activities. These activities are interdependent on the performance of various work groups and can get delayed if non planned and executed timely. Thus I present a Gantt Chart that will assist and ensure effective working in order to obtain the end result as planned. Explanation of Gantt Chart (refer appendix)The boilers suit activity has been planned for a time span of 9 months. The activities have been classified as follows Excavation (A) This is the origin stage where excavation for the house columns inescapably to be carried out. The lead time for this activity is one month. This is a process which is labor intensive and needs to be spotd as per the a rchitectural drawing. separate activities cannot be started before ensuring accuracy of the excavation work as the structure cannot be modified if desired at a later stage.Hence activity B , RCC cannot start before 100 % design of activity A. In case during this phase it is realized that any delays could be caused in reaching the first milestone then additional workforce or earth moving equipment needs to be outsourced. RCC (B) (Reinforced Cement Concrete) The lead time for this activity is three months. at a time excavation is complete the next stage is of RCC which involves making columns and beams of the house. Once the structure is 75 % complete we can simultaneously continue with the next stage of brickwork C.The deed of this milestone will not hamper activity C but due caution has to be exercised that the activity gets completed by the fourth month form the project starting date as it is the start of activity D and E. Brickwork (C) Along with brickwork the other activitie s Electrical (D) and Plumbing (E) also need to be commenced upon the completion of stage B and 50 % of stage C as the electric pipes and fittings need to be covered inside the walls. Similarly toilets and kitchen requires plumbing to be done simultaneously.If the activity deviates from its planned lead time of two months then activity D, E and F will need to be carried out at an increased pace than its actual to cover up for the lag time. Electrical (D)and Plumbing (E) These stages can be executed simultaneously as they are not interdependent on each other . Once these are complete we can move on to the next stage. Plastering (F) After completion of electrical and plumbing work we can start with the internal plastering activity. However external plastering can be carried out when 50 % of stage D and E are complete.This is the third milestone. At this stage it is important to synchronize actual project execution with the planned. Tiling (G) Once plastering is 100 % complete then we c an move on to Tiling Flooring work Painting (H) This is the final milestone to be executed after 100 % completion of activity G . Conclusion Gantt chart gives a clear picture of the stages and helps in noticing any deviations and corrective steps can be implemented which in turn will not disrupt other schedules and help in achieving desired results in a cost effective and efficient manner.The case for bargain Vs make is indeed a matter of individual capacities and judgment in the said example. By choosing to make as in the above case the noble gets freedom of choice and taste to suit his own needs. If activities are carried out with due diligence the project would be cost effective.Reference Gantt Chart- Wikipedia, 19 October 2008, http//en. wikipedia. org/wiki/Gantt_chart

End to End VoIP Security

End to End VoIP SecurityIntroductionUser communications intentions argon in high demand in the lucre substance ab utiliser community. Two classes of much(prenominal) applications argon of great importance and attract interest by umteen earnings maprs collaboration trunks and VoIP communication placements. In the low gear category reside systems same ICQ , MSN Messenger and Yahoo Messenger trance in the latter, systems like Skype and VoipBuster atomic number 18 dominating among the public VoIP clients. In the computer architecture plane, collaboration systems form a distri except whened net subject where the checkicipants communicate with each new(prenominal)wise and re- moveencing information. The selective information argon each routed from the source through a primordial server to the recipient or the twain clients communicate directly. The regionicipants in such webs are both confine yieldrs and content requestors . On the other hand, the selective inf ormation communication path in the VoIP systems is direct between the peers, without whatever involvement of the divine service intercommunicate in the data stand in path with nigh exceptions like Skypes super boss communications. information are carried oer public Internet infrastructures like Ethernets, WiFi hotspots or wireless ad hoc networks. Security in these networks is a critical issue communicate in several different perspectives in the past.In this assignment I focus on cryptographic shelter implementation in VoIP. Security is employ dynami foretell c exclusivelyy in cooperation by the two (or more) peers with no prior arrangements and requirements, like out of band convertd distinguishs, overlap secrets etcetera Ease of use (simplicity), user fri fireliness (no supernumerary knowledge from the user side) and effectiveness (ensuring confidentiality and integrity of the applications) combined with minimal requirements on end up user devices are the goals ach ieved by our approach. We leverage hostage of user communications, meeting each(prenominal)(a) the above requirements, by enhancing the applications architecture with VoIPSec aegis system elements.Over the past few years, articulation over IP (VoIP) has become an bewitching alternative to more traditional forms of telephony. Natur eithery, with its in-creasing popularity in daily communications, re-searchers are continually exploring demeanors to improve both the faculty and security of this new-made communication engineering. Unfortunately, while it is surface understood that VoIP packet boats must be graveed to en legitimate confidentiality, it has been representn that simply encrypting packets may not be sufficient from a concealing stand specify. For instance, we recently channelizeed that when VoIP packets are first compressed with vari fitted bit rate (VBR) encoding schemes to save bandwidth, and then encrypted with a length preserving stream grave to ensure c onfidentiality, it is possible to determine the quarrel spoken in the encrypted conversation.As surprising as these findings may be, adept dexterity argue that learning the percentage communication of the speaker (e.g., Arabic) only affects privacy in a marginal way of life. If both endpoints of a VoIP chat are known (for example, Mexico City and Madrid), then unmatchable magnate correctly conclude that the language of the conversation is Spanish, without performing any analysis of the work. In this work we show that the information leaked from the faction of information VBR and length preserving encoding is thence far worse than antecedently thought.VOIPThis assignment is about security, more detailally, about protecting 1 of your closely precious assets, your privacy. We guard nothing more closely than our words. One of the most distinguished decisions we reach out every day is what we allow for say and what we wont. But even then its not only what we say, o nly if also what someone else hears, and who that person is. illustration over IP- the transmittance of give tongue to over traditional packet-switched IP networksis one of the hottest trends in telecommunications. Although most computers substructure contribute VoIP and many offer VoIP applications, the term juncture over IP is typically associated with equipment that lets users dial telephone numbers and communicate with parties on the other end who come a VoIP system or a traditional analog telephone. (The sidebar, Current vocalism-over-IP products, de-scribes some of the products on the market today.)As with any new technology, VoIP introduces both opportunities and problems. It offers cast down cost and greater flexibility for an endeavor but presents signifi hindquarterst security challenges. Security administrators index assume that be develop digitized vocalize travels in packets, they can simply political hack VoIP components into their already se-cured networks and get a persistent and secure vowel system net-work. Unfortunately, many of the tools used to safeguard todays computer networksfirewalls, network bid translation (NAT), and encodingdont work as is in a VoIP network. Although most VoIP components have counterparts in data networks, VoIPs functioning demands mean you must supplement ordinary network bundle and ironware with special VoIP components.Integrating a VoIP system into an already congested or overburdened network can be disastrous for a companys technology infra-structure. Anyone at- enticing to construct a VoIP network should therefrom first study the procedure in great detail. To this end, weve outlined some of the challenges of introducing appropriate security measures for VoIP in an enterprise. lengthwise SecurityIN this assignment I am going to describe the passim security and its shape ruler that one should not place mechanisms in the network if they can be dictated in end nodes thus, networks should pr ovide general service kinda than services that are formulaed to support specific applications. The externalize and implementation of the Internet followed this design principle comfortably. The Internet was knowing to be an application-agnostic datagram de-livery service. The Internet of today isnt as pure an implementation of the end-to-end design principle as it once was, but its enough of one that the col belatedral effects of the network not knowing whats running over it are comely major problems, at least in the minds of some observers. Before I get to those perceived problems, Id like to talk about what the end-to-end design principle has meant to the Internet, technical evolution, and society. The Internet doesnt care what you doits job is just to deliver the bits, stupid (in the words of David Isenberg in his 1997 paper, Rise of the Stupid Network2). The bits could be part of an email message, a data shoot, a photograph, or a video, or they could be part of a defenc e-of-service round out, a malicious worm, a break-in attempt, or an illegally shared song. The Net doesnt care, and that is both its power and its threat.The Internet (and by this, I mean the Arpanet, the NSFNet, and the networks of their successor commercial ISPs) wasnt intentional to run the World childlike meshing. The Internet wasnt designed to run Google Earth. It was designed to support them even though they did not exist at the time the foundations of the Net were designed. It was designed to support them by being designed to transport data without caring what it was that data represented.At the very first, the design of transmission run into communications communications protocol/IP wasnt so flexible. The initial design had TCP and IP within a angiotensin-converting enzyme protocol, one that would only deliver data reliably to a destination. But it was realized that not all applications were surmount served by a protocol that could only deliver reliable data streams. In particular, timely obstetrical delivery of information is more important than reliable delivery whentrying to support interactive go over a network if adding reliability would, as it does, incr quiet delay. TCP was split from IP so that the application running in an end node could determine for itself the level of reliability it needed. This split created the flexibility that is currently being used to deliver Skypes interactive voice service over the same network that CNN uses to deliver up-to-the-minute news headlines and the US Patent and Trademark office uses to deliver copies of US patents.Thus the Internet design, based as it was on the end-to-end principle, became a generative facility. Unlike the traditional phone system, in which most new applications must be installed in the phone switches deep in the phone net-work, anyone could create new applications and run them over the Internet without getting permission from the organizations that run the parts of the Net. This ability was secondhand with irrational exuberance4 during the late 1990s Internet boom. But, in spite of the hundreds of billions of dollars lost by investors when the boom busted, the number of Internet users and entanglement sites, the measuring of Internet job, and the quantify of Internet commerce have continue to rise, and the rate of new ideas for Internet-based services hasnt no- ticeably diminished.Security and privacy in an end-to-end worldThe end to end arguments paper used se-cure transmission of data as one reason that an end-to-end design was required. The paper points out that network-level or per-link encoding doesnt in truth provide assurance that a file that arrives at a destination is the same as the file that was sent or that the data went unobserved on the path from the source to the destination. The only way to ensure end-to-end data integrity and confidentiality is to use end-to-end encoding.Thus, security and privacy are the responsibilities of the en d nodes. If you destiny to ensure that a file bequeath be transferred without any corruption, your data-transfer application had better admit an integrity check, and if you didnt destiny to allow anyone along the way to beh hoar the data itself, your application had better encrypt it before transmitting it.There are more aspects to security on a network than just data encryption. For example, to ensure that communication over the net-work is reliable, the network itself needs to be secure against attemptspurposeful or accidentalto disrupt its operation or redirect traffic away from its intended path. But the pilot film Internet design didnt include protections against such round outs. eve if the network is working perfectly, you need to actually be public lecture to the server or person you hazard you are. But the Internet doesnt pro-vide a way, at the network level, to assure the identities of its users or nodes. You also need to be sure that the message your computer re receives isnt designed to exploit weaknesses in its software (such as worms or viruses) or in the waysthat you use the Net. Protection against such things is the end systems responsibility.Note that there is subatomic that can be done in the Net or in your end system to protect your privacy from threats such as the government demanding the records of your use of Net-based services such as Google, which collect information about your network usage.Many of todays observers assume that the lack of build in protections against attacks and the lack of a se-cure way to report users or nodes was a result of an environment of trust that prevailed when the original Internet design and protocols were developed. If you trusted the people on the Net, there was no need for special defensive functions. But a few people who were at the scene have told me that such protections were actively disapprove by the primary sponsor of the primal Internetthat is to say, the US military wasnt all that i nterested in having upright nonmilitary security, maybe because it expertness make its job harder in the future. Whatever the reason, the Internet wasnt designed to provide a secure environment that included protection against the malicious actions of those who would disrupt it or attack nodes or services provided over it.throughout security is not dead yet, but it is seriously threatened, at least at the network layer. NATs and firewalls interfere with some types of end-to-end encryption technology. ISPs could soon be required by regulations to, by default, filter the Web sites and perhaps the protocols that their customers can plan of attack. Other ISPs want to be able to limit the protocols that their customers can access so that the ISP can give service providers an incentive to pay for the customers use of their linesthey dont see a way to pay for the net-work without this ability. The FBI has asked that it be able to review all new Internet services for tapability before th eyre deployed, and the FCC has hinted that it will support the requestIf this were to happen, applications such as Skype that use end-to-end encryption could be outlawed as spotty with law enforcement needs.Today, its still easy to use end-to-end encryption as long as its HTTPS, but that world power be short-lived. It could soon reach the point that the use of end-to-end encryption, without which end-to-end security cant exist, will be seen as an antisocial act (as a US justice department authoritative once told me). If that comes to be the baptistry, end-toend security will be truly dead, and we will all have to trust functions in the network that we have no way of knowing are on our side.What is VoIP end to end security?Achieving end-to-end security in a voice-over-IP (VoIP) posing is a challenging task. VoIP posing ecesis involves a jumble of different protocols, all of which must inter-operate correctly and securely. Our objective in this paper is to present a structure d analysis of protocol inter-operation in the VoIP messiness, and to demonstrate how even a subtle mismatch between the assumptions made by a protocol at one layer about the protocol at some other layer can lead to catastrophic security breaches, including completeremoval of transport-layer encryption.The VoIP protocol stack is shown in figure 1. For the purposes of our analysis, we will allot it into four layers signaling, session description, key flip-flop and secure media (data) transport. This division is quite natural, since each layer is typically use by a dissipate protocol. planetary house is an application-layer (from the viewpoint of the underlying communication network) control mechanism used for creating, modifying and terminating VoIP sessions with one or more participants. Signaling protocols include session Initiation Protocol (SIP) 27, H.323 and MGCP. Session description protocols such as SDP 20 are used for initiating multimedia and other sessions, and often include key rally as a sub-protocol.Key exchange protocols are intended to provide a cryptographically secure way of establishing secret session keys between two or more participants in an untrusted environment. This is the aboriginal building block in se-cure session establishment. Security of the media transport layerthe layer in which the actual voice datagrams are transmitteddepends on the secrecy of session keys and authentication of session participants. Since the established key is typically used in a symmetric encryption scheme, key secrecy requires that nobody other than the legitimate session participants be able to distinguish it from a random bit-string. Authentication requires that, after the key exchange protocol successfully completes, the participants respective views of sent and received messages must match (e.g., see the notion of matching conversations in 8). Key ex-change protocols for VoIP sessions include SDPs Security DEscriptions for Media Streams (SDES) , multimedia system Internet KEYing (MIKEY) and ZRTP 31. We will analyze all three in this paper. substantial media transport aims to provide confidentiality, message authentication and integrity, and replay protection to the media (data) stream. In the case of VoIP, this stream typically carries voice datagrams. Confidentiality representation that the data under encryption is indistinguishable from random for anyone who does not have the key. Message authentication implies that if Alice receives a datagram on the face of it sent by Bob, then it was indeed sent by Bob. Data integrity implies that any modification of the data in transitWe show how to cause the transport-layer SRTP protocol to repeat the keystream used for datagram encryption. This enables the aggressor to obtain the xor of plaintext datagrams or even to completely decrypt them. The SRTP keystream is generated by using AES in a stream cipher-like mode. The AES key is generated by useing a pseudo-random function (PR F) to the session key. SRTP, however, does not add any session-specific randomness to the PRF seed. Instead, SRTP assumes that the key exchange protocol, executed as part of RTP session establishment, will en-sure that session keys never repeat. Unfortunately, S/MIME-protected SDES, which is one of the key ex-change protocols that may be executed prior to SRTP, does not provide any replay protection. As we show, a network-based assailant can replay an old SDES key establishment message, which will cause SRTP to re-peat the keystream that it used before, with devastating consequences. This attack is confirmed by our analysis of the libsrtp implementation. We show an attack on the ZRTP key exchange protocol that allows the attacker to convince ZRTP session participants that they have lost their shared secret. ZID values, which are used by ZRTP participants to notice previously established shared secrets, are not authenticated as part of ZRTP. Therefore, an attacker can initiate a se ssion with some society A under the guise of another party B, with whom A previously established a shared secret. As part of session establishment, A is so-called to verify that B knows their shared secret. If the attacker deliberately chooses values that cause verification to fail, A will decidefollowing ZRTP specificationthat B has forget the shared secret.The ZRTP specification explicitly says that the protocol may proceed even if the set of shared secrets is empty, in which case the attacker ends up sharing a key with A who thinks she shares this key with B. Even if the participants stop the protocol after losing their shared secrets, but are using VoIP devices without displays, they cannot confirm the computed key by voice and must stop communicating. In this case, the attack becomes a simple and effective denial of service. Our analysis of ZRTP is supported by the AVISPA formal analysis tool . We show several minor weaknesses and potential vulnerabilities to denial of servi ce in other protocols. We also observe that the key derived as the result of MIKEY key exchange cannot be used in a precedent cryptographic proof of key exchange security (e.g., ). Key secrecy requires that the key be in-distinguishable from a random bitstring. In MIKEY, however, the joint Diffie-Hellman value derived as the result of the protocol is used directly as the key. Membership in many Diffie-Hellman groups is easily checkable, thus this value can be distinguished from a random bitstring. Moreover, even hashing the Diffie-Hellman value does not allow the formal proof of security to go through in this case, since the hash function does not make out any random inputs apart from the Diffie-Hellman value and cannot be viewed as a randomness extractor in the proof. (This card does not immediately lead to any attacks.)While we demonstrate several real, exploitable vulnerabilities in VoIP security protocols, our main contribution is to highlight the importance of analyzing prot ocols in con-text rather than in isolation. Specifications of VoIP protocols tend to be a mixture of informal prose and pseudocode, with some assumptionsespecially those about the protocols operating at the other layers of the VoIP stackare go away implicit and vague. Therefore, our study has importantlessons for the design and analysis of security protocols in general.The rest of the paper is organized as follows. In slit 2, we describe the protocols, caution on SIP (signaling), SDES, ZRTP and MIKEY (key exchange), and SRTP (transport). In section 3, we describe the attacks and vulnerabilities that we discovered. Related work is in section 4, conclusions are in section 5.VoIP security different from sane data network securityTo translate why security for VoIP differs from data network security, we need to look at the unique constraints of transmitting voice over a packet network, as well as the characteristics shared by VoIP and data networks.Packet networks depend on many co nfigurable parameters IP and MAC (physical) addresses of voice terminals and addresses of routers and firewalls. VoIP networks add specialized software, such as call managers, to place and route calls. Many network parameters are established dynamically each time a network component is re pour downed or when a VoIP telephone is restarted or added to the net-work. Because so many nodes in a VoIP network have dynamically configurable parameters, intruders have as wide an array of potentially undefendable points to attack as they have with data networks. But VoIP systems have much stricter performance constraints than data networks, with significant implications for security.Threats for VoIPVoIP security threats contain Eavesdropping, self-denial of Service, Session Hijacking, VoIP Spam, etc. For preventing these threats, there are several VoIP standard protocols. And we discuss this in Section 3.EavesdroppingVoIP service using internet technology is faced with an eavesdropping threa t, in which is gathering call setting information and audio/voice communication contents illegally. Eavesdropping can be categorize largely by eavesdropping in a LAN(Local Area Network) environment, one in a WAN( Wide Area Network) environment, one through a PC(Personal Computer) hacking, etc. vindication of ServiceDenial of Service is an attack, which makes it difficult for legitimate users to pass water telecommunication service regularly. Also it is one of threats, which are not easy to solve the most. Since VoIP service is based on internet technology, it also is exposed to Denial of Service. Denial of Service in VoIP service can be largely divided into system resource exhaustion, tourThis work was supported by the IT RD broadcast of MIC/IITA resourceexhaustion,VoIP communication interruption/blocking, etc.Session HijackingSession Hijacking is an attack, which is gathering the communication session control between users through spoofing legitimate users, and is busybodied in their communication, as a kind of man-in-the-middle attack. Session Hijacking in VoIP communication can be categorized largely by INVITE session hijacking, SIP Registration hijacking, etc.VoIP SpamVoIP Spam is an attack, which is interrupting, and violating user privacy through guideing voice advertisement messages, and also makes VMS(Voice Mailing System) powerless. It can be categorized by Call Spam, IM(Instant Messaging) Spam, Presence Spam, etc.Security trade-offsTrade-offs between convenience and security are deed in software, and VoIP is no exception. Most, if not all, VoIP components use integrated Web servers for configuration. Web interfaces can be attractive, easy to use, and inexpensive to produce because of the wide availability of good development tools. Unfortunately, most Web development tools focus on features and ease of use, with less attention paid to the security of the applications they help produce. Some VoIP device Web applications have weak or no access c ontrol, script vulnerabilities, and short parameter validation, resulting in privacy and DoS vulnerabilities. Some VoIP phone Web servers use only HTTP basic authentication, meaning servers send authentication information without encryption, letting anyone with network access obtain valid user IDs and passwords. As VoIP gains popularity, well of necessity see more administrative Web applications with exploitable errors.The encryption routine can be unfavorable to QoSUnfortunately, several factors, including packet size expansion, ciphering latency, and a lack of QoS goad in the cryptographic engine can cause an excessive amount of latency in VoIP packet delivery, leading to degraded voice quality.The encryption process can be detrimental to QoS, qualification cryptodevices severe bottlenecks in a VoIP net-work. encoding latency is introduced at two points. First, encryption and decryption take a nontrivial amount of time. VoIPs multitude of small packets exacerbates the encrypt ion slowdown because most of the time consumed comes as crash for each packet. One way to avoid this slowdown is to apply algorithms to the computationally simple encryption voice data before packetization. Although this improves throughput, the proprietary encryption algorithms used (fast Fourier-based encryption, chaos-bit encryption, and so on) arent considered as secure as the Advanced Encryption Standard,16 which is included in many IPsec implementations. AESs combination of speed and security should handle the demanding needs of VoIP at both ends. following general guidelines, recognizing that practical considerations might require adjusting them Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion- contracting and VoIP firewall protection. At the voice gateway, which interfaces with the PSTN, preclude H.323, SIP, or Media gateway Control Protocol (MGCP) connections from the data network. As with any other critical network centering component, use strong authentication and access control on the voice gateway system. Choose a mechanism to allow VoIP traffic through firewalls. divers(a) protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call.Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system.Use IPsec tunneling when available kinda of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against basic traffic analysis (that is, determining whos making the calls).If performance is a problem, use encryption at the router or other g ateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform encryption, placing this new studies indicate that the greatest contributor to the encryption bottleneck occurs at the cryptoengine scheduler, which often delays VoIP packets as it processes larger data packets.17 This problem stems from the fact that cryptoschedulers are usually first-in first-out (FIFO) queues, inadequate for supporting QoS requirements. If VoIP packets arrive at the encryption point when the queue already contains data packets, theres no way they can usurp the less time-urgent traffic. Some ironware manufacturers have proposed (and at least one has implemented) solutions for this, including QoS reordering of traffic just before it reaches the cryptoengine.18 But this solution assumes that the cryptoengines output is fast enough to avoid saturating the queue. Ideally, youd want the cryptoengine to dynamically sort incoming traffic and force data traffic to wait for it to finish processing the VoIP packets, even if these packets arrive later. However, this solution adds considerable overhead to a process most implementers like to keep as light as possible. Another option is to use hardware-implemented AES encryption, which can improve throughput significantly. Past the cryptoengine stage, the system can performfurther QoS programing on the encrypted packets, provided they were encrypted using ToS preservation, which copies the original ToS bits into the new IPsec header. Virtual private network (VPN) tunneling of VoIP has also become popular recently, but the congestion and bottlenecks associated with encryption suggest that it might not always be scalable. Although researchers are making great strides in this area, the hardware and soft-ware necessary to ensure call quality for encrypted voice traffic might not be economically or architecturally vi-able for all enterprises considering the move to VoIP.Thus far, weve painted a fa ir bleak picture of VoIP security. We have no easy one size fits all solution to the issues weve discussed in this article. Decisions to use VPNs preferably of ALG-like solutions or SIP instead of H.323 must depend on the specific nature of both the current network and the VoIP network to be. The technical problems are solvable, however, and establishing a secure VoIP implementation is well worth the difficulty.To implement VoIP securely today, start with the following general guidelines, recognizing that practical considerations might require adjusting them Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call.Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system.Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls).If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enou gh to perform burden at a central point ensures the encryption of all VoIP traffic emanating from the enterprise network. Newer IP phones provide AES encryption at reason-able cost.Look for IP phones that can load digitally (cryptographically) signed images to guarantee the integrity of the software loaded onto the IP phone.Avoid softphone systems (see the sidebar) when security or privacy is a concern. In addition to violating the separation of voice and data, PC-based VoIP applications are vulnerable to the worms and viruses that are all too common on PCs. roll methods to harden VoIP platforms based on common operating systems such as Windows or Linux. Try, for example, disabling unnecessary services or using host-based intrusion detection methods.Be especially diligent about maintaining patches and current versions of VoIP software.Evaluate costs for additional power backup systems that might be required to ensure continued operation during power outages.Give special consideratio n to E-91 1 emergency services communications, because E-911 automatic location service is not always available with VoIP.VoIP can be done securely, but the path isnt smooth. It will likely be several years before standards issues are settledEnd to End VoIP SecurityEnd to End VoIP SecurityIntroductionUser communications applications are in high demand in the Internet user community. Two classes of such applications are of great importance and attract interest by many Internet users collaboration systems and VoIP communication systems. In the first category reside systems like ICQ , MSN Messenger and Yahoo Messenger while in the latter, systems like Skype and VoipBuster are dominating among the public VoIP clients. In the architecture plane, collaboration systems form a distributed network where the participants communicate with each other and exchange information. The data are either routed from the source through a central server to the recipient or the two clients communicate dire ctly. The participants in such networks are both content providers and content requestors . On the other hand, the data communication path in the VoIP systems is direct between the peers, without any involvement of the service network in the data exchange path with some exceptions like Skypes supernode communications. Data are carried over public Internet infrastructures like Ethernets, WiFi hotspots or wireless ad hoc networks. Security in these networks is a critical issue addressed in several different perspectives in the past.In this assignment I focus on cryptographic security implementation in VoIP. Security is implemented dynamically in cooperation by the two (or more) peers with no prior arrangements and requirements, like out of band exchanged keys, shared secrets etc. Ease of use (simplicity), user friendliness (no special knowledge from the user side) and effectiveness (ensuring confidentiality and integrity of the applications) combined with minimal requirements on end u ser devices are the goals achieved by our approach. We leverage security of user communications, meeting all the above requirements, by enhancing the applications architecture with VoIPSec security elements.Over the past few years, Voice over IP (VoIP) has become an attractive alternative to more traditional forms of telephony. Naturally, with its in-creasing popularity in daily communications, re-searchers are continually exploring ways to improve both the efficiency and security of this new communication technology. Unfortunately, while it is well understood that VoIP packets must be encrypted to ensure confidentiality, it has been shown that simply encrypting packets may not be sufficient from a privacy standpoint. For instance, we recently showed that when VoIP packets are first compressed with variable bit rate (VBR) encoding schemes to save bandwidth, and then encrypted with a length preserving stream cipher to ensure confidentiality, it is possible to determine the language s poken in the encrypted conversation.As surprising as these findings may be, one might argue that learning the language of the speaker (e.g., Arabic) only affects privacy in a marginal way. If both endpoints of a VoIP call are known (for example, Mexico City and Madrid), then one might correctly conclude that the language of the conversation is Spanish, without performing any analysis of the traffic. In this work we show that the information leaked from the combination of using VBR and length preserving encryption is indeed far worse than previously thought.VOIPThis assignment is about security, more specifically, about protecting one of your most precious assets, your privacy. We guard nothing more closely than our words. One of the most important decisions we make every day is what we will say and what we wont. But even then its not only what we say, but also what someone else hears, and who that person is.Voice over IP- the transmission of voice over traditional packet-switched IP networksis one of the hottest trends in telecommunications. Although most computers can provide VoIP and many offer VoIP applications, the term voice over IP is typically associated with equipment that lets users dial telephone numbers and communicate with parties on the other end who have a VoIP system or a traditional analog telephone. (The sidebar, Current voice-over-IP products, de-scribes some of the products on the market today.)As with any new technology, VoIP introduces both opportunities and problems. It offers lower cost and greater flexibility for an enterprise but presents significant security challenges. Security administrators might assume that because digitized voice travels in packets, they can simply plug VoIP components into their already se-cured networks and get a stable and secure voice net-work. Unfortunately, many of the tools used to safeguard todays computer networksfirewalls, network address translation (NAT), and encryptiondont work as is in a VoIP networ k. Although most VoIP components have counterparts in data networks, VoIPs performance demands mean you must supplement ordinary network software and hardware with special VoIP components.Integrating a VoIP system into an already congested or overburdened network can be disastrous for a companys technology infra-structure. Anyone at- tempting to construct a VoIP network should therefore first study the procedure in great detail. To this end, weve outlined some of the challenges of introducing appropriate security measures for VoIP in an enterprise.End-to-End SecurityIN this assignment I am going to describe the end-to-end security and its design principle that one should not place mechanisms in the network if they can be placed in end nodes thus, networks should provide general services rather than services that are designed to support specific applications. The design and implementation of the Internet followed this design principle well. The Internet was designed to be an applicat ion-agnostic datagram de-livery service. The Internet of today isnt as pure an implementation of the end-to-end design principle as it once was, but its enough of one that the collateral effects of the network not knowing whats running over it are becoming major problems, at least in the minds of some observers. Before I get to those perceived problems, Id like to talk about what the end-to-end design principle has meant to the Internet, technical evolution, and society. The Internet doesnt care what you doits job is just to deliver the bits, stupid (in the words of David Isenberg in his 1997 paper, Rise of the Stupid Network2). The bits could be part of an email message, a data file, a photograph, or a video, or they could be part of a denial-of-service attack, a malicious worm, a break-in attempt, or an illegally shared song. The Net doesnt care, and that is both its power and its threat.The Internet (and by this, I mean the Arpanet, the NSFNet, and the networks of their successor commercial ISPs) wasnt designed to run the World Wide Web. The Internet wasnt designed to run Google Earth. It was designed to support them even though they did not exist at the time the foundations of the Net were designed. It was designed to support them by being designed to transport data without caring what it was that data represented.At the very first, the design of TCP/IP wasnt so flexible. The initial design had TCP and IP within a single protocol, one that would only deliver data reliably to a destination. But it was realized that not all applications were best served by a protocol that could only deliver reliable data streams. In particular, timely delivery of information is more important than reliable delivery whentrying to support interactive voice over a network if adding reliability would, as it does, increase delay. TCP was split from IP so that the application running in an end node could determine for itself the level of reliability it needed. This split created t he flexibility that is currently being used to deliver Skypes interactive voice service over the same network that CNN uses to deliver up-to-the-minute news headlines and the US Patent and Trademark office uses to deliver copies of US patents.Thus the Internet design, based as it was on the end-to-end principle, became a generative facility. Unlike the traditional phone system, in which most new applications must be installed in the phone switches deep in the phone net-work, anyone could create new applications and run them over the Internet without getting permission from the organizations that run the parts of the Net. This ability was exploited with irrational exuberance4 during the late 1990s Internet boom. But, in spite of the hundreds of billions of dollars lost by investors when the boom busted, the number of Internet users and Web sites, the amount of Internet traffic, and the value of Internet commerce have continued to rise, and the rate of new ideas for Internet-based ser vices hasnt no- ticeably diminished.Security and privacy in an end-to-end worldThe end to end arguments paper used se-cure transmission of data as one reason that an end-to-end design was required. The paper points out that network-level or per-link encryption doesnt actually provide assurance that a file that arrives at a destination is the same as the file that was sent or that the data went unobserved along the path from the source to the destination. The only way to ensure end-to-end data integrity and confidentiality is to use end-to-end encryption.Thus, security and privacy are the responsibilities of the end nodes. If you want to ensure that a file will be transferred without any corruption, your data-transfer application had better include an integrity check, and if you didnt want to allow anyone along the way to see the data itself, your application had better encrypt it before transmitting it.There are more aspects to security on a network than just data encryption. For ex ample, to ensure that communication over the net-work is reliable, the network itself needs to be secure against attemptspurposeful or accidentalto disrupt its operation or redirect traffic away from its intended path. But the original Internet design didnt include protections against such attacks. Even if the network is working perfectly, you need to actually be talking to the server or person you think you are. But the Internet doesnt pro-vide a way, at the network level, to assure the identities of its users or nodes. You also need to be sure that the message your computer re receives isnt designed to exploit weaknesses in its software (such as worms or viruses) or in the waysthat you use the Net. Protection against such things is the end systems responsibility.Note that there is little that can be done in the Net or in your end system to protect your privacy from threats such as the government demanding the records of your use of Net-based services such as Google, which collect information about your network usage.Many of todays observers assume that the lack of built-in protections against attacks and the lack of a se-cure way to identify users or nodes was a result of an environment of trust that prevailed when the original Internet design and protocols were developed. If you trusted the people on the Net, there was no need for special defensive functions. But a few people who were at the scene have told me that such protections were actively discouraged by the primary sponsor of the early Internetthat is to say, the US military wasnt all that interested in having good nonmilitary security, maybe because it might make its job harder in the future. Whatever the reason, the Internet wasnt designed to provide a secure environment that included protection against the malicious actions of those who would disrupt it or attack nodes or services provided over it.End-to-end security is not dead yet, but it is seriously threatened, at least at the network layer. N ATs and firewalls interfere with some types of end-to-end encryption technology. ISPs could soon be required by regulations to, by default, filter the Web sites and perhaps the protocols that their customers can access. Other ISPs want to be able to limit the protocols that their customers can access so that the ISP can give service providers an incentive to pay for the customers use of their linesthey dont see a way to pay for the net-work without this ability. The FBI has asked that it be able to review all new Internet services for tapability before theyre deployed, and the FCC has hinted that it will support the requestIf this were to happen, applications such as Skype that use end-to-end encryption could be outlawed as inconsistent with law enforcement needs.Today, its still easy to use end-to-end encryption as long as its HTTPS, but that might be short-lived. It could soon reach the point that the use of end-to-end encryption, without which end-to-end security cant exist, will be seen as an antisocial act (as a US justice department official once told me). If that comes to be the case, end-toend security will be truly dead, and we will all have to trust functions in the network that we have no way of knowing are on our side.What is VoIP end to end security?Achieving end-to-end security in a voice-over-IP (VoIP) session is a challenging task. VoIP session establishment involves a jumble of different protocols, all of which must inter-operate correctly and securely. Our objective in this paper is to present a structured analysis of protocol inter-operation in the VoIP stack, and to demonstrate how even a subtle mismatch between the assumptions made by a protocol at one layer about the protocol at another layer can lead to catastrophic security breaches, including completeremoval of transport-layer encryption.The VoIP protocol stack is shown in figure 1. For the purposes of our analysis, we will divide it into four layers signaling, session description, key exchange and secure media (data) transport. This division is quite natural, since each layer is typically implemented by a separate protocol. Signaling is an application-layer (from the viewpoint of the underlying communication network) control mechanism used for creating, modifying and terminating VoIP sessions with one or more participants. Signaling protocols include Session Initiation Protocol (SIP) 27, H.323 and MGCP. Session description protocols such as SDP 20 are used for initiating multimedia and other sessions, and often include key exchange as a sub-protocol.Key exchange protocols are intended to provide a cryptographically secure way of establishing secret session keys between two or more participants in an untrusted environment. This is the fundamental building block in se-cure session establishment. Security of the media transport layerthe layer in which the actual voice datagrams are transmitteddepends on the secrecy of session keys and authentication of session part icipants. Since the established key is typically used in a symmetric encryption scheme, key secrecy requires that nobody other than the legitimate session participants be able to distinguish it from a random bit-string. Authentication requires that, after the key exchange protocol successfully completes, the participants respective views of sent and received messages must match (e.g., see the notion of matching conversations in 8). Key ex-change protocols for VoIP sessions include SDPs Security DEscriptions for Media Streams (SDES) , Multimedia Internet KEYing (MIKEY) and ZRTP 31. We will analyze all three in this paper.Secure media transport aims to provide confidentiality, message authentication and integrity, and replay protection to the media (data) stream. In the case of VoIP, this stream typically carries voice datagrams. Confidentiality means that the data under encryption is indistinguishable from random for anyone who does not have the key. Message authentication implies th at if Alice receives a datagram apparently sent by Bob, then it was indeed sent by Bob. Data integrity implies that any modification of the data in transitWe show how to cause the transport-layer SRTP protocol to repeat the keystream used for datagram encryption. This enables the attacker to obtain the xor of plaintext datagrams or even to completely decrypt them. The SRTP keystream is generated by using AES in a stream cipher-like mode. The AES key is generated by applying a pseudo-random function (PRF) to the session key. SRTP, however, does not add any session-specific randomness to the PRF seed. Instead, SRTP assumes that the key exchange protocol, executed as part of RTP session establishment, will en-sure that session keys never repeat. Unfortunately, S/MIME-protected SDES, which is one of the key ex-change protocols that may be executed prior to SRTP, does not provide any replay protection. As we show, a network-based attacker can replay an old SDES key establishment message, which will cause SRTP to re-peat the keystream that it used before, with devastating consequences. This attack is confirmed by our analysis of the libsrtp implementation. We show an attack on the ZRTP key exchange protocol that allows the attacker to convince ZRTP session participants that they have lost their shared secret. ZID values, which are used by ZRTP participants to retrieve previously established shared secrets, are not authenticated as part of ZRTP. Therefore, an attacker can initiate a session with some party A under the guise of another party B, with whom A previously established a shared secret. As part of session establishment, A is supposed to verify that B knows their shared secret. If the attacker deliberately chooses values that cause verification to fail, A will decidefollowing ZRTP specificationthat B has forgotten the shared secret.The ZRTP specification explicitly says that the protocol may proceed even if the set of shared secrets is empty, in which case the attacker ends up sharing a key with A who thinks she shares this key with B. Even if the participants stop the protocol after losing their shared secrets, but are using VoIP devices without displays, they cannot confirm the computed key by voice and must stop communicating. In this case, the attack becomes a simple and effective denial of service. Our analysis of ZRTP is supported by the AVISPA formal analysis tool . We show several minor weaknesses and potential vulnerabilities to denial of service in other protocols. We also observe that the key derived as the result of MIKEY key exchange cannot be used in a standard cryptographic proof of key exchange security (e.g., ). Key secrecy requires that the key be in-distinguishable from a random bitstring. In MIKEY, however, the joint Diffie-Hellman value derived as the result of the protocol is used directly as the key. Membership in many Diffie-Hellman groups is easily checkable, thus this value can be distinguished from a random bit string. Moreover, even hashing the Diffie-Hellman value does not allow the formal proof of security to go through in this case, since the hash function does not take any random inputs apart from the Diffie-Hellman value and cannot be viewed as a randomness extractor in the proof. (This observation does not immediately lead to any attacks.)While we demonstrate several real, exploitable vulnerabilities in VoIP security protocols, our main contribution is to highlight the importance of analyzing protocols in con-text rather than in isolation. Specifications of VoIP protocols tend to be a mixture of informal prose and pseudocode, with some assumptionsespecially those about the protocols operating at the other layers of the VoIP stackare left implicit and vague. Therefore, our study has importantlessons for the design and analysis of security protocols in general.The rest of the paper is organized as follows. In section 2, we describe the protocols, focusing on SIP (signaling), SDES, ZRT P and MIKEY (key exchange), and SRTP (transport). In section 3, we describe the attacks and vulnerabilities that we discovered. Related work is in section 4, conclusions are in section 5.VoIP security different from normal data network securityTo understand why security for VoIP differs from data network security, we need to look at the unique constraints of transmitting voice over a packet network, as well as the characteristics shared by VoIP and data networks.Packet networks depend on many configurable parameters IP and MAC (physical) addresses of voice terminals and addresses of routers and firewalls. VoIP networks add specialized software, such as call managers, to place and route calls. Many network parameters are established dynamically each time a network component is restarted or when a VoIP telephone is restarted or added to the net-work. Because so many nodes in a VoIP network have dynamically configurable parameters, intruders have as wide an array of potentially vulnera ble points to attack as they have with data networks. But VoIP systems have much stricter performance constraints than data networks, with significant implications for security.Threats for VoIPVoIP security threats contain Eavesdropping, Denial of Service, Session Hijacking, VoIP Spam, etc. For preventing these threats, there are several VoIP standard protocols. And we discuss this in Section 3.EavesdroppingVoIP service using internet technology is faced with an eavesdropping threat, in which is gathering call setting information and audio/voice communication contents illegally. Eavesdropping can be categorized largely by eavesdropping in a LAN(Local Area Network) environment, one in a WAN( Wide Area Network) environment, one through a PC(Personal Computer) hacking, etc.Denial of ServiceDenial of Service is an attack, which makes it difficult for legitimate users to take telecommunication service regularly. Also it is one of threats, which are not easy to solve the most. Since VoIP service is based on internet technology, it also is exposed to Denial of Service. Denial of Service in VoIP service can be largely divided into system resource exhaustion, circuitThis work was supported by the IT RD program of MIC/IITA resourceexhaustion,VoIP communication interruption/blocking, etc.Session HijackingSession Hijacking is an attack, which is gathering the communication session control between users through spoofing legitimate users, and is interfering in their communication, as a kind of man-in-the-middle attack. Session Hijacking in VoIP communication can be categorized largely by INVITE session hijacking, SIP Registration hijacking, etc.VoIP SpamVoIP Spam is an attack, which is interrupting, and violating user privacy through sending voice advertisement messages, and also makes VMS(Voice Mailing System) powerless. It can be categorized by Call Spam, IM(Instant Messaging) Spam, Presence Spam, etc.Security trade-offsTrade-offs between convenience and security are rout ine in software, and VoIP is no exception. Most, if not all, VoIP components use integrated Web servers for configuration. Web interfaces can be attractive, easy to use, and inexpensive to produce because of the wide availability of good development tools. Unfortunately, most Web development tools focus on features and ease of use, with less attention paid to the security of the applications they help produce. Some VoIP device Web applications have weak or no access control, script vulnerabilities, and inadequate parameter validation, resulting in privacy and DoS vulnerabilities. Some VoIP phone Web servers use only HTTP basic authentication, meaning servers send authentication information without encryption, letting anyone with network access obtain valid user IDs and passwords. As VoIP gains popularity, well inevitably see more administrative Web applications with exploitable errors.The encryption process can be unfavorable to QoSUnfortunately, several factors, including packet si ze expansion, ciphering latency, and a lack of QoS urgency in the cryptographic engine can cause an excessive amount of latency in VoIP packet delivery, leading to degraded voice quality.The encryption process can be detrimental to QoS, making cryptodevices severe bottlenecks in a VoIP net-work. Encryption latency is introduced at two points. First, encryption and decryption take a nontrivial amount of time. VoIPs multitude of small packets exacerbates the encryption slowdown because most of the time consumed comes as overhead for each packet. One way to avoid this slowdown is to apply algorithms to the computationally simple encryption voice data before packetization. Although this improves throughput, the proprietary encryption algorithms used (fast Fourier-based encryption, chaos-bit encryption, and so on) arent considered as secure as the Advanced Encryption Standard,16 which is included in many IPsec implementations. AESs combination of speed and security should handle the dema nding needs of VoIP at both ends. following general guidelines, recognizing that practical considerations might require adjusting them Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call.Use IPsec or Secure Soc ket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system.Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls).If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform encryption, placing thisRecent studies indicate that the greatest contributor to the encryption bottleneck occurs at the cryptoengine scheduler, which often delays VoIP packets as it processes larger data packets.17 This problem stems from the fact that cryptoschedulers are usually first-in first-out (FIFO) queues, inadequate for supporting QoS requirements. If VoIP packets arrive at the encryption point when the queue already contains data packets, theres no way they can usurp the less time-urgent traffic. Some hardware manufacturers have proposed (and at least one has implemented) solutions for this, including QoS reordering of traffic just before it reaches the cryptoengine.18 But this solution assumes that the cryptoengines output is fast enough to avoid saturating the queue. Ideally, youd want the cryptoengine to dynamically sort incoming traffic and force data traffic to wait for it to finish processing the VoIP packets, even if these packets arrive later. However, this solution adds considerable overhead to a process most implementers like to keep as light as possible. Another option is to use hardware-implemented AES encryption, which can improve throughput significantly. Past the cryptoengine stage, the system can performfurther QoS scheduling on the encrypted packets, provided they were encrypted using ToS preservation, which copies the original ToS bits into the new IPsec header. Virtual private network (VPN) tunneling of VoIP has also become popular recently, but the congestion and bottlenecks associated with encryption suggest that it might not always be scalable. Although researchers are making great strides in this area, the hardware and soft-ware necessary to ensure call quality for encrypted voice traffic might not be economically or architecturally vi-able for all enterprises considering the move to VoIP.Thus far, weve painted a fairly bleak picture of VoIP security. We have no easy one size fits all solution to the issues weve discussed in this article. Decisions to use VPNs instead of ALG-like solutions or SIP instead of H.323 must depend on the specific nature of both the current network and the VoIP network to be. The technical problems are solvable, however, and establishing a secure VoIP implementation is well worth the difficulty.To implement VoIP securely today, start with the following general guidelines, recognizing that practical considerat ions might require adjusting them Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call.Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote manag ement at all and do IP PBX access from a physically secure system.Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls).If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform burden at a central point ensures the encryption of all VoIP traffic emanating from the enterprise network. Newer IP phones provide AES encryption at reason-able cost.Look for IP phones that can load digitally (cryptographically) signed images to guarantee the integrity of the software loaded onto the IP phone.Avoid softphone systems (see the sidebar) when security or privacy is a concern. In addition to violating the separation of voice and data, PC-based VoIP applications are vulnerable to the worms and viruses that are all too common on PCs.Consider methods to harden VoIP platforms based on common operating systems such as Windows or Linux. Try, for example, disabling unnecessary services or using host-based intrusion detection methods.Be especially diligent about maintaining patches and current versions of VoIP software.Evaluate costs for additional power backup systems that might be required to ensure continued operation during power outages.Give special consideration to E-91 1 emergency services communications, because E-911 automatic location service is not always available with VoIP.VoIP can be done securely, but the path isnt smooth. It will likely be several years before standards issues are settled

Effects of Changes to International Accounting Standards

Effects of Changes to International Accounting StandardsCONTENTS PAGE (Jump to)(1)(a) REQUIRED CHANGES UNDER transnationalACCOUNTING STANDARDS(1)(b) MERITS AND DEMERITS OF EXTINCTION OFEXTRAORDINARY ITEMS(1)(c) treasure GAINS AND LOSSES AND HISTORICALCOSTS(1)(d) CLASSIFICATION OF PREFERENCE SHARESAND DIVIDENDS(2)(a) OBJECTIVES OF IAS 7 AND DISTINCTIONBETWEEN IAS 7 FRS(2)(b) cooking OF A bills FLOW STATEMENT UNDERA DIRECT METHOD UNDER IAS7 FRS(2)(c) ASSESSMENT OF THE COMPANYS LIQUIDITY INACCORDANCE WITH THE INFORMATION ON THE CASH FLOWBIBLIOGRAPHYThis report relates to the recent changes in the International Accounting Standards. Furthermore, it chthoniclines the primary principles that gear great deal must honor with.(1)(a) REQUIRED CHANGES UNDER INTERNATIONAL ACCOUNTING STANDARDSAfter the introduction of the International Accountant Standards, both public limited companies must comply with these provisions. Sky Corporation must adhere to the IAS 1, effective on all pecun iary statements dating on and from 1st January 2005. In effect the Sky plc will have to contrive its monetary statements on a going stir basis unless in that location is an intension to liquidate the entity, accrual basis of accounting must be employ in the preparation of financial statements except for cash feed statements, presentation and salmagundi of items must be obtained from one period to the next, material class of comparable items must be presented separately and dissimilar items must be included separately unless they ar immaterial, items (individually or collectively) that atomic number 18 likely to influence the economic conclusiveness of the user must not be omitted or misstated, assets, liabilities, income and expenses must not be offset unless approved by an IFRS, financial statements must be presented at least annually, all amounts relating to comparative information must be disclosed in financial statements.Furthermore, Sky must adhere to the disclosure requirements on the example of or in the notes to the dimension planer BS, income statement and statement of changes in equity. up-to-the-minute and non-current assets and liabilities must be present as separate classification on the face of the BS. Additionally, financial statements must include specified disclosure in relation to information, judgements, estimations, uncertainties and accounting policies.At present, Skys accountant made a statement indicating that the financial statements in the forthcoming November 2005 accounts will comply with the principles of IAS. In addition, the familys financial statements included audited reconciliation of the 2005 Income Statement, Balance Sheet and hard cash Flow to UK GAAP from IFRS detailing the impact of the alliances new accounting policies, and unaudited quarterly 2005 Income Statements to provide comparatives for 2006.(1)(b) MERITS AND DEMERITS OF EXTINCTION OF EXTRAORDINARY ITEMSISA 1 regarding the presentation of financia l statements was issued in December 2003 and is applicable for annual periods beginning on or after 1 January 2005. International Accounting Standard (IAS 1) prescribes the grounds for presentation of general-purpose financial statements, to ensure comparability both with entitys financial statements of previous periods and with financial statements of other entities.ISA 1 does not serve any application to meanwhile financial statements prepared in compliance with the ISA 34. Under the SSAP 6 extraordinary items are material items which are transaction that fall outside the ordinary activities of the company and thus not expected to recur frequently or regularly. By excluding extraordinary items from the PL, this will reflect on the EPS. Exclusion of extraordinary items will avail the current operating performance. As far as Sky Communications Plc is, concern there appears to be no extraordinary items in their PL account. Additionally, EPS will be greater than expected if extrao rdinary items were included since the EPS is used by investors to calculate PE ratio. The exclusion of extraordinary items could also lead to an increase in corporation tax.(1)(c) RECOGNISED GAINS AND LOSSES AND HISTORICAL COSTSUnder the FRED 22 (revision of FRS3)which aim to reflect the international shift, makes provisions for reporting comprehensive income such as reporting all recognised gains and losses in a sole statement instead of splitting these gains and losses between the performance statement and the STRGL. There is a shoot for the display of recognised gains and losses as they are part of the companys operating activities and some are financial in nature. There is a list of recognised gains and losses that should appear in the treasury section of the performance statement. According to Skys accounts for 2004 and 2005, there were no recognised gains or losses in either year other than those included within the profit and loss account.Primarily, statement of total recogn ised gains and losses are financial statements that enable users to consider all recognised gains and losses of a reporting company in assessing the companys overall performance.Notes of historical costs are necessary as it identifies the resources acquired by the company at their original price. In effect, this identifies how the items are actually measured over a period. Additionally, it assists with the understanding of capital maintenance adjustments. Firstly, assets are recorded at the value of the consideration given to acquire them at the time of acquisition. Liabilities are recorded at the amount of proceeds accepted in exchange for the obligation. The purpose for this is to measure the process of determining the monetary amounts in which the element of the financial statements are to be recognised and carried in the ease sheet and in the income statement.(1)(d) CLASSIFICATION OF PREFERENCE SHARES AND DIVIDENDSAccording to the IAS 1 gustation shares are reclassified to b orrowings and the predilection dividends are reclassified to finance costs. However, when preference shares are non-redeemable, the appropriate classification is determined by the rights attached to the preference shares. Classification is dependent upon an assessment of the substance of the contractual arrangements, equity instrument and the definition of financial liability. Furthermore, the classification of preference shares as an equity instrument or a financial liability is unaffected by a history of making dispersions and an intention to make distribution in the future.Under IAS 10, a company must not recognise a liability for dividends in respect of dividends declared after the counterweight sheet date as it is not a current liability at the balance sheets date under IAS 37. In the event that a company purchases its preference shares for cancellation for more than their carrying amount (premium) then this should be treated as preferred dividend in the calculation of EPS.( 2)(a) OBJECTIVES OF IAS 7 AND DISTINCTION BETWEEN IAS 7 FRS1The structure of the IAS 7 had an influence on the revision of FRS 1. The objective of IAS 7 is that a cash flow statement of a company must correspond to the requirements and identifications under IAS1. In addition, the cash flow must identify movement in cash and cash equivalents during the financial period (cash equivalents are short term and super liquid investments). Furthermore, there must be a provision identifying and classifying the changes in cash and cash equivalents to operating, investing and financing activities.In a number of cases, there are conflicting factors between the framework of the financial Reporting Standards and the International Accounting Standards. In the event of conflict, the framework of the International Accounting Standards prevails over the Financial Reporting Standards.IAS 7 requires companies to present cash flow statements as part of a companys financial statement. International Acc ounting Standards (IAS 7) is a appliance that provide additional information on the companys business activities, assess the present liquidity of the business activities, demonstrate substantial cash flow sources, assist with the estimation of future cash flows and finally will identify cash flow accumulated from trading activities rather than sources of finance.(2)(b) PREPARATION OF A CASH FLOW STATEMENT UNDER A DIRECT METHOD UNDER IAS7 FRS1The following is a cash flow for Sky plc prepared in accordance with the direct method IAS 7Notes for Guidance(1) Net profit before tax is taken from the extract of the income statement.(2) Depreciation is shown as a note to the income statement.(3) damage on sale of the non-current asset proceeds minus (cost less depreciation to date) see note A1 below.(4) Interest expense is shown on income statement.Changes in Working uppercase StructureInventory, receivables and payables are differences in opening and closing balances shown on the balanc e sheet.Disposal Account(000s) Non-Current AssetsNotes (A2, A3 and A4)The interest paid is the net interest cost shown on the income statement and is the 10% charge on loan notes shown on the balance sheet for June 2000.The dividend and tax paid in the year are those shown on the 1999 balance sheet extract under the heading Current Liabilities.(A5) Purchase of Non-Current Assets(A6 A7)Proceeds from the issue of shares and loan notes are the increases shown on the difference between the two balance sheet blueprints for 2004 and 2005.(A8)This is the net effect from operating activities 7,975, net cash used in investing activities (8,525) and the net cash flow from financing activities 1,550.(A9)This is the stick figure under current assets 2004 balance sheet.(A10)Bank balance on 2005 balance sheet.(2)(c) ASSESSMENT OF THE COMPANYS LIQUIDITY IN ACCORDANCE WITH THE INFORMATION ON THE CASH FLOW.Having examined the accounts and financial statements of Sky plc, there is clear evidence r eflecting on the companys liquidity level. Firstly, the measurement of the liquidity ratio revealed that the company was in healthy liquid position.Current Ratio= Current Assets / Current LiabilitiesCurrent Ratio of Sky = current assets 1,830m/ current liabilities 1,481m= 1.24 timesThe current ratio measures a companys ability to meets its financial obligations as they fall due. A normal current ratio is two. Skys current ratio is relatively stable considering the type of industry of Sky plc.Acid Ratio= Current Assets- stock/current liabilitiesAcid Ratio of Sky= Current Assets 1,830m- Stock 627m/ Current liabilities 1,482m=0.81 timesThe acid ratio clearly indicate that Sky has a high levels of stack and this also demonstrates that the current ratio overstated Skys ability to meet its financial obligations because of the inclusion of the stock in the numerator.The information provided in the cash flow, demonstrated clear evidence of liquidity in the silklike of cash. For example, t here was a dramatic net increase in cash and cash equivalents of 1,000m over a year. Furthermore, this indicate that the companys economic activities are performing well in comparison to the previous year.However, amount 8525m was invested in investing activities, this figure being greater than the companys net cash flow from operating activities amounting to 7975m. Nevertheless, the short fall in the financing of investing activity was meet by new issue of shares 50m and issue of bank loans 1500m. Inevitably, the bank loan increases companys debt and the gearing level of the company. Nevertheless, over a year companys bank balance increased from 1250 to 2250m.In conclusion, the accounts of Sky plc indicate substantial development but there are great expenditure resulting from investment in activities. However, there is not a real concern over the liquidity of the company nor any chances of bankruptcy.BIBLIOGRAPHYCox .D. 1999 Business Accounts 2nd Edt Osborn BusinessNaylor.J. 1999 M anagement Financial Times Prentice HallPendlebury. M Groves .R . 2000 Company Accounts, Analysis, Interpretation and Understanding 5th Edt ThompsonRussell. D et al 2002 Cost Accounting an Essential Guide Financial Times Prentice Hall.Watson . D Head. A. 2001 Corporate pay Principles and Practice 2nd Edt Financial Times Prentice Hall.

Poetry of Jimmy Santiago Baca

Poetry of Jimmy Santiago BacaMany writers and poets have drawn inspiration and motivation from their childhood, past experiences, and hope for the future. Abandoned to an orphanage at a young age, Jimmy Santiago Baca was convicted of drug possession by the age of twenty-one. During his many years in prison, Baca learned how to read and write, eventually print his early poems from within the prison walls. Despite his accomplishments and prestigious awards, Baca remains a humble person by helping kids who are facing the same struggles he faced growing up. through with(predicate) his poems he shows the splendor of human existence amidst the desolate surroundings of prison tone (Baca 7). In his poems, Jimmy Santiago Baca takes the endorser through the feelings of loss, dejection, and the quest for individuality that relates to his life in prison.Jimmy Santiago Baca grew up with a tough childhood. His parents divorced at an early age, and he was shuffled among relatives and orphanag es. During his teenage years, he was in and out of detention centers and was always found spending his time on Albuquerques streets and urban barrios. Baca first began to write verse line during his expect in prison, realizing how to express his thoughts and ideals through poetry. While Baca was in prison for drug charges, he immersed himself in the world of books, reading the works of many famous poets. Through the forge of self-disco very, he taught himself English and Spanish, and finally received his GED. His experience in prison consisted of lockdowns, solitary confinements, electroshock therapy session, and beatings by prison guards pushing him to the lowest ebb of his life (Baca, CW SS 3). After prison, Baca left for North Carolina before returning to New Mexico, where he spent time living in Albuquerque working odd jobs such as a night watchman, janitor, and laborer. Once the birth of his first child occurred, Baca finally settled down with his wife and began fully cover his past with the predominantly Chicano community (Baca, CW SS 6). Since then, Baca has begun to severely publish his works of literature to the public.Jimmy Santiago Baca is considered a renowned Chicano poet because of his rich imagery and lyricism of his poetry (Baca, DA 1). In his works, he suggests that poetry is not always restorative, but resilient when human life is given a chance. When he was given that chance, Baca discovered a state of freedom and worldly concern away from the dreary realities, by celebrating the human spirit in extreme situations through his poems. Each poem represents a little part of his life from the process of reestablishing his life after his years in prison. His poems never have had a consistent pattern, some may have rhythms similar to prose, but others are very lyrical. The line lengths may vary from short to long, while some poems might have a blend of short and longer lines. With his line maneuvering, Baca had skills in work shift tones (Du ane, CP 1, 2).The subject of his poems were developed from his experiences, which include his personal responses to the troubled life he lived as a young adult. Bacas poetry include the reoccurring themes of transformation, metamorphosis, and self-actualization (Baca, CW SS 4), which were constant thoughts and changes of Baca. Therefore, his works showing the truths of the human heart while in hardship, with the help of wisdom, courage, beauty, and above all, hope (Taylor, KYAPBG 1). The central focus of Bacas poetry is said to bring compassion from the heart and embracing humanity in times of extreme dislocation.Bacas poem Who Understands Me But Me contains many elements of perseverance, determination, and realization which are evident in most of his poetry. The poem starts off with the utterer receiving new restrictions, but the loudspeaker system finds a way to live with the restrictions. Among the restraints and negativity, the speaker develops a positive attitude. With the new restrictions and experiences in hand, he begins to realize his own indistinguishability the speaker learns to find parts of himself never dreamed of by him. The poem ends with the speaker questioning who understands him when he says something is beautiful.Mainly, the poem seems forthright and lifeless, repetitive and simple, but this poem has neat meaning behind what is seen on the surface level. Throughout the poem, the readers are able to experience the physical and mental barriers (Baca, DA 2). which occur during prison life. The restrictions in the line of the poem are represented using anaphora to add emphasis on the continuous struggles which are faced in prison. They take my heart and tide rip it open, I live without heart creates an indifferent tone from the speaker. I followed these signs like an old tracker and followed the tracks deep in myself explains that his experiences paved a way for the speaker to explore the universal theme of an individuals painful search for identity and meaning (Baca, DA 2). The tone of the poem shifts from indifferent to uplifting and empowering to show that the experiences learned were positive improvements for the speaker. Since the speaker has gone through many sufferings, he proves that those sufferings helped him for the future. Everyone evolves within themselves every day, but when the time comes for hardships to be encountered, the experiences may become beneficial for their prospect of life.The feelings of loss, dejection, and the quest for identity experiences from Jimmy Santiago Bacas life in prison are shown throughout his poetry. Baca offers means on how to rebuild a broken life, rather than dwell on the painful past. Ever since then, he has been able to change the lives of many Hispanic and Amerindian peoples, by displaying the true insight from the intimidating prisons that guide the changing views of their lives.

Community for Justice A Communitarian Critique of Traditional Liberal T

Communitarians cannot accept liberal guess. It fails to pay mind to the essence of what makes human beings function as social creatures. And while it continues to barf from its beginnings it can no longer satisfy what is necessary for an acceptable political theory. Communitarians view this distance from the original theory their main objection to liberal theory. preferably an ideal communitarian theory would involve a more contextual and residential district-sensitive approach (209). The classical liberal theory is considered by many to be highly ahistorical, this drumhead of view is held especially by those considered communitarians. The criticism extends further by explaining the theory as being universalist. Ignoring necessary communal living conditions in site to create a well-rounded theory that lends itself easily becomes counterproductive, as the theory loses its power when it is related to genuine nations or societies. Traditional liberalist theorys root originate from the French revolution, a movement whose goals included community, in partnership with liberty, justice, and equality (Kymlica 2002, 208). However ideal the theorys origins, the progression to todays liberal theory has left the concept of community ignored. This would be unacceptable to original liberals, as modern liberalism compensates by using liberty and justice as placeholders and vetoing the importance of the community, society and the family. This oversight is a recent product of liberalism developing only after World War II theories viewed as evil, such as fascism and Marxist communism, used the community as a tool for controlling the masses, the theory fell out of favour. As community became removed from the liberal theory historically, literature refl... ...the military, gay, Christian and the greater community. This would not be permitted under the communitarian view of justice. In conclusion, allowing the desire of one person to determine the direction of a co mmunity is not the ideal that was set by the French revolutionaries, it is instead what they were fighting against. A communal view of justice can provide an additional prospect to provide strength in the goals of a people. When looking for an acceptable political theory to live by, liberal theory with the addition of a communitarian view of liberty, kind of than the traditional individualistic view, contains many of the desirable portions of a complete and satisfactory theory. Works CitedKymlicka, Will. Marxism & Communitarism. In Contemporary Political Philosophy An Introduction, 173, 208-215. Oxford Oxford University Press, 2002.

Things Fall Apart, by Chinua Achebe Essay -- things fall apart, chinua

stigmatise colonialism claims with cultural identity in colonized societies and the shipway in which writers articulate that identity. Things magnetic dip aside is a good novel that serves as a reminder of what Nigeria once was. It shows how a society can deal with change, how change affects the individuals of that society, and how delicate a change can be so much so that the people themselves are surprised at the change.Things Fall Apart is an English novel by the Nigerian author Chinua Achebe which was published in 1957. Throughout the book the role of customs and traditions is very important and decides the fate of men, women, and children. well-nigh of the customs practiced in this culture would certainly be frowned upon in the West yet are perfectly acceptable. It talks of the Ibo society. The protagonist of the novel is Okonkwo. He is a respected and influential leader within the Igbo community of Umuofia in eastern Nigeria. He first earns personal fame and distinction, an d brings honor to his village, when he defeats Amalinze the Cat in a wrestling contest. The first part of the book deals with the proof of tribal life in Africa and the rise in power and authority of Okonkwo. The author highlights his strengths as well as his obsession with success. Okonkwo does not show any love in dealing with his three wives and children. This part reveals that Okonkwo actions are often irrational and imprudent, which provide be the cause of his eventual fall. We learn about the traditions, superstitions and religious faiths of the villagers. The second part begins with Okonkwo exile to his mothers land for seven years. This part to a fault marks the entry of the white man into the lives of the African people. Though inwardly disappointed, Okonkwo begins a ne... ...Apart. London Heinemann Press, 1958. The Womens Review of Books. 18 (July 2001) p30. From Literature Resource CenterWhen Things Fall Apart StudyMode.com. 05 2002. 2002. 05 2002 Chua, John, a nd Suzanne Pavlos. Cliffs Notes on Things Fall Apart. 18 Jan 2014Benjamin, Walter. Critique of Violence. Reflections Essays, Aphorisms, Autobiographical Writings. Trans. Edmund Jephcott. Ed. Peter Demetz. New York Schocken, 1978. 277300. Print.George, Olakunle. Relocating Agency modernity and African letters. Albany SU of NewYork p, 2003. Print.Mbembe, Achille. On the Post colony. Berkeley U of California P, 2001. Print.Ogede, Ode. Achebes Things Fall Apart A readers Guide. New York Continuum, 2007.Print.Chinua Achebe - Chinua Achebe - Things Fall Apart A Novel - New York - Broadway Books - 1994