Managerial Leadership Essay

Managerial Leadership is establishing direction and influenciing others to fallow direction, but I feel there is so much more to this difinition. The reason being is because leadership has many variations and diferent areas of emphasis. A common definition of managerial leadership is that Leaders are individuals who, by their actions, facilitate the movement of a group of people toward a common or shared goal. Leaders want and expect from followers competency in their skills and time span for accompishing tasks. Additionally respect for the person of the leader. The Leader has an expectation that when value is offered to the subordinate, training and learning work their capabilities to complete a task. There are many styles of managerial leaders, not all managers are the same, and some types are: * Vsisonary Leader articulates where a group is going, but not how it will get there. They tend to set there people free to innovate, experiment, they let them take risks. * Coaching Leader focuses on developing individuals, showing them how to improve their performance, and helping to connnect their goals to the goals of the organization, the feel that coaching works best with employees who show initative and want more professional development. But it can backfire if it’s; some may feel its like â€Å"micromanaging†. * Affiliative emphasizes the importance of team work, and creates harmony in a group by connecting people to each other. This style can be valuable when trying to heighten team harmony and increase morale, improve communication or repair broken trust in an organization. * Democratic draws on people’s knowledge and skills and creates a group commitment to the resulting goals. It may work best when the direction the organization, should take is unclear, and the leader needs to tap the collective wisdom of the group. This style can disastrous in times of crisis, when urgent events demand quick decisions. * Pacesetting this leader sets high standards for performance. This manager is obsessive about doing things better and faster, they ask the same from everyone else. This way should not be used alone, because it can undercut morale and make people feel as if they are failing. * Commanding is the classic model of â€Å"military† style leadership – probably the most often used, but the least often effective. The reason being it’s rarely involves prasie and frequently employs criticism; it undercuts morale and job satisfaction. This style is only affective in a crisis, when an urgant turnaround is needed. Managerial Leadership is a very important to a company, employees and the future of an organization. There are many types of leaders, and each type is can play a very important role. I feel that with great leadership and organiztions can go far, if you have great leaders you’ll have happy and motivated employees.

Population Management Strategies Essay

China has one of the largest population densities in the world. In Russia there is a decline in population which is observed to increase drastically. In Western Europe as well, the population decline is as a result of the social and economic lifestyle that the natives lead. Varied measures are therefore taken against the population growing trends. This study compares and contrasts the population management strategies of the above mentioned nations (Gordon, 2005). 2. 0 Population growth in Russia Presently, there is a remarkable decline in population and this is a major problem in Russia. Russia’s population is estimated to be 143 million, however, in every year there is a turn down of about seven hundred thousand people; calculations indicate that this decline is about one hundred people dying every hour; this has led to predictions that the country’s population by the year 2050 could be as low as one hundred and twenty million. It could also have an economic and geopolitical impact (Gordon, 2005). a) Causes of the population crisis The observed high mortality rate, short life expectancy and an increasing number of deaths from causes that are not natural; are the major factors contributing to the population decline in Russia. Russia’s number of deaths per 1,000 people is at 16, compared to Western Europe which is 5. Out of the 150,000 people who die in natural deaths, 46,000 are suicidal cases, 40,000 killed in road accidents, 36,000 murdered and 36,000 are as a result of alcohol poisoning. High abortion in Russia contributes to the low birth rate. However there is a great decline in abortion since the Soviet times when abortion was utilized as a method of birth control (Gordon, 2005). The official statistics survey indicates that there are 1. 6 million abortions in Russian women, which is higher than the birth rate. Generally, there is a low birth rate in the country attributed to high rates of alcoholism and economic hardship. Currently, Russia’s birth rate is 1. 34 children per woman of fertile age, which is less compared to the required 2. 14 children per woman. Additionally, the estimated life expectancy in Russia is about 58 years for men and 72 for women, thus thirty percent of the men population do not reach the beginning of their pension age (Gordon, 2005). Russian experts also suggest that the depopulation in the country is due to political and economic upheaval experienced in the country in the 1990s. Due to bad planning and implementing of liberal economic reforms, social insecurity was evident among the nationals and thus they sought to have fewer children. The rate of foreigners moving into Russia is low; little relocation is observed within the former republics of the Soviet Union. However the rate of movement of nationals outside Russia to Western Europe and other places is high and it’s usually for search of a better economic situation (Gordon, 2005). b) Management strategies In 2005, there was an increase in the number of births which was due to a large number of girls born in the 1970s-1980s who could bear children by then. Thus the birth rate can be stimulated, the maternal and infant mortality rates reduced. By enhancing the reproductive health and quality of the population, the population growth can be boosted. A new demographic development concept is essential for it will outline the national goals such as average increase of life expectancy in the nationals and increase in birth rate. Russia has a chronic occurrence of cardiac and oncological diseases. The average life expectancy can be boosted by six more years if an initiative is taken to reduce deaths that arise from such disorders (Gordon, 2005). 3. 0 Population growth in China and management strategies China is among the world’s top nations that experience a very large population with a relatively small youth cohort which is attributed to the People’s Republic of China’s one –child policy. Except for the population policies implemented in China in 1979, the current population in china would be reading at 1. 7 billion. It is recorded that china’s population in 1953 was 582 million; however by the year 2000, the population was twice as much, estimated at 1. 2 billion (Peng, & Guo, 2000). The first leaders in China believed that a large population was a great investment, yet, as the population grew rapidly it became a liability and this led to a mass campaign effort for birth control by the Ministry of Public health; though this was in vain. Again, a rapid population was experienced after the interval of the ‘Great Leap Forward’. In the 1960s, emphasis was laid on late marriage and in 1964; birth control offices were established in the central government and at the provincial level, contraceptives were used in family planning. This campaign was seen to be successful until the Cultural Revolution era (Peng, & Guo, 2000). In 1972 and 1973, birth control resources were distributed countrywide. At administrative and in various collective enterprises, committees were launched to ensure implementation of the birth control programs; both rural and urban areas were covered. Mao Zeodong who was behind the family planning movement died in 1976, and the government failed to acknowledge that economic growth and improved living standards are affected by the population growth. However, in the 1970s the fast growing population of China prompted the government to establish a limit in the number of children born; the highest suggested family size was two children in cities and three or four in the countryside (Peng, & Guo, 2000). Since 1979, the one-child policy that was widely in use. The policy had different guiding principles on national minorities and only one child was permitted to the married couples. The policy helped China to achieve its goal of stability and a fertility rate that was greatly reduced; an average of 5. 4 children per women was reported. Those who observed the one child program were rewarded by getting a one-child certificate that permitted them to get cash bonuses, better childcare, longer maternity leave and good housing allowances; and they were to pledge that they would not bear children anymore. The population in the rural areas however, determined the efficiency in the policy implementation program; since they accounted for 60% of the total population (Peng, & Guo, 2000). Studies indicate that coercive measures were used in order to make the one-child policy a success. The assumed methods included psychological pressure, use of physical force, and in some cases forcing abortions and infanticide. However, the government officials insisted that the family planning process was on voluntary basis and measures applied in implementing the programs were persuasive and economic based (Peng, & Guo, 2000). Between 1970 and 1980, there was a drop in the crude birth rate from 36. 9 per 1,000 to 17. 6 per 1000, which was due to â€Å"wan xi shao† birth control campaign,-late marriages, longer intervals between births and fewer children. In addition, the social and economic changes that had taken place, amongst which was the high level of employment of women in rural and urban areas and low mortality rate in infants, may have contributed to the aforementioned. Nonetheless, in the countryside, people valued large families, especially sons, for assistance in the fields and support during old age. This seems to have applied to the rest of China as a whole; there is a gender imbalance in China; the 2000 census report showed that 119 boys born of every 100 girls. The government was thus forced to ban the selective abortion for female fetuses in July 2004 (Peng, & Guo, 2000). 4. 0 Population growth in Western Europe Since the 1960s, there is a substantial decline in Western Europe’s population which is accredited to low fertility rates. By 1999, the total fertility rates had dropped so much; an average of 1. 45 was recorded in the fifteen European Union countries. A total fertility rate at 1. 5 is presently experienced by eight out of fifteen of the western European countries. However, there are immense disparity among these countries in terms of timing and the level of when the decline started as well and in the rate and decline duration. Socioeconomic and demographic factors have contributed to the differences in pattern of West European fertility levels. There are concerns pertaining to the imbalance of the population age structure, ability to maintain European welfare state systems and consistency in social affairs. This has les to the implementing of family policies in order to safeguard the nations’ populations (Caldwell et al. 2006). a) Management strategies i) Maternity protection: this was a step towards creating an opportunity for women to give birth because of the demand from employment, differences in gender and equality; protection of labor and regulation. The Western European countries thus introduced compulsory maternity leaves for women who are working. Other countries such as France introduced a policy in support of women in reconciling employment with motherhood. In Scandinavia, greater emphasis was put in leaves and protective labor legislation. The recommended maternity leave period is 14weeks; however it varies between 20weeks in Italy and 16-18 weeks being the common length in other countries (Caldwell et al. 2006). ii) Parental leave: the government has amended the parental leave regulations and different parental-leave schemes have been implemented. These leaves are available only to parents and they vary from one country to another. The benefits also vary significantly; in some countries they are either unpaid or given a low pay (Caldwell et al. 2006). iii) Childcare services: at the beginning of industrialization, childcare services were instituted to cater for the orphans and children who were unattended due since their mothers were working. However up to the 20th century, childcare services changed to charity education to promote social and individual development. The catholic institutions were pioneers in provision of this kind of service. Presently the services offered differ athwart the nations (Caldwell et al. 2006). iv) Child benefits: this system came up as wide array of policy intentions. Its major role was to cater families in need for instance widows who had children and divorced or single mothers. However these support systems vary in terms of services offered across the countries (Caldwell et al. 2006). 5. 0 Conclusion In Russia and Western Europe, population decline is the major crisis which is as a result of varied factors. Russia’ decline is caused by inappropriate standards of living and in Europe, the level of industrialization that has created working opportunities has denied women the chance to bear children, hence population decline. In China, the challenge is high population that is caused by uncontrolled popular growth. The future population in China is likely to face gender imbalance and besides it has an increasingly aging population. There is a limitation in the way services are offered in the family systems. A cross-national variation in family policies’ provisions and modalities is evident in Europe. Hence it is difficult to look into the effects of family policies on individual childbearing behavior in order to make a comparison between the countries. Some countries share fertility advances, and family policy systems. The countries in West Europe are clearly divided (Caldwell, et al. 2006). References: Peng, & X. , Guo, Z. (2000): The Changing Population of China, ISBN 0631201920, 9780631201922, Blackwell Publishing. Caldwell, B. K. , Caldwell, P. , Caldwell, J. C. , Caldwell, P. Schindlmayr, T. McDonald, P. F. (2006): Demographic Transition Theory. ISBN 1402043732, 9781402043734, Springer Gordon, E. E. (2005): The 2010 meltdown: solving the impending jobs crisis. ISBN 0275984362, 9780275984366, Greenwood Publishing Group

The role of two selected topics in Operation Managment Research Paper

The role of two selected topics in Operation Managment - Research Paper Example In order to promote the competitiveness of organizations, promote cost efficient and accurate methods unrestricted flow of information is necessary. Hence, the key role of supply chain in operations is to ensure that all processes are in place in order to get accurate results. In order to ensure that the supply chain is cost effective and efficient, companies use a process known as supply chain management. A series of steps are followed by firm in order to ensure that the company transforms its raw materials into finished products. These series of steps may comprise of five stages namely, planning, developing, creating, delivering and returning defective products. With the changing markets globally, many companies and firms are forced to review their operations policy. Companies have changed from centralized operations to decentralized operations to be close to their markets and take advantage of available resources (Gunasekaran & Ngai, 2005). a) Procurement – One of the major roles of supply chain in operations management is that of procurement. All companies need to order goods and services in order to conduct business. A good supply chain manager is one who ensures that best quality goods are obtained at the least price. In manufacturing, the key responsibility and role of a procurement specialist is to search for vendors to procure materials which match the budget constraint and quality requirement. Hence a key requirement of purchasing professionals is to develop relationships with their suppliers and even look out for partnership options wherever feasible. A firm having an efficient supply chain management process seeks to provide purchasers multiple benefits which also include increased and improved coordination with suppliers. If the coordination between purchasers and suppliers is better, then this leads to increased commitment and a long term relationship between the suppliers and purchasers; thereby leading to a cost effective option to the pu rchasing organization (Giunipero & Brand, 1996). Smaller organizations need to order stationaries and hence they need to maintain a regular list of vendors who provide them the best quality products at the lowest price. Hence, an efficient procurement specialist should be a good negotiator in order to get the best deals from the suppliers. b) Transportation – One of the major roles of supply chain in operations is to efficiently handle transportation. Transportation in an essential part of the production process right from manufacturing of the product till the time of delivery to the final consumer and returns. The key prerequisite for this process to be successful is to ensure excellent coordination between each component in order to attain optimum benefits (Tseng & Yue, 2005). This requires in first determining the best suited and cost effective method of transportation applicable to the organization. Managers responsible for this first try to assess the tradeoffs in terms of price and speed. Most companies may have two or more modes of transportation depending on the urgency of the requirement. Shipping goods and equipment through a truck may be cost effective than by a flight. However, the time taken to send the consignment may be more in comparison to the time taken to send the goods by flight. Also some transport services may be highly

Ethics and Corruption in Law Eforcement Research Paper

Ethics and Corruption in Law Eforcement - Research Paper Example According to a 1998 report by the General Accounting Office, â€Å"...several studies and investigations of drug-related police corruption found on-duty police officers engaged in serious criminal activities, such as conducting unconstitutional searches and seizures; stealing money and/or drugs from drug dealers; selling stolen drugs; protecting drug operations; providing false testimony; and submitting false crime reports† (General Accounting Office, 1998: 8). Of those law-enforcement officials convicted of various corruption offenses resulting from FBI led investigations between 1993 and 1997, about half were for drug-related offenses. More than 100 drug-related cases involving police officers are prosecuted nationwide every year. Another of the indications of the widespread problem of corrupt cops is that all of the federal drug enforcement agencies have had at least one of its agents implicated in a drug-related offense. Officers nationwide have given in to the same tempta tions offered by the selling of drugs that have lured their criminal adversaries. This discussion examines the scope of the problem citing specific examples and the possible criminological reasons behind this behavior. The growth of police corruption instances involving drug sales is relatively easy to explain. The financial rewards offered by the sales of illegal drugs in relation to other forms of income both legal and illegal, is enormous. The temptation attracts law enforcement officials who are becoming increasingly more discouraged by the growing proliferation of drug traffickers. Though police agencies of all descriptions have fought the 30-plus year ‘drug war’ by spending billions of dollars and locking up millions of people, their efforts have not only not ended drug use or sales but drugs are now more available, cheaper and purer than ever before. Disheartened police officers involved in stopping drug crimes put their lives in jeopardy but are under-paid and u nder-appreciated by an indifferent public. Many officers joined the force to protect and serve but find them regulating an illegal drug market that they know they will never suppress. As long as the U.S. government continues it’s disastrous ‘war,’ formerly well-intentioned cops will continue to be lured by the money to be had by engaging in the drug trade they are expected to prevent. They risk their lives for a war which has no end and they know this fact better than anyone. Fighting a losing battle discourages even the most loyal and honest of law officials and some use this to justify becoming involved in a drug cartel. It’s easy money, they are being underpaid for dangerous work and their efforts are futile. In 2002, 41 police officers in Tijuana, Mexico were arrested (Peet, 2004). These officers, who included the Chief of Police, were on the payroll of drug dealers. They protected drug shipments, took bribes and committed murders. The allegations agai nst these police officers is hardly an isolated incident in Mexico as most of the towns located along the border of the U.S. are controlled and ‘policed’ by drug cartels (Peet, 2004). Any country that wages a war on drugs faces corruption among its police officers, politicians,

Women's Sexuality and Violence linked through Feminism Writing Skills Essay

Women's Sexuality and Violence linked through Feminism Writing Skills - Essay Example Women's Sexuality and Violence linked through Feminism Writing Skills The main objective of this paper is to conduct a research study of the alternate feminist treatments of traditional, patriarchal Western fairy tales and popular myths in the works of Angela Carter, with a special reference to her revolutionary work- The Bloody Chamber (1979), which is a collection of re-told  fairy tales. The work captures the author’s powerful and passionate delineation of  the links between myth, sexuality and violence in constructing female subjectivity. The Bloody Chamber revels in the power of female aspiration to re-imagine and reconstruct the world. The history of violence against women is tough to track, yet it is claimed that violence against women has been accepted, excused and legally sanctioned until the late 19th-century. The practice of violence against women was tangled to the notion of women being viewed as property and the historically unequal power relations between men and women. (UN, 1993) Even today, violence against women is an existi ng reality and "there is no region of the world, no country and no culture in which women’s freedom from violence has been secured." (UN, 2013) Specific forms of violence are more prevalent in specific parts of the world. For example, incidents of dowry violence, acid throwing and bride burning are common in countries such as India, Pakistan, Bangladesh, Sri Lanka, Cambodia and Nepal; honour killings in the Middle East and South Asia; trafficking and forced marriage in some parts of Sub-Saharan Africa and Oceania. (UN, 2013) It is unfortunate that women are targets of unwanted sexual attention even in the modern era of violence-prevention. Women nowadays face sexual harassment on a daily basis even in schools, colleges and workplaces, and this takes a toll on their health, work and studies. Morgan and Gruber provide an extensive coverage on the current state of prevention methods and research studies on violence against women in their book â€Å"Sexual Harassment: Violence a gainst women at work and in schools† The authors Morgan and Gruber have summarised the results of research that say schools where sexual harassment is usually considered as rare occurrence are in reality the ones where girls face high rates of severe harassment. It also reveals the astonishing fact that the men whom women love and trust the most are the ones who violate the very essence of womanhood. (Morgan & Gruber, 2011) Women often succumb to poor health and non-fatal injuries subsequent to incidents of sexual violence. What is even more shocking is that most of these women lack access to treatment, owing to various social and cultural factors. Men are usually reluctant to acquire help from social service organizations, but usually permit women and children to seek medical or psychological help. Hence the need of the hour is that the health care practitioners should focus more and more on the victimised women, in order to increase access to treatment. Susan Staggs and Step hanie Riger, in their journal article â€Å"Effects of Intimate Partner Violence on Low-Income Women’s Health and Employment†, summarise the results of a survey conducted on women of the low-income group, which shows that intimate partner violence and low health is high among these women. (Staggs & Riger, 2005) Research has suggested various theories on why men exert violence on women and has identified the associated risk factors of men. Many thinkers believe that relational factors

Natural Gas Boiler Plant Essay Example | Topics and Well Written Essays - 750 words

Natural Gas Boiler Plant - Essay Example Stack gas analysis sought to find the composition of the stack gas, proportion of excess air, the average capacity of stack gas heat, composition of fuel, inlet and outlet temperatures and air to fuel ratio. A gas combustion analyzer was used to achieve this objective together with computation of various equations as follows. A bomb calorimeter could be defined as a device for measuring energy which combusts a specified amount of fuel in excessive air, comparing it to a baseline fuel which is of known calorific value. This would be achieved by measuring the change in temperature after a settling time in a given quantity of water. From this, the fuel calorific value would be computed from the ratio difference between the maximum and minimum temperatures. Determining the overall efficiency of the natural gas boiler called for arranging the collected information numerically. Efficiency was first determined using the input vs. output method. In this method, the energy input into the boiler (making use of fuel mass flow rate and calorific value) and that output from the boiler (making use of steam and feed water enthalpies and steam mass flow rate) would be compared. This method yields equation (ii). Alternatively, the efficiency of the boiler could be determined through the heat loss method. This has two major components: the first employs stack gas heat capacity together with the input and output temperatures; while the second uses the heat lost through radiation and convection. Equation (iii) represents this method. After weighing the fuel, it would be placed inside a crucible. This would then be dipped into an oxygen-filled bomb under a pressure of about 35 atmospheres. This bomb would then be placed into a container with predetermined amount of water. This container would then be placed inside a jacket. The impellor on the lid of the jacket ensures that heat is evenly distributed throughout the water while the thermometer

Roth Response Essay Example | Topics and Well Written Essays - 500 words

Roth Response - Essay Example It was explained that Zuckerman’s interest in Coleman’s life is triggered by the latter’s death when he discovered that his friend is actually African-American while all the while his identity has always been that of a white man. Silk was a professor of classics in a community college in New England when the story took place. His life harbors one secret - that of his black ancestry - as his stature in the community was carefully cultivated. The world thinks that Coleman Silk is Jewish and even his family – his wife and children - didn’t know that he was African-American. This choice was influenced by a rejection he experienced when he was young. The story revolved around the lives of Silk, his coworkers in the college, his love affair with Faunia – a woman half his age and a utility worker to boot- and the issues that they have to deal with such as racism, gender, relationship and contemporary American life as a whole. The Human Stain tackled two different kinds of passing. First is the one that concerns crossing the race line and second is that of the class line. The story effectively captured the scenarios that illustrated the arguments in answering the question: Which is more difficult of these two? Forgetting your past involves cruelty, cowardice and the anguish that come with betraying yourself and your roots. In crossing the class lines, people have to contend with the absence of common references, education, social background, manners, tastes, behaviors and attitudes including what the society has to say about the discrepancies. The Human Stain is a philosophical novel that gives us valuable insights about the contemporary American life. It highlighted, for instance, the fact that today most of us find it difficult to deal in depth with someone from another class than someone from another race. It was different about a hundred years ago. The Human Stain in Roth’s opus referred not exactly to the human color or race per se.

Investing In mutual funds Essay Example | Topics and Well Written Essays - 500 words

Investing In mutual funds - Essay Example Banks, share markets, mutual funds, insurance sector and real estate are some of the common investment areas normal investors are looking for. Bank investments are normally the best method of investment because of the less risk associated with it. Most of the banks have insurance protection for the investor’s money and hence it is safer than other types of investments. Bank deposits normally divided into two categories like savings account which yields less interests and term deposit which yields higher returns. Share market investment is the most risky investment option since the value of money undergoes immense fluctuation every day based on the changes in the share values. There is no protection for the investors in this sector as we have seen in the destruction of share values due to the current economic crisis. The main attraction of share market investment is the possibility of high yield in a short term. Real estate and investment also depends on the market conditions. Investment in insurance sector is also comparatively a safer method of investment though the return may not be as good as that from share market investment or mutual fund investment. â€Å"Mutual funds can offer the advantages of diversification and professional management. But, as with other investment choices, investing in mutual funds involves risk. And fees and taxes will diminish a funds returns.† (Invest Wisely: An Introduction to Mutual Funds) Compared to share market investment, mutual fund investment is safer because of the professional management of our invested money. Share market investment is mostly controlled by the investor himself and hence the possibility of achieving a good return depends on the investor’s competence in analyzing the trends in stock market or company performances. On the other hand in mutual fund investment, the investor’s money is managed by fund managers. The mutual fund managers are highly skilled and they know better than us

The Emphasis Of English Perfect Tenses In Academic Writing Essay - 1

The Emphasis Of English Perfect Tenses In Academic Writing - Essay Example Simple present conveys what is happening nowadays only. Simple future would give an expectation of something that is going to happen in the future at once. Basically, all of the simple tenses tell about something would happen one time either in the past, present, or future. (Azar, B., 2002) Past, present, and future perfect tenses give the action a long time of occurrence. Consequently, they give they action completion of the proceeding. Present perfect expresses an action that happened in the past and something still present of it nowadays. Past perfect couriers when the action happened in the far past and somewhat from that action stayed until the near past. Finally, future perfect articulates the action in the future and states something that will stay further as caused by the action. Overall, perfect tenses have two points that give the action completion of the proceeding. ( Azar, B., 2002) Recently, studies argue that the simple past should be used instead of the perfect tense in Media, the use of Perfect tense in police reporting media case was subject to objection as was thought to be inappropriate. (Ritz, M A., 2010) The objection over the use of present tense is of standard and non-standard English. Different websites and different writers wrote about the situation in the same content, but strangely not provided evidence for how the use of present tense is not valid according to the linguistic rules. The reporting should be evident and should have a straight approach, the argument described in the perfect tenses are not evident and evoke predictions, which is why termed as non-standard. But for the better knowing it is not necessary for the perfect tense to be unbounded only. The perfect tenses are not only progressive but can be bounded while being continuous; it entirely depends on the use made.

Introduction to Supply Chain Management Essay Example | Topics and Well Written Essays - 1000 words

Introduction to Supply Chain Management - Essay Example Chapter 3 is about managing the flow of materials across the supply chain. At this point, the authors try to be more specific in order to understand supply chains. They also include specific discussion on reengineering supply chain logistics, and reengineering challenges and opportunities. Then they point out that information systems and technology are key enablers for supply chain engineering. They also included the importance of time in managing the flow of materials across the supply chain. With this, one of the highlights in this section is showing the opportunities for cycle-time reduction across the supply chain. Furthermore, Chapter 3 also includes performance measurement because the authors significantly include the thought that supply chain management is all about issue of control. Finally, Chapter 4 includes the general idea about developing and maintaining supply chain relationships. Regarding this, the authors include the discussion of a conceptual model of alliance devel opment, developing a trusting relationship with partners in the supply chain, and resolving conflicts in a supply chain relationship. ... In this concern, it is important for instance to understand the integration of information systems and technology in order to come up with effective supply chain management. Furthermore, in the onset of modern age technology and so deliberately advancing technological and information systems revolution, the authors make it a special priority to integrate this reality with the learners. In addition the authors try to be more elaborate in their thoughts concerning the flow of materials across the supply chain. In this section, they especially highlight techniques on how to ensure smooth-flowing flow of materials across the supply chain. So they integrate the concept of reengineering supply chain logistics, challenges and opportunities. For them, it is a matter of time to implement all these techniques so as to ensure productive output, so they integrate the importance of time in managing the flow of materials across the supply chain. Finally, in chapter 4, the authors significantly imp ly that supply chain management includes substantial issue about building relationship. In this regard, the authors include the idea on how to develop alliance, trust with partners and resolving conflicts that may potentially arise. As noticed, the idea of supply chain management that the authors present in Chapter 1 to 4 includes the point that it is basically part of strategic effort of the company or organization in order to create and deliver product or service offerings on time. Applying this idea in the context of marketing could prove that delivering product or service offerings on time results to probable achievement of high level customer satisfaction. However, in order to do this,

Shawshank Redemption vs Romulus My Father Essay Example for Free

Shawshank Redemption vs Romulus My Father Essay Belonging refers to a sense of feeling accepted or welcome either physically or spiritually to a group or club. â€Å"A feeling of belonging depends on a strong relationship, developed over a period of time†. This statement suggests that a strong relationship is created or evolved over a period of time, it is evident in todays society through terms such as â€Å"childhood friends†. The sentiment â€Å"A feeling of belonging depends on a strong relationship, developed over a period of time† is portrayed in my text â€Å"Romulus my Father† by Raimond Gaita and my related text the movie â€Å"The Shawshank Redemption† directed by Frank Darabont. In â€Å"Shawshank Redemption† the year is 1947 and Andy Dufresne is ordered to serve two life sentences in Shawshank Prison for the murder of his wife and her lover. Inside, Andy is subjected to violent attacks from brutal guards and fellow inmates. Slowly, he begins to make friends ,one of the most most important friendship is the one he forms with Red, who has also been convicted of murder and is Shawshanks resident black-market dealer. During his time in prison, Andys previous experience as a banker earns him favour with the guards and especially the warden ,as he begins to manage their financial affairs, soon moving on to laundering money for them. In return, Andy is permitted special privileges , which includes working in the wardens office and being able to establisha prison library for the inmates. Eventually Andys innocence is proven. However, by this time, Andy is nowhere to be found and the warden and Shawshank are left sinking in a sea of scandal. Through his time in imprisonment he creates many friendships and alliances with the guards and the inmates, however he never gives up his belief in himself and he never looses his sense of belonging to the outside world like many of the inmates. He refuses to become institutionalized. He always believed in his innocence and believed he belonged on the â€Å"outside†. Like Raimond in Romulus my father Andy Dufresne both characters do not conform to their surroundings. Raimonds surroundings being mental illness and Andy’s being institutionalization. This is due to a strong sense in their own personal belonging they know where they belong and how they belong and their surroundings will not effect nor change this. The two main characters also find or in Andy’s case creates an area where they feel safe and secure . For Andy this was his library . A place where he feels at home away from the violence of the prison. A place where he can be who he use to be, a place to belong away from the harshness of prison life . A glimmer of his past . Raimond also has a place where he feels safe and that was anywhere his dog was . His dog provides feeling of safety of being needed by another living being . Of felling a sense of belonging and acceptance that no human could replicate. Time serves as both a source of torment as well as the backdrop for the slow, eventual achievement of Andy’s escape to where he feels he belongs, his seemingly impossible goal for nearly twenty-eight years. Shawshank redefines the passage of time for the inmates, especially for the â€Å"lifers† like Andy and Red, who can only look forward to death. Hours can seem like a lifetime, and every day seems indistinguishable from the next, adding to the loneliness and burden of imprisonment. Ironically, however, time also proves to be the means of Andy’s escape and salvation and gives him hope throughout his quarter-century in Shawshank. It is ironic that the inmates feel as they don’t belong in jail, there is a scene in the movies where one of the inmates Brooks is release from prison after spending a life sentence who is released and feels that he doesn’t belong this is evident thought the quote â€Å"I cant believe how fast thing move on the out side† her refers to the world as the â€Å"outside† this projects a sense of not belonging to society. Brooks then goes on to say â€Å" maybe I should get me a gun, n rob the food way so they’d send me home† . He feels more sense of belonging inside a prison than he does out in the real world. He feels outcast not through his actions but through the passage of time â€Å"the world went and got themselves into a big dam hurry† . The passage of time in Shawshank redemption has created a strong relationship between the inmates and the prison a feeling of belonging, time has changed the world they once knew to a totally different world that is alien to them, thus institutionalizing them to a world they feel comfortable. ‘Romulus, My Father‘ composed by Raimond Gaita is an autobiographical memoir of his fathers life. It explores the Assimilation to Australian Culture in the Eyes on Raimond Gaita general hardships of migrants moving from Europe, and how he comes to belong to Australia. In â€Å"Romulus My Father† the most profound sense of belonging exists with the narrator himself. The narrator delivers his observations in a reflective and thoughtful tone. The high modality of verb choice suggests a pleasant nostalgia about events in the book. Particularly his recollections of his father, notions such as, â€Å"I loved him too deeply†¦ no quarrel could estrange us† displays the sense of belonging \ he feels with his father. This is evident even after Christina dies. He observed, â€Å"We came together as son and husband with the woman whose remains lay beneath us†. Raimond’s aspect of belonging is that of family and culture. Juxtaposed against Raimond’s belonging is the suffering of Christina in her displacement. For the mother her inability to belong is described by Raimond as, â€Å"a troubled city girl, she could not settle†¦. in a landscape that highlighted her isolation†. Raimond’s melancholy tone conveys how Christine could not fit into the community and in Australia. As a result her isolation and alienation lead her to betray the institution of family juxtaposed by â€Å"I felt awkward with her,† which shows his relationship with his mother has lost the familial belonging it once contained. The landscape plays a harsh role in ‘Romulus, My Father’, as ‘the landscape is one of rare beauty, to a European or English eye it seems desolate’ page 14. Relating to culture shock also, Romulus ‘could not become reconciled to it’ as ‘the eucalypts of Baringhup, scraggy except for the noble red gums on the riverbank, seemed symbols of deprivation and barrenness. page 14. This lack of belonging even in the landscape of Australia for Romulus creates the notion that he felt connected to his native lands in Europe, and without that connection he feels as though he does not belong. However, this can also be viewed that Romulus does not understand the land and therefore cannot appreciate its unique beauty, highlighted where ‘he set fire to the stock in order to kill the snake†¦an immigrant unused to the tinder-dry conditions of an Australian summer’ page 28. Romulus was then harshly unaccepted as ‘The local newspaper ridiculed the New Australian for his folly. ’ He partially redeemed himself in the eyes of locals where he saved Neil Mikkelsen from dying after he fell from a ladder. This can be contrasted to Raimond’s perception of the Australian landscape, one who had grown up with the land, ‘the key to the beauty of the native trees lay in the light which so sharply delineated them against a dark blue sky†¦the sight provoked a surge of affection for my primitive home. pg 62. Belonging shapes who we are. â€Å"Romulus My Father† by Raimond Gaita explores how â€Å"A feeling of belonging depends on a strong relationship, developed over a period of time†. â€Å"The Shawshank redemption† directed by Frank Darabont explores the need for belonging by gamers seeking a place in society and how time can disconnect one from somewhere they one belonged. Together these texts allow us to examine bo th positive and negative aspects time has on belonging.

End to End VoIP Security

End to End VoIP Security Introduction User communications applications are in high demand in the Internet user community. Two classes of such applications are of great importance and attract interest by many Internet users: collaboration systems and VoIP communication systems. In the first category reside systems like ICQ , MSN Messenger and Yahoo! Messenger while in the latter, systems like Skype and VoipBuster are dominating among the public VoIP clients. In the architecture plane, collaboration systems form a distributed network where the participants communicate with each other and exchange information. The data are either routed from the source through a central server to the recipient or the two clients communicate directly. The participants in such networks are both content providers and content requestors . On the other hand, the data communication path in the VoIP systems is direct between the peers, without any involvement of the service network in the data exchange path with some exceptions like Skypes â€Å" supernode† communications. Data are carried over public Internet infrastructures like Ethernets, WiFi hotspots or wireless ad hoc networks. Security in these networks is a critical issue addressed in several different perspectives in the past. In this assignment I focus on cryptographic security implementation in VoIP. Security is implemented dynamically in cooperation by the two (or more) peers with no prior arrangements and requirements, like out of band exchanged keys, shared secrets etc. Ease of use (simplicity), user friendliness (no special knowledge from the user side) and effectiveness (ensuring confidentiality and integrity of the applications) combined with minimal requirements on end user devices are the goals achieved by our approach. We leverage security of user communications, meeting all the above requirements, by enhancing the applications architecture with VoIPSec security elements. Over the past few years, Voice over IP (VoIP) has become an attractive alternative to more traditional forms of telephony. Naturally, with its in-creasing popularity in daily communications, re-searchers are continually exploring ways to improve both the efficiency and security of this new communication technology. Unfortunately, while it is well understood that VoIP packets must be encrypted to ensure confidentiality, it has been shown that simply encrypting packets may not be sufficient from a privacy standpoint. For instance, we recently showed that when VoIP packets are first compressed with variable bit rate (VBR) encoding schemes to save bandwidth, and then encrypted with a length preserving stream cipher to ensure confidentiality, it is possible to determine the language spoken in the encrypted conversation. As surprising as these findings may be, one might argue that learning the language of the speaker (e.g., Arabic) only affects privacy in a marginal way. If both endpoints of a VoIP call are known (for example, Mexico City and Madrid), then one might correctly conclude that the language of the conversation is Spanish, without performing any analysis of the traffic. In this work we show that the information leaked from the combination of using VBR and length preserving encryption is indeed far worse than previously thought. VOIP This assignment is about security, more specifically, about protecting one of your most precious assets, your privacy. We guard nothing more closely than our words. One of the most important decisions we make every day is what we will say and what we wont. But even then its not only what we say, but also what someone else hears, and who that person is. Voice over IP- the transmission of voice over traditional packet-switched IP networks—is one of the hottest trends in telecommunications. Although most computers can provide VoIP and many offer VoIP applications, the term â€Å"voice over IP† is typically associated with equipment that lets users dial telephone numbers and communicate with parties on the other end who have a VoIP system or a traditional analog telephone. (The sidebar, â€Å"Current voice-over-IP products,† de-scribes some of the products on the market today.) As with any new technology, VoIP introduces both opportunities and problems. It offers lower cost and greater flexibility for an enterprise but presents significant security challenges. Security administrators might assume that because digitized voice travels in packets, they can simply plug VoIP components into their already se-cured networks and get a stable and secure voice net-work. Unfortunately, many of the tools used to safeguard todays computer networks—firewalls, network address translation (NAT), and encryption—dont work â€Å"as is† in a VoIP network. Although most VoIP components have counterparts in data networks, VoIPs performance demands mean you must supplement ordinary network software and hardware with special VoIP components. Integrating a VoIP system into an already congested or overburdened network can be disastrous for a companys technology infra-structure. Anyone at- tempting to construct a VoIP network should therefore first study the procedure in great detail. To this end, weve outlined some of the challenges of introducing appropriate security measures for VoIP in an enterprise. End-to-End Security IN this assignment I am going to describe the end-to-end security and its â€Å"design principle† that one should not place mechanisms in the network if they can be placed in end nodes; thus, networks should provide general services rather than services that are designed to support specific applications. The design and implementation of the Internet followed this design principle well. The Internet was designed to be an application-agnostic datagram de-livery service. The Internet of today isnt as pure an implementation of the end-to-end design principle as it once was, but its enough of one that the collateral effects of the network not knowing whats running over it are becoming major problems, at least in the minds of some observers. Before I get to those perceived problems, Id like to talk about what the end-to-end design principle has meant to the Internet, technical evolution, and society. The Internet doesnt care what you do—its job is just to â€Å"deliver the b its, stupid† (in the words of David Isenberg in his 1997 paper, â€Å"Rise of the Stupid Network†2). The â€Å"bits† could be part of an email message, a data file, a photograph, or a video, or they could be part of a denial-of-service attack, a malicious worm, a break-in attempt, or an illegally shared song. The Net doesnt care, and that is both its power and its threat. The Internet (and by this, I mean the Arpanet, the NSFNet, and the networks of their successor commercial ISPs) wasnt designed to run the World Wide Web. The Internet wasnt designed to run Google Earth. It was designed to support them even though they did not exist at the time the foundations of the Net were designed. It was designed to support them by being designed to transport data without caring what it was that data represented. At the very first, the design of TCP/IP wasnt so flexible. The initial design had TCP and IP within a single protocol, one that would only deliver data reliably to a destination. But it was realized that not all applications were best served by a protocol that could only deliver reliable data streams. In particular, timely delivery of information is more important than reliable delivery when trying to support interactive voice over a network if adding reliability would, as it does, increase delay. TCP was split from IP so that the application running in an end node could determine for itself the level of reliability it needed. This split created the flexibility that is currently being used to deliver Skypes interactive voice service over the same network that CNN uses to deliver up-to-the-minute news headlines and the US Patent and Trademark office uses to deliver copies of US patents. Thus the Internet design, based as it was on the end-to-end principle, became a generative facility. Unlike the traditional phone system, in which most new applications must be installed in the phone switches deep in the phone net-work, anyone could create new applications and run them over the Internet without getting permission from the organizations that run the parts of the Net. This ability was exploited with â€Å"irrational exuberance†4 during the late 1990s Internet boom. But, in spite of the hundreds of billions of dollars lost by investors when the boom busted, the number of Internet users and Web sites, the amount of Internet traffic, and the value of Internet commerce have continued to rise, and the rate of new ideas for Internet-based services hasnt no- ticeably diminished. Security and privacy in an end-to-end world The end to end arguments paper used â€Å"se-cure transmission of data† as one reason that an end-to-end design was required. The paper points out that network-level or per-link encryption doesnt actually provide assurance that a file that arrives at a destination is the same as the file that was sent or that the data went unobserved along the path from the source to the destination. The only way to ensure end-to-end data integrity and confidentiality is to use end-to-end encryption. Thus, security and privacy are the responsibilities of the end nodes. If you want to ensure that a file will be transferred without any corruption, your data-transfer application had better include an integrity check, and if you didnt want to allow anyone along the way to see the data itself, your application had better encrypt it before transmitting it. There are more aspects to security on a network than just data encryption. For example, to ensure that communication over the net-work is reliable, the network itself needs to be secure against attempts—purposeful or accidental—to disrupt its operation or redirect traffic away from its intended path. But the original Internet design didnt include protections against such attacks. Even if the network is working perfectly, you need to actually be talking to the server or person you think you are. But the Internet doesnt pro-vide a way, at the network level, to assure the identities of its users or nodes. You also need to be sure that the message your computer re receives isnt designed to exploit weaknesses in its software (such as worms or viruses) or in the ways that you use the Net. Protection against such things is the end systems responsibility. Note that there is little that can be done â€Å"in the Net† or in your end system to protect your privacy from threats such as the government demanding the records of your use of Net-based services such as Google, which collect information about your network usage. Many of todays observers assume that the lack of built-in protections against attacks and the lack of a se-cure way to identify users or nodes was a result of an environment of trust that prevailed when the original Internet design and protocols were developed. If you trusted the people on the Net, there was no need for special defensive functions. But a few people who were â€Å"at the scene† have told me that such protections were actively discouraged by the primary sponsor of the early Internet—that is to say, the US military wasnt all that interested in having good nonmilitary security, maybe because it might make its job harder in the future. Whatever the reason, the Internet wasnt designed to provide a secure environment that included protection against the malicious actions of those who would disrupt it or attack nodes or services provided over it. End-to-end security is not dead yet, but it is seriously threatened, at least at the network layer. NATs and firewalls interfere with some types of end-to-end encryption technology. ISPs could soon be required by regulations to, by default, filter the Web sites and perhaps the protocols that their customers can access. Other ISPs want to be able to limit the protocols that their customers can access so that the ISP can give service providers an â€Å"incentive† to pay for the customers use of their lines—they dont see a way to pay for the net-work without this ability. The FBI has asked that it be able to review all new Internet services for tapability before theyre deployed, and the FCC has hinted that it will support the request If this were to happen, applications such as Skype that use end-to-end encryption could be outlawed as inconsistent with law enforcement needs. Today, its still easy to use end-to-end encryption as long as its HTTPS, but that might be short-lived. It could soon reach the point that the use of end-to-end encryption, without which end-to-end security cant exist, will be seen as â€Å"an antisocial act† (as a US justice department official once told me). If that comes to be the case, end-toend security will be truly dead, and we will all have to trust functions in the network that we have no way of knowing are on our side. What is VoIP end to end security? Achieving end-to-end security in a voice-over-IP (VoIP) session is a challenging task. VoIP session establishment involves a jumble of different protocols, all of which must inter-operate correctly and securely. Our objective in this paper is to present a structured analysis of protocol inter-operation in the VoIP stack, and to demonstrate how even a subtle mismatch between the assumptions made by a protocol at one layer about the protocol at another layer can lead to catastrophic security breaches, including complete removal of transport-layer encryption. The VoIP protocol stack is shown in figure 1. For the purposes of our analysis, we will divide it into four layers: signaling, session description, key exchange and secure media (data) transport. This division is quite natural, since each layer is typically implemented by a separate protocol. Signaling is an application-layer (from the viewpoint of the underlying communication network) control mechanism used for creating, modifying and terminating VoIP sessions with one or more participants. Signaling protocols include Session Initiation Protocol (SIP) [27], H.323 and MGCP. Session description protocols such as SDP [20] are used for initiating multimedia and other sessions, and often include key exchange as a sub-protocol. Key exchange protocols are intended to provide a cryptographically secure way of establishing secret session keys between two or more participants in an untrusted environment. This is the fundamental building block in se-cure session establishment. Security of the media transport layer—the layer in which the actual voice datagrams are transmitted—depends on the secrecy of session keys and authentication of session participants. Since the established key is typically used in a symmetric encryption scheme, key secrecy requires that nobody other than the legitimate session participants be able to distinguish it from a random bit-string. Authentication requires that, after the key exchange protocol successfully completes, the participants respective views of sent and received messages must match (e.g., see the notion of â€Å"matching conversations† in [8]). Key ex-change protocols for VoIP sessions include SDPs Security DEscriptions for Media Streams (SDES) , Multim edia Internet KEYing (MIKEY) and ZRTP [31]. We will analyze all three in this paper. Secure media transport aims to provide confidentiality, message authentication and integrity, and replay protection to the media (data) stream. In the case of VoIP, this stream typically carries voice datagrams. Confidentiality means that the data under encryption is indistinguishable from random for anyone who does not have the key. Message authentication implies that if Alice receives a datagram apparently sent by Bob, then it was indeed sent by Bob. Data integrity implies that any modification of the data in transit We show how to cause the transport-layer SRTP protocol to repeat the keystream used for datagram encryption. This enables the attacker to obtain the xor of plaintext datagrams or even to completely decrypt them. The SRTP keystream is generated by using AES in a stream cipher-like mode. The AES key is generated by applying a pseudo-random function (PRF) to the session key. SRTP, however, does not add any session-specific randomness to the PRF seed. Instead, SRTP assumes that the key exchange protocol, executed as part of RTP session establishment, will en-sure that session keys never repeat. Unfortunately, S/MIME-protected SDES, which is one of the key ex-change protocols that may be executed prior to SRTP, does not provide any replay protection. As we show, a network-based attacker can replay an old SDES key establishment message, which will cause SRTP to re-peat the keystream that it used before, with devastating consequences. This attack is confirmed by our analysis of the libsrtp implementation. †¢ We show an attack on the ZRTP key exchange protocol that allows the attacker to convince ZRTP session participants that they have lost their shared secret. ZID values, which are used by ZRTP participants to retrieve previously established shared secrets, are not authenticated as part of ZRTP. Therefore, an attacker can initiate a session with some party A under the guise of another party B, with whom A previously established a shared secret. As part of session establishment, A is supposed to verify that B knows their shared secret. If the attacker deliberately chooses values that cause verification to fail, A will decide—following ZRTP specification—that B has â€Å"forgotten† the shared secret. The ZRTP specification explicitly says that the protocol may proceed even if the set of shared secrets is empty, in which case the attacker ends up sharing a key with A who thinks she shares this key with B. Even if the participants stop the protocol after losing their shared secrets, but are using VoIP devices without displays, they cannot confirm the computed key by voice and must stop communicating. In this case, the attack becomes a simple and effective denial of service. Our analysis of ZRTP is supported by the AVISPA formal analysis tool . †¢ We show several minor weaknesses and potential vulnerabilities to denial of service in other protocols. We also observe that the key derived as the result of MIKEY key exchange cannot be used in a standard cryptographic proof of key exchange security (e.g., ). Key secrecy requires that the key be in-distinguishable from a random bitstring. In MIKEY, however, the joint Diffie-Hellman value derived as the result of the protocol is used directly as the key. Membership in many Diffie-Hellman groups is easily checkable, thus this value can be distinguished from a random bitstring. Moreover, even hashing the Diffie-Hellman value does not allow the formal proof of security to go through in this case, since the hash function does not take any random inputs apart from the Diffie-Hellman value and cannot be viewed as a randomness extractor in the proof. (This observation does not immediately lead to any attacks.) While we demonstrate several real, exploitable vulnerabilities in VoIP security protocols, our main contribution is to highlight the importance of analyzing protocols in con-text rather than in isolation. Specifications of VoIP protocols tend to be a mixture of informal prose and pseudocode, with some assumptions—especially those about the protocols operating at the other layers of the VoIP stack—are left implicit and vague. Therefore, our study has important lessons for the design and analysis of security protocols in general. The rest of the paper is organized as follows. In section 2, we describe the protocols, focusing on SIP (signaling), SDES, ZRTP and MIKEY (key exchange), and SRTP (transport). In section 3, we describe the attacks and vulnerabilities that we discovered. Related work is in section 4, conclusions are in section 5. VoIP security different from normal data network security To understand why security for VoIP differs from data network security, we need to look at the unique constraints of transmitting voice over a packet network, as well as the characteristics shared by VoIP and data networks. Packet networks depend on many configurable parameters: IP and MAC (physical) addresses of voice terminals and addresses of routers and firewalls. VoIP networks add specialized software, such as call managers, to place and route calls. Many network parameters are established dynamically each time a network component is restarted or when a VoIP telephone is restarted or added to the net-work. Because so many nodes in a VoIP network have dynamically configurable parameters, intruders have as wide an array of potentially vulnerable points to attack as they have with data networks. But VoIP systems have much stricter performance constraints than data networks, with significant implications for security. Threats for VoIP VoIP security threats contain Eavesdropping, Denial of Service, Session Hijacking, VoIP Spam, etc. For preventing these threats, there are several VoIP standard protocols. And we discuss this in Section 3. Eavesdropping VoIP service using internet technology is faced with an eavesdropping threat, in which is gathering call setting information and audio/voice communication contents illegally. Eavesdropping can be categorized largely by eavesdropping in a LAN(Local Area Network) environment, one in a WAN( Wide Area Network) environment, one through a PC(Personal Computer) hacking, etc. Denial of Service Denial of Service is an attack, which makes it difficult for legitimate users to take telecommunication service regularly. Also it is one of threats, which are not easy to solve the most. Since VoIP service is based on internet technology, it also is exposed to Denial of Service. Denial of Service in VoIP service can be largely divided into system resource exhaustion, circuit This work was supported by the IT RD program of MIC/IITA resourceexhaustion,VoIP communication interruption/blocking, etc. Session Hijacking Session Hijacking is an attack, which is gathering the communication session control between users through spoofing legitimate users, and is interfering in their communication, as a kind of man-in-the-middle attack. Session Hijacking in VoIP communication can be categorized largely by INVITE session hijacking, SIP Registration hijacking, etc. VoIP Spam VoIP Spam is an attack, which is interrupting, and violating user privacy through sending voice advertisement messages, and also makes VMS(Voice Mailing System) powerless. It can be categorized by Call Spam, IM(Instant Messaging) Spam, Presence Spam, etc. Security trade-offs Trade-offs between convenience and security are routine in software, and VoIP is no exception. Most, if not all, VoIP components use integrated Web servers for configuration. Web interfaces can be attractive, easy to use, and inexpensive to produce because of the wide availability of good development tools. Unfortunately, most Web development tools focus on features and ease of use, with less attention paid to the security of the applications they help produce. Some VoIP device Web applications have weak or no access control, script vulnerabilities, and inadequate parameter validation, resulting in privacy and DoS vulnerabilities. Some VoIP phone Web servers use only HTTP basic authentication, meaning servers send authentication information without encryption, letting anyone with network access obtain valid user IDs and passwords. As VoIP gains popularity, well inevitably see more administrative Web applications with exploitable errors. The encryption process can be unfavorable to QoS Unfortunately, several factors, including packet size expansion, ciphering latency, and a lack of QoS urgency in the cryptographic engine can cause an excessive amount of latency in VoIP packet delivery, leading to degraded voice quality. The encryption process can be detrimental to QoS, making cryptodevices severe bottlenecks in a VoIP net-work. Encryption latency is introduced at two points. First, encryption and decryption take a nontrivial amount of time. VoIPs multitude of small packets exacerbates the encryption slowdown because most of the time consumed comes as overhead for each packet. One way to avoid this slowdown is to apply algorithms to the computationally simple encryption voice data before packetization. Although this improves throughput, the proprietary encryption algorithms used (fast Fourier-based encryption, chaos-bit encryption, and so on) arent considered as secure as the Advanced Encryption Standard,16 which is included in many IPsec implementations. AESs combination of speed and security should handle the demanding needs of VoIP at both ends. following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform encryption, placing this Recent studies indicate that the greatest contributor to the encryption bottleneck occurs at the cryptoengine scheduler, which often delays VoIP packets as it processes larger data packets.17 This problem stems from the fact that cryptoschedulers are usually first-in first-out (FIFO) queues, inadequate for supporting QoS requirements. If VoIP packets arrive at the encryption point when the queue already contains data packets, theres no way they can usurp the less time-urgent traffic. Some hardware manufacturers have proposed (and at least one has implemented) solutions for this, including QoS reordering of traffic just before it reaches the cryptoengine.18 But this solution assumes that the cryptoengines output is fast enough to avoid saturating the queue. Ideally, youd want the cryptoengine to dynamically sort incoming traffic and force data traffic to wait for it to finish processing the VoIP packets, even if these packets arrive later. However, this solution adds considerable over head to a process most implementers like to keep as light as possible. Another option is to use hardware-implemented AES encryption, which can improve throughput significantly. Past the cryptoengine stage, the system can perform further QoS scheduling on the encrypted packets, provided they were encrypted using ToS preservation, which copies the original ToS bits into the new IPsec header. Virtual private network (VPN) tunneling of VoIP has also become popular recently, but the congestion and bottlenecks associated with encryption suggest that it might not always be scalable. Although researchers are making great strides in this area, the hardware and soft-ware necessary to ensure call quality for encrypted voice traffic might not be economically or architecturally vi-able for all enterprises considering the move to VoIP. Thus far, weve painted a fairly bleak picture of VoIP security. We have no easy â€Å"one size fits all† solution to the issues weve discussed in this article. Decisions to use VPNs instead of ALG-like solutions or SIP instead of H.323 must depend on the specific nature of both the current network and the VoIP network to be. The technical problems are solvable, however, and establishing a secure VoIP implementation is well worth the difficulty. To implement VoIP securely today, start with the following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform burden at a central point ensures the encryption of all VoIP traffic emanating from the enterprise network. Newer IP phones provide AES encryption at reason-able cost. Look for IP phones that can load digitally (cryptographically) signed images to guarantee the integrity of the software loaded onto the IP phone. Avoid softphone systems (see the sidebar) when security or privacy is a concern. In addition to violating the separation of voice and data, PC-based VoIP applications are vulnerable to the worms and viruses that are all too common on PCs. Consider methods to harden VoIP platforms based on common operating systems such as Windows or Linux. Try, for example, disabling unnecessary services or using host-based intrusion detection methods. Be especially diligent about maintaining patches and current versions of VoIP software. Evaluate costs for additional power backup systems that might be required to ensure continued operation during power outages. Give special consideration to E-91 1 emergency services communications, because E-911 automatic location service is not always available with VoIP. VoIP can be done securely, but the path isnt smooth. It will likely be several years before standards issues are settled End to End VoIP Security End to End VoIP Security Introduction User communications applications are in high demand in the Internet user community. Two classes of such applications are of great importance and attract interest by many Internet users: collaboration systems and VoIP communication systems. In the first category reside systems like ICQ , MSN Messenger and Yahoo! Messenger while in the latter, systems like Skype and VoipBuster are dominating among the public VoIP clients. In the architecture plane, collaboration systems form a distributed network where the participants communicate with each other and exchange information. The data are either routed from the source through a central server to the recipient or the two clients communicate directly. The participants in such networks are both content providers and content requestors . On the other hand, the data communication path in the VoIP systems is direct between the peers, without any involvement of the service network in the data exchange path with some exceptions like Skypes â€Å" supernode† communications. Data are carried over public Internet infrastructures like Ethernets, WiFi hotspots or wireless ad hoc networks. Security in these networks is a critical issue addressed in several different perspectives in the past. In this assignment I focus on cryptographic security implementation in VoIP. Security is implemented dynamically in cooperation by the two (or more) peers with no prior arrangements and requirements, like out of band exchanged keys, shared secrets etc. Ease of use (simplicity), user friendliness (no special knowledge from the user side) and effectiveness (ensuring confidentiality and integrity of the applications) combined with minimal requirements on end user devices are the goals achieved by our approach. We leverage security of user communications, meeting all the above requirements, by enhancing the applications architecture with VoIPSec security elements. Over the past few years, Voice over IP (VoIP) has become an attractive alternative to more traditional forms of telephony. Naturally, with its in-creasing popularity in daily communications, re-searchers are continually exploring ways to improve both the efficiency and security of this new communication technology. Unfortunately, while it is well understood that VoIP packets must be encrypted to ensure confidentiality, it has been shown that simply encrypting packets may not be sufficient from a privacy standpoint. For instance, we recently showed that when VoIP packets are first compressed with variable bit rate (VBR) encoding schemes to save bandwidth, and then encrypted with a length preserving stream cipher to ensure confidentiality, it is possible to determine the language spoken in the encrypted conversation. As surprising as these findings may be, one might argue that learning the language of the speaker (e.g., Arabic) only affects privacy in a marginal way. If both endpoints of a VoIP call are known (for example, Mexico City and Madrid), then one might correctly conclude that the language of the conversation is Spanish, without performing any analysis of the traffic. In this work we show that the information leaked from the combination of using VBR and length preserving encryption is indeed far worse than previously thought. VOIP This assignment is about security, more specifically, about protecting one of your most precious assets, your privacy. We guard nothing more closely than our words. One of the most important decisions we make every day is what we will say and what we wont. But even then its not only what we say, but also what someone else hears, and who that person is. Voice over IP- the transmission of voice over traditional packet-switched IP networks—is one of the hottest trends in telecommunications. Although most computers can provide VoIP and many offer VoIP applications, the term â€Å"voice over IP† is typically associated with equipment that lets users dial telephone numbers and communicate with parties on the other end who have a VoIP system or a traditional analog telephone. (The sidebar, â€Å"Current voice-over-IP products,† de-scribes some of the products on the market today.) As with any new technology, VoIP introduces both opportunities and problems. It offers lower cost and greater flexibility for an enterprise but presents significant security challenges. Security administrators might assume that because digitized voice travels in packets, they can simply plug VoIP components into their already se-cured networks and get a stable and secure voice net-work. Unfortunately, many of the tools used to safeguard todays computer networks—firewalls, network address translation (NAT), and encryption—dont work â€Å"as is† in a VoIP network. Although most VoIP components have counterparts in data networks, VoIPs performance demands mean you must supplement ordinary network software and hardware with special VoIP components. Integrating a VoIP system into an already congested or overburdened network can be disastrous for a companys technology infra-structure. Anyone at- tempting to construct a VoIP network should therefore first study the procedure in great detail. To this end, weve outlined some of the challenges of introducing appropriate security measures for VoIP in an enterprise. End-to-End Security IN this assignment I am going to describe the end-to-end security and its â€Å"design principle† that one should not place mechanisms in the network if they can be placed in end nodes; thus, networks should provide general services rather than services that are designed to support specific applications. The design and implementation of the Internet followed this design principle well. The Internet was designed to be an application-agnostic datagram de-livery service. The Internet of today isnt as pure an implementation of the end-to-end design principle as it once was, but its enough of one that the collateral effects of the network not knowing whats running over it are becoming major problems, at least in the minds of some observers. Before I get to those perceived problems, Id like to talk about what the end-to-end design principle has meant to the Internet, technical evolution, and society. The Internet doesnt care what you do—its job is just to â€Å"deliver the b its, stupid† (in the words of David Isenberg in his 1997 paper, â€Å"Rise of the Stupid Network†2). The â€Å"bits† could be part of an email message, a data file, a photograph, or a video, or they could be part of a denial-of-service attack, a malicious worm, a break-in attempt, or an illegally shared song. The Net doesnt care, and that is both its power and its threat. The Internet (and by this, I mean the Arpanet, the NSFNet, and the networks of their successor commercial ISPs) wasnt designed to run the World Wide Web. The Internet wasnt designed to run Google Earth. It was designed to support them even though they did not exist at the time the foundations of the Net were designed. It was designed to support them by being designed to transport data without caring what it was that data represented. At the very first, the design of TCP/IP wasnt so flexible. The initial design had TCP and IP within a single protocol, one that would only deliver data reliably to a destination. But it was realized that not all applications were best served by a protocol that could only deliver reliable data streams. In particular, timely delivery of information is more important than reliable delivery when trying to support interactive voice over a network if adding reliability would, as it does, increase delay. TCP was split from IP so that the application running in an end node could determine for itself the level of reliability it needed. This split created the flexibility that is currently being used to deliver Skypes interactive voice service over the same network that CNN uses to deliver up-to-the-minute news headlines and the US Patent and Trademark office uses to deliver copies of US patents. Thus the Internet design, based as it was on the end-to-end principle, became a generative facility. Unlike the traditional phone system, in which most new applications must be installed in the phone switches deep in the phone net-work, anyone could create new applications and run them over the Internet without getting permission from the organizations that run the parts of the Net. This ability was exploited with â€Å"irrational exuberance†4 during the late 1990s Internet boom. But, in spite of the hundreds of billions of dollars lost by investors when the boom busted, the number of Internet users and Web sites, the amount of Internet traffic, and the value of Internet commerce have continued to rise, and the rate of new ideas for Internet-based services hasnt no- ticeably diminished. Security and privacy in an end-to-end world The end to end arguments paper used â€Å"se-cure transmission of data† as one reason that an end-to-end design was required. The paper points out that network-level or per-link encryption doesnt actually provide assurance that a file that arrives at a destination is the same as the file that was sent or that the data went unobserved along the path from the source to the destination. The only way to ensure end-to-end data integrity and confidentiality is to use end-to-end encryption. Thus, security and privacy are the responsibilities of the end nodes. If you want to ensure that a file will be transferred without any corruption, your data-transfer application had better include an integrity check, and if you didnt want to allow anyone along the way to see the data itself, your application had better encrypt it before transmitting it. There are more aspects to security on a network than just data encryption. For example, to ensure that communication over the net-work is reliable, the network itself needs to be secure against attempts—purposeful or accidental—to disrupt its operation or redirect traffic away from its intended path. But the original Internet design didnt include protections against such attacks. Even if the network is working perfectly, you need to actually be talking to the server or person you think you are. But the Internet doesnt pro-vide a way, at the network level, to assure the identities of its users or nodes. You also need to be sure that the message your computer re receives isnt designed to exploit weaknesses in its software (such as worms or viruses) or in the ways that you use the Net. Protection against such things is the end systems responsibility. Note that there is little that can be done â€Å"in the Net† or in your end system to protect your privacy from threats such as the government demanding the records of your use of Net-based services such as Google, which collect information about your network usage. Many of todays observers assume that the lack of built-in protections against attacks and the lack of a se-cure way to identify users or nodes was a result of an environment of trust that prevailed when the original Internet design and protocols were developed. If you trusted the people on the Net, there was no need for special defensive functions. But a few people who were â€Å"at the scene† have told me that such protections were actively discouraged by the primary sponsor of the early Internet—that is to say, the US military wasnt all that interested in having good nonmilitary security, maybe because it might make its job harder in the future. Whatever the reason, the Internet wasnt designed to provide a secure environment that included protection against the malicious actions of those who would disrupt it or attack nodes or services provided over it. End-to-end security is not dead yet, but it is seriously threatened, at least at the network layer. NATs and firewalls interfere with some types of end-to-end encryption technology. ISPs could soon be required by regulations to, by default, filter the Web sites and perhaps the protocols that their customers can access. Other ISPs want to be able to limit the protocols that their customers can access so that the ISP can give service providers an â€Å"incentive† to pay for the customers use of their lines—they dont see a way to pay for the net-work without this ability. The FBI has asked that it be able to review all new Internet services for tapability before theyre deployed, and the FCC has hinted that it will support the request If this were to happen, applications such as Skype that use end-to-end encryption could be outlawed as inconsistent with law enforcement needs. Today, its still easy to use end-to-end encryption as long as its HTTPS, but that might be short-lived. It could soon reach the point that the use of end-to-end encryption, without which end-to-end security cant exist, will be seen as â€Å"an antisocial act† (as a US justice department official once told me). If that comes to be the case, end-toend security will be truly dead, and we will all have to trust functions in the network that we have no way of knowing are on our side. What is VoIP end to end security? Achieving end-to-end security in a voice-over-IP (VoIP) session is a challenging task. VoIP session establishment involves a jumble of different protocols, all of which must inter-operate correctly and securely. Our objective in this paper is to present a structured analysis of protocol inter-operation in the VoIP stack, and to demonstrate how even a subtle mismatch between the assumptions made by a protocol at one layer about the protocol at another layer can lead to catastrophic security breaches, including complete removal of transport-layer encryption. The VoIP protocol stack is shown in figure 1. For the purposes of our analysis, we will divide it into four layers: signaling, session description, key exchange and secure media (data) transport. This division is quite natural, since each layer is typically implemented by a separate protocol. Signaling is an application-layer (from the viewpoint of the underlying communication network) control mechanism used for creating, modifying and terminating VoIP sessions with one or more participants. Signaling protocols include Session Initiation Protocol (SIP) [27], H.323 and MGCP. Session description protocols such as SDP [20] are used for initiating multimedia and other sessions, and often include key exchange as a sub-protocol. Key exchange protocols are intended to provide a cryptographically secure way of establishing secret session keys between two or more participants in an untrusted environment. This is the fundamental building block in se-cure session establishment. Security of the media transport layer—the layer in which the actual voice datagrams are transmitted—depends on the secrecy of session keys and authentication of session participants. Since the established key is typically used in a symmetric encryption scheme, key secrecy requires that nobody other than the legitimate session participants be able to distinguish it from a random bit-string. Authentication requires that, after the key exchange protocol successfully completes, the participants respective views of sent and received messages must match (e.g., see the notion of â€Å"matching conversations† in [8]). Key ex-change protocols for VoIP sessions include SDPs Security DEscriptions for Media Streams (SDES) , Multim edia Internet KEYing (MIKEY) and ZRTP [31]. We will analyze all three in this paper. Secure media transport aims to provide confidentiality, message authentication and integrity, and replay protection to the media (data) stream. In the case of VoIP, this stream typically carries voice datagrams. Confidentiality means that the data under encryption is indistinguishable from random for anyone who does not have the key. Message authentication implies that if Alice receives a datagram apparently sent by Bob, then it was indeed sent by Bob. Data integrity implies that any modification of the data in transit We show how to cause the transport-layer SRTP protocol to repeat the keystream used for datagram encryption. This enables the attacker to obtain the xor of plaintext datagrams or even to completely decrypt them. The SRTP keystream is generated by using AES in a stream cipher-like mode. The AES key is generated by applying a pseudo-random function (PRF) to the session key. SRTP, however, does not add any session-specific randomness to the PRF seed. Instead, SRTP assumes that the key exchange protocol, executed as part of RTP session establishment, will en-sure that session keys never repeat. Unfortunately, S/MIME-protected SDES, which is one of the key ex-change protocols that may be executed prior to SRTP, does not provide any replay protection. As we show, a network-based attacker can replay an old SDES key establishment message, which will cause SRTP to re-peat the keystream that it used before, with devastating consequences. This attack is confirmed by our analysis of the libsrtp implementation. †¢ We show an attack on the ZRTP key exchange protocol that allows the attacker to convince ZRTP session participants that they have lost their shared secret. ZID values, which are used by ZRTP participants to retrieve previously established shared secrets, are not authenticated as part of ZRTP. Therefore, an attacker can initiate a session with some party A under the guise of another party B, with whom A previously established a shared secret. As part of session establishment, A is supposed to verify that B knows their shared secret. If the attacker deliberately chooses values that cause verification to fail, A will decide—following ZRTP specification—that B has â€Å"forgotten† the shared secret. The ZRTP specification explicitly says that the protocol may proceed even if the set of shared secrets is empty, in which case the attacker ends up sharing a key with A who thinks she shares this key with B. Even if the participants stop the protocol after losing their shared secrets, but are using VoIP devices without displays, they cannot confirm the computed key by voice and must stop communicating. In this case, the attack becomes a simple and effective denial of service. Our analysis of ZRTP is supported by the AVISPA formal analysis tool . †¢ We show several minor weaknesses and potential vulnerabilities to denial of service in other protocols. We also observe that the key derived as the result of MIKEY key exchange cannot be used in a standard cryptographic proof of key exchange security (e.g., ). Key secrecy requires that the key be in-distinguishable from a random bitstring. In MIKEY, however, the joint Diffie-Hellman value derived as the result of the protocol is used directly as the key. Membership in many Diffie-Hellman groups is easily checkable, thus this value can be distinguished from a random bitstring. Moreover, even hashing the Diffie-Hellman value does not allow the formal proof of security to go through in this case, since the hash function does not take any random inputs apart from the Diffie-Hellman value and cannot be viewed as a randomness extractor in the proof. (This observation does not immediately lead to any attacks.) While we demonstrate several real, exploitable vulnerabilities in VoIP security protocols, our main contribution is to highlight the importance of analyzing protocols in con-text rather than in isolation. Specifications of VoIP protocols tend to be a mixture of informal prose and pseudocode, with some assumptions—especially those about the protocols operating at the other layers of the VoIP stack—are left implicit and vague. Therefore, our study has important lessons for the design and analysis of security protocols in general. The rest of the paper is organized as follows. In section 2, we describe the protocols, focusing on SIP (signaling), SDES, ZRTP and MIKEY (key exchange), and SRTP (transport). In section 3, we describe the attacks and vulnerabilities that we discovered. Related work is in section 4, conclusions are in section 5. VoIP security different from normal data network security To understand why security for VoIP differs from data network security, we need to look at the unique constraints of transmitting voice over a packet network, as well as the characteristics shared by VoIP and data networks. Packet networks depend on many configurable parameters: IP and MAC (physical) addresses of voice terminals and addresses of routers and firewalls. VoIP networks add specialized software, such as call managers, to place and route calls. Many network parameters are established dynamically each time a network component is restarted or when a VoIP telephone is restarted or added to the net-work. Because so many nodes in a VoIP network have dynamically configurable parameters, intruders have as wide an array of potentially vulnerable points to attack as they have with data networks. But VoIP systems have much stricter performance constraints than data networks, with significant implications for security. Threats for VoIP VoIP security threats contain Eavesdropping, Denial of Service, Session Hijacking, VoIP Spam, etc. For preventing these threats, there are several VoIP standard protocols. And we discuss this in Section 3. Eavesdropping VoIP service using internet technology is faced with an eavesdropping threat, in which is gathering call setting information and audio/voice communication contents illegally. Eavesdropping can be categorized largely by eavesdropping in a LAN(Local Area Network) environment, one in a WAN( Wide Area Network) environment, one through a PC(Personal Computer) hacking, etc. Denial of Service Denial of Service is an attack, which makes it difficult for legitimate users to take telecommunication service regularly. Also it is one of threats, which are not easy to solve the most. Since VoIP service is based on internet technology, it also is exposed to Denial of Service. Denial of Service in VoIP service can be largely divided into system resource exhaustion, circuit This work was supported by the IT RD program of MIC/IITA resourceexhaustion,VoIP communication interruption/blocking, etc. Session Hijacking Session Hijacking is an attack, which is gathering the communication session control between users through spoofing legitimate users, and is interfering in their communication, as a kind of man-in-the-middle attack. Session Hijacking in VoIP communication can be categorized largely by INVITE session hijacking, SIP Registration hijacking, etc. VoIP Spam VoIP Spam is an attack, which is interrupting, and violating user privacy through sending voice advertisement messages, and also makes VMS(Voice Mailing System) powerless. It can be categorized by Call Spam, IM(Instant Messaging) Spam, Presence Spam, etc. Security trade-offs Trade-offs between convenience and security are routine in software, and VoIP is no exception. Most, if not all, VoIP components use integrated Web servers for configuration. Web interfaces can be attractive, easy to use, and inexpensive to produce because of the wide availability of good development tools. Unfortunately, most Web development tools focus on features and ease of use, with less attention paid to the security of the applications they help produce. Some VoIP device Web applications have weak or no access control, script vulnerabilities, and inadequate parameter validation, resulting in privacy and DoS vulnerabilities. Some VoIP phone Web servers use only HTTP basic authentication, meaning servers send authentication information without encryption, letting anyone with network access obtain valid user IDs and passwords. As VoIP gains popularity, well inevitably see more administrative Web applications with exploitable errors. The encryption process can be unfavorable to QoS Unfortunately, several factors, including packet size expansion, ciphering latency, and a lack of QoS urgency in the cryptographic engine can cause an excessive amount of latency in VoIP packet delivery, leading to degraded voice quality. The encryption process can be detrimental to QoS, making cryptodevices severe bottlenecks in a VoIP net-work. Encryption latency is introduced at two points. First, encryption and decryption take a nontrivial amount of time. VoIPs multitude of small packets exacerbates the encryption slowdown because most of the time consumed comes as overhead for each packet. One way to avoid this slowdown is to apply algorithms to the computationally simple encryption voice data before packetization. Although this improves throughput, the proprietary encryption algorithms used (fast Fourier-based encryption, chaos-bit encryption, and so on) arent considered as secure as the Advanced Encryption Standard,16 which is included in many IPsec implementations. AESs combination of speed and security should handle the demanding needs of VoIP at both ends. following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform encryption, placing this Recent studies indicate that the greatest contributor to the encryption bottleneck occurs at the cryptoengine scheduler, which often delays VoIP packets as it processes larger data packets.17 This problem stems from the fact that cryptoschedulers are usually first-in first-out (FIFO) queues, inadequate for supporting QoS requirements. If VoIP packets arrive at the encryption point when the queue already contains data packets, theres no way they can usurp the less time-urgent traffic. Some hardware manufacturers have proposed (and at least one has implemented) solutions for this, including QoS reordering of traffic just before it reaches the cryptoengine.18 But this solution assumes that the cryptoengines output is fast enough to avoid saturating the queue. Ideally, youd want the cryptoengine to dynamically sort incoming traffic and force data traffic to wait for it to finish processing the VoIP packets, even if these packets arrive later. However, this solution adds considerable over head to a process most implementers like to keep as light as possible. Another option is to use hardware-implemented AES encryption, which can improve throughput significantly. Past the cryptoengine stage, the system can perform further QoS scheduling on the encrypted packets, provided they were encrypted using ToS preservation, which copies the original ToS bits into the new IPsec header. Virtual private network (VPN) tunneling of VoIP has also become popular recently, but the congestion and bottlenecks associated with encryption suggest that it might not always be scalable. Although researchers are making great strides in this area, the hardware and soft-ware necessary to ensure call quality for encrypted voice traffic might not be economically or architecturally vi-able for all enterprises considering the move to VoIP. Thus far, weve painted a fairly bleak picture of VoIP security. We have no easy â€Å"one size fits all† solution to the issues weve discussed in this article. Decisions to use VPNs instead of ALG-like solutions or SIP instead of H.323 must depend on the specific nature of both the current network and the VoIP network to be. The technical problems are solvable, however, and establishing a secure VoIP implementation is well worth the difficulty. To implement VoIP securely today, start with the following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform burden at a central point ensures the encryption of all VoIP traffic emanating from the enterprise network. Newer IP phones provide AES encryption at reason-able cost. Look for IP phones that can load digitally (cryptographically) signed images to guarantee the integrity of the software loaded onto the IP phone. Avoid softphone systems (see the sidebar) when security or privacy is a concern. In addition to violating the separation of voice and data, PC-based VoIP applications are vulnerable to the worms and viruses that are all too common on PCs. Consider methods to harden VoIP platforms based on common operating systems such as Windows or Linux. Try, for example, disabling unnecessary services or using host-based intrusion detection methods. Be especially diligent about maintaining patches and current versions of VoIP software. Evaluate costs for additional power backup systems that might be required to ensure continued operation during power outages. Give special consideration to E-91 1 emergency services communications, because E-911 automatic location service is not always available with VoIP. VoIP can be done securely, but the path isnt smooth. It will likely be several years before standards issues are settled