Workplace, Health and Safety Coursework Example | Topics and Well Written Essays - 1250 words

Workplace, Health and Safety - Coursework Example Act 1974. The Health and Safety at Work etc. Act demarcates the level of responsibilities and liabilities of people involved in enforcing health and safety regulations in workplaces. Section 2 of the said Act makes it clear that it is the employer’s duty to look after the safety and health concerns of the employees. The machinery and equipment being used for work must be well maintained and dangerous substances should not be used or should be used appropriately. The employer has to educate, inform and train the employees to deal with risks that they face on a daily basis. The particular health and safety policy of a workplace must be documented by the employer and should be provided to the employees. The trade union of the employees has the right to nominate its own safety representatives. The employer must under all conditions consult the safety representatives of the trade union before formulating and enforcing health and safety policies. Employers as well as self employed i ndividuals are also required to ensure the health and safety of non employees who work or visit the site as per Section 3. The non employee status individuals must be informed, educated and if required trained to deal with various risks on site. In case that dangers are present on a work site that the lay man cannot understand, the access to the site is limited as per Section 4. Again the site owner or the management of the premises have a duty to ensure the health and safety of the individuals accessing the site for any purpose. In order to guarantee the health and safety of all and sundry the Act provides to limit emissions as per Section 5. Other than this, any tools, equipment or substances being used on site must be made safe before use as per Section 6. If it is not possible to make these objects safe then it is the employer’s responsibility to inform, educate and train the people using these articles. These individuals could be employees as well as non employees. The m anufacturer of these articles must also ensure that the risks posed by these items is reduced to whatever extent possible. The employee also has certain duties to ensure the health and safety at the workplace under Section 7. The employee must conform to all instructions provided by the employer in order to ensure his own safety and the safety of other people around him. In addition any instructions issued by a statutory body applicable to health and safety must also be accounted for. Obstruction or impeding the duties outlined in sections 2 to 7 of the subject Act leaves one susceptible to prosecution under law as a criminal as per Section 33. When the Act was enforced in the mid seventies, it created two bodies namely the Health and Safety Commission as well as the Health and Safety Executive. These bodies were coalesced in 2008 and are now known as the Health and Safety Executive. This new body has the responsibility to enforce the Act. 2) Using words and necessary diagrams and r eferring to: a) negligence b) employers’ liability c) occupiers liability d) breach of statutory duty explain the basis of the English system of fault-based civil liability for accidents at work. The English common law system provides that negligence arises from carelessness and not from an intentional act. Negligence may be prosecuted under law or it may be forgiven depending on the circumstances and on relevant case law. Typically in the case of health and safety regulations any violations in Sections 2 to 8 of the Act are treated as punishable offences whether intended or based on negligence. The duties of employers and occupiers are nearly the same except for informing, educating and training the people employed by them whether directly or indirectly. In case that

Assignment #2, Leadership Issue, Essay Example | Topics and Well Written Essays - 500 words

Assignment #2, Leadership Issue, - Essay Example Even though unemployment problems and home prices are going high, many of the Americans do believe that Obama is trying his best to solve these problems. Many voters believe that Obama is the ideal candidate to lead America in this difficult period. In their opinion, the conditions could be worsened if anybody lese lead America during this period. On the other hand, according to Christopher Altchek (2012), â€Å"The more legal-oriented Obama is not equipped to deal with the rigors of the Great Recession, nor is he able to solve critical issues like unemployment or the nation’s mounting debt problems† (Altchek). It is a fact that unemployment problems are getting worsened as time goes on even though Obama is taking many steps to solve it. Drastic measures are necessary to solve America’s current problems. Obama is not ready to take drastic measures. Obama is trying to solve America’s problems with the help of economic theories and principles published through books. It should be noted that economic theories may not help always to solve practical problems. â€Å"Change† was the slogan put forward by Obama when he contested first time for the president post. Even though Obama has almost completed his first term in the president’s office, Americans do not feel any changes in political, economic or social circles. In other words, Obama has given false promises to the people and he failed to rise to the expectations of the people. Many people thought that Obama might declare an end to war on terror. it should not be forgotten that Obama criticized war on terror on many occasions before his election as president of America. However, after assuming president ship, he swallowed many of his earlier words and opinions. In other words, he failed to bring any political changes in America or in other parts of the world. Many of the foreign policies are imitations of the previous republican

Password Management System Advantages and Disadvantages

Password Management System Advantages and Disadvantages Project Aim: Passwords management is an important aspect of computer security, it’s the front line of protection for user terminals and it is by far the most common user authentication method within the largest multinational organizations. A poorly chosen password will increase the probability for an information system to be compromised. As such, all organization employees are responsible for taking the appropriate steps, to select good password security policies. Does that happen in reality? No, that’s why software password generators are activated to handle password management problems and enforce password management policies requested from the organization in order to comply with national standards, and undertake problems of selecting strong passwords. So the aim of this project is to analyze and test a standard password generator system and propose a technique for helping people to remember strong passwords easily. Project Objectives: According to the above facts the objectives that must be undertaken and strongly research in this Bachelor project report are the following: Identify the importance of passwords as it concerns the advantages and disadvantages in their daily use in home and corporate environments. Identify the weaknesses raised from these poorly chosen passwords and describe the modern attacking techniques against these passwords. Besides propose possible countermeasures to address and eliminate these attacks. Examine the characteristics of an effective password policy which can be applied in a corporate environment in order to establish and manage the appropriate defenses to eliminate the dangerous posed by insecure passwords systems. Conduct a critical analysis of different techniques used to facilitate users to remember strong passwords easily. Propose a mnemonic system which is based on users’ favorite passphrases. Analyze the operating principles of the Password Mnemonic System (PA.ME.SYS) and the processes that it enforces in order to produce â€Å"safe passwords†. Test this password generator system (PA.ME.SYS) for the strength of all passwords it generates. In order to achieve the above purposes of this project a series of logical steps were taken: In order to achieve the first and second objective of this project, a survey was conducted in the Internet, in books and in the Web application design 1 and Web application design 2 lecture notes. This survey was concerned with the importance of passwords in an organization’s security framework, the reasons they are widely used in today’s businesses and the catastrophic consequences posed by the exposure of insecure passwords to unauthorized people. Another survey in books and in the Internet was necessary to identify the weaknesses raised from these poorly chosen passwords, the attacks which are forced by modern attackers to gain unauthorized access to users passwords and the possible defense mechanisms used to address and eliminate such attacks. For the third objective of this report, a survey was conducted in the Internet and in books. The aim of this survey was to find and understand different password policies which can be applied in an organization’s global security policy to establish and manage the defenses used to eliminate the dangerous posed by insecure passwords. A university password policy analyzed for the rules they apply in order to define the secure creation and storage of strong passwords. In addition the relationship between the users and the password policies was examined together with the risks that businesses face due to the implementation of inadequate password policies. For the fourth objective, which defines the added value of this project report, it was important to conduct a search on the Internet for different techniques used to help users to remember strong passwords easily. These techniques were analyzed for their operation and the disadvantages they have. For fifth objective, it was important to propose a mnemonic system which is based on users’ favorite passphrases. The proposal of this mnemonic system was based on the research we made of different mnemonic techniques described on the previous chapter. For the sixth and seventh objective which also defines the added value of this project report it was to analyze and test the proposed Password Mnemonic System (PA.ME.SYS). After the end of the survey a mnemonic system based on users’ favorite passphrases was developed and implemented. For the development analysis and design data flow diagrams were used to clearly show the processes and data that make up the system. For the implementation and testing visual basic language was used which shows in a graphical environment how this mnemonic system works 1. Introduction to Authentication and â€Å"Something you know† 1.1 Identification and Authentication Techniques Controlling access to system resources is an important aspect of computer security. Access control is about managing which users can access which files or services in an organization’s computer system. All entities involved with receiving, accessing, altering or storing information in a computer system, are separated to active and passive ones. The term â€Å"active entities† is used to describe all subjects (users, processes, threads) that are accessing, receiving or altering information in a system. The term â€Å"passive entities† is used to describe all objects (files, database) that actually hold or store information accessed by subjects. Without having access control mechanisms it is not possible to protect the confidentiality, integrity and availability (CIA triad) of system resources.   Access control is used to force users to provide a valid username and password to gain access to a system resource. The two vital components of access control are the identification and authentication processes. In the identification process the user is obligated to present an identity to a computer system. The information provided by the user trying to log on could be a username or by simply placing his/her hand/face to a scanning device. This action triggers the start of the authentication, authorization and accountability processes.  Ãƒâ€šÃ‚   Today, authentication processes are usually classified according to the distinguishing characteristic they use. These characteristics are classified in terms of the three factors described in the following section. Each factor relies on a different kind of distinguishing characteristic used each time to authenticate people in a system. 1.2 Authentication Factors In a typical system, there are basically three ways for human users to authenticate themselves to a client such as a computer, a mobile phone, a network, or an ATM machine. These three authentication factors are the following. ÃÆ'ËÅ" Anything you know: a password The distinguishing characteristic is private information that only authorized people know. In modern computer systems, this characteristic might be a password, a Personal Identification Number (PIN), lock combination or a pass phrase. It is the least cost effective factor and most popular method that can be employed easily in any modern system to authenticate authorized users within the organization. They are simpler and cheaper than other, secure forms of authentication but also because they do not require to spend large amounts of money for the implementation of them in comparison with other more modern security mechanisms. Additionally, Users don’t have to spend time and effort learning how to use them. The passwords are the only user-friendly way to identify a user in a network or computer system and it is believed that they can provide the same level of strong security as a more modern security mechanism. However the usage of passwords as an authentication technique presents some disadvantages that are directly connected to the way that users are managing these passwords. In more specific the users On the other hand, there are also some disadvantages that need to be taken into consideration such as the need to create complex and strong passwords,, the obligation to change their passwords frequently and the instructions and guidelines on how to keep their passwords secret. ÃÆ'ËÅ" Anything you have: a token The distinguishing characteristic is that authorized people own and present a specific item to be authenticated. This characteristic is enclosed in a token device such as a magnetic card, smart card, a memory card or a password calculator. ÃÆ'ËÅ" Anything you are: a biometric The distinguishing characteristic is some physiological feature (static) that is always present in a person, or a certain behavior pattern (dynamic) that is unique to the person being authenticated, and is measured and recorded once in the enrollment process. When the same person requires access entry the biometric identifier compares the current characteristic provided by the user with the previously collected pattern from the original authentic person. This characteristic could be a voice print, fingerprints, face shape, written signature, iris/retina pattern or hand geometry.   2. Attacks on Passwords 2.1 Introduction Passwords are a very important aspect of computer security. They are the front line of protection for user terminals and it is by far the most common user authentication method within the largest multinational organizations However the usage of passwords as an authentication technique increases the probability for an information system to be compromised. That happens because these passwords are directly connected to the way that users are creating, remembering, storing and distributing them. In fact passwords are the weakest element inside the security chain of an organization’s network system and are susceptible to different types of attacks. The next section presents the weaknesses on users’ passwords and modern attack techniques performed by malicious attackers to gain unauthorized access. 2.2 Attacks on Passwords Easily Guessed Passwords: The first weakness lies in the composition of the password itself. Most attackers rely on the fact that most people do a bad job in creating passwords and keeping them secret. Most passwords that people select depend on the following: Favorite football player and actor names, Simple strings, such as passwords consisting of the same character (e.g. 11111). Job titles and nicknames. Important numbers, such as insurance numbers, home addresses, telephones, credit card numbers, driver license, birthdays, or vehicle tags. Favorite words found in dictionaries. Children, family or relative names. The most common attack on passwords is that where malicious hackers exploit human nature and try to guesswhat passwords people select. In this case, hackers build a list with all information related to the victim and make attempts to log on hoping to find out the victim’s password quickly.  Ãƒâ€šÃ‚   Brute-force Attacks: In cryptography, a brute force attack or exhaustive key search is the strategy that can in theory be used against any encrypted data by an attacker who is unable to take advantage of any weakness in an encryption system that would otherwise make his task easier. It involves systematically checking all possible keys until the correct key is found. in the worst case, this would involve traversing the entire search space. The key length used in the encryption determines the practical feasibility performing a brute force attack, with longer keys exponentially more difficult to crack than shorter ones. Brute force attack can be made less effective by obfuscating the data to be encoded, something that makets it more difficult for an attacker to recognize when he has cracked the code.one of the measures of the strenth of an encryption system is how long it would theoretically taken an attacker to mount a successful brute force attack against it. Consequence of this attack is that all users cannot use the network recourses and must wait until system administrator reserts or unlock that account. It is obvious that this kind of attack causes confusion and big delays to user’s critical job tasks. Dictionary Attacks: In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching likely possibilities. (Shape1.1). Shape1.1 Dictionary attack A dictionary attack uses a targeted technique of successively trying all the words in an exhaustive list called a dictionary. In contrast with a brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words for example a dictionary (hence the phrase dictionary attack) or a bible etc. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries or simple, easily-predicted variations on words, such as appending a digit. Social Engineering Attacks: Another weakness lies on the fact that people are not capable to remember and keep their passwords secret. In computer security social engineering is described as a non technical intrusion that is based on the psychological characteristics of the human nature. It is the art of persuading people to reveal vital secrets or to perform actions that comply with the hacker’s wishes {Shape 1.2}. Social engineering can be conducted into several forms. Reverse Engineering: In this method, a legitimate user is induced into asking an attacker questions to obtain information. The attacker poses as a person of higher authority and tries to deduce the needed information from the questions, which are asked by the user. [emailprotected]: This mode of social engineering involves sending an e-mail to a user asking confidential information. The e-mail is meant to trigger an emotional response from the user. It makes the user unwittingly participate in the hacking by disclosing the confidential information. Webpage’s: False Webpage’s, that require users to enter e-mail addresses and passwords, are created by attackers. Hackers hope that users will enter the same passwords at the false websites, as they use at their organization’s computer systems. Shoulder surfing: In this type of attack a malicious attacker could look over a user’s shoulder and watch him while he is typing his/her password to grant access to a system. However shoulder surfing attacks are not always successful but can give important information and strength to a malicious attacker to achieve his goal. Dumpster diving: One of the most intelligent techniques to retrieve users’ passwords within large commercial organizations is the dumpster diving attack. In this type of attack malicious attackers search through discarded material to find passwords, credit card numbers, confidential records or other useful information related to security policies and passwords. Sniffing Attacks: Except brute-force guessing, dictionary and social engineering attacks today’s hackers are using more clever programs and methods to retrieve users’ passwords. These methods include software sniffer programs which are used to capture and sniff passwords either a) when they are typed during the authentication phase of a network login session (Trojan Login, Van Eck Sniffing, Keystroke sniffing, hardware key loggers) or b) when they are transmitted across complex networks via email and other document delivery systems (network sniffers). {Shape 1.1}. Shape 1.1 Sniffing Attacks The next paragraphs describe in more detail each of these techniques used to sniff user’s passwords: ÃÆ'ËÅ" 1.Network Sniffing: Net sniffer is a program, who capable of capturing all traffic made available to one or more network adapters. ÃÆ'ËÅ" 2. Trojan Login: A Trojan Login sniffer program is a software tool used to capture users’ passwords during the authentication phase of a network login session. A malicious user who has access to a personal computer connected to a network can easily install a Trojan Login program. The strength of this malicious program is that it has the ability to display perfectly imitations of the operating system’s standard login program. As a consequence the user enters his/her username and password without any knowledge of the situation, while the Trojan login program saves this authentication information in a secret file. ÃÆ'ËÅ" 3. Van Eck Sniffing: These signals, which are called Van Eck radiation, are visible from as far away as 1 kilometer. It is obvious that a malicious hacker using the appropriate    equipment and without specialized skills could easily sit outside a building and eavesdrop passwords and other secrets displayed on any nearby user’s video screens and monitors.   ÃÆ'ËÅ" 4. Keystroke Sniffing: Shape 1.2 shows clearly a classic keystroke sniffing attack associated with most modern operating systems. In this type of attack usernames and passwords are captured directly from the keyboard input buffer. When the user enters the required authentication information in order to gain access to a computer system, this information is stored in a special area of memory RAM.   While the user enters information, another malicious attacker could run a sniffer program and retrieve the contents of the keyboard input buffer. As a result the user’s username and password is obtained by the hacker and can be used for later attacks {Shape 1.2}. Shape 1.2: Keystroke Sniffing ÃÆ'ËÅ" 5.Hardware Key Loggers: A key logger is a hardware device that intercepts and stores strokes of a keyboard. This type of attack can be conducted very easily by a social engineer. The social engineer simply walks into the location of interest and plugs very professionally this small piece of hardware between the keyboard port and the keyboard.Assuming that most users place PC towers under their desks and most of them are unaware of hardware technology, key loggers can record all typed keystrokes and store them to their internal memory without user knowledge.   Attacks on Password Storage: Passwords have often been vulnerable to different kind of attacks when they are stored in huge databases and password files.Most modern operating systems ask from the user trying to grant access to systems resources, to enter his/her valid username and password. Then the operating system searches on the system’s password file for an entry matching the username. If the password in that entry matches the password typed by the user, then the login procedure succeeds and the user is authorized by the system. Shape 1.3 shows clearly how the password checking procedure works [1.3]. Shape1.3 Password Checking The storage of any password immediately breaks one important rule concerned with password security: â€Å"Do not write passwords down†. If the password file containing all users’ passwords is stolen then automatically the intruder has direct access to all system’s passwords. The primary arguments against password storage can be stated as: Single Point of Failure:If the password file is compromised then all passwords are compromised. Compromise of password file can happen due to: Poor encryption mechanisms or use of a weak master password, so its contents are easily accessed by a malicious hacker. Poor protection of the file itself. Poor Audit Trails:Most operating systems keep logs used to review login failed password attempts. Usually these logs contain a large number of wrong usernames and passwords typed by users while they are trying to login on a computer or network system. If these logs are not well protected ,then attacks become easier. For example, a malicious attacker who sees an audit record with a nonexistent username of 7rs or eri67 can be sure that this string is a password or a part of the password for one of the valid users. Software Bugs: One important reason for the success of password attacks is sometimes based on badly designed operating systems and application programs running on them. These badly designed features because software bugs which do all the hard work for malicious hackers and continue to be a major source of many security problems.  Ãƒâ€šÃ‚   One recent software bug was found in the Solaris operating system. Users with low level privileges could force a network application program to end abnormally. As a result this program dumped its memory contents to the hard drive in a file available to all users. This file contained copies of the hashed password values that were normally stored and protected in a shadowed file. As a consequence this file could be used as input to Crack software for an off-line brute-force attack. 2.3 Countermeasures against these Attacks Assuming all the above, it is obvious that attackers use several techniques to capture users’ passwords. In this section countermeasures against all attacks on passwords (describesin section2.2 Attacks on Passwords) are analyzed and listed in order: Countermeasures against brute-force attacks: A possible solution against login guessing attacks (or on-line brute-force attacks) is to have a password policy which specifies the maximum number of login failed attempts. System administrators by configuring the operating system could limit the number of failed login attempts allowed for each user. If the threshold is reached then the account should be locked and users will not be able to log until the system administrator arrives to reactivate the login process for the specific account. It must be mentioned that using such defenses against login guessing attacks will only delay a hacker from accessing a system and gaining access to confidential information. Failed login thresholds will not prevent a brute force attack from occurring but will identify the attacking attempt to the security administrator. This defense method will deter a malicious attacker from initiating a brute force attack and increase the level of difficulty for executing this attack. There is no actual defense mechanism against an off-line brute-force attack. This type of attack can be applied to any given password database. There are many cracking software’s available on the Internet which are capable of generating character sequences and working through all possible character combinations until the user’s password is found. The only defense mechanism against this type of attack is to have users that select and use â€Å"strong† password. Countermeasures against dictionary attacks: This type of attack could be eliminated by having a policy which simply prohibits the use of common words found in dictionaries or attacker’s word lists. If all generated passwords do not appear in such lists, then dictionary attacks will not succeed. Besides system administrators should perform themselves dictionary attacks to test users’ passwords within an organisation. If any passwords are compromised, then they must inform the users directly of the results and obligate them to change their passwords to more secure ones. Countermeasures against Social Engineering attacks: Education and user awareness must be supported by the organization’s global security policy. The users should understand the importance of keeping their passwords secret and be familiar with the different ways that a social engineering attack can be conducted against them. In this case, people are able to take the necessary steps to react accordingly when such a situation occurs. Besides this, companies shouldshred all printouts having usernames, passwords and other similar confidential information in order to prevent dumpster diving attacks. Countermeasures against Network sniffing attacks: Today’s hackers are using many network sniffing programs to retrieve users’ passwords, while they are transmitted over distant networks or inside organization’s corporate network. Most businesses facing this threat and considering the consequences due to this type attack implement and use different network protocols for the secure transmission of confidential information. More often organizations indicate detailed security policies that specify ways, encryption methods and protocols to be used for the secure transmission of any important information. The most important defense mechanism against network sniffing attacks is the use of well-known secure network protocols such as SSL/TLS and IPSec protocols. These protocols have the ability to build secure channels based on cryptographic keys, shared between trusted parties, for the safe transfer of passwords and other confidential information in any system’s network Countermeasures against Trojan Login: A defense mechanism against Trojan Logins is to have a trust path for all functions that require users to enter or present authentication information for purpose of authentication. This trusted path must be established between the user trying to login and the operating system. Secure Attention Sequence (or SAS) is a trusted path mechanism used in many modern operating systems such as Windows 2000. When user requires to log on, by executing the sequence Ctrl+Alt+Del is guaranteed that he is communicating with the operating system and not malicious software such as Trojan Login. Another important countermeasure against this type of attack is the installation of commercial available anti-virus software programs (such as Norton Antivirus and MacAfee Antivirus). These anti-virus softwares have the ability to detect and prevent sniffing attack programs such Trojan Logins to be installed, downloaded and operate in operating systems. 9 Countermeasures against Van Eck sniffing attacks: The types of countermeasures used to protect against Van Eck Sniffing attacks are known as Transient Electromagnetic Pulse Equipment Shielding Techniques (TEMPEST). The U.S TEMPEST standard is one guideline that manufacturers have to follow in order to reduce electromagnetic signals and prevent these types of attacks against passwords and other secrets displayed on video screens and monitors. TEMPEST mechanisms include Faraday cages, white noise and control zones. A Faraday cage is a box, a room or an entire building that is designed with an external metal skin that fully surrounds an area on all six sides. As a result all electromagnetic signals transmitted from PC’s monitors are blocked inside the building, preventing eavesdroppers from revealing users passwords.  Ãƒâ€šÃ‚   Countermeasures against Keystroke sniffing attacks:.   A good defense mechanism against keystroke sniffing attacks is to protect CPU’s memory. In particular the keyboard input buffer is the exact location where keystrokes typed by users are stored. It is clear that this area should be protected using various encryption techniques in order to become impossible for an intruder to retrieve its contents in plaintext form when they are intercepted.   Countermeasures against Hardware Key Loggers: There are not well-known defense mechanisms against Hardware Key Loggers. The only countermeasure against them is to state clearly in the organisation’s password policy that all sides of electronic equipment, and especially computers, should be visible to users and security officers. Moreover system administrators may be obligated to check all hardware and electronic devices plugged on users’ computers, or forced to check all hardware connections in computers rooms periodically.  Ãƒâ€šÃ‚   Countermeasures against Password Storage attacks: The types of defense mechanisms against password storage attacks include the use of various encryption and hashing techniques. These techniques are used to encrypt password files and never leave passwords exposed in plaintext form. Usually modern operating systems (Windows, UNIX) use one-way encryption systems to encrypt users’ passwords. In one-way encryption systems the password is transformed in such a way that the original password can not be recovered. When a user is logging onto such a system, the password that is entered by the user is one-way encrypted and compared with the stored encrypted password. The same encryption method and key must be used to encrypt the valid password before storage and to encrypt the entered password before comparison. Besides the use of one-way encryption, strong access control mechanisms (such as Role-Based and Clark-Wilson access control models) should be enforced and applied to the files that keep system’s hashed passwords. Without implementing tough access control mechanisms, the operating system is unable to check who is accessing these files. As a consequence an adversary could easily copy them and mount different kinds of attacks on them. Countermeasures against Software Bugs: As was mentioned in the previous section (section 2.2 software bugs), sometimes badly designed features in operating systems and applications can lead to software bugs which do all the hard work for malicious hackers. A defense mechanism to prevent such software bugs is to have a good software design. Software should be designed in an organized way keeping procedures simple, reviewed periodically for vulnerabilities and threats, and hardened with the latest patches.   Where a software bug is found in any operating system or application, people discovering it should report this problem directly to the security officer and the correspondent company selling and providing licenses for this specific product should be informed to solve this problem. 3. Password Policies 3.1 Introduction Password policies are necessary to protect the confidentiality of information and the integrity of systems by keeping unauthorized users out of computer systems. Usernames and passwords are the fundamental protection of computers and networks against intruders. Password policies specify rules about the secure administration of usernames, rules used to define valid passwords and the type of protection needed for secure password storage. Α password policy is a good place to start to build the security of a company’s network and protect its assets. The next sections discuss issues related to the secure usage and management of both usernames and passwords. 3.2 Administration of Usernames The front gate within an organization’s network is where the user or the service identifies themselves and presents some type of authentication information only known to them in order to grant access. The failure to have a reliable Login Security Policies activated is like having a big building with the best guards and security mechanisms around it with the main front gate open to anyone. 3.2.1 Login Security Policies and Usernames Within a secure system, the first thing that should be expected for any login attempt is to identify who is the person requesting entry. Regardless of the protocols used, you need to know who is trying to access the network services and who they want the network services to think they are. In high-security military environments the user identifications are assigned based on a random sequence of characters. Other organizations, such as commercial, use something that can uniquely identify the user without worrying about how to create usernames. If the usernames can give away information about the organization, then the implementation of random names could be a good solution. Although by using these random

Legalization of Marijuana Essay -- Weed Drugs Illegal Essays Papers Ca

The Legalization of Marijuana   Ã‚  Ã‚  Ã‚  Ã‚  Marijuana is a plant, known as cannabis sativa and cannabis indica, which contains a psychoactive chemical called tetrahydrocannabinol (THC). The effects of THC include disruption of psychomotor behavior, short-term memory impairment, intoxication, stimulation of appetite, antinociceptive, and antiemetic activities. Marijuana, the Mexican name given to cannabis is a mixture of dried, shredded leaves, stems, seeds, and flowers of the plant. Cannabis is a term that refers to marijuana and other preparations made from the same plant. Hemp is a form of cannabis, cannabis sativa L, which contains less than one percent THC; it is used to make clothing, paper, and building materials. Tobacco is smoked just like marijuana is smoked, rolled in paper or in a pipe. The only difference is that tobacco is legal and marijuana is illegal. The government spends billions each year on the war on drugs, yet it is still around. For people under the age of 21 it is much easier to get marijuana than it is to get alcohol. Although many primarily associate marijuana with its harmful side effects, in actuality there are many benefits from its use as well.   Ã‚  Ã‚  Ã‚  Ã‚  Marijuana was a large part of culture throughout the entire world, it has been around for thousands of years and still continues to grow. Hemp was a large help with early American settlers, the hollow stalk was used to make clothing, rope and paper. Hemp was used well before this though, the Chinese used it to make fishing nets and bow strings for their archers. George Washington and Thomas Jefferson, who are considered to be forefathers for America, both grew hemp. Benjamin Franklin owned a mill that made hemp paper. Early drafts of the Declaration of Independence were written on paper that was made of hemp. During World War II, the US supply of hemp was cut off by the Japanese, and the US Army and the Department of Agriculture promoted the â€Å"Hemp for Victory† campaign, which encouraged farmers to grow hemp for the cause of the war. Hemp was also used in making sails and ropes for ships. In 1937, the Marijuana Tax Stamp Act prohibited the use, sale, and cultivation of marijuana and hemp in the United States.   Ã‚  Ã‚  Ã‚  Ã‚  It is said that marijuana is a â€Å"gateway† drug, and it will lead to harder drugs such as cocaine or heroin, though this is not a proven theory. â€Å"Over time, there has been... ...ke if they are dried and rolled up. The fight for the legalization of marijuana will continue until marijuana is finally legalized. Bibliography 1. de Zwart, W.M. et al, Key Data: Smoking, Drinking, Drug Use and Gambling Among Pupils Aged 10 Years and Older, Utrecht: Netherlands Institute on Alcohol and Drugs (1994). 2. Drug War Facts 3. Jones, R.T. et al, "Clinical Studies of Cannabis Tolerance and Dependence," Annals of the New York Academy of Sciences 282:221-39 (1976). 4. National Survey Results on Drug Use, from the Monitoring the Future Study, 1975-1993, Volume I, Rockville, MD: National Institute on Drug Abuse (1994). 5. Preliminary Estimates From the 1993 National Household Survey on Drug Abuse, Rockville, MD: U.S. Department of Health and Human Services (1994). 6. Rubin, V., "Cross-Cultural Perspectives on Therapeutic Uses of Cannabis," pp 1-18 in S. Cohen and R.C. Stillman (eds), The Therapeutic Potential of Marijuana, New York: Plenum Medical Book Company (1976). 7. State Prison Expidentures 8. US Department of Justice, Drug Enforcement Agency, "In the Matter of Marijuana Rescheduling Petition," [Docket #86-22], (September 6, 1988), p. 57.

One of the Greatest American Sacrifices for WWII

The year is 1941 and the United States has managed to remain out of the 2nd World War. But on the morning of December 7th, history was changed for the American people. At 7:55am, Japanese militants dropped the first bombs on Pearl Harbor. This is â€Å"a date which will live in infamy. † Whether we liked it or not, America was now involved in World War II. Americans all across the country had to make many sacrifices to help out with the war efforts. There were restrictions placed on consumer goods such as automobiles, electronics, and nylons. Also, there were limitations placed on housing construction. But the greatest sacrifice of all was made by the Japanese Americans. In Mine Okubo’s book Citizen 13660, she describes as well as illustrates her experience as she, and approximately 110,000 other people, were evacuated from the west coast and sent to internment camps all across the country. The number 13660 in the book title comes from Okubo’s family number that was given to her when she registered for her brother and herself. It was to be used to identify their belongings and them as a family unit. On page 26, as she waits to load the bus to be taken to the camp, Okubo says, â€Å"At that moment I recalled some of the stories told on shipboard by European refugees bound for America. † In this quote, she is referring to the Jews who are escaping Germany. The stories that were being told are of the concentration camps that the Jews had been sent to. Okubo, along with all the other Japanese Americans, had no idea what was in store for them. Many feared that it would be something very similar to that of the concentration camps in Germany. When they arrived they soon learned that conditions were not as harsh as those the Jews were enduring. But still their experience differed immensely from the rest of the world. They lived in the internment camps and endured the lack of privacy and long lines to get food and to use the bathrooms. In the barracks, they had no choice but to sleep on mattresses filled with hay. â€Å"What hurt most I think was seeing those hay mattresses. We were used to a regular home atmosphere, and seeing those hay mattresses—so makeshift, with hay sticking out—a barren room with nothing but those hay mattresses. It was depressing, such a primitive feeling. † If the men wanted to join the service to show their loyalty to the ountry, they had to serve on the frontlines along with all the other Japanese Americans who chose to serve. The frontlines were extremely harsh conditions and the chance of survival was very low. â€Å"More than 50,000—the children of immigrants from China, Japan, Korea, and the Philippines—fought in the army, mostly in all-Asian units. † Some felt that these things were their way of helping with the war efforts and showing their loyalty to the country, and others felt that their civil rights had been stripped from them. Most of Mine Okubo’s wartime experience was spent in the internment camps. Through her illustrations and the text she shows us the reality of these harsh wartime conditions and how the Japanese Americans managed to make the most of the situation they were placed in. They managed to come together to create their own little community with schools, and visual arts, and even their own newspaper. Okubo’s illustrations allow us to see her emotions as we read her writings. Many of her emotions in the illustrations seem to lack any sort of anger and shed somewhat of a humorous light onto the text itself. I feel like her narrations would take on a more serious tone if her drawings were not present in the book. If I was placed in this same position as Okubo, I am not entirely sure how I would react. A part of me would love to take on the same perspective that Mine Okubo has taken, but as I read her book it is also hard for me to believe that anyone could remain so calm during such an intense time in their life. I would have such a hard time just packing up and leaving at any given moment and not knowing where I was going or what was going to happen to me. Okubo dealt with these undertakings very well and I am not sure I would be able to do the same if put in the same position. This portion in history tells us a lot about the â€Å"limits† of freedom in American history. Although the Japanese-Americans were citizens of the United States and residences within the country, they did not have equivalent rights during this time in history. â€Å"The Constitution makes him a citizen of the United States by nativity and a citizen of California by residence. No claim is made that he is not loyal to this country. † Many Japanese-Americans were being treated as if they had been disloyal to the US and even alienated because of how they looked. Also, the freedom to own land was taken from them as well. â€Å"The Federal Reserve Banks took charge of property owned by evacuees, while the Farm Security Administration took over the agricultural property. † Owning property is one of the greatest freedoms and American can uphold and as history has shown it can easily be taken away in an instant. Japanese-Americans were forced to sell everything because they were very limited in what they could take with them to the internment camps. As we can clearly see, Japanese-Americans had such limited freedom during World War II. Mine Okubo along with Yuri Tateishi gave us an inside look of what it was like for them during this crucial time in their lives and it allows us to see the rights and freedoms that were taken from these American citizens. I was able to more clearly see the actualization of their experiences through Mine Okubo’s illustrations because it allowed me to gain a greater respect for their emotions. Okubo and Tateishi, along with countless others, made some of the greatest sacrifices for the well being of our country during the war and for that they do not get nearly enough credit.

Executive Summary of Coral Diving Resort Essay Example

Executive Summary of Coral Diving Resort Essay Example Executive Summary of Coral Diving Resort Essay Executive Summary of Coral Diving Resort Essay Executive Summary Let us assume that all 3 possible strategies are implemented and we can evaluate their pros and cons through tools analyses provided in this summary. First, efficiency strategies: The advantage of improving efficiency on operations is status quo, which generates no further costs or investments. However, the disadvantages are obvious as follow: 1. As a small-size resort and known for its flexible and personalized services, Coral’s cost efficient operation could cause losses from current guest-flow more than costs saved from squeezing current low number of staff or facilities and services; 2. By maintaining status quo, Coral Diving Resort would not be distinguished as unique from other resorts in the Bahamas, which is going farther away from the common success of resorts based on strong identities and reputations for quality service; 3. The limit in cost efficiency and uncertainty of maintaining status quo means it hardly serves as an effective strategy for the continual decline of revenues over the last three years. So, this option is definitely not a good one to be implemented. Then we take a look at Adventure Diving: The advantages of adventure diving are as follow: . Adding additional diving attractions could raise both resort and dive business for Coral, fulfilling the growing market of adventure diving; 2. Bahamas’ legal status on some controversial diving such as shark-feed diving could attract some more American scuba divers, who as well are major forces world divers; 3. It is easily practicable for Coral Diving Resort to add adventure diving However, the d isadvantages of adding adventure diving are obvious as well: 1. Purchasing related adventure diving equipments adds to the cost of Coral’s 2. Although easy recruitment for adventure diving staff might be an advantage, the lack of interest and commitment from all current Coral staff which means adding adventure diving could cause complete staff replacement, hampering the stability and continuity of operations and services in Coral Diving Resort; 3. These Additional diving attractions are still widely served by hotels and resorts around Bahamas, meaning a growing competitiveness on adventure diving market. The other shark operators’ unhappy attitude towards potential new entrant can support this point; 4. It requires a minimum of divers on a trip at regular rates to cover the cost, but the additional new and return business of adventure diver is yet to be certain; 5. Some controversial type of diving such as shark-feed diving is facing growing pressure from environmental associations or even future regulation by government as U. S. did before, and is raising public awareness regarding the safety of it. Obvious disadvantages of adventure diving seem to outnumber its advantages. So adventure diving does not seem like an very effective strategy in the short-run and uncertain in the long-run. Finally, when it comes to family diving resort strategies, the only and biggest concern or disadvantage that comes into our mind is its cost burden, because of required renovation, adding staff and cooperative fees for Rascals in Paradise. However, based on the professional experiences and highly successful rate on various diving resorts that demonstrated by Rascals, we have every right to believe that: 1. Rascals can raise the annual bookings of Coral to the ideal level of 90% that has been desired by Greywell, not to mention the following long-term revenues generated by family guests; 2. The demographical characteristics of diving provide steady guest flow for Corals. The age-level and the growing market of family resort diving sufficiently support a long-term business for Corals; 3. Based on the current family friendly service and facilities, it is easily practicable for Coral to focus on upgrading its family-oriented diving business; 4. The high costs of renovation can be hugely offset soon after an established steady new flow of family guests; 5. Steady long-term revenues growths provide the grounds for other additions of service, such as adventure diving. 6. By the turnaround of Rascal’s effort and presence in diving resort industry, Coral Diving Resort can maintain and further develop its own brand of uniqueness. All pros and cons considered, family diving resort strategy is the most effective and prospective one that I strongly recommend to Coral Diving Resort. (Note tables of related tools for your reference) SWOT: STRENTHS -Solid reputation -Safety and knowledgeable in scuba diving -Unique well-regarded, not crowded location and quietness -Family friendly -Personalized services -Flexible accommodation -Prudence -Ties with diving associations WEAKNESSES Family run -Seasonal -Size (a very small-scaled resort) -Relatively simple facilities provided -marginally profitable -small number of staff -Low commitment or interest showed in staff for shark diving -High renovation costs OPPORTUNITIES -Steady increases of divers -Growing market of family diving vacations -High average income of divers and strong consumption -Cooperation offe r from experienced Rascals with its highly successful rate -Relatively small physical modification into a family diving resort -Easy recruitment of relevant staff for family resort -Cash-flow brought from the co-op with Rascals Easy addition of adventure diving -Legal shark feeding -Growing market of shark feeding THREATS -Competitiveness of family diving business -Adventure diving services widely adopted by resorts around Bahamas -Climate change impact on coral reefs -Difficulties surrounding air travel after 911 -Environmental pressure on shark feeding -Safety concern about shark feeding -unwelcome emergence in other shark diving among other shark dive operators -Steady guests flow required for the conduction of adventure diving -Subject to Rascals PEST: Political-Legal Forces -Possibility of law banning shark feeding soon High tax on imported goods Economic Forces -High income level of divers -Easy employment Technological Forces -Low technological requirements for scuba diving - Specific environments for diving resorts -Experienced and licensed staff for scuba diving -Provisions of various activities and services -Facilities and amenities within the resort Socio-cultural Forces -Pursuit of distinctive experiences from diving -Seasonal demands for diving resorts -High education level of divers -Strong consumption capabilities -Concentration of population of young and middle-class -Trends of increasing family diving Gradual safety awareness of certain adventure diving Porters: Threat of New Entrants Low, because the profit is marginal and growth rate has slowed. Rivalry Among Existing Firms High number of diving resorts, diverse family diving program and various types of diving provided by different diving resorts Threat of Substitute Products or Services Low, scuba diving is unique Bargaining Power of Buyers Low Bargaining Power of Suppliers Low Relative Power of Other Stakeholders Medium, ties to diving associations, possible future governmental regulation on shark feeding, protest of environmental groups safety awareness TOWS : INTERNAL FACTORS EXTERNAL FACTORSStrengths (S) -Solid reputation -Safety knowledgeable -Unique location -Family friendly -Personalized services -Flexible accommodation -Ties with diving associationsWeaknesses (W) -Family run -Seasonal -Small size -Simple facilities provided -marginal profit -small number of staff -Low commitment showed in staff towards shark diving -High renovation costs for family resort Opportunities (O) -Steady increases of divers -Growing family diving demand -High income of divers and strong consumption -Offer from Rascals -Small modification into a family diving resort Easy recruitment -Cash-flow brought from Rascals’ plan -Easy addition of adventure diving -Legal shark feeding -Growing demand for shark feedingSO Strategies -Use Rascals’ offer to consolidate and promote the reputation and uniqueness of Coral in U. S. market. -Utilize the conveniences in and out of Coral’s to convert itself into a family diving resort. WO Strategies -Expand Coral’s sales during off-season through the co-op with Rascals. -Use prospective cash-flow from the co-op with Rascals to offset high renovation costs. -Replace current staff who show no interest in shark diving Threats (T) -Competitiveness of family diving -Adventure diving services widely adopted in this area -Climate change impact -Difficulties surrounding air travel after 911 -Environmental pressure on shark feeding -Safety concern about shark feeding -Unwelcome emergence in shark feeding among other shark diving operators -Steady guest flow required to fulfill shark diving -Subject to RascalsST Strategies -Emphasize Coral’s uniqueness -Retain Cora’s reputation WT Strategies -Stay away from those controversial activities. Replace current staff who show no interest in shark diving

Analytical Essays

Analytical Essays Analytical Essays Analytical Essays Writing analytical essays, your task is not to describe something but rather to analyze something.   For example, if your analytical essay is devoted to a prominent person, you should choose one aspect of his life and try to analyze it.   In particular, you may discuss how the childhood environment has shaped the moral development of that person.   The topics and approaching to uncovering them are diverse.   If you need help with writing your analytical essays, you have a perfect opportunity to get it here, at our site, .com.   Our professional writers will not let you down.   We do not decline complicated assignments and we are never late with the paper delivery. In addition, our writing guide contains numerous sample essays. Analytical Essays Sample The arrangement between the two women had an obvious social function. Seventeenth-century France was not a caste society. While there were pronounced gaps between social groups, in the daily routines of life people of different classes were constantly associating. This association was found even in the court where Louis XIII grew up: Haroard's Journal makes clear that the dauphin lived amid crowds of peasants and artisans, entertainers and beggars. Such instances are characteristic of that "sociability" - the mixing of ages and classes, and their "coexistence ... in a single space - which Ari's found to be so typical of premodern society. The fact that the children of the rich were nursed by poorer women is only one among many signs of the free association of people who differed greatly in status. However, if we look carefully at such situations, I think we find that they work to differentiate the participants one from another even as they give the appearance of bringing them closer together. Ostensibly a sign of familiar association, the nursing arrangement in fact powerfully emphasized class differences. The upper-class mother was provided with a conspicuous sign of her superiority in that she was free of a degrading occupation which other, poorer women had to perform. The nurse, on the other hand, was presented with an economic problem; or rather the difficulties of sustenance in her life were aggravated by the coming of another mouth to feed. The idea of respect for her masters and of her own lack of worth was underlined in that the nurse had to set aside her own infant and to devote her primary attentions to the intruding child in order to be acquitted of her part in the bargain. As a domesticated animal, she was alienated from her own motherhood. In spite of its air of i ntimacy, I think it clear that the overall effect of the transaction was a sharpened sense of the distance between the two women and between the social groups they represented. Hiring a nurse was part of a particular style of life. It helped to define the status of the participating mothers and of the families to which they belonged. At the same time, I think that this socially oriented analysis still leaves unexplored some facets of the problem. After all, our understanding of the reasons nurses were employed comes almost entirely from the medical literature in favor of maternal breastfeeding. Analytical Essays Custom Writing The first and the most important rule of analytical essays writing is - your analytical essay must be free of plagiarism. You cannot simply copy/paste information found online.   Your task is to provide an analysis of that information.   If you are not sure in your writing skills, you may order analytical essay writing service at our site.   There are no risks!   We guarantee confidentiality and we do not resell delivered papers. We are honest with our clients and we strive not to be late with analytical essays delivery.