The Borough Of Brentwood, England Be Considered A...

To what extent can the borough Of Brentwood, England Be Considered a Sustainable Community? Subject- Geography Topic- Sustainability Introduction Sustainability is currently a global concern. In recent years scientists have publicised theories that the Earth will not be able to cope with the exponential growth of pollution and resource consumption. At present there are many examples of areas that have made their communities sustainable as a result of the UN millennium goal. These goals stated†¦One example is Milagro. This is a community in Arizona that has recently become sustainable. It is known for its cohousing community of twenty-eight, energy efficient, passive solar homes. I have chosen to perform my tests in Brentwood as it is a developed, affluent area. As a result of this its public transport networks are large, its resource consumption is high and its houses are large. Further, Brentwood is an area that shows an even distribution of wealth, preventing anomalies. Research Question/ Hypothesis †¢ The research question I have chosen to investigate is â€Å"In what ways can we agree that the town of Brentwood, England, is a sustainable area?† †¢ The hypothesis I will be trying to prove/disprove is â€Å"Through the Sustainability Communities Index it is apparent that Brentwood is a sustainable town†. The Sustainable Communities Index The Sustainable Communities Index is a system of indicators for livable, equitable and prosperous cities. It isShow MoreRelatedOpportunities23827 Words   |  96 PagesStarbucks brand was not based on mass advertising or promotion. It was based, Schultz believed, on their experience in company stores: on their reactions to the coffee, the people who made and served it, and the stores’ atmosphere and sense of community. This experience, he said, â€Å"earned customers’ trust by speaking to their hearts as well as their heads.†9 As they debated international expansion in 1995 and 1996, he and other managers were fairly confident that the appeal of the Starbucks brand

Wal Marts Ethical Issues - 1616 Words

Although prices at Wal-Mart are considered as reasonable they are still having their own issues in relation to ethical issues and unethical practices consists of consumers were complaining about how they were not paying what they consider a fair prices for their groceries. Wal-Mart use to cover up what they were doing to their customers the advocate group followed the Food Chain Workers Alliance in order to investigate the root of the problem in the outsourcing ethical systems. Wal-Mart worker are currently complaining they are not being treated fairly because they are overworking their employees and they are not receiving enough pay based on their skills and qualifications they should determine how qualified their employees are for the job of their choice. Wal-Mart just followed existing law. Since the central contradiction of corporate social responsibility ethics is reduced to a matter of noblesse oblige, not human rights. Wal-Mart have been breaking the labor in which it is unethical practices because the labor department felt they were not being treated properly and the customer felt they were not giving the right quality of merchandise in which they paid for. According to report all outlets along with the suppliers are to fully abide to the law regulations in relation to the immigration labor, safe environment health. Wal-Mart was founded in 1962 in Arkansas by a mean named Roger’s Sam in 2002 Wal-Mart had become a very popular store for consumers to shop howeverShow MoreRelatedThe Ethics of the Wal-Mart Model887 Words   |  4 PagesThe Ethics of the Wal-Mart Model There are many opinions on the ethics of the Wal-Mart model, both favourable and unfavourable. The article â€Å"ROB Ranks Wal-Mart Among Canada’s Best Employers† (McLachlan, 2009, pg. 287) offers a favourable viewpoint of the model, and the article â€Å"The Cost of Walmartization† (McLachlan, 2009, pg. 288) offers an opposing unfavourable view. This paper discusses the theoretical approaches used in each article, along with the supporting evidence that was used in anRead MoreCompany Background Of Wal Mart Essay987 Words   |  4 Pages 1. Company Background Wal-Mart is a multinational retail company, which operates a chain of rebate department stores in American. The company was founded by Sam Walton in 1962 and incorporated on Ocober31, 1969 and it has more than 11000 stores in 27 countries. In 1972, New York Stock Exchange listed the company in their special column. Obviously, there are three divisions into the operations of Wal-Mart: Wal-Mart International, Wal-Mart U.S., and Sam’s Club. On the other hand, the companyRead MoreWal-Marts Values1574 Words   |  7 PagesExploring the World Wide Web -Go to Wal-Mart’s web site www.walmart.com and read the information there about the company’s stance on the ethics of Global Outsourcing and the treatment of workers in countries abroad. Then search the Web for some recent stories about Wal-Mart’s global purchasing practices and reports on the enforcement of its code of conduct. I. â€Å"Brief† Summary of the exercise Wal-Mart was founded back in 1962 by Sam Walton who instilled values and the three basic beliefs thatRead MoreMoral Ethics Of Business Entities Toward Society1496 Words   |  6 PagesIntroduction The purpose of this documentary study is to analyze the ethical and moral action of Wal-Mart, one of the biggest retailer corporations in the United States, towards society and its employee. The â€Å"Wal-Mart: The High Cost of Low Price† is a documentary movie directed by Robert Greenwald and released in the market on November 4, 2005. Being the biggest competition of the retail industry toward the small local business owner, Wal-Mart claims to be one of the reasons why local small businessesRead MoreEth 316 Company Code of Ethics1035 Words   |  5 PagesCompany Code of Ethics Company Code of Ethics Wal-Mart was started over fifty years ago in Arkansas and within those fifty years has emerged into the largest retailer in the world. Wal-Mart operates in many countries with thousands of stores and millions of employees. One reason for Wal-Mart’s is the value and hard work they put into upholding their code of ethics. Wal-Mart has three basic beliefs – respect for the individual, service to their customers, and striving for excellence. Of theRead MoreCross Cultural Perspectives1102 Words   |  5 PagesCross Cultural Perspectives Cross Cultural Perspectives Wal-Mart is one of the largest corporations and private employers in the United States, and one of the most admired companies in America as reported by Fortune Magazine (â€Å"Fortune 500†, 2012). Netting billions of dollars in profits each year, there are not many other retailers who can compete with them. They give millions back in donations to non-profit companies around the country each year, yet put mom-and-pop establishments out ofRead MoreWal-Mart: The Challenge of Making Relationships with Stakeholders1218 Words   |  5 Pages 1. Evaluate how Wal-Mart has ranked and responded to various stakeholders. 2. Why do you think Wal-Mart has had a recent number of ethical issues that have been in the news almost constantly? 3. What do you think Wal-Mart could do to develop an improved ethical culture and respond more positively to its diverse stakeholders? Question 1 Many groups have a stake in what Wal-Mart does. Stakeholders can be broken down into two diverse groups: market stakeholders (shareholders, employeesRead MoreWalmarts Success Driven by Control Mechanisms1194 Words   |  5 PagesControl mechanisms are used by organizations to help standardize processes which contribute to overall company goals. Wal-Mart is a large business working to meet the needs of its customers, employees and suppliers by incorporating controls; controls consists of market control, clan control, manager audits, and performance standards. Each control is significant to effectively thrive in the business world; additionally, increasing customer, employee and supplier confidence. The effectiveness of eachRead MoreUnethical Business Practices by Wal-Mart Essay626 Words   |  3 PagesIf Wal-Mart has such little regard for their own employees, it would make it difficult for a company to have minimal regard to where their merchandise is coming from. On the documentar y, The High Price of Low Cost, informs of the countries and Wal-Mart’s effects on these countries, including its presence for manufacturing in China. The workers work in conditions of extreme temperatures from morning until dawn and provided boarding, which is shared with several others and lined with bunk beds. TheRead MoreCurrent Ethical Issue in Business1476 Words   |  6 PagesCurrent Ethical Issue in Business Your Name Here PHL/323 Date Here Instructor’s Name Here Globally, Wal-Mart is the second largest revenue generating company. It is surprising to see so many discriminating issues within the company. Women working for the company are consistently treated unfairly, yet other issues exist. It is as if Wal-Mart has fallen into the negative economic routine. The company is guilty of everyday social discrimination;

Synthesizer Free Essays

To make this synth, I opened up the ES2 synthesizer in Logic, changed the setting to â€Å"series†, turned on â€Å"poly’ and made sure it was in â€Å"unison† and opened up a second and third waveform. Next, I split the waveforms evenly using the acute triangle fgure. I set a cutoff to 1 and 2, and used envelope 2 for the cutoff. We will write a custom essay sample on Synthesizer or any similar topic only for you Order Now Finally, I turned both cut settings all the way to the right†¦ from this I got an upbeat dance- style synth that I’d be happy to use on any dancepop/electro track that I was trying to create! Synth 2 For this next tutorial, I wanted to have synthesized drums, so I made a basic drum pattern in ultrabeat opened up the ES2 synthesizer. The first thing I did once I had the ES2 synthesizer open was change the default preset to plain sine. Next, shorten the attack significantly. Then, I shortened to the decay to a little less than half, took away all of the sustain, then shortened the release to about 1/6. Then, I changed the settings so that the pitch will be modulated by envelope 2. After, I turned on the filter nd set the drive to about 0. 10 to give some realistic harmonics. Finally, I set the sine level up a bit to give a bit more of a bass sound and voila! The perfect synth percussion to add to a db or rap track. Synth 3 For synth number three, I set out to make a house/techno-type synthesizer. I opened up my ES2 synthesizer. First, I set the first channel to sine and right clicked down to number 59 â€Å"cryl† and lowered the channel to -17s. Next I enabled the second channel, put it on a saw tooth and lowered it to -24. Next I enabled the third hannel, went to sine and set it up to â€Å"vox3† and set this one to -36s. Brought the icon in the triangle to the center so the sounds are balanced, then turned the analog halfway up. I went to the top and set it to ono and brought the voices down to 4, set the distortion to about 13. 600db. Finally, I routed envelope 1 to cutoff 2 and set cutoff 2 down to O. Lastly, I set the decay up, however, I also like it when I set the decay all the way down, yet still making for a delightfully electronic sound that would fit any good house/techno track! Synth History Perhaps the first fully electronic instrument came along Just before the turn of the 20th century, in 1899, when William Duddell took technology used in the carbon arc lamp, which was known for making a lot of noise, from a high-pitched whistle down to a low hum. Duddell had the lamp examined and his workers cuncluded that the more voltage the lamp received, the higher the pitch of the sound it gave off would be. Duddell hooked a keyboard up to the lamp and tentatively titled it, â€Å"The Singing Arc†, thus birthing the first fully-functional electronic instrument! How to cite Synthesizer, Papers

Immigration and Border Protection Interpretation Adopted by the Court

Question: Discuss about the Immigration and Border Protection forInterpretation Adopted by the Court. Answer: 1. The decision given in this case has very significant implications, particularly when it comes to partner visa. In this case, the unanimous decision of the Full Court was that no temporal limitation is present regarding when the persuasive conditions which have been relied upon for the Schedule 3 waiver should be present. In this context, the court stated that the proper interpretation of sub-clause 820.211(2)(d)(ii) will be that the court can consider the compelling circumstances without taking into account, when these circumstances have taken place. The implication is that the Department as well as Tribunal is not restricted to considering the persuasive circumstances that were present when the application was made. They can consider the circumstances that were arisen after the making of the application and should take these circumstances, into account. The opinion of the Court in this case was since the purpose behind the discretion of the Minister not to apply a Schedule 3 waiv er (or in other words, to waive) Schedule 3, has been provided to the Minister for the purpose of greater flexibility in case of convincing circumstances and, for instance, with a view to evade the hardships faced by the applicants, it will be not be consistent with such a purpose if an interpretation is adopted that the circumstances that can be considered are only the circumstances that were present at some time in the past. The opinion of Dowsett J in this case was that the circumstances that can be banked on for justifying the use of discretion of not applying Schedule 3 must not be restricted, in view of the nonexistence of statutory requirements. Similarly, sub-clause 820.211(2)(d)(ii) does not contain any requirement which places a restriction on the matter is that can be considered as compelling as being only the matter is that were present at the time when the application for partner visa was made. The reasoning of Griffith J was that the authority to dispense with or to waive the requirements prescribed by Schedule 3, is not in itself a criterion of Part 822 Schedule 2. Consequently, in his opinion, the title appearing on laws 820.21 which is the Criteria to be satisfied at time of application cannot be said is having the effect of restraining the consideration of the decision-maker of whether the convincing circumstances were present regarding the matters that were in existence when the application was made. The waiver power that has been mentioned in sub-clause 8320.211(2)(d)(ii) have been mentioned in terms that the Minister is satisfied that compelling reasons are present or not applying Schedule 3 and therefore, it can be implied that the waiver power can be used at the time of the decision regarding the grant of visa and therefore the matters that can be taken into consideration should extend not only to the matters that existed when the application was made but also the matters existing at the time of decision. As the intention behind the introduction of the waiver power was to lessen difficulties, it was important that clear words should be used in the law and principles, restricting the matters that can be considered and as no such language is present, it will not be appropriate to interpret the regulations as restricting the reasons that can be taken into account only the circumstances that existed when the application was made. There is nothing in the Explanatory Statement to the amendments introducing Clause 820.211(2)(d)(ii) that indicates that the circumstances that have been relied upon while seeking a waiver of Schedule 3 should be present when the application is made. In this way, this is where the significance of this decision lies. It was unanimously held by the Full Court of the Federal Court of Australia that these provisions do not result in implementing a temporal limitation of compelling and compassionate grounds relied upon when the waiver of Schedule 3 criteria is being considered. Therefore, while integrating the provision mentioned in sub-clause 820.211(2)(d), it was decided by the court that the effect of these compelling and compassionate circumstances will be carried through while the application is being evaluated, and not merely when the application was made. In this way, the effect of this decision is that the Department and the Tribunal under an obligation to consider the circumstances of the applicant that would present when they evaluate the application. Under these circumstances, it can be said that the effect of this decision is to expand the grounds that can be relied upon by the applicants when they are applying for the waiver of Schedule 3. At the same time, another impact of this decision is that it increases the chances for the applicant to remain on shore during the processing of the application. Moreover, it can also be said that this decision will also have a retrospective effect regarding the previous cases by relying on the compelling circumstances that were present at the time of the decision and not merely the circumstances that were present when the application was made. Therefore, despite its current policy, the Department as well as the Courts and Tribunals are required to follow this decision (till the time when the decision has been subsequently overruled by the High Court). The effect is that while deciding the issue of waiving the criteria mentioned in Schedule 3, a much wider scope of circumstances is present that have to be considered by the decision-makers while evaluating the applications. In this way, the decision has significant implications, particularly in case of partner visa. 2. In this case, the Full Court relied upon the principles of statutory interpretation to arrive at the conclusion that the provisions of sub-clause 820.211(2)(d)(ii) have to be interpreted in such a way that the compelling circumstances related with the waiver of schedule 3 can be considered without regard to the fact that when these circumstances have taken place. For this purpose, the court applied the golden rule of statutory interpretation and therefore, while integrating these statutory provisions, it was held by the court that the effect of the compelling circumstances on the basis of which, the waiver of Schedule 3 has been claimed in the application, will be carried through the period during which the application is being evaluated and not only the time when the application was made. As a result of this interpretation, it is required that the Department and the Tribunal are required to consider the circumstances of the applicant when they are evaluating the application and n ot merely the circumstances that were present when the application was made. In this regard, the Migration Regulations, 1994 provide in sub-clause 820.211(2)(d)(ii) that the requirement of criteria described in Schedule 3 can be waived only if the Department believes that compelling reasons exist for not applying the criteria. However, according to the common practice adopted by the Department and also by the Tribunal in the past, only the requirement of the criteria was considered that existed when the relevant application was made. The effect was that any circumstances that were brought to the notice of the Department or the Tribunal as affecting the situation of the applicants after the application has been lodged were not considered while assessing the application. However the effect of the approach regarding statutory interpretation that was adopted by the Full Court in this case was that the court came to the conclusion that the legislation has not imposed a temporal limitation regarding compelling circumstances while considering the waiver of the criteria mentioned in Schedule 3. Therefore, while interpreting this particular legislative provision, it was decided by the court that the impact of compelling circumstances can be considered throughout the period when the application is being evaluated and not only the circumstances that were present when the application for the waiver of Schedule 3 criteria was made. The effect of this approach of statutory interpretation adopted by the court was that the Department as well as the Tribunal is required to evaluate the circumstances that are present when the application is being assessed. It was also stated by the court that a limitation was not imposed by the legislative requirement regarding the relevant time, when it was examined in the criteria was satisfied. On the other hand, it was held that the waiver power can be used by the Minister at his discretion. Adopting the golden rule of statutory interpretation, the court stated that the waiver power has been granted with a view to alleviate hardship and to allow the applicants to have their cases evaluated individually, in accordance with their personal circumstances. As there was no express provision present, which limited the existence of compelling circumstances only been the application was made, rejecting the relevant compelling circumstances that arise when the application was assessed wil l be erroneous. Reference Waensila v Minister for Immigration and Border Protection [2016] FCAFC 32

Abigal Adams essays

Abigal Adams essays Abigail Adams Witness To a Revolution Abigail Adams was born on November 11, 1744 at Weymouth, Massachusetts. Abigail was often referred as the wife of one president and the mother of another. Her Family was of great prestige in the colony. Her father was a Congregational minister, a leader in a society that held its clergy in high esteem. Smith was one of Weymouth's most prosperous and best-educated citizens. In the novel, she learned that it was the duty of the fortunate to help those who were less fortunate by her father. During her youth, she was small, frail child with fair skin and dark hair. Abigail was not educated but her mom wanted her to be a lady and thought education was for men. Her and her two sisters, Mary and Betsy, were vary close to each other. They enjoyed listing to people talk about French and Indian war at that time. They loved people like George Washington who were brave and young and when the governor of Virginia placed him commander of a group of militiamen. In 1761 Richard Cranch introduced John Adams to the Smiths. He thought Abby and her sister Mary were wits. Soon Abigail started to fin d something attractive to John Adams. After awhile John Adams found business in Weymouth. He and Abigail began to fall in love with each other. John started to tell Abby about his boyhood. He told her how he loved swimming and hanging out with friends like John Hancock. He told her how he wanted to be a farmer and how his father tested him if he could handle it. He said him and his father went to work on the farm. They worked all day up to their knees in the mud. Then his father asked him do you like farming John replied yes. But his father didnt like it and forced John in going to school. ...

Using the Spanish Verb Pasar

Using the Spanish Verb Pasar Like its English cognate to pass, the Spanish verb pasar has a variety of meanings that often vaguely relate to movement in space or time. The key to translating the verb, more so than with most words, is understanding the context. Pasar is regularly conjugated, using the pattern of verbs such as hablar. Pasar as a Verb of Happening Although the English pass is sometimes a synonym for to happen, such usage is extremely common in Spanish. Another possible translations for this usage is to occur or to take place. Dime quà © te pasà ³. (Tell me what happened to you.)Nadie sabà ­a decirnos lo que pasaba, habà ­a mucha confusià ³n. (Nobody knew to tell us what happened, there was so much confusion.)Mira lo que pasa cuando les dices a las personas que son bellas. (Look at what happens to people when you say they are beautiful.) Other Common Meanings of Pasar Here are the other meanings of pasar you are most likely to come across: To happen, to occur:  ¿Quà © ha pasado aquà ­? (What happened here?) Pase lo que pase estoy a tu lado. (Whatever happens, Im at your side.) Creo que ya pasà ³. (I think it has already happened.) To spend (time): Pasà ³ todo el dà ­a con la familia de Juan. (She spent all day with Juans family.) Pasaba los fines de semana tocando su guitarra. (He would spend weekends playing his guitar.) To move or travel: No pasa el tren por la ciudad. (The train doesnt go through the city.) To enter a room or area:  ¡Bienvenida a mi casa!  ¡Pasa! (Welcome to my house! Come in!) To cross (a line of some sort): Pasamos la frontera y entramos en Portugal. (We crossed the border and entered Portugal.) El general Torrejà ³n pasà ³ el rà ­o con la caballerà ­a. (General Torrejon crossed the river with the cavalry.) To go past: Siga derecho y pase 5 semforos. (Go straight ahead and pass five traffic lights.) Cervantes pasà ³ por aquà ­. (Cervantes came by here.) To hand over an object: Psame la salsa, por favor. (Pass the sauce, please.) No me pasà ³ nada. (He didnt give me anything.) To endure, to suffer, to put up with: Nunca pasaron hambre gracias a que sus ancestros gallegos trabajaron como animales. (They never suffered from hunger because their ancestors worked like animals.) Dios no nos abandona cuando pasamos por el fuego de la prueba. (God does not abandon us when we go through the fiery ordeal.) To experience: No puedes pasar sin Internet. (I cant get by without the Internet.) No tenà ­a amigos ni amigas, por eso me lo pasaba mal. (I didnt have male friends nor female friends, and because of this I had a rough time.) To pass (a test): La nià ±a no pasà ³ el examen de audicià ³n. (The girl didnt pass the audition.) To exceed: Pasamos de los 150 kilà ³metros por hora. (We went faster than 150 kilometers per hour.) To overlook (in the phrase pasar por alto): Pasarà © por alto tus errores. (Ill overlook your mistakes.) To show (a motion picture): Disney Channel pasà ³ la pelà ­cula con escenas nuevas. (The Disney Channel showed the movie with new scenes.) To forget: No entiendo como  se me pasà ³ estudiar  lo ms importante. (I dont now how I forgot to study the most important thing.) Reflexive Usage of Pasarse The reflexive form pasarse is often used with little or no change in meaning, although it sometimes suggests that the action was surprising, sudden, or unwanted:  ¿Nadie se pasà ³ por aquà ­? (Nobody passed through here?)Muchos jà ³venes se pasaron por la puerta de acceso para adultos mayores. (Many young people passed through the access door for older adults.)En una torre de enfriamiento, el agua se pasa por el condensa. (In a cooling tower, the water passes through the condenser.) Key Takeaways Pasar is a common Spanish verb that is often used to mean to happen.Other meanings of pasar coincide with many of the meanings of its English cognate, to pass.The reflexive form pasarse usually has little or no difference in meaning from the normal form.

Evaluate the current applications of nanotechnology in medicine Essay - 2

Evaluate the current applications of nanotechnology in medicine. Discuss the potential future of nanomedicine based on current issues - Essay Example Nanotechnology is hence an important innovation in medicine and is essential since it has solutions to the technology demanding medicine field. Nanotechnology has been successfully launched in medicine although it holds much potential in the future that what has already been implemented. Delivering of medicines and drugs has been made possible using the technology whereby the nanoequipments are used and they have zero degree of harming the other parts of the body (Bhushan, 2004, p.3). In the fight against cancer, nanoparticles have been found very effective since it is easy to detect the cancerous cells and put anti-cancer gold nanoparticles in them. The Nano shells are very effective in fighting cancer since they have the ability to absorb radiations of high wavelength (Ferrari, 2005, p.366). The Nano shells are inserted into the tumor cells and radiation treatment is applied and they absorb the radiations and heat up killing the cancerous cells (Ferrari, 2005, p.392). This success story of nanotechnology has given heat to other ongoing researches on the utilization of the technology in medicine. In surgery, nanotechnology has been used although a lot is yet to come. Small surgical instruments are been used to perform microsurgeries in any body part without damaging the surrounding cells (Bhushan,2004, p.3). It has an advantage over normal surgical methods since it is precise an accurate and has improved visualization due to Nano cameras in the Nano instruments. Such technology has been used only in a few hospitals all over the world and has proved very accurate and can even be done to tissue and gene levels Nanotechnology has been applied in antimicrobial coatings to dress wounds so that further infection is reduced by formation of biofilms on the wound. This technology has helped fast healing of wounds from accidents or from surgical procedures (Cleaveland, 2007). Medical

Films and computer games containing violence are very popular. some Essay

Films and computer games containing violence are very popular. some people say they have a negative effect on society and should be banned. other people say they are just harmless relaxation - Essay Example However, this argument does not prove to be a good one when one looks at the negative impacts. I believe that violent media arrives with concerns relating to addiction, anxiety, dejection, brutality and aggression that develop in young minds. Games like Mortal Combat, Resident Evil, Marvel vs. Capcom, Doom, Manhunt, Dead Rising, Gears of War, Grand Theft Auto, require the player to kill, shoot, slash and stab their enemy using bombs, swords and chainsaw. My neighbor’s son is being treated for anger management thanks to the violent films and games he watches regularly. Children tend to have less-developed ability of decision-making or critical thinking so they cannot realize what is wrong with what they are viewing and their minds learn or absorb every act they see. To conclude, when a person watches the violent acts, the energy generated by the fantasy keeps the physical responses from getting expressed. So, when this energy gets its chance, it gets expressed in the real life. Hence, violent films and video games have a very negative impact on

Ethical issues with Facebook Essay Example | Topics and Well Written Essays - 1500 words

Ethical issues with Facebook - Essay Example Many comments are made on Facebook, especially on an individual’s personal profile. For the majority of people these comments do not resolve in conflict, specifically work-related conflict. However, it is getting more and more difficult to separate Facebook from the workplace. Employers are now utilizing Facebook as a means for hire or no hire depending on the profile. An interview may be determined by whether or not an interviewee has photos of him or herself intoxicated with supporting graphic posts that employers do not find desirable in coworkers. Likewise, a presentable profile may increase the chances of a person being hired. Employers are attempting to observe who potential hires truly are and how they carry on in their daily lives as a way to weed out problematic hires. The same is true for an employee’s current boss, or employer who may keep tabs on the employee to make sure he or she is a consistently presentable person as that employee is in some way or anoth er a representation of the company. No employer wants an employee to state that they work for their company on Facebook then flood their profile with vulgar or inappropriate information. Unsuitable photos or language on Facebook is not the only concern potential applicants have when being inspected by an employer (mostly without their knowledge). Facebook gives the user the option to post their religion, race, age, health, and political views making it an unethical resource. Employers should not be granted this information as it may stipulate unjust action. The employer is open to discriminate an applicant based on this information that would otherwise not be at their disposal. â€Å"It is unfair for employers, absent express permission from an employee or potential employee, to find ways to check these sites, which are created, in most cases, for friends, family, and social acquaintances† (Marshall). Not only is that important to recognize when signing up for Facebook, but i t is also crucial to know that future employers are not the only ones who are eager to view and use an individual’s profile page for some thing other than what it is intended. Facebook exploited a new Terms of Service in 2009. It states: You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any User Content you (i) Post on or in connection with the Facebook Service or the promotion thereof subject only to your privacy settings or (ii) enable a user to Post, including by offering a Share Link on your website and (b) to use your name, likeness and image for any purpose, including commercial or advertising, each of (a) and (b) on or in connection with the Facebook Service or th e promotion thereof. (Marshall) The ethical debate in this instance include normative, which determines the right course of action using ethics, and applied, which helps establish what feats need to take place to resolve this case. Ethics is called for in this situation because the issue involves an imposition of rights of Facebook’s users, which is unethical. It is unethical for two reasons. One, Facebook

End to End VoIP Security

End to End VoIP Security Introduction User communications applications are in high demand in the Internet user community. Two classes of such applications are of great importance and attract interest by many Internet users: collaboration systems and VoIP communication systems. In the first category reside systems like ICQ , MSN Messenger and Yahoo! Messenger while in the latter, systems like Skype and VoipBuster are dominating among the public VoIP clients. In the architecture plane, collaboration systems form a distributed network where the participants communicate with each other and exchange information. The data are either routed from the source through a central server to the recipient or the two clients communicate directly. The participants in such networks are both content providers and content requestors . On the other hand, the data communication path in the VoIP systems is direct between the peers, without any involvement of the service network in the data exchange path with some exceptions like Skypes â€Å" supernode† communications. Data are carried over public Internet infrastructures like Ethernets, WiFi hotspots or wireless ad hoc networks. Security in these networks is a critical issue addressed in several different perspectives in the past. In this assignment I focus on cryptographic security implementation in VoIP. Security is implemented dynamically in cooperation by the two (or more) peers with no prior arrangements and requirements, like out of band exchanged keys, shared secrets etc. Ease of use (simplicity), user friendliness (no special knowledge from the user side) and effectiveness (ensuring confidentiality and integrity of the applications) combined with minimal requirements on end user devices are the goals achieved by our approach. We leverage security of user communications, meeting all the above requirements, by enhancing the applications architecture with VoIPSec security elements. Over the past few years, Voice over IP (VoIP) has become an attractive alternative to more traditional forms of telephony. Naturally, with its in-creasing popularity in daily communications, re-searchers are continually exploring ways to improve both the efficiency and security of this new communication technology. Unfortunately, while it is well understood that VoIP packets must be encrypted to ensure confidentiality, it has been shown that simply encrypting packets may not be sufficient from a privacy standpoint. For instance, we recently showed that when VoIP packets are first compressed with variable bit rate (VBR) encoding schemes to save bandwidth, and then encrypted with a length preserving stream cipher to ensure confidentiality, it is possible to determine the language spoken in the encrypted conversation. As surprising as these findings may be, one might argue that learning the language of the speaker (e.g., Arabic) only affects privacy in a marginal way. If both endpoints of a VoIP call are known (for example, Mexico City and Madrid), then one might correctly conclude that the language of the conversation is Spanish, without performing any analysis of the traffic. In this work we show that the information leaked from the combination of using VBR and length preserving encryption is indeed far worse than previously thought. VOIP This assignment is about security, more specifically, about protecting one of your most precious assets, your privacy. We guard nothing more closely than our words. One of the most important decisions we make every day is what we will say and what we wont. But even then its not only what we say, but also what someone else hears, and who that person is. Voice over IP- the transmission of voice over traditional packet-switched IP networks—is one of the hottest trends in telecommunications. Although most computers can provide VoIP and many offer VoIP applications, the term â€Å"voice over IP† is typically associated with equipment that lets users dial telephone numbers and communicate with parties on the other end who have a VoIP system or a traditional analog telephone. (The sidebar, â€Å"Current voice-over-IP products,† de-scribes some of the products on the market today.) As with any new technology, VoIP introduces both opportunities and problems. It offers lower cost and greater flexibility for an enterprise but presents significant security challenges. Security administrators might assume that because digitized voice travels in packets, they can simply plug VoIP components into their already se-cured networks and get a stable and secure voice net-work. Unfortunately, many of the tools used to safeguard todays computer networks—firewalls, network address translation (NAT), and encryption—dont work â€Å"as is† in a VoIP network. Although most VoIP components have counterparts in data networks, VoIPs performance demands mean you must supplement ordinary network software and hardware with special VoIP components. Integrating a VoIP system into an already congested or overburdened network can be disastrous for a companys technology infra-structure. Anyone at- tempting to construct a VoIP network should therefore first study the procedure in great detail. To this end, weve outlined some of the challenges of introducing appropriate security measures for VoIP in an enterprise. End-to-End Security IN this assignment I am going to describe the end-to-end security and its â€Å"design principle† that one should not place mechanisms in the network if they can be placed in end nodes; thus, networks should provide general services rather than services that are designed to support specific applications. The design and implementation of the Internet followed this design principle well. The Internet was designed to be an application-agnostic datagram de-livery service. The Internet of today isnt as pure an implementation of the end-to-end design principle as it once was, but its enough of one that the collateral effects of the network not knowing whats running over it are becoming major problems, at least in the minds of some observers. Before I get to those perceived problems, Id like to talk about what the end-to-end design principle has meant to the Internet, technical evolution, and society. The Internet doesnt care what you do—its job is just to â€Å"deliver the b its, stupid† (in the words of David Isenberg in his 1997 paper, â€Å"Rise of the Stupid Network†2). The â€Å"bits† could be part of an email message, a data file, a photograph, or a video, or they could be part of a denial-of-service attack, a malicious worm, a break-in attempt, or an illegally shared song. The Net doesnt care, and that is both its power and its threat. The Internet (and by this, I mean the Arpanet, the NSFNet, and the networks of their successor commercial ISPs) wasnt designed to run the World Wide Web. The Internet wasnt designed to run Google Earth. It was designed to support them even though they did not exist at the time the foundations of the Net were designed. It was designed to support them by being designed to transport data without caring what it was that data represented. At the very first, the design of TCP/IP wasnt so flexible. The initial design had TCP and IP within a single protocol, one that would only deliver data reliably to a destination. But it was realized that not all applications were best served by a protocol that could only deliver reliable data streams. In particular, timely delivery of information is more important than reliable delivery when trying to support interactive voice over a network if adding reliability would, as it does, increase delay. TCP was split from IP so that the application running in an end node could determine for itself the level of reliability it needed. This split created the flexibility that is currently being used to deliver Skypes interactive voice service over the same network that CNN uses to deliver up-to-the-minute news headlines and the US Patent and Trademark office uses to deliver copies of US patents. Thus the Internet design, based as it was on the end-to-end principle, became a generative facility. Unlike the traditional phone system, in which most new applications must be installed in the phone switches deep in the phone net-work, anyone could create new applications and run them over the Internet without getting permission from the organizations that run the parts of the Net. This ability was exploited with â€Å"irrational exuberance†4 during the late 1990s Internet boom. But, in spite of the hundreds of billions of dollars lost by investors when the boom busted, the number of Internet users and Web sites, the amount of Internet traffic, and the value of Internet commerce have continued to rise, and the rate of new ideas for Internet-based services hasnt no- ticeably diminished. Security and privacy in an end-to-end world The end to end arguments paper used â€Å"se-cure transmission of data† as one reason that an end-to-end design was required. The paper points out that network-level or per-link encryption doesnt actually provide assurance that a file that arrives at a destination is the same as the file that was sent or that the data went unobserved along the path from the source to the destination. The only way to ensure end-to-end data integrity and confidentiality is to use end-to-end encryption. Thus, security and privacy are the responsibilities of the end nodes. If you want to ensure that a file will be transferred without any corruption, your data-transfer application had better include an integrity check, and if you didnt want to allow anyone along the way to see the data itself, your application had better encrypt it before transmitting it. There are more aspects to security on a network than just data encryption. For example, to ensure that communication over the net-work is reliable, the network itself needs to be secure against attempts—purposeful or accidental—to disrupt its operation or redirect traffic away from its intended path. But the original Internet design didnt include protections against such attacks. Even if the network is working perfectly, you need to actually be talking to the server or person you think you are. But the Internet doesnt pro-vide a way, at the network level, to assure the identities of its users or nodes. You also need to be sure that the message your computer re receives isnt designed to exploit weaknesses in its software (such as worms or viruses) or in the ways that you use the Net. Protection against such things is the end systems responsibility. Note that there is little that can be done â€Å"in the Net† or in your end system to protect your privacy from threats such as the government demanding the records of your use of Net-based services such as Google, which collect information about your network usage. Many of todays observers assume that the lack of built-in protections against attacks and the lack of a se-cure way to identify users or nodes was a result of an environment of trust that prevailed when the original Internet design and protocols were developed. If you trusted the people on the Net, there was no need for special defensive functions. But a few people who were â€Å"at the scene† have told me that such protections were actively discouraged by the primary sponsor of the early Internet—that is to say, the US military wasnt all that interested in having good nonmilitary security, maybe because it might make its job harder in the future. Whatever the reason, the Internet wasnt designed to provide a secure environment that included protection against the malicious actions of those who would disrupt it or attack nodes or services provided over it. End-to-end security is not dead yet, but it is seriously threatened, at least at the network layer. NATs and firewalls interfere with some types of end-to-end encryption technology. ISPs could soon be required by regulations to, by default, filter the Web sites and perhaps the protocols that their customers can access. Other ISPs want to be able to limit the protocols that their customers can access so that the ISP can give service providers an â€Å"incentive† to pay for the customers use of their lines—they dont see a way to pay for the net-work without this ability. The FBI has asked that it be able to review all new Internet services for tapability before theyre deployed, and the FCC has hinted that it will support the request If this were to happen, applications such as Skype that use end-to-end encryption could be outlawed as inconsistent with law enforcement needs. Today, its still easy to use end-to-end encryption as long as its HTTPS, but that might be short-lived. It could soon reach the point that the use of end-to-end encryption, without which end-to-end security cant exist, will be seen as â€Å"an antisocial act† (as a US justice department official once told me). If that comes to be the case, end-toend security will be truly dead, and we will all have to trust functions in the network that we have no way of knowing are on our side. What is VoIP end to end security? Achieving end-to-end security in a voice-over-IP (VoIP) session is a challenging task. VoIP session establishment involves a jumble of different protocols, all of which must inter-operate correctly and securely. Our objective in this paper is to present a structured analysis of protocol inter-operation in the VoIP stack, and to demonstrate how even a subtle mismatch between the assumptions made by a protocol at one layer about the protocol at another layer can lead to catastrophic security breaches, including complete removal of transport-layer encryption. The VoIP protocol stack is shown in figure 1. For the purposes of our analysis, we will divide it into four layers: signaling, session description, key exchange and secure media (data) transport. This division is quite natural, since each layer is typically implemented by a separate protocol. Signaling is an application-layer (from the viewpoint of the underlying communication network) control mechanism used for creating, modifying and terminating VoIP sessions with one or more participants. Signaling protocols include Session Initiation Protocol (SIP) [27], H.323 and MGCP. Session description protocols such as SDP [20] are used for initiating multimedia and other sessions, and often include key exchange as a sub-protocol. Key exchange protocols are intended to provide a cryptographically secure way of establishing secret session keys between two or more participants in an untrusted environment. This is the fundamental building block in se-cure session establishment. Security of the media transport layer—the layer in which the actual voice datagrams are transmitted—depends on the secrecy of session keys and authentication of session participants. Since the established key is typically used in a symmetric encryption scheme, key secrecy requires that nobody other than the legitimate session participants be able to distinguish it from a random bit-string. Authentication requires that, after the key exchange protocol successfully completes, the participants respective views of sent and received messages must match (e.g., see the notion of â€Å"matching conversations† in [8]). Key ex-change protocols for VoIP sessions include SDPs Security DEscriptions for Media Streams (SDES) , Multim edia Internet KEYing (MIKEY) and ZRTP [31]. We will analyze all three in this paper. Secure media transport aims to provide confidentiality, message authentication and integrity, and replay protection to the media (data) stream. In the case of VoIP, this stream typically carries voice datagrams. Confidentiality means that the data under encryption is indistinguishable from random for anyone who does not have the key. Message authentication implies that if Alice receives a datagram apparently sent by Bob, then it was indeed sent by Bob. Data integrity implies that any modification of the data in transit We show how to cause the transport-layer SRTP protocol to repeat the keystream used for datagram encryption. This enables the attacker to obtain the xor of plaintext datagrams or even to completely decrypt them. The SRTP keystream is generated by using AES in a stream cipher-like mode. The AES key is generated by applying a pseudo-random function (PRF) to the session key. SRTP, however, does not add any session-specific randomness to the PRF seed. Instead, SRTP assumes that the key exchange protocol, executed as part of RTP session establishment, will en-sure that session keys never repeat. Unfortunately, S/MIME-protected SDES, which is one of the key ex-change protocols that may be executed prior to SRTP, does not provide any replay protection. As we show, a network-based attacker can replay an old SDES key establishment message, which will cause SRTP to re-peat the keystream that it used before, with devastating consequences. This attack is confirmed by our analysis of the libsrtp implementation. †¢ We show an attack on the ZRTP key exchange protocol that allows the attacker to convince ZRTP session participants that they have lost their shared secret. ZID values, which are used by ZRTP participants to retrieve previously established shared secrets, are not authenticated as part of ZRTP. Therefore, an attacker can initiate a session with some party A under the guise of another party B, with whom A previously established a shared secret. As part of session establishment, A is supposed to verify that B knows their shared secret. If the attacker deliberately chooses values that cause verification to fail, A will decide—following ZRTP specification—that B has â€Å"forgotten† the shared secret. The ZRTP specification explicitly says that the protocol may proceed even if the set of shared secrets is empty, in which case the attacker ends up sharing a key with A who thinks she shares this key with B. Even if the participants stop the protocol after losing their shared secrets, but are using VoIP devices without displays, they cannot confirm the computed key by voice and must stop communicating. In this case, the attack becomes a simple and effective denial of service. Our analysis of ZRTP is supported by the AVISPA formal analysis tool . †¢ We show several minor weaknesses and potential vulnerabilities to denial of service in other protocols. We also observe that the key derived as the result of MIKEY key exchange cannot be used in a standard cryptographic proof of key exchange security (e.g., ). Key secrecy requires that the key be in-distinguishable from a random bitstring. In MIKEY, however, the joint Diffie-Hellman value derived as the result of the protocol is used directly as the key. Membership in many Diffie-Hellman groups is easily checkable, thus this value can be distinguished from a random bitstring. Moreover, even hashing the Diffie-Hellman value does not allow the formal proof of security to go through in this case, since the hash function does not take any random inputs apart from the Diffie-Hellman value and cannot be viewed as a randomness extractor in the proof. (This observation does not immediately lead to any attacks.) While we demonstrate several real, exploitable vulnerabilities in VoIP security protocols, our main contribution is to highlight the importance of analyzing protocols in con-text rather than in isolation. Specifications of VoIP protocols tend to be a mixture of informal prose and pseudocode, with some assumptions—especially those about the protocols operating at the other layers of the VoIP stack—are left implicit and vague. Therefore, our study has important lessons for the design and analysis of security protocols in general. The rest of the paper is organized as follows. In section 2, we describe the protocols, focusing on SIP (signaling), SDES, ZRTP and MIKEY (key exchange), and SRTP (transport). In section 3, we describe the attacks and vulnerabilities that we discovered. Related work is in section 4, conclusions are in section 5. VoIP security different from normal data network security To understand why security for VoIP differs from data network security, we need to look at the unique constraints of transmitting voice over a packet network, as well as the characteristics shared by VoIP and data networks. Packet networks depend on many configurable parameters: IP and MAC (physical) addresses of voice terminals and addresses of routers and firewalls. VoIP networks add specialized software, such as call managers, to place and route calls. Many network parameters are established dynamically each time a network component is restarted or when a VoIP telephone is restarted or added to the net-work. Because so many nodes in a VoIP network have dynamically configurable parameters, intruders have as wide an array of potentially vulnerable points to attack as they have with data networks. But VoIP systems have much stricter performance constraints than data networks, with significant implications for security. Threats for VoIP VoIP security threats contain Eavesdropping, Denial of Service, Session Hijacking, VoIP Spam, etc. For preventing these threats, there are several VoIP standard protocols. And we discuss this in Section 3. Eavesdropping VoIP service using internet technology is faced with an eavesdropping threat, in which is gathering call setting information and audio/voice communication contents illegally. Eavesdropping can be categorized largely by eavesdropping in a LAN(Local Area Network) environment, one in a WAN( Wide Area Network) environment, one through a PC(Personal Computer) hacking, etc. Denial of Service Denial of Service is an attack, which makes it difficult for legitimate users to take telecommunication service regularly. Also it is one of threats, which are not easy to solve the most. Since VoIP service is based on internet technology, it also is exposed to Denial of Service. Denial of Service in VoIP service can be largely divided into system resource exhaustion, circuit This work was supported by the IT RD program of MIC/IITA resourceexhaustion,VoIP communication interruption/blocking, etc. Session Hijacking Session Hijacking is an attack, which is gathering the communication session control between users through spoofing legitimate users, and is interfering in their communication, as a kind of man-in-the-middle attack. Session Hijacking in VoIP communication can be categorized largely by INVITE session hijacking, SIP Registration hijacking, etc. VoIP Spam VoIP Spam is an attack, which is interrupting, and violating user privacy through sending voice advertisement messages, and also makes VMS(Voice Mailing System) powerless. It can be categorized by Call Spam, IM(Instant Messaging) Spam, Presence Spam, etc. Security trade-offs Trade-offs between convenience and security are routine in software, and VoIP is no exception. Most, if not all, VoIP components use integrated Web servers for configuration. Web interfaces can be attractive, easy to use, and inexpensive to produce because of the wide availability of good development tools. Unfortunately, most Web development tools focus on features and ease of use, with less attention paid to the security of the applications they help produce. Some VoIP device Web applications have weak or no access control, script vulnerabilities, and inadequate parameter validation, resulting in privacy and DoS vulnerabilities. Some VoIP phone Web servers use only HTTP basic authentication, meaning servers send authentication information without encryption, letting anyone with network access obtain valid user IDs and passwords. As VoIP gains popularity, well inevitably see more administrative Web applications with exploitable errors. The encryption process can be unfavorable to QoS Unfortunately, several factors, including packet size expansion, ciphering latency, and a lack of QoS urgency in the cryptographic engine can cause an excessive amount of latency in VoIP packet delivery, leading to degraded voice quality. The encryption process can be detrimental to QoS, making cryptodevices severe bottlenecks in a VoIP net-work. Encryption latency is introduced at two points. First, encryption and decryption take a nontrivial amount of time. VoIPs multitude of small packets exacerbates the encryption slowdown because most of the time consumed comes as overhead for each packet. One way to avoid this slowdown is to apply algorithms to the computationally simple encryption voice data before packetization. Although this improves throughput, the proprietary encryption algorithms used (fast Fourier-based encryption, chaos-bit encryption, and so on) arent considered as secure as the Advanced Encryption Standard,16 which is included in many IPsec implementations. AESs combination of speed and security should handle the demanding needs of VoIP at both ends. following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform encryption, placing this Recent studies indicate that the greatest contributor to the encryption bottleneck occurs at the cryptoengine scheduler, which often delays VoIP packets as it processes larger data packets.17 This problem stems from the fact that cryptoschedulers are usually first-in first-out (FIFO) queues, inadequate for supporting QoS requirements. If VoIP packets arrive at the encryption point when the queue already contains data packets, theres no way they can usurp the less time-urgent traffic. Some hardware manufacturers have proposed (and at least one has implemented) solutions for this, including QoS reordering of traffic just before it reaches the cryptoengine.18 But this solution assumes that the cryptoengines output is fast enough to avoid saturating the queue. Ideally, youd want the cryptoengine to dynamically sort incoming traffic and force data traffic to wait for it to finish processing the VoIP packets, even if these packets arrive later. However, this solution adds considerable over head to a process most implementers like to keep as light as possible. Another option is to use hardware-implemented AES encryption, which can improve throughput significantly. Past the cryptoengine stage, the system can perform further QoS scheduling on the encrypted packets, provided they were encrypted using ToS preservation, which copies the original ToS bits into the new IPsec header. Virtual private network (VPN) tunneling of VoIP has also become popular recently, but the congestion and bottlenecks associated with encryption suggest that it might not always be scalable. Although researchers are making great strides in this area, the hardware and soft-ware necessary to ensure call quality for encrypted voice traffic might not be economically or architecturally vi-able for all enterprises considering the move to VoIP. Thus far, weve painted a fairly bleak picture of VoIP security. We have no easy â€Å"one size fits all† solution to the issues weve discussed in this article. Decisions to use VPNs instead of ALG-like solutions or SIP instead of H.323 must depend on the specific nature of both the current network and the VoIP network to be. The technical problems are solvable, however, and establishing a secure VoIP implementation is well worth the difficulty. To implement VoIP securely today, start with the following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform burden at a central point ensures the encryption of all VoIP traffic emanating from the enterprise network. Newer IP phones provide AES encryption at reason-able cost. Look for IP phones that can load digitally (cryptographically) signed images to guarantee the integrity of the software loaded onto the IP phone. Avoid softphone systems (see the sidebar) when security or privacy is a concern. In addition to violating the separation of voice and data, PC-based VoIP applications are vulnerable to the worms and viruses that are all too common on PCs. Consider methods to harden VoIP platforms based on common operating systems such as Windows or Linux. Try, for example, disabling unnecessary services or using host-based intrusion detection methods. Be especially diligent about maintaining patches and current versions of VoIP software. Evaluate costs for additional power backup systems that might be required to ensure continued operation during power outages. Give special consideration to E-91 1 emergency services communications, because E-911 automatic location service is not always available with VoIP. VoIP can be done securely, but the path isnt smooth. It will likely be several years before standards issues are settled End to End VoIP Security End to End VoIP Security Introduction User communications applications are in high demand in the Internet user community. Two classes of such applications are of great importance and attract interest by many Internet users: collaboration systems and VoIP communication systems. In the first category reside systems like ICQ , MSN Messenger and Yahoo! Messenger while in the latter, systems like Skype and VoipBuster are dominating among the public VoIP clients. In the architecture plane, collaboration systems form a distributed network where the participants communicate with each other and exchange information. The data are either routed from the source through a central server to the recipient or the two clients communicate directly. The participants in such networks are both content providers and content requestors . On the other hand, the data communication path in the VoIP systems is direct between the peers, without any involvement of the service network in the data exchange path with some exceptions like Skypes â€Å" supernode† communications. Data are carried over public Internet infrastructures like Ethernets, WiFi hotspots or wireless ad hoc networks. Security in these networks is a critical issue addressed in several different perspectives in the past. In this assignment I focus on cryptographic security implementation in VoIP. Security is implemented dynamically in cooperation by the two (or more) peers with no prior arrangements and requirements, like out of band exchanged keys, shared secrets etc. Ease of use (simplicity), user friendliness (no special knowledge from the user side) and effectiveness (ensuring confidentiality and integrity of the applications) combined with minimal requirements on end user devices are the goals achieved by our approach. We leverage security of user communications, meeting all the above requirements, by enhancing the applications architecture with VoIPSec security elements. Over the past few years, Voice over IP (VoIP) has become an attractive alternative to more traditional forms of telephony. Naturally, with its in-creasing popularity in daily communications, re-searchers are continually exploring ways to improve both the efficiency and security of this new communication technology. Unfortunately, while it is well understood that VoIP packets must be encrypted to ensure confidentiality, it has been shown that simply encrypting packets may not be sufficient from a privacy standpoint. For instance, we recently showed that when VoIP packets are first compressed with variable bit rate (VBR) encoding schemes to save bandwidth, and then encrypted with a length preserving stream cipher to ensure confidentiality, it is possible to determine the language spoken in the encrypted conversation. As surprising as these findings may be, one might argue that learning the language of the speaker (e.g., Arabic) only affects privacy in a marginal way. If both endpoints of a VoIP call are known (for example, Mexico City and Madrid), then one might correctly conclude that the language of the conversation is Spanish, without performing any analysis of the traffic. In this work we show that the information leaked from the combination of using VBR and length preserving encryption is indeed far worse than previously thought. VOIP This assignment is about security, more specifically, about protecting one of your most precious assets, your privacy. We guard nothing more closely than our words. One of the most important decisions we make every day is what we will say and what we wont. But even then its not only what we say, but also what someone else hears, and who that person is. Voice over IP- the transmission of voice over traditional packet-switched IP networks—is one of the hottest trends in telecommunications. Although most computers can provide VoIP and many offer VoIP applications, the term â€Å"voice over IP† is typically associated with equipment that lets users dial telephone numbers and communicate with parties on the other end who have a VoIP system or a traditional analog telephone. (The sidebar, â€Å"Current voice-over-IP products,† de-scribes some of the products on the market today.) As with any new technology, VoIP introduces both opportunities and problems. It offers lower cost and greater flexibility for an enterprise but presents significant security challenges. Security administrators might assume that because digitized voice travels in packets, they can simply plug VoIP components into their already se-cured networks and get a stable and secure voice net-work. Unfortunately, many of the tools used to safeguard todays computer networks—firewalls, network address translation (NAT), and encryption—dont work â€Å"as is† in a VoIP network. Although most VoIP components have counterparts in data networks, VoIPs performance demands mean you must supplement ordinary network software and hardware with special VoIP components. Integrating a VoIP system into an already congested or overburdened network can be disastrous for a companys technology infra-structure. Anyone at- tempting to construct a VoIP network should therefore first study the procedure in great detail. To this end, weve outlined some of the challenges of introducing appropriate security measures for VoIP in an enterprise. End-to-End Security IN this assignment I am going to describe the end-to-end security and its â€Å"design principle† that one should not place mechanisms in the network if they can be placed in end nodes; thus, networks should provide general services rather than services that are designed to support specific applications. The design and implementation of the Internet followed this design principle well. The Internet was designed to be an application-agnostic datagram de-livery service. The Internet of today isnt as pure an implementation of the end-to-end design principle as it once was, but its enough of one that the collateral effects of the network not knowing whats running over it are becoming major problems, at least in the minds of some observers. Before I get to those perceived problems, Id like to talk about what the end-to-end design principle has meant to the Internet, technical evolution, and society. The Internet doesnt care what you do—its job is just to â€Å"deliver the b its, stupid† (in the words of David Isenberg in his 1997 paper, â€Å"Rise of the Stupid Network†2). The â€Å"bits† could be part of an email message, a data file, a photograph, or a video, or they could be part of a denial-of-service attack, a malicious worm, a break-in attempt, or an illegally shared song. The Net doesnt care, and that is both its power and its threat. The Internet (and by this, I mean the Arpanet, the NSFNet, and the networks of their successor commercial ISPs) wasnt designed to run the World Wide Web. The Internet wasnt designed to run Google Earth. It was designed to support them even though they did not exist at the time the foundations of the Net were designed. It was designed to support them by being designed to transport data without caring what it was that data represented. At the very first, the design of TCP/IP wasnt so flexible. The initial design had TCP and IP within a single protocol, one that would only deliver data reliably to a destination. But it was realized that not all applications were best served by a protocol that could only deliver reliable data streams. In particular, timely delivery of information is more important than reliable delivery when trying to support interactive voice over a network if adding reliability would, as it does, increase delay. TCP was split from IP so that the application running in an end node could determine for itself the level of reliability it needed. This split created the flexibility that is currently being used to deliver Skypes interactive voice service over the same network that CNN uses to deliver up-to-the-minute news headlines and the US Patent and Trademark office uses to deliver copies of US patents. Thus the Internet design, based as it was on the end-to-end principle, became a generative facility. Unlike the traditional phone system, in which most new applications must be installed in the phone switches deep in the phone net-work, anyone could create new applications and run them over the Internet without getting permission from the organizations that run the parts of the Net. This ability was exploited with â€Å"irrational exuberance†4 during the late 1990s Internet boom. But, in spite of the hundreds of billions of dollars lost by investors when the boom busted, the number of Internet users and Web sites, the amount of Internet traffic, and the value of Internet commerce have continued to rise, and the rate of new ideas for Internet-based services hasnt no- ticeably diminished. Security and privacy in an end-to-end world The end to end arguments paper used â€Å"se-cure transmission of data† as one reason that an end-to-end design was required. The paper points out that network-level or per-link encryption doesnt actually provide assurance that a file that arrives at a destination is the same as the file that was sent or that the data went unobserved along the path from the source to the destination. The only way to ensure end-to-end data integrity and confidentiality is to use end-to-end encryption. Thus, security and privacy are the responsibilities of the end nodes. If you want to ensure that a file will be transferred without any corruption, your data-transfer application had better include an integrity check, and if you didnt want to allow anyone along the way to see the data itself, your application had better encrypt it before transmitting it. There are more aspects to security on a network than just data encryption. For example, to ensure that communication over the net-work is reliable, the network itself needs to be secure against attempts—purposeful or accidental—to disrupt its operation or redirect traffic away from its intended path. But the original Internet design didnt include protections against such attacks. Even if the network is working perfectly, you need to actually be talking to the server or person you think you are. But the Internet doesnt pro-vide a way, at the network level, to assure the identities of its users or nodes. You also need to be sure that the message your computer re receives isnt designed to exploit weaknesses in its software (such as worms or viruses) or in the ways that you use the Net. Protection against such things is the end systems responsibility. Note that there is little that can be done â€Å"in the Net† or in your end system to protect your privacy from threats such as the government demanding the records of your use of Net-based services such as Google, which collect information about your network usage. Many of todays observers assume that the lack of built-in protections against attacks and the lack of a se-cure way to identify users or nodes was a result of an environment of trust that prevailed when the original Internet design and protocols were developed. If you trusted the people on the Net, there was no need for special defensive functions. But a few people who were â€Å"at the scene† have told me that such protections were actively discouraged by the primary sponsor of the early Internet—that is to say, the US military wasnt all that interested in having good nonmilitary security, maybe because it might make its job harder in the future. Whatever the reason, the Internet wasnt designed to provide a secure environment that included protection against the malicious actions of those who would disrupt it or attack nodes or services provided over it. End-to-end security is not dead yet, but it is seriously threatened, at least at the network layer. NATs and firewalls interfere with some types of end-to-end encryption technology. ISPs could soon be required by regulations to, by default, filter the Web sites and perhaps the protocols that their customers can access. Other ISPs want to be able to limit the protocols that their customers can access so that the ISP can give service providers an â€Å"incentive† to pay for the customers use of their lines—they dont see a way to pay for the net-work without this ability. The FBI has asked that it be able to review all new Internet services for tapability before theyre deployed, and the FCC has hinted that it will support the request If this were to happen, applications such as Skype that use end-to-end encryption could be outlawed as inconsistent with law enforcement needs. Today, its still easy to use end-to-end encryption as long as its HTTPS, but that might be short-lived. It could soon reach the point that the use of end-to-end encryption, without which end-to-end security cant exist, will be seen as â€Å"an antisocial act† (as a US justice department official once told me). If that comes to be the case, end-toend security will be truly dead, and we will all have to trust functions in the network that we have no way of knowing are on our side. What is VoIP end to end security? Achieving end-to-end security in a voice-over-IP (VoIP) session is a challenging task. VoIP session establishment involves a jumble of different protocols, all of which must inter-operate correctly and securely. Our objective in this paper is to present a structured analysis of protocol inter-operation in the VoIP stack, and to demonstrate how even a subtle mismatch between the assumptions made by a protocol at one layer about the protocol at another layer can lead to catastrophic security breaches, including complete removal of transport-layer encryption. The VoIP protocol stack is shown in figure 1. For the purposes of our analysis, we will divide it into four layers: signaling, session description, key exchange and secure media (data) transport. This division is quite natural, since each layer is typically implemented by a separate protocol. Signaling is an application-layer (from the viewpoint of the underlying communication network) control mechanism used for creating, modifying and terminating VoIP sessions with one or more participants. Signaling protocols include Session Initiation Protocol (SIP) [27], H.323 and MGCP. Session description protocols such as SDP [20] are used for initiating multimedia and other sessions, and often include key exchange as a sub-protocol. Key exchange protocols are intended to provide a cryptographically secure way of establishing secret session keys between two or more participants in an untrusted environment. This is the fundamental building block in se-cure session establishment. Security of the media transport layer—the layer in which the actual voice datagrams are transmitted—depends on the secrecy of session keys and authentication of session participants. Since the established key is typically used in a symmetric encryption scheme, key secrecy requires that nobody other than the legitimate session participants be able to distinguish it from a random bit-string. Authentication requires that, after the key exchange protocol successfully completes, the participants respective views of sent and received messages must match (e.g., see the notion of â€Å"matching conversations† in [8]). Key ex-change protocols for VoIP sessions include SDPs Security DEscriptions for Media Streams (SDES) , Multim edia Internet KEYing (MIKEY) and ZRTP [31]. We will analyze all three in this paper. Secure media transport aims to provide confidentiality, message authentication and integrity, and replay protection to the media (data) stream. In the case of VoIP, this stream typically carries voice datagrams. Confidentiality means that the data under encryption is indistinguishable from random for anyone who does not have the key. Message authentication implies that if Alice receives a datagram apparently sent by Bob, then it was indeed sent by Bob. Data integrity implies that any modification of the data in transit We show how to cause the transport-layer SRTP protocol to repeat the keystream used for datagram encryption. This enables the attacker to obtain the xor of plaintext datagrams or even to completely decrypt them. The SRTP keystream is generated by using AES in a stream cipher-like mode. The AES key is generated by applying a pseudo-random function (PRF) to the session key. SRTP, however, does not add any session-specific randomness to the PRF seed. Instead, SRTP assumes that the key exchange protocol, executed as part of RTP session establishment, will en-sure that session keys never repeat. Unfortunately, S/MIME-protected SDES, which is one of the key ex-change protocols that may be executed prior to SRTP, does not provide any replay protection. As we show, a network-based attacker can replay an old SDES key establishment message, which will cause SRTP to re-peat the keystream that it used before, with devastating consequences. This attack is confirmed by our analysis of the libsrtp implementation. †¢ We show an attack on the ZRTP key exchange protocol that allows the attacker to convince ZRTP session participants that they have lost their shared secret. ZID values, which are used by ZRTP participants to retrieve previously established shared secrets, are not authenticated as part of ZRTP. Therefore, an attacker can initiate a session with some party A under the guise of another party B, with whom A previously established a shared secret. As part of session establishment, A is supposed to verify that B knows their shared secret. If the attacker deliberately chooses values that cause verification to fail, A will decide—following ZRTP specification—that B has â€Å"forgotten† the shared secret. The ZRTP specification explicitly says that the protocol may proceed even if the set of shared secrets is empty, in which case the attacker ends up sharing a key with A who thinks she shares this key with B. Even if the participants stop the protocol after losing their shared secrets, but are using VoIP devices without displays, they cannot confirm the computed key by voice and must stop communicating. In this case, the attack becomes a simple and effective denial of service. Our analysis of ZRTP is supported by the AVISPA formal analysis tool . †¢ We show several minor weaknesses and potential vulnerabilities to denial of service in other protocols. We also observe that the key derived as the result of MIKEY key exchange cannot be used in a standard cryptographic proof of key exchange security (e.g., ). Key secrecy requires that the key be in-distinguishable from a random bitstring. In MIKEY, however, the joint Diffie-Hellman value derived as the result of the protocol is used directly as the key. Membership in many Diffie-Hellman groups is easily checkable, thus this value can be distinguished from a random bitstring. Moreover, even hashing the Diffie-Hellman value does not allow the formal proof of security to go through in this case, since the hash function does not take any random inputs apart from the Diffie-Hellman value and cannot be viewed as a randomness extractor in the proof. (This observation does not immediately lead to any attacks.) While we demonstrate several real, exploitable vulnerabilities in VoIP security protocols, our main contribution is to highlight the importance of analyzing protocols in con-text rather than in isolation. Specifications of VoIP protocols tend to be a mixture of informal prose and pseudocode, with some assumptions—especially those about the protocols operating at the other layers of the VoIP stack—are left implicit and vague. Therefore, our study has important lessons for the design and analysis of security protocols in general. The rest of the paper is organized as follows. In section 2, we describe the protocols, focusing on SIP (signaling), SDES, ZRTP and MIKEY (key exchange), and SRTP (transport). In section 3, we describe the attacks and vulnerabilities that we discovered. Related work is in section 4, conclusions are in section 5. VoIP security different from normal data network security To understand why security for VoIP differs from data network security, we need to look at the unique constraints of transmitting voice over a packet network, as well as the characteristics shared by VoIP and data networks. Packet networks depend on many configurable parameters: IP and MAC (physical) addresses of voice terminals and addresses of routers and firewalls. VoIP networks add specialized software, such as call managers, to place and route calls. Many network parameters are established dynamically each time a network component is restarted or when a VoIP telephone is restarted or added to the net-work. Because so many nodes in a VoIP network have dynamically configurable parameters, intruders have as wide an array of potentially vulnerable points to attack as they have with data networks. But VoIP systems have much stricter performance constraints than data networks, with significant implications for security. Threats for VoIP VoIP security threats contain Eavesdropping, Denial of Service, Session Hijacking, VoIP Spam, etc. For preventing these threats, there are several VoIP standard protocols. And we discuss this in Section 3. Eavesdropping VoIP service using internet technology is faced with an eavesdropping threat, in which is gathering call setting information and audio/voice communication contents illegally. Eavesdropping can be categorized largely by eavesdropping in a LAN(Local Area Network) environment, one in a WAN( Wide Area Network) environment, one through a PC(Personal Computer) hacking, etc. Denial of Service Denial of Service is an attack, which makes it difficult for legitimate users to take telecommunication service regularly. Also it is one of threats, which are not easy to solve the most. Since VoIP service is based on internet technology, it also is exposed to Denial of Service. Denial of Service in VoIP service can be largely divided into system resource exhaustion, circuit This work was supported by the IT RD program of MIC/IITA resourceexhaustion,VoIP communication interruption/blocking, etc. Session Hijacking Session Hijacking is an attack, which is gathering the communication session control between users through spoofing legitimate users, and is interfering in their communication, as a kind of man-in-the-middle attack. Session Hijacking in VoIP communication can be categorized largely by INVITE session hijacking, SIP Registration hijacking, etc. VoIP Spam VoIP Spam is an attack, which is interrupting, and violating user privacy through sending voice advertisement messages, and also makes VMS(Voice Mailing System) powerless. It can be categorized by Call Spam, IM(Instant Messaging) Spam, Presence Spam, etc. Security trade-offs Trade-offs between convenience and security are routine in software, and VoIP is no exception. Most, if not all, VoIP components use integrated Web servers for configuration. Web interfaces can be attractive, easy to use, and inexpensive to produce because of the wide availability of good development tools. Unfortunately, most Web development tools focus on features and ease of use, with less attention paid to the security of the applications they help produce. Some VoIP device Web applications have weak or no access control, script vulnerabilities, and inadequate parameter validation, resulting in privacy and DoS vulnerabilities. Some VoIP phone Web servers use only HTTP basic authentication, meaning servers send authentication information without encryption, letting anyone with network access obtain valid user IDs and passwords. As VoIP gains popularity, well inevitably see more administrative Web applications with exploitable errors. The encryption process can be unfavorable to QoS Unfortunately, several factors, including packet size expansion, ciphering latency, and a lack of QoS urgency in the cryptographic engine can cause an excessive amount of latency in VoIP packet delivery, leading to degraded voice quality. The encryption process can be detrimental to QoS, making cryptodevices severe bottlenecks in a VoIP net-work. Encryption latency is introduced at two points. First, encryption and decryption take a nontrivial amount of time. VoIPs multitude of small packets exacerbates the encryption slowdown because most of the time consumed comes as overhead for each packet. One way to avoid this slowdown is to apply algorithms to the computationally simple encryption voice data before packetization. Although this improves throughput, the proprietary encryption algorithms used (fast Fourier-based encryption, chaos-bit encryption, and so on) arent considered as secure as the Advanced Encryption Standard,16 which is included in many IPsec implementations. AESs combination of speed and security should handle the demanding needs of VoIP at both ends. following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform encryption, placing this Recent studies indicate that the greatest contributor to the encryption bottleneck occurs at the cryptoengine scheduler, which often delays VoIP packets as it processes larger data packets.17 This problem stems from the fact that cryptoschedulers are usually first-in first-out (FIFO) queues, inadequate for supporting QoS requirements. If VoIP packets arrive at the encryption point when the queue already contains data packets, theres no way they can usurp the less time-urgent traffic. Some hardware manufacturers have proposed (and at least one has implemented) solutions for this, including QoS reordering of traffic just before it reaches the cryptoengine.18 But this solution assumes that the cryptoengines output is fast enough to avoid saturating the queue. Ideally, youd want the cryptoengine to dynamically sort incoming traffic and force data traffic to wait for it to finish processing the VoIP packets, even if these packets arrive later. However, this solution adds considerable over head to a process most implementers like to keep as light as possible. Another option is to use hardware-implemented AES encryption, which can improve throughput significantly. Past the cryptoengine stage, the system can perform further QoS scheduling on the encrypted packets, provided they were encrypted using ToS preservation, which copies the original ToS bits into the new IPsec header. Virtual private network (VPN) tunneling of VoIP has also become popular recently, but the congestion and bottlenecks associated with encryption suggest that it might not always be scalable. Although researchers are making great strides in this area, the hardware and soft-ware necessary to ensure call quality for encrypted voice traffic might not be economically or architecturally vi-able for all enterprises considering the move to VoIP. Thus far, weve painted a fairly bleak picture of VoIP security. We have no easy â€Å"one size fits all† solution to the issues weve discussed in this article. Decisions to use VPNs instead of ALG-like solutions or SIP instead of H.323 must depend on the specific nature of both the current network and the VoIP network to be. The technical problems are solvable, however, and establishing a secure VoIP implementation is well worth the difficulty. To implement VoIP securely today, start with the following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform burden at a central point ensures the encryption of all VoIP traffic emanating from the enterprise network. Newer IP phones provide AES encryption at reason-able cost. Look for IP phones that can load digitally (cryptographically) signed images to guarantee the integrity of the software loaded onto the IP phone. Avoid softphone systems (see the sidebar) when security or privacy is a concern. In addition to violating the separation of voice and data, PC-based VoIP applications are vulnerable to the worms and viruses that are all too common on PCs. Consider methods to harden VoIP platforms based on common operating systems such as Windows or Linux. Try, for example, disabling unnecessary services or using host-based intrusion detection methods. Be especially diligent about maintaining patches and current versions of VoIP software. Evaluate costs for additional power backup systems that might be required to ensure continued operation during power outages. Give special consideration to E-91 1 emergency services communications, because E-911 automatic location service is not always available with VoIP. VoIP can be done securely, but the path isnt smooth. It will likely be several years before standards issues are settled

What Are The Main Contrasts To Be Found In Portugal? :: essays research papers fc

What Are The Main Contrasts To Be Found in Portugal?   Ã‚  Ã‚  Ã‚  Ã‚  When answering a question such as this, one must primarily begin by pointing out that not only does Portugal have a great many contrasts within its land, but also that it contrasts greatly with the other Mediterranean countries. Portugal is not to be considered by any means as Spain's poor neighbour, nor should a shadow be cast over it by such a formidable nation. Portugal has a great deal to offer any visitor, it is not merely a tourist's paradise, yet this is regrettably how it is viewed by a large number of individuals. One must also not forget Portugal's history of being, in days gone by, one of the greater maritime nations, one of the more advanced exploring countries of Europe. Whilst Spain was occupied with discovering the Indias and consequently the Americas, Portugal was itself busy exploring Africa and making its own invaluable discoveries, although these are for the most part overlooked.   Ã‚  Ã‚  Ã‚  Ã‚  Being situated on the westernmost edge of Europe and the Iberian Peninsula, Portugal enjoys a relative privacy and independence from the rest of Mediterranean countries. Bordering on Spain on two sides and the sea on the others, the nation as naturally turned towards the sea, from which it draws both its strength and wealth and turned its back on its greatest rival, Spain. Due to its constant waves of invasion throughout the ages, Portugal is a vastly diverse land, not only in geographical terms but also in terms of heritage. It is true to say that Portugal does share a number of similarities with Spain, but it is by no means identical. Rather it is a nation which blends Moorish influences, British tradition and Mediterranean culture to form a truly unique land of peoples.   Ã‚  Ã‚  Ã‚  Ã‚  When considering the diversity of a country such as Portugal, the mention of which immediately conjures up a melange of images from North African to Western European, from hot and balmy weather to snow capped mountains, one must really begin by describing the two principle factors, those of climate and geography, which themselves are interwoven. These in turn have a great effect on and to a certain extent bring about other differences which can be noted within the narrow confines of this nation, such as those of vegetation, economy and landscape.   Ã‚  Ã‚  Ã‚  Ã‚  On examining Portugal in terms of contrasting regions or areas, one must obviously have a starting point and that is generally considered to be a comparison between north and south, the River Tagus (Tejo) being the dividing line. However, Portugal can naturally be divided into three great natural