Saturday, August 31, 2019

Facts about Jose Rizal Essay

Jose P. Rizal, a man of exceptional talent and intelligence, is the National Hero of the Philippines. That’s a fact (and might be the only fact) that every Filipino knows about Jose Rizal. One might ask, â€Å"How about his name?† Well, that might be uneasy because his full name is Josà © Protacio Rizal Mercado y Alonso Realonda. Let’s be honest that if we will be asked by some people about some things related to Rizal without the help of any references, we can only say less. If that’s make you curious, then here are several interesting facts about Dr. Jose P. Rizal. Most Filipinos don’t know about these trivia about Jose Rizal – verify it yourself if you’re a Filipino. At age two, Jose Rizal could already write and read. He wrote his first poem at the age of 8 entitled ‘Sa Aking Mga Kababata’ (To My Fellow Youth). Just like other Filipinos who are eagerly trying their luck to win the lottery, Rizal also joined such type of gambling where he won one-third of the grand prize (Php 18,000.00) with ticket number 9736. He gave a portion to his father, a friend in Hong Kong and he spent the rest buying agricultural lands in Talisay. He mastered 22 languages: Hebrew, Filipino, Ilokano, Bisayan, Subanon, Chinese, Latin, Spanish, Greek, English, French, German, Arabic, Malay, Sanskrit, Dutch, Japanese, Catalan, Italian, Portugese, Swedish and Russian. Rizal was too small for his age and made him a target of Pedro’s bullying, insulting Pepe in front of the other students at the school of Maestro Justiniano Cruz. Equipped with his Uncle Miguel’s teachings about the art of wrestling, Rizal challenged Pedro to a fistfight. Rizal won and became popular as he proved himself a worthy opponent. Rizal could show too much sarcasm because of his love for his country. Why  and how? Back in Dapitan when he received three visitors in his house in Talisay, he offered the woman named Donya Manuela with Bagoong. The lady ignored the bagoong saying that they do not eat bagoong in their country because it contains worms. With that, Rizal responded saying that he had been in her country and people there eat little birds without taking out intestines. During his exile in Dapitan, he was able to establish a school where he had 21 pupils who were never asked to pay for tuition but was required by Rizal to work for the community. During the class discussion, when his students couldn’t answer his questions correctly, he would jokingly pinch his students. Rizal is one of the few recognized ‘Renaissance man’ in the world. A Renaissance man is a well-educated person and one who excels in a wide variety of subjects or fields. He was an anthropologist, ethnologist, economist, sociologist, educator, architect, engineer, sculptor, painter, playwright, novelist, historian, journalist, farmer, dramatist, ophthalmologist, martial artist, and a cartographer, among other things. Three animal species were named after Rizal; Draco Rizali, a species of flying dragon, Rachophorous Rizali, a species of toad and Apogonia Rizali, a beetle species. Jose Rizal graduated in Ateneo Municipal de Manila as one of the nine students in his class declared as ‘sobresaliente’ or ‘outstanding’. However, he didn’t really top his class when he was in high school. They were 10 in class and only 2 of them got low grades. So basically, the rest earned the same grade Rizal did. Considering that he lived during the latter part of the 19th century where the only means of long distance travel is by ship, he can be considered a very well traveled man. He traveled extensively and had been to the United States, Spain, Great Britain, France, Austria, Germany, Belgium, Switzerland, Czech Republic, Italy, Singapore, Borneo, Hong Kong, China and  Japan. Not even a millionaire today could afford the numerous and extensive travels of Jose Rizal during his time. Rizal’s most famous quotation: ‘Ang hindi magmahal sa sariling wika, daig pa ang hayop at malansang isda’. (He who does not love his own language is worse than an animal and smelly fish). Monuments in honor of Jose Rizal were not only erected in the Philippines but also in various parts of the world like Madrid, Spain; Wilhelmsfeld, Germany; Jinjiang, Fujian, China; Chicago, Cherry Hill Township, San Diego, Seattle, U.S.A.; Mexico City, Mexico; Lima, Peru; Litomerice, Czech Republic; and Toronto, Ontario, Canada. Did you know that Rizal was addressed by his European lover as the ‘little bad boy’? Filipinos are truly honest with themselves saying Rizal was not that handsome – and given the fact he was a man of medium height and small built. However, Jose Rizal had his way with women – it might be his humor, knowledge or the way he present himself. On the series of letters that were discovered to be love messages for Rizal, a Belgian woman named Suzanne wrote: ‘There will never be any home in which you are so loved as that in Brussels. So, you little bad boy, hurry back.’ (Partly related with Fact #13) There are rumors that Rizal was a playboy having a lot of girls mentioned in his autobiography and until now many believe that he really had a lot of girlfriends but the truth is that he only had few real relationships. The other girls were all just flings. and some were just plain friends. His poem Mi Retiro (My Retreat) was written when he was sick and could not work. A religious sect named the Rizalista – members of Cruzado, claims that Jose Rizal is the reincarnation of Jesus Christ. They believe that the execution in Bagumbayan was just a phase that he had to endure to be in the presence of God. They also believe that Rizal is still alive and lives deep in the  forest of Mount Makiling. There are rumors that Rizal’s book entitled El FIlibusterismo was inspired by Alexandre Dumas’ novel The Count of Monte Cristo considering that it was actually one of Rizal’s favorite stories. Quite unusual for a man about to be executed, but his pulse proved to be normal when the Spanish surgeon general requested to take his pulse moments before Rizal’s execution. Rizal was indeed ready and unafraid of his fate. Because of his famed reputation as a Casanova, it was believed that he was involved with a beautiful woman living somewhere in the border of Germany and Austria making people spread statements that Adolf Hitler of Germany and Mao Zedong of China were sons of Jose Rizal. The dam he built in Dapitan was built using burned shells and bricks that were made from the machine he built. In his letter to his best friend, he said that the dam was built by him and fourteen young boys (his students). Filipinos believe that the reason why Rizal was really intelligent is because he was born with a big head. Ambeth R. Ocampo, a multi-awarded Filipino historian, got a hold of Rizal’s original writings which revealed Rizal’s markings and side notes of male organ of different sizes that were drawn all over the book. Rizal was never really a licensed doctor. He never graduated medicine. Technically, he couldn’t really be called Doctor. Rizal was never really a dentist. He just did some self-studying and ‘pretended’ to be one. When Rizal came back, Olimpia, his most beautiful, pregnant sister, was his first patient. He assisted her delivery. Olimpia died as well as her child due to profused bleeding. And Rizal noted in his diary: ‘She would’ve died anyway†¦Ã¢â‚¬â„¢ (Well, that might be a pain reliever joke of him.)

Friday, August 30, 2019

Contract Act 1872

Legal Aspects Of Business – Indian Contracts Act 1872 Indian Contract Act 1872 is the main source of law regulating contracts in Indian law. CitationAct No. 9 of 1872 Enacted byParliament of India Date enacted25 April 1872 Date commenced1 September 1872 The law relating to contracts in India is contained in Indian Contract Act, 1872. The Act was passed by British India and is based on the principles of English Common Law. It is applicable to the All States of India except the State of Jammu & Kashmir. It determines the circumstances in which promise made by the parties to a contract shall be legally binding on them.All of us enter into a number of contracts everyday knowingly or unknowingly. Each contract creates some right and duties upon the contracting parties. Indian contract deals with the enforcement of these rights and duties upon the parties in India. History The Indian Contract Act came into force on 1 September 1872. It Was Enacted Mainly With a View To ensure Reason able Fulfillment of Expectation Created By the promises of the parties and also enforcement of obligations prescribed by an agreement between the parties.The Third Law commission of British India formed in 1861 under the stewardship of chairman Sir John Romilly, with initial members as Sir Edward Ryan, R. Lowe, J. M. Macleod, Sir W. Erle (succeeded by Sir. W. M. James) and Justice Wills (succeeded by J. Henderson), had presented the report on contract law for India as Draft Contract Law (1866). The Draft Law was enacted as The Act 9 of 1872 on 25 April 1872 and the Indian Contract Act, 1872 came into force with effect from 1 September 1872. Before the enactment of the Indian Contract Act, 1872, there was no codified law for contract in India.In the Presidency Towns of Madras, Bombay and Calcutta law relating to contract was dealt with the Charter granted in 1726 by King George I to the East India Company. Thereafter in 1781, in the Presidency Towns, Act of Settlement passed by the B ritish Government came into force. Act of Settlement required the Supreme Court of India that questions of inheritance and succession and all matters of contract and dealing between party and party should be determined in case of Hindu as per Hindu law and in case of Muslim as per Muslim law and when parties to a suit belonged to different persuasions, then the law of the defendant was to apply.In outside Presidency Towns matters with regard to contract was mainly dealt with English Contract Laws; the principle of justice, equity and good conscience was followed. Development The Act as enacted originally had 266 Sections, it had wide scope and included. General Principles of Law of Contract::::::::: 1 to 75 Contract relating to Sale of Goods::::::::::::76 to 129 Special kinds of Contracts (includes indemnity, guarantee, bailment & pledge:::::::::::::::::125 to 238 Contracts relating to Partnership::::::::::::239 to 266 Indian Contract Act embodied the simple and elementary rules rel ating to Sale of goods and partnership. The developments of modern business world found the provisions contained in the Indian Contract Act inadequate to deal with the new regulations or give effect to the new principles. Subsequently the provisions relating to the sale of goods and partnership contained in the Indian Contract Act were repealed respectively in the year 1930 and 1932 and new enactments namely Sale of Goods and Movables Act 1930 and Indian Partnership act 1932 were re-enacted. At present the Indian Contract Act includes:General Principles of Law of Contract:::::: 1 to 75 Special kinds of Contracts (includes indemnity, guarantee, bailment & pledge::::::::::::::::::::::::::125 to 238 Definition Section 2(h) of the Act defines the term contract as â€Å"any agreement enforceable by law†. There are two essentials of this act, agreement and enforceability. Section 2(e) defines agreement as â€Å"every promise and every set of promises, forming the consideration for each other. † Again Section 2(b) defines promise in these words: â€Å"when the person to whom the proposal is made signifies his assent there to, the proposal is aid to be accepted. Proposal when accepted, becomes a promise. † And other words Say Agreement is Sum of all contract are agreement, but all agreement are not contract.. ?CONTRACT=AGREEMENT+ENFORCEABLE BY LAW( LAW) Essential Elements of a Valid Contract According to Section 10, â€Å"All agreements are contracts, if they are made by the free consent of the parties, competent to contract, for a lawful consideration with a lawful object, and not hereby expressly to be void. † Essential Elements of a Valid Contract are: 1.Proper offer and proper acceptance. there must be an agreement based on a lawful offer made by person to another and lawful acceptance of that offer made by the latter. section 3 to 9 of the contract act, 1872 lay down the rules for making valid acceptance 2. Lawful consideration: An agr eement to form a valid contract should be supported by consideration. Consideration means â€Å"something in return† (quid pro quo). It can be cash, kind, an act or abstinence. It can be past, present or future. However, consideration should be real and lawful. 3.Competent to contract or capacity: In order to make a valid contract the parties to it must be competent to be contracted. According to section 11 of the Contract Act, a person is considered to be competent to contract if he satisfies the following criterion: The person has reached the age of maturity. The person is of sound mind. The person is not disqualified from contracting by any law. 4. Free Consent: To constitute a valid contract there must be free and genuine consent of the parties to the contract. It should not be obtained by misrepresentation, fraud, coercion, undue influence or mistake. . Lawful Object and Agreement: The object of the agreement must not be illegal or unlawful. 6. Agreement not declared voi d or illegal: Agreements which have been expressly declared void or illegal by law are not enforceable at law; hence they do not constitute a valid contract. 7. Intention To Create Legal Relationships:- when the two parties enter in to an agreement,there must be intention to create a legal relationship between them †¦ if there is no such intention on the part of the parties .. there is no contract between them .. greements of a social or domestic nature do not contemplate legal relationship;as such they are not contracts. 8. Certainty, Possibility Of Performance 9. Legal Formalities 10. By surety Types of contracts On the basis of validity: 1. Valid contract: An agreement which has all the essential elements of a contract is called a valid contract. A valid contract can be enforced by law. 2. Void contract[Section 2(g)]: A void contract is a contract which ceases to be enforceable by law. A contract when originally entered into may be valid and binding on the parties. It may su bsequently become void. There are many judgments which have stated that where any crime has been converted into a â€Å"Source of Profit† or if any act to be done under any contract is opposed to â€Å"Public Policy† under any contract—than that contract itself cannot be enforced under the law- 3. Voidable contract[Section 2(i)]: An agreement which is enforceable by law at the option of one or more of the parties thereto, but not at the option of other or others, is a voidable contract. If the essential element of free consent is missing in a contract, the law confers right on the aggrieved party either to reject the contract or to accept it.However, the contract continues to be good and enforceable unless it is repudiated by the aggrieved party. 4. Illegal contract: A contract is illegal if it is forbidden by law; or is of such nature that, if permitted, would defeat the provisions of any law or is fraudulent; or involves or implies injury to a person or proper ty of another, or court regards it as immoral or opposed to public policy. These agreements are punishable by law. These are void-ab-initio. â€Å"All illegal agreements are void agreements but all void agreements are not illegal. † 5.Unenforceable contract: Where a contract is good in substance but because of some technical defect cannot be enforced by law is called unenforceable contract. These contracts are neither void nor voidable. On the basis of formation: 1. Express contract: Where the terms of the contract are expressly agreed upon in words (written or spoken) at the time of formation, the contract is said to be express contract. 2. Implied contract: An implied contract is one which is inferred from the acts or conduct of the parties or from the circumstances of the cases.Where a proposal or acceptance is made otherwise than in words, promise is said to be implied. 3. Quasi contract: A quasi contract is created by law. Thus, quasi contracts are strictly not contracts as there is no intention of parties to enter into a contract. It is legal obligation which is imposed on a party who is required to perform it. A quasi contract is based on the principle that a person shall not be allowed to enrich himself at the expense of another. On the basis of performance: 1. Executed contract: An executed contract is one in which both the parties have performed their respective obligation. . Executory contract: An executory contract is one where one or both the parties to the contract have still to perform their obligations in future. Thus, a contract which is partially performed or wholly unperformed is termed as executory contract. 3. Unilateral contract: A unilateral contract is one in which only one party has to perform his obligation at the time of the formation of the contract, the other party having fulfilled his obligation at the time of the contract or before the contract comes into existence. 4.Bilateral contract: A bilateral contract is one in whic h the obligation on both the parties to the contract is outstanding at the time of the formation of the contract. Bilateral contracts are also known as contracts with executory consideration. Offer Proposal is defined under section 2(a) of the Indian contract Act, 1872 as â€Å"when one person signifies to another his willingness to do or to abstain from doing anything with a view to obtain the assent of that other to such act or abstinence, he is said to make a proposal/offer†. Thus, for a valid offer,the party making it must express his willingness to do or not to do something.But mere expression of willingness does not constitute an offer. An offer should be made to obtain the assent of the other. The offer should be communicated to the offeree and it should not contain a term the non compliance of which would amount to acceptance. Classification of Offer 1. General Offer: Which is made to public in general. 2. Special Offer: Which is made to a definite person. 3. Cross Of fer: Exchange of identical offer in ignorance of each other. 4. Counter Offer: Modification and Variation of Original offer. 5. Standing, Open or Continuing Offer: Which is open for a specific period of time.The offer must be distinguished from an invitation to offer. Invitation to offer â€Å"An invitation to offer† is only a circulation of an invitation to make an offer, it is an attempt to induce offers and precedes a definite offer. Acceptance of an invitation to an offer does not result in formation of a contract and only an offer emerges in the process of negotiation. A statement made by a person who does not intend to bound by it but, intends to further act, is an invitation to offer. Acceptance According to Section 2(b), â€Å"When the person to whom the proposal is made signifies his assent thereto, the proposal is said to be accepted. Rules: 1. Acceptance must be absolute and unqualified. 2. Communicated to offeror. 3. Acceptance must be in the mode prescribed. 4. Acceptance must be given within a reasonable time before the offer lapses. 5. Acceptance by the way of conduct. 6. Mere silence is no acceptance. Silence does not per-se amounts to communication- Bank of India Ltd. Vs. Rustom Cowasjee- AIR 1955 Bom. 419 at P. 430; 57 Bom. L. R. 850- Mere silence cannot amount to any assent. It does not even amount to any representation on which any plea of estoppel may be founded, unless there is a duty to make some statement or to do some act 7. ffree and offerer must be consent Lawful consideration According to Section 2(d), Consideration is defined as: â€Å"When at the desire of the promisor, the promisee has done or abstained from doing, or does or abstains from doing, or promises to do or abstain something, such an act or abstinence or promise is called consideration for the promise. â€Å"Consideration† means to do something in return. In short, Consideration means quid pro quo i. e. something in return. An agreement must be supported by a lawful consideration on both sides. The consideration or object of an agreement is lawful, unless and until it is: forbidden by law, or s of such nature that, if permitted, it would defeat the provisions of any law, or is fraudulent, or involves or implies injury to the person or property of another, or the court regards it as immoral, or opposed to public policy. consideration may take in any form-money,goods, services, a promise to marry, a promise to forbear etc. Contract Opposed to Public Policy can be Repudiated by the Court of law even if that contract is beneficial for all of the parties to the contract- What considerations and objects are lawful and what not-Newar Marble Industries Pvt.Ltd. Vs. Rajasthan State Electricity Board, Jaipur, 1993 Cr. L. J. 1191 at 1197, 1198 [Raj. ]- Agreement of which object or consideration was opposed to public policy, unlawful and void- – What better and what more can be an admission of the fact that the consideration or object o f the compounding agreement was abstention by the board from criminally prosecuting the petitioner-company from offence under Section 39 of the act and that the Board has converted the crime into a source of profit or benefit to itself.This consideration or object is clearly opposed to public policy and hence the compounding agreement is unlawful and void under Section 23 of the Act. It is unenforceable as against the Petitioner-Company. Competent to contract Section 11 of The Indian Contract Act specifies that every person is competent to contract provided: 1. He should not be a minor i. e. an individual who has not attained the age of majority i. e. 18 years. 2. He should be of sound mind while making a contract. A person with unsound mind cannot make a contract. 3. He is not a person who has been personally disqualified by law. 4. not pardanashin women.Free Consent According to Section 14, † two or more persons are said to be consented when they agree upon the same thing in the same sense (Consensus-ad-idem). A consent is said to be free when it is not caused by coercion or undue influence or fraud or misrepresentation or mistake. Elements Vitiating free Consent 1. Coercion (Section 15): â€Å"Coercion† is the committing, or threatening to commit, any act forbidden by the Indian Penal Code under(45,1860), or the unlawful detaining, or threatening to detain, any property, to the prejudice of any person whatever, with the intention of causing any person to enter into an agreement. . Undue influence (Section 16): â€Å"Where a person who is in a position to dominate the will of another enters into a contract with him and the transaction appears on the face of it, or on the evidence, to be unconscionable, the burden of proving that such contract was not induced by undue influence shall lie upon the person in the position to dominate the will of the other. † 3.Fraud (Section 17): â€Å"Fraud† means and includes any act or concealment o f material fact or misrepresentation made knowingly by a party to a contract, or with his connivance, or by his agent, with intent to deceive another party thereto of his agent, or to induce him to enter into the contract. 4. Misrepresentation (Section 18): † causing, however innocently, a party to an agreement to make a mistake as to the substance of the thing which is the subject of the agreement†. 5.Mistake of fact (Section 20): â€Å"Where both the parties to an agreement are under a mistake as to a matter of fact essential to the agreement, the agreement is void†. Performance Of Contracts The promise under a contract can be performed, as the circumstances may permit, by the promisor himself, or by his agent or his legal representative. 1. Promisor himself: â€Å"The contracts which involve the exercise of personal skill must be performed by the promisor himself. 2. Agent: â€Å"Where personal skill is not required, the promisor may appoint his agent to perf orm it. . Representatives: â€Å"On the death of the promisor, the legal heirs of the promisor must perform the contract unless a contrary intention appears in the contract. (section 37) 4. Third persons: â€Å"When a promisee accepts performance from a third person, he cannot afterwards enforce it against promisor†. 5. Joint promisors: â€Å"When two or more persons have made a joint promise, all such persons must jointly fulfil the promise, unless a contrary intention appears from it†. AgencyIn law, the relationship that exists when one person or party (the principal) engages another (the agent) to act for him, e. g. to do his work, to sell his goods, to manage his business. The law of agency thus governs the legal relationship in which the agent deals with a third party on behalf of the principal. The competent agent is legally capable of acting for this principal vis-a-vis the third party. Hence, the process of concluding a contract through an agent involves a two fold relationship.On the one hand, the law of agency is concerned with the external business relations of an economic unit and with the powers of the various representatives to affect the legal position of the principal. On the other hand, it rules the internal relationship between principal and agent as well, thereby imposing certain duties on the representative (diligence, accounting, good faith, etc. ). Under section 201 to 210 an agency may come to an end in a variety of ways: (i) By the principal revoking the agency – However, principal cannot revoke an agency coupled with interest to the prejudice of such interest.Such Agency is coupled with interest. An agency is coupled with interest when the agent himself has an interest in the subject-matter of the agency, e. g. , where the goods are consigned by an upcountry constituent to a commission agent for sale, with poor to recoup himself from the sale proceeds, the advances made by him to the principal against the security of the goods; in such a case, the principal cannot revoke the agent’s authority till the goods are actually sold, nor is the agency terminated by death or insanity. Illustrations to section 201) (ii) By the agent renouncing the business of agency; (iii) By the business of agency being completed; (iv) By the principal being adjudicated insolvent (Section 201 of The Indian Contract Act. 1872) The principal also cannot revoke the agent’s authority after it has been partly exercised, so as to bind the principal (Section 204), though he can always do so, before such authority has been so exercised (Sec 203).Further, as per section 205, if the agency is for a fixed period, the principal cannot terminate the agency before the time expired, except for sufficient cause. If he does, he is liable to compensate the agent for the loss caused to him thereby. The same rules apply where the agent, renounces an agency for a fixed period. Notice in this connection that want of skill con tinuous disobedience of lawful orders, and rude or insulting behavior has been held to be sufficient cause for dismissal of an agent.Further, reasonable notice has to be given by one party to the other; otherwise, damage resulting from want of such notice, will have to be paid (Section 206). As per section 207, the revocation or renunciation of an agency may be made expressly or impliedly by conduct. The termination does not take effect as regards the agent, till it becomes known to him and as regards third party, till the termination is known to them (Section 208). When an agent’s authority is terminated, it operates as a termination of subagent also. (Section 210)

Thursday, August 29, 2019

A comparison of two media articles Essay Example for Free

A comparison of two media articles Essay ? The Daily Express and The Independent write about the same event, England’s 2-0 victory over Greece in one of England’s world cup qualifier matches. It is obvious from looking at the articles that they are set out and written differently, this is because of their target audiences. The Independent is a more formal newspaper in A2 size, aimed at the more educated person. It is generally read by people in the social groups of A, B and C1, this includes people such as doctors, policemen and other such skilled workers. The Daily Express however is a much less formal newspaper, in A3 size, its target audience are people who are generally less educated and belong in the social groups of C1 and C2, people like builders, receptionists and other unskilled workers. The Daily Express’ article dominates the entire back page with very little else but a small sub article and some small adverts, the Daily Express sets it out in this way to attract its readers to the paper and article, it is bold and stands out. The Independent is different in this as the article takes up roughly half of the page, with enough room to have another article on the same page this is because of its much larger page. The Independent does not use big bold headlines or make it to try and attract the reader into the story; instead they set the article out in a more professional form making it look elegant and neat. This is done as The Independents readers do not want to be enticed into reading an article just because it looks attractive and stands out, they will read what is of interest to them and for content of the story. The Daily Express however uses the bold headlines and dominating layout to attract it’s readers into the article and paper. The Daily Express includes two pictures in its article, one for the main article of the match and the other one shows the gossip of the match. The Daily Star does this as their readers like pictures to attract them to the story and also like to read about the gossip as well, in this case the bottles being thrown at David Beckham’s head. The picture for the main article that the Daily Star chooses to show is that of David Beckham celebrating his goal, however they have blocked everything else out of the picture and just have David shown with a bold black outline. The picture is laid out across the page in an untidy fashion making it bolder and more attracting to its reader. This is done as the readers of the paper recognise David as a big celebrity and so want to read what is said about him. The Independent however is very different it has only one picture; it dominates the article but is set out in a square as a neat part of the article. The picture is the same as Daily stars however it is much broader as it shows more than just David Beckham; it is left showing us the stadium and the crowd’s celebrations. The chooses to do this as its readers prefer a much more in depth view as to what has happened when reading their articles, with this they can see the sort of atmosphere there would have been in the Stadium. The Daily Express uses a type of language typical of most tabloid newspapers, but not usually seen in broadsheet newspapers; puns, a play on words. The Daily Express uses pun in the headline of its article which focuses solely on David Beckham. The headline is â€Å"Haircules†, deriving from the ancient Greek God of Hercules, a mighty, strong warrior. The Daily Express has done this as it shows David Beckham as the mighty warrior of the football match. The beginning part â€Å"Her†, has been altered to â€Å"Hair† to apply more to David Beckham and his famous, forever changing hair cut. The Daily Express uses war imagery; the writer uses words, phrases and sentences which compare the football match to a bloody battle or war. The sub header is a great example of this war imagery language with the phrase â€Å"cool under fire†. We would more often than not associate this sort of term with a soldier who had kept his cool whilst being shot at, however in this case it has been changed to describe an aspect of the football match. Also, â€Å"missiles†, â€Å"victory† and â€Å"stoop to conquer† are more war imagery terms which the writer has used to elevate the match and make it seem more exciting. The Independent has not used war imagery as this is a very convincing language, the paper would much rather its readers made up their own minds rather than have them made for them. Sentence Length, sentence structure and sentence variety are another three things which sets these two articles apart. Whereas the Daily Express uses very simple, basic, short sentence structures The Independent uses longer more complex sentence structures which appeal more to its readers. The Daily express does not break down its sentences with punctuation, punctuation is very basic in this article for example, take the opening sentence of each, â€Å"Skipper David Beckham provided the perfect answer to the Greek thugs who targeted him last night with missiles as he curled in the free kick which put the seal on victory in Athens and kept England’s world cup hopes alive†, not a single comma is used to break down that very large sentence. ‘†Bring on the Germans† was the cry from the sunburned, shaven-headed masses in the northern arc of the Spiro Louis Stadium last night and there would not have been a single man in the England dressing room who would disagree’, in this the Independents the sentence is broken down by a quote and comma. Both of the articles input interviews from David Beckham; they are very similar but The Independents comments contain better vocabulary as to appeal more to its readers. The Independent inputs phrases such as â€Å"the importance of maintaining our discipline†, so that the comments appear more intellectual and appeal more to its readers. The Daily Express however writes this comment as â€Å"It was important we kept our discipline†, keeping the phrase more simple, so that it’s less sophisticated readers are not put off by complex language. The independent also contains much more dialogue than the Daily Express, this is because the Independent would like to get across as many view points as possible on the match, so that it’s readers can think for themselves and come to their own decision on the what kind of match the game was. In conclusion both of the articles are effective for their different readers. The Daily Express writes more basically and writes more about gossip and facts to appeal to its lesser educated readers. With bold headlines and the picture of David Beckham the paper is going to sell as it attracts its readers. The Independent is very different, it is much more factual, it’s more educated readers are less interested in the gossip and would rather read the facts. The article contains a lot of dialogue and refrains from using war imagery, presenting different view points enabling the reader to make their own decision on the match. A comparison of two media articles. (2017, Aug 04).

Wednesday, August 28, 2019

Business Letter Essay Example | Topics and Well Written Essays - 1000 words

Business Letter - Essay Example Greenhouse gases like carbon monoxide are the main cause of global warming. This global warming is presently the greatest threat to our planet Earth. The per capita consumption of paper is high around the world. The Americans lead the pack with average per capita consumption of around 700 pounds per year. 42% of the world’s wood harvest is used by the paper industry. The paper industry is actually one of the largest contributors to greenhouse gas emissions. It contributes more than 9% to the greenhouse gas emissions of the manufacturing industry. In a country like United States, the paper industry is the fourth largest emitter of greenhouse gases. Paper accounts for approximately 30% of all landfill waste. Paper accounts for one third of all municipal waste. Municipal waste accounts for more than 30% of emission of methane. Methane is three times more potent greenhouse gas than carbon dioxide. Cutting down of paper use by even 10% would result in reduction of emission of greenhouse gases by many million tones. The increasing use of recycled paper has offered some respite from the environmentally adverse impact of using paper. However, the demand for recycled paper is expected to exceed the supply by 1.5 million tones of recycled paper by 2017. However, the use of recycled paper is minimal in the printing and writing paper industry. With the growth of emerging economies like Brazil, India, Russia and China, the demand for paper has increased even more. According to some studies the pulp and paper industry may be contributing more to the global and local environmental problem than most industries of the world. The manufacturing of paper requires cutting down of rich forests, pollution in waterways and destruction of natural habitat for many endangered wildlife species of the world. Besides this, paper mills also generate greenhouse gases and also some

Tuesday, August 27, 2019

Ethical Clinical Research Essay Example | Topics and Well Written Essays - 2500 words

Ethical Clinical Research - Essay Example Meeting the diverse needs of these stakeholders generates a number of questions and sometimes conflicts about responsibilities and values, where the most important philosophical need would be to carry out research in a way sensitive to the needs of participants in the field (Chadwick and Tadd, 1992, 7-63). Some basic issues in research ethics centre on special levels of protection and aid for vulnerable and disadvantaged parties, when a research is contemplated involving their participation. These issues cut across clinical ethics, public health ethics and research ethics (Nursing and Midwifery Council, 2002a). When individuals lack the ability to select the approach that would be most consistent with their values and preferences, it is inappropriate to give them control over their consent to a research (Royal College Of Nursing Research Society, 2004). Vulnerable persons usually need the protection of a trustworthy individual to make decisions on their behalf. The capacity evaluation is essential to determine whether autonomy or protection is the appropriate governing principle in particular cases (Broome, 1999, 96-103). Ethical and Legal Principles in Research To make autonomous choices, people must have certain abilities, and there is agreement on the basic features of decisional capacity. It has been mentioned that four abilities are central, the ability to communicate a choice; the ability to understand relevant information; the ability to appreciate how this information applies to one's current and future situation; and the ability to give comprehensible reasons for a decision (Noble-Adams, 1999, 888-892). Simple mental status assessments may furnish preliminary guidance; they are insufficient to determine whether someone is able to make autonomous decisions about participating in research. This is more so if the person is being treated for some mental reasons, and research involving these persons are very common (Polit, Becks, & Hungler, 2001, 143-160). Therefore, it is necessary to evaluate decisional capacity in the context of the specific research situation at hand. Decision-making capacity should be assessed through a discussion o f the facts relevant to the particular choice facing a patient. At the least, patients should demonstrate the ability to understand the goals, potential benefits and risks of a proposed research, and should be able to express a reasonably stable choice as well (Manning, 2006, 35-47). Consent and Informed Consent Often, in research, it is insufficient to obtain the cooperation of prospective study participants alone. If the sample includes children, mentally incompetent people, or senile individuals, it would be necessary to secure the permission of parents or guardians. From that point of view, a research problem may not be feasible because the investigation of the problem would pose unfair or unethical demands on participants. The ethical responsibilities of researchers should not be taken lightly (Noble-Adams, 199

Monday, August 26, 2019

Compare the efficiency outcomes of the model of perfect competition Essay

Compare the efficiency outcomes of the model of perfect competition with that of monopoly markets. Discuss and evaluate the gove - Essay Example Perfect Competition Perfect competition is a model of market structure which attains what can one call efficient distribution of scarce resources. Such efficient allocation is attained due to the profit-maximizing level of goods manufactured by a seamlessly aggressive company results in the marginal cost and price becoming equal (Stigler 1957). As far as short run is concerned, this includes the short-run marginal cost and price being equal. On the other hand, in the longer duration this is observed with the parity between price and long-run marginal cost. In the short run the production of a homogenous product being produced by many other firms is efficient since the price is the same as marginal cost (Mankiw 2003). In other words the worth of the homogeneous product manufacturing is equivalent to the marginal cost of sacrificed satisfaction. Perfect competition creates efficient allocation of resources in the long run also. The long-run fine-tuning of companies arriving and leaving the industry as each of the companies in the business maximizes profits hence creating the subsequent long-run equilibrium state: P = SRMC = LRMC = SRAC = LRAC (Latzko 2012) Graphs above are showing perfect competition. ... Since consumer does not have any other options he or she is faced to buy from the single supplier. Economists recognize several ways of measuring or talking about the ways economies may be efficient; some of the most common include efficiency of scale, productive efficiency, technical efficiency, allocated efficiency, dynamic efficiency and social efficiency (Pindyck and Rubinfeld 2008). Efficiency types are not mutually exclusive; more than one can describe a market or economy. (Web-books 2012) Graph above is showing monopoly market determination of profit. Efficiency of Scale When a producer makes more of something, usually the expense of manufacturing per unit falls. There is limit to this effect; eventually, producing a greater quantity will no longer pay off. When production approaches this limit, there exists efficiency of scale (McConnell, Brue and Flynn 2011). Productive Efficiency Productive efficiency is achieved when a producer uses the least amount of resources to produce goods or services relative to others. The manufacturer might attain this by taking advantage of economies of scale or by utilizing the benefit of having the most helpful manufacturing technology, the lowest paid workers or negligible manufacturing waste. Technical Efficiency A prerequisite for allocative efficiency, technical efficiency describes production that has the least likely opportunity cost. Material and labor resources are not wasted in the production of goods or services in technically efficient production. When it's achieved, technical efficiency allows for but doesn't guarantee allocative efficiency. Allocative Efficiency When a society's value for a certain good or service (the amount they pay for it) is in equilibrium with the cost of

Sunday, August 25, 2019

The Inductive Argument from Evil and the Human Cognitive Condition Essay

The Inductive Argument from Evil and the Human Cognitive Condition - Essay Example The main goal of this paper is to delineate the inductive argument article of Alston and to critically analyze his arguments about the problem of evil, the principles related to skeptical theism, and if a logical argument of evil can be made possible. This world that we are living in is comprised of a very large extent of suffering. However, classical theism asserts that this world is made possible because of the creation of an omniscient, omnipotent, all seeing, and perfect God. The big question mark here is that why would this all powerful and gentle God develop a world that would include a bunch load of suffering? It is quite antagonistic in the sense that the concept of suffering is paired with good will and love. If it is an omniscient entity, the there should be no small bit of suffering in existence on the lands we are stepping in. Undoubtedly, suffering can be highly accredited to evil, that is, it is a bad thing. And this issue regarding the problem of evil was the principal issue in the empirical and inductive argument of Alston. The considerations regarding the problem of evil was the key variable into the establishment of the philosophical argument oftentimes called the argument from evil. As based on the introductory stages of the article, arguments can come from two different forms namely the deductive reasoning wherein its goal is to establish in a convincing fashion beyond any reasonable doubt, a God does not exist. On the other hand, its inductive reasoning counterpart seeks to promote an ideology that it is very implausible that a God exists to the point that it is beyond consciousness about believing of that God’s existence. Before discussing in detail about the inductive argument of evil and non-existence of God, it would be wise to have a brief account about the deductive version of the argument of evil to gain a

Character Analysis Essay Example | Topics and Well Written Essays - 750 words - 7

Character Analysis - Essay Example The character of juror number 8 can be recognized as a person who is very creative. The name of Juror # 8 is Fonda and he belongs to the field of architecture. The profession he is working in is alone enough to categorize his as a creative individual. This is because in the field of architecture an individual is responsible for designing structures that are physical in nature. Architects are individuals involved in the area of creating buildings and designing homes and they have to be creative in their work in order to create new and improved designs (Puccio 346). Another reasons due to which he can be referred to as a creative individual is that he has tremendous amount of experience in his field. Within the movie he can be witnessed performing various acts that reiterate the fact the he is quite a creative individual. For example while solving the mystery of whether the boy killed his father or not, he develops a blue print of the room in which the father was living. Furthermore, h e even tries to defend the boy my measuring the area that the father had travelled to open the door of his room. Fonda is a person who can be referred to as an individual who prefers making decisions in an ethical manner. There are various theories that help in identifying whether a person and his actions are ethical or unethical. One such theory is the ethical decision making theory of utilitarianism. The theory argues that individuals and their decisions and action can be categorized as ethical if he makes decision while ensuring the his decisions lead to the benefit of the entire society and not just a few members of the society (Puccio 24). If his actions and decisions are considered under the light of utilitarianism, he can be considered as an ethical person. This is because unlike other individuals, he ignored his own self-interest and gave precedence to the interest of the young boy. Due to his action of questioning the

Saturday, August 24, 2019

The historic Development of Chinese Private International Law Article

The historic Development of Chinese Private International Law - Article Example Following the enactment of the process of reform and the opening-up in 1978, the destiny of China has never been the same. For the last three decades, China has realized progress on an unprecedented magnitude. Its economy is skyrocketing as the legal system undergoes continuous improvements. We can deduce that it is the reform policy coupled with the opening up that has attracted the international community to China. This guiding principle has also enabled China to familiarize itself and have an understanding of the international arena2. Within the last three decades, China has also witness a tremendous development in its legal academy, an impact of which much greater research and high number of improved performances have been encouraged and promoted. A case in point is the development of private international law. The nation’s private international legal structure has turned out to be more comprehensive, efficient and effective, especially in view of the actualization of Chapter IX of the draft Civil Code. It is possible to project with certainty that in the few years to come, the Chinese private international legal structure will be one of the most popular systems in the planet, with respect to both structure and composition3. The inception and growth of law and the social context within which it exists are inseparable. The things that private international law oversees are the international civil and commercial legal link. As such, its occurrence and progress cannot be realizable without clear-cut state policy together with a social environment in under which the Chinese can enjoy equal interaction with the international community. Since 1949, a period when new China was formed, to 1978, owing to historical reasons, China was in a comparatively confined social environment4. It was not possible for the nation’s private international law to advance

Friday, August 23, 2019

What factors make Switzerland an attractive option for European Dissertation

What factors make Switzerland an attractive option for European commercial real estate investors - Dissertation Example The research aims to investigate what factors make Switzerland an attractive option for European Commercial Real Estate investors. The study will take in consideration those factors in order to understand which type of commercial real estate will be more profitable.The research is based on both primary and secondary data. Primary data will be collected via a mixed method approach. Firstly the author will use an inductive approach to make four semi-structured (exploratory) interviews with individuals working for â€Å"Compagnie des Parcs† (a young commercial real estate company based in Switzerland). The questions will mainly emphasize on the factors that makes Switzerland attractive for European investors. In a second phase, based on the interviews, an inductive approach will be used to create a short survey, which will be forwarded to a few individuals, all covering a particular aspect of the industry. In addition, a case study examining property deals made by Compagnie des P arcs will be assessed. The secondary data will be collected through books, articles, market reports, past dissertations and online sources. The data will be analyzed via different models such as the Grounded Theory for the Qualitative data or the SSPS software for the quantitative data. Hypothesis –Switzerland is an attractive option for European investors. Warehouses and elderly ONE DOESN’T USE ELDERLY FOR HOUSES IN ENGLISH – OLDER? houses are both interesting type of commercial real estate to invest in. Although offices are good alternatives, it does not offer such a high profitability. Because interest rate is extremely low those investors benefit from cheap money and thus high leverage opportunities. In addition, the country is in close proximity to Europe but does not belong to the Euro zone that is forecasted to worsen in regards to its economy. THIS IS NOT WHAT A HYPOTHESIS IS. PLEASE CHECK THIS IS YOUR TEXT BOOK – IT HAS TO BE A STATEMENT WHICH IS OPEN TO BE TESTED Value – This study, which has not been assessed before will fill an important gap for commercial real estate investors. It will add knowledge to a currently under studied area. The research will also help investors in identifying rapidly which factors are essential to evaluate in order to maximize the profit and reduce the risk of future investment. In addition, this study will be important to understand that real estate business cycle cannot be disregarded when entering the market. AT THIS STAGE IT ISN’T CLEAR TO ME WHAT THE RQ IS. YOU HAVE MADE AN ASSUMPTION THAT S. IS ATTRACTIVE AND GIVEN SOME REASONS WHY THIS SHOULD BE SO – BUT WHAT EXACTLY ARE YOU TESTING? THAT IT IS ATTRACTIVE? COMPARED WITH WHAT? IS THIS A TEMPORAL STUDY – LOOKING AT SWITZERLAND IN DIFFERENT PERIODS? A COMPARISON WITH THE RELATIVE ATTRACTION OF OTHER COUNTRIES? HOW ARE YOU GOING TO DEFINE ATTRACTION? HOW ARE YOU GOING TO MEASURE IT? IS A CASE STUDY APPROPRIATE IN THIS SITUATION? Table of Contents Acknowledgements 2 Abstract 3 Background 7 The objectives and purpose of the project 9 The justification for the project 10 The research question 11 literature REVIEW 12 Definition of REAL estate 12 Types of real estate 12 Why invest in real estate 13 Supply and demand in real estate market 13 Cobweb theories 13 Business cycle 14 Real estate cycle 15 Investment strategies 16 Return on investment 17 STEPS in the investment decision process 17 Bibliography 33 Appendix 36 Interviews: 36 The four Sub-market: 43 The user market 43 The Financial Assets market: 44 The Development Market 45 The Land Market 45 The cobweb theory 46 Background In today’s economic context, it is becoming more and more difficult to understand financial trends and currency fluctuations. It was just a few years ago for instance that the Euro was seen has a powerful currency soon to overtake the dollar. Nowadays, economists are anticipating the collapse of this currency and the

Thursday, August 22, 2019

Seiu-Caw Dispute Essay Example for Free

Seiu-Caw Dispute Essay I do not believe it had such a big effect on democracy as even when the vote was held 10,000 workers voted 92% in favor of joining the CAW which shows that democracy was still implemented by them holding a vote and 92% wanting to join the CAW. 3. Some of the damages the Canadian labour union might suffer due to disputes such as this are international alliances between unions could be hurt if the international unions are not able to trust their locals for support and their backing in all situations. Also with more Canadian unions starting to move toward national unions instead of international unions disputes such as this might slow the switch down once they see the challenges and possible repercussions they face from breaking away from the international unions. Disputes like this can also have an effect on gaining new members into unions and many individuals may see these disputes as unwanted and something can occur if they join a union which might persuade them to not consider joining. 5. National autonomy from International parent unions has to deal with local unions gaining independence to make their own decisions, apart from the decisions being made by a parent union outside the country which usually does not understand the demands and wants of the local union members and uses strategies and polices that are effective in their country which might not be effective in Canada. A local union can gain autonomy from their International parent by instituting and governing some of their own policies that are more representative of the local members that they represent. A local union can also join a district labour council which functions to advance the interests of the labour movement at the local and municipal level whereas the international parent union probably does not understand the issue at the local level. If the local union implements these strategies they can enjoy some autonomy from their international parent union while still enjoying some of the benefits of the parent union such as the specialists they usually have in different areas such as bargaining and grievances and in training programs available to their members.

Wednesday, August 21, 2019

Impact of Cultural Background on Domestic Violence

Impact of Cultural Background on Domestic Violence Domestic violence is an issue which occurs across all cultures, religions, ages, genders and in all countries. It affects many individuals and occurs in many various forms including physical, verbal, emotional and psychological abuse. Domestic violence has a range of definitions and there is no official globally agreed upon official definition to explain it, however in terms of the UK a commonly accepted definition of domestic violence provided by The Association of Chief Police Officers’ (ACPO) and The Crown Prosecution Service (CPS) defines domestic violence as â€Å"Any incident of threatening behaviour, violence or abuse (Psychological, physical, sexual, financial or emotional) between adults aged 18 and over, who are or have been intimate partners or family members, regardless of gender or sexuality (family members are defined as mother, father, son, daughter, brother, sister and grandparents, whether directly related, in-laws, or step-family)† (ACPO, 2008a: 7). This research project will investigate and explore the different aspects of a victim’s cultural background which may offer knowledge and insight as to why women in a domestically abusive relationship choose to not leave or seek any help or advice. For the purpose of this study, a qualitative approach was carried out, using open ended interviews with former victims of domestic abuse as a method to gather and analyse data. By conducting open ended interviews, direct access was gained into the experiences and perspectives of the individuals whom were interviewed. It provided further use by assisting in understanding the topic and collectively gathering an in-depth exploration and depiction (Silverman, 2010). This particular topic is explored and researched since it has been a much neglected area of research within academic literature for a long time and has not been explored in much depth in relation to a cultural view and perspective. Literature on the cultural context of domest ic violence has been limited until recently (Kulwicki, 2002). Furthermore, this area is quite under researched and is hence a topic which needs broadening and developing upon in several ways and thus it may offer insight into the issues needed to be addressed and the implications this has for policy makers and practitioners. Rather than exploring other commonly researched aspects relating to domestic abuse, instead a different focus is researched into the exploration of the obstacles that prevent victims’ inaction and how cultural pressures affect this process. Factors such as religious beliefs, cultural traditions and attitudes, social networks, and help-seeking behaviours all affect how a victim will take action against domestic abuse (Shiu-Thornton, Senturia, Sullivan, 2005). In particular, the religious backgrounds in South Asian culture have been quite neglected and under researched, often overlooking Sikh and Hindu communities. The research relating to religious backgr ounds of victims of domestic abuse is quite limited, therefore more insight will be provided to address this issue and to shed some light on this focus. Although there has been much previous research carried out on domestic violence in the past, the work that has been carried out based on a cultural perspective is quite limited. In relation to research on domestic violence and South Asian culture, there has not been a lot of exploration or depth in this area, and the research that has been done in regards to this specific topic is mainly based on US context and on immigrant women of South Asian background. Therefore this is not as relevant to the UK and British Asian women, thus this research study will address this topic and expand upon the current literature and research. Furthermore, there are also no studies of domestic violence in UK South Asian communities that provide statistics of the occurrence of domestic violence within this community, which is a major limitation that needs to be addressed. Statistics and data on this area would be highly beneficial and would show what problems or issues need to be addressed and what the m ain concerns are so that policy makers and practitioners can do their best to solve any current issues. Also, there have been no current literature or studies that have been conducted in this topic to keep it updated in general. Most of the work that has been done is from a few years back and the statistics provided from studies in America on domestic violence in South Asian culture is from a decade ago or more which shows that statistics and data on this type of abuse in South Asian communities needs to be updated and kept current to contemporary times. Thus, this research study will provide a more contemporary exploration and analysis of domestic abuse in South Asian communities, which will be based on UK context. The research that has been carried out in this study is important as it will contribute to its field of research and expand and develop upon a more specific area of domestic abuse. It will better and improve upon the topic of domestic abuse in more depth relating to a cultural perspective, including religious aspects and perspectives as well. This research is thus important to the topic of domestic abuse since it engages in a more focused and specific view of the topic of domestic abuse. This research will show the perspectives of South Asian culture and the religions within this culture on the status and role of women and its views on domestic abuse. Furthermore, it will show how this culture may present obstacles to those in domestically abuse relationships to seek help or leave their violent situation. The research focus that has been conducted is interesting as it studies and delves into the cultural aspects of victims of domestic abuse and how this may prevent them from leaving or hesitating to seek help; hence this study will fill in the gaps of academic literature and research by exploring this specific approach and will offer more understanding and knowledge to its field of research. In this research study, religion in South Asian culture is also explored to see if it has any effect on women who are in domestically abusive relationships or to see if it plays a contributory role for women to take action in domestically abuse relationships. This research study includes qualitative data in the form of interviews which were mostly conducted at South Asian refuges for victims of domestic abuse, and by which access was successfully granted. These interviews were based on the experiences of three women of South Asian cultural background who were former victims of domestic abuse. The three women who were interviewed were of Sikh and Hindu religious backgrounds; two of the women were Sikh, whilst the other was Hindu. All three women voluntary consented to be a part of this study and thus provided details and a background of their individual experiences of their former situations and the barriers they faced when deciding to take action. They also provided an account of their cultural traditions and attitudes which may have played a contributing role in their situations and their experiences. This research study will include and provide a literature review of the topic of domestic abuse, focusing on South Asian cultural views and perspectives of the status of women and its perception of domestic violence. This will also encompass religious stances of domestic violence as well, focusing on both Sikh and Hindu religion. Next, it will provide information on the methodology that was carried out and adopted in this research study. This section will also include and discuss the advantages, weaknesses and limitations of the approach used and the research method that was implemented. Then, it will provide a summary and detail of the findings and analysis of the data, using thematic analysis to establish the common themes which have arisen in the interviews. Finally, there will be a conclusion to finish with, which will provide an overall summary of the findings of the research study. It will also discuss the implications of the findings and how this relates to policy makers and p ractitioners.

Tuesday, August 20, 2019

Technology for Network Security

Technology for Network Security 2.0 CHAPTER TWO 2.1 INTRODUCTION The ever increasing need for information technology as a result of globalisation has brought about the need for an application of a better network security system. It is without a doubt that the rate at which computer networks are expanding in this modern time to accommodate higher bandwidth, unique storage demand, and increase number of users can not be over emphasised. As this demand grows on daily bases, so also, are the threats associated with it. Some of which are, virus attacks, worm attacks, denial of services or distributed denial of service attack etc. Having this in mind then call for swift security measures to address these threats in order to protect data reliability, integrity, availability and other needed network resources across the network. Generally, network security can simply be described as a way of protecting the integrity of a network by making sure authorised access or threats of any form are restricted from accessing valuable information. As network architecture begins to expand, tackling the issue of security is becomes more and more complex to handle, therefore keeping network administrators on their toes to guard against any possible attacks that occurs on daily basis. Some of the malicious attacks are viruses and worm attacks, denial of service attacks, IP spoofing, cracking password, Domain Name Server (DNS) poisoning etc. As an effort to combat these threats, many security elements have been designed to tackle these attacks on the network. Some of which includes, firewall, Virtual Private Network (VPN), Encryption and Decryption, Cryptography, Internet Protocol Security (IPSec), Data Encryption Standard (3DES), Demilitarised Zone, (DMZ), Secure Shell Layer (SSL) etc. This chapter starts by briefly discussi ng Internet Protocol (IP), Transmission Control Protocol (TCP), User datagram Protocol (UDP), Internet Control Message Protocol (ICMP), then discussed the Open system interconnection (OSI) model and the protocols that operate at each layer of the model, network security elements, followed by the background of firewall, types and features of firewalls and lastly, network security tools. 2.2 A BRIEF DESCRIPTION OF TCP, IP, UDP AND ICMP 2.2.1 DEFINITION Going by the tremendous achievement of the World Wide Web (internet), a global communication standard with the aim of building interconnection of networks over heterogeneous network is known as the TCP/IP protocol suite was designed (Dunkels 2003; Global Knowledge 2007; Parziale et al 2006). The TCP/IP protocol suite is the core rule used for applications transfer such as File transfers, E-Mail traffics, web pages transfer between hosts across the heterogeneous networks (Dunkels 2003; Parziale et al 2006). Therefore, it becomes necessary for a network administrator to have a good understanding of TCP/IP when configuring firewalls, as most of the policies are set to protect the internal network from possible attacks that uses the TCP/IP protocols for communication (Noonan and Dobrawsky 2006). Many incidents of network attacks are as a result of improper configuration and poor implementation TCP/IP protocols, services and applications. TCP/IP make use of protocols such as TCP, UDP, IP, ICMP etc to define rules of how communication over the network takes place (Noonan and Dobrawsky 2006). Before these protocols are discussed, this thesis briefly looks into the theoretical Open Systems Interconnection (OSI) model (Simoneau 2006). 2.2.2 THE OSI MODEL The OSI model is a standardised layered model defined by International Organization for Standardization (ISO) for network communication which simplifies network communication to seven separate layers, with each individual layer having it own unique functions that support immediate layer above it and at same time offering services to its immediate layer below it (Parziale et al 2006; Simoneau 2006). The seven layers are Application, Presentation, Session Transport, Network, Data, Link and Physical layer. The first three lower layers (Network, Data, Link and Physical layer) are basically hardware implementations while the last four upper layers (Application, Presentation, Session and Transport) are software implementations. Application Layer This is the end user operating interface that support file transfer, web browsing, electronic mail etc. This layer allows user interaction with the system. Presentation Layer This layer is responsible for formatting the data to be sent across the network which enables the application to understand the message been sent and in addition it is responsible for message encryption and decryption for security purposes. Session Layer This layer is responsible for dialog and session control functions between systems. Transport layer This layer provides end-to-end communication which could be reliable or unreliable between end devices across the network. The two mostly used protocols in this layer are TCP and UDP. Network Layer This layer is also known as logical layer and is responsible for logical addressing for packet delivery services. The protocol used in this layer is the IP. Data Link Layer This layer is responsible for framing of units of information, error checking and physical addressing. Physical Layer This layer defines transmission medium requirements, connectors and responsible for the transmission of bits on the physical hardware (Parziale et al 2006; Simoneau 2006). 2.2.3 INTERNET PROTOCOL (IP) IP is a connectionless protocol designed to deliver data hosts across the network. IP data delivery is unreliable therefore depend on upper layer protocol such as TCP or lower layer protocols like IEEE 802.2 and IEEE802.3 for reliable data delivery between hosts on the network.(Noonan and Dobrawsky 2006) 2.2.4 TRANSMISSION CONTROL PROTOCOL (TCP) TCP is a standard protocol which is connection-oriented transport mechanism that operates at the transport layer of OSI model. It is described by the Request for Comment (RFC) 793. TCP solves the unreliability problem of the network layer protocol (IP) by making sure packets are reliably and accurately transmitted, errors are recovered and efficiently monitors flow control between hosts across the network. (Abie 2000; Noonan and Dobrawsky 2006; Simoneau 2006). The primary objective of TCP is to create session between hosts on the network and this process is carried out by what is called TCP three-way handshake. When using TCP for data transmission between hosts, the sending host will first of all send a synchronise (SYN) segment to the receiving host which is first step in the handshake. The receiving host on receiving the SYN segment reply with an acknowledgement (ACK) and with its own SYN segment and this form the second part of the handshake. The final step of the handshake is the n completed by the sending host responding with its own ACK segment to acknowledge the acceptance of the SYN/ACK. Once this process is completed, the hosts then established a virtual circuit between themselves through which the data will be transferred (Noonan and Dobrawsky 2006). As good as the three ways handshake of the TCP is, it also has its short comings. The most common one being the SYN flood attack. This form of attack occurs when the destination host such as the Server is flooded with a SYN session request without receiving any ACK reply from the source host (malicious host) that initiated a SYN session. The result of this action causes DOS attack as destination host buffer will get to a point it can no longer take any request from legitimate hosts but have no other choice than to drop such session request (Noonan and Dobrawsky 2006). 2.2.5 USER DATAGRAM PROTOCOL (UDP) UDP unlike the TCP is a standard connectionless transport mechanism that operates at the transport layer of OSI model. It is described by the Request for Comment (RFC) 768 (Noonan and Dobrawsky 2006; Simoneau 2006). When using UDP to transfer packets between hosts, session initiation, retransmission of lost or damaged packets and acknowledgement are omitted therefore, 100 percent packet delivery is not guaranteed (Sundararajan et al 2006; Postel 1980). UDP is designed with low over head as it does not involve initiation of session between hosts before data transmission starts. This protocol is best suite for small data transmission (Noonan and Dobrawsky 2006). 2.2.6 INTERNET CONTROL MESSAGE PROTOCOL (ICMP). ICMP is primarily designed to identify and report routing error, delivery failures and delays on the network. This protocol can only be used to report errors and can not be used to make any correction on the identified errors but depend on routing protocols or reliable protocols like the TCP to handle the error detected (Noonan and Dobrawsky 2006; Dunkels 2003). ICMP makes use of the echo mechanism called Ping command. This command is used to check if the host is replying to network traffic or not (Noonan and Dobrawsky 2006; Dunkels 2003). 2.3 OTHER NETWORK SECURITY ELEMENTS. 2.3.1 VIRTUAL PRIVATE NETWORK (VPN) VPN is one of the network security elements that make use of the public network infrastructure to securely maintain confidentiality of information transfer between hosts over the public network (Bou 2007). VPN provides this security features by making use of encryption and Tunneling technique to protect such information and it can be configured to support at least three models which are Remote- access connection. Site-to-site ( branch offices to the headquarters) Local area network internetworking (Extranet connection of companies with their business partners) (Bou 2007). 2.3.2 VPN TECHNOLOGY VPN make use of many standard protocols to implement the data authentication (identification of trusted parties) and encryption (scrambling of data) when making use of the public network to transfer data. These protocols include: Point-to-Point Tunneling Protocol PPTP [RFC2637] Secure Shell Layer Protocol (SSL) [RFC 2246] Internet Protocol Security (IPSec) [RFC 2401] Layer 2 Tunneling Protocol (L2TP) [RFC2661] 2.3.2.1 POINT-TO-POINT TUNNELING PROTOCOL [PPTP] The design of PPTP provides a secure means of transferring data over the public infrastructure with authentication and encryption support between hosts on the network. This protocol operates at the data link layer of the OSI model and it basically relies on user identification (ID) and password authentication for its security. PPTP did not eliminate Point-to-Point Protocol, but rather describes better way of Tunneling PPP traffic by using Generic Routing Encapsulation (GRE) (Bou 2007; Microsoft 1999; Schneier and Mudge 1998). 2.3.2.2 LAYER 2 TUNNELING PROTOCOL [L2TP] The L2TP is a connection-oriented protocol standard defined by the RFC 2661which merged the best features of PPTP and Layer 2 forwarding (L2F) protocol to create the new standard (L2TP) (Bou 2007; Townsley et al 1999). Just like the PPTP, the L2TP operates at the layer 2 of the OSI model. Tunneling in L2TP is achieved through series of data encapsulation of the different levels layer protocols. Examples are UDP, IPSec, IP, and Data-Link layer protocol but the data encryption for the tunnel is provided by the IPSec (Bou 2007; Townsley et al 1999). 2.3.2.3 INTERNET PROTOCOL SECURITY (IPSEC) [RFC 2401] IPSec is a standard protocol defined by the RFC 2401 which is designed to protect the payload of an IP packet and the paths between hosts, security gateways (routers and firewalls), or between security gateway and host over the unprotected network (Bou 2007; Kent and Atkinson 1998). IPSec operate at network layer of the OSI model. Some of the security services it provides are, authentication, connectionless integrity, encryption, access control, data origin, rejection of replayed packets, etc (Kent and Atkinson 1998). 2.3.3.4 SECURE SOCKET LAYER (SSL) [RFC 2246] SSL is a standard protocol defined by the RFC 2246 which is designed to provide secure communication tunnel between hosts by encrypting hosts communication over the network, to ensure packets confidentiality, integrity and proper hosts authentication, in order to eliminate eavesdropping attacks on the network (Homin et al 2007; Oppliger et al 2008). SSL makes use of security elements such as digital certificate, cryptography and certificates to enforce security measures over the network. SSL is a transport layer security protocol that runs on top of the TCP/IP which manage transport and routing of packets across the network. Also SSL is deployed at the application layer OSI model to ensure hosts authentication (Homin et al 2007; Oppliger et al 2008; Dierks and Allen 1999). 2.4 FIREWALL BACKGROUND The concept of network firewall is to prevent unauthorised packets from gaining entry into a network by filtering all packets that are coming into such network. The word firewall was not originally a computer security vocabulary, but was initially used to illustrate a wall which could be brick or mortar built to restrain fire from spreading from one part of a building to the other or to reduce the spread of the fire in the building giving some time for remedial actions to be taken (Komar et al 2003). 2.4.1BRIEF HISTORY OF FIREWALL Firewall as used in computing is dated as far back as the late 1980s, but the first set of firewalls came into light sometime in 1985, which was produced by a Ciscos Internet work Operating System (IOS) division called packet filter firewall (Cisco System 2004). In 1988, Jeff Mogul from DEC (Digital Equipment Corporation) published the first paper on firewall. Between 1989 and 1990, two workers of the ATT Bell laboratories Howard Trickey and Dave Persotto initiated the second generation firewall technology with their study in circuit relays called Circuit level firewall. Also, the two scientists implemented the first working model of the third generation firewall design called Application layer firewalls. Sadly enough, there was no published documents explaining their work and no product was released to support their work. Around the same year (1990-1991), different papers on the third generation firewalls were published by researchers. But among them, Marcus Ranums work received the most attention in 1991 and took the form of bastion hosts running proxy services. Ranums work quickly evolved into the first commercial product—Digital Equipment Corporations SEAL product (Cisco System 2004). About the same year, work started on the fourth generation firewall called Dynamic packet filtering and was not operational until 1994 when Check Point Software rolled out a complete working model of the fourth generation firewall architecture. In 1996, plans began on the fifth generation firewall design called the Kernel Proxy architecture and became reality in 1997 when Cisco released the Cisco Centri Firewall which was the first Proxy firewall produced for commercial use (Cisco System 2004). Since then many vendor have designed and implemented various forms of firewall both in hardware and software and till date, research works is on going in improving firewalls architecture to meet up with ever increasing challenges of network security. 2.5 DEFINITION According to the British computer society (2008), Firewalls are defence mechanisms that can be implemented in either hardware or software, and serve to prevent unauthorized access to computers and networks. Similarly, Subrata, et al (2006) defined firewall as a combination of hardware and software used to implement a security policy governing the flow of network traffic between two or more networks. The concept of firewall in computer systems security is similar to firewall built within a building but differ in their functions. While the latter is purposely designed for only one task which is fire prevention in a building, computer system firewall is designed to prevent more than one threat (Komar et al 2003).This includes the following Denial Of Service Attacks (DoS) Virus attacks Worm attack. Hacking attacks etc 2.5.1 DENIAL OF SERVICE ATTACKS (DOS) â€Å"Countering DoS attacks on web servers has become a very challenging problem† (Srivatsa et al 2006). This is an attack that is aimed at denying legitimate packets to access network resources. The attacker achieved this by running a program that floods the network, making network resources such as main memory, network bandwidth, hard disk space, unavailable for legitimate packets. SYN attack is a good example of DOS attacks, but can be prevented by implementing good firewall polices for the secured network. A detailed firewall policy (iptables) is presented in chapter three of this thesis. 2.5.2 VIRUS AND WORM ATTACKS Viruses and worms attacks are big security problem which can become pandemic in a twinkle of an eye resulting to possible huge loss of information or system damage (Ford et al 2005; Cisco System 2004). These two forms of attacks can be programs designed to open up systems to allow information theft or programs that regenerate themselves once they gets into the system until they crashes the system and some could be programmed to generate programs that floods the network leading to DOS attacks. Therefore, security tools that can proactively detect possible attacks are required to secure the network. One of such tools is a firewall with good security policy configuration (Cisco System 2004). Generally speaking, any kind of firewall implementation will basically perform the following task. Manage and control network traffic. Authenticate access Act as an intermediary Make internal recourses available Record and report event 2.5.3 MANAGE AND CONTROL NETWORK TRAFFIC. The first process undertaken by firewalls is to secure a computer networks by checking all the traffic coming into and leaving the networks. This is achieved by stopping and analysing packet Source IP address, Source port, Destination IP address, Destination port, IP protocol Packet header information etc. in order decide on what action to take on such packets either to accept or reject the packet. This action is called packet filtering and it depends on the firewall configuration. Likewise the firewall can also make use of the connections between TCP/IP hosts to establish communication between them for identification and to state the way they will communicate with each other to decide which connection should be permitted or discarded. This is achieved by maintaining the state table used to check the state of all the packets passing through the firewall. This is called stateful inspection (Noonan and Dobrawsky 2006). 2.5.4 AUTHENTICATE ACCESS When firewalls inspects and analyses packets Source IP address, Source port, Destination IP address, Destination port, IP protocol Packet header information etc, and probably filters it based on the specified security procedure defined, it does not guarantee that the communication between the source host and destination host will be authorised in that, hackers can manage to spoof IP address and port action which defeats the inspection and analysis based on IP and port screening. To tackle this pit fall over the network, an authentication rule is implemented in firewall using a number of means such as, the use of username and password (xauth), certificate and public keys and pre-shared keys (PSKs).In using the xauth authentication method, the firewall will request for the source host that is trying to initiate a connection with the host on the protected network for its username and password before it will allow connection between the protected network and the source host to be establi shed. Once the connection is been confirmed and authorised by the security procedure defined, the source host need not to authenticate itself to make connection again (Noonan and Dobrawsky 2006). The second method is using certificates and public keys. The advantage of this method over xauth is that verification can take place without source host intervention having to supply its username and password for authentication. Implementation of Certificates and public keys requires proper hosts (protected network and the source host) configuration with certificates and firewall and making sure that protected network and the source host use a public key infrastructure that is properly configured. This security method is best for big network design (Noonan and Dobrawsky 2006). Another good way of dealing with authentication issues with firewalls is by using pre-shared keys (PSKs). The implementation of PSKs is easy compare to the certificates and public keys although, authentication still occur without the source host intervention its make use of an additional feature which is providing the host with a predetermined key that is used for the verification procedure (Noonan and Dobrawsky 2006). 2.5.5 ACT AS AN INTERMEDIARY When firewalls are configured to serve as an intermediary between a protected host and external host, they simply function as application proxy. The firewalls in this setup are configured to impersonate the protected host such that all packets destined for the protected host from the external host are delivered to the firewall which appears to the external host as the protected host. Once the firewalls receive the packets, they inspect the packet to determine if the packet is valid (e.g. genuine HTTT packet) or not before forwarding to the protected host. This firewall design totally blocks direct communication between the hosts. 2.5.6 RECORD AND REPORT EVENTS While it is good practise to put strong security policies in place to secure network, it is equally important to record firewalls events. Using firewalls to record and report events is a technique that can help to investigate what kind of attack took place in situations where firewalls are unable to stop malicious packets that violate the access control policy of the protected network. Recording this event gives the network administrator a clear understanding of the attack and at the same time, to make use of the recorded events to troubleshoot the problem that as taken place. To record these events, network administrators makes use of different methods but syslog or proprietary logging format are mostly used for firewalls. However, some malicious events need to be reported quickly so that immediate action can be taken before serious damage is done to the protected network. Therefore firewalls also need an alarming mechanism in addition to the syslog or proprietary logging format whe n ever access control policy of the protected network is violated. Some types of alarm supported by firewalls include Console notification, Simple Network Management Protocol (SNMP), Paging notification, E-mail notification etc (Noonan and Dobrawsky 2006). Console notification is a warning massage that is presented to the firewall console. The problem with this method of alarm is that, the console needs to be monitored by the network administrator at all times so that necessary action can be taken when an alarm is generated. Simple Network Management Protocol (SNMP) notification is implemented to create traps which are transferred to the network management system (NMS) monitoring the firewall. Paging notification is setup on the firewall to deliver a page to the network administrator whenever the firewall encounters any event. The message could be an alphanumeric or numeric depending on how the firewall is setup. E-mail notification is similar to paging notification, but in this case, the firewall send an email instead to proper address. 2.6 TYPES OF FIREWALLS Going by firewall definition, firewalls are expected to perform some key functions like, Application Proxy, Network Translation Address, and Packet filtering. 2.6.1 APPLICATION PROXY This is also known as Application Gateway, and it acts as a connection agent between protected network and the external network. Basically, the application proxy is a host on the protected network that is setup as proxy server. Just as the name implies, application proxy function at the application layer of the Open System Interconnection (OSI) model and makes sure that all application requests from the secured network is communicated to the external network through the proxy server and no packets passes through from to external network to the secured network until the proxy checks and confirms inbound packets. This firewall support different types of protocols such as a Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP) and Simple Mail Transport Protocol (SMTP) (Noonan and Dobrawsky 2006; NetContinuum 2006). 2.6.2 NETWORK ADDRESS (NAT) NAT alter the IP addresses of hosts packets by hiding the genuine IP addresses of secured network hosts and dynamically replacing them with a different IP addresses (Cisco System 2008; Walberg 2007). When request packets are sent from the secured host through the gateway to an external host, the source host address is modified to a different IP address by NAT.  When the reply packets arrives at the gateway, the NAT then replaces the modified address with genuine host address before forwarding it to the host (Walberg 2007).The role played by NAT in a secured network system makes it uneasy for unauthorized access to know: The number of hosts available in the protected network The topology of the network The operating systems the host is running The type of host machine (Cisco System 2008). 2.6.3 PACKET FILTERING. â€Å"Firewalls and IPSec gateways have become major components in the current high speed Internet infrastructure to filter out undesired traffic and protect the integrity and confidentiality of critical traffic† (Hamed and Al-Shaer 2006). Packet filtering is based on the lay down security rule defined for any network or system. Filtering traffic over the network is big task that involves comprehensive understanding of the network on which it will be setup. This defined policy must always be updated in order to handle the possible network attacks (Hamed and Al-Shaer 2006). 2.6.4 INSTRUCTION DETECTION SYSTEMS. Network penetration attacks are now on the increase as valuable information is being stolen or damaged by the attacker. Many security products have been developed to combat these attacks. Two of such products are Intrusion Prevention systems (IPS) and Intrusion Detection Systems (IDS). IDS are software designed to purposely monitor and analysed all the activities (network traffic) on the network for any suspicious threats that may violate the defined network security policies (Scarfone and Mell 2007; Vignam et al 2003). There are varieties of methods IDS uses to detect threats on the network, two of them are, anomaly based IDS, and signature based IDS. 2.6.4.1 ANOMALY BASED IDS Anomaly based IDS is setup to monitor and compare network events against what is defined to be normal network activities which is represented by a profile, in order to detect any deviation from the defined normal events. Some of the events are, comparing the type of bandwidth used, the type of protocols etc and once the IDS identifies any deviation in any of this events, it notifies the network administrator who then take necessary action to stop the intended attack (Scarfone and Mell 2007). 2.6.4.2 SIGNATURE BASED IDS Signature based IDS are designed to monitor and compare packets on the network against the signature database of known malicious attacks or threats. This type of IDS is efficient at identifying already known threats but ineffective at identifying new threats which are not currently defined in the signature database, therefore giving way to network attacks (Scarfone and Mell 2007). 2.6.5 INTRUSION PREVENTION SYSTEMS (IPS). IPS are proactive security products which can be software or hardware used to identify malicious packets and also to prevent such packets from gaining entry in the networks (Ierace et al 2005, Botwicz et al 2006). IPS is another form of firewall which is basically designed to detect irregularity in regular network traffic and likewise to stop possible network attacks such as Denial of service attacks. They are capable of dropping malicious packets and disconnecting any connection suspected to be illegal before such traffic get to the protected host. Just like a typical firewall, IPS makes use of define rules in the system setup to determine the action to take on any traffic and this could be to allow or block the traffic. IPS makes use of stateful packet analysis to protect the network. Similarly, IPS is capable of performing signature matching, application protocol validation etc as a means of detecting attacks on the network (Ierace et al 2005). As good as IPS are, they also have t heir downsides as well. One of it is the problem of false positive and false negative. False positive is a situation where legitimate traffic is been identified to be malicious and thereby resulting to the IPS blocking such traffic on the network. False negative on the other hand is when malicious traffic is be identified by the IPS as legitimate traffic thereby allowing such traffic to pass through the IPS to the protected network (Ierace N et al 2005). 2.7 SOFTWARE AND HARDWARE FIREWALLS 2.7.1 SOFTWARE FIREWALLS Software-based firewalls are computers installed software for filtering packets (Permpootanalarp and Rujimethabhas 2001). These are programs setup either on personal computers or on network servers (Web servers and Email severs) operating system. Once the software is installed and proper security polices are defined, the systems (personal computers or servers) assume the role of a firewall. Software firewalls are second line of defence after hardware firewalls in situations where both are used for network security. Also software firewalls can be installed on different operating system such as, Windows Operating Systems, Mac operating system, Novel Netware, Linux Kernel, and UNIX Kernel etc. The function of these firewalls is, filtering distorted network traffic. There are several software firewall some of which include, Online Armor firewall, McAfee Personal Firewall, Zone Alarm, Norton Personal Firewall, Black Ice Defender, Sygate Personal Firewall, Panda Firewall, The DoorStop X Fi rewall etc (Lugo Parker 2005). When designing a software firewall two keys things are considered. These are, per-packet filtering and a per-process filtering. The pre-packet filter is design to search for distorted packets, port scan detection and checking if the packets are accepted into the protocol stack. In the same vein, pre-process filter is the designed to check if a process is allowed to begin a connection to the secured network or not (Lugo and Parker 2005). It should be noted that there are different implantations of all Firewalls. While some are built into the operating system others are add-ons. Examples of built-in firewalls are windows based firewall and Linux based. 2.7.2 WINDOWS OPERATING SYSTEM BASED FIREWALL. In operating system design, security features is one important aspect that is greatly considered. This is a challenge the software giant (Microsoft) as always made sure they implement is their products. In the software industry, Mi Technology for Network Security Technology for Network Security 2.0 CHAPTER TWO 2.1 INTRODUCTION The ever increasing need for information technology as a result of globalisation has brought about the need for an application of a better network security system. It is without a doubt that the rate at which computer networks are expanding in this modern time to accommodate higher bandwidth, unique storage demand, and increase number of users can not be over emphasised. As this demand grows on daily bases, so also, are the threats associated with it. Some of which are, virus attacks, worm attacks, denial of services or distributed denial of service attack etc. Having this in mind then call for swift security measures to address these threats in order to protect data reliability, integrity, availability and other needed network resources across the network. Generally, network security can simply be described as a way of protecting the integrity of a network by making sure authorised access or threats of any form are restricted from accessing valuable information. As network architecture begins to expand, tackling the issue of security is becomes more and more complex to handle, therefore keeping network administrators on their toes to guard against any possible attacks that occurs on daily basis. Some of the malicious attacks are viruses and worm attacks, denial of service attacks, IP spoofing, cracking password, Domain Name Server (DNS) poisoning etc. As an effort to combat these threats, many security elements have been designed to tackle these attacks on the network. Some of which includes, firewall, Virtual Private Network (VPN), Encryption and Decryption, Cryptography, Internet Protocol Security (IPSec), Data Encryption Standard (3DES), Demilitarised Zone, (DMZ), Secure Shell Layer (SSL) etc. This chapter starts by briefly discussi ng Internet Protocol (IP), Transmission Control Protocol (TCP), User datagram Protocol (UDP), Internet Control Message Protocol (ICMP), then discussed the Open system interconnection (OSI) model and the protocols that operate at each layer of the model, network security elements, followed by the background of firewall, types and features of firewalls and lastly, network security tools. 2.2 A BRIEF DESCRIPTION OF TCP, IP, UDP AND ICMP 2.2.1 DEFINITION Going by the tremendous achievement of the World Wide Web (internet), a global communication standard with the aim of building interconnection of networks over heterogeneous network is known as the TCP/IP protocol suite was designed (Dunkels 2003; Global Knowledge 2007; Parziale et al 2006). The TCP/IP protocol suite is the core rule used for applications transfer such as File transfers, E-Mail traffics, web pages transfer between hosts across the heterogeneous networks (Dunkels 2003; Parziale et al 2006). Therefore, it becomes necessary for a network administrator to have a good understanding of TCP/IP when configuring firewalls, as most of the policies are set to protect the internal network from possible attacks that uses the TCP/IP protocols for communication (Noonan and Dobrawsky 2006). Many incidents of network attacks are as a result of improper configuration and poor implementation TCP/IP protocols, services and applications. TCP/IP make use of protocols such as TCP, UDP, IP, ICMP etc to define rules of how communication over the network takes place (Noonan and Dobrawsky 2006). Before these protocols are discussed, this thesis briefly looks into the theoretical Open Systems Interconnection (OSI) model (Simoneau 2006). 2.2.2 THE OSI MODEL The OSI model is a standardised layered model defined by International Organization for Standardization (ISO) for network communication which simplifies network communication to seven separate layers, with each individual layer having it own unique functions that support immediate layer above it and at same time offering services to its immediate layer below it (Parziale et al 2006; Simoneau 2006). The seven layers are Application, Presentation, Session Transport, Network, Data, Link and Physical layer. The first three lower layers (Network, Data, Link and Physical layer) are basically hardware implementations while the last four upper layers (Application, Presentation, Session and Transport) are software implementations. Application Layer This is the end user operating interface that support file transfer, web browsing, electronic mail etc. This layer allows user interaction with the system. Presentation Layer This layer is responsible for formatting the data to be sent across the network which enables the application to understand the message been sent and in addition it is responsible for message encryption and decryption for security purposes. Session Layer This layer is responsible for dialog and session control functions between systems. Transport layer This layer provides end-to-end communication which could be reliable or unreliable between end devices across the network. The two mostly used protocols in this layer are TCP and UDP. Network Layer This layer is also known as logical layer and is responsible for logical addressing for packet delivery services. The protocol used in this layer is the IP. Data Link Layer This layer is responsible for framing of units of information, error checking and physical addressing. Physical Layer This layer defines transmission medium requirements, connectors and responsible for the transmission of bits on the physical hardware (Parziale et al 2006; Simoneau 2006). 2.2.3 INTERNET PROTOCOL (IP) IP is a connectionless protocol designed to deliver data hosts across the network. IP data delivery is unreliable therefore depend on upper layer protocol such as TCP or lower layer protocols like IEEE 802.2 and IEEE802.3 for reliable data delivery between hosts on the network.(Noonan and Dobrawsky 2006) 2.2.4 TRANSMISSION CONTROL PROTOCOL (TCP) TCP is a standard protocol which is connection-oriented transport mechanism that operates at the transport layer of OSI model. It is described by the Request for Comment (RFC) 793. TCP solves the unreliability problem of the network layer protocol (IP) by making sure packets are reliably and accurately transmitted, errors are recovered and efficiently monitors flow control between hosts across the network. (Abie 2000; Noonan and Dobrawsky 2006; Simoneau 2006). The primary objective of TCP is to create session between hosts on the network and this process is carried out by what is called TCP three-way handshake. When using TCP for data transmission between hosts, the sending host will first of all send a synchronise (SYN) segment to the receiving host which is first step in the handshake. The receiving host on receiving the SYN segment reply with an acknowledgement (ACK) and with its own SYN segment and this form the second part of the handshake. The final step of the handshake is the n completed by the sending host responding with its own ACK segment to acknowledge the acceptance of the SYN/ACK. Once this process is completed, the hosts then established a virtual circuit between themselves through which the data will be transferred (Noonan and Dobrawsky 2006). As good as the three ways handshake of the TCP is, it also has its short comings. The most common one being the SYN flood attack. This form of attack occurs when the destination host such as the Server is flooded with a SYN session request without receiving any ACK reply from the source host (malicious host) that initiated a SYN session. The result of this action causes DOS attack as destination host buffer will get to a point it can no longer take any request from legitimate hosts but have no other choice than to drop such session request (Noonan and Dobrawsky 2006). 2.2.5 USER DATAGRAM PROTOCOL (UDP) UDP unlike the TCP is a standard connectionless transport mechanism that operates at the transport layer of OSI model. It is described by the Request for Comment (RFC) 768 (Noonan and Dobrawsky 2006; Simoneau 2006). When using UDP to transfer packets between hosts, session initiation, retransmission of lost or damaged packets and acknowledgement are omitted therefore, 100 percent packet delivery is not guaranteed (Sundararajan et al 2006; Postel 1980). UDP is designed with low over head as it does not involve initiation of session between hosts before data transmission starts. This protocol is best suite for small data transmission (Noonan and Dobrawsky 2006). 2.2.6 INTERNET CONTROL MESSAGE PROTOCOL (ICMP). ICMP is primarily designed to identify and report routing error, delivery failures and delays on the network. This protocol can only be used to report errors and can not be used to make any correction on the identified errors but depend on routing protocols or reliable protocols like the TCP to handle the error detected (Noonan and Dobrawsky 2006; Dunkels 2003). ICMP makes use of the echo mechanism called Ping command. This command is used to check if the host is replying to network traffic or not (Noonan and Dobrawsky 2006; Dunkels 2003). 2.3 OTHER NETWORK SECURITY ELEMENTS. 2.3.1 VIRTUAL PRIVATE NETWORK (VPN) VPN is one of the network security elements that make use of the public network infrastructure to securely maintain confidentiality of information transfer between hosts over the public network (Bou 2007). VPN provides this security features by making use of encryption and Tunneling technique to protect such information and it can be configured to support at least three models which are Remote- access connection. Site-to-site ( branch offices to the headquarters) Local area network internetworking (Extranet connection of companies with their business partners) (Bou 2007). 2.3.2 VPN TECHNOLOGY VPN make use of many standard protocols to implement the data authentication (identification of trusted parties) and encryption (scrambling of data) when making use of the public network to transfer data. These protocols include: Point-to-Point Tunneling Protocol PPTP [RFC2637] Secure Shell Layer Protocol (SSL) [RFC 2246] Internet Protocol Security (IPSec) [RFC 2401] Layer 2 Tunneling Protocol (L2TP) [RFC2661] 2.3.2.1 POINT-TO-POINT TUNNELING PROTOCOL [PPTP] The design of PPTP provides a secure means of transferring data over the public infrastructure with authentication and encryption support between hosts on the network. This protocol operates at the data link layer of the OSI model and it basically relies on user identification (ID) and password authentication for its security. PPTP did not eliminate Point-to-Point Protocol, but rather describes better way of Tunneling PPP traffic by using Generic Routing Encapsulation (GRE) (Bou 2007; Microsoft 1999; Schneier and Mudge 1998). 2.3.2.2 LAYER 2 TUNNELING PROTOCOL [L2TP] The L2TP is a connection-oriented protocol standard defined by the RFC 2661which merged the best features of PPTP and Layer 2 forwarding (L2F) protocol to create the new standard (L2TP) (Bou 2007; Townsley et al 1999). Just like the PPTP, the L2TP operates at the layer 2 of the OSI model. Tunneling in L2TP is achieved through series of data encapsulation of the different levels layer protocols. Examples are UDP, IPSec, IP, and Data-Link layer protocol but the data encryption for the tunnel is provided by the IPSec (Bou 2007; Townsley et al 1999). 2.3.2.3 INTERNET PROTOCOL SECURITY (IPSEC) [RFC 2401] IPSec is a standard protocol defined by the RFC 2401 which is designed to protect the payload of an IP packet and the paths between hosts, security gateways (routers and firewalls), or between security gateway and host over the unprotected network (Bou 2007; Kent and Atkinson 1998). IPSec operate at network layer of the OSI model. Some of the security services it provides are, authentication, connectionless integrity, encryption, access control, data origin, rejection of replayed packets, etc (Kent and Atkinson 1998). 2.3.3.4 SECURE SOCKET LAYER (SSL) [RFC 2246] SSL is a standard protocol defined by the RFC 2246 which is designed to provide secure communication tunnel between hosts by encrypting hosts communication over the network, to ensure packets confidentiality, integrity and proper hosts authentication, in order to eliminate eavesdropping attacks on the network (Homin et al 2007; Oppliger et al 2008). SSL makes use of security elements such as digital certificate, cryptography and certificates to enforce security measures over the network. SSL is a transport layer security protocol that runs on top of the TCP/IP which manage transport and routing of packets across the network. Also SSL is deployed at the application layer OSI model to ensure hosts authentication (Homin et al 2007; Oppliger et al 2008; Dierks and Allen 1999). 2.4 FIREWALL BACKGROUND The concept of network firewall is to prevent unauthorised packets from gaining entry into a network by filtering all packets that are coming into such network. The word firewall was not originally a computer security vocabulary, but was initially used to illustrate a wall which could be brick or mortar built to restrain fire from spreading from one part of a building to the other or to reduce the spread of the fire in the building giving some time for remedial actions to be taken (Komar et al 2003). 2.4.1BRIEF HISTORY OF FIREWALL Firewall as used in computing is dated as far back as the late 1980s, but the first set of firewalls came into light sometime in 1985, which was produced by a Ciscos Internet work Operating System (IOS) division called packet filter firewall (Cisco System 2004). In 1988, Jeff Mogul from DEC (Digital Equipment Corporation) published the first paper on firewall. Between 1989 and 1990, two workers of the ATT Bell laboratories Howard Trickey and Dave Persotto initiated the second generation firewall technology with their study in circuit relays called Circuit level firewall. Also, the two scientists implemented the first working model of the third generation firewall design called Application layer firewalls. Sadly enough, there was no published documents explaining their work and no product was released to support their work. Around the same year (1990-1991), different papers on the third generation firewalls were published by researchers. But among them, Marcus Ranums work received the most attention in 1991 and took the form of bastion hosts running proxy services. Ranums work quickly evolved into the first commercial product—Digital Equipment Corporations SEAL product (Cisco System 2004). About the same year, work started on the fourth generation firewall called Dynamic packet filtering and was not operational until 1994 when Check Point Software rolled out a complete working model of the fourth generation firewall architecture. In 1996, plans began on the fifth generation firewall design called the Kernel Proxy architecture and became reality in 1997 when Cisco released the Cisco Centri Firewall which was the first Proxy firewall produced for commercial use (Cisco System 2004). Since then many vendor have designed and implemented various forms of firewall both in hardware and software and till date, research works is on going in improving firewalls architecture to meet up with ever increasing challenges of network security. 2.5 DEFINITION According to the British computer society (2008), Firewalls are defence mechanisms that can be implemented in either hardware or software, and serve to prevent unauthorized access to computers and networks. Similarly, Subrata, et al (2006) defined firewall as a combination of hardware and software used to implement a security policy governing the flow of network traffic between two or more networks. The concept of firewall in computer systems security is similar to firewall built within a building but differ in their functions. While the latter is purposely designed for only one task which is fire prevention in a building, computer system firewall is designed to prevent more than one threat (Komar et al 2003).This includes the following Denial Of Service Attacks (DoS) Virus attacks Worm attack. Hacking attacks etc 2.5.1 DENIAL OF SERVICE ATTACKS (DOS) â€Å"Countering DoS attacks on web servers has become a very challenging problem† (Srivatsa et al 2006). This is an attack that is aimed at denying legitimate packets to access network resources. The attacker achieved this by running a program that floods the network, making network resources such as main memory, network bandwidth, hard disk space, unavailable for legitimate packets. SYN attack is a good example of DOS attacks, but can be prevented by implementing good firewall polices for the secured network. A detailed firewall policy (iptables) is presented in chapter three of this thesis. 2.5.2 VIRUS AND WORM ATTACKS Viruses and worms attacks are big security problem which can become pandemic in a twinkle of an eye resulting to possible huge loss of information or system damage (Ford et al 2005; Cisco System 2004). These two forms of attacks can be programs designed to open up systems to allow information theft or programs that regenerate themselves once they gets into the system until they crashes the system and some could be programmed to generate programs that floods the network leading to DOS attacks. Therefore, security tools that can proactively detect possible attacks are required to secure the network. One of such tools is a firewall with good security policy configuration (Cisco System 2004). Generally speaking, any kind of firewall implementation will basically perform the following task. Manage and control network traffic. Authenticate access Act as an intermediary Make internal recourses available Record and report event 2.5.3 MANAGE AND CONTROL NETWORK TRAFFIC. The first process undertaken by firewalls is to secure a computer networks by checking all the traffic coming into and leaving the networks. This is achieved by stopping and analysing packet Source IP address, Source port, Destination IP address, Destination port, IP protocol Packet header information etc. in order decide on what action to take on such packets either to accept or reject the packet. This action is called packet filtering and it depends on the firewall configuration. Likewise the firewall can also make use of the connections between TCP/IP hosts to establish communication between them for identification and to state the way they will communicate with each other to decide which connection should be permitted or discarded. This is achieved by maintaining the state table used to check the state of all the packets passing through the firewall. This is called stateful inspection (Noonan and Dobrawsky 2006). 2.5.4 AUTHENTICATE ACCESS When firewalls inspects and analyses packets Source IP address, Source port, Destination IP address, Destination port, IP protocol Packet header information etc, and probably filters it based on the specified security procedure defined, it does not guarantee that the communication between the source host and destination host will be authorised in that, hackers can manage to spoof IP address and port action which defeats the inspection and analysis based on IP and port screening. To tackle this pit fall over the network, an authentication rule is implemented in firewall using a number of means such as, the use of username and password (xauth), certificate and public keys and pre-shared keys (PSKs).In using the xauth authentication method, the firewall will request for the source host that is trying to initiate a connection with the host on the protected network for its username and password before it will allow connection between the protected network and the source host to be establi shed. Once the connection is been confirmed and authorised by the security procedure defined, the source host need not to authenticate itself to make connection again (Noonan and Dobrawsky 2006). The second method is using certificates and public keys. The advantage of this method over xauth is that verification can take place without source host intervention having to supply its username and password for authentication. Implementation of Certificates and public keys requires proper hosts (protected network and the source host) configuration with certificates and firewall and making sure that protected network and the source host use a public key infrastructure that is properly configured. This security method is best for big network design (Noonan and Dobrawsky 2006). Another good way of dealing with authentication issues with firewalls is by using pre-shared keys (PSKs). The implementation of PSKs is easy compare to the certificates and public keys although, authentication still occur without the source host intervention its make use of an additional feature which is providing the host with a predetermined key that is used for the verification procedure (Noonan and Dobrawsky 2006). 2.5.5 ACT AS AN INTERMEDIARY When firewalls are configured to serve as an intermediary between a protected host and external host, they simply function as application proxy. The firewalls in this setup are configured to impersonate the protected host such that all packets destined for the protected host from the external host are delivered to the firewall which appears to the external host as the protected host. Once the firewalls receive the packets, they inspect the packet to determine if the packet is valid (e.g. genuine HTTT packet) or not before forwarding to the protected host. This firewall design totally blocks direct communication between the hosts. 2.5.6 RECORD AND REPORT EVENTS While it is good practise to put strong security policies in place to secure network, it is equally important to record firewalls events. Using firewalls to record and report events is a technique that can help to investigate what kind of attack took place in situations where firewalls are unable to stop malicious packets that violate the access control policy of the protected network. Recording this event gives the network administrator a clear understanding of the attack and at the same time, to make use of the recorded events to troubleshoot the problem that as taken place. To record these events, network administrators makes use of different methods but syslog or proprietary logging format are mostly used for firewalls. However, some malicious events need to be reported quickly so that immediate action can be taken before serious damage is done to the protected network. Therefore firewalls also need an alarming mechanism in addition to the syslog or proprietary logging format whe n ever access control policy of the protected network is violated. Some types of alarm supported by firewalls include Console notification, Simple Network Management Protocol (SNMP), Paging notification, E-mail notification etc (Noonan and Dobrawsky 2006). Console notification is a warning massage that is presented to the firewall console. The problem with this method of alarm is that, the console needs to be monitored by the network administrator at all times so that necessary action can be taken when an alarm is generated. Simple Network Management Protocol (SNMP) notification is implemented to create traps which are transferred to the network management system (NMS) monitoring the firewall. Paging notification is setup on the firewall to deliver a page to the network administrator whenever the firewall encounters any event. The message could be an alphanumeric or numeric depending on how the firewall is setup. E-mail notification is similar to paging notification, but in this case, the firewall send an email instead to proper address. 2.6 TYPES OF FIREWALLS Going by firewall definition, firewalls are expected to perform some key functions like, Application Proxy, Network Translation Address, and Packet filtering. 2.6.1 APPLICATION PROXY This is also known as Application Gateway, and it acts as a connection agent between protected network and the external network. Basically, the application proxy is a host on the protected network that is setup as proxy server. Just as the name implies, application proxy function at the application layer of the Open System Interconnection (OSI) model and makes sure that all application requests from the secured network is communicated to the external network through the proxy server and no packets passes through from to external network to the secured network until the proxy checks and confirms inbound packets. This firewall support different types of protocols such as a Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP) and Simple Mail Transport Protocol (SMTP) (Noonan and Dobrawsky 2006; NetContinuum 2006). 2.6.2 NETWORK ADDRESS (NAT) NAT alter the IP addresses of hosts packets by hiding the genuine IP addresses of secured network hosts and dynamically replacing them with a different IP addresses (Cisco System 2008; Walberg 2007). When request packets are sent from the secured host through the gateway to an external host, the source host address is modified to a different IP address by NAT.  When the reply packets arrives at the gateway, the NAT then replaces the modified address with genuine host address before forwarding it to the host (Walberg 2007).The role played by NAT in a secured network system makes it uneasy for unauthorized access to know: The number of hosts available in the protected network The topology of the network The operating systems the host is running The type of host machine (Cisco System 2008). 2.6.3 PACKET FILTERING. â€Å"Firewalls and IPSec gateways have become major components in the current high speed Internet infrastructure to filter out undesired traffic and protect the integrity and confidentiality of critical traffic† (Hamed and Al-Shaer 2006). Packet filtering is based on the lay down security rule defined for any network or system. Filtering traffic over the network is big task that involves comprehensive understanding of the network on which it will be setup. This defined policy must always be updated in order to handle the possible network attacks (Hamed and Al-Shaer 2006). 2.6.4 INSTRUCTION DETECTION SYSTEMS. Network penetration attacks are now on the increase as valuable information is being stolen or damaged by the attacker. Many security products have been developed to combat these attacks. Two of such products are Intrusion Prevention systems (IPS) and Intrusion Detection Systems (IDS). IDS are software designed to purposely monitor and analysed all the activities (network traffic) on the network for any suspicious threats that may violate the defined network security policies (Scarfone and Mell 2007; Vignam et al 2003). There are varieties of methods IDS uses to detect threats on the network, two of them are, anomaly based IDS, and signature based IDS. 2.6.4.1 ANOMALY BASED IDS Anomaly based IDS is setup to monitor and compare network events against what is defined to be normal network activities which is represented by a profile, in order to detect any deviation from the defined normal events. Some of the events are, comparing the type of bandwidth used, the type of protocols etc and once the IDS identifies any deviation in any of this events, it notifies the network administrator who then take necessary action to stop the intended attack (Scarfone and Mell 2007). 2.6.4.2 SIGNATURE BASED IDS Signature based IDS are designed to monitor and compare packets on the network against the signature database of known malicious attacks or threats. This type of IDS is efficient at identifying already known threats but ineffective at identifying new threats which are not currently defined in the signature database, therefore giving way to network attacks (Scarfone and Mell 2007). 2.6.5 INTRUSION PREVENTION SYSTEMS (IPS). IPS are proactive security products which can be software or hardware used to identify malicious packets and also to prevent such packets from gaining entry in the networks (Ierace et al 2005, Botwicz et al 2006). IPS is another form of firewall which is basically designed to detect irregularity in regular network traffic and likewise to stop possible network attacks such as Denial of service attacks. They are capable of dropping malicious packets and disconnecting any connection suspected to be illegal before such traffic get to the protected host. Just like a typical firewall, IPS makes use of define rules in the system setup to determine the action to take on any traffic and this could be to allow or block the traffic. IPS makes use of stateful packet analysis to protect the network. Similarly, IPS is capable of performing signature matching, application protocol validation etc as a means of detecting attacks on the network (Ierace et al 2005). As good as IPS are, they also have t heir downsides as well. One of it is the problem of false positive and false negative. False positive is a situation where legitimate traffic is been identified to be malicious and thereby resulting to the IPS blocking such traffic on the network. False negative on the other hand is when malicious traffic is be identified by the IPS as legitimate traffic thereby allowing such traffic to pass through the IPS to the protected network (Ierace N et al 2005). 2.7 SOFTWARE AND HARDWARE FIREWALLS 2.7.1 SOFTWARE FIREWALLS Software-based firewalls are computers installed software for filtering packets (Permpootanalarp and Rujimethabhas 2001). These are programs setup either on personal computers or on network servers (Web servers and Email severs) operating system. Once the software is installed and proper security polices are defined, the systems (personal computers or servers) assume the role of a firewall. Software firewalls are second line of defence after hardware firewalls in situations where both are used for network security. Also software firewalls can be installed on different operating system such as, Windows Operating Systems, Mac operating system, Novel Netware, Linux Kernel, and UNIX Kernel etc. The function of these firewalls is, filtering distorted network traffic. There are several software firewall some of which include, Online Armor firewall, McAfee Personal Firewall, Zone Alarm, Norton Personal Firewall, Black Ice Defender, Sygate Personal Firewall, Panda Firewall, The DoorStop X Fi rewall etc (Lugo Parker 2005). When designing a software firewall two keys things are considered. These are, per-packet filtering and a per-process filtering. The pre-packet filter is design to search for distorted packets, port scan detection and checking if the packets are accepted into the protocol stack. In the same vein, pre-process filter is the designed to check if a process is allowed to begin a connection to the secured network or not (Lugo and Parker 2005). It should be noted that there are different implantations of all Firewalls. While some are built into the operating system others are add-ons. Examples of built-in firewalls are windows based firewall and Linux based. 2.7.2 WINDOWS OPERATING SYSTEM BASED FIREWALL. In operating system design, security features is one important aspect that is greatly considered. This is a challenge the software giant (Microsoft) as always made sure they implement is their products. In the software industry, Mi