The Extent to Which FDI Inflows have Influenced GDPGrowth in India

Dynamic Previous examinations on the effect of FDI on GDP presumed that there was no since quite a while ago run connection between the two. The Granger Casual examination gave this surmising. Sirari Bohra (2011) give a calculated structure to clarify the connection among GDP and FDI inflows.Advertising We will compose a custom article test on The Extent to Which FDI Inflows have Influenced GDPGrowth in India explicitly for you for just $16.05 $11/page Learn More Technology and information moves give the key signs to the relationship. The example on yearly FDI inflow as a level of GDP shows an exponential development after some time. Throughout the years, India’s FDI inflows have outperformed surges. There were more wellsprings of FDI inflow from the western half of the globe; be that as it may, Mauritius was the most elevated supporter. The administrations part got more FDI inflows. Acquaintance According with Chaturvedi (2011, p. 528), remote direct speculation (FDI) is a ty pe of long haul worldwide capital exchange implied for profitable movement combined with the reason for administrative control and the association in the administration of the outside organization. Sirari Bohra (2011) allude FDI as a device expected for monetary development by reinforcing the nearby capital, efficiency and work. Besides, it has a significant job in the neighborhood innovation progression, ideal usage of nearby labor, exchange balance, upgrading human expertise just as improving of the administrative limits. Likewise, FDI improves the neighborhood rivalry measures, expands decisions for the abroad market just as makes greater work openings. Chaturvedi (2011, p. 532) clarifies that FDI has extraordinarily impacted the accomplishment of monetary advancement in creating countries.Advertising Looking for exposition on business financial matters? How about we check whether we can support you! Get your first paper with 15% OFF Learn More Moreover, creating nations have pro fited incredibly from FDI inflows as a wellspring of remote financing. Inflows allude to inbound capital by remote speculators. Accessibility of exceptionally talented labor encourages the positive effect of FDI inflows on the financial development (GDP) (Agrawal Khan 2011, p. 74). Hansen Rand (2005) examined the presence of the Granger Casual nexus among FDI and GDP among chose creating nations. The examination information was gathered for more than 30 years. The discoveries demonstrated that there existed a two-way causal connection between the proportion and the degrees of GDP and FDI inflows. It was built up that the FDI to GDP proportion was not influenced over the long haul by the GDP. This disclosure shaped the bases for presuming that FDI affected GDP. FDI enlarges the pace of interest in a host nation bringing about a transitional ascent in per capita pay development. Proof on the FDI sway on GDP identifies with innovation and information moves (Jayachandran Seilan 2010, p. 74). This is caught in the New Growth Theory of the 1980s. In light of the calculation from twenty years information, deductions demonstrated that the FDI inflows into India have an irrelevant commitment to the genuine GDP. Information was gathered during the taming of the open entryway strategy. Figure 1: Conceptual Model for Relationship between FDI Inflows and GDP Growth Advertising We will compose a custom article test on The Extent to Which FDI Inflows have Influenced GDPGrowth in India explicitly for you for just $16.05 $11/page Learn More Adopted from Sirari Bohra (2011, p. 13) Literature Review Prior to 1991, India’s state organization applied solid command over modern venture by managing and cultivating inside driven financial advancement. The methodology utilized supported residential venture to the detriment of remote financial specialists and imports (Beena et al. n.d.). The nation experienced troubling turn of events and development. Imports were limited through controls just as high obligations. Therefore, the Indian procedure on FDI was tied in with turning around inflow convergence. The fundamental contention was to pad openings inside the neighborhood work showcase from the outside ostracizes; be that as it may, monetary wasteful aspects were presented at the appointed time. Intrigued outside financial specialists were confronted with bureaucratic methodology before gaining endorsements to set up organizations. These were intentionally presented through the Industries Development and Regulation Act (1951). Outside speculation enterprises wound up utilizing normal innovations underway procedures influencing their proficiency. This decreased outside capital and innovation causing challenges in accomplishing worldwide effectiveness and creation principles (Beena et al. n.d.). Because of overwhelming government invasion on the budgetary and banking segment; there was a ton of control of costs and credit portion. Little industry players pro fited a great deal from advances and borrowings. A few areas were held for government venture; in this manner, influencing serious offering. The legislature focussed on collecting reserve funds to quick track nearby venture as clarified in the Harrod-Domar development worldview (Beena et al. n.d.).Advertising Searching for exposition on business financial aspects? How about we check whether we can support you! Get your first paper with 15% OFF Find out More These agreed methodologies prompted money related tyranny achieved by unjustified cost changing just as credit favors. Harrod-Domar model examined connection among normal and justified patterns of development. Monetary issues were placed into point of view through short run apparatuses financial instruments. By the by, the Harrod-Domar model confronted solid analysis from the neo-old style financial aspects. Endogenous development model framed the third worldview clarifying FDI inflows relationship with GDP execution (Sahoo Mathiyazhagan 2002, p. 8). Post 1991, the mechanical and financial strategies were returned to regarding the key way to deal with FDI. A liberal methodology was received to animate speculation just as quicken financial development. Bureaucratic hindrances were annulled for most divisions aside from 18 industry types. Decreased boundaries of passage offered space to the fortification of the private division. During the new regulation, programmed endorsements were g ranted to FDI by the Reserve Bank of India (RBI). FDI profited by the freed off of overabundance innovation limitations and eminence expenses for innovation move. A portion of the Pro-FDI changes presented in the India’s open division undertakings concentrated on improving independence, lower imposing business model inside the open segment just as encourage privatization. Figure 2: A Framework on the Distribution of FDI Inflows in Manufacturing and Non-Manufacturing Sectors in India Reported in 2011 Adopted from Rao Dhar (2011, p. 55) There are hotspot zones inside India saw to have a generally high fascination for FDI venture. A portion of the hotspots have just changed over the potential into circumstances. Figure 3: Relative Attractiveness of Indian States to FDI Adopted from Nunnenkamp Stracke (2008, p. 63) Figure 4: Pattern of FDI Concentration Adopted from Nunnenkamp Stracke (2008, p. 64) Analysis Nunnenkamp Stracke (2008, p. 55) see that after the advancement of Indiaà ¢â‚¬â„¢s economy, FDI rose to over US$50 billion of every 2006, from under US$2 billion out of 1991. This inferred developing desires towards FDI inflows. By and by, the convergence of FDI inflow has not been adjusted over the state. All inclusive, India was appraised as the second most alluring goal for FDI inside the period somewhere in the range of 2008 and 2010. Figure 5: Yearly (between 1990 2008) FDI Flows to India Adopted from Virmani (2009, p. 19) It is clear that the FDI inflows into India outperform the exhibition of the surges. This implies greater speculation capital is discovering its way into India than the one made a beeline for an outside goal, especially as from 2006. Figure 6: Annual Growth Rate (in %) Trend for India’s FDI Inflows (somewhere in the range of 1991 and 2010) Data embraced from Ray (2012, p. 189) The FDI inflow execution in 1998-99, 1999-00, 2002-03 and 2002-03 demonstrate negative development rates. In any case, it is intriguing that on occasi on the FDI inflow went up by in excess of 100 percent. This suggests FDI inflows experience blasts and troughs. To a great extent, the FDI inflow pace of development was certain over the years. Figure 7: Tracking FDI Inflows inside the GDP Context Data received from Kareem (n.d.) The GDP execution has over the time permitted a positive reaction to the FDI inflow in India. The exponential development infers that there is an insignificant negative connection among GDP and FDI inflows. Sahoo Mathiyazhagan (2002, p. 2) clarify that the example watched couples FDI inflows with send out. Table 1: Cross-Sector Analysis of FDI Inflows (somewhere in the range of 2007 and 2011) Country 2007-08 (April-March) 2008-09 (April-March) 2009-10 (April-March) 2010-11 (for April ‘10) Cumulative Inflows (April ’00 - April ‘10) Mauritius 44483 50794 49633 2528 213434 Singapore 12319 15727 11295 1933 47080 USA 4377 8002 9230 404 37593 UK 4690 3840 3094 265 26263 Netherlands 2780 3922 42 83 312 20438 Japan 3336 1889 5670 1455 18350 Cyprus 3385 5983 7728 123 17900 Germany 2075 2750 2980 102 12571 France 583 2098 1437 184 7102 United Arab Emirates 1039 1133 3017 31 7054 Total FDI Inflows 98664 123025 123378 9854 526357 Adopted from Chaturvedi (2011, p. 530) Figure 8: Total FDI Inflows in Various Sectors in the Indian Economy (somewhere in the range of 2007 and 2011) Data embraced from Chaturvedi (2011, p. 530) The assorted variety of areas drawing in critical FDI inflows infers that speculator certainty is high over the segment range. The administrations division is profoundly alluring (representing a fifth of the FDI inflows). Among the critical areas, metallurgical businesses, oil gaseous petrol just as synthetics are the least appealing as far as FDI inflows. The development of fare items in India has not profited f

Little Victories Build Writers :: Writing Authors Literature Essays

Little Victories Build Writers In Chapter 12 of Creating Writers, Spandel flawlessly remarks on page 364 that â€Å"little triumphs assemble writers,† (Spandel 2001). This announcement, as short and basic as it might sound, was the fundamental subject from this week’s readings, regardless of whether it involves smaller than usual exercises on fiction, consistent input and modification, or offering positive recognition on students’ composing. It is the little adjustments, little consideration, and the little ‘point in the privilege direction’ that assists understudies with arriving at their potential as authors. There were such a large number of stories and models Spandel offered her crowd to show how significant the quality and mentality remarks are. I concur that criticism has been a promoter and impediment in my composition and I wager the greater part our LLED class could agree. I particularly cherished the instances of negative criticism or â€Å"unconstructive feedback† that’s excessively broad. â€Å"Be increasingly succinct, progressively explicit, and needs work,† have been seen very well. As instructors, we should stop this! I won't become an educator that understudies loathe composing for. We should adulate authors when they do well to expand their inspirations and yearnings to become fruitful scholars. I likewise significantly profited by her proposals to advance amendment and understudy composing. Taking a gander at a gathering as a short â€Å"chat,† taking a gander at the meeting as a way to show the understudy you care about their composition, and utilizing the meeting for skipping thoughts off one another (one on one), are some good thoughts. Companion survey and friend alter are two other important strategies for composing appraisal. I should concede, I didn’t think there was a perceptible contrast between the two strategies. I making the most of her clarifications of allocating letter evaluations to numeric-6 attribute reviewing. I was under the misguided judgment that a 5=A, 4=B, 3=C, etc. Spandel explained that well for me. Notwithstanding, I discover her assessment of evaluating unreasonable. I feel understudies need rivalry and an objective. Now and then it enables understudies if extraneous objectives to commend or start the students’ inherent objectives. Particularly in a period of raising and testing for guidelines, grades are vital and unavoidable.

University often wasted on teenagers, says UCAS chief

University often wasted on teenagers, says UCAS chief The OE Blog Mary Curnock Cook, chief executive of the Universities and Colleges Admissions Service (UCAS), says that university is sometimes wasted on the young because many school leavers end up choosing the wrong degree course. Too many teenagers, particularly those from middle-class backgrounds, seem to sleepwalk into university due to expectations from their parents, teachers and friends. Its seen to be the done thing so sure enough, they end up doing it and often without giving it proper thought. In a speech to head teachers Mary Curnock Cook said the penalties for students who choose the wrong course can be severe. Many drop out or dont do as well as they could. And all are saddled with large debts. The comments â€" to a meeting of the International Baccalaureate Schools and Colleges Association in London â€" follow the publication of figures showing that more than 26,000 students dropped out of university last year. Around one-in-15 undergraduates â€" 6.7 per cent â€" failed to complete the first year of their degree, while many more were forced to transfer to another course or university. On the subject of debt and the cost of university fees, Mrs Curnock Cook said that the introduction of higher tuition fees of up to £9,000 was having a positive effect as it forced more 18 and 19-year-olds to pause for thought before making applications. No doubt it is also giving lots of middle class parents a similar reason to question whether university should be the default path immediately after leaving school. The UCAS chief (who didnt go to university until her 40s) said more school leavers should consider deferring a degree until their 20s or 30s to ensure they make the right decision. Lots of universities report that older, more mature students generally get better results too. Of course, at whatever age a student decides to go to university, Oxbridge Essays provides a unique supporting role in helping students to make the most of their time, and to maximise their potential.

The Most Difficult Challenge My Generation Will Face Is...

The most difficult challenge my generation will face is pollution. Every living being has a job and a role to play in this world, but due to pollution and the disturbance it causes the balance of nature has now shifted. Over the past couple of decades, pollution has become an epidemic problem. The catastrophic impact it has on us is so severe that it even affects our water and air, the two most essential elements on which all life depends upon. Water is one of the most essential things humans need to survive. 75% of the human body is made of water and 70% of the earth is covered with water. Without water this world that we love would cease to exist. Over the past couple of decades, the water we’ve been drinking has been known to cause some health problems due to pollution. From minor illnesses such as rashes and diarrhea to major illnesses such as liver failure, respiratory problems and neurological effects. â€Å"Polluted drinking waters are a problem for about half of the world’s population. Each year there are about 250 million cases of water-based diseases, resulting in roughly 5 to 10 million deaths.† {http://www.pacinst.org}. To know that water, which we need to survive on is being contaminated to the point that it is posing a health threat to half the population is bothersome. We need water to survive and thrive on, and now we can’t even drink water without worrying what health risk the water poses. Polluting the water a few times is understandable and canShow MoreRelatedRenewable Energy And Solar Energy Essay1582 Words   |  7 Pagesis it clean and renewable, but it is also plentiful. This makes solar energy better option then the use of fossil fuel, however there are a couple of challenges with solar energy that must first be overcome before even thinking about cutting fossil fuels. For example, while solar panels do create energy from the sun, they are not very efficient. Most of today’s â€Å"commercial panels† only capture 10 to 20 percent or the sun’s energy which means the cost of solar energy is 3 to 6 times more expensiveRead MoreHip Hop And Its Influence On American Culture1008 Words   |  5 Pageswhich makes it one of the most influential culture in American. Hip hop has become one of the most vital, and profitable, forces in popular culture. Hip hop beats have influenced popular music genres from rock to jazz to reggae. Hip hop is a form of art which can be expressed through rap songs, break dancing, and graffiti art. The culture has become so popular that it has entered today’s fashion and modern language. Hip hop music is an extremely large part of today’s generation and a global genre, whichRead MoreThe Impact Of Social Media On Our Lives Essay1548 Words   |  7 Pageshas facilitated the form of communication among individuals. An example of this tool is none other than social network, the most powerful form of communication. Essentially, the world constant evolution over the years has triggered a high demand in modern technology and also changed the way humans interact. Social network, being the most influential weapon of our generation, has a great impact to impact in our lives both positively and negatively. Social network can be described as a computerizedRead MoreSustainability: For Our Dear Future Essay1651 Words   |  7 Pagesthat way causes problems such as air pollution and wa ter pollution which leads to bigger problems like human health therefore the environment has everything to do with human health. Sustainability creates and maintains quality conditions for humans and nature so we can all live in peace and harmony, whether it’s a social concern, an economic concern or any other concern; sustainability meets the needs of the present generation without jeopardizing future generations. Sustainability is vital to our futureRead MoreI Am More Enthusiastic About Service Learning1573 Words   |  7 PagesVolunteering has improved my life by gradually making a difference in my perspective of service learning. Bringing vision to my eyes, the ability to assist others in need is a feeling only describable if, and only if, you have experienced it yourself. Opening new doors in this journey of life, only can ecological service learning provides you with the keys to getting connected with the communities. Before, I stood as an individual who considered that I was not able to do anything on my own. I pointed fingersRead MoreMaking the Best Food Choices: Satisfying Environmental Requirements and Nutritional Requirements1046 Words   |  4 PagesIntroduction Todays society presents many challenges that were previously unseen in previous generations. The human way of life is threatened by over-consumption, greed and waste. Each individual can combat this trend by accepting responsibility for their environmental impact. The purpose of this essay is to analyze a personal meal in order to discover the sources of these items. Both the methods and the events of production will also be presented to demonstrate the environmental effort theseRead MoreIntroduction: The Case For Sustainability. Backing Up The1424 Words   |  6 Pagescase for sustainability Backing up the history of conceptual Sustainable Development discussed during the lectures and tutorials, which as a term was first used in the book â€Å"Limits to Growth† during 1972, in which it was argued that the world will face major ecological collapse in the next 100 years if the resource consumption continued in the current trend. At latter stage, formally the â€Å"World Commission on Environment and Development (WCED)†, that aimed to collectively bring countries to pursueRead MoreTechnology1849 Words   |  8 Pageslives in so many ways.  Technology is convenient and efficient.  It aids us to live life more conveniently by allowing us to do more in less effort.  It, then, becomes rather difficult to undermine the importance in which technology plays within our lives.  Many people have benefited from the invention of technology and would most often find it complicated to do without.  Year after year, technologies become reinvented through new ideas and the betterment of equipment and tools.  Thus, if an old technologyRead MoreHow I Address Conflicts Can Be A Difficult Task For Your Personal And Professional Life Essay2251 Words   |  10 Pagesprofessional life can be a difficult task. Gaining perspective on matters in which you carry deeply rooted emotions or have a large personal stake can be a challenge for even the most mature and established persons. This paper will attempt to take that step backwards and examine the conflicts I currently face in regards to my family, friends, coworkers, and society. After taking these things into considering I will attempt to forecast how these situations will influence conflict in my future. To gain aRead MoreEssay on Alternative Sources of Energy1916 Words   |  8 Pageslarge-scale through out the world. Energy sources available in the world include coal, nuclear, hydroelectric, gas, wind, solar, refuse-based, and biomass. In addition, fusion had been originally proposed as the long-term source. Every form of energy generation has advantages and disadvantages as shown below. Biogas is a mixture of methane (also known as marsh gas or natural gas, CH4) and carbon dioxide it is a renewable fuel produced from waste treatment. As methane is very hard to compress I see its

The Irony Of The Sinner - 1656 Words

While traveling through Hell, Dante the pilgrim encountered numerous sinners on each level, all prepared to tell their tales of misfortune and transgression. However, though some ask Dante to remember them or tell their stories on Earth, most of them speak for their own gain, not simply to educate Dante on the penalties of their sins. Each sinner appears to wallow in the past, isolating themselves in their sin and occasionally ignoring Dante as a person entirely. Even when these sinners find themselves physically trapped together with another soul, they remain lonely and miserable in their suffering: they have deprived themselves of the forgiveness and love God offered them and now must find something else to love. As they have rejected God, these sinners still seek to fill that void of emptiness to which they have forever condemned themselves. In Dante Alighieri’s Inferno, the irony of the sinner’s contrappaso reflects the irony that, even in the suffering they have br ought upon themselves, they have a misplaced love in their sin in place of the love God offered them. In Canto V, Dante encounters the Francesca and Paulo, who have thrown away their chance for heaven for one another, yet enjoyed the action of sinning itself more then each other’s company. As soon as Dante the pilgrim comes upon the pair, Francesca relates the tale of their sin, explaining how â€Å"this one, who never shall be parted from me, while all his body trembled, kissed my mouth†¦.that day we read noShow MoreRelatedGod Is A Problem Of Failure1367 Words   |  6 Pagesraised from the dead dieth no more; death hath no more dominion over him. For in that he died, he died unto sin once: but in that he liveth, he liveth unto God. Although the world is full of depravity and evilness, God’s continual love welcomes all sinners into the kingdom of heaven. Rhetoric used in this section: Allusion, Antithesis, Parallelism Vocabulary used in this section: depravity, austere, laud, innate Section 2: Thesis Argument Outline: Thesis stating the author, title, and centralRead MoreAnalysis Of `` Inferno And Thomas More s Satirical Dialogue `` Utopia ``1366 Words   |  6 PagesIrony is a common technique used by authors to keep readers engaged and make them think critically. Irony is prominent in various areas of literature including dialogue, setting, characters, and theme.. Dante’s Inferno and Thomas More’s Utopia are perfect examples of the use of irony as they utilized the various techniques throughout their stories. There are a plethora of accounts where irony is apparent, including the sceneries, dialogue, and titles that are portrayed in their work. This essay willRead MoreCriticism And Symbolism In Young Goodman Brown By Nathaniel Hawthorne1238 Words   |  5 PagesBrown† was written to show the guilt Hawthorne felt of having these Puritan roots. In â€Å"Young Goodman Brown,† Nathaniel Hawthorne emphasizes the hypocrisy of his histo rical religious roots of Puritan communities with the usage of symbolism and irony. Irony plays a major part in â€Å"Young Goodman Brown.† At the start of this narrative a Puritan husband leaves at sundown from his Puritan wife. â€Å"And Faith, as the wife was aptly named. . .† Here, Hawthorne shows he named Faith purposely, to symbolize GoodmanRead MoreThe Biblical Aspecst in the Poems A Stones Throw and The Woman Speaks to the Man who has Employed her Son881 Words   |  3 Pagesrealize that they were sinners as well. In Lorna Goodisons poem we see a woman experiencing pregnancy symptoms like a â€Å"a metallic tide† or vomiting. She raises her son as a mother and father because the father never there. The mother has great hope that her son will be a better man and pays her back for all her struggles; she sets no barrier to set him back from accomplishing his dreams. As her son grows up, he gets a job and sees his employer as a father figure but the irony lays in the fact thatRead MoreSalvation Langston Hughes Analysis804 Words   |  4 P agesreader the thoughts that go through the mind of a child, to demonstrate the irony of himself not actually being saved on that day in church. Hughes additionally supplements his thoughts in the essay through his use of syntax/diction and emotional appeals towards the audience. In his use of a childhood perspective throughout the essay, Hughes uncovers the thoughts that he had when the had been told that the was a â€Å"young sinner† and that he needed to see Jesus in order to be saved. In being a childRead More The Pardoner from Chaucers Canterbury Tales Essay665 Words   |  3 Pagesanonymous hoodlums to whom the narrator gives no distinctive characteristics. We are introduced to these three drunken rioters who are on a quest to find death, after their friend dies from the plague. During their venture, we are introduced to the irony of this tale, as each of the men agree to die for one another. As they embark on their quest for death, they encounter an old man who they treat impolitely, asking him why he still alive. He completes their quest for death, when he informs themRead MoreThe Genre of Southern Gothic in A Good Man Is Hard to Find Essay1347 Words   |  6 Pagesto go to Tennessee to see her friends, but the dramatic irony of them actually meeting the Misfit and the situation they get in, is another typical characteristic of Southern writing. The situational irony of the grandmother becoming a good, enlightened person after the short conversation she has with the Misfit in the story also shows how it is in the genre of southern gothic. She reaches out to him, after realizing that she is a sinner, and tries to redeem herself. She dies with a smile onRead MoreAgamemnan, The Inferno, Don Quixote Essay1232 Words   |  5 Pagesthemes. * Set among the ruling family of Argos, Aeschylus’s Agamemnon examines the topic of justice: ancient eye-for-an-eye progressing toward modern disinterested justice, attributing all to the gods. Similarly, in Dante Alighieri’s Inferno each sinner is placed in a punishment to fit his crime: divine perfection of justice. * Miguel de Cervantes approaches the other side of justice, Don Quixote questions what happens when an antiquated or fictional moral code is put into play in a different timeRead MoreThe Black Cat- Suspense, Irony, Symbolism894 Words   |  4 Pagesthe majority of his readers’ feelings, or emotions. He has mastered the art of writing by disciplining himself to use specific words and styles in which he can affect his readers in any way he chooses to make them think or feel. Poe uses suspense, irony, and symbolism to seize his readers’ attention in almost every single one of his stories. Poe effectively uses these expressions to cause each of his readers to experience a certain emotion or feeling while reading his stories. In Poe’s story â€Å"TheRead MoreRobert Browning s Dramatic Monologue953 Words   |  4 PagesBrowning develops his characters really well. Throughout the monologue Browning shows the true character of the person by not only what the character is speaking, but also by â€Å"idiomatic language, patterns of imagery, speech rhythms, and unintended ironies† (The Longman Anthology of British Literature, 1323). A good example of one of Browning’s dramatic monologues is The Bishop Orders His Tomb at Saint Praxed’s Church. In this monologue the main character is a Bishop who is trying to order a very extravagant

Case Study 1 Generative Software Development Free Essays

Case Study 1: Generative Software Development Advanced Software Engineering –CIS 518 February 17, 2013 Case Study 1: Generative Software Development Generative software development is a development that permits products to be produced automatically through different specifications. This type of development happens in two phases the first phase consist of the domain engineers developing the product down to generating the software mechanisms. Once development is completed, then each individual product is produced. We will write a custom essay sample on Case Study 1: Generative Software Development or any similar topic only for you Order Now The normal software development process would normally consist of several different models that have a particular set of task that have to be set forth during a certain point during the process. The software development process happens over a series of activities and depending on the development model will determine what activities will take place at any given time during the process verse the Generative software development happens in two phases with specifications that are already determined at the start of the development. Developing generative software would benefit an organization because this allows for automation to software development. Many companies develop software but it is so generic and takes intense processes where the whole software is based on coding from scratch which can be possibly be used by any software. With the use of languages like FORTRAN and C will have less of an impact of the software quality and the length and speed of the development will not be effected (Iseger, 2010). Moving toward automation will give developers more room to come up with software solutions and the complier with automatically produce lower assemblers. This would streamline the organizations software with less downtime, easier maintenance and convert everything to an automated system. With the use of generative software development would save developers time in the end from having to redevelop codes from scratch which risk defects because of incorrect coding etc. The challenges that would be faced with implementing the generative software development process in organization would be to ensure that all software and systems could be integrated and automated without any delays or downtime. There would also be a problem with saving old data that is not used any longer saving and archiving information without the loss of any data during the transfer. Making sure that the development team understands the new process and how the implementation will take place. These challenges will be easy to overcome first thing would be to test as much as possible before implementation to try and catch any errors that may come up and make sure all of the developers are using and coding the new application with the desired language that was chosen for the application. Also having a back place to store the data before integrating the data so that just in case the data is lost during the implementation there is a back-up location to access any of the organizations data. Developer will had had several training sessions on the new process and there will be at least three meeting a week during implementation to ensure everyone is on the same page and to make sure that the process is running smoothly to have a successful implementation. The generative software development process might be applied to an organizations development process to quickly automate the system and create a streamline of applications that work and can be integrated without several phases to follow before implementation can occur. This can be used for organizations that are looking to automate all of their data and system applications to increase productivity enhance the security, provide data back up and data storage. The organization can use the Domain Specific Modelling, which is an approach that applies generative programming in order to improve the software applications development quality and boost the developer productivity. The move towards 3GL is the key to achieving 400% productivity (Iseger, 2010). The first step to the use of DSM is to identify the solution and come up with a illustration by using critical thinking and relating the problem to the domain. However, the use of a UML is most commonly used to provide a full model solution. Creating a visual depiction of the application model provides a blue print of the software application which programmers can use these specifications but now in the programming language. When creating the application the use of programming concepts by raising the level of abstractions will help with developing the system concept. The Organization can create the system specifications by using the concepts and rules based on the company’s products produced. Creating the application in the concept of using domains verse classes enhances the applications speed and makes it much easier to develop. This will allow the application to be more streamlined to the data and make it easier program as a whole. Creating classes all of the data has to somehow link together for the classes to retrieve the correct data but the use of DSM will eliminate that. References Iseger, M. (2010, July 23). Domain-specific modeling for generative software development. Retrieved from http://www. developerfusion. com/article/84844/domainspecific-modeling-for-generative-software-development/ Lawerence Pfleeger, S. (2010). Software engineering. (4th ed. ). Upper Saddle River, NJ: Pearson. How to cite Case Study 1: Generative Software Development, Free Case study samples

The Global Village

The global village is characterized by widespread use of advanced information and communication technologies .American physiologist, Manuel Castells has termed it ‘network society’ whereby we run our lives using â€Å"computers, network technologies [] telecommunication [tools] †¦Ã¢â‚¬ (152).This has greatly changed our social structures (151).Advertising We will write a custom essay sample on The Global Village specifically for you for only $16.05 $11/page Learn More In the global village, government influence and control has weakened in economic, cultural, political and social dimensions unlike in the past. This has been attributed to novel information and communication technologies ( Castells 155). The powers of most government have been decentralized to local and regional levels â€Å"in an effort to regain legitimacy vis-à  -vis, their citizen† (Castells 155). This shift in power base is claimed to have been brought about by â€Å"mobile and liquid† capital that has been made possible by advanced information and communication technologies (Sassen, n.pag). It is claimed nations are ‘giving up’ their sovereignty in preference to ‘shared’ sovereignty, mainly through international bodies (EU,NATO ,UN Organizations etc), with other states that results in a collective and stronger influence over other nations (Castells 155). Cities: With increased globalization, some cities are increasingly taking a significant role in running of world affairs than national governments. Saskia Sassen, a professor of Urban Planning at Columbia believes that major cities of the world have the potential to create â€Å"economic geography†. She further states that cities are critical due to the fact that they are the hearts of the telecommunication infrastructure, the driving force of globalization and will continue to serve as â€Å"centers for coordination, control and servicing of g lobal capital†. Globalization has also brought about great changes in structures of cities and urban centers in areas such as workforce, settlement, size and design (Hall 144). The effects of globalization are much visible in cities. This has made the issue of the future of these cities to come under close scrutiny. Global economy: The economy of the global village is a large network of small economies in which financial markets are major player (Castells 155). This economy is dynamic, rides on information technologies and is â€Å"heavily dependent on knowledge and information† (154).The global economy is a said to be a network of â€Å"firms, segments of firms, segments of governments, segments of public sector and non-governmental organizations† (Castells 154). This type of economy is also characterized by â€Å"flexible work arrangement† (Castells 155.)Advertising Looking for essay on geography? Let's see if we can help you! Get your first paper w ith 15% OFF Learn More Culture: Global cities are multicultural, owing to among other factors, deregulation and privatization of economies that has attracted foreign workers and traders setting in a wave of immigration all over the world (Sassen, n.pag). Corporate culture is emerging to be dominant over other cultures and identities. Previously localized cultures in western countries are fast spreading (Sassen, n.pag). Major global cities share similar cultures. The global village is increasingly facing challenges in terms of unequal development especially widening income disparity, unemployment ,collapse of small businesses as a result of multinationals ‘international monopoly’ ,shift of attention from manufacturing to financial services among others (Sassen, n.pag).Their causes ,however, remain debatable. Conclusion: With emerging superior information technologies every day, change is inevitable. Such changes may sustain the global villages as we currently kn ow it but it may be in a very different scale and proportion. More research is needed on this topic. Works Cited Castells, Manuel. â€Å"The Contours of Network Society†. Foresight 2.2. ( 2000). Camford Publishing. Web. Hall, Peter. â€Å"The End of The City?†City7:2(2003).Carfax Publishing. Web. Sassen, Saskia. â€Å"Global City: Strategic Site/New Frontier.† Global Tension Conference. 2001 Web. This essay on The Global Village was written and submitted by user Olivia Watkins to help you with your own studies. You are free to use it for research and reference purposes in order to write your own paper; however, you must cite it accordingly. You can donate your paper here.

40 Idioms with First

40 Idioms with First 40 Idioms with First 40 Idioms with First By Mark Nichol Many expressions include the word first, often referring to beginnings or initial experiences. Here is a list of idiomatic phrases featuring the word, and their meanings. 1. First aid: medical care for minor injuries such as mild abrasions, cuts, bruises, and burns 2. First among equals: the sentiment that a leader is merely the premier person among his or her colleagues 3. First base: the first step or stage in a process or procedure, from baseball terminology 4. First blood: referring to the rite of passage of a hunter making a first kill 5. (At) first blush: referring to reconsideration of one’s initial thought 6. First call: the right to priority in use of something 7. First cause: the philosophical concept of the original self-created cause of which all other causes are by-products 8. First chair: the lead musician among those playing a particular instrument in an orchestra (such as first violin) 9. First class: the best category of travel accommodations, or the best in terms of performance or quality 10. First come, first served: the principle that the customer who arrives first is given priority 11. First cousin: a son or daughter of one’s aunt or uncle 12. First crack: the earliest chance or opportunity 13. First dance: the tradition of the guests of honor being the first couple on the dance floor to start a ball or other dance event 14. First dibs: see â€Å"first call† 15. First down: the first in a series of plays in American football after one team takes possession of the ball from the other team 16. First edition: the initial publication of a book 17. First estate: the clergy as the highest of the three orders of society in the Middle Ages and for some time afterward (the others were the nobility and the common people) 18. First floor: the ground floor (in American English usage) or the second floor (in British English usage) 19. First flush (of success): an initial period of achievement (the term is also used technically to refer to the initial runoff of rainwater after a storm) 20. First glance: a superficial examination or review 21. (At) first hand: with direct experience (as an adjective, firsthand) 22. First impression: the initial evaluation of information or an experience, generally before having time to consider or ponder 23. First lady: the wife of a government’s leader 24. First leg: the first part of a journey 25. First light: the earliest part of day 26. First night: the evening of a premiere performance, or the premiere performance itself 27. (In the) first place: in the beginning, or as an initial consideration 28. (Right of) first refusal: the privilege of being able to accept or reject an offer or proposal before anyone else is given consideration 29. (Love at) first sight: the sentiment of an instant romantic connection 30. (The) first step (is always the hardest): the notion that starting a task is the most difficult part 31. (Cast the) first stone: used to refer to hypocritical behavior akin to throwing a stone at someone as punishment for a crime when the thrower may be culpable for the same crime or another one 32. First string: the group of athletes who participate from the beginning an athletic competition, as opposed to players who may substitute for first-string teammates at some point; by extension, the best among any group 33. (Don’t) know the first thing about: the model for an expression stating that someone is unacquainted with even the basics of a certain procedure or topic 34. First things first: refers to the importance of considering the relative priority of steps 35. First-timer: someone engaging or participating in some activity the person has not done before 36. First water: the highest quality, especially in gems but also said figuratively of people of high character 37. First world: the developed, industrialized nations 38. (If at) first you don’t succeed (try again): the sentiment that one should persist after initial failure 39. Ladies first: a sentiment that, according to proper etiquette, females should have priority in passing through a doorway or into another area 40. Shoot first (and ask questions later): referring to the supposed wisdom, in a confrontation, of disabling a potential adversary first and then ascertaining whether the person is in fact a foe Want to improve your English in five minutes a day? Get a subscription and start receiving our writing tips and exercises daily! Keep learning! Browse the Expressions category, check our popular posts, or choose a related post below:20 Words with More Than One Spelling20 Words Meaning "Being or Existing in the Past"Quiet or Quite?

How to Order Coffee in France

How to Order Coffee in France If you think ordering coffee in a French cafà © or bar is the same as back home, you might be in for an unpleasant surprise. Ask for un cafà © and youll be presented with a tiny cup of espresso, and if you then request milk, youre likely to get a dirty look or sigh of exasperation. Whats the problem? Le Cafà © Franà §ais In France, un cafà ©, which may also be called un petit cafà ©, un cafà © simple, un cafà © noir, un petit noir, un cafà © express, or un express, is an espresso: a tiny cup of strong black coffee. Thats what the French drink, so thats what the simple word cafà © refers to. Many visitors to France, however, prefer a large cup of filtered, relatively weak coffee, which in France is known as un cafà © amà ©ricain or un cafà © filtre. If you like the taste but not the strength of espresso, order un cafà © allongà © and youll get an espresso in a large cup which you can dilute with hot water. On the other hand, if youd like something even stronger than espresso, ask for un cafà © serrà ©. In the unlikely event that you find a place serving iced coffee, it will be called cafà © glacà ©. For decaffeinated coffee, add the word dà ©ca to your order: un cafà © dà ©ca, un cafà © amà ©ricain dà ©ca, etc. Du Lait, Sil Vous Plaà ®t If you want milk, you have to order it with the coffee: un cafà © au lait, un cafà © crà ¨me, un crà ¨me - espresso with hot milk (large cup)un cappuccino - espresso with foamed milk (large cup)un cafà © noisette, une noisette - espresso with a dash of milk or a spoonful of foam (small cup) Et Du Sucre? You dont need to ask for sugar - if its not already on the bar or table, it will arrive with your coffee, in little envelopes or cubes. (If its the latter, you can do like the French and faire un canard: dip a sugar cube in your coffee, wait a moment for it to turn brown, and then eat it.) Coffee Notes At breakfast, the French like to dip croissants and day-old baguettes into cafà © crà ¨me - indeed, thats why it comes in such a large cup or even a bowl. But breakfast is the only meal at which coffee is consumed (1) with milk and (2) with food. The French drink un express after lunch and dinner, which means after- not with- dessert. French coffee is not meant to be consumed on the street, so theres no takeaway. But if youre in a hurry, drink your petit cafà © standing up at the bar, rather than sitting at a table. Youll be rubbing elbows with locals, and youll save money to boot. (Some cafà ©s have three different prices: bar, indoor table, and outdoor table.) Un cafà © lià ©geois is not a drink, but rather a dessert: a coffee ice cream sundae. (Youre also likely to encounter un chocolat lià ©geois.) Other Hot Drinks un chocolat - hot chocolateun thà © - black teaun thà © vert - green teaune tisane, une infusion - herbal tea In the mood for something different? This article has an extensive list of other drinks and their French pronunciations.

Federal Trade Commission and Merger - Arbitron, Nielsen Research Paper

Federal Trade Commission and Merger - Arbitron, Nielsen - Research Paper Example This implies that for any merger to be acceptable it must comply with the business laws as provided by the government. For example, in US, Federal Trade Commission (FTC) is an agency that has been established by the government to ensure unfair business practices are avoided. Additionally, FTC is responsible for prevention of fraudulent business strategies that would jeopardize not only the shareholders investments but also the consumer’s money. Another notable function of FTC is to create a competitive business atmosphere. In this way, the negativities of monopoly as well as price discriminative policies are addressed. During the merging and acquisition processes, it is imperative for managers and directors to engage all the stakeholders that include the shareholders, creditors, auditors and other investors. This paper aims at discussing the merger between Arbitron, and Nielsen companies and the implications of FTC on the merger. Nielsen Holdings is an American based firm that deals in providing its local and global clients with information regarding the behaviors of their consumers in the market. With its headquarters based in New York and in Netherlands, the company operates in more than 100 countries in various regions world wide. In this regard, the company enjoys wide market segment that places it at a competitive position. Key people who oversee the operations of the company includes David Calhoun and Rick Kash, the CEO and the vice chair respectively. Other individuals in the management team include Brian West, Steve Hasker, Mary Liz, Mitchell Habib and Itzhak Fisher among others. One of the notable aspects that have contributed to the success of the company is the establishment of quality services that are highly demanded by companies that are focused at facing off the various challenges in the local and international markets. The three key products by Nielsen include provision of consumer information, market measurement as well as consumer resea rch. Nielsen has been involved in a number of business strategies that have not only positive impact on its capital base but also in its marketing strategies. These include strategic alliances, mergers as well as acquisitions. Some of the companies that the company has either acquired or formed a merger with include WPP Group, VNU, Buzzmetrics, Blackstone Group, IAG Research, The Cambridge Group and more recently Arbitron among others1. Arbitron is a US based firm with its headquarters in Columbia, Maryland. Having been founded in 1949 by Jim Seiler, the company original services included collection of television ratings that it adopted during the research process2. Just like Nielsen Holdings, Arbitron is engaged in a number of mergers immediately after it was established. Some of the notable companies that the company has merged with include Cooper, Clay and Coffin. In a deal that was aimed at making the company more competitive in the global market, Arbitron merged with Nielsen Ho ldings in 2012 resulting into change of names to Nielsen Audio. Key person who oversee the acquisition process was Sean Creamer, the company chief executive officer. Summary about the merger between Arbitron and Nielsen Arbitron and Nielsen Companies have for a long time been used by firms to provide with information regarding the consumption of their brands. Based on the need for two firms to improve their market

Occupy wall street movement Essay Example | Topics and Well Written Essays - 1500 words

Occupy wall street movement - Essay Example The sentiment becomes contagious and spreads to all countries of the world. 1. What are the Moral and economic implications involved in the movement?   Moral implications of the movement reflect in recklessness on the part of few powerful corporations as in the case of Enron or powerful industry like financial services as in the case of subprime crisis which has not only affected various stakeholders and the nation, but destroyed the fabric of the system. The government’s policies in dealing with the crises have been in favour of the corporations at the cost of the common man. Pittman (2008) states that â€Å"Without the government money, Goldman, Merrill Lynch & Co.,  Morgan Stanley, Deutsche Bank AG and other firms could have become some of the biggest creditors in a bankruptcy filing by AIG, the world's largest insurer, because of its billions in losses on  subprime bonds  and corporate debt.† Disintegration of the system over a period of time is the root cau se of various economic and social issues which led to the uprising of this movement. The decay in the system erodes the values of democracy and demoralizes our capitalist society. The renaissance in thinking which forms the basis for the movement indicates the spiritual strength of the society and the nation which calls for a change. Economic development in a country is possible and sustainable only in a healthy society with equality in opportunities. Moral and economic implications are inseparable. Tax cuts to the rich corporate companies in the name of encouraging industrial development, and subsidies in the name of social welfare to protect insurance companies and financial deregulation measures in the garb of liberalization, hitherto gone unnoticed by the public or misinterpreted in press to the benefit of big corporate entities have been brought under public debate. This has given rise to the questions related to issues such as morality of the corporations and relevance of the capitalism. Greed of the companies, for example pharmaceutical companies and the patent laws which protect them in their exploitation of the general public has become the common subject for public discussion. The dilemma of common men in prioritizing their resources even between rent and food under inflationary conditions led them to unite under â€Å"We are the 99%† that reflects the economic inequality and lack of distribution of wealth. It is now believed that increase in wealth of 1% can be equated to the losses of the rest. Since Wall Street symbolizes the economic power of 1%, it lends focus to the agitations. Poverty has become the single most economic issue to be tackled by the nation, and obviously, this responsibility cannot be left to the 1%, going by the experience. The technological innovations in the field of software development and telecommunication though increased the complexities in the manipulation of the system by the corporations on the one hand the same developments and rise of social networks have opened new opportunities and avenues for cohesiveness in the society and its self-realization. 2. How can we theoretically analyze the implications? According to utilitarian theory, good actions form the basis for overall happiness. The underlying cause of actions in the case of subprime crisis or other major financial scams is greediness on the part of the corporate companie

Technology for Network Security

Technology for Network Security 2.0 CHAPTER TWO 2.1 INTRODUCTION The ever increasing need for information technology as a result of globalisation has brought about the need for an application of a better network security system. It is without a doubt that the rate at which computer networks are expanding in this modern time to accommodate higher bandwidth, unique storage demand, and increase number of users can not be over emphasised. As this demand grows on daily bases, so also, are the threats associated with it. Some of which are, virus attacks, worm attacks, denial of services or distributed denial of service attack etc. Having this in mind then call for swift security measures to address these threats in order to protect data reliability, integrity, availability and other needed network resources across the network. Generally, network security can simply be described as a way of protecting the integrity of a network by making sure authorised access or threats of any form are restricted from accessing valuable information. As network architecture begins to expand, tackling the issue of security is becomes more and more complex to handle, therefore keeping network administrators on their toes to guard against any possible attacks that occurs on daily basis. Some of the malicious attacks are viruses and worm attacks, denial of service attacks, IP spoofing, cracking password, Domain Name Server (DNS) poisoning etc. As an effort to combat these threats, many security elements have been designed to tackle these attacks on the network. Some of which includes, firewall, Virtual Private Network (VPN), Encryption and Decryption, Cryptography, Internet Protocol Security (IPSec), Data Encryption Standard (3DES), Demilitarised Zone, (DMZ), Secure Shell Layer (SSL) etc. This chapter starts by briefly discussi ng Internet Protocol (IP), Transmission Control Protocol (TCP), User datagram Protocol (UDP), Internet Control Message Protocol (ICMP), then discussed the Open system interconnection (OSI) model and the protocols that operate at each layer of the model, network security elements, followed by the background of firewall, types and features of firewalls and lastly, network security tools. 2.2 A BRIEF DESCRIPTION OF TCP, IP, UDP AND ICMP 2.2.1 DEFINITION Going by the tremendous achievement of the World Wide Web (internet), a global communication standard with the aim of building interconnection of networks over heterogeneous network is known as the TCP/IP protocol suite was designed (Dunkels 2003; Global Knowledge 2007; Parziale et al 2006). The TCP/IP protocol suite is the core rule used for applications transfer such as File transfers, E-Mail traffics, web pages transfer between hosts across the heterogeneous networks (Dunkels 2003; Parziale et al 2006). Therefore, it becomes necessary for a network administrator to have a good understanding of TCP/IP when configuring firewalls, as most of the policies are set to protect the internal network from possible attacks that uses the TCP/IP protocols for communication (Noonan and Dobrawsky 2006). Many incidents of network attacks are as a result of improper configuration and poor implementation TCP/IP protocols, services and applications. TCP/IP make use of protocols such as TCP, UDP, IP, ICMP etc to define rules of how communication over the network takes place (Noonan and Dobrawsky 2006). Before these protocols are discussed, this thesis briefly looks into the theoretical Open Systems Interconnection (OSI) model (Simoneau 2006). 2.2.2 THE OSI MODEL The OSI model is a standardised layered model defined by International Organization for Standardization (ISO) for network communication which simplifies network communication to seven separate layers, with each individual layer having it own unique functions that support immediate layer above it and at same time offering services to its immediate layer below it (Parziale et al 2006; Simoneau 2006). The seven layers are Application, Presentation, Session Transport, Network, Data, Link and Physical layer. The first three lower layers (Network, Data, Link and Physical layer) are basically hardware implementations while the last four upper layers (Application, Presentation, Session and Transport) are software implementations. Application Layer This is the end user operating interface that support file transfer, web browsing, electronic mail etc. This layer allows user interaction with the system. Presentation Layer This layer is responsible for formatting the data to be sent across the network which enables the application to understand the message been sent and in addition it is responsible for message encryption and decryption for security purposes. Session Layer This layer is responsible for dialog and session control functions between systems. Transport layer This layer provides end-to-end communication which could be reliable or unreliable between end devices across the network. The two mostly used protocols in this layer are TCP and UDP. Network Layer This layer is also known as logical layer and is responsible for logical addressing for packet delivery services. The protocol used in this layer is the IP. Data Link Layer This layer is responsible for framing of units of information, error checking and physical addressing. Physical Layer This layer defines transmission medium requirements, connectors and responsible for the transmission of bits on the physical hardware (Parziale et al 2006; Simoneau 2006). 2.2.3 INTERNET PROTOCOL (IP) IP is a connectionless protocol designed to deliver data hosts across the network. IP data delivery is unreliable therefore depend on upper layer protocol such as TCP or lower layer protocols like IEEE 802.2 and IEEE802.3 for reliable data delivery between hosts on the network.(Noonan and Dobrawsky 2006) 2.2.4 TRANSMISSION CONTROL PROTOCOL (TCP) TCP is a standard protocol which is connection-oriented transport mechanism that operates at the transport layer of OSI model. It is described by the Request for Comment (RFC) 793. TCP solves the unreliability problem of the network layer protocol (IP) by making sure packets are reliably and accurately transmitted, errors are recovered and efficiently monitors flow control between hosts across the network. (Abie 2000; Noonan and Dobrawsky 2006; Simoneau 2006). The primary objective of TCP is to create session between hosts on the network and this process is carried out by what is called TCP three-way handshake. When using TCP for data transmission between hosts, the sending host will first of all send a synchronise (SYN) segment to the receiving host which is first step in the handshake. The receiving host on receiving the SYN segment reply with an acknowledgement (ACK) and with its own SYN segment and this form the second part of the handshake. The final step of the handshake is the n completed by the sending host responding with its own ACK segment to acknowledge the acceptance of the SYN/ACK. Once this process is completed, the hosts then established a virtual circuit between themselves through which the data will be transferred (Noonan and Dobrawsky 2006). As good as the three ways handshake of the TCP is, it also has its short comings. The most common one being the SYN flood attack. This form of attack occurs when the destination host such as the Server is flooded with a SYN session request without receiving any ACK reply from the source host (malicious host) that initiated a SYN session. The result of this action causes DOS attack as destination host buffer will get to a point it can no longer take any request from legitimate hosts but have no other choice than to drop such session request (Noonan and Dobrawsky 2006). 2.2.5 USER DATAGRAM PROTOCOL (UDP) UDP unlike the TCP is a standard connectionless transport mechanism that operates at the transport layer of OSI model. It is described by the Request for Comment (RFC) 768 (Noonan and Dobrawsky 2006; Simoneau 2006). When using UDP to transfer packets between hosts, session initiation, retransmission of lost or damaged packets and acknowledgement are omitted therefore, 100 percent packet delivery is not guaranteed (Sundararajan et al 2006; Postel 1980). UDP is designed with low over head as it does not involve initiation of session between hosts before data transmission starts. This protocol is best suite for small data transmission (Noonan and Dobrawsky 2006). 2.2.6 INTERNET CONTROL MESSAGE PROTOCOL (ICMP). ICMP is primarily designed to identify and report routing error, delivery failures and delays on the network. This protocol can only be used to report errors and can not be used to make any correction on the identified errors but depend on routing protocols or reliable protocols like the TCP to handle the error detected (Noonan and Dobrawsky 2006; Dunkels 2003). ICMP makes use of the echo mechanism called Ping command. This command is used to check if the host is replying to network traffic or not (Noonan and Dobrawsky 2006; Dunkels 2003). 2.3 OTHER NETWORK SECURITY ELEMENTS. 2.3.1 VIRTUAL PRIVATE NETWORK (VPN) VPN is one of the network security elements that make use of the public network infrastructure to securely maintain confidentiality of information transfer between hosts over the public network (Bou 2007). VPN provides this security features by making use of encryption and Tunneling technique to protect such information and it can be configured to support at least three models which are Remote- access connection. Site-to-site ( branch offices to the headquarters) Local area network internetworking (Extranet connection of companies with their business partners) (Bou 2007). 2.3.2 VPN TECHNOLOGY VPN make use of many standard protocols to implement the data authentication (identification of trusted parties) and encryption (scrambling of data) when making use of the public network to transfer data. These protocols include: Point-to-Point Tunneling Protocol PPTP [RFC2637] Secure Shell Layer Protocol (SSL) [RFC 2246] Internet Protocol Security (IPSec) [RFC 2401] Layer 2 Tunneling Protocol (L2TP) [RFC2661] 2.3.2.1 POINT-TO-POINT TUNNELING PROTOCOL [PPTP] The design of PPTP provides a secure means of transferring data over the public infrastructure with authentication and encryption support between hosts on the network. This protocol operates at the data link layer of the OSI model and it basically relies on user identification (ID) and password authentication for its security. PPTP did not eliminate Point-to-Point Protocol, but rather describes better way of Tunneling PPP traffic by using Generic Routing Encapsulation (GRE) (Bou 2007; Microsoft 1999; Schneier and Mudge 1998). 2.3.2.2 LAYER 2 TUNNELING PROTOCOL [L2TP] The L2TP is a connection-oriented protocol standard defined by the RFC 2661which merged the best features of PPTP and Layer 2 forwarding (L2F) protocol to create the new standard (L2TP) (Bou 2007; Townsley et al 1999). Just like the PPTP, the L2TP operates at the layer 2 of the OSI model. Tunneling in L2TP is achieved through series of data encapsulation of the different levels layer protocols. Examples are UDP, IPSec, IP, and Data-Link layer protocol but the data encryption for the tunnel is provided by the IPSec (Bou 2007; Townsley et al 1999). 2.3.2.3 INTERNET PROTOCOL SECURITY (IPSEC) [RFC 2401] IPSec is a standard protocol defined by the RFC 2401 which is designed to protect the payload of an IP packet and the paths between hosts, security gateways (routers and firewalls), or between security gateway and host over the unprotected network (Bou 2007; Kent and Atkinson 1998). IPSec operate at network layer of the OSI model. Some of the security services it provides are, authentication, connectionless integrity, encryption, access control, data origin, rejection of replayed packets, etc (Kent and Atkinson 1998). 2.3.3.4 SECURE SOCKET LAYER (SSL) [RFC 2246] SSL is a standard protocol defined by the RFC 2246 which is designed to provide secure communication tunnel between hosts by encrypting hosts communication over the network, to ensure packets confidentiality, integrity and proper hosts authentication, in order to eliminate eavesdropping attacks on the network (Homin et al 2007; Oppliger et al 2008). SSL makes use of security elements such as digital certificate, cryptography and certificates to enforce security measures over the network. SSL is a transport layer security protocol that runs on top of the TCP/IP which manage transport and routing of packets across the network. Also SSL is deployed at the application layer OSI model to ensure hosts authentication (Homin et al 2007; Oppliger et al 2008; Dierks and Allen 1999). 2.4 FIREWALL BACKGROUND The concept of network firewall is to prevent unauthorised packets from gaining entry into a network by filtering all packets that are coming into such network. The word firewall was not originally a computer security vocabulary, but was initially used to illustrate a wall which could be brick or mortar built to restrain fire from spreading from one part of a building to the other or to reduce the spread of the fire in the building giving some time for remedial actions to be taken (Komar et al 2003). 2.4.1BRIEF HISTORY OF FIREWALL Firewall as used in computing is dated as far back as the late 1980s, but the first set of firewalls came into light sometime in 1985, which was produced by a Ciscos Internet work Operating System (IOS) division called packet filter firewall (Cisco System 2004). In 1988, Jeff Mogul from DEC (Digital Equipment Corporation) published the first paper on firewall. Between 1989 and 1990, two workers of the ATT Bell laboratories Howard Trickey and Dave Persotto initiated the second generation firewall technology with their study in circuit relays called Circuit level firewall. Also, the two scientists implemented the first working model of the third generation firewall design called Application layer firewalls. Sadly enough, there was no published documents explaining their work and no product was released to support their work. Around the same year (1990-1991), different papers on the third generation firewalls were published by researchers. But among them, Marcus Ranums work received the most attention in 1991 and took the form of bastion hosts running proxy services. Ranums work quickly evolved into the first commercial product—Digital Equipment Corporations SEAL product (Cisco System 2004). About the same year, work started on the fourth generation firewall called Dynamic packet filtering and was not operational until 1994 when Check Point Software rolled out a complete working model of the fourth generation firewall architecture. In 1996, plans began on the fifth generation firewall design called the Kernel Proxy architecture and became reality in 1997 when Cisco released the Cisco Centri Firewall which was the first Proxy firewall produced for commercial use (Cisco System 2004). Since then many vendor have designed and implemented various forms of firewall both in hardware and software and till date, research works is on going in improving firewalls architecture to meet up with ever increasing challenges of network security. 2.5 DEFINITION According to the British computer society (2008), Firewalls are defence mechanisms that can be implemented in either hardware or software, and serve to prevent unauthorized access to computers and networks. Similarly, Subrata, et al (2006) defined firewall as a combination of hardware and software used to implement a security policy governing the flow of network traffic between two or more networks. The concept of firewall in computer systems security is similar to firewall built within a building but differ in their functions. While the latter is purposely designed for only one task which is fire prevention in a building, computer system firewall is designed to prevent more than one threat (Komar et al 2003).This includes the following Denial Of Service Attacks (DoS) Virus attacks Worm attack. Hacking attacks etc 2.5.1 DENIAL OF SERVICE ATTACKS (DOS) â€Å"Countering DoS attacks on web servers has become a very challenging problem† (Srivatsa et al 2006). This is an attack that is aimed at denying legitimate packets to access network resources. The attacker achieved this by running a program that floods the network, making network resources such as main memory, network bandwidth, hard disk space, unavailable for legitimate packets. SYN attack is a good example of DOS attacks, but can be prevented by implementing good firewall polices for the secured network. A detailed firewall policy (iptables) is presented in chapter three of this thesis. 2.5.2 VIRUS AND WORM ATTACKS Viruses and worms attacks are big security problem which can become pandemic in a twinkle of an eye resulting to possible huge loss of information or system damage (Ford et al 2005; Cisco System 2004). These two forms of attacks can be programs designed to open up systems to allow information theft or programs that regenerate themselves once they gets into the system until they crashes the system and some could be programmed to generate programs that floods the network leading to DOS attacks. Therefore, security tools that can proactively detect possible attacks are required to secure the network. One of such tools is a firewall with good security policy configuration (Cisco System 2004). Generally speaking, any kind of firewall implementation will basically perform the following task. Manage and control network traffic. Authenticate access Act as an intermediary Make internal recourses available Record and report event 2.5.3 MANAGE AND CONTROL NETWORK TRAFFIC. The first process undertaken by firewalls is to secure a computer networks by checking all the traffic coming into and leaving the networks. This is achieved by stopping and analysing packet Source IP address, Source port, Destination IP address, Destination port, IP protocol Packet header information etc. in order decide on what action to take on such packets either to accept or reject the packet. This action is called packet filtering and it depends on the firewall configuration. Likewise the firewall can also make use of the connections between TCP/IP hosts to establish communication between them for identification and to state the way they will communicate with each other to decide which connection should be permitted or discarded. This is achieved by maintaining the state table used to check the state of all the packets passing through the firewall. This is called stateful inspection (Noonan and Dobrawsky 2006). 2.5.4 AUTHENTICATE ACCESS When firewalls inspects and analyses packets Source IP address, Source port, Destination IP address, Destination port, IP protocol Packet header information etc, and probably filters it based on the specified security procedure defined, it does not guarantee that the communication between the source host and destination host will be authorised in that, hackers can manage to spoof IP address and port action which defeats the inspection and analysis based on IP and port screening. To tackle this pit fall over the network, an authentication rule is implemented in firewall using a number of means such as, the use of username and password (xauth), certificate and public keys and pre-shared keys (PSKs).In using the xauth authentication method, the firewall will request for the source host that is trying to initiate a connection with the host on the protected network for its username and password before it will allow connection between the protected network and the source host to be establi shed. Once the connection is been confirmed and authorised by the security procedure defined, the source host need not to authenticate itself to make connection again (Noonan and Dobrawsky 2006). The second method is using certificates and public keys. The advantage of this method over xauth is that verification can take place without source host intervention having to supply its username and password for authentication. Implementation of Certificates and public keys requires proper hosts (protected network and the source host) configuration with certificates and firewall and making sure that protected network and the source host use a public key infrastructure that is properly configured. This security method is best for big network design (Noonan and Dobrawsky 2006). Another good way of dealing with authentication issues with firewalls is by using pre-shared keys (PSKs). The implementation of PSKs is easy compare to the certificates and public keys although, authentication still occur without the source host intervention its make use of an additional feature which is providing the host with a predetermined key that is used for the verification procedure (Noonan and Dobrawsky 2006). 2.5.5 ACT AS AN INTERMEDIARY When firewalls are configured to serve as an intermediary between a protected host and external host, they simply function as application proxy. The firewalls in this setup are configured to impersonate the protected host such that all packets destined for the protected host from the external host are delivered to the firewall which appears to the external host as the protected host. Once the firewalls receive the packets, they inspect the packet to determine if the packet is valid (e.g. genuine HTTT packet) or not before forwarding to the protected host. This firewall design totally blocks direct communication between the hosts. 2.5.6 RECORD AND REPORT EVENTS While it is good practise to put strong security policies in place to secure network, it is equally important to record firewalls events. Using firewalls to record and report events is a technique that can help to investigate what kind of attack took place in situations where firewalls are unable to stop malicious packets that violate the access control policy of the protected network. Recording this event gives the network administrator a clear understanding of the attack and at the same time, to make use of the recorded events to troubleshoot the problem that as taken place. To record these events, network administrators makes use of different methods but syslog or proprietary logging format are mostly used for firewalls. However, some malicious events need to be reported quickly so that immediate action can be taken before serious damage is done to the protected network. Therefore firewalls also need an alarming mechanism in addition to the syslog or proprietary logging format whe n ever access control policy of the protected network is violated. Some types of alarm supported by firewalls include Console notification, Simple Network Management Protocol (SNMP), Paging notification, E-mail notification etc (Noonan and Dobrawsky 2006). Console notification is a warning massage that is presented to the firewall console. The problem with this method of alarm is that, the console needs to be monitored by the network administrator at all times so that necessary action can be taken when an alarm is generated. Simple Network Management Protocol (SNMP) notification is implemented to create traps which are transferred to the network management system (NMS) monitoring the firewall. Paging notification is setup on the firewall to deliver a page to the network administrator whenever the firewall encounters any event. The message could be an alphanumeric or numeric depending on how the firewall is setup. E-mail notification is similar to paging notification, but in this case, the firewall send an email instead to proper address. 2.6 TYPES OF FIREWALLS Going by firewall definition, firewalls are expected to perform some key functions like, Application Proxy, Network Translation Address, and Packet filtering. 2.6.1 APPLICATION PROXY This is also known as Application Gateway, and it acts as a connection agent between protected network and the external network. Basically, the application proxy is a host on the protected network that is setup as proxy server. Just as the name implies, application proxy function at the application layer of the Open System Interconnection (OSI) model and makes sure that all application requests from the secured network is communicated to the external network through the proxy server and no packets passes through from to external network to the secured network until the proxy checks and confirms inbound packets. This firewall support different types of protocols such as a Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP) and Simple Mail Transport Protocol (SMTP) (Noonan and Dobrawsky 2006; NetContinuum 2006). 2.6.2 NETWORK ADDRESS (NAT) NAT alter the IP addresses of hosts packets by hiding the genuine IP addresses of secured network hosts and dynamically replacing them with a different IP addresses (Cisco System 2008; Walberg 2007). When request packets are sent from the secured host through the gateway to an external host, the source host address is modified to a different IP address by NAT.  When the reply packets arrives at the gateway, the NAT then replaces the modified address with genuine host address before forwarding it to the host (Walberg 2007).The role played by NAT in a secured network system makes it uneasy for unauthorized access to know: The number of hosts available in the protected network The topology of the network The operating systems the host is running The type of host machine (Cisco System 2008). 2.6.3 PACKET FILTERING. â€Å"Firewalls and IPSec gateways have become major components in the current high speed Internet infrastructure to filter out undesired traffic and protect the integrity and confidentiality of critical traffic† (Hamed and Al-Shaer 2006). Packet filtering is based on the lay down security rule defined for any network or system. Filtering traffic over the network is big task that involves comprehensive understanding of the network on which it will be setup. This defined policy must always be updated in order to handle the possible network attacks (Hamed and Al-Shaer 2006). 2.6.4 INSTRUCTION DETECTION SYSTEMS. Network penetration attacks are now on the increase as valuable information is being stolen or damaged by the attacker. Many security products have been developed to combat these attacks. Two of such products are Intrusion Prevention systems (IPS) and Intrusion Detection Systems (IDS). IDS are software designed to purposely monitor and analysed all the activities (network traffic) on the network for any suspicious threats that may violate the defined network security policies (Scarfone and Mell 2007; Vignam et al 2003). There are varieties of methods IDS uses to detect threats on the network, two of them are, anomaly based IDS, and signature based IDS. 2.6.4.1 ANOMALY BASED IDS Anomaly based IDS is setup to monitor and compare network events against what is defined to be normal network activities which is represented by a profile, in order to detect any deviation from the defined normal events. Some of the events are, comparing the type of bandwidth used, the type of protocols etc and once the IDS identifies any deviation in any of this events, it notifies the network administrator who then take necessary action to stop the intended attack (Scarfone and Mell 2007). 2.6.4.2 SIGNATURE BASED IDS Signature based IDS are designed to monitor and compare packets on the network against the signature database of known malicious attacks or threats. This type of IDS is efficient at identifying already known threats but ineffective at identifying new threats which are not currently defined in the signature database, therefore giving way to network attacks (Scarfone and Mell 2007). 2.6.5 INTRUSION PREVENTION SYSTEMS (IPS). IPS are proactive security products which can be software or hardware used to identify malicious packets and also to prevent such packets from gaining entry in the networks (Ierace et al 2005, Botwicz et al 2006). IPS is another form of firewall which is basically designed to detect irregularity in regular network traffic and likewise to stop possible network attacks such as Denial of service attacks. They are capable of dropping malicious packets and disconnecting any connection suspected to be illegal before such traffic get to the protected host. Just like a typical firewall, IPS makes use of define rules in the system setup to determine the action to take on any traffic and this could be to allow or block the traffic. IPS makes use of stateful packet analysis to protect the network. Similarly, IPS is capable of performing signature matching, application protocol validation etc as a means of detecting attacks on the network (Ierace et al 2005). As good as IPS are, they also have t heir downsides as well. One of it is the problem of false positive and false negative. False positive is a situation where legitimate traffic is been identified to be malicious and thereby resulting to the IPS blocking such traffic on the network. False negative on the other hand is when malicious traffic is be identified by the IPS as legitimate traffic thereby allowing such traffic to pass through the IPS to the protected network (Ierace N et al 2005). 2.7 SOFTWARE AND HARDWARE FIREWALLS 2.7.1 SOFTWARE FIREWALLS Software-based firewalls are computers installed software for filtering packets (Permpootanalarp and Rujimethabhas 2001). These are programs setup either on personal computers or on network servers (Web servers and Email severs) operating system. Once the software is installed and proper security polices are defined, the systems (personal computers or servers) assume the role of a firewall. Software firewalls are second line of defence after hardware firewalls in situations where both are used for network security. Also software firewalls can be installed on different operating system such as, Windows Operating Systems, Mac operating system, Novel Netware, Linux Kernel, and UNIX Kernel etc. The function of these firewalls is, filtering distorted network traffic. There are several software firewall some of which include, Online Armor firewall, McAfee Personal Firewall, Zone Alarm, Norton Personal Firewall, Black Ice Defender, Sygate Personal Firewall, Panda Firewall, The DoorStop X Fi rewall etc (Lugo Parker 2005). When designing a software firewall two keys things are considered. These are, per-packet filtering and a per-process filtering. The pre-packet filter is design to search for distorted packets, port scan detection and checking if the packets are accepted into the protocol stack. In the same vein, pre-process filter is the designed to check if a process is allowed to begin a connection to the secured network or not (Lugo and Parker 2005). It should be noted that there are different implantations of all Firewalls. While some are built into the operating system others are add-ons. Examples of built-in firewalls are windows based firewall and Linux based. 2.7.2 WINDOWS OPERATING SYSTEM BASED FIREWALL. In operating system design, security features is one important aspect that is greatly considered. This is a challenge the software giant (Microsoft) as always made sure they implement is their products. In the software industry, Mi Technology for Network Security Technology for Network Security 2.0 CHAPTER TWO 2.1 INTRODUCTION The ever increasing need for information technology as a result of globalisation has brought about the need for an application of a better network security system. It is without a doubt that the rate at which computer networks are expanding in this modern time to accommodate higher bandwidth, unique storage demand, and increase number of users can not be over emphasised. As this demand grows on daily bases, so also, are the threats associated with it. Some of which are, virus attacks, worm attacks, denial of services or distributed denial of service attack etc. Having this in mind then call for swift security measures to address these threats in order to protect data reliability, integrity, availability and other needed network resources across the network. Generally, network security can simply be described as a way of protecting the integrity of a network by making sure authorised access or threats of any form are restricted from accessing valuable information. As network architecture begins to expand, tackling the issue of security is becomes more and more complex to handle, therefore keeping network administrators on their toes to guard against any possible attacks that occurs on daily basis. Some of the malicious attacks are viruses and worm attacks, denial of service attacks, IP spoofing, cracking password, Domain Name Server (DNS) poisoning etc. As an effort to combat these threats, many security elements have been designed to tackle these attacks on the network. Some of which includes, firewall, Virtual Private Network (VPN), Encryption and Decryption, Cryptography, Internet Protocol Security (IPSec), Data Encryption Standard (3DES), Demilitarised Zone, (DMZ), Secure Shell Layer (SSL) etc. This chapter starts by briefly discussi ng Internet Protocol (IP), Transmission Control Protocol (TCP), User datagram Protocol (UDP), Internet Control Message Protocol (ICMP), then discussed the Open system interconnection (OSI) model and the protocols that operate at each layer of the model, network security elements, followed by the background of firewall, types and features of firewalls and lastly, network security tools. 2.2 A BRIEF DESCRIPTION OF TCP, IP, UDP AND ICMP 2.2.1 DEFINITION Going by the tremendous achievement of the World Wide Web (internet), a global communication standard with the aim of building interconnection of networks over heterogeneous network is known as the TCP/IP protocol suite was designed (Dunkels 2003; Global Knowledge 2007; Parziale et al 2006). The TCP/IP protocol suite is the core rule used for applications transfer such as File transfers, E-Mail traffics, web pages transfer between hosts across the heterogeneous networks (Dunkels 2003; Parziale et al 2006). Therefore, it becomes necessary for a network administrator to have a good understanding of TCP/IP when configuring firewalls, as most of the policies are set to protect the internal network from possible attacks that uses the TCP/IP protocols for communication (Noonan and Dobrawsky 2006). Many incidents of network attacks are as a result of improper configuration and poor implementation TCP/IP protocols, services and applications. TCP/IP make use of protocols such as TCP, UDP, IP, ICMP etc to define rules of how communication over the network takes place (Noonan and Dobrawsky 2006). Before these protocols are discussed, this thesis briefly looks into the theoretical Open Systems Interconnection (OSI) model (Simoneau 2006). 2.2.2 THE OSI MODEL The OSI model is a standardised layered model defined by International Organization for Standardization (ISO) for network communication which simplifies network communication to seven separate layers, with each individual layer having it own unique functions that support immediate layer above it and at same time offering services to its immediate layer below it (Parziale et al 2006; Simoneau 2006). The seven layers are Application, Presentation, Session Transport, Network, Data, Link and Physical layer. The first three lower layers (Network, Data, Link and Physical layer) are basically hardware implementations while the last four upper layers (Application, Presentation, Session and Transport) are software implementations. Application Layer This is the end user operating interface that support file transfer, web browsing, electronic mail etc. This layer allows user interaction with the system. Presentation Layer This layer is responsible for formatting the data to be sent across the network which enables the application to understand the message been sent and in addition it is responsible for message encryption and decryption for security purposes. Session Layer This layer is responsible for dialog and session control functions between systems. Transport layer This layer provides end-to-end communication which could be reliable or unreliable between end devices across the network. The two mostly used protocols in this layer are TCP and UDP. Network Layer This layer is also known as logical layer and is responsible for logical addressing for packet delivery services. The protocol used in this layer is the IP. Data Link Layer This layer is responsible for framing of units of information, error checking and physical addressing. Physical Layer This layer defines transmission medium requirements, connectors and responsible for the transmission of bits on the physical hardware (Parziale et al 2006; Simoneau 2006). 2.2.3 INTERNET PROTOCOL (IP) IP is a connectionless protocol designed to deliver data hosts across the network. IP data delivery is unreliable therefore depend on upper layer protocol such as TCP or lower layer protocols like IEEE 802.2 and IEEE802.3 for reliable data delivery between hosts on the network.(Noonan and Dobrawsky 2006) 2.2.4 TRANSMISSION CONTROL PROTOCOL (TCP) TCP is a standard protocol which is connection-oriented transport mechanism that operates at the transport layer of OSI model. It is described by the Request for Comment (RFC) 793. TCP solves the unreliability problem of the network layer protocol (IP) by making sure packets are reliably and accurately transmitted, errors are recovered and efficiently monitors flow control between hosts across the network. (Abie 2000; Noonan and Dobrawsky 2006; Simoneau 2006). The primary objective of TCP is to create session between hosts on the network and this process is carried out by what is called TCP three-way handshake. When using TCP for data transmission between hosts, the sending host will first of all send a synchronise (SYN) segment to the receiving host which is first step in the handshake. The receiving host on receiving the SYN segment reply with an acknowledgement (ACK) and with its own SYN segment and this form the second part of the handshake. The final step of the handshake is the n completed by the sending host responding with its own ACK segment to acknowledge the acceptance of the SYN/ACK. Once this process is completed, the hosts then established a virtual circuit between themselves through which the data will be transferred (Noonan and Dobrawsky 2006). As good as the three ways handshake of the TCP is, it also has its short comings. The most common one being the SYN flood attack. This form of attack occurs when the destination host such as the Server is flooded with a SYN session request without receiving any ACK reply from the source host (malicious host) that initiated a SYN session. The result of this action causes DOS attack as destination host buffer will get to a point it can no longer take any request from legitimate hosts but have no other choice than to drop such session request (Noonan and Dobrawsky 2006). 2.2.5 USER DATAGRAM PROTOCOL (UDP) UDP unlike the TCP is a standard connectionless transport mechanism that operates at the transport layer of OSI model. It is described by the Request for Comment (RFC) 768 (Noonan and Dobrawsky 2006; Simoneau 2006). When using UDP to transfer packets between hosts, session initiation, retransmission of lost or damaged packets and acknowledgement are omitted therefore, 100 percent packet delivery is not guaranteed (Sundararajan et al 2006; Postel 1980). UDP is designed with low over head as it does not involve initiation of session between hosts before data transmission starts. This protocol is best suite for small data transmission (Noonan and Dobrawsky 2006). 2.2.6 INTERNET CONTROL MESSAGE PROTOCOL (ICMP). ICMP is primarily designed to identify and report routing error, delivery failures and delays on the network. This protocol can only be used to report errors and can not be used to make any correction on the identified errors but depend on routing protocols or reliable protocols like the TCP to handle the error detected (Noonan and Dobrawsky 2006; Dunkels 2003). ICMP makes use of the echo mechanism called Ping command. This command is used to check if the host is replying to network traffic or not (Noonan and Dobrawsky 2006; Dunkels 2003). 2.3 OTHER NETWORK SECURITY ELEMENTS. 2.3.1 VIRTUAL PRIVATE NETWORK (VPN) VPN is one of the network security elements that make use of the public network infrastructure to securely maintain confidentiality of information transfer between hosts over the public network (Bou 2007). VPN provides this security features by making use of encryption and Tunneling technique to protect such information and it can be configured to support at least three models which are Remote- access connection. Site-to-site ( branch offices to the headquarters) Local area network internetworking (Extranet connection of companies with their business partners) (Bou 2007). 2.3.2 VPN TECHNOLOGY VPN make use of many standard protocols to implement the data authentication (identification of trusted parties) and encryption (scrambling of data) when making use of the public network to transfer data. These protocols include: Point-to-Point Tunneling Protocol PPTP [RFC2637] Secure Shell Layer Protocol (SSL) [RFC 2246] Internet Protocol Security (IPSec) [RFC 2401] Layer 2 Tunneling Protocol (L2TP) [RFC2661] 2.3.2.1 POINT-TO-POINT TUNNELING PROTOCOL [PPTP] The design of PPTP provides a secure means of transferring data over the public infrastructure with authentication and encryption support between hosts on the network. This protocol operates at the data link layer of the OSI model and it basically relies on user identification (ID) and password authentication for its security. PPTP did not eliminate Point-to-Point Protocol, but rather describes better way of Tunneling PPP traffic by using Generic Routing Encapsulation (GRE) (Bou 2007; Microsoft 1999; Schneier and Mudge 1998). 2.3.2.2 LAYER 2 TUNNELING PROTOCOL [L2TP] The L2TP is a connection-oriented protocol standard defined by the RFC 2661which merged the best features of PPTP and Layer 2 forwarding (L2F) protocol to create the new standard (L2TP) (Bou 2007; Townsley et al 1999). Just like the PPTP, the L2TP operates at the layer 2 of the OSI model. Tunneling in L2TP is achieved through series of data encapsulation of the different levels layer protocols. Examples are UDP, IPSec, IP, and Data-Link layer protocol but the data encryption for the tunnel is provided by the IPSec (Bou 2007; Townsley et al 1999). 2.3.2.3 INTERNET PROTOCOL SECURITY (IPSEC) [RFC 2401] IPSec is a standard protocol defined by the RFC 2401 which is designed to protect the payload of an IP packet and the paths between hosts, security gateways (routers and firewalls), or between security gateway and host over the unprotected network (Bou 2007; Kent and Atkinson 1998). IPSec operate at network layer of the OSI model. Some of the security services it provides are, authentication, connectionless integrity, encryption, access control, data origin, rejection of replayed packets, etc (Kent and Atkinson 1998). 2.3.3.4 SECURE SOCKET LAYER (SSL) [RFC 2246] SSL is a standard protocol defined by the RFC 2246 which is designed to provide secure communication tunnel between hosts by encrypting hosts communication over the network, to ensure packets confidentiality, integrity and proper hosts authentication, in order to eliminate eavesdropping attacks on the network (Homin et al 2007; Oppliger et al 2008). SSL makes use of security elements such as digital certificate, cryptography and certificates to enforce security measures over the network. SSL is a transport layer security protocol that runs on top of the TCP/IP which manage transport and routing of packets across the network. Also SSL is deployed at the application layer OSI model to ensure hosts authentication (Homin et al 2007; Oppliger et al 2008; Dierks and Allen 1999). 2.4 FIREWALL BACKGROUND The concept of network firewall is to prevent unauthorised packets from gaining entry into a network by filtering all packets that are coming into such network. The word firewall was not originally a computer security vocabulary, but was initially used to illustrate a wall which could be brick or mortar built to restrain fire from spreading from one part of a building to the other or to reduce the spread of the fire in the building giving some time for remedial actions to be taken (Komar et al 2003). 2.4.1BRIEF HISTORY OF FIREWALL Firewall as used in computing is dated as far back as the late 1980s, but the first set of firewalls came into light sometime in 1985, which was produced by a Ciscos Internet work Operating System (IOS) division called packet filter firewall (Cisco System 2004). In 1988, Jeff Mogul from DEC (Digital Equipment Corporation) published the first paper on firewall. Between 1989 and 1990, two workers of the ATT Bell laboratories Howard Trickey and Dave Persotto initiated the second generation firewall technology with their study in circuit relays called Circuit level firewall. Also, the two scientists implemented the first working model of the third generation firewall design called Application layer firewalls. Sadly enough, there was no published documents explaining their work and no product was released to support their work. Around the same year (1990-1991), different papers on the third generation firewalls were published by researchers. But among them, Marcus Ranums work received the most attention in 1991 and took the form of bastion hosts running proxy services. Ranums work quickly evolved into the first commercial product—Digital Equipment Corporations SEAL product (Cisco System 2004). About the same year, work started on the fourth generation firewall called Dynamic packet filtering and was not operational until 1994 when Check Point Software rolled out a complete working model of the fourth generation firewall architecture. In 1996, plans began on the fifth generation firewall design called the Kernel Proxy architecture and became reality in 1997 when Cisco released the Cisco Centri Firewall which was the first Proxy firewall produced for commercial use (Cisco System 2004). Since then many vendor have designed and implemented various forms of firewall both in hardware and software and till date, research works is on going in improving firewalls architecture to meet up with ever increasing challenges of network security. 2.5 DEFINITION According to the British computer society (2008), Firewalls are defence mechanisms that can be implemented in either hardware or software, and serve to prevent unauthorized access to computers and networks. Similarly, Subrata, et al (2006) defined firewall as a combination of hardware and software used to implement a security policy governing the flow of network traffic between two or more networks. The concept of firewall in computer systems security is similar to firewall built within a building but differ in their functions. While the latter is purposely designed for only one task which is fire prevention in a building, computer system firewall is designed to prevent more than one threat (Komar et al 2003).This includes the following Denial Of Service Attacks (DoS) Virus attacks Worm attack. Hacking attacks etc 2.5.1 DENIAL OF SERVICE ATTACKS (DOS) â€Å"Countering DoS attacks on web servers has become a very challenging problem† (Srivatsa et al 2006). This is an attack that is aimed at denying legitimate packets to access network resources. The attacker achieved this by running a program that floods the network, making network resources such as main memory, network bandwidth, hard disk space, unavailable for legitimate packets. SYN attack is a good example of DOS attacks, but can be prevented by implementing good firewall polices for the secured network. A detailed firewall policy (iptables) is presented in chapter three of this thesis. 2.5.2 VIRUS AND WORM ATTACKS Viruses and worms attacks are big security problem which can become pandemic in a twinkle of an eye resulting to possible huge loss of information or system damage (Ford et al 2005; Cisco System 2004). These two forms of attacks can be programs designed to open up systems to allow information theft or programs that regenerate themselves once they gets into the system until they crashes the system and some could be programmed to generate programs that floods the network leading to DOS attacks. Therefore, security tools that can proactively detect possible attacks are required to secure the network. One of such tools is a firewall with good security policy configuration (Cisco System 2004). Generally speaking, any kind of firewall implementation will basically perform the following task. Manage and control network traffic. Authenticate access Act as an intermediary Make internal recourses available Record and report event 2.5.3 MANAGE AND CONTROL NETWORK TRAFFIC. The first process undertaken by firewalls is to secure a computer networks by checking all the traffic coming into and leaving the networks. This is achieved by stopping and analysing packet Source IP address, Source port, Destination IP address, Destination port, IP protocol Packet header information etc. in order decide on what action to take on such packets either to accept or reject the packet. This action is called packet filtering and it depends on the firewall configuration. Likewise the firewall can also make use of the connections between TCP/IP hosts to establish communication between them for identification and to state the way they will communicate with each other to decide which connection should be permitted or discarded. This is achieved by maintaining the state table used to check the state of all the packets passing through the firewall. This is called stateful inspection (Noonan and Dobrawsky 2006). 2.5.4 AUTHENTICATE ACCESS When firewalls inspects and analyses packets Source IP address, Source port, Destination IP address, Destination port, IP protocol Packet header information etc, and probably filters it based on the specified security procedure defined, it does not guarantee that the communication between the source host and destination host will be authorised in that, hackers can manage to spoof IP address and port action which defeats the inspection and analysis based on IP and port screening. To tackle this pit fall over the network, an authentication rule is implemented in firewall using a number of means such as, the use of username and password (xauth), certificate and public keys and pre-shared keys (PSKs).In using the xauth authentication method, the firewall will request for the source host that is trying to initiate a connection with the host on the protected network for its username and password before it will allow connection between the protected network and the source host to be establi shed. Once the connection is been confirmed and authorised by the security procedure defined, the source host need not to authenticate itself to make connection again (Noonan and Dobrawsky 2006). The second method is using certificates and public keys. The advantage of this method over xauth is that verification can take place without source host intervention having to supply its username and password for authentication. Implementation of Certificates and public keys requires proper hosts (protected network and the source host) configuration with certificates and firewall and making sure that protected network and the source host use a public key infrastructure that is properly configured. This security method is best for big network design (Noonan and Dobrawsky 2006). Another good way of dealing with authentication issues with firewalls is by using pre-shared keys (PSKs). The implementation of PSKs is easy compare to the certificates and public keys although, authentication still occur without the source host intervention its make use of an additional feature which is providing the host with a predetermined key that is used for the verification procedure (Noonan and Dobrawsky 2006). 2.5.5 ACT AS AN INTERMEDIARY When firewalls are configured to serve as an intermediary between a protected host and external host, they simply function as application proxy. The firewalls in this setup are configured to impersonate the protected host such that all packets destined for the protected host from the external host are delivered to the firewall which appears to the external host as the protected host. Once the firewalls receive the packets, they inspect the packet to determine if the packet is valid (e.g. genuine HTTT packet) or not before forwarding to the protected host. This firewall design totally blocks direct communication between the hosts. 2.5.6 RECORD AND REPORT EVENTS While it is good practise to put strong security policies in place to secure network, it is equally important to record firewalls events. Using firewalls to record and report events is a technique that can help to investigate what kind of attack took place in situations where firewalls are unable to stop malicious packets that violate the access control policy of the protected network. Recording this event gives the network administrator a clear understanding of the attack and at the same time, to make use of the recorded events to troubleshoot the problem that as taken place. To record these events, network administrators makes use of different methods but syslog or proprietary logging format are mostly used for firewalls. However, some malicious events need to be reported quickly so that immediate action can be taken before serious damage is done to the protected network. Therefore firewalls also need an alarming mechanism in addition to the syslog or proprietary logging format whe n ever access control policy of the protected network is violated. Some types of alarm supported by firewalls include Console notification, Simple Network Management Protocol (SNMP), Paging notification, E-mail notification etc (Noonan and Dobrawsky 2006). Console notification is a warning massage that is presented to the firewall console. The problem with this method of alarm is that, the console needs to be monitored by the network administrator at all times so that necessary action can be taken when an alarm is generated. Simple Network Management Protocol (SNMP) notification is implemented to create traps which are transferred to the network management system (NMS) monitoring the firewall. Paging notification is setup on the firewall to deliver a page to the network administrator whenever the firewall encounters any event. The message could be an alphanumeric or numeric depending on how the firewall is setup. E-mail notification is similar to paging notification, but in this case, the firewall send an email instead to proper address. 2.6 TYPES OF FIREWALLS Going by firewall definition, firewalls are expected to perform some key functions like, Application Proxy, Network Translation Address, and Packet filtering. 2.6.1 APPLICATION PROXY This is also known as Application Gateway, and it acts as a connection agent between protected network and the external network. Basically, the application proxy is a host on the protected network that is setup as proxy server. Just as the name implies, application proxy function at the application layer of the Open System Interconnection (OSI) model and makes sure that all application requests from the secured network is communicated to the external network through the proxy server and no packets passes through from to external network to the secured network until the proxy checks and confirms inbound packets. This firewall support different types of protocols such as a Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP) and Simple Mail Transport Protocol (SMTP) (Noonan and Dobrawsky 2006; NetContinuum 2006). 2.6.2 NETWORK ADDRESS (NAT) NAT alter the IP addresses of hosts packets by hiding the genuine IP addresses of secured network hosts and dynamically replacing them with a different IP addresses (Cisco System 2008; Walberg 2007). When request packets are sent from the secured host through the gateway to an external host, the source host address is modified to a different IP address by NAT.  When the reply packets arrives at the gateway, the NAT then replaces the modified address with genuine host address before forwarding it to the host (Walberg 2007).The role played by NAT in a secured network system makes it uneasy for unauthorized access to know: The number of hosts available in the protected network The topology of the network The operating systems the host is running The type of host machine (Cisco System 2008). 2.6.3 PACKET FILTERING. â€Å"Firewalls and IPSec gateways have become major components in the current high speed Internet infrastructure to filter out undesired traffic and protect the integrity and confidentiality of critical traffic† (Hamed and Al-Shaer 2006). Packet filtering is based on the lay down security rule defined for any network or system. Filtering traffic over the network is big task that involves comprehensive understanding of the network on which it will be setup. This defined policy must always be updated in order to handle the possible network attacks (Hamed and Al-Shaer 2006). 2.6.4 INSTRUCTION DETECTION SYSTEMS. Network penetration attacks are now on the increase as valuable information is being stolen or damaged by the attacker. Many security products have been developed to combat these attacks. Two of such products are Intrusion Prevention systems (IPS) and Intrusion Detection Systems (IDS). IDS are software designed to purposely monitor and analysed all the activities (network traffic) on the network for any suspicious threats that may violate the defined network security policies (Scarfone and Mell 2007; Vignam et al 2003). There are varieties of methods IDS uses to detect threats on the network, two of them are, anomaly based IDS, and signature based IDS. 2.6.4.1 ANOMALY BASED IDS Anomaly based IDS is setup to monitor and compare network events against what is defined to be normal network activities which is represented by a profile, in order to detect any deviation from the defined normal events. Some of the events are, comparing the type of bandwidth used, the type of protocols etc and once the IDS identifies any deviation in any of this events, it notifies the network administrator who then take necessary action to stop the intended attack (Scarfone and Mell 2007). 2.6.4.2 SIGNATURE BASED IDS Signature based IDS are designed to monitor and compare packets on the network against the signature database of known malicious attacks or threats. This type of IDS is efficient at identifying already known threats but ineffective at identifying new threats which are not currently defined in the signature database, therefore giving way to network attacks (Scarfone and Mell 2007). 2.6.5 INTRUSION PREVENTION SYSTEMS (IPS). IPS are proactive security products which can be software or hardware used to identify malicious packets and also to prevent such packets from gaining entry in the networks (Ierace et al 2005, Botwicz et al 2006). IPS is another form of firewall which is basically designed to detect irregularity in regular network traffic and likewise to stop possible network attacks such as Denial of service attacks. They are capable of dropping malicious packets and disconnecting any connection suspected to be illegal before such traffic get to the protected host. Just like a typical firewall, IPS makes use of define rules in the system setup to determine the action to take on any traffic and this could be to allow or block the traffic. IPS makes use of stateful packet analysis to protect the network. Similarly, IPS is capable of performing signature matching, application protocol validation etc as a means of detecting attacks on the network (Ierace et al 2005). As good as IPS are, they also have t heir downsides as well. One of it is the problem of false positive and false negative. False positive is a situation where legitimate traffic is been identified to be malicious and thereby resulting to the IPS blocking such traffic on the network. False negative on the other hand is when malicious traffic is be identified by the IPS as legitimate traffic thereby allowing such traffic to pass through the IPS to the protected network (Ierace N et al 2005). 2.7 SOFTWARE AND HARDWARE FIREWALLS 2.7.1 SOFTWARE FIREWALLS Software-based firewalls are computers installed software for filtering packets (Permpootanalarp and Rujimethabhas 2001). These are programs setup either on personal computers or on network servers (Web servers and Email severs) operating system. Once the software is installed and proper security polices are defined, the systems (personal computers or servers) assume the role of a firewall. Software firewalls are second line of defence after hardware firewalls in situations where both are used for network security. Also software firewalls can be installed on different operating system such as, Windows Operating Systems, Mac operating system, Novel Netware, Linux Kernel, and UNIX Kernel etc. The function of these firewalls is, filtering distorted network traffic. There are several software firewall some of which include, Online Armor firewall, McAfee Personal Firewall, Zone Alarm, Norton Personal Firewall, Black Ice Defender, Sygate Personal Firewall, Panda Firewall, The DoorStop X Fi rewall etc (Lugo Parker 2005). When designing a software firewall two keys things are considered. These are, per-packet filtering and a per-process filtering. The pre-packet filter is design to search for distorted packets, port scan detection and checking if the packets are accepted into the protocol stack. In the same vein, pre-process filter is the designed to check if a process is allowed to begin a connection to the secured network or not (Lugo and Parker 2005). It should be noted that there are different implantations of all Firewalls. While some are built into the operating system others are add-ons. Examples of built-in firewalls are windows based firewall and Linux based. 2.7.2 WINDOWS OPERATING SYSTEM BASED FIREWALL. In operating system design, security features is one important aspect that is greatly considered. This is a challenge the software giant (Microsoft) as always made sure they implement is their products. In the software industry, Mi