Friday, November 29, 2019

Meat Is Useless Essays - Meat, Diets, Vegetarianism, Dog Meat

Meat Is Useless Meat is Useless Eating meat is part of the daily life of billions of people all over the world. Every day thousands of animals are killed for the production of meat food for people. However, studies have shown that meat is not essential for our existence and gives us nothing more than the other foods on the market. Meat consumption may not harm you or the surrounding environment immediately but there are consequences and sooner or later they will appear. A meatless diet is healthier than a diet containing meat. According to surveys and examinations of the contents of the food products, meat contains more fat than non-meat foods. Since it is very difficult for our bodies to process high quantities of fat and it is being accumulated in our bodies, fat consuming causes many health problems. According to the American Heart Association, the fat in the food we eat should be no more than 30 percent of the total calories we consume daily. However, this is very difficult to achieve when meat is part of our daily meal plan. The only way to stay healthy and continue eating meat is to put a limit on the amount of meat we consume. Unfortunately, nowadays most people are often tempted by the taste and appearance of the meat products on the market and it is very difficult for them to resist. That is why the solution of a balanced diet can not be practically used. Moreover, it has been recently proven that many diseases are commonly prevented, consi stently improved, and often cured by a low-fat vegetarian diet. Among them are diseases such as kidney stones, prostate cancer, breast cancer, stomach cancer, pancreatic cancer, ovarian cancer, colon cancer, arthritis, osteoporosis, strokes, diabetes, peptic ulcers, obesity, hemmorhoids, salmonellosis, and many others (American Heart Association). Cholesterol can be found in every meat product. This is another particular reason proving that meat is bad. Cholesterol blocks the arteries and makes it very difficult for the blood stream to circulate. Such a process may result in a heart attack. A diet rich in vegetables, fruits, and cereal lowers the level of cholesterol, thus lowering the risk of getting a heart attack as well. Of course, meat is not the only factor that may cause a heart attack but why don't we try to decrease the chances of getting a heart disease by just getting rid of meat? Eating meat is also responsible for the mass destruction of the environment. For growing animals people waste overwhelming amounts of natural resources which may be used for other necessities. They may be utilized for growing corn or wheat for feeding people, rather than for feeding farm animals. The amount of grain a cow eats in a day could feed 15 starving people (Spence 1). If this food was used for humans and not for livestock, the world's massive hunger problems would be at least partly solved. The opposing side of this idea states that even if these fields can be used for growing food for people, most of them are under private ownership and the owners would not give their production to feed the people who are starving. However, meat is much more expensive than grains and corns are. And if more of them are produced they will become even cheaper than they are now. Other damages, result of growing animals, exist. When big quantities of water and food are used for growing livestock, the natural habitat of other animals, plants, and insects is changed and some of them become extinct. Furthermore, the cutting of woods for the extension of the mentioned fields causes the decreasing of oxygen and the increasing of carbon dioxide. Such processes accelerate the global warming and are dangerous for our future survival. Eating meat is directly connected to the process of killing animals. Ending the life of other living creatures on purpose and only to please our taste preferences is egotistic and has nothing to do with the humanity people are supposed to defend. Most of these animals are grown only for the purpose of gaining as much weigh as possible. Thus, they become fat and put more efforts to move than the animals that are not

Monday, November 25, 2019

Gender roles in Shakespeares Twelfth Night Essays

Gender roles in Shakespeares Twelfth Night Essays Gender roles in Shakespeares Twelfth Night Paper Gender roles in Shakespeares Twelfth Night Paper Essay Topic: Twelfth Night Throughout the passage taken from Shakespearean Twelfth Night several themes both in correspondence and disparate from the often comedic tone of the play are prevalent. An interesting dynamic is immediately displayed in the passage through the relationship and dialogue between major and minor character. Viola, a predominant and strong character in the play, is engaging in dialogue with Antonio who although when analyses has complexity, is seemingly a minor character. This brings about the theme of power relationships and specifically gender within the comedic realm represented intricately in this passage. Viola carries and element of intrinsic power throughout the passage, evident in the stage direction offers Antonio money It may be seen that at the time Of publishing, possession Of means and value were majority reserved for males in the female subservient Elizabethan period. This is correspondent with a form of comedic absurdity, the ability to act as the opposite gender and toy with the idea of masculinity and femininity. This reflects back upon Violas androgyny and none gender binary throughout the rest of the text and is successfully represented in the chosen extract . The act of her offering money to Antonio whilst in a female state may be encompassing and reflecting her time as Cheerios, whereby she had power in a time of patriarchy. This gender fluidity frees Viola from the restraints of gendered labels and is further reinforced when Viola articulates l hate ingratitude more in a man this negation may be viewed as commonly attributed to men in a time of female demure attitude. : This also provides however, a contradictory dynamic as she refers to Antonio as sir as a marker of respect, showing in this particular time and space she is removing herself room any indication of being a man and is acting from a very much female perspective, indicating she moves freely between genders to suit her situation. This statement on her part of all the things she detests from males may also be viewed as comedic by the audience as they hold an awareness of Viola as Cheerios. Antonio antagonistically clings onto the idea of inherent masculinity, adopting a sense of fear when this is compromised Lest that it make me unsound a man. However from the very beginning of the text he is taking on a role subservient and lesser to Viola in his request to entreat of o some offbeat money In this instance a male is requesting means from a female, inverting the typical roles and challenging gender stereotypes. This gender dynamic rings true in a theatrical sense when the play is physically performed. Historically gender neutrality within casting was and continues to be commonplace within the theatrical dynamic, mirroring the dismissal of Gender r Twelfth gay Eleanor the act 01 he commonplace specific gender roles within the afore mentioned passage performance on stage. Viola is able to play about with the female interchangeability, at times in the passage acting n euphemism claiming my having is much and at others cacti emotion and a sense of prowess Ill make division of my implying that she is in the powerful decision making stand a feminine smokescreen to mask her true personality thro claiming lean and low ability This may be seen as maniple masking herself as truly meek and feminine. This particular an intricate relationship between actor and audience, Vic knowledge of Violas true capabilities and witty persona. Both in the physical and theatrical sense is also laced thro appearing in its immediacy in the first line of the text. It is scene opens with the Second Officer saying Come, sir, lea end of the passage Come sir I pray you go When perform would mean Antonio leaves the stage and Viola is left as TTL character if only for a short time. This once again reinforce power battle displayed within the extract. The use of abs enforces the dramatic and tragic element of the extract. C kindness and misery all evoke a sense of tragedy intertwine comedic realm. Tragedy is also particularly prevalent in Ar possible my deserts to you Can lack persuasion? Do not et This represents how within the realm of theatrics, a char aromatic lines can evoke diversity in response from the at this parameterized talk of misery would create an emote sympathy, whilst for others, hilarity would ensue. The extra represents how Shakespearean genius for comedy also Nell tragedy, evoking a cornucopia of reactions from the audio is performed in a physical sense. The line Oh heavens the Antonio particularly represents this. This outcry of a dram viewed as comedic in a theatrical dynamic evoking laughter pragmatically representing the tragedy felt by Antonio ant frustration at the hectic communication with Viola in this Antonio, at the end of the passage is once again asked to a further subservient position to Viola, reinforcing the stats character, with Viola much more prevalent than that of Ar length of utterances in the extract of each character are sis providing a substantial scope for interaction and thus intra how communication between Viola and Antonio develops conversation to transcending into a more dramatic and in the final instance of her speech in the extract.

Thursday, November 21, 2019

Organisational Learning and Design Essay Example | Topics and Well Written Essays - 1250 words

Organisational Learning and Design - Essay Example Previously, it was believed that the companies have to identify the extraordinary potential candidates and prepare them for future senior level positions (Belet, 2007). Recently, the organisations have stressed the importance of changing the business structures so that the culture imperative for learning enterprises can be supported (Mishra & Bhaskar, 2011). Moreover, there needs to be a balance between the leadership and management development aspects so that reforms are easily commenced. In order to evaluate the significance and challenges of the learning organisations, two articles have been reviewed. According to Mahoney (2000), the concept of learning companies was initiated in 1990s and there is no perfect solution for creating such organisations. It is mandatory for the corporations to foster leadership within each level of the organisations from the directors and senior managers to lower management level. Also, equally important is the conception of a culture which will assist the enterprises in the development and augmentation of learning organisations. On the other hand, Belet (2007) studied the concept of building high potential executives in French companies for crafting learning-oriented organisations. According to the author, there is still presence of the hierarchical and centralised leadership styles in these enterprises and the leadership development programmes are ineffective in bringing the desired changes within the firms. Hence, there is requirement of embedding the learning organisation characteristics within the businesses so that they can comply with the changing market structures. In today’s contemporary business world, the organisations have to adjust their structures and frameworks to make sure that they have the compatible systems and tools for responding to the markets. It has been mentioned by Mahoney (2000) that it is the responsibility of the directors and senior managers to

Wednesday, November 20, 2019

Book Review Essay on HR from the Heart Example | Topics and Well Written Essays - 1000 words

Book Review on HR from the Heart - Essay Example She expresses the same gravity when she tells about the importance of the profession. She writes, â€Å"When you go into HR, you must realize that, first and foremost, you are responsible for people’s livelihood. Every day you make plans that affect individuals on the most intimate levels. Every time you choose between one candidate and another, the decision you make sets a chain of events that determines the rest of both their lives –even the candidate you never see again because they’re not right fit for your company. You decide on whether an employee stays or goes. You decide who gets promoted and who doesn’t. You decide who gets a raise and who doesn’t. By establishing the compensation guidelines or advertising management, you influence who gets a generous raise and who doesn’t. And you make all these decisions in a larger context of understanding the internal structures and secret plans of the company as a whole.† (Sartain 6) In this book the author is describing how an HR professional should make career choices and mold careers of others as well. She feels frustrated to see HR professionals as vulnerable as others in making career choices when they are capable of helping others mold careers. Sartain also shows how they can make a difference by relating passion with their career as she says, â€Å"If we, as HR professionals, can’t link career and passion for ourselves, how can we expect to be able to do it for the employees of our organization? One of the parts of HR that I get the most joy out of is helping people find the right environment in which to do the things that they enjoy doing.† (Sartain 20). In today’s business environment, HR plays a crucial role in hiring the right kind of talent and retaining them. HR professionals are supposed to power brokers who stamp ‘No’ to every new proposal and are ready to make yet another policy. However, HR is a dynamic and ever-changing profession which can make a difference

Monday, November 18, 2019

The life of Zora Neale Hurston Research Paper Example | Topics and Well Written Essays - 250 words

The life of Zora Neale Hurston - Research Paper Example In 1917, she enrolled in Morgan academy found in Maryland with the help of her former employer. After her graduation, she joined Howard University where she studied for one and a half years and secured a scholarship that saw her transfer to Barnard College for a degree course. Between 1928 and 1932, she studied human culture at Columbia University. In 1936, she got a Guggenheim Fellowship award for travelling and collecting folklore in the British West Indies and Haiti (Boyd 35). Throughout her life, Zora engaged in a number of jobs alongside her writing. She served as a secretary while working with Fannie Hurst (1889–1968); she later became a writer in paramount and Warner brother’s studios. She also worked as a librarian with the library of congress and finally as a drama tutor at North Carolina Collage for Negroes. Zora most celebrated work include her novel â€Å"Their Eyes Were Watching God† written in 1937, her collection of American folklore that included Tell My Horse (1939) and Mules and Men (1935). Zora worked on three other novels: Moses, Man of the Mountain (1939), a retell of the Mosaic biblical allegory in an African perspective, Seraph on the Suwanee (1948), a story of woman experience in love; and Jonahs Gourd Vine (1934), an autobiography of her father. Hurston met a number of people who significantly shaped her carrier life, this include notable African American writers such as Langston Hughes, Arna Bontemps and Jessie Fauset, all of whom belonged to the renown New Negro movement that was later change to Harlem Renaissance. Like many other writers, Hurston has her own critics. One of them is Darwin Turner who suggested that she was a "quick-tempered woman, arrogant toward her peers, obsequious toward her supposed superiors, desperate for recognition and reassurance to assuage her feelings of inferiority" (1979). Clearly, Zora was a

Saturday, November 16, 2019

Packet Sniffing Software Is A Controversial Subject Information Technology Essay

Packet Sniffing Software Is A Controversial Subject Information Technology Essay Packet sniffing software is a controversial subject and a double-edged sword. It can be used to analyze network problems and detect Internet misuse. But at the same time, it allows hackers and people with malicious intention to sniff out your password, get your personal information, and invade your privacy. That is also why securing and encrypting data is so important. In this paper, the definition of packet sniffing will be introduced and several functionality and possible uses of packet sniffers will be explained. Also, information on how to protect against sniffers and man-in-the-middle attacks will be provided. An example of a packet sniffer program, Wireshark, will be given, followed by a case study involving the restaurant chain Dave Busters, which will show the negative consequences that can occur when organizations are not aware of the threat of packet sniffing by hackers. Definitions A packet sniffer is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network (Connolly, 2003). Packet sniffers are known by alternate names including network analyzer, protocol analyzer or sniffer, or for particular types of networks, an Ethernet sniffer or wireless sniffer (Connolly, 2003). As binary data travels through a network, the packet sniffer captures the data and provides the user an idea of what is happening in the network by allowing a view of the packet-by-packet data (Shimonski, 2002). Additionally, sniffers can also be used to steal information from a network (Whitman and Mattord, 2008). Legitimate and illegitimate usage will be explained in later sections. Packet sniffing programs can be used to perform man-in-the-middle attacks (MITM). This type of attack occurs when an attacker monitors network packets, modifies them, and inserts them back to the network (Whitman, et al., 2008). For example, a MITM attack could occur when two employees are communicating by email. An attacker could intercept and alter the email correspondence between each employee, without either knowing that the emails had been changed. MITM attacks have the potential to be a considerable threat to any individual or organization since such an attack compromises the integrity of data while in transmission. Packet sniffing programs work by capturing binary data that is passing through the network, and then the program decodes the data into a human-readable form.   A following step called protocol analysis makes it even easier for the data to be read.   The degree of these analyses varies by individual packet sniffing program. Simple programs may only break down the information in the packet, while more complicated ones can provide more detailed information and analysis, for example, by highlighting certain types of data such as passwords that pass through the network (Packet Sniffing, Surasoft.com, 2011). As for todays networks, switch technology is commonly used in network design. This technology makes it increasingly easy to set up sniffing programs on servers and routers, through which much traffic flows. In addition, there are already built-in sniffing modules being used in todays networks. For example, most hubs support a standard called Remote Network Monitoring (RMON). This kind of standard allows hackers to sniff remotely with the SNMP (Simple Network Management Protocol), used in most network devices, and only requires weak authentication. Network associates Distributed Sniffer Servers are used by many corporations. These servers are set up with passwords that are quite easy to guess or crack. In addition, computers with Windows NT system usually come with Network monitoring agent, which also allows remote sniffing (Packet Sniffing, ISS.net, 2011). Essentially, these sniffing programs are set up for the use of network administrators. However, the threat exists that hackers ca n gain access to the network and view the program logs. Packet sniffers capture all of the packets that travel through the point where the sniffer is located.   For example, if the program was installed next to the server of an organization, the user could have access to all the data being transferred across the company through that server.   Typical types of packets intercepted by attackers include the following: SMTP (email): The attacker can intercept unencrypted emails (Packet Sniffing, ISS.net, 2011). HTTP (web): Web traffic information and history can be easily captured (Packet Sniffing, ISS.net, 2011). Telnet Authentication: Login information to a Telnet account can be intercepted (Packet Sniffing, ISS.net, 2011). FTP traffic: Access to an FTP account can be sniffed in cleartext (Packet Sniffing, ISS.net, 2011). SQL database: Information from web databases is also vulnerable (Packet Sniffing, ISS.net, 2011). Functionality and Possible Uses of Packet Sniffers Good and Bad Uses Like any tool, a packet sniffer is a double-edged sword because it can be used for good or bad purposes (Orebaugh, Ramirez, and Beale, 2007). It can be used by security professionals to investigate and diagnose network problems and monitor network activity (Orebaugh, et al., 2007). Conversely, it can be used to eavesdrop on network traffic by hackers, criminals, and the like, who can use the data gathered for harmful purposes (Orebaugh, et al., 2007). Professionals such as system administrators, network engineers, security engineers, system operators, and programmers use packet sniffers for a variety of uses, including troubleshooting network problems, figuring out system configuration issues, analyzing network performance (including usage and bottlenecks), debugging during the development stages of network programming, analyzing operations and diagnosing problems with applications, and ensuring compliance with company computer usage policies (Orebaugh, et al., 2007). Good: Troubleshoot Network Problems When an error occurs on a network or within an application, it can be very difficult for administrators to determine what exactly went wrong and how to correct the error. Many consider the packet sniffer to be the best tool for figuring out what is wrong with programs on a network (Neville-Neil, 2010). Examining packets as a starting point for solving problems is useful because a packet is the most basic piece of data and holds information, including the protocol being used and source and destination address (Banerjee, Vashishtha, and Saxena, 2010). Basically, at the packet level of analysis, nothing is hidden when all layers are visible (Neville-Neil, 2010). Understanding the timing of what happened is another important factor in debugging network problems (Neville-Neil, 2010). This information can be easily attained by using a packet sniffing program. Essentially, packet sniffers allow you to find out the who, what, and when of a situation, all of which are vital to understanding how to fix a problem (Neville-Neil, 2010). Once these things are known, the administrator can determine what is causing the problem and how to go about fixing it. As soon as a problem occurs, the first recommended step is for the network administrator to use a packet sniffing program to record all network traffic and wait for the bug to occur again (Neville-Neil, 2010). If the administrator already had a packet sniffing program with logging in place, then he or she could go back and examine the log records. Assuming the administrator did not have a log previously set up, the next step would be to only record as much information as necessary to repair the problem (Neville-Neil, 2010). It would not be a good idea to record every single packet of data because if too much data is collected, finding the error will be like finding a needle in a haystack although the administrator has likely never seen a haystack that big (Neville-Neil, 2010). For example, recording only one hour of Ethernet traffic on a LAN will capture a few hundred million packets, which will be too large to sort through (Neville-Neil, 2010). It goes without saying that the admini strator should not record the data on a network file system because the packet sniffer will capture itself (Neville-Neil, 2010). Once the data is recorded, the administrator can examine the packets to analyze and understand what occurred to solve the problem. Good: Network Optimization In addition to solving network communication problems, packet sniffers can help administrators plan network capacity and perform network optimization (Shimonski, 2002). A packet sniffer allows users to view data that travels over a network packet by packet (Shimonski, 2002). However, rather than having to examine each packet, the appropriate sniffer program will perform the analysis for the administrator. The tools are especially useful because depending on the packet sniffing program used, the packet data will appear in an easy-to-understand format. Packet sniffers can often generate and display statistics and analyze patterns of network activity (Shimonski, 2002). Data can appear in graphs and charts that make analysis and comprehension easy. Additionally, the network administrator can filter by selected criteria to capture only the relevant traffic rather than having to sort through irrelevant data (Shimonski, 2002). Knowing what programs and which users use the most bandwidth can help administrators manage resources efficiently and avoid bandwidth bottlenecks. Good: Detect Network Misuse Packet sniffers can be used to monitor application traffic and user behavior (Dubie, 2008). This can be used to detect misuse by company employees or by intruders. To use a packet sniffer to monitor employees legally, a network administrator must do three things. First, he must be on a network owned by the organization, second, he must be directly authorized by the networks owners, and finally, he must receive permission of those who created the content (Whitman, et al., 2008). Permission by content creators is needed because packet sniffing is a method of employee monitoring (Whitman, et al., 2008). Typically, an employee will sign a release form when first employed that allows the employer to monitor the employees computer usage. By using a packet sniffer, employers can find out exactly how each employee has been spending his or her time. Packet sniffers can be used to see all activity and administrators can monitor for behaviors such as viewing inappropriate websites, spending time on the job on personal matters, or abusing company resources. For example, a packet sniffer program could show that a particular employee was downloading music at work, both violating organizational policies and using a large amount of network bandwidth (Dubie, 2008). Packet sniffers are also used to detect network intrusion, log traffic for forensics and evidence, discover the source of attacks such as viruses or denial of service attacks, detect spyware, and detect compromised computers (Orebaugh, et al., 2007). A packet sniffer and logger that can detect malicious entries in a network is a form of an intrusion detection system (IDS) (Banerjee, et al., 2010). The packet sniffer IDS consists of a database of known attack signatures. It will then compare the signatures in the database to the logged information to see if a close match between the signature and recent behavior has occurred. If it has, then the IDS can send out an alert to the network administrator (Banerjee, et al., 2010). Despite this use of packet sniffers to detect intrusion, hackers have methods of making themselves very hard to detect and can use packet sniffers for their own advantages. Bad: Gain Information for Intrusion Intruders maliciously and illegally use sniffers on networks for an innumerable number of things. Some of the most common are to capture cleartext usernames and passwords, discover usage patterns of users, compromise confidential or proprietary information, capture voice over IP (VoIP) telephone conversations, map out a networks layout, and fingerprint an operating system (Orebaugh, et al., 2007). The previously listed uses are illegal unless the user is a penetration tester hired to detect such types of weaknesses (Orebaugh, et al., 2007). An intruder must first gain entry to the communication cable in order to begin sniffing (Orebaugh, et al., 2006). This means that he must be on the same shared network segment or tap into a cable along the path of communication (Orebaugh, et al., 2007). This can be done in many ways. Firstly, the intruder can be physically on-site at the target system or communications access point (Orebaugh, et al., 2007). If this is not the case, the intruder can access the system in a variety of ways. These include breaking into a certain computer and installing sniffing software that will be controlled remotely, breaking into an access point such as an Internet Service Provider (ISP) and installing sniffing software there, using sniffing software that is already installed on a system at the ISP, using social engineering to gain physical access to install the software, working with an inside accomplice to gain access, and redirecting or copying communications to take a path that the intruders comp uter is on (Orebaugh, et al., 2007). Intruders can use sniffing programs designed to detect certain things such as passwords and then use other programs to have this data automatically sent to themselves (Orebaugh, et al., 2007). Protocols that are especially vulnerable to such intrusion include Telnet, File Transfer Protocol (FTP), Post Office Protocol version 3 (POP3), Internet Message Access Protocol (IMAP), Simple Mail Transfer Program (SMTP), Hypertext Transfer Protocol (HTTP), Remote Login (rlogin), and Simple Network Management Protocol (SNMP) (Orebaugh, et al., 2007). Once the intruder has access to the network, he can collect data and use it as he likes. Common examples of stolen data include credit card numbers and proprietary organizational secrets, but include anything the hacker desires. Although organizations may use a primarily switched network, they are not protected from sniffer attacks because many programs exist that allow packet sniffing in a switched network (Whitman, et al., 2008). Because intruders who use packet sniffers do not directly interface or connect to other systems on the network, they are considered to be a passive-type of attack (Orebaugh, et al., 2007). It is this passive nature that makes sniffers so difficult to detect (Orebaugh, et al., 2007). In addition to this, hackers use normally use rootkits to cover their tracks so that their intrusion will not be detected (Orebaugh, et al., 2007). A rootkit is a collection of Trojan programs hackers use to replace the legitimate programs on a system so that their intrusion will not be detected (Orebaugh, et al., 2007). Rootkits replace commands and utilities that the hacker inputs and clears log entries so that there will be no record of his entry (Orebaugh, et al., 2007). Though it is difficult, there are some ways to detect rootkits. Methods of detection include using an alternate, trusted operating system, analyzing normal behaviors, scanning signatures, and analyzing memory dumps (Rootkit, Wikipedia , 2011). Removing rootkits can be very complicated and difficult and if the rootkit is in the central operating system, reinstalling the operating system may be the only option (Rootkit, Wikipedia, 2011). The threat of eavesdropping by intruders is large and challenging. However, there are some defenses that can be taken to prevent hackers from using packet sniffers against an organization. Protecting Against Packet-Sniffers and Man-in-the-Middle Attacks Packet sniffing and man-in-the-middle attacks compromise the integrity and confidentiality of data while in transmission.   Fortunately, there are several techniques that can be used by organizations and individuals to protect against these threats and reduce risk.   Specifically, technology, policy, and education are typically used to cover all aspects of security.    Technology Encryption is the best form of protection against any kind of packet interception (Orebaugh, et al., 2007).   The reason behind this is that even if the data is captured by the packet sniffer, the information is completely unreadable by the attacker (Orebaugh, et al., 2007). By using this technique, messages are encrypted once the data leaves the senders computer.   Both sender and receiver hold a key that decrypts the message being transferred.   Most popular websites apply a level encryption by using the HTTP Secure (HTTPS) protocol.   With this technology, the connection between the web server and the users computer is encrypted; making the information intercepted by a third party useless.   Currently, most popular websites such as Google, Facebook, Yahoo, and Twitter use the https technology.   However, some sites (such as Amazon.com) use https only at the login page and fail to provide a secure connection afterwards.   In order to assure complete security, it is im portant to apply the https protocol throughout the users browsing experience.   The main disadvantage of this feature is that it slightly slows down the users connection.    Email can also be protected from packet sniffers by using encryption.   Email extensions such as Pretty Good Protection (PGP) can be easily implemented using standard email platforms like Microsoft Outlook (Orebaugh, et al., 2007).   Once sender and receiver start using the encryption techniques, intercepted email messages cannot be interpreted by an attacker (Orebaugh, et al., 2007). Another way to protect against sniffers is by using One Time Passwords (OTP). With this method, a different password is sent every time the authentication is requested to the user (Orebaugh, et al., 2007).   Similarly to the case of encryption, if a third party intercepts someones password, this information will be useless since these can only be used once (Orebaugh, et al., 2007).   This technology can be extremely useful to ensure security; however, remembering new passwords for each login can be very challenging and frustrating for most users. A new security technique called quantum encryption is also provides good protection against sniffing attacks.   This technique consists of making each bit of data as small as a photon (McDougall, 2006).   The data is then transferred across fiber-optic lines.   Ã‚  If the information is picked up and intercepted by any kind of packet sniffer, the entire photon message is disrupted, ending up the entire transmission (McDougall, 2006).   A technology like this would make it impossible to intercept information since the communication will be cut in the case of interception.   However, it requires fiber-optic Internet connections, which many service providers do not own and its installation can be expensive. Policy Information security professionals can help secure employees connections by requiring the use of any of the technologies explained before.   For example, if certain employees need to access websites that are outside of the organizations network, they should be allowed to use only websites that use the https protocol such as Google and Yahoo.   Policies requiring Access Control Lists (ACL) can also help prevent sniffer attacks.   All secured networks and assets should be supported by an ACL to prevent unauthorized access.   Additionally, physical security policies should be implemented to efficiently protect the computer and server rooms in the organization.   Unauthorized access to these locations could cause the installation of sniffer programs and equipment. Education Every security initiative should have a training program supporting it.   Basic but regular training sessions given to employees about the dangers of packet sniffing can prove to be very valuable when protecting a network.   Security facts such as not allowing strangers to computer rooms should be explained to all employees. Example and Demonstration of a Packer-Sniffer Program: Wireshark Originally named Ethereal, Wireshark is a free and open-source packet analyzer (sniffer) typically used by network and security professionals for troubleshooting and analysis (Orebaugh, et al., 2007).   However, many potential attackers also use it to perform man-in-the middle attacks and gain information for password cracking.   Wireshark is available for most operating systems (including OS X, Windows, and Linux) and allows users to see all the traffic that goes through a specific network (Orebaugh, et al., 2007). Wireshark differs from other packet-sniffer programs mainly because of its easy-to-understand format and simple Graphical User Interface (GUI) (Orebaugh, et al., 2007).   Wireshark can be easily set up to capture packets from a specific channel.   Once the program is running, all the network packets are shown in the screen.   The top panel (summary panel) shows a summary of the entire packet, including source, destination, and protocol information (Orebaugh, et al., 2007).   Since one quick web browse can provide a large amount of packets, Wireshark solves packet browsing issues by categorizing each packet according to its type and showing each category with a specific color in the GUI.   Additionally, the user has the option of applying filters to see only one type of packets.   For example, only packets dealing with http functions may be shown.   The middle panel in the GUI is called the protocol-tree window. It provides decoded information of the packet (Orebaugh, et al., 2007). Finally, the bottom panel (data view window) shows the raw data of the packet selected in the Summary panel (Orebaugh, et al., 2007).   Figure 1 shows a screenshot of Wireshark while running and graphically shows the three main panels of the GUI. Figure 1 Screenshot of Wireshark while running and the three main panels. To troubleshoot network problems, Information Systems professionals use Wireshark by installing the sniffer program in various locations in the network and seeing which protocols are being run in each location (Orebaugh, et al., 2007).   Additionally, if the sniffer is placed in a location where it can capture all data flowing to the main server, Wireshark can detect network misuse by providing the source and destination of all packets.   For example, if an employee in a company uses his computer to access inappropriate websites, Wireshark will show the employees and the websites IP addresses in the source and destination columns with detailed information about the website in the info column and the protocol tree panel. It is easy to see how useful Wireshark is for network troubleshooting and identifying misuse; however, the program can also be used with malicious intent.   For example, the program can be used to find out passwords on unencrypted websites.   To demonstrate this case, the username john_doe_user and password 123mypasswrd were used to log in to the unencrypted and unsecured www.bit.ly website.   At the same time, Wireshark was set up to capture all packets in the computer.   After the packets were captured by the sniffer, the data can easily be filtered by the http category.   In the info column, a packet labeled POST means that someone has entered text to a website.   After clicking on this specific packet, all the username and password information can be seen in the center section of Wireshark (as shown in figure 2).   Unencrypted and unsecured websites are very vulnerable to these types of attacks.   On the other hand, websites using the https security feature prove to be safer for users.   For example, the same situation as before was applied to the encrypted website www.facebook.com by trying to log in, but Wireshark was unable to capture any packets with login information. Figure 2 Wireshark screenshot showing username and password. Other types of malicious attacks can also be performed with Wireshark.   For example, some toolkit add-ins to Wireshark such as Dsniff and Ettercap can be used to perform man-in-the-middle attacks and password cracking (Orebaugh, et al., 2007).   Even if the incoming data is encrypted, these tools can crack some passwords by using dictionary brute force attacks (Orebaugh, et al., 2007). Case Study: A costly attack at Dave Busters In 2007, the popular restaurant chain Dave Busters experienced the power of malicious packet-sniffing software attacks.   A multinational group of hackers was able to penetrate the companys corporate network and install basic packet-sniffing software at 11 of the chains restaurant locations (Thibodeau, 2008).   During a four-month period, the attackers were able to intercept customer credit card data going from Dave Busters restaurant locations to the corporate headquarters network in Dallas (McMillan. 2008).   Extremely sensitive information such as credit card numbers and security codes were sold to criminals, who used this data to perform fraudulent transactions to online merchants (McMillan, 2008).   The attack proved to be very profitable for the hackers.   For example, from information coming from only one restaurant location, the criminals were able to gain over $600,000 in profits (McMillan, 2008).   It was estimated that approximately 130,000 credit or debit ca rds were compromised by this attack (Westermeier, 2010). To access Dave Busters network, the attackers simply drove around a restaurant location with a laptop computer and took advantage of vulnerable wireless signals to access the computer networks (Westermeier, 2010).   Malicious sniffing software was then installed in the network to intercept credit and debit card information (Westermeier, 2010).   The packet-sniffing software was written by one of the groups hackers and consisted of SQL injection attacks (Thibodeau, 2008).   However, many organizations have stated that the code was not very impressive.   For example, the CERT Coordination Center described the programs source code as a college-level piece of technology (Thibodeau, 2008).   Additionally, the malicious code had one weakness: it would shut down every time the computer that was monitoring rebooted (McMillan, 2008).   Therefore, the criminals had to go back to the restaurant location, gain access, and re-start the packet-sniffer every time this happened. The fac t that this costly program was developed by someone with just basic programming skills and how they consistently gained access to the network highlights the lack of protection of Dave Busters security systems.    According to the Federal Trade Commission (FTC), Dave Busters information security systems and policies did not provide the necessary security features to protect customers information (Westermeier, 2010).   The attackers were able to access the network not just once, but repeatedly over a time frame of four months (Westermeier, 2010).   The fact that the company was oblivious to these multiple intrusions during a long time period proves that they were vulnerable to attacks and that Dave Busters did not apply any Intrusion Detection Systems (IDS) to their networks, nor did they monitor outbound traffic (Westermeier, 2010).   Additionally, sensitive customer information was not given special protection.   Credit card data was transferred across simple unprotected and unencrypted networks (Westermeier, 2010).    What could Dave Busters have done? First of all, private networks should have been protected in a better way.   It was just too easy for hackers to gain access and install malware.   By allowing only a specific group of IP addresses, or granting only temporary access, the firm could have been safe from unauthorized access by strangers.   But even in the case of hacker access, tools such as IDS can help monitor the network during an attack.   If the company had implemented an IDS in their network, the unauthorized intruders would have been detected in time to prevent losses. Additionally, by treating sensitive data differently than regular communications, the company could have considerably reduced the threat.   Dave Busters could have simply used readily available firewall systems to the networks that held customer data (Westermeier, 2010). Encryption devices could have also proven to be useful.   If link encryptors had been used, the intercepted data would have been completely useless for the hackers.   Data isolation could have also been useful.   The firm could have separated the payment card systems from the rest of the corporate network (Westermeier, 2010). Sensitive information did not necessarily require connection to the Internet; so the company should have separated these transmissions from the network. Finally, a general company-wide policy requiring access restriction, IDS installation, firewall usage, and sensitive data isolation throughout all restaurant locations could have been extremely useful.   A uniform and thorough information security policy along with a comprehensive training program given to specific employees would help enforce the security features.   Considering that Dave Busters had not implemented any of the security features explained in this section, it is obvious that their story would have been different if these techniques had been used. Conclusion Packet sniffing is a sophisticated subject that wears two hats. It can be used for either good or evil depending on the intentions of the person using the program. It can help with analyzing network problems and detect misuses in the network for good purposes. Meanwhile, it can also help hackers and other cyber-criminals steal data from insecure networks and commit crimes, as in the case of Dave Busters. The best way to protect data from being sniffed is to encrypt it. Necessary policies and training also help with the protection. As technology evolves, there will be more and more ways to commit cyber crime. Extremely sensitive data like credit card information and health care data should be well protected, from the perspectives of both the business and personal. In order to protect this information, organizations and individuals must be aware of the threat of packet sniffers.

Wednesday, November 13, 2019

Access to the Truth :: Truth Writing Expertise Essays

Access to the Truth In â€Å"Zen and the Art of the Writing Tutorial,† Paul Gamache asks, â€Å"do you think of yourself as an Expert? Do you have access to the truth?† I like this question because it seems to contradict some of his other assertions. For example, he claims that he sometimes does not provide his students with the help they want; rather, he gives them the help he deems they need, and he only gives them the assistance they desire when he decides that it is also what they require. How does he know exactly what they need? Does he consider himself an expert? Does he have access to the truth? Perhaps Mr. Gamache is overconfident? Perhaps he not only overestimates his ability to recognize the inadequacies of his students but also underestimates their ability to honestly assess their writing and identify their own strengths and weaknesses. Although some writers may not know precisely what kind of help they need, others are quite aware of their shortcomings. Indeed, many writers who come to the Peer-Tutoring Center seeking assistance know exactly what type of help they need. Furthermore, a lot of writers know that they need help in one area, but not another. I will explain. Like any other English writing tutor I work with numerous ESL writers. Often they tell me: A) I am having problems with articles and B) you may not understand my argument because I am unable to translate certain words from my native language into English. From these tutorial sessions I have learned that: A) they are almost always correct in their deduction that they need help with articles and B) they are almost always incorrect in their assumption that I will not understand their positions because of translation problems. In my (albeit limited) tutoring experience, it appears that those ESL writers who struggle with articles (which I can relate to as a GSL student), and are aware of this problem, know exactly what type of aid they need. Conversely, those ESL writers who believe that their arguments are unclear as a result of translation issues are often unaware of what they need. That is, the problem is not one of translation but vocabulary, as I can usually decipher their arguments and help them find the necessary words to articulate them.