Sunday, January 26, 2020
Analysis Of The CMA CGM Company
Analysis Of The CMA CGM Company CMA CGM (2010a) is the worlds third largest container shipping company and is ranked number one in France who offers a complete range of activities including shipping, handling facilities in port as well as logistics on land. Its main objective is to offer customers all over the world a proactive, innovative service which reconciles quality and high performance with protection of the environment. The founder and CEO of CMA CGM Mr. Jacques R Saade is guiding the group from the begining to till date confidently and wish to develop and run in future of container shipping. CMA CGM has always integrated security, safety and environmental concerns in their development strategies and used the latest technology to minimize the pollution. Figure (Diagram) 1. Greenhouse gas emmission by transportation (River Shuttle Containers, 2010) The River shuttle containers (2010) of CMA CGM calculated the benefit of waterways carries for protecting the environment comparing with the land transportation. Enhance to reduce the pollution they introducesd the river shuttle container barge in French teritory and Europe. Figure (Diagram)2. History of CMA CGM developed by author ( CMA CGM, 2010b) CMA CGM is operating by its own brand shipping line CMA CGM and other subsidiaries for integrating the organisation and adding value for customization in container shipping market.CMA CGM worldwide subsidiaries for strengthening group activities in transportation area which are as follows:- Container Shipping Line Delmas. Expert in African region OTAL Africa Line. Maximum coverage in west Africa CNC Line-Specialist for Intra -Asia line ANL- Leader in Oceania Mac Andrews Dedicated in Intra European trade COMANOV. Specialist for Morocco US Lines. Specialist for transpacific and Australasia trade. Multimodal River Shuttle Containers LTI France Progeco CMA Rail Logistics Services 1) CMA CGM Logistics 2) TCX Multimodal Logistics International Tourism Compagnie du ponant Tapis rouge International Partir en cargo The Travellers club The CMA CGMs (CMA CGM, 2009) e-commerce services offer a full range of online business which are comparatively easy, safe and efficient to the customer and planned to eliminate the paper and making the flow of faster information around the clock. They are highly integrated in transport sector of the world by connecting the regional leader in transportation like ANL in Australia. World shipping council (2009) repoted that CMA CGM has become an international operator serving maritime shipping routes around the world with door-to-door services combining maritime shipping with rail, river and highway transport. They expanded their business by a growth strategy and sustained capital spending which is powered by the joint force of jiant shipping leaders from USA ( US Lines ) to Africa ( OTAL line of Africa). The Group has built its success on the strong values of quality, innovation, imagination and anticipation. The CMA CGM (Marinelog, 2009) group inaugurated the French Asia Line or FAL service ( Asia to Europe) in partnership with MAERSK line ( No 1 in container shipping) by their latest vessel CMA CGM CHRISTOPHE COLOMB, one of the worlds largest container ship having 13344 TEU capacity. This vessel is integrated by latest environmental technologies that actively contribute battle against global warming and CO2 emission. In ( The Journal of Commerce ,2010) this global economic downturn, CMA CGM affected and had $5 billion in debts following the worst downturn in container shipping history also a series of steep losses from hedging deals on oil prices. The company (The Financial Times, 2010) is unable to complete the payment for new ships also taking the delivery from shipyards where the Greek ship-owner brought the ordered ship. They are trying to manage the capital from outside of the country because Frances FSI strategic investment fund is normally to invest alongside other, conventional investors. The State-owned fund of Qatar is offereing $ 1 billion for recovering the losses and faces the unwanted situation of the CMA CGM group. Advance Shipping, Environment Minded is the motto of CMA CGM about environment protection in this climate change and frequent change of world weather condition. They are awarded about the environment and know-how its ability to innovate and prepared to protect the environment. They are committed to sustainable development and respect for nature relies on numerous environmental initiatives to minimize the impact of transporting activities and trying to develop alternative transportation modes. PESTLE ANALYSIS The simplest( Rugman and Collinson,2006 ) form of understanding the paticular competitive environment or investment contexts for firms at the national or international level is PEST analysis which examines the political,economical , socio-cultural and technological condotions of a organisation.In addition legal and environmental factors created the full form of PESTLE analysis by which it is easy to assess new investment environment as an input into global expansion and market entry strategies.The enivironment is very important for doing business in this uncertain world also in globalized economy. After understanding the internal factors of the organistion (Strength and Weakness), need to assess the other factors for competing with others or adding value to create such an environment for sustainity. Figure (Diagram)3. PESTLE Analysis (Developed by Author) In a study of business environment, Johnson et al (2007) identified three layers which are as follows:- The most general layer of the environment is macro-environment as framed the PESTLE which strategies are affected by influences and some of the ways for seeking to handle the outer aspects of the organisation. The broad general layer is the industry or sector as framed five forces which strategies are concentrated the cycles of competition among the organisations. The most immediate layer is markets and competitors which strategies are concentrated to identify direct and indirect competitors. Overall, PESTLE analysis is tool identify the major external factors for running the organisation within a limited arena where opportunities are unlimited but threat may be influenced to stop the activities. PESTLE ANALYSIS OF CMA CGM Political As a European shipping company also to be a french line, CMA CGM has a stable political adventages in own region and over the world. They are getting exclusive cooperation from French government and European Union for extending the business globally. Due to their subsidiries presency in Africa, USA and others, they are able to manage any political issues by their partner and directly. Economical CMA CGM is passing a very tough economic time because of the downturn. They are in crisis from the begining of 2009 where 2008 shows ahuge profit. The Financial time reported that the company is trying to solve the problem by procuring the fund fron government or outside of the country. Sociocultural CMA CGM (2010C) plays a significant role in humaintarean development of the world and commited to promote the well-being of the children, particularly children with disabilities or length illnesses. Handicap International and the International Red Cross is the social partner for supporting the childrens mental and physical development. CMA CGM corporate foundation also support various artistic activities includingg the socaial and cultural activities in port and shipping sector. The foundation contributed in humanitarean and cultural program by working in Franch and Lebanon. Over 60 projects are running by reneoed humanitarean and cultural organisation funded by CMA CGM foundation. Technological E-business is the main systems of container shipping and CMA CGM is serving throgh e-business. Every information related to shipping operations and corporate are available on their website and customer can know any information regarding their cargo or others business function from the corporate website also from the subsidiary website. All vessels are manoeuvring by using latest technilogy which are safest and envirionment friendly. Environmental The Group (CMA CGM,2009) has a plan to cut CO2 emissions by 15 % per container and per kilometre. They will preserve the budget for ocean environment also develop the portfolio which will be environment friendly services and shipping solutions. Fighting against the negative impact of climate or climate change is the key component of Groups environmental policy. The equipment or container of the company is going to convert into eco container for reducing the use carbon as raw material. Most of the vessel of the company is equipped with a combination of innivative environmental features likw fast oil recovery system, multichamber waste compactor to recycle garbage on board , proper water ballast systems and etc. CMA CGM is awraded by Long Beach Harbour in their Green Flag Program . Legal CMA CGM expanded their business through merger and acquisition recently. They owned various lines as per international legal policy and financial tranjection and paying all kinds of tax and duties to the respective government.All vessel of the company are manoeuvering as international standard rules and regulations imposed by IMO (International Maritime Organisation) or other shipping authority. CORPORATE STRATEGY Grant (2005) defines corporate strategy as the scope of the firm in terms of the industries and markets in which it competes and decides the investment procedures through diversification, integration, merger, foreign direct investment, acquisition etc. In a mult-business ( Lasserre,2007) corporation , the corporate stragy features the long term objectives, selecting business portfolio, allocating resources across businesses and designing its structure, systems and processes. Corporate (Koveos, 1997)history has featured lots of ways or approached foe restrucering the company both internally and externally. External restructuring has taken place through a variety of mechanisms including Mergers and Acquisitions. He added that changed world business system augmented by the transition of so many previously planned economies to a new market based framework. Synergy (Koveos, 1997) from mergers or other restructuring activity has been characteristically portrayed as 2+2=5. For getting the c ompettitive advantages or extra benefit from the synergy and entrancing the market or decreasing the barriers, the restructuring process is doing through corporate strategy like mergers and acquisitions. 05. MERGER ACQUSITION The main theme of corporate business strategy is integration of the company. Integrating process may be diversification, Merger and Acquisition, FDI, CSR or any other strategic application. Galpan Herndon (2007) found that well managed integration in an organisation can achieve significant results in working and positive outcomes in a disciplined, acclerreated and resealt-oriented approaches of the employee. Figure (Diagram)5. Merger and acquisition developed by author In a study of strategic management ,Thompson Strickland (2003:p-177) expressed that no company can afford to ignore the strategic and competitive benefits of acquiring or merging with another company to strengthen its market position and open up avenues of new opportunity. That is why MA is one of the best option for penetrating the own product into new market or kill the rivalry for decreasing the competition at present market. 06. MOTIVES FOR MERGERS AND ACQUISITIONS In a study Panayides Gong (2002) stated two major motives of MA in shipping industry and these are Value- maximization and Strategic marketing motives.Value -maximization motives divided into three parts which are as follows:- 01. Market Power. It impacted to the present market and may be extended the business with the help of merged or acquired company. Panayides Gong (2002) brought an example of a shipping company. The case of CP ships and its 1994 acquisition of CAST (Shipping Company) a major competitor of CP ships in the port of Montreal- provide anecdotal evidence completely changed and controlled 85% of the container business in a relatively short period. 02. Efficiency Increase. 03. Operating and Financial synergies. Operating synergies may arise as a result of revenue enhancements and/or cost reductions that are effected from the merger The major strategic objectives of shipping companies may include the acquisition of market share, the expansion or entry into new markets (geographical or new services), acquisition of management skills to argument firm capabilities in relation to new growth areas and the transfer of management capabilities to acquired firms to assists rebuilding. 07. MERGER ACQUISITION IN SHIPPING Maritime industries are prone to uncertainties and risks for their global activities where competitive pressure releted to larger but fewer players. Due to globalization of the world trade especially in shipping, shipping companies are trying to make a global chain for providing the services from door to door as well as adding value by covering the all places of the world. This is the main logistic aims of container shipping to diversify the business by offering wide range of benefits and economic facilities from the origin to the final destination. Minimizing the barriers which are blocked to serve in the chain, they are integrating their compnany by global strategies viz Diversification, MA and etc. Year Coverage 1982 26% 1992 42% 2008 60% Figure (Table) 6. World slot coverage by top 20 carriers (Notteboom Rodrigue ,nd) In 1982, the world slot is coverd by top 20 carriers was 26% and it tremendously incresed in 2008 and the highest 60%. The world container or slot is increasing but the business is going to the limited operators. Merger and acuisition strategy is playing the main role fordeceasing numbof operators. Internationalization and globalization both are created the competitive enivironment in container shipping industry. Preliminary, it transform to the liner service and taking slot from other operators for reducing cost or customization by mother connection with the feeder or quick service. After that the alliances of some opertors like OOCL MISC, former PO and NYK made Global alliance (OOCL, 2010) in 1998 and more allinaces by leading operator driven exclusive business dynamics in this trade. After (Heaver et all, 1993) huge loss in north atlantic container trade in 1993, all operators tried in several times to develop cartel agreements like Transatlantic Agreement (TAA) by determining rates, capacity, supply of the vessel for gaining and minimizing the lost .Acquisition of Australian National Line ANL by CMA CGM or takeover of APL by NOL were the big dealing in ocean conatiner shipping. Surprizingly, MAERSK line (PO Nedlloyd, 2005) merged its core competotr company PO Neddlloyd in 2 005 and expressed as the largest shipping company of the world. Not only horigental integration but also vertical integration of shipping company created more competition in the container shipping market. Furthermore, merger and acquisition is extended to port terminal management, intermodal systems, tourism industry, and shipbuilding for getting more advantages and fullfill the main motto of container shippiing servces (Stopford, 1997) that means door to door service. 08. INTEGRATION OF CMA CGM GROUP Shipping Line Shipping Line A B C D E Shipping Agents or General Sales Agents at Various Port and Country Cargo Handling Company or Stevedores or Terminal Operator Freight Forwarder Or NVOCC ( Non Vessel Operating Common Carrier) Inland Transport Operator or Intermodal or multimodal operator Figure (Diagram)7. Transport Chain Integration based on shipping line example Freeman (2009) argued that containerisation prepares the basis ground of integration in both vertically and horizentally. It is the demand to create the chain or making a system for transpoting the box or container smothly. The main components are Main Line opeations, terminal operations, Intermodal and logistics. The containers are mainly owned by the operator and repositioning from one place to another frequently. So, the responsibilty of the carriers is not finishing by giving only the one service. CORPORATE SHIPPING CONTRACT Vertical Integration of CMA CGM Group LOGISTICS Figure(Diagram) 8. Vertical Integration of CMA CGM Group developed by author. The company integrated vertically by creating the business of logistics, terminal business and intermodal in various countries (Road and rail facilities). Land Transport International and Transit International are two transport channel of trucking and forwarding company for caring the cargo from/to the consignee premises to/from the port or internal transfer from one place to another. The River shuttle containers ( 2010) is the cheaper and more ecological transportation of containers by barge or rail services which are operated in all over the Europe as door to door intermodal services. In addition they have corporate shipping contract with the industry players and international organisation CMA CGM logistics . CMA rail has two subsidiries where 100 % in europe rail link and 55% in Algeria rail link ( Northern Africa). Moreover, they are expanding their rail network in USA and India.TCX multimodal and Progeco covered the area of multimodal carriage which are help to add value in thei r main business.CMA CGM ( The Hindu Business Line,2006)has two subsidiries in terminal and port operations Terminal Link and Portsynergy which are operated in Malta, France, Morocco, North Eastern Europe, USA and Togo. However, they eastablished the supply chain network from the bonded warehouse to ocean tranportation facilities by their subsidiries and independent network of transport. Horigental Integration of CMA CGM Group Container shipping transpotation is the main business of CMA CGM group. They owned the seven container lines of the world ANL, DELMAS OTAL and others to cover the all port and places of the world. As per their strategies, they merged or acquired these lines for getting the compettitive advantages in a specific region and connecting with the main line of CMA CGM. 09. CONCLUSION The Shipping industry (Casson, 1986) has an important role in contemporary restructuring of world trade. Containerisation made the easy transportation of commodity especially for manufaturing goods ant its raw materials. Integration (Freemont, 2009) of the transport chain come up against the financial, technical and human resource capacity of the different actors involved in this trade. Merger and Acquisition of a company is the fruits of research to cover the area for adding value in the shipping services. Other factors like culture, attitude of key employee and environment also key factors to adapt or sustain after merger and acquisition. CMA CGM is the great example of MA for their group activities from the very begining to till date but recent recession affected the group and trying to survive. However, they are trying to manage the fund from outside of the Group (The Financial Times,2010). Corporate business strategy will help them to do better work for upcoming business trends. As shipping is the big business where risk is high and low return, the strategy may be considered carefully and economically.
Saturday, January 18, 2020
“A Pair of Silk Stockings” and “The Wagner Matinee
A Pair of Silk Stockingsâ⬠and ââ¬Å"A Wagner Matineeâ⬠and ââ¬Å"The These two novels have a lot in common. Each of them has its own storyline but each seems to discuss the same topic and have the same meaning. Woman in that time were greatly underrepresented ad were unable to do a lot of things that they wanted to do in their life. They were expected to be nothing more than mothers and wives. Each of these novels portrays something more, and how they were able to enjoy themselves outside of family life.In the novel ââ¬Å"A pair Of Silk Stockingsâ⬠Mrs.. Somers splurges a little bit even though it goes against all the responsibilities she has as a mother and wife, she does something for herself. In ââ¬Å"A Wagner Matineeâ⬠Aunt Georgian has gotten into the habit, the same as Mrs.. Somers, of just being a wife and a mother. The story shows a time when Georgian was able to be herself before she had kids and gained responsibility for them, a time where she loved music and to create music.She is able to relive that in the story because f her nephew and what he did for her by taking her to the musical even if it seemed she wasn't interested. Looking at the two and comparing them you see two woman who have forgotten what it is like to do things for themselves, who have focused so much of their energy on being a wife and a mother that they cannot remember spending time and money on themselves. In this time period that each of them take place in it must have been hard to care for a family and it must have taken a lot of energy, each lady got the opportunity.
Friday, January 10, 2020
Ethical and Legal Issue in Nursing Essay
Describe the legal responsibilities of nurses in the work setting. Within the nursing license, the nurse is legally bound to practice within the scope of nursing that each state defines by a Nurse Practice Act (NPA). The scope includes upholding the patient bill of rights and total patient care. According to the NLN (Springhouse, 2004), ââ¬Å"Patients have the right to information about their diagnosis, prognosis, and treatment ââ¬â including alternatives to care and risks involved ââ¬â in terms they and their families can readily understand, so that they can give their informed consent.â⬠For the family of Marianne, it is the nurseââ¬â¢s professional responsibility, within the nursing scope of practice, to provide education to Marianneââ¬â¢s family. Springhouse (2004) states, ââ¬Å"For best results, patient teaching should include the family and others involved in the patientââ¬â¢s care. If family members understand the reason for a patientââ¬â¢s treatment , theyââ¬â¢ll be more willing to provide emotional support.â⬠This education will ensure that Marianneââ¬â¢s husband will make an informed decision regarding his wifeââ¬â¢s care and help Marianneââ¬â¢s children to understand their fatherââ¬â¢s decision. If the husband does decide to attempt surgery for the blood clot as recommended by the physician, then the nurse must ensure that Marianneââ¬â¢s husband understands the procedures along with the risks involved. The nurse is responsible for objectively documenting any plans of care and any actions taken relating to the plan of care. A nurseââ¬â¢s legal responsibility to the patient includes reporting incidents. In the case study where the nurse is called as a witness to a malpractice suit, the nurse failed fulfilled their fundamental duty of patient protection. Initially, upon witnessing negligent care from another nurse, an incident report was immediately filed within the healthcare institution. The nurse also took notes of the negligence the other nurse performed. According to Blais (2011), ââ¬Å"When called into court as a witness, the nurse has a duty to assist justice as far as possible.â⬠This duty will include answering questions regarding the incident. It is important for the nurse to remember that answering questions truthfully and objectively will ensure the appropriate justice will occur. Springhouse (2004). Nurseââ¬â¢s Legal Handbook (5th Edition). Philadelphia, PA,
Thursday, January 2, 2020
PGP Desktop TCP - Free Essay Example
Sample details Pages: 21 Words: 6388 Downloads: 2 Date added: 2017/06/26 Category Statistics Essay Did you like this example? Task-1:-PGPPage-5-To-14 Problem statement Donââ¬â¢t waste time! Our writers will create an original "PGP Desktop TCP" essay for you Create order Download PGP Desktop software.. Experiment with new installation using the following features: 1.Key management .. 2.Securing E-mail Messages 3.Securing Instant Messaging . c) Experiment and report on the remaining option available under the licence.. Task-2:- TCP/IP SecurityPage-15-To-20 Problem statement Why TCP/IP Network are considered unsecured. Describe the following technologies: SSL (Secure Socket Layer).. IPSec (IP Security). Kerbaros.. Task-3:- Hardware and softwarePage-21-To-26 Problem statement Differences between Windows NT,Windows XP and UNIX Differences between HIDS and NIDS Task-4:- Buffer overrunsPage27-To-32 Problem statement How a variety of overruns and format string bugs can alter the program flow on program. Five methods of causing havoc by unauthorized altering of memory using a buffer overflow. THREE C++ functions ONE well-recognized method of preventing buffer overflow. Solution Task-1 Experiment with new installation using the following features: 1.Key management 2.Securing E-mail Messages 3.Securing Instant Messaging 1.Key management: Whenmanaged by a PGP Universal Server, PGP Desktop 9.x provides a secure recovery mechanism for private keys, called KeyReconstruction. As its name suggests, Key Reconstruction can be used to reconstruct (or restore) your private Key if you have forgotten its passphrase, or if you have deleted your private Key . To take advantage of Key Reconstruction, you send Key reconstruction data to a reconstruction server (a PGP Universal Server that is managing your PGP Desktop)while you stillhave your private Key and remember its passphrase. The reconstruction data for your private Key consists of five questions, that you may create, and five answers that only you know. After you have sent your reconstruction questions and answers to the server, you may reconstruct your private Key at any time by answering 3 of the 5questions correctly. If you have deleted your private Keyor forgottenits passphrase before sending reconstruction questions and answers to the server, you cannot regain your private Key using KeyReconstruction. If you need help understanding any of the concepts mentioned above, please read the following Crypto Concepts section. Otherwise, feel free to skip down and Reconstruct your private Key Crypto Concepts Private Key When you install PGP Desktop you are prompted to create a keypair, which is comprised of two related keys: a public Key and a private Key Your private Key is used for decrypting something that was encrypted using your related public Key, as well as generating digital signatures that can be verified using your public Key As its name suggests, your private Key. should be kept totally private, and should be protected by a strong passphrase. Key Reconstruction For detailed technical information about Key Reconstruction, please refer to the white paper Inside PGP Key Reconstruction (from the PGP Corporation White Papers). Reconstruct Your Private Key Click the PGP Tray lock icon in your system tray and then click Open PGP Desktop: Click the PGP Keys control box. Select the keyring that contains your Key Click the Key that you wish to reconstruct: To reconstruct a private Key, you must have its associated public Key on your keyring. If you dont have a copy of your public Key, you might try downloading it from a Keyserver, such as your PGP Universal Server or the PGP Global Directory. Otherwise, contact your administrator to obtain a copy of your public Key Now click the Keys menu andclick Reconstruct: Answer 3 of the 5 Key reconstruction questions correctly, then click OK: The answers are case sensitive, and must be entered precisely as they were when you first sent them to the server. If you are certain that nobody can see your screen, you might want to check the box labeled Show Keystrokes, so that you can verify your answers. After you have answered 3 of the 5 Key reconstruction questions correctly, you must enter and confirm a new passphrase for your private Key , then click OK: When you are notified that Key reconstruction was successful, click OK: 2.Securing Email Messages When PGP Messaging is enabled, you will find that PGP will begin encrypting your E-mail accounts by default. This will occur when you open your E-mail application for the first time after installing PGP Desktop 9.x, and you send/receive E-mail. If you are communicating with other PGP users through E-mail PGP Desktop can automatically encrypt and sign Messages to PGP users depending on the policies that have been set within PGP Desktop under the Messaging section. PGP Desktop does configure default policies if you do not wish to create your own. These default encryption policies will be reviewed in Section 3 of this document. New encryption policies will be described in Section 4 of this document. Enable PGP Messaging PGP Messaging is enabled by default during installation. However, if you disabled PGP Messaging during installation, there are two ways to enable this feature. They are as follows: Locate the PGP Desktop icon (padlock) in the system tray. Click the PGP Desktop padlock and click Use PGP E-mail Proxy. The option will have a black check mark next to it when it is enabled. Open PGP Desktop through the Programs/All Programs menu and select the Tools menu. Click Use PGP E-mail Proxy. The option will have a black check mark next to it when it is enabled. Assign a PGP Key to a PGP Messaging Service PGP Messaging requires a PGP Key to secure the E-mail account(s). To assign a key to a messaging service for the first time, do the following: When you open your E-mail application for the first time after installing PGP Desktop, PGP will display the E-mail Account Detected window after sending/receiving mail. Select Yes, secure this E-mail account, and then click Next. You may select one of many key sources. If you created a key pair during installation, then generally, the option you would select is PGP Desktop Key. You can also create a new key pair, or import a previously exported key pair. After choosing the source, click Next. Highlight the key to be used for this E-mail account and click Next. Click Finish. You are now ready to encrypt mail through this E-mail account and proceed with section 3. Review Default E-mail Encryption Policies Two encryption policies are set by default. These policies are: Require Encryption: [PGP] Confidential. This policy specifies that any message flagged as confidential in your E-mail client or containing the text [PGP] in the subject line must be encrypted to a valid recipient public key or it cannot be sent. Opportunistic Encryption. Specifies that any message for which a key to encrypt cannot be found should be sent without encryption (in the clear). Having this policy the last policy in the list ensures that your Message will always be sent, albeit in the clear, even if a key to encrypt it to the recipient cannot be found. Do not put Opportunistic Encryption first in the list of policies (or anywhere but last, for that matter) because when PGP Desktop finds a policy that matches, and Opportunistic Encryption matches everything, it stops searching and implements the matching policy. So if a policy is lower on the list than Opportunistic Encryption, it will never be implemented. The list of policies is read from the top down, so be sure to put Opportunistic Encryption last in the list. The default policies Require Encryption: [PGP] Confidential and Opportunistic Encryption cannot be modified or deleted, but they can be disabled. Create New E-mail Encryption Policies If you would like to create additional encryption policies, the steps to do so are described as follows: Open PGP Desktop. Locate the PGP Messaging control box on the left. This will display different configured services and the Messaging Log options. Within the PGP Messaging control box, select a configured service (e.g. [emailprotected]/* */). The settings for the service appear in the PGP Messaging work area, including the list of existing security policies. This is the right hand pane. Click New Policy in the PGP Messaging Control box OR pull down the Messaging menu and click New Messaging Policy. After the Message Policy dialog appears, enter a description of the policy in the top field offered. Specify the conditions to be met and the action to be performed. Specify a course of action to take if the recipient key is not found. For detailed descriptions of the available conditions and actions, please refer to your PGP Desktop Users Guide (.pdf). This is located in StartProgramsPGPDocumentation. Policies are applied in the order that they are listed. You can change the order by highlighting the policy you wish to move and clicking the up or down arrow at the bottom of the Security Policies window to move it. Understanding the PGP Messaging Log The PGP Messaging Log, located in the PGP Messaging control box, is instrumental in describing the actions taken by PGP Messaging in processing E-mail . View Log For: This item at the top left will allow you to view the logs of the current day or up to seven days past. Just select the day you wish to view. View Level: This option in the upper right will allow you to view logs related to general information, warnings, error Message , and may even be set to verbose for greater detail of each item previously mentioned. Saving Daily Log If you wish to save the log file for a specific day, display the correct day and click Save at the bottom of the Messaging Log work screen. Specify the location to save the file and click Save again. Shred Log Use the Shred Log option to clean the contents of the Messaging Log for the currently displayed day. 3.Securing Instant Messaging AIM sessions between two systems running PGP Desktop 9.x are protected automatically when PGP Desktop 9.x is installed and the PGP AIM Proxy is enabled. Both AIM users MUST have PGP Desktop 9.x installed for the session to be encrypted. It is not sufficient that one user have PGP Desktop installed. Both must have the AIM Proxy enabled. Both users also have to be added to the buddy list in the AIM settings. Enable PGP AIM Proxy The PGP AIM Proxy is enabled by default if the option was not unchecked during installation. If the proxy is disabled, there are two ways to enable it. These methods are as follows: Click on the PGP Desktop padlock in the system tray. Click Use PGP AIM Proxy. The option will have a check by it when enabled. Open PGP Desktop through StartProgramsPGP menu. Pull down the Tools menu, and click Use PGP AIM Proxy. How to Know the Session is Encrypted When the option is enabled you should see an alert in the system tray which states PGP Desktop Secured AOL Instant Messenger session for [screen name] has started. Additionally, other users will see a padlock next to your screen name. You. will see in the conversation a note that the conversation is being encrypted by PGP Desktop. Solution Task-2 a) Why TCP/IP Network are considered unsecured. W hen TCP/IP was designed in the early 1980s, security was not a primary concern. However, in the years since their inception, the lack of security in the TCP/IP protocols has become more of a problem. The widespread use and availability of the TCP/IP protocol suite has exposed its weaknesses. Presented here are a number of well-known vulnerabilities of both TCP/IP itself, and of some protocols commonly used along with TCP/IP (such as DNS). TCP SYN attacks IP Spoofing Sequence Guessing Source Routing Connecting Hijacking Source Routing Connecting Hijacking Desynchronization during connection establishment Desynchronization in the middle of a connection Routing (RIP) attacks ICMP attacks DNS attacks The lack of unique identifiers a) TCP SYN attacks In an Internet environment, high message latency and loss are not uncommon, resulting in messages that arrive late or in nonsequential order. The TCP half of TCP/IP uses sequence numbers so that it can ensure data is given to the user in the correct order, regardless of when the data is actually received. These sequence numbers are initially established during the opening phase of a TCP connection, in the three-way handshake. SYN attacks take advantage of a flaw in how most hosts implement this three-way handshake When Host B receives the SYN request from A, it must keep track of the partially opened connection in a listen queue for at least 75 seconds. This is to allow successful connections even with long network delays. Figure: SYN Flooding b) IP Spoofing IP Spoofing is an attack where an attacker pretends to be sending data from an IP address other than its own [Morris85, Bellovin89]. The IP layer assumes that the source address on any IP packet it receives is the same IP address as the system that actually sent the packet it does no authentication. c) Sequence Guessing The sequence number used in TCP connections is a 32 bit number, so it would seem that the odds of guessing the correct ISN are exceedingly low. However, if the ISN for a connection is assigned in a predictable way, it becomes relatively easy to guess. This flaw in TCP/IP implementations was recognized as far back as 1985, when Robert Morris described how to exploit predictable ISNs in BSD 4.2, a Unix derivative [Morris85]. Figure :IP Spoofing via Sequence Guessing d) Source Routing Another variant of IP spoofing makes use of a rarely used IP option, Source Routing. Source routing allows the originating host to specify the path (route) that the receiver should use to reply to it. An attacker may take advantage of this by specifying a route that by-passes the real host, and instead directs replies to a path it can monitor Although simple, this attack may not be as successful now, as routers are commonly configured to drop packets with source routing enabled. Figure : Source Routing Describe the following technologies: 1) SSL (Secure Socket Layer) 2) IPSec (IP Security) 3) Kerbaros Secure Sockets Layer (SSL) The Secure Sockets Layer (SSL) protocol was developed by Netscape Communications, and enables secure communication over the Internet. SSL works at the transport layer of Transmission Control Protocol/Internet Protocol (TCP/IP), which makes the protocol independent of the application layer protocol functioning on top of it. SSL is an open standard protocol and is supported by a range of both servers and clients. SSL can be utilized for the following: Encrypt Web traffic using Hypertext Transfer Protocol (HTTP). When HTTP is utilized together with SSL, it is known as HTTPS. SSL is generally utilized to authenticate Web servers, and to encrypt communications between Web browsers and Web servers. Encrypt mail and newsgroup traffic. SSL provides the following features for securing confidential data as it transverses over the Internet: Authentication Data integrity Data confidentiality through encryption The SSL handshake process is described below: The client initiates the SSL handshake process by sending a URL starting with the following: https:// to the server. The client initially sends the Web server a list of each encryption algorithm which it supports. Algorithms supported by SSL include RC4 and Data Encryption Standard (DES). The client also sends the server its random challenge string which will be utilized later in the process. The Web server next performs the following tasks: Selects an encryption algorithm from the list of encryption algorithms supported by, and received from the client. Sends the client a copy of its server certificate. Sends the client its random challenge string 2. IPSec (IP Security) IPsec (Internet Protocol Security) is a framework for a set of protocols for security at the network or Packet processing layer of network communication. Earlier security approaches have inserted security at the application layer of the communications model. IPsec is said to be especially useful for implementing virtual private networks and for remote user access through dial-up connection to private networks. A big advantage of IPsec is that security arrangements can be handled without requiring changes to individual user computers. IPsec provides two choices of security service: Authentication Header (AH), which essentially allows authentication of the sender of data, and Encapsulating Security Payload (ESP), which supports both authentication of the sender and encryption of data as well. The specific information associated with each of these services is inserted into the packet in a header that follows the IP packet header. Separate key protocols can be selected, such as the ISAKMP/Oakley protocol. Security architecture IPsec is implemented by a set of cryptographic protocols for (1) securing packet flows,mutual authentication and establishing cryptographic parameters. The IP security architecture uses the concept of a security association as the basis for building security functions into IP. A security association is simply the bundle of algorithms and parameters (such as keys) that is being used to encrypt and authenticate a particular flow in one direction. Therefore, in normal bi-directional traffic, the flows are secured by a pair of security associations. Kerberos : Kerberos is An Authentication Service for Computer Networks. When using authentication based on cryptography, an attacker listening to the network gains no information that would enable it to falsely claim anothers identity. Kerberos is the most commonly used example of this type of authentication technology. Modern computer systems provide service to multiple users and require the ability to accurately identify the user making a request. In traditional systems, the users identity is verified by checking a password typed during login; the system records the identity and uses it to determine what operations may be performed. The process of verifying the users identity is called authentication. Password based authentication is not suitable for use on computer networks. Passwords sent across the network can be intercepted and subsequently used by eavesdroppers to impersonate the user. While this vulnerability has been long known, it was recently demonstrated on a major scale with the discovery of planted password collecting programs at critical points on the Internet . Authentication, Integrity, Confidentiality, and Authorization Authentication is the verification of the identity of a party who generated some data, and of the integrity of the data. A principal is the party whose identity is verified. The verifier is the party who demands assurance of the principals identity. Data integrity is the assurance that the data received is the same as generated. Authentication mechanisms differ in the assurances they provide: some indicate that data was generated by the principal at some point in the past, a few indicate that the principal was present when the data was sent, and others indicate that the data received was freshly generated by the principal Solution Task-3 rock-solid for years. Differences between Windows NT,Windows XP and UNIX UNIX is an operating system which was developed by Bell Labs, which was a subsidiary of the American Telephone and Telegraph company. UNIX was written to run the computers which control telephone switches, and is designed to use the least amount of memory possible. As far as I know, there is no Graphical User Interface, or GUI, available for use with UNIX. Widows is an operating system designed by Microsoft, and is made to be used as a GUI. The early versions of Windows, up through Windows 2000, used Microsoft Disc Operating System, or MS-DOS, to carry out the commands initiated by pointing at an icon and clicking on it. Windows XP uses a new operating system, NT, which was also designed by Microsoft, to carry out those commands. A Windows user uses a mouse to point at icons, select them, and open them. These operations are performed without having to enter any code into the computer, because the program generates the code when the mouse is clicked on the icon. UNIX requires that the user input code to perform any operation, and this code usually includes address specifications, processing instructions, and and output address specifications. Difference between Windows and UNIX web hosting Windows and UNIX are in fact two different systems and of course we are But Windows servers have also its positive sides, they are compatible with Microsoft applications, and fully support Microsoft FrontPage, Microsoft Access and MS SQL, they also offer advance-programming environments and features such as Active Server Pages (ASP), the ASP.NET framework, Visual Basic Scripts, MS Index Server, Macromedias and Cold Fusion. Windows operating system require little or no experience in web development to get advanced features working very quickly because of better graphical user interface (GUI) Software such as Microsofts FrontPage is specially developed for the webmaster to decrease the website development time and efforts. Lets go back again to UNIX, they support FrontPage, Flash, Shockwave, Real Audio/Video, Cgi Scripts, Perl, PHP, SSH (Secure Telnet), MySQL, Web-Based Control System, Anonymous FTP, Web Site Graphical Statistics, Web-Based Email System, Miva/XML, Cold Fusion Perl, JAV A, PHP, C, C++, Miva, Shell Access and other wide verity of feature like Telnet and SSH that provides lots of flexibility and freedom in managing file and directories, but some of this require advance knowledge of Unix commands in order for you to customize the scripts to match your website needs. Because of the nature of UNIX, (open source) and the people who love it, there is on the WWW freely available software and scripts, again bringing the cost down. Concluding which one is the best, it really depends what you need, if you need high uptime, security and not so expensive then go with UNIX, if you need to run Windows applications like, MS Access or the MS SQL SERVER then Windows is your choice. Difference between Windows and UNIX programming cultures This post on Slashdot links to an article on comparison between UNIX and Windows programming cultures. However, it mostly talks of how the problem of usability is approached. Id like to take a different tack, in the difference between the API of the two systems. Windows APIs are huge. In the Microsoft world, everything seems to end up being part of the core OS services somehow. This has the advantage that you dont need to expect people to have such-and-such library. Or does it? Changes to what is the core between OS versions make compatibility somewhat nightmarish; youre never quite sure what libraries are there or not. Writing installers is a mess. MSI helps, but not if theres no MSI package for the libraries. Another side-effect of this is that Windows programmers are always learning a zillion new things. Win32 services. COM. COM+. .NET. DNA. TAPI. The list goes on and on. Many of those APIs do the exact same thing, so learning the new one is only needed because the old one becomes obsolete. Its hard to stabilize such a huge API. Core Win32 APIs have no consistent reporting. OK, this drove me up the wall when I was coding on that platform. Does the MoveWindow() return NULL or INVALID_HANDLE on error? How about CreateFile()? And whats up with the ridiculous conventions for WaitForMultipleObjects()? Sure, GetLastError() is there, but so many APIs set this (including, say, MessageBox()) that many programs end up reporting an error as The operation completed successfully. UNIX APIs tend to return ints, -1 on error with errno set, a positive integer otherwise. Period. Windows SendMessage is stupid. Granted, with MFC and such, you dont need to look at it as much. But whats the big idea of passing two parameters of a known bit-width for every message? Why not pass a void* pointing to a different struct for each message? The result: huge pain when porting from Win16 to Win32, and another huge pain that will occur when porting from Win32 to Win64. No wonder they want to move to .NET. Compare to X-Window, which uses the void* approach, and you have to admit that SendMessage() and the WindowProc() conventions are mis-designed. Some Windows services are strangely tied to physical windows. For instance, many COM calls dont work if theres no window and no message loop. This is documented, but its a pain in the ass for multithreaded programming. Ditto for timers; IIRC theres no way portable to Win98 that lets you have a timer callback without a message loop. Compare to UNIX setitimer. UNIX threading is a mess. This has improved somewhat in recent years, but I still run into problems. Linux and glibc are the big culprits there. They have changed their threading strategies several time, and each time a glitch appears, we get a finger-pointing match between the kernel and glibc team. This is annoying to say the least. At least one widely-distributed Linux distro (RedHat 9) exhibits severe problems under load, due to bugs in the glibc that are partly made worse by the JDK. In my view, threading should be a kernel service (and Im not completely alone in this viewit seems the Linux kernel is moving more and more towards that model) and it should remain stable, dammit. Sure, you could do similar things with fork(), but thats not a reasonable approach with a GC runtime. In contrast, Win32 threading has been Differences between HIDS and NIDS Host Intrusion Detection (HIDS) This real-time monitoring device alerts the administrator when a specific event has occurred such as a new user being added or any abnormal usage patterns. Host intrusion detection software detect threats aimed at your critical hosts or servers. Network Intrusion Detection(NIDS) NIDS primary responsibility is to monitor, detect and identify malicious activity on a network. Once suspicious activity is detected, an alert is generated for each activity. Comparative analysis of HIDS vs. NIDS Function HIDS NIDS Comments Protection on LAN **** **** Both systems protect you on your LAN Protection off LAN **** Only HIDS protects you when you are off the LAN Ease of Administration **** **** The admin of NIDS and HIDS is equal from a central admin perspective. Versatility **** ** HIDS are more versatile systems. Price *** * HIDS are more affordable systems if the right product is chosen. Ease of Implementation **** **** Both NIDS and HIDS are equal form a central control perspective Little Training required **** ** HIDS requires less training than NIDS Total cost of ownership *** ** HIDS cost you less to own in the long run Bandwidth requirements on (LAN) 0 2 NIDS uses up LAN bandwidth. HIDS does not. Network overhead 1 2 The NIDS has double the total network bandwidth requirements from any LAN Bandwidth requirements (internet) ** ** Both IDS need internet bandwidth to keep the pattern files current Spanning port switching requirements **** NIDS requires that port spanning be enabled to ensure that your LAN traffic is scanned. Update frequency to clients **** HIDS updates all of the clients with a central pattern file. Cross platform compatibility ** **** NIDS are more adaptable to cross platform environments. Local machine registry scans **** Only HIDS can do these types of scans. Logging *** *** Both systems have logging functionality Alarm functions *** *** Both systems alarm the individual and the administrator. PAN scan **** Only HIDS scan you personal area networks. (unless you have the $ to get a NIDS for your home) Packet rejection **** Only NIDS functions in this mode. Specialist knowledge *** **** More knowledge is required when installing and understanding how to use NIDS from a network security perspective. Central management ** *** NIDS are more centrally managed. Disable risk factor * **** NIDS failure rate is much higher than HIDS failure rate. NIDS has one point of failure. HIDS and NIDS Advantages: HIDS Advantages: The primary advantage of NIDS is that it can watch the whole network or any subsets of the network from one location. Therefore, NIDS can detect probes, scans, malicious and anomalous activity across the whole network. These systems can also serve to identify general traffic patterns for a network as well as aid in troubleshooting network problems. NIDS also is not able to understand host specific processes or protect from unauthorized physical access. NIDS Advantages: HIDS technology does not have the benefits of watching the whole network to identify patterns like NIDS does. A recommended combination of host and network intrusion detection systems, in which a NIDS is placed at the network border and an HIDS is deployed on critical servers such as databases, Web services and essential file servers, is the best way to significantly reduce risk. Solution Task-4 How a variety of overruns and format string bugs can alter the program flow on program. b. Five methods of causing havoc by unauthorized altering of memory using a buffer overflow. c. THREE C++ functions ONE well-recognized method of preventing buffer overflow. How a variety of overruns and format string bugs can alter the program flow on program. A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information which has to go somewhere can overflow into adjacent buffers, corrupting or overwriting the valid data held in them. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new instructions to the attacked computer that could, for example, damage the users files, change data, or disclose confidential information. Buffer overflow attacks are said to have arisen because the C programming language supplied the framework, and poor programming practices supplied the vulnerability. In July 2000, a vulnerability to buffer overflow attack was discovered in Microsoft Outlook and Outlook Express. A programming flaw made it possible for an attacker to compromise the integrity of the target computer by simply it sending an e-mail message. Unlike the typical e-mail virus, users could not protect themselves by not opening attached files; in fact, the user did not even have to open the message to enable the attack. The programs message header mechanisms had a defect that made it possible for senders to overflow the area with extraneous data, which allowed them to execute whatever type of code they desired on the recipients computers. Because the process was activated as soon as the recipient downloaded the message from the server, this type of buffer overflow attack was very difficult to defend. Microsoft has since created a patch to eliminate the vulnerability. (b) Five methods of causing havoc by unauthorized altering of memory using a buffer overflow. A Hybrid Method of Defense against Buffer Overflow Attacks: (1) Stack Guard : The Stack Guard compiler is the most well known dynamic method of defense against buffer overflows attacks. It is designed to detect and stop stack based buffer overflows attacks targeting the return address on the stack. It guards the return address by placing a dummy value (canary value) between the return address and the stack data just before transferring control to a function. StackGuard protection can be subverted if the attacker can guess the dummy value, or by abusing a pointer to the return address. (2) Stack Shield: This is a compiler patch for GCC , which is also based on the idea of protecting the return address on the stack. It implements three types of protection; two of them defend against overwriting of the return address and one against overwriting of function pointers. It basically implements all of them using auxiliary stacks or global variables to maintain copies of the original contents i.e. contents before function calls and then compares the respective contents before returning control, to determine if the return address or function pointers have been tampered with. (3) Propolice : Propolice is a GCC patch [7] that is perhaps the most sophisticated compiler based protection mechanism. It borrows the idea of protecting the return address with canary values from StackGuard. Additionally it protects stack allocated variables by rearranging the local variables so that character buffers are always allocated at the bottom, next to the old base pointer, where they cannot be over flown to harm any other local variables. (4) Libsafe/Libverify : This tool is similar to the solution proposed in this paper as it also provides a combination of static and dynamic protection. Statically it patches exploitable buffer manipulations functions in standard C library. A range check is done by a safe wrapper function before proceeding with the actual operation, which ensures that the return address and the base pointer cannot be overwritten.. (5) LibsafePlus: This is a newly developed tool for runtime buffer Overflow protection. The idea of their protection method is similar to that presented in this paper; that is they first collect the size information of buffers in the program and then use it to detect overflows via function call interception as in Libsafe. They use a tool called TIED: Type Information Extractor and Depositor. (c) Describe at least THREE C++ functions : Canary-based defenses. Non-executing stack defenses. Other approaches. Canary-based defenses Researcher Crispen Cowan created an interesting approach called StackGuard. Stackguard modifies the C compiler (gcc) so that a canary value is inserted in front of return addresses. The canary acts like a canary in a coal mine: it warns when something has gone wrong. Before any function returns, it checks to make sure that the canary value hasnt changed. If an attacker overwrites the return address (as part of a stack-smashing attack), the canarys value will probably change and the system can stop instead. This is a useful approach, but note that this does not protect against buffer overflows overwriting other values. 2. Non-executing stack defenses Another approach starts by making it impossible to execute code on the stack. Unfortunately, the memory protection mechanisms of the x86 processors (the most common processors) dont easily support this; normally if a page is readable, its executable. A developer named Solar Designer dreamed up a clever combination of kernel and processor mechanisms to create a non-exec stack patch for the Linux kernel; with this patch, programs on the stack can no longer be normally run on x86s. It turns out that there are cases where executable programs are needed on the stack; this includes signal handling and trampoline handling. Trampolines are exotic constructs sometimes generated by compilers (such as the GNAT Ada compiler) to support constructs like nested subroutines. Solar Designer also figured out how to make these special cases work while preventing attacks. 3. Other approaches There are many other approaches. One approach is to make standard library routines more resistant to attack. Lucent Technologies developed Libsafe, a wrapper of several standard C library functions like strcpy() known to be vulnerable to stack-smashing attacks. Libsafe is open source software licensed under the LGPL. The libsafe versions of those functions check to make sure that array overwrites cant exceed the stack frame. However, this approach only protects those specific functions, not stack overflow vulnerabilities in general, and it only protects the stack, not local values in the stack. Their original implementation uses LD_PRELOAD, which can conflict with other programs. (d) ONE well-recognized method of preventing buffer overflow: Preventing Buffer Overflows Buffer overflow vulnerabilities are the result of poor input validation: they enable an attacker to run his input as code in the victim. Even when care has been taken to validate all inputs, bugs might slip through and make the application insecure. This article presents the various options available to protect against buffer overflows. These methods either check for insecure function calls statically, look for overflow during runtime dynamically or prevent execution of code on the stack. Non-executable stack: In this method the stack is configured not to hold any executable code. Kernel patches are available for both Linux and Solaris for configuring a non-executable stack. Data execution prevention in Windows XP and 2003 also protect the stack against buffer overflow. This method protects against stack-based buffer overflow attacks. Static Analysis: In static analysis the source code is parsed for dangerous library calls and race conditions to detect potential buffer overflows. Functions like strcpy and sprintf are vulnerable to buffer overflows, so source code scanners are used to look for incorrect use of these functions. RATS and SPLINT are two such tools; however static analysis is riddled with false positives. Dynamic runtime protection: Buffer overflow conditions are detected during the actual running of the program in this method, and an attack thwarted. Different techniques of dynamic runtime analysis are: Canary: When a function call is made, a canary is added to the return address; if a buffer overflow occurs, the canary will be corrupted. So, before returning to the parent function, the canary is checked again to see if it has been modified. Stack Guard uses this technique by implementing it as a patch to the GCC complier; this causes minimum performance delays. Free BSD also has a patch available to do this. Copying Return Address: In this method, the return address is saved separately; so even when a buffer overflow exploit overwrites the return address on the stack, it is set back to the original value when the function returns.
Subscribe to:
Posts (Atom)