Improving WPA and WPA2

Improving WPA and WPA2 Introduction: WPA is an acronym for â€Å"Wi-Fi Protected Access†. It was designed and developed by Wi-Fi alliance as a reponse to the weaknesses and vulnerabilities in the previous wireless security protocol i.e. WEP (Wired Equivalent Privacy). It is a certification program developed by WiFi alliance to indicate compliance with the previous security protocol and secure wireless networks. WPA2: WPA2 is vulnerable to insider attack(If attacker is in the network or somehow gets into the network) under certain conditions. Following are the attacks on WPA/WPA2: PSK (Pre-Shared Key) vulnerability. PSK cracking tool, Eavesdropping. (Attack on PSK Authentication) PEAP mis-configuring Vulnerability. (Attack on Authetication Server) TKIP Vulnerability. (Attack on Encryption) Encyption in WPA2: There are two types of keys used in WPA2 for encryption: Pairwise key(PTK): It is used to protect unicast data frames. Group key (GTK): It is used to protect group addressed data frames like Broadcast APR data request frames. It is used as an encryption key in Access Point(AP) while as a decryption key in Client. Analysis and Improvement of 802.11i (WPA2): The security requirement for WLAN(Wireless Local Area network) industry are data confidentiality. Intergrit, mutual authentication and availability. Primary recommendations: CCMP should be used for data confidentiality. Mutual Authentication must be implemented for security concerns. Addresses DoS(Denial of Service ) in MAC (Medium Access Control)layer. Wireless Threats: Passive Eavesdropping/ Traffic Analysis: An attacker can easilty sniff and store all the traffic in the WLAN. Message Injection / Active Eavesdropping: An attacker is capable of inserting a message into the wireless network with the help of NIC cards(Network Interface cards). Attacker can generate any choosen packet, modify contents of the packet and completely control the transmission of the packet. Message Deletion and Interception: It is done by interfering with the packet reception processon the receivers antenna. eg. Causing CRC errors so that the receiver drops the packet. Message interception means that an adversary is able to control a connection completely i.e an attacker can capture a packet before the receiver actually receives it and decide whether to delete the packet or forward it to the receiver. Masquerading and Malicious AP (Access Point): An attacker can learn MAC addresses by eavesdropping and it can also spoof MAC address. Session hijacking: An adversary may be able to hijack alegitimate session after the wireless devics have finished authenticatin themselves successfully. It can be overcome using data confidentiality and strong integrity meachanism Man in the Middle Attack (MitM): ARP cache posioning is a type of Man in the Middle Attack in case of wired connection. Denial of Service(DoS): An adversary is capable of making the whole Basic Service Set (BSS) unavailable, or disrupting the connection between legitimate peers . Ex. forging the unprotected management frames, protocol weaknesses or jamming of frequency bands with denial of service to the legitimate users. Data Confidentiality and integrity: It defines threee confidentiality security protocols: WEP (Wired Equivalent Privacy). TKIP (Temporal Key Integrity Protocol) CCMP (Counter Mode Cipher Blocking chaining MAC (Message Authetication Code) Protocol). A temporal key (TK) is assumed tobe shared between peers before executing any data confidentiality protocols. Authentication and Key Management: There are two types of Authetication systems: Open System Authetication. Shared Key Authentication. These are not secured so IEEE802.11i definesa new standard viz. RSNA (Robust Security Network Association) RSNA establishment procedure: Network and Security Caability Discovery. 802.11 Authentication and Association. EAP / 802.1X / RADIUS Authentication. 4-way handshake Group key handshake. Secure data communication. Availability: Main cause is due to DoS attack: First, an adversary can launch an 802.11i attack much more easily than a physical layer attack, with only moderate equipment. Second, it is much more difficult for a network administrator to detect and locate these attacks. Layer abstraction is a very important concept in networks, requiring each layer to provide independent functionality separately. Michael Algorithm is used to solve above problems. It woks as follows: When a incorrect packet is detected by Access point, it waits for 60 secs,within this time span of 60 secsif another incorrect packet is received by access point from the same source then it shut down that link. Application: 1. Security for Mobile ATE: The data collected from hardware systems using mobile phones, PDAs application needs to be protected as currently many internet like things are done on mobiles only. We are also aware that the security in mobile phones while accessing internet is not secured.To overcome this, many ATE (Automatic test Equipment) are isolated from networks and run in stand-alone environments. An ATE system describes a single hardware device performing test measurements or a group of devices testing another hardware system. Mobile app developers need to focus on securing data using apps: Configuration of the mobile device. Apps running on the device. Equipment communicating with the device. Wireless connection between the device and ATE. When ATE is sending data out from the device, it can use an https connection, data encryption and user authenticationto ensure that the non-trusted sources will not have access to the data.The wireless connection between the device and the server should be secured using wireless security protocols like WPA,WPA2, HTTPS and AES encryption. Below fig. shows the security concerns for the mobile devices. Fig. Major Mobile Application Server Areas Securing the Wireless Connection: The mobile device should never connect to the ATE system through an unsecure WiFi network. Users must connect to the networks that implements strongest security protocol with encryption included. In strict scenarios, the application must use a secure VPN(Virtual Private Network) to connect to the server. Securing the mobile Device: No amount of coding, server configuration or wireless setup will be useful if the hardware containing the mobile application has already been compromised. Before installing any application on the mobile device, user must check that they have ot already compromised their systems security features by jailbreaking or rooting the device. A jailbroken device is that device where user removes â€Å"Operating system limitations imposed by the manufacturer†. By both of the process i.e. jailbreaking or rooting, all of the security features that the system designers built-in to protect users are put into jeopardy. Securing the Application: Application must not gain too much controlof the mobile device. Each application must be independent of each other i.e one application must not call other application or use resources of the other. Securing the ATE system: The administrator and the developer on the ATE server need to work together to assure that the server providing the mobile apllication data is secure. Most of the data processing must be done on the ATE server side as it is difficult for the attacker to access data and also computing power is ore on server side. (A)Data Acquisition Methodology: Obtaining black -listed IP addresses: It was obtained from a german website, which was not up-to-date. This blacklisted IP addresses were the primary source for quantifying illegal activities. Associating blacklisted IP addresses with geographic locations: IP addresses were never assigned to a specific geographical area or region. IP addresses were assigned to organisations in blocks or assigned to residences through fixed commercials ISPs. Maxmind provided one such tool named GeoIP. The GeoIP tool contains a database of IP addresses and their corresponding global location information viz. City, State, Country, longitude and latitude. Obtaining security statistics of WiFi deployments: The statistics of WiFi deployments such as percentage of secure access points and the number of blacklisted IP address occuring within the specific deployments for cities. (B) Data Manipulation Methodology: It involves processing the data. Depending on the number of IP addresses balcklisted, city were choosen i.e the city having highest number of blacklisted IP addresses were considered. Data Analysis Methodology: We generated derived statistics of fileds such as IP address availability, WiFi network security and the number of blacklisted IP addresses. Results of Data realated Methodology: Suggestion: After 2006, every wireless enabled device is WPA/WPA2 certified and Trademarked by WiFi alliance. The biggest hurdle is that users are unaware of the wireless security protocols and in the security dialogue box also first one is â€Å"None† and after that there is a list from WEP to WPA2. It has been seen that the user choose â€Å"None† or WEP as a security protocol without knowing exactly what that security protocol does as it comes earlier in the list. So, the first and the foremost thing is do make user aware of the protocols and advice them to use better protocol as per the requirements. For Ex.,Corporate world must use the toughest to decipher protocol whereas normal user can use somewhat lighter version of the protocol with good password, but it must never have the Wireless access without any security protocol i.e. none. References: Security for Mobile ATE Applications by Susan Moran. Malicious WiFI Network: A First Look by Andrew Zafft and Emmaneal Agu. Security Analysis and Improvements for IEEE 802.11i by Changhua He and John C Mitchell .

The Chancery Procedure in the Juvenile Court, in The Child, The Clinic, and the Court Essay

From 1899, the juvenile court has always handle three types of juvenile cases. These cases include: child neglect, abuse and other status offences. Juvenile delinquency cases are unlawful action that is performed by the minors which would therein be crimes if they were partaken by adults. Status offences are on the other hand noncriminal offences which are deemed offences if they are committed by the minors. The common examples of these status offences include running away and truancy. Till 1960s, both noncriminal and criminal behaviors were all considered to be forms of delinquents. Hence the law did not differentiate between delinquents and status offenders. In neglect and child abuse cases, the court will always provide protection for children who are abuse or neglected. In the year 1994, delinquency cases made up to 64% of the total juvenile cases in these courts, with status offences making 15% and neglect and abuse cases making 16% of the total national juvenile court cases. I have discussed all these types of these cases below with the description of these court processes that are involved in the handling of these cases along with the current policy issues which are involved. It is worth noting that though these cases seem to be different from each other, there are some common themes and values which are applied in handling these cases. The most obvious of these is the judges which are handling these cases to note that these children need to be taken care of for their development in making legal decisions making much attention to the legal needs of children along with their families. Secondly, even if the court is one of the institutions that work to the betterment of the families and children, it is posed with a unique and awesome power in delinquency, child abuse cases and the status offences cases. Juvenile court has powers to separate the children from their parents, can also order these minors to live in confined places, also they can end the biol ogical right of relationship between a child and the parent and create for them other new parental rights. As these decisions are deemed to be very serious and fundamental to the well being of children, ensuring these courts possesses adequate resources is very vital as it handles every type of cases. Judges require information, workable facilities and adequate training so that it can be able to handle these cases in the most appropriate manner. Adequate representation of all the involved parties should always be in the court proceedings. All the communities need to have safe, effective program and placements which are available for children coming before the court. As it would be very clear from the subsequent discussion, these courts handle very difficult workloads and involves the most emotion laden and very controversial issues in most parts of the society. Because of this, these decisions have in many cases faced disagreements. The extent to which these cases should be equipped and expanded to equip them with the resources that are required for them to adequately perform their roles has formed basis of many discussions and debates. Lastly, as these courts make decisions which are very vital in the societal development, they are most often the subject of the social media and in most cases form the basis for political platform. So judges should always have the urge to play leadership roles, both in the agencies which serve children and the broader community so as to encourage thoughtful and deliberative approaches to all these problems, instead of other approaches which are reached hastily. Delinquency The juvenile handling of the delinquent case is the one which is always handled by these courts in the general public perception. When unlawful deeds are committed by the minors, these cases are usually brought under these courts as delinquent cases. These cases in most cases include petty theft, misdemeanors, vandalism and also some kind of felonies like robbery and other aggravated assaults. The maximum age handled by these courts are typically determined by the state laws. In the District of Columbia and other 37 states, the maximum age for this is 17 years of age, in other 10 states it is 16 and in the rest 3 this is set to a maximum of 15 years. Currently these courts have become the centre stage for public concern due to the increasing number of crimes and the high rate of juvenile related crimes. Recently these courts have been criticized for their perceived leniency towards their decision on these juvenile delinquents. One of the best examples of this is the inability of these courts failure to impose sentences that go beyond 21 years of age. High visibility and serious violent crimes that are committed by minors have always captured the public interests and attention drawing juvenile offenders’ treatment to get tougher on crimes that have been popular politically for the past twenty years. This public fear of the juvenile court jurisdiction has resulted into some changes in the jurisdiction of the juvenile courts. Since 1992, the executive and the legislative branch in 41 states has hence limited the jurisdiction of the cases that involve chronic offenders, violent and shifted these court cases from their rehabilitative tradition which have involved addressing offenders rather than the offences which has been committed toward a more punitive system which is focused on the offence itself. For instance, 14 states in the year 1990 had to amend their codes to clearly list public safety as the sole purpose of the juvenile justice system; the punishment is listed as either primary or one of the several purposes of the court system in 28 states. The most significant thing that has happened since 1992 is that all but 10 states have structured adult courts in a manner that they can be able to handle juvenile cases. In most of the instances when the minors are convicted in the a dult courts, it really posses a possibility that the minor may be sentenced to the prisons instead of being placed in juvenile facilities that offers rehabilitative programs. Even though the violent juvenile cases grab most of the interest and headlines from the media and tend to have the highest influence on the justice system, most of the juvenile courts handle less serious crimes. Mostly, the highest numbers of cases that are handled by most of the juvenile courts involve cases like vandalism, motor vehicle theft in which they mostly belong to their parents and larceny cases. In 1992, police made a lot of juvenile arrests and contrary to the perception of the public; the most serious charge was a property offence charge in the 57% of the total cases. Offences against persons like assault and robberies comprised of 215 of the total cases, disorder conduct which is a form of public order offence showed to be like 17% of the cases with the 155 being taken by the drug law violation. In spite of the young people being not disproportionately responsible for the most violent crimes, they always commit more than their share of property criminal offences. For instance in the year 1992, the youth aged between 10 to 17 years of age comprised 13 % of the US population and they were responsible for like the same percentage of their population of all the violent crimes which were committed in this year and they were responsible for more than 23% of the property crimes which is more than their proportion portion of their population. Purpose of the research Currently it has been more than 100th anniversary of these juvenile court approaches. This paper will provide an insight for the explanation of the cases that are handled by these courts along with the current trends and issues that have cropped up in these juvenile courts. The main goal of this research paper is to present an apparent description of these courts today and hence address the future challenges along with the recommendations to be adopted. This paper majorly addresses the court’s status and their ability to handle these cases along with the improvements that should be adopted for these courts to be able to partake their roles in the most appropriate manner. The research methodology In my data collection, I will employ both primary and secondary data methods of data collection. Primary methods Census- I will carry out census where I will talk to the many stakeholders and other involved associations and institutions although this method is somehow expensive because of the cost involved. Samples- I will sample out some of the involved people and stakeholders Observation- I will visit some of the juvenile courts to get the real state on the ground. The secondary sources of data collection Questionnaires- I will develop many questionnaires which I will use to get the information required to carry out my research. Surveys- through the questionnaires, I will sample out and send some surveys to the stakeholders and these specialized institutions. Books, web, magazines, journals and other online sources- I will use the already available written materials to get complete insights on this topic. In my data analysis, I will include the following methods of data analysis Content analyzes This is the most simple and widely employed method of data analysis. It can be defined as the systematic description of behavior which asks, who? Where and how? And what questions within a formulated set of rules so as to limit the effects of bias in analysis. It could be the most preferred technique which is employed to analyze semi-structured interviews and cognitive interview testing. Narrative analysis- I will employ narrative analysis to analyze data where I will focus on the people’s stories and how they think about the issue in question. Although I will not treat these stories as the true facts I highly employ them to get how people think and feel about these juvenile courts. 3. Grounded Theory This is the most standard and classical technique that is employed in analyzing social data. It uses hierarchical and systematic data set. It develops a set of inductively derived hypothesis that is grounded on the data. Triangulation In this method of data analysis I will combine both the quantitative and qualitative data analysis to come up with a precise data interpretation. Data presentation In my data presentation, I will employ many methods which would be very appropriate for this data. Frequency distribution table In this method I shall be focusing on the occurrence of a certain variable like a certain facility in the juvenile courts according to each state court system. Graphical methods Here I will try to focus on the relationship of variables in the court system. Charts These will be used to show the extent to which a certain variable has been employed in the courts. References Julian Mack, The Chancery Procedure in the Juvenile Court, in The Child, The Clinic, and the Court (19’25), p. 310. Julian Mack, The Juvenile Court, 23 Harv.L.Rev. 104, 119-120 (1909).Shears, Legal Problems Peculiar to Children’s Courts, 48 A.B.A.J. 719, 720 (1962) January 2007 publication, California’s Criminal Justice system.Vitaly Friedman (2008) â€Å"Data Visualization and Infographics† in: Graphics, Monday Inspiration, January 14th, 2008. Lengler, Ralph; Lengler, Ralph. â€Å"Periodic Table of Visualization Methods† Source document

Materials Management Proposal

Materials and operations management play a crucial role in the success of any organization. Of particular importance to the materials and operations divisions is management’s complete understanding of the hospitals functions as a whole entity. After reading this paper, one will understand the importance of materials management and operations management as well as how both departments must work together to ensure the hospital runs efficiently and maintains profitability. Furthermore, one will also understand the importance of a supply chain and possible constraints to the implementation of the process. Additionally, one will understand the effects of a new collaborative planning process and why such a process is beneficial to the hospital. Finally, suggestions will be given to enable the hospital to manage the supply chain in situations of disaster. Role of Materials and Operations Management Materials management is perhaps the most important part of health care as â€Å"total expenditures can total nearly 50% of a hospital's budget† (Langabeer, 2008, p. 41). Materials managers are held responsible for many functions. However, the most important attribute a materials manager must possess is coordination. â€Å"Materials management directs the healthcare supply chain by coordinating the flow of goods from manufacturers, through distributors, through hospital receiving docks, to the point of ultimate use or consumption† (Langabeer, 2008, p. 242). Operations management is another important function of a hospital. Healthcare operations management is the quantitative management of the supporting business systems and processes that transform resources (or inputs) into healthcare services (outputs)† (Langabeer, 2008, p. 6). Just as materials managers have many functions and goals, so too do operations managers. Key functions of the operations manager include â€Å"workflow, physical layout, capacity design, physical network optimization, staffing levels, productivity management, supply chain and logistics management, quality management, and process engineering† (Langabeer, 2008, p. ). Goals of the operations manager include reducing costs, reducing variability and improving logistics flow, improving productivity, improving the quality of customer service, and continuously improving business processes (Langabeer, 2008). However, the most important goal operations managers must strongly consider when implementing a materials management plan is reducing costs. Operations managers have many opportunities to reduce costs. Costs can be reduced by analyzing budgets, tracking resources, and finding ways to reduce product and services costs. â€Å"Finding waste, improving utilization, and generally stabilizing and reducing the overall cost of delivering services are essential functions† (Langabeer, 2008, p. 9). The most effective way for operations managers to reduce costs is to record all aspects of the organization and periodically review progress either monthly or quarterly. A hospital with appropriate tracking and management systems will be much more likely to reduce costs because it understands the underlying cost structure† (Langabeer, 2008, p. 9). A few ways materials management influences operations management are as follows: â€Å"the nature of the activities† in the materials management department â€Å"is actually quite operational, they have an impact on downstream departments and patient satisfaction, they are labor-intensive processes, and many times they draw from the s ame labor talent pool† (Langabeer, 2008, p. 244). Constraints to the Supply Chain Constraints are inevitable and every organization is prone to them whether the organization is in the manufacturing sector or service sector. A few constraints hospitals face include â€Å"managing supply levels, higher labor costs, space constraints, and multiple product classifications† (Sentient Health, 2007). Considering the above constraints, the main goal of both operations and materials managers is to reduce costs. The most beneficial way for hospitals to overcome constraints as well as reduce costs is to automate the supply chain. Supply automation is the use of technology to streamline inventory, consumption, charging and ordering procedures. Examples of this include the use of bar codes or radio frequency identification to identify and track inventory as it moves throughout the supply chain† (Sentient Health, 2007, p. 2). However before implementation can begin, the hospital must evaluate the advantages of automation as well as t he factors the hospital must consider when deciding to implement such a system. According to Sentient Health (2007), the advantages of automation include â€Å"reduced manual effort, greater information accuracy, improved inventory performance, improved cash flow, improved space utilization, and improved purchasing decisions† (p. 3). While understanding the benefits of such a system is important to the process, knowing which areas the system will have an effect on is detrimental to the hospitals implementation success. Factors to consider before implementing such a system include â€Å"mobility, ease of use, cost/budget/objectives, flexibility/ease of integration, and reporting† (Sentient Health, 2007, p. 3). Effects and Justification of a New Collaborative Planning Process Although automation is one option for the hospital to reduce costs and improve supply chains, other options such as sales and operations planning (S&OP) and collaborative planning, forecasting, and replenishment (CPFR). The main focus of S&OP is to coordinate demand and supply with the intention of increasing the hospital’s profitability (Langabeer, 2008). To ensure the S&OP process is successful, the hospitals operations management must focus on four key principles: (1) provide a common base of information around the immediate market dynamics; (2) manage supply chain performance; (3) manage product portfolios collaboratively; and (4) create business plans and scenarios in which departments can share. According to Langabeer (2008), â€Å"benefits from the S&OP process include better cross-functional alignment, gap analysis, more efficient resource planning, and more effective use of promotional resources† (p. 338). CPFR is another option available to the hospital. â€Å"CPFR seeks to improve the relationship between retailers and suppliers with the intent to achieve full collaboration and improve the sharing of information around consumer point-of-sales data through the retail supply chain to improve overall chain performance† (Langabeer, 2008, p. 338). The main difference between CPFR and the other two options available to reduce costs and improve supply chains is a set of guidelines operations managers must follow during implementation. The guidelines are as follows: (1) share a common philosophy among all parties of implementation; (2) operations managers must use specific definitions and detail into the business process; (3) operations managers must ensure data resulting from the process is precise, easily accessible, and understood completely by all parties taking part in the process. Finally, for CPFR to be successful, milestones must be set. Particular milestones of importance to the hospital â€Å"include an improvement in forecasting accuracy, improvements in customer service levels or fill rates to providers, increased product line availability, reduction of inventory levels, and generally better financial cash flows† (Langabeer, 2008, p. 340-341). Coping in a Disaster Situation Disaster situations are difficult to plan for because disasters are unpredictable. However, materials and operations managers must understand the implications a disaster situation has on the hospital as well as ways to effectively handle such a situation to ensure patient safety, customer satisfaction, and profitability remain a priority. Richey (2009) refers to a pyramid when discussing supply chains in disaster situations. The composition of the pyramid includes the following tiers: capstone-resource management; left-facing front corner-collaboration, which is based on the relationship management theory; right-facing front corner-communication, which is based on communication theory; and back corner-contingency planning, which is based on the competing values theory. According to Richey (2009, p. 621), he interconnection† of the above principles include â€Å"(1) finding ways to effectively partner and develop improving collaborative relationships built of long-term commitment; (2) fostering information development and exchange for facilitating strategic planning based in limited safeguarding; and (3) developing contingency programs that incorporate the flexibility for responding to the inevitable changes in expected events while pursuing sometimes inconsistent goals. Conclusion  Materials and operations management work hand-in-hand to ensure the hospital runs as efficiently as possible. Furthermore, understanding all aspects of the supply chain will ensure materials and operations managers are readily equipped to deal with situations of disaster. However, operations and materials managers must understand the importance of such a concept. Understanding how to handle such a situation will ensure materials and operations managers the ability to maintain order as well as patient safety and continued profitability.

Meiosis Study Guide, Overview and Diagrams