The Color Purple By Alice Walker Essays - The Color Purple

The Color Purple by Alice Walker Alice Walker's The Color Purple presents the life-long struggle of Celie, a black Georgia woman, who yearns to obtain confidence and self-esteem. During the early stages of the novel, references to wagons are made, signifying the ?old days,? whereas towards the end of the work automobiles surface. Though Walker never discusses any specific time or place where the story actually occurs, the change in transportation suggests about a forty-year span of Celie's life, from the beginning of the novel until the end. Written in first person, Celie writes a series of letters to God, explaining the torture that she faces, and begging him for some form of mercy. After years of abuse, both physically and emotionally, Celie discovers herself searching for some self-respect. Fonso, Celie's abusive father, forces her to marry Albert, also abusive by nature. Celie finds a degree of hope through the depiction of Albert's mistress, Shug. Shug serves as a tremendous force in Celie's attainment of confidence, as the two eventually form a strong bond. Celie's sister, Nettie, intelligent and caring who ?mean[s] everything in the world? to Celie, also faces many of the same obstacles that Celie does, but Nettie first helps Celie overcome hers. As time passes, Celie gains more and more self-respect as well as some respect from others. The central theme flowing throughout the work remains that man often defeats his problems through the nurturing of close intimate relationships. The bond between Shug and Celie allows Celie to conquer her passive behavior. Likewise, her relationship with Nettie also instills a strong sense of courage and self-esteem within Celie. Celie refuses to allow the horrible deeds of the men in her life to control her towards the latter stages of the novel. The intimate relationships that Celie shares with both the energetic Shug and the loving Nettie provides Celie with hope that she will one day come out of her passive shell. Walker captures the audience with Celie's series of letters to God that involve the audience. This unusual style of writing forces the reader to become directly involved in Celie's life. Though the work is told by Celie's perspective, the audience is able to receive adequate information about other key characters instead of only being able to venture into Celie's mind. The language used throughout the novel serves several purposes. Initially, the use of the slang serves to exhibit to the audience the illiterate Celie who just spells words as they sound. Though the novel is not written in standard English, the reader can easily identify with Celie and the other people in the novel because the slang makes for easier reading with a better idea of what message is trying to be conveyed. Walker illustrates the importance of close human relationships and how they help heal pain through this masterpiece.

The Symbolism of the Glass Pap essays

The Symbolism of the Glass Pap essays In the novel 1984, the prophetic classic written by George Orwell in 1949, we see a man who is all alone struggles against a totalitarian government. While he is aware that he cannot defeat the monstrous machine known as The Party, he still defies its efforts at controlling the thoughts and emotions of all the citizens of Oceania. But throughout the novel, Winston Smith has a dream of escaping from this terrible system, of going away with his lover Julia. Winstons dream of escaping from the insanity of life in the totalitarian super-state of Oceania is symbolized by the glass paperweight that he obtains in the antique store. Winston buys the paperweight under a circumstance that befits the society in which he lives. He wanders into an old antique shop; run by a kindly old gentleman who always had the air of being a collector rather than a tradesman.(p125) He finds a glass paperweight that has a peculiar softness, as of rainwater, in both the color and texture of the glass. Inside was embedded a tiny piece of coral, such that it was magnified by the glass.(p81) The paperweight is beautiful to look at, and without function, as are dreams. Unfortunately, the storekeeper who sells the artifact to Winston is a member of the Thought Police; an organization designed to control peoples thoughts as well as their actions. By purchasing this paperweight from a member of the controlling force in the Oceanic government, Winston demonstrates how any anomalous thought or dream can condemn oneself in the eyes of Big Brother. Winstons belief that he is a minority of one is reaffirmed by the fact that this paperweight is not understood by anyone. When he shows it to Julia, the only person who he feels is capable of grasping its meaning, he is disappointed. He took it out of her hand, fascinated as always by the soft, rainwatery appearance of the glass. What is...

What Factors Contribute to a Successful Computer-Based After-School Dissertation

What Factors Contribute to a Successful Computer-Based After-School Programm for At-Risk Children in an Urban Middle School - Dissertation Example The scope of this work is focused on whether the participation in an after-school program is beneficial to at-risk middle school students. This topic is important because there is a need for increasing the amount of time in which students are involved in educational activities beyond the regular school day. In these days of increased budget constraints any program that is competing for funding will have to be able to prove its efficacy. Having data to support the impact on academics of at-risk students will be beneficial to the program which requires funding, the entity which will supply the funding, and the students themselves as they will be able to determine if their time and/or money will be well-spent. This was a research project using interviews and reviews of academic progress reports/report cards. These methods allowed the researcher to not only establish a baseline as far as the students’ grades are concerned but allowed for a look at the students’ points-of-vi ew of the program. The interviews took place at a middle school. The findings show that participation in the after-school program led to improvements in academic performance in math. However, there were also several additional benefits as a result of the participation in terms of feelings, attitudes and behavior. ... I would like to dedicate this dissertation to my parents, Theodore and Patricia Wilson for their encouragement and support in what has turned out to be one of my greatest journeys. Without the additional support and understanding of my family and friends, this dissertation would not be in existence. Acknowledgements I would like to express my appreciativeness to my committee chair and mentor, Dr. E. Alana James, for her constant inspiration, feedback, and reinforcement. Thank you to Dr. Camilla Ferebee and Dr. Thea Williams for serving stupendously as my dissertation committee members. Their valued suggestions and knowledge have guided me through this wonderful three year journey. Table of Contents Abstract II Dedication III Acknowledgements IV Table of Contents IV Chapter I: Introduction of the Study 1 Background of the Study 1 Problem Statement 2 Purpose of the Study 3 Research Questions 3 Early Signs of Need of Extended Day Learning 4 Key Terms 4 Assumptions, Limitations, Scope, a nd Delimitations 5 Assumptions of the Study 5 Limitations of the Study 5 Scope of the Study 5 Delimitations of the Study 6 Significance of the Study 6 Summary 6 Chapter II: Review of the Literature 7 Introduction 7 History of After-school Programs 7 No Child Left Behind 10 Federal Role of Out-of-School Learning 12 At-Risk Students 14 Computer Usage in After-school Programs 15 Attendance and Academic Success 17 Benefits of Math After-School Programs 18 Summary 18 Chapter III: Methodology 20 Introduction 20 Research Questions and Hypotheses 20 Research Questions 20 Hypotheses 21 Background and Purpose 21 Methodological Design 22 Participants 24 Data Collection and Analysis 24 Consent and Confidentiality 26 Assumptions and Limitations 26 Summary 27 Chapter IV: Results 27

Amazonia S.L Essay Example | Topics and Well Written Essays - 2500 words

Amazonia S.L - Essay Example e growing population of competitors in Matarà ³; however it had successfully recovered by opening new business practices with the help of his nephew, Carlos Costa. Based on the income statement figures of Amazonia, S.L. from the year 2002 up to 2004 its net income is improving as well as the revenue of the business. This had proven the success of Amazonia, S.L., and this big market share was brought about by customer’s loyalty. On the other hand, the market situation is rapidly changing and so with the customer’s taste and preferences. This situation should be properly handled by Amazonia, S.L. to avoid recession in the near future. The idea of innovation had long been considered by Mr. Antonio Moreno and the task was given into the hands of his son, Miquel. Soon after Miquel deals with the operations and customers of the company, he discovered a new idea of innovation – to establish cocktails Copacabana, a production and merchandising division of exotic fruit j uices, emphasizing their healthy properties. The main thrust of this paper is to identify whether the proposal of Miquel Moreno would be viable for the business. He really believes that cocktail Copacabana is a good business but how will he present the evidences in a manner that is convincing to the partners of the company. Although Miquel had gathered reliable data for his proposal, he at the same time lacks familiarity with the daily practices of the new business. Thus, this paper would also tackle about the minor and major stated problems of the new proposed business with a corresponding alternative solution. Every business venture whether unknown or known to the market has to face different problems brought about by environmental changes (Thomson 9). This is part of every business which no one can hide or run away from it. This situation will likely occur either in the present or in the future situation, and so before this could happen, the business should have its own coping mechanism in an

The Yellow Wallpaper Essay Example | Topics and Well Written Essays - 750 words

The Yellow Wallpaper - Essay Example She can see life in the wallpaper, life in a trapped woman. The woman is told to be trying to flee herself. She eventually is released from the trap on the last day of the vacation, when the husband opens the room. The character eventually identifies herself as the woman in the yellow wallpaper. Logan Thomas directed the film, the Yellow wallpaper in 2011. The yellow wallpaper is a horror film about a family that rents a new house following the burning of their old house. The family, consisting of Gilman, her husband Dr. John and their daughter Jennie, lose their previous house, their belongings and their beloved daughter Sarah to the fire. They are forced to relocate to a rented house by circumstances. It is at this house that horrific things happen. The town is odd, with the only route to town leading them to a dessert, wolves’ attacks, and some seem to be living right in the house, behind a yellow wallpaper (Thomas). The movie has various aspects that are similar to the sho rt story. Looking at the characters, there is a distinct comparison, in that they are the same. The main characters in the short story are Gilman and her husband, who is a doctor. Both characters recur in the movie. A feeling of a depressed feminine character has been sparked out in both cases, by the same character. Gilman, in the short story, is depressed and suffering from post partum trauma, soon after she gave birth. She suffers alone in a room found in a rented apartment, where they are on a three-week vacation. The depressive condition leads the character to visualizing presence of another person trapped in the wallpaper. The depression recurs in the movie, to the same character, and again due to a child. However, in the movie, the child died after their former house was gutted down. The character, in the movie, has visualizations of the daughter, and later in the movie, there is a character living in seclusion, in the house, behind the wallpaper. There are various remarkable differences between the yellow wallpaper movie and short story. To begin with, the horror aspect found in the movie is peculiar to the short story. The short story involves human characters alone who are living in a rented apartment while on vacation. The movie ends with infestation of the characters house by wolves. Another remarkable difference between the two pieces of art is the condition leading to their seclusion. In the short story, there is a case two newlyweds, Gilman and the husband, renting a house for the summer vacation. The woman had recently had a child. She was however suffering from post partum depression, a condition that saw her mental recess. In the movie, the condition arises from the burning up of their house. The fire reduced them to desperation until a stranger assists with an idea of a house. The man offers them carriage to their new home. Another difference arises from the cause of the trauma; Gilman, in the movie, unlike in the story, is depressed by the loss of her daughter Sarah, who was consumed by the fire. Other contradictions in the story arise from presence of other characters in the movie not present in the story. Jennie is seen bringing her friend who is reluctantly accepted into their house by her parents. The mode of seclusion in both cases differs as well; in the short stor

Analysis of Intrusion Detection Systems (IDS)

Analysis of Intrusion Detection Systems (IDS) Introduction Intrusion detection systems (IDS) were developed in 1990’s, when the network hackers and worms appeared, initially for the identification and reporting of such attacks. The intrusion detection systems didn’t have the ability to stop such attacks rather than detecting and reporting to the network personnel. The Intrusion Prevention Systems got both characteristics i.e. threat detection and prevention. The detection process analyzes the events for any possible threats while the intrusion prevention stops the detected possible threats and reports the network administrator. Purpose Scope The main purpose of the project is to evaluate the security capabilities of different types of IDPS technologies in maintaining the network security. It provides detail information about the different classes components of IDPS technologies, for example, detection methods, security capabilities, prevention capabilities internals of IDPS. It is mainly focused on different detection techniques responses by these technologies. 1.2 Audience The information can be useful for computer network administrators, network security personnel, who have little knowledge about these IDPS technologies. 1.3 Project Structure The project is organized into the following major structure: Section 2 provides a general introduction of IDPS. Section 3 provides detail information about of IDPS technologies, components architecture, detection methodologies, security capabilities prevention capabilities. Section 4 provides the internals of IDPS incident response. Section 2: Introduction of IDPS This Chapter Explains the Intrusion Detection Prevention Process, Uses, Functions and Different Types of IDPS The modern computer networks provide fast, reliable and critical information not only to small group of people but also to ever expanding group of users. This need led the development of redundant links, note book computers, wireless networks and many others. On one side, the development of these new technologies increased the importance and value of these access services and on other side they provide more paths to attacks. During the past, In the presence of firewalls and anti-virus software, organizations suffered huge losses in minutes to their businesses in terms of their confidentiality and availability to the legitimate clients. These modern threats highlighted the need for more advance protection systems. Intrusion detection prevention systems are designed to protect the systems and networks from any unauthorized access and damage. An intrusion is an active sequence of related events that deliberately try to cause harm, such as rendering system unusable, accessing unauthorized information or manipulating such information. In computer terminology, Intrusion detection is the process of monitoring the events in a computer network or a host resource and analyzing them for signs of possible incidents, deliberately or incidentally. The primary functions of IDPS are the identification of incident, logging information about them, stopping them preventing them from causing any damage. The security capabilities of IDPS can be divided into three main categories: Detection : Identification of malicious attacks on network host systems Prevention: stopping of attack from executing Reaction: Immunization of the system from future attacks. On the basis of location and type of events they monitor, there are two types IDPS technologies, host-based network based. The network-based IDPS monitors traffic for particular network segment and analyze the network application protocol activity for suspicious events. It is commonly deployed at the borders between networks. While on the other hand, host-based IDPS monitors the activity of a single host and events occurring within that host for suspicious activity. There are two complementary approaches in detecting intrusions, knowledge-based approach and behavior based approach. In knowledge-based approach an IDPS looks for specific traffic patterns called Signatures, which indicates the malicious or suspicious content while in the behavior-based approach an intrusion can be detected by observing a deviation from normal or unexpected behavior of the user or the system. What is an IDS? The Intrusion Detection Systems (IDS) can be defined as: tools, methods resources to identify, assess report unauthorized or unapproved network activity. It is the ability to detect attacks against a network or host and sending logs to management console providing the information about malicious attacks on the network and host resources. IDSs fall into two main categories: Host-Based Intrusion Detection System (HIDS): A HIDS system require some software that resides on the system and can scan all host resources for activity. It will log any activities it discovers to a secure database and check to see whether the events match any malicious event record listed in the knowledge base. Network-Based Intrusion Detection Systems (NIDS): A NIDS system is usually inline on the network and it analyzes network packets looking for attacks. A NIDS receives all packets on a particular network segment via one of several methods, such as taps or port mirroring. It carefully reconstructs the streams of traffic to analyze them for patterns of malicious behavior. The basic process for IDS is that it passively collects data and preprocesses and classifies them. Statistical analysis can be done to determine whether the information falls outside normal activity, and if so, it is then matched against a knowledge base. If a match is found, an alert is sent. Figure 1-1 outlines this activity. Response Manager GUI Host System Pre-processing Statistical Analysis Alert Manager Knowledge Base Long-Term Storage Signature Matching Fig 1.1 Standard IDS System What is an IPS? IPS technology has all capabilities of an intrusion detection system and can also attempt to stop possible incidents. IPS technologies can be differentiated from the IDS by one characteristic, the prevention capability. Once a threat is detected, it prevents the threat from succeeding. IPS can be a host-based (HIPS), which work best at protecting applications, or a network-based IPS (NIPS) which sits inline, stops and prevents the attack. A typical IPS performs the following actions upon the detection of an attack: IPS terminates the network connection or user session. It blocks access to target .i.e. IP address, user account or sever. It reconfigures the devices i.e. firewall, switch or router. It replace the malicious portion of an attack to make it benign An IPS typically consists of four main components: Traffic Normalizer: Interpret the network traffic and do packet analysis and packet reassembly traffic is fed into the detection engine service scanner. Service Scanner: Builds a reference table that classifies the information helps the traffic shaper manage the flow of the information. Detection Engine: Detection engine does pattern matching against the reference table. Figure 1.2 outlines this process: Response Manager GUI Traffic Normalizer System Scanner Detection Engine Alert Manager Reference Table Long-Term Storage Signature Matching FIG 1-2 Standard IPS Uses of IDPS Technologies The identification of possible incidents is the main focus of an IDPS, for example, if an intruder has successfully compromised a system by exploiting the vulnerability in the system, the IDPS could report this to the security personnel. Logging of information is another important function of IDPS. This information is vital for security people for further investigation of attack. IDPS has also the ability to identify the violation of security policy of an organization which could be intentionally or unintentionally, for example, an unauthorized access to a host or application. Identification of reconnaissance activity is one of the major capabilities of IDPS, which is the indication of an imminent attack, for example, scanning of hosts and ports for launching further attacks. In this case, an IDPS can either block the reconnaissance activity or it can alter the configurations of other network devices Functions of IDPS Technologies The main difference between different types of IDPS technologies is the type of events they can recognize. Following are some main functions; Recording of information regarding observed events, this information could be stored locally or could be sent to the logging server. Sending of alerts is one of the vital functions of IDPS. Alerts are sent through different methods i.e. email, SNMP traps, syslog messages etc. In case of detection of a new threat, some IDPS do have the ability to change their security profile, for example, when a new threat is detected, it might be able to collect more detail information about the threat. IDPS not only performs detection but it also performs prevention by stopping the threat to succeed. Following are some prevention capabilities: It can stop the attack by terminating either network connection or user session, by blocking access to a target host. It could change the configuration of other network devices (firewalls, routers switches) to block the attack or disrupt it. Some IDPS could change the contents of a malicious IP packet, for example, it can replace the header of an IP packet with a new one. Types of IDPS Technologies IDPS technologies can be divided into following two major categories: Network-Based IDPS Host-Based IDPS Network-Based IDPS Network-based IDPS monitors network traffic for a particular network segment. They analyze the network and application protocol activity to identify any suspicious activity. A network based IDPS is usually sits inline on the network and it analyzes network packets looking for attacks. It receives all packets on a particular network segment, including switched networks. It carefully reconstructs the streams of traffic to analyze them for patterns of malicious behavior. They are equipped with facilities to log their activities and report or alarm on questionable events. Main strengths of network-based IDPS are: Packet Analysis: Network-based IDPSs perform packet analysis. They examine headers of all IP packets for malicious contents. This helps in detection of the common denial of service (DOS) attack. For example, LAND attack, in which both the source destination addresses and source destination ports are same as of the target machine. This cause the target machine to open connection with itself, causing the target machine either performs slowly or crash. It can also investigate the payload of an IP packet for specific commands. Real Time Detection Response: Network-based IDPS detects attacks in real time as they are occurring in the real time and provides faster response. For example, if a hacker initiated a TCP based DoS attack, IDPS can drop the connection by sending a TCP reset. Malicious Content Detection: Network-based IDPS remove replaces suspicious portion of the attack. For example, if an email has infected attachment, an IDPS removes the infected file and permits the clean email. Evidence for Prosecution: Network-based IDPS monitors real time traffic and if an attack is detected and captured the hacker cannot remove the evidence. Because the captured attack has data in it but also the information about his or her identification which helps in the prosecution. Host-Based IDPS A Host-Based system monitors the characteristics of a single host and the events occurring within that host for suspicious activity. It require some software that resides on the system and monitors the network traffic, syslog, processes, file access modification and configuration or system changes. It logs any activities it discovers to a secure database and check to see whether the events match any malicious event record listed in the knowledge base. Some of the major strengths of Host-Based IDPS are as under: Verification of Attack: Host-based IDPS uses logs which contains events that have actually occurred. It has the advantage of knowing if the attack is successful or not. This type of detection is more accurate and generates fewer false alarms. Monitoring of Important Components: Host-Based IDPS monitors key components for example, executables files, specific DDLs and NT registry. All of these can cause damage to the host or network. System Specific Activity: Host-based IDPS monitors user and file access activity. It monitors the logoff or login procedure and monitors it on the basis of current policy. It also monitors the file access for example, opening of a non shared file. Switched Encrypted Environments: Host-Based IDPSs provide greater visibility into purely switched environment by residing on as many critical hosts as needed. Encryption is a challenging problem for network-based IDPS but not a major problem for host-based IDPS. If the host in question has log-based analysis the encryption will have no impact on what goes in to the log files. Near Real Time Detection: A host-based IDPS relies on the log analysis which is not a true real time analysis. But it can detect respond as soon as the log is written to and compared to the active attack signatures. Real Time Detection Response: Stack-based IDPS monitors the packets as they transverse the TCP/IP stack. It examines inbound outbound packets and examines in real time if an attack is being executed. If it detects an attack in real the time then it can responds to that attack in the real time. Section 2: IDPS Analysis Schemes IDPSs Perform Analysis: This Chapter is about the Analysis Process- What Analysis does and Different Phases of Analysis. 2.2 Analysis In the context of intrusion detection prevention, analysis is the organization of the constituent parts of data and their relationships to identify any anomalous activity of interest. Real time analysis is analysis done on the fly as the data travels the path to the network or host. The fundamental goal of intrusion-detection prevention analysis is to improve an information system’s security. This goal can be further broken down: Create records of relevant activity for follow-up. Determine flaws in the network by detecting specific activities. Record unauthorized activity for use in forensics or criminal prosecution of intrusion attacks. Act as a deterrent to malicious activity. Increase accountability by linking activities of one individual across system. 2.3 Anatomy of Intrusion Analysis There are many possible analysis schemes but in order to understand them, the intrusion process can be broken down into following four phases: Preprocessing Analysis Response Refinement 1. Pre-Processing Preprocessing is the key function once the data is collected from IDPS sensor. The data is organized in some fashion for classification. The preprocessing helps in determining the format the data are put into, which is usually some canonical format or could be a structured database. Once the data are formatted, they are broken down further into classifications. These classifications can depend on the analysis schemes being used. For example, if rule-based detection is being used, the classification will involve rules and patterns descriptors. If anomaly detection is used, then statistical profile based on different algorithms in which the user behavior is baseline over the time and any behavior that falls outside of that classification is flagged as an anomaly. Upon completion of the classification process, the data is concatenated and put into a defined version or detection template of some object by replacing variables with values. These detection templates populate the knowledgebase which are stored in the core analysis engine. 2. Analysis Once the processing is completed, the analysis stage begins. The data record is compared to the knowledge base, and the data record will either be logged as an intrusion event or it will be dropped. Then the next data record is analyzed. The next phase is response. 3. Response Once information is logged as an intrusion, a response is initiated. The inline sensor can provide real time prevention through an automated response. Response is specific to the nature of the intrusion or the different analysis schemes used. The response can be set to be automatically performed or it can be done manually after someone has manually analyzed the situation. 4. Refinement The final phase is the refinement stage. This is where the fine tuning of the system is done, based on the previous usage and detected intrusions. This gives the opportunity to reduce false-positive levels and to have a more accurate security tool. Analysis Process By Different Detection Methods The intrusion analysis process is solely depends on the detection method being used. Following is the information regarding the four phases of intrusion analysis by different detection methods: Analysis Process By Rule-Based Detection Rule-based detection, also known as signature detection, pattern matching and misuse detection. Rule-based detection uses pattern matching to detect known attack patterns. The four phases of intrusion analysis process applied in rule-based detection system are as under: Preprocessing: The data is collected about the intrusions, vulnerabilities and attacks and then it is putted down into classification scheme or pattern descriptors. From the classification scheme a behavior model is built and then into a common format; Signature Name: The given name of the signature Signature ID: The unique ID for the signature Signature Description: The description of the signature what it does Possible False Positive Description: An explanation of any â€Å"false positives† that may appear to be an exploit but are actually normal network activity. Related Vulnerability Information: This field has any related vulnerability information The pattern descriptors are typically either content-based signatures, which examine the payload and header of packet, or context-based signatures that evaluate only the packet headers to identify an alert. The pattern descriptors can be atomic (single) or composite (multiple) descriptors. Atomic descriptor requires only one packet to be inspected to identify an alert, while composite descriptor requires multiple packets to be inspected to identify an alert. The pattern descriptors are then put into a knowledge base that contains the criteria for analysis. Analysis: The event data are formatted and compared against the knowledge base by using pattern-matching analysis engine. The analysis engine looks for defined patterns that are known as attacks. Response: If the event matches the pattern of an attack, the analysis engine sends an alert. If the event is partial match, the next event is examined. Partial matches can only be analyzed with a stateful detector, which has the ability to maintain state, as many IDS systems do. Different responses can be returned depending on the specific event records. Refinement: Refinement of pattern-matching analysis comes down to updating signatures, because an IDS is only as good as its signature update. Analysis Process By Profile-Based Detection (Anomaly Detection) An anomaly is something that is different from the norm or that cannot be easily classified. Anomaly detection, also referred to as Profile-based detection, creates a profile system that flags any events that strays from a normal pattern and passes this information on to output routines. The analysis process by profile-based detection is as following: Preprocessing: The first step in the analysis process is collecting the data in which behavior considered normal on the network is baselined over a period of time. The data are put into a numeric form and then formatted. Then the information is classified into a statistical profile that is based on different algorithms is the knowledge base. Analysis: The event data are typically reduced to a profile vector, which is then compared to the knowledge base. The contents of the profile vector are compared to a historical record for that particular user, and any data that fall outside of the baseline of normal activity is labeled as deviation. Response: At this point, a response can be triggered either automatically or manually. Refinement: The profile vector history is typically deleted after a specific time. In addition, different weighting systems can be used to add more weight to recent behavior than past behaviors. Section 3: IDPS Technologies This section provides an overview of different technologies. It covers the major components, architecture, detection methodologies security capabilities of IDPS. Components Following are the major components and architecture of IDPS; Sensor Agents: Sensors Agents monitors and analyze the network traffic for malicious traffic. Sensor:The technologies that use sensors are network based intrusion detection prevention systems, wireless based intrusion detection prevention systems and network behavior analysis systems. Agents: The term â€Å"Agent† is used for Host-Based Intrusion detection prevention technologies. Database Server: The information recorded by the sensors and agents are kept safely in a database server. Console: A console is software that provides an interface for the IDPS users. Console software is installed on the administrator’s PC. Consoles are used for configuring, monitoring, updating and analyzing the sensors or agents. Management Server: It is a centralized device, receives information from sensors agents and manages that information. Some management server can also perform analysis on the information provided by sensor agents, for example correlation of events. Management server can be both appliance based or software based. 3.1 Network architecture IDPS components are usually connected with each other through organization’s network or through Management network. If they are connected through management network, each agent or sensor has additional interface known as management Interface that connects it to the management network. IDPS cannot pass any traffic between management interface and its network interface for security reasons. The components of an IDPS i.e. consoles and database servers are attached only with the Management network. The main advantage of this type of architecture is to hide its existence from hackers intruders and ensure it has enough bandwidth to function under DoS attacks Another way to conceal the information communication is to create a separate VLAN for its communication with the management. This type of architecture doesn’t provide a much protection as the management network does. 3.2 Security capabilities IDPS provide different security capabilities. Common security capabilities are information gathering, logging, detection and prevention. 3.2.1 Information gathering Some IDPS gather general characteristics of a network, for example, information of hosts and network. They identify the hosts, operating system and application they use, from observed activity. 3.2.2 Logging capabilities When a malicious activity is detected by the IDPS, it performs logging. Logs contain date time, event type, rating and prevention action if performed. This data is helpful in investigating the incident. Some network-based IDPS captures packet while host-based IDPS records user ID. IDPS technologies allow log to be store locally and send copies of centralized logging server i.e. syslog. 3.2.3 Detection capabilities The main responsibility of an IDPS is to detect malicious activity. Most IDPS uses combination of detection techniques. The accuracy and types of events they detect greatly depends on the type of IDPS. IDPS gives great results once they are properly tuned. Tuning gives more accuracy, detection and prevention. Following are some the tuning capabilities: Thresholds: It is a value that sets the limit for normal and abnormal behavior. For example, the number of maximum login attempts. If the attempts exceed the limit then it is considered to be anomalous. Blacklists Whitelists: A blacklist is list which contains TCP or UDP port numbers, users, applications, files extensions etc that is associated with malicious activity. A whitelist is a list of discrete entities that are known to be benign. Mainly used to reduce false positive. Alert Setting: It enables IDPS to suppress alerts if an attacker generates too much alerts in a short time and blocking all future traffic from that host. Suppressing of alerts provide IDPS from being overwhelmed. 3.2.4 Prevention Capabilities IDPS offers multiple prevention capabilities. The prevention capability can be configured for each type of alert. Depending on the type of IDPS, some IDPS sensors are more intelligent. They have learning simulation mode which enables them to know when an action should be performed-reducing the risk of blocking benign activity. 3.2.5 Types of Alarms When IDPS detects an intrusion it generates some types of alarms but no IDPS generates 100% true alarm. An IDPS can generate alarm for legitimate activity and can be failed to alarm when an actual attack occurs. These alarms can be categorized as: False Alarms: When an IDPS fails to accurately indicate what is actually happening in the network, it generates false alarms. False alarm fall into two main categories: False Positives: These are the most common type of alarms. False positive occurs when an IDPS generates alarm based on normal network activity. False Negatives: When an IDPS fails to generate an alarm for intrusion, it is called false negative. It happens when IDPS is programmed to detect ck but the attack went undetected. 2. True Alarms: When an IDPS accurately indicates what is actually happening in the network, it generates true alarms. True alarms fall into two main categories: True Positives: When an IDPS detects an intrusion and sends alarm correctly in response to actually detecting the attack in the traffic. True positive is opposite of false negative. True Negative: It represents a situation in which an IDPS signature does not send alarm when it is examining normal user traffic. This is the correct behavior. ARCHITECTURE DESIGHN Architecture design is of vital importance for the proper implementation of an IDPS. The considerations include the following: The location of sensors or agents. The reliability of the solutions the measurements to achieve that reliability. For example using of multiple sensors, for monitoring the same activity, as a backup. The number location of other components of IDPS for usability, redundancy and load balancing. The systems with which IDPS needs interfacing, including: System to which it provides the data i.e. log servers, management softwares. System to which it initiates the prevention responses i.e. routers, firewalls or switches. The systems used to manage the IDPS components i.e. network management software. The protection of IDPS communications on the standard network. 3.3 Maintenance Operation Mostly IDPS are operated maintained by user graphic interface called Console. It allows administrator to configure and update the sensors and servers as well as monitor their status. Console also allows users to monitor and analyze IDPS data and generate reports. Separate accounts could be setup for administrators and users. Command Line Interface (CLI) is also used by some IDPS products. CLI is used for local administration but it can be used for remote access through encrypted tunnel. 3.3.1 Common Use of Consoles Many consoles offer drill down facilities for example, if an IDPS generates an alert, it gives more detail information in layers. It also give extensive information to the user i.e. packet captures and related alerts. Reporting is an important function of console. User can configured the console to send reports at set time. Reports can be transferred or emailed to appropriate user or host. Users can obtain and customized reports according to their needs. 3.3.2 Acquiring applying updates There are two types of updates –software updates and signature updates. Software updates for enhancing the performance or functionality and fixing the bugs in IDPS while the signature updates for adding detection capabilities or refining existing capabilities. Software updates are not limited for any special component but it could include all or one of them i.e. sensor, console, server and agents. Mostly updates are available from the vendor’s web site. New Chapter Detection Methodologies Most IDPS uses multiple detection methodologies for broad accurate detection of threats but following are primary detection methodologies: Signature Based Detection Anomaly Based Detection Stateful Protocol Analysis 3.3.1 Signature Based Detection The term Signature refers to the pattern that corresponds to a known threat. In signature based detection, the predefined signatures, stored in a database, are compared with the network traffic for series of bytes or packet sequence known to be malicious, for example, an email with the subject of free screen savers and an attachment of screensavers.exe, which are characteristics of known form of malware Or a telnet

Brave New World - Is It A Warn :: essays research papers

Aldous Huxley wrote Brave New World in the 1930s. He made many future predictions and many or most of them have already come true but not to the extent that he writes about. The society in Brave New World is significantly different to the present one, and to the society in Huxley’s time. Aldous Huxley wrote Brave New World not as a warning, but as something to look forward to. The people in Brave New World are everything we, as a society, want to be. Mustapha Mond sums up the perfections of the society in Brave New World with an explanation he gave John: â€Å"The world’s perfect now. People are happy; they get what they want and they never want what they can’t get. They’re well off; they’re safe; they’re never ill; they’re not afraid of death; they’re blissfully ignorant of passion and old age; they’re plagued with no mothers or fathers; they’ve got no wives, or children, or lovers to feel strongly about . . . And if anything should go wrong, there’s soma.† (p. 177) In Brave New World’s society, everyone has a place to be. There are no people out of work, there are no homeless people, no one struggles financially and they haven’t a family nor a singular person that they have feelings for to worry about. They are all specially skilled to fit a specific job therefore they are always needed, and people cannot survive without each other. ‘Everyone works for everyone else. We can’t do without anyone.’ (p. 67) As the director pointed out, everyone is specially made for a particular job: â€Å"Ninety-six identical twins working ninety-six identical machines . . . You really know where you are. For the first time in history.† (p. 18)   Ã‚  Ã‚  Ã‚  Ã‚  These people are conditioned to be happy all day everyday. They love their jobs, they can have sex with anyone they desire, they have entertainments to amuse them, they never want what they can’t have and they don’t have any or many responsibilities. They do not go through any troublesome times, or periods where they can’t feel they can cope with the workload, or emotional problems. They do not spend their younger years looking for their dream jobs for they are conditioned so well that they love the job they are given and feel satisfied with it. They do not experience depression, sadness, or emotional and moral confusion.