World War One Essays

World War One Essays World War One Essay World War One Essay The Inspectors mannerisms including the way he speaks are different to Birlings to create the most impression on the family and audience. The unfamiliarity of the Inspector could also prove intimidating for Birling, and coupled with the solidarity and purposefulness of the Inspectors persona it is not surprising that he manages to take control of the situation from the beginning. Described as creating an impression of massiveness, solidity and purposefulness, the Inspector grows as the stories of each character are revealed. He remains solid and unbroken as each of them breaks down, and nothing the others can do or say distracts them from this purpose. He arrives at the Birlings home just after Mr Birling has been setting his view of life: that every man must only look out for himself. The Inspectors role is to show that this is not the case. Throughout the play he demonstrates how people are responsible for how they affect the lives of others and his views are summed up in his visionary and dramatic final speech. It is the Inspector who makes things happen. Without him none of the secrets would otherwise come out into the open. The Inspector leads the characters to confront their own weaknesses, which makes them feel shocked and guilty. He is a catalyst for the evenings events. In the Inspectors last speech, he says:   But just remember this. One Eva Smith has gone but there are millions and millions of Eva Smiths and John Smiths still left with us, with their lives, their hopes and fears, their suffering and their chance of happiness, all intertwined with our lives, and what we think and say and do. We dont live alone. We are members of one body. We are responsible for each other. And I tell you that the time will soon come when, if men will not that lesson, then they will be taught it in fire, blood and anguish. Good night The Inspector performs a very important speech that covers all the main themes of the play, and allows Priestly to get his message across. The speech is very dramatic and is quite similar to a political speech. It is so powerful as he uses words like us and we and memorable phrases like fire, blood and anguish. A part of what Priestley is trying to get across here is we need to use collective responsibility in order to maintain peace in the world. If we dont, then it could result in war, because of personal suffering or as in this case, someone committing suicide. There are no directions or indication as to how the Inspector would have performed this speech. Therefore, I think the speech would have been performed very seriously with a commanding tone, spoken slowly and carefully so the audience would get the full dramatic effect. This way Priestleys aim would come across in a good way. I think the Inspectors speech would have provoked much discussion in the audience because of the powerful language used and because he left the scene directly after making the speech. The audience may discuss amongst themselves whether they agree with the Inspectors speech. If they do, theyd probably feel pleased and if not, theyd feel guilt and shame. I think that this play would have made a strong impact on the audience, as the message was very poignant considering the country had just suffered a Second World War. The Inspectors name Goole, is significant. It is a homonym. Ghoul, another form of the word has exactly the same sound but its meaning has a bearing on the play. A ghoul is an evil spirit. To Birling, and his upper class peers; this is an accurate interpretation of the Inspector. Priestley wants the Inspector to waken the audience; at the time the book was conceived World War II has scarred society. The atrocity of World War I had been relived again; classes were ripped apart, socialism was trying hard to reshape society. The metaphysical aspect of the Inspector is ever evident, no more so when he prophesises World War One:   Fire, blood and anguish  This heightens the enigma surrounding the Inspector. In 1912, when the play was set, it was virtually only rich men who could vote. The poor peoples opinions were virtually unheard as if they were invalid or irrelevant. This was apart of the social system that made Priestley very angry; it was as if the poor didnt really matter. Priestley was very much against this; he was somewhat a revolutionary and fought for equal rights and unity between all people. As it stood the rich would always stay rich and the poor would definitely stay poor, as they had no say in what happened to their country. The rich rarely considered this at all, and never thought something should be done about it. Priestleys play shows this as the Inspector makes everybody responsible for the girls death, this makes them at least think about how their actions can effect others, and makes them realise that no-one should have to go through pain like that just because of their social standing. An Inspector Calls delivers an important message to society. It is a message of mutual responsibility and shows how everyone has a role to play in society, and that we should do as much as we can to help others, because we know what effects our actions will have on their lives. Priestley hoped this play would create unity-making people prevent something before it happened.  The socialist message is delivered through the mouth of the Inspector, who takes on the role of teacher to the Birling family. He hopes to teach them moral values and respect for everyone, no matter how poor.

L.S.D is known to the scientific world as D-lyserg Essays

L.S.D is known to the scientific world as D-lyserg Essays Lsd L.S.D is known to the scientific world as D-lysergic-acid-diethylmide. Some common names for LSD, are as follows: Acid, 'Cid, bart Simpsons, Barrels, Tabs, Blotters, Heavenly blue, L, Liquid, Micro-Dots, Mind Detergant, Orange Cubes, Orange Micro, Owsley, Hits, Paper Acid, Sacrement, Sandoz, Sugar, Sunshine, Ticket, Twenty-Five, Wedding Bells, Windowpanes, etc. There are a number of methods to produce LSD variants at home, as well as pure LSD. The normal stoner that would be make LSD variants won't have the Knowledge to make LSD but with the help of alcohol, a type of ether (which can be procured from school labs), and morning glory seeds they can produce a slightly different drug. While it is still mainly LSD, you also have the variables of alcoholic consumption. And these variants work on contact. Unlike LSD which takes a few minutes to run through your blood, the liquid variants seep right through the tissue membranes and directly into the blood. Why is LSD used? Many cultures use it as a release of the mind for meditive reasons only, such as some Indian Nations, and also some Oriental Religious sects. Also the CIA has had in the past a keen interest in LSD, for specifically two reasons. To wear down enemy spies so that they will give information, and also to calm their own agents so they will not show agitation, or anxiety while on the job. The rest of the people use it for fun, or either scientific testing. LSD effects more then one of the human body systems. Somatic effects are, hyperthermia, hyperglycemia, vomiting, and hypotension. Psycological effects are, hallucinations, depersonalization, reliving of repressed memories, mood swings, euphoria, megalomania, and a schizophrenic-like state. Cognitive effects are, disturbed thought process, difficulty expressing thoughts, impairment of reasoning, and impairment of memory. Perceptual effects are, increased stimulus from environment, changes in shapes/colors, synasthesia, and disturbed perception of time. L SD was discovered in 1938 by Albert Hoffman, and the discovery was an accident. I suddenly became strangely inebriated. The external world became changed as in a dream. Objects appeared to gain in relief; they assumed unusual dimensions; and colors became more glowing. Even self-perception and the sense of time were changed. When the eyes were closed, colored pictures flashed past in a quickly changing kaleidoscope. After a few hours, the not unpleasant inebriation, which had been experienced whilst I was fully conscious, disappeared. what had caused this condition?. This qoute was taken from Dr. Hoffman Lab notes. While LSD has it's abuses, it has also been successfully used as a psycotherapy aid. Some doctors used it to releave pain of past memories, and almost as a hypnosis, since while under the influence of LSD peoples thoughts are very succeptable from the outside world. According to Scientists there is almost no chance of getting addicted to LSD. But your mind does retain the experience of LSD, which may come back to haunt the user for years. It may happen after a week, a month, a year, or ten years. But many users have reported having had flashbacks. In conclusion LSD has been used by the average stoner, Scientists, and also by the Government. LSD is the most powerful hallucinagin, and will continue to be used for many years to come.

Compare the methods and Motives of the mongol empire and Timurs empire Essay

Compare the methods and Motives of the mongol empire and Timurs empire in central Asia. Were the two empires more similar or mo - Essay Example The empire soon split, and this was actually the trend for a large Empire. An example is the case of the Roman Empire after the death of Caesar. The death of Genghis Khan led to the division of the Empire with the descendants of Genghis Khan fighting against other eligible candidates in retaining the throne. The methods of the Mongol empire under his leadership could be explained as having a high level of â€Å"flexibility and pragmatism characteristics† (Soucek 105). This was exhibited by the way he went about acquiring kingdoms, which later led to the expansion of the Mongol empire. This is done by peaceful surrendering of the territories to the Mongols to avoid attack and ensuring that the leader of a targeted empire maintains his throne and saving the inhabitants from the trauma of massacre. Resistance to the Mongol in the form of military resistance resulted in severe consequence - either extermination or decimation (Dunnell 45). Genghis Khan and his immediate successors were successful with their conquests because of well-made arrangements and planning by means of an organized administrative system that is not matched across kingdoms (Soucek 103). Perhaps, this is largely what historians claim to be a vision to rule the world that is similar to the quest Caesar to unify and rule the world. The charismatic characters displayed by the three generations after Genghis Khan and their legacies is a unique historical phenomenon as suggested by scholars, and it is believed to justify the traits which descents from the house of Genghis Khan retained for centuries to come. The Mongolian interlude is believed to be a traumatic one in the history of Central Asia; the Timurid period can be viewed as its glorious one. The founder of this dynasty Timur was also ruthless in his quest for territorial expansion. Like Khan, he carried out similar massacres and destruction. However, the places affected were outside Central Asia, for instance Iran and the Golden Horde. Timur showed mastery and endurance comparable to Genghis Khan. The Timurs inherited the throne after the death of Genghis descendant in the late fourteenth century. Unlike Khan who had no role model, Timur had to make use of the charismatic traits in the Genghisid descent, which was achieved by marrying a descendant of Genghis. This was because during his time, no nomad king with the objective of an ultimate rule and prestige of Khan felt legitimate without being attached to the Genghisid line. Nevertheless, unlike Khan, he could claim a right to rule in virtue of being an Islamic monarch and reflecting the will of God (Dunnell 78). Timur's military exploits were spectacular. His campaigns went as far as Eastern Europe, which was claimed to have escaped by coincidence (Soucek 151). Like the Mongolians, the Timurs also were conquerors. Places like India, Syria, and Anatolia were attacked. Regions such as Delhi, Istahan, Baghdad, Damascus, Saray, and Izmir revealed the extent of thei r conquest (Soucek 125). Nevertheless, it is believed that the empire founded by Timur was in no way comparable to that of Genghis Khan either in size or in structure. Even his successors lacked the acquisitive instinct of the successor of Genghis Khan. The similarities between the Mongolian and the Timur empires could be attributed to their

Project 3 Essay Example | Topics and Well Written Essays - 500 words

Project 3 - Essay Example If that is the case, Robert might be adept to bypass the icky process. But even if Robert is a hapless soul, altering a tire doesn't have to be all bad. With information arrives power. If Robert is hesitant how to change a tire correctly, and Robert likes to understand, read on. In fact, me and my friends are going by car along and all of the rapid Robert discover a blaring bang and the telltale thumping disturbance of a dead tire. Robert mindfully drags off to the shoulder of the road. Checking to confirm no other motorists are going to run Robert over, Robert go out my vehicle and examine the car. Sure sufficient, my car's left front tire is absolutely flat. Robert is not going to be adept to hold going by car, so Robert is going to have to eliminate it and establish my car's replacement tire in its place. The first step is to find my car's replacement tire, jack and tire iron. The replacement tire is nearly habitually established below the floor mat in the trunk. Unless, of course, my vehicle doesn't have a trunk. Now, my ally Robert is looking in the direction of the replacement components and seeking for something. Robert has discovered the replacement tire, and Robert likes to eliminate it from the car. If Robert has an air force measure handy, Robert will desire to ascertain the replacement tire's pressure.

Managerial Accounting Practices Essay Example | Topics and Well Written Essays - 750 words - 2

Managerial Accounting Practices - Essay Example ng on the other side provide information that is of pivotal importance for management to make day to day decisions as well as to set their long term strategy. When financial accounting provides standardized reports to external stakeholders, management accounting enables accountants to provide information for each and every level of management, from section supervisor to department heads. â€Å"Management accounting is concerned with the provisions and use of accounting information to managers within organizations, to provide them with the basis in making informed business decisions that would allow them to be better equipped in their management and control functions (wikipedia, 2007)†. The purpose of managerial accounting is to provide management with the information that holds key importance in strategic planning, directing and motivating employees and evaluating and controlling organizational performance. It provides basis for decision making for future activities. Reports are prepared for each and every segment of department so that the department heads and section managers may know exactly about their department’s performance and can reward or take controlling measures for their employees. Managerial accounting provides data to enable management of making budgets which are a part of their planning process. Budgets help management know exactly of their current state of resources and their future use in various activities from day to day operations to expansion projects. Daily sales report generated by management accountants or daily production reports help management analyze the efficiency of various department. Comparisons between the standard and the actual help management to know about the current and required status of their business activities and counter measures can be taken if found deviating from standards. Managerial accounting’s ability to provide basis for controlling measures lays ground for key performance measures for an organization.

HR Planning Case Study Essay Example for Free

HR Planning Case Study Essay Xerox is a widely known firm worldwide, but it has been through numerous crises in the past decade. In fact, at one point several years ago, there were questions about Xerox surviving as a firm. But no longer. Under the leadership of Anne Mulcahy as CEO, Xerox has rebounded. Numerous strategic business and financial decisions had to be made, including reducing the workforce by 30,000. But Mulcahy also stressed that HR had to become a more strategic contributor. One of the actions taken was to consolidate a number of HR functions from different busi-ness units into a corporate HR Service Center. This center performs many administrative trans-actions, and has added Internet- based systems to make HR services more accessible to managers and employees. To track employees views on the company and HR, employee surveys on the company in-tranet have been used for several years. Areas at which lower scores were recorded have been addressed by HR staff and other managers. The survey results have led to another primary focus at Xerox: employee retention. With all of the reductions and organizational restructurings, keeping the remaining employees, especially high- potential ones, has been a continuing emphasis. Xerox has invested significant time and resources into training and development of its employees, an important retention factor. Greater use of e- learning, technology, and leadership development have paid off in reducing turnover and convincing employees that career opportunities exist at Xerox. Continuing com-petitive pressures are presenting new challenges for Xerox and its HR staff. The strategic importance of HR has been demonstrated in the past, and looks to be a part of the firms future.

Ethical Hackers And Ethical Hacking Information Technology Essay

Ethical Hackers And Ethical Hacking Information Technology Essay The Internet and the other information systems are acting a vital role in organizations today. More and more organizations have become depend on network services completely of partially. So, a single failure of the network can cause severe losses to the organization. However, due to this huge demand of Internet and network services, computer security and the serious threats of computer criminals have comes to the foreground. Computers around the world are systematically being victimized by hacking attacks every day. Most of the attacks are very organized attacks and the attackers are very well understood about the general system vulnerabilities. So if they found any of those vulnerabilities in a system, they might be able to steal everything they want from the system and completely ease their tracks within even in less than 20 minutes. That might be a huge loss for the company in term of money and reputation. Thus to avoid these kind of attacks companies should have to employ a mechanism to Identify vulnerabilities in networks, applications and systems before they can be exploited. Generally, this is the job of an ethical hacker. Ethical Hacking and Phases Ethical Hackers and Ethical Hacking An ethical hacker is a security professional who helps organization to take defensive measures against malicious attacks and usually the process he doing to find those vulnerable point is called Ethical Hacking. Sometimes this is also known as Penetration Testing or Intuition Testing. In this case, the ethical hackers are getting into the minds of computer criminals; think like them to find about innovative ways the hackers may use to get into the systems. Then organizations can take required actions to avoid those vulnerabilities. It has identified that the almost all computer systems have vulnerabilities that can be exploited by a hacker to come to do damages. This can be due to an unpatched application, a misconfigured router or a rough network device and it will be not able to detect unless penetrate the networks and assess the security posture for vulnerabilities and exposures regular basis. As the hacking is a felony in most of the countries, ethical hackers should only operate having required permission and knowledge of the organization that they are trying to defend. In some cases, to check the effectiveness of their security teams, an organization will not inform their teams of the ethical hackers activities. This situation is referred to as operating in a double blind environment. To perform productive penetration testing, the ethical hackers who are going to conduct the testing must have to have variety of in-depth computer skills. They should know how to look for the weaknesses and vulnerabilities in target systems and need to have the knowledge of the tools a malicious hackers use on system hacking. However, because not everyone can be an expert in all the required fields that an organization uses, such as UNIX, Windows, Linux, and Macintosh systems; usually ethical hacking is conducted by teams whose members skills complement each other. Generally, there are three types of ethical hacker classes. This classification is done based on the hacking purpose of the hacker. Black-Hat Hackers Are the individuals who has the necessary computing expertise to carry out harmful attacks on information systems. They generally use their extraordinary knowledge and skills for personal gains. The black-hat hackers are also known as crackers. Gray-Hat Hackers Are the individuals with a split personality. At times, this individual will not break the law and, in fact, might help to defend a network. At other times, the gray hat hacker reverts to black hat activities. Thus we cannot predict their behaviour. White-Hat Hackers Are the individuals who usually have exceptional computer skills and use their abilities to increase the security posture of information systems and defend them from malicious attacks. These individuals probably are an information security consultant or security analyst. Why Ethical Hacking is need to perform Although many people know hacking as a horrible thing, most of them not think that they would not be hacked. But this is not the real situation. Almost every computer system has security breach that the haceks could come in and for security purposes these vulnerabilities need to avoid. One of the most important reasons for ethical hacking is to find those security leaks in an organization network. To do this, companies can hire security experts who have great knowledge on cyber security and trained as ethical hackers. So they can use their knowledge to hack into the systems to find insecure areas. Then the company can take necessary actions to secure their networks easily. There are two kinds of security leaks that an ethical hacker can identify. Hacking in to systems to steel data If a company compromised with this sort of attack they will lose not only the information or money, they will lose their reputation as well. So that might be cause to lose their customers as they not feel their personal information and data are completely safe. Leaks allows to compromise to Viruses If the company network compromised into viruses, it will allow shutting down entire network in just minutes. More than that, some viruses are able to perform harmful activities like data deletions. So the company may lost important data. Thus to improve overall security posture and avoid intellectual property thefts, regular ethical hacking practise is very critical in an IT company. More importantly, that will help save company money in millions and will build the reputation as well. Also as this system penetration is performing, thinking with a mindset of a hacker who tries to get in to the system, the companies can completely rely on professional ethical hackers reports to adjust the company security posture. Framework of Ethical Hacking In order to complete ethical hacking processes successfully, ethical hacking professionals have introduced several phases to follow up. In the there, they have break down the complete process in to several phases and generally both malicious and genuine users following that methodology. Following diagram illustrates those steps and it has described in detailed below. Anatomy of hacking Source: http://www.twincling.org/twincling/slides/ethicalhacking.pdf Reconnaissance This is the first step of any hacking attempt and generally the attacker tries to gather enough information as much a possible about the target system. This process also knows as foot-printing. In may gather information on areas such as determining the network range, identifying active machine, finding open ports, detecting operating systems. There are two ways reconnaissance is performing. Active reconnaissance: Is the process of live exploration of the system to find about the information such as running operating systems and services, open ports, routers and hosts. Passive reconnaissance: This involves monitoring and finding information or clues on the network using network sniffers or other mechanisms. The information can be domain names, locations, contact numbers etc. Sometimes this involves mechanisms such as searching through organizations or persons discarded materials. Following are some of clever ways or the tool, that reconnaissance can be perform against a target network. Using Google This is the most common and efficient way of finding information about a company. As the Google is the most common search engine using in the Internet, Google can be use to find publicly available information about target system. Sometimes, even though the company has removed the data from their web sites Google will be able to provide information from its caches. Thus Google can be use to begin the reconnaissance process. DNS Information tools The next best way to get information about a company is their domain name. If you know the domain of a company rest of the information such as their IP address, contact information and locations can be find easy using DNS tools. For this purpose, most common command line tools are whois and dig and they will show above DNS information in text. But the web sites like www.dnsstuff.com, www.samspade.org, www.geektools.com and www.easywhois.com will provide same information in more user friendly way. Those tools have various options and can provide information quarrying by the IP address or domain name. Also the command nslookup will map the domain name to the IP address or vice-versa. Arin Arin is a very well known web based tool to find network ranges which a company holding. Just entering a single IP address of the range ARIN can give the whole network range the company owns. Social Engineering After knowing the basic information about a company, the best way to get know more information about the company is performing social engineering. In here, hackers trick people into revel information by themselves. The common way is calling or meeting employees and tricks them to get more information. Scanning This is the second phase of hacking framework and involves acquiring more detailed information based on the data collected in early phase. This is very similar to the active reconnaissance and in this phase it tries to dig into little deep. Generally this phase includes activities such as indentifying live hosts, discovering running services and their ports, detecting the running OS. Main target in this phase is to build the blue print of the target network including the live host IP addresses, opened service ports. The hackers use various scanners in this case and few of their techniques listed below. Ping To identify the active hosts in a networks Ping is the best tool. It can provide the information such as status of the host, host name and their TTL details. It is a very simple utility uses ICMP packets to scanning. Ping send ICMP packets to a target host and if it receives the acknowledgment we can make out the system is active. There are few handy tools that can be used to automate this ping process to check the availability of range of IP address. Few examples of them are Hping, icmpenum, NetScan Tools. Traceroute Traceroute is a tool that can use to mapping the location of a targeted host. It uses same technology as Ping and shows the exact path to the target host. NMap NMap is the most popular port scanning tool and it is a free and open source utility. Both malicious and genuine users use to identify vulnerabilities on computer systems. It has many options and it is able to perform almost every type of scan like connect scan, half open scans, SYN scan etc on a targeted host. Also it is a very useful tool for task such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. NMap can scan host in a network range straight away and it is able to detect the versions of the operating system that running on the targeted system too. WAR Dialling This is a tool widely used earlier time to detect active modems in the networks. This was a common hacking tool as there were many deal-in modems available in the network to enable their employees to login into the network. The program can automatically dials a defined range of phone numbers and logs the success full attempts in to its database. But as the modem technology is getting obsolete very fast this is not using very much. Banner grabbing Another useful technique to find about running service ports is called banner grabbing. In this case the hackers tries to connect to well know port such as 80, 8080, 25, 110, 23, 22 etc using telnet. So if the trying service is running on the target server it will display the service banner including the type of the software and running version. Thus the hackers can grab that information to their building blue-print. Enumeration (OS / Application Attacks) This is the hacking technique of convincing some target servers to provide them some information about the system which are vital to precede the attack. The information the attackers normally target are resources and shares available in the system, valid users and user groups and about running applications etc. The common way of enumeration is by use of the null sessions, the sessions which usually have no username or password. Once the hacker gets into the system the he starts enumeration by using some tools to find out the data he wants. There are several tools available that uses to do these queries. NBTscan and Netbios Auditing tools are few commonly using tools. Hackers also enumerate the systems using the SNMP protocol too. Enumerating the SNMP protocol hackers can get the information they want easily. This is an easy way than using null session. But as SNMP v3 sends data after encrypting it, that data need to be decrypt before use it. SNMPutils, IP Network Browser, SNMP Informant, Getif are some of tool use for SNMP enumeration. Gaining Access As all above phases are only hacking preparation phases, this is the phase the actual attack is executing. The hacker will use the blue-print he created during previous phases. During this phase the attacker tries to launch attacks targeting the applications, operating system and the network. To do that, hackers may launches DoS attack, buffer flow attacks, application attacks and even they may insert viruses and Trojan horses to get access to the network. Another goal of the hackers is to gain the highest level privileges he can get. If so, he will able to delete all the tracks and evidence of his activities without any issue. Also if the NetBIOS TCP 139 port is open and accessible the easistt way to login to the system is guessing the password. Thus the first attempt of the attacker will be guessing the system passwords to enter with the highest level of privileges to the system. Most of the times, this step will be an easy task, because most of the users keep their password to an easy-to-remember one. Also if any information available about the user like family members names, childrens name, birthday, there is a great potential to be the password one of them. Also there are lists of commonly using password and the hackers can try those passwords to login to the system. If they were unable to guess the password, the next step is to crack the password using an automated tool. There are several strategies used by the hackers to crack passwords. Social Engineering The easiest and the common method to crack password and the hacker calls or meet the user get the password from him tricking by some fraud. Dictionary cracking In here the cracking is performing using some collected words related to the user and list of commonly using password. The list is checking one by one and usually this is an automated process doing by a tool such as Legion. Brute force cracking This is an automated password cracking mechanism and this will just use combination different characters, letter and symbols to guess the password instead of dictionary words. Hybrid cracking This is a mixed mechanism of both dictionary and hybrid password guessing mechanisms. It will first try the dictionary passwords and then tries the letter combinations. Some automated password-guessing tools are Legion and NetBIOS Auditing Tool. However, the tools like L0phtCrack,ScoopLM, KerbCrack will allows the system administrators to audit there users password and let them know if anyone using such password which can be compromised to a password cracking tool. Other than above mentioned password cracking methods, hackers use keystroke loggers to intercept the uses key strokes to find their passwords. Those keystroke loggers are able to save into files or send all the user key stokes to a remote destination. There are two types of keystroke loggers. It can be either software based or hardware based. The hardware keystroke loggers must physically be installed into the system and the software keystroke loggers can be a action of a Trojan-horse. Few examples for keystroke loggers are ISpyNow , PC Activity Monitor , Remote Spy and following figure shows an example of a hardware keystroke logger. If the hackers could not able to track down the user password the hacker will try to get access to the systems using network attacks. There are several methods hackers will use to attack the networks. Following listed are few of them. Sniffing Attacks Sniffing id the process of capturing data from a network as they pass and storeing them to process offline. To this process hackers use various sniffing tools with different capabilities. Some sniffers can only work with TCP/IP while more sophisticated sniffers works with many other protocols including data link layer protocols. Also sniffing attacks can be use to grab user logins and passwords too. As the telnet, http, POP, SMB sends password data in plain text and travel around the network using sniffing attack they can be easily grabbed out. Sniffing can be either active or passive. Passive sniffing is performing at Hub networks and the speciality in there is that the all the machines in the networks sees all the traffic of the other machines. So the hackers can capture almost every data packet travels through the network. As the hub networks are not in real environments passive sniffing is very unlikely to happen. Active sniffing is takes place in switch networks and thus the hackers will not able to see other users traffics except the broadcast data. Thus the only possible attack is the man-in-the-middle attacks. In here an attacker is positioned in the middle of communications between two legitimate entities in order to capture data that passes between the two parties. As mentioned earlier, there are several sniffing tools available with different capabilities. The most popular sniffing tool is the Wireshark and it was formally known as Ethereal. It is a free network protocol analyzer and supports for both Windows and Linux operating systems. It is a very sophisticated tool and it is capable of capture traffic on the network and save it on disk, filter traffic according to the requirement and showing summery and detailed information for each packet. Few of other sniffing tools are Packetyzer, Dsniff, TCPDump, and Snort. Dos Attacks A DoS attack is a network attack that results in some sort of interruption of service to users, devices, or applications. Hackers use several mechanisms to generate a DoS attack. The simplest method is to generate large amounts data appearing as a valid network traffic. This type of network DoS attack saturates the network so that valid user traffic cannot get through. A DoS attack takes advantage of the fact that target systems such as servers must maintain state information. Applications may rely on expected buffer sizes and specific content of network packets. A DoS attack can exploit this by sending packet sizes or data values that are not expected by the receiving application. These attacks attempt to compromise the availability of a network, host, or application. They are considered a major risk because they can easily interrupt a business process and cause significant loss. These attacks are relatively simple to conduct, even by unskilled hackers. Maintaining Access By entering to this step the hacker has to be getting in to the system by any mean and this phase it is focus on to the established session maintaining. Thus the hacker is able to perform any file upload/download or any software tool inserting. In this stage hackers are trying to establish a hidden path to enter to the system next time easily. So to do that, they will insert some malicious software like Trojan-horses, sniffers keystroke loggers etc. Trojan-horses are malwares that carries out malicious operations under the appearance of a desired function. A virus or worm could carry a Trojan-horse. A Trojan-horse contains hidden, malicious code that exploits the privileges of the user that runs it. Games can often have a Trojan-horse attached to them. When running the game, the game works, but in the background, the Trojan-horse has been installed on the users system and continues running after the game has been closed. The Trojan-horse concept is flexible. It can cause immediate damage, provide a back door to a system, or perform actions, such as password capturing, keystroke capturing, executing DoS attacks. Some advance hackers writes custom Trojan-horses according to the requirement and those are very hard to detect. There are many examples of Trojan-horses like Tini, netcat, subseven, backoffice etc. Clearing Tracks This is the final step of the hacking framework and in here the hackers delete all the evidence and track of their access. Generally, in any operating system it keeps a record about the user logins, file deletes, file inserting, installing etc. So once hacker loges into a system his attempts and actions are logged in to operating system log files. So the hackers have to delete these logs. Although this is a very hard task to perform in reality, there are some tools do alternative actions such as disabling the operating system auditing, deleting all the log records, delete temporary log files etc. So executing tools like that they can delete their tracks, usually with all the other log files. There for system administrator may know that system has been compromised. The software tool auditpol.exe is a such tool that able to disable OS logging. Also attackers need to hide the files they uploaded in to the systems and to do this there are few techniques available call wrappers. These wrapper tools are able to hide the uploaded data as picture file. Design an Evidence Gathering Prototype Importance of a Evidence Gathering Prototype As shown above, the possibilities and opportunities are limitless a company can be targeted by a malicious attack. Although implementing correct firewall and security policies can minimize the exposure of many systems to the hackers, it is very unrealistic to completely avoid security breaches in a comport system. Therefore, it is very important to detect intrusion activities and limit as much as possible the damage they can produce. Installing well planed and configured Evidence Gathering Prototype with intrusion detection and honeypot capabilities will do that. In generally, intruder detection systems are able to record all the system activities on a given host or a network. Thus if the monitoring system is compromised or targeted to attack, all the useful information to track the attacker, are recording in the IDS system. Sometimes they can alert the system administrators about the attacks as well. One of another feature of such kind of system is that they are able recognize violations of an organisations security and acceptable use policies such as transfers of inappropriate material throughout the companys network, or downloads of authorizes data files, accessing restricted contents, use of unauthorized application, etc. Also, some systems are able to identify reconnaissance activities which may followed by hacking attacks. As these systems are able to keep log on every said incidence, the systems administrators can use those data in there ethical hacking exercises. Furthermore, they can get idea about the techniques attackers use, attack launching periods, times and frequencies, common types of attacks they get and about the locations of the attackers and etc. One of the side advantage can have installing a IDS system is that the deterring of hacking attempts, because being aware that their activities are being monitored the hacker might be less prone launch attacks. Thus installing a system in purpose of evidence gathering is very crucial and rest of this document will focus on designing a better prototype for that purpose. For example, a hacker can identify whether an IDS is present in the system if present that attacker may first attack the IDS to bring it offline. Architecture of the prototype The general idea of this prototype is to provide new defence mechanism to networks from huge varieties of behavioural network attacks. Especially rootkit attacks, buffer overflows, DOS / DDOS attacks, SQL injections and many other types of hacking in to a network. Keeping records of malicious behaviours and providing tracking down the intruders, this system will be a whole new protection concept for current networking intrusion threats. Techniques like Intrusion Prevention Systems, Honeypot and network Sniffers can be used as first line of defence to fights again unauthorized access to networks and network resources. But it is hard to use each of them separately in a network to prevent malicious attacks. So a good system should use all those techniques in a single system. Also only one technique will not suit either, as they may have some tribulations on it. Thus, the designing prototype uses all the techniques mentioned above. It will work as a choke point between the WAN and LAN so all the network traffic should flow through it and the traffic will inspect from there. About architecture, the prototype is consisting of three Intrusion Detection Systems, Honeypot and a monitoring console. Three IDSs will be Signature based, Anomaly based and Stateful-protocol analysis IDSs. All the incoming network traffic will be inspected by these IDSs before enter in to the LAN. If IDSs are detected any suspicious behaviours, they will send an alarm message to the Honeypot. Then the malicious traffic will start to circulate among the IDSs without the intruders knowledge. Therefore an intruder will not be able to perform continuous actions because the IP addresses of the traffic are keeping changing. The Honeypot monitor all the network traffic which will be forwarded by the IDSs and keep records of all behaviours. Allowing or denying the network traff ic to enter in to the LAN will be decided by monitoring the behaviour of the incoming traffic to the Honeypot. A separate monitoring console is connected to the Honeypot which also has an online monitoring and log making system so that the sources of any malicious traffic can be identified. Following figure show the overview of the system. Major components Signature based IDSs has a predefined database of attack signatures. It compares all the network packets against the attack signatures in the database. Anomaly based IDSs compares the network traffic against a profile build by previous trainings of network traffic behaviours and continually sampling all activities occurring within the system. Therefore it can react to new zero-day attacks. Stateful-protocol analysis IDs relies on vendor-developed universal profiles that specify how particular protocols should and should not be used, on decision taking. Core of the system is the Honeypot which will monitor all the network traffic flow through it. Monitoring console with a real time log making and tracking system implemented on it. This console provides a real time monitoring and online tracking system to track down and locate the intruders source. Network traffic database will store all the information about the traffic flow the Honeypot encountered, signature database and IP addresses of all the malicious / suspicious traffic flows. Capabilities of the prototype Signature based Intrusion Detection System Knowledge is accumulated by the IDS vendors about specific attacks and how they are carried out. Models of how the attacks are carried out are developed and called signatures. Each identified attack has a signature, which is used to detect an attack in progress or determine if one has occurred within the network. Any action that is not recognized as an attack is considered acceptable. Anomaly based Intrusion Detection System These are behavior based products that do not contain databases of attack signatures. They first go through a learning mode to build a profile of normal behaviour of a system or a network by continually sampling all activities occurring within the system. These IDSs will be configured to detect the Zero-day attacks which means configured to detect new and unknown threats. All anomaly based IDSs will be trained by using accepted penetration tools such as GFILanguard, Nesses, Nmap, Retina, NetCat and Enstealth. After the profile built all the activities are compared against it. If anything which does not match the profile occurs an alarm is triggered and packets will be tagged. Stateful-protocol analysis Intrusion Detection System This is little similar to anomaly-based detection technique. But it relies on profiles that provided by the device vendors. Those profiles enable IDPS to understand and track the state of network, transport and application protocols that have a notion of state. It can thus identify unexpected sequences of commands, such as issuing the same command repeatedly or issuing a command without first issuing another command upon which it is dependent. Honeypot Honeypot is an essentially decoy network-accessible resource, could be deployed in a network as surveillance and early-warning tools. Techniques used by the attackers that attempt to compromise these decoy resources are studied during and after an attack to keep an eye on new exploitation techniques. Such analysis could be used to further tighten security of the actual network being protected by the Honeypot. All traffic entering and leaving the Honeypot is logged. Honeypot can carry risks to a network, and must be handled with care. If they are not properly walled off, an attacker can use them to break into a system. Monitoring Console This machine is to examine the intrusion methods / traffic flow used by the intruder. This analyze will be done synchronizing with the Honeypot. Those details will be used to create complete reports about the encounters. The tracking system which is installed on the console will provide a complete track of the intruder. Other Features The prototype can analyze the behaviours of the incoming traffic since all the traffic should go through the system. Any intrusions which will match to the signatures, the Signature Based IDSs will alarm immediately to the Honeypot. By recording and tracking the traffic pattern, a decision can be taken whether to drop the identified traffic or track back the source of the intruder. The detected or suspicious traffic will be redirected to the Honeypot as the final action. Make use of the online tracking and log making system, the prototype can record all the behaviours in real time and provide a tracking system to catch the intruders. Commercially available Intrusion Detection Systems Snort Snort is a free and open-source network-based IDS system and it is the most commonly using intrusion detection system. It is a software-based NIDPS and able to perform both protocol analysing and content searching. Snort has intrusion prevent capabilities as well. So it is use to both actively block and passively detect a variety of attacks and probes. It uses signature, protocol and anomaly-based inspection to intruder detection. CISCO Secure IDS This