Features of Transport Layer Security (TLS)

Features of Transport Layer Security (TLS)   TRANSPORT LAYER SECURITY TLS is a successor to Secure Sockets Layer protocol. TLS provides secure communications on the Internet for such things as e-mail, Internet faxing, and other data transfers. There are slight differences between SSL 3.0 and TLS 1.0, but the protocol remains significantly the same. It is good idea to keep in mind that TLS resides on the Application Layer of the OSI model. This will save you a lot of frustrations while debugging and troubleshooting encryption troubles connected to TLS.   TLS Features TLS is a generic application layer security protocol that runs over reliable transport. It provides a secure channel to application protocol clients. This channel has three primary security features: Authentication of the server. Confidentiality of the communication channel. Message integrity of the communication channel. Optionally TLS can also provide authentication of the client. In general, TLS authentication uses public key based digital signatures backed by certificates. Thus, the server authenticates either by decrypting a secret encrypted under his public key or by signing an ephemeral public key. The client authenticates by signing a random challenge. Server certificates typically contain the servers domain name. Client certificates can contain arbitrary identities.   The Handshake Protocols The TLS Handshake Protocol allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged. In a typical scenario, only the server is authenticated and its identity is ensured while the client remains unauthenticated. The mutual authentication of the servers requires public key deployment to clients. Provide security parameters to the record layer. A Client sends a ClientHello message specifying the highest TLS protocol version it supports, a random number, a list of suggested cipher suites and compression methods. The Server responds with a ServerHello, containing the chosen protocol version, a random number, cipher, and compression method from the choices offered by the client. The Server sends its Certificate (depending on the selected cipher, this may be omitted by the Server). The server may request a certificate from the client, so that the connection can be mutually authenticated, using a Certificate Request. The Server sends a ServerHelloDone message, indicating it is done with handshake negotiation. The Client responds with a ClientKeyExchange which may contain a PreMasterSecret, public key, or nothing. (Again, this depends on the selected cipher). The Handshake protocol provides a number of security functions. Such as Authentication, Encryption, Hash Algorithms  · Authentication A certificate is a digital form of identification that is usually issued by a certification authority (CA) and contains identification information, a validity period, a public key, a serial number, and the digital signature of the issuer. For authentication purposes, the Handshake Protocol uses an X.509 certificate to provide strong evidence to a second party that helps prove the identity of the party that holds the certificate and the corresponding private key.  · Encryption There are two main types of encryption: symmetric key (also known as Private Key) and asymmetric key (also known as public key. TLS/SSL uses symmetric key for bulk encryption and public key for authentication and key exchange.  · Hash Algorithms A hash is a one-way mapping of values to a smaller set of representative values, so that the size of the resulting hash is smaller than the original message and the hash is unique to the original data. A hash is similar to a fingerprint: a fingerprint is unique to the individual and is much smaller than the original person. Hashing is used to establish data integrity during transport. Two common hash algorithms are Message Digest5 (MD5) produce 128-bit hash value and Standard Hash Algorithm1 (SHA-1) produce 160-bit value.   The Change Cipher Spec The Change Cipher Spec Protocol signals a transition of the cipher suite to be used on the connection between the client and server. This protocol is composed of a single message which is encrypted and compressed with the current cipher suite. This message consists of a single byte with the value1. Message after this will be encrypted and compressed using the new cipher suite.   The Alert The Alert Protocol includes event-driven alert messages that can be sent from either party. the session is either ended or the recipient is given the choice of whether or not to end the session. Schannel SSP will only generate these alert messages at the request of the application.   The Record Layer/Protocol The TLS record protocol is a simple framing layer with record format as shown below: struct { ContentType type; ProtocolVersion version; uint16 length; opaque payload[length]; } TLSRecord; As with TLS, data is carried in records. In both protocols, records can only be processed when the entire record is available. The Record Layer might have four functions: It fragments the data coming from the application into manageable blocks (and reassemble incoming data to pass up to the application). Schannel SSP does not support fragmentation at the Record Layer. It compresses the data and decompresses incoming data. Schannel SSP does not support compression at the Record Layer. It applies a Message Authentication Code (MAC), or hash/digest, to the data and uses the MAC to verify incoming data. It encrypts the hashed data and decrypts incoming data.   Application Protocol TLS runs on application protocol such as HTTP, FTP, SMTP, NNTP, and XMPP and above a reliable transport protocol, TCP for example. While it can add security to any protocol that uses reliable connections (such as TCP), it is most commonly used with HTTP to form HTTPS. HTTPS is used to secure World Wide Web pages for applications such as electronic commerce and asset management. These applications use public key certificates to verify the identity of endpoints.   TSL/ SSL Security The client may use the CAs public key to validate the CAs digital signature on the server certificate. If the digital signature can be verified, the client accepts the server certificate as a valid certificate issued by a trusted CA. The client verifies that the issuing Certificate Authority (CA) is on its list of trusted Cas. The client checks the servers certificate validity period. The authentication process stops if the current date and time fall outside of the validity period.   IPSec IPSec acts at the network layer, protecting and authenticating IP packets between participating IPSec devices (peers), such as PIX Firewalls, Cisco routers, Cisco VPN 3000 Concentrators, Cisco VPN Clients, and other IPSec-compliant products. IPSec is not bound to any specific encryption or authentication algorithms, keying technology, or security algorithms. IPSec is a framework of open standards. Because it isnt bound to specific algorithms, IPSec allows newer and better algorithms to be implemented without patching the existing IPSec standards. IPSec provides data confidentiality, data integrity, and data origin authentication between participating peers at the IP layer. IPSec is used to secure a path between a pair of gateways, a pair of hosts, or a gateway and a host. Some of the standard algorithms are as follows: Data Encryption Standard (DES) algorithm—Used to encrypt and decrypt packet data. 3DES algorithm—effectively doubles encryption strength over 56-bit DES. Advanced Encryption Standard (AES)—a newer cipher algorithm designed to replace DES. Has a variable key length between 128 and 256 bits. Cisco is the first industry vendor to implement AES on all its VPN-capable platforms. Message Digest 5 (MD5) algorithm—Used to authenticate packet data. Secure Hash Algorithm 1 (SHA-1)—Used to authenticate packet data. Diffie-Hellman (DH)—a public-key cryptography protocol that allows two parties to establish a shared secret key used by encryption and hash algorithms (for example, DES and MD5) over an insecure communications channel. IPSec security services provide four critical functions: Confidentiality (encryption)—the sender can encrypt the packets before transmitting them across a network. By doing so, no one can eavesdrop on the communication. If intercepted, the communications cannot be read. Data integrity—the receiver can verify that the data was transmitted through the Internet without being changed or altered in any way. Origin authentication—the receiver can authenticate the packets source, guaranteeing and certifying the source of the information. Anti-replay protection—Anti-replay protection verifies that each packet is unique, not duplicated. IPSec packets are protected by comparing the sequence number of the received packets and a sliding window on the destination host, or security gateway. Late and duplicate packets are dropped. v How IPSec works The goal of IPSec is to protect the desired data with the needed security services. IPSecs operation can be broken into five primary steps: Define interesting traffic—Traffic is deemed interesting when the VPN device recognizes that the traffic you want to send needs to be protected. IKE Phase 1—This basic set of security services protects all subsequent communications between the peers. IKE Phase 1 sets up a secure communications channel between peers. IKE Phase 2—IKE negotiates IPSec security association (SA) parameters and sets up matching IPSec SAs in the peers. These security parameters are used to protect data and messages exchanged between endpoints. Data transfer—Data is transferred between IPSec peers based on the IPSec parameters and keys stored in the SA database. IPSec tunnel termination—IPSec SAs terminate through deletion or by timing out. TASK 1(b) IPSecs advantage over TLS: It has more plasticity on choosing the Authentication mechanisms (like the Pre Shared Key), and therefore makes it hard for the attacker to do man in the middle.TLS is based only on Public key and with tools, its possible to do man in the Middle breaking TLS. Going one step down the OSI stack, IP Security (IPSec) guarantees the data privacy and integrity of IP packets, regardless of how the application used the sockets. This means any application, as long as it uses IP to send data, will benefit from the underlying secure IP network. Nothing has to be rewritten or modified; it even is possible that users wont be aware their data is being processed through encrypting devices. This solution is the most transparent one for end users and the one most likely to be adopted in the future in the widest range of situations. The main drawback of IPSsec lies in its intrinsic infrastructural complexity, which demands several components to work properly. IPSec deployment must be planned and carri ed out by network administrators, and it is less likely to be adopted directly by end users. TLSs advantage over IPSec: The advantage of TLS over generic application-level security mechanisms is the application no longer has the burden of encrypting user data. Using a special socket and API, the communication is secured. The problem with TLS is an application wishing to exploit its functionality must be written explicitly in order to do so (see Resources). Existing applications, which constitute the majority of data producers on the Internet, cannot take advantage of the encryption facilities provided by TLS without being rewritten. Think of the common applications we use everyday: mail clients, web browsers on sites without HTTPS, IRC channels, peer-to-peer file sharing systems and so on. Also, most network services (such as mail relays, DNS servers, routing protocols) currently run over plain sockets, exchanging vital information as clear text and only seldomly adopting application-level counter-measures (mostly integrity checks, such as MD5 sums).   IGMP IGMP is a protocol used by IP hosts, and adjacent multicast network devices to identify their memberships. If they are part of the same multicast group they communicate with each other. ICMP communicates 1 to 1.IGMP communicates 1 to many.   Establish Multicast group We describe a distributed architecture for managing multicast addresses in the global Internet. A multicast address space partitioning scheme is proposed, based on the Unicast host address and a per-host address management entity. By noting that port numbers are an integral part of end-to-end multicast addressing we present a single, unified solution to the two problems of dynamic multicast address management and port resolution. We then present a framework for the evaluation of multicast address management schemes, and use it to compare our design with three approaches, as well as a random allocation strategy. The criteria used for the evaluation are blocking probability and consistency, address acquisition delay, the load on address management entities, robustness against failures, and processing and communications overhead. With the distributed scheme the probability of blocking for address acquisition is reduced by several orders of magnitude, to insignificant levels, while consi stency is maintained. At the same time, the address acquisition delay is reduced to a minimum by serving the request within the host itself. It is also shown that the scheme generates much less control traffic, is more robust against failures, and puts much less load on address management entities as compared with the other three schemes. The random allocation strategy is shown to be attractive primarily due to its simplicity, although it does have several drawbacks stemming from its lack of consistency (addresses may be allocated more than once) The Routing and Remote Access administrative tool is used to enable routing on a Windows 2000 server that is multihomed (has more than one network card). Windows 2000 professional cannot be a router. The Routing and Remote Access administrative tool or the route command line utility can be used to con a static router and add a routing table. A routing table is required for static routing. Dynamic routing does not require a routing table since the table is built by software. Dynamic routing does require additional protocols to be installed on the computer. When using the Routing and Remote Access tool, the following information is entered: Interface Specify the network card that the route applies to which is where the packets will come from. Destination Specify the network address that the packets are going to such as 192.168.1.0. Network Mask The subnet mask of the destination network. Gateway The IP address of the network card on the network that is cond to forward the packets such as 192.168.1.1. Metric The number of routers that packets must pass through to reach the intended network. If there are more than 1, the Gateway address will not match the network address of the destination network.   Dynamic Routing Windows 2000 Server supports Network Address Translation (NAT) and DHCP relay agent. Three Windows 2000 supported Dynamic routing protocols are: Routing Information Protocol (RIP) version 2 for IP Open Shortest Path First (OSPF) Internet Group Management Protocol (IGMP) version 2 with router or proxy support. The Routing and Remote Access tool is used to install, con, and monitor these protocols and routing functions. After any of these dynamic routing protocols are installed, they must be cond to use one or more routing interfaces.   Protocol Independent Multicast (PIM): This document describes an architecture for efficiently routing to multicast groups that may span wide-area (and inter-domain) internets. We refer to the approach as Protocol Independent Multicast (PIM) because it is not dependent on any particular unicast routing protocol. The most significant innovation in this architecture is the efficient support of sparse, wide area groups. This sparse mode (SM) of operation complements the traditional { dense-mode} approach to multicast routing for campus networks, as developed by Deering [2][3] and implemented previously in MOSPF and DVMRP [4][5]. These traditional dense mode multicast schemes were intended for use within regions where a group is widely represented or bandwidth is universally plentiful. However, when group members, and senders to those group members, are distributed sparsely across a wide area, these schemes are not efficient; data packets (in the case of DVMRP) or membership report information (in the case of MOSPF) are occasionally sent over many links that do not lead to receivers or senders, respectively. The purpose of this work is to develop a multicast routing architecture that efficiently establishes distribution trees even when some or all members are sparsely distributed. Efficiency is evaluated in terms of the state, control message, and data packet overhead required across the entire network in order to deliver data packets to the members of the group.   The Protocol Independent Multicast (PIM) architecture: maintains the traditional IP multicast service model of receiver-initiated membership; can be cond to adapt to different multicast group and network characteristics; is not dependent on a specific unicast routing protocol; uses soft-state mechanisms to adapt to underlying network conditions and group dynamics. The robustness, flexibility, and scaling properties of this architecture make it well suited to large heterogeneous inter-networks. This document describes an architecture for efficiently routing to multicast groups that may span wide-area (and inter-domain) internets. We refer to the approach as Protocol Independent Multicast (PIM) because it is not dependent on any particular unicast routing protocol. The most significant innovation in this architecture is the efficient support of sparse, wide area groups. This sparse mode (SM) of operation complements the traditional { dense-mode} approach to multicast routing for campus networks, as developed by Deering [2][3] and implemented previously in MOSPF and DVMRP [4][5]. These traditional dense mode multicast schemes were intended for use within regions where a group is widely represented or bandwidth is universally plentiful. However, when group members, and senders to those group members, are distributed sparsely across a wide area, these schemes are not efficient; data packets (in the case of DVMRP) or membership report information (in the case of MOSPF) are occas ionally sent over many links that do not lead to receivers or senders, respectively. The purpose of this work is to develop a multicast routing architecture that efficiently establishes distribution trees even when some or all members are sparsely distributed. Efficiency is evaluated in terms of the state, control message, and data packet overhead required across the entire network in order to deliver data packets to the members of the group. A user of an internet- connected pc, Adam; send an email message to another internet connected pc user beryl. 1. Outlinethe function of four internet host that would normally be involved be involved in this task. . : 1. Adams Computer : :2. Server of Adams Internet Service Provider : : 3. Server of Beryls Internet Service Provider: :4. Beryls Computer : . This program allows you to build and deal with a large mailing list, and to create modified messages from predefined templates while sending. It lets you define multiple independent SMTP server connections and will utilize the latest in multithreading technology, to send emails to you as fast as it is possible. You can use all the standard message formats like plain text, HTML or even create a rich content message in the Microsoft Outlook Express and export it into the program. The interface of the program is very simple and easy to learn nearly all functions can be performed using hotkeys on the keyboard. E-mail is a growing source of an enterprises records and needs to be treated as any written memo, letter or report has been treated. The information in e-mail has the potential to add to the enterprises knowledge assets, from interactions with the users or customers in the enterprise to interactions with colleagues overseas. 2. List the internet protocol which would be used in this task. Internet Protocol (IP) is packet-based protocol that allows dissimilar hosts to connect to each other for the purpose of delivering data across the resulting networks. Applications combine IP with a higher- level protocol called Transport Control Protocol (TCP), which establishes a virtual connection between a destination and a source. IP by itself is something like the postal system. It allows you to address a package and drop it in the system, but theres no direct link between you and the recipient. . : 1. HTTP : :2. IMAP(Version 4): : 3.SMTP : :4.POP (Version 3) : .   HTTP (Hyper-Text Transfer Protocol) is the underlying protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. HTTP/1.0, as defined by RFC 1945 [6], improved the protocol by allowing messages to be in the format of MIME-like messages, containing meta information about the data transferred and modifiers on the request/response semantics.   IMAP4 (Internet Message Access Protocol) A mail protocol that provides management of received messages on a remote server. The user can review headers, create or delete folders/mailboxes and messages, and search contents remotely without downloading. It includes more functions than the similar POP protocol.   POP3 (Post Office Protocol 3) is the most recent version of a standard protocol for receiving e-mail. POP3 is a client/server protocol in which e-mail is received and held for you by your Internet server. Periodically, you (or your client e-mail receiver) check your mail-box on the server and download any mail, probably using POP3. This standard protocol is built into most popular e-mail products, such as Eudora and Outlook Express. Its also built into the Netscape and Microsoft Internet Explorer browsers. POP3 is designed to delete mail on the server as soon as the user has downloaded it. However, some implementations allow users or an administrator to specify that mail be saved for some period of time. POP can be thought of as a store-and-forward service.   SMTP (Simple Mail Transfer Protocol) is a TCP/IP protocol used in sending and receiving e-mail. However, since it is limited in its ability to queue messages at the receiving end, it is usually used with one of two other protocols, POP3 or IMAP, that let the user save messages in a server mailbox and download them periodically from the server. In other words, users typically use a program that uses SMTP for sending e-mail and either POP3 or IMAP for receiving e-mail. On Unix-based systems, send mail is the most widely-used SMTP server for e-mail. A commercial package, Send mail, includes a POP3 server. Microsoft Exchange includes an SMTP server and can also be set up to include POP3 support. SMTP usually is implemented to operate over Internet port 25. An alternative to SMTP that is widely used in Europe is X.400. Many mail servers now support Extended Simple Mail Transfer Protocol (ESMTP), which allows multimedia files to be delivered as e-mail. 3. Taking the case that the message include the text please find attached abstract and 1. as well as in MS-Word format and an attachment in jpeg, list format of the send mail messages. .. : 1. MIME : ..   MIME (Multi-Purpose Internet Mail Extensions) is an extension of the original Internet e-mail protocol that lets people use the protocol to exchange different kinds of data files on the Internet: audio, video, images, application programs, and other kinds, as well as the ASCII text handled in the original protocol, the Simple Mail Transport Protocol (SMTP). In 1991, Nathan Borenstein of Bellcore proposed to the IETF that SMTP be extended so that Internet (but mainly Web) clients and servers could recognize and handle other kinds of data than ASCII text. As a result, new file types were added to mail as a supported Internet Protocol file type. Servers insert the MIME header at the beginning of any Web transmission. Clients use this header to select an appropriate player application for the type of data the header indicates. Some of these players are built into the Web client or browser (for example, all browsers come with GIF and JPEG image players as well as the ability to handle HTML files). 4. How would received message differ the sent messages? The email address that receives messages sent from users who click  ¿Ã‚ ½reply ¿Ã‚ ½ in their email clients. Can differ from the  ¿Ã‚ ½from ¿Ã‚ ½address which can be an automated or unmonitored email address used only to send messages to a distribution list.  ¿Ã‚ ½Reply-to ¿Ã‚ ½ should always be a monitored address.   IPv4: Internet Protocol (Version 4) The Internet Protocol (IP) is a network-layer (Layer 3) protocol in the OSI model that contains addressing information and some control information to enable packets being routed in network. IP is the primary network-layer protocol in the TCP/IP protocol suite. Along with the Transmission Control Protocol (TCP), IP represents the heart of the Internet protocols. IP is equally well suited for both LAN and WAN communications. IP (Internet Protocol) has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through a network; and providing fragmentation and reassembly of datagrams to support data links with different maximum-transmission unit (MTU) sizes. The IP addressing scheme is integral to the process of routing IP datagrams through an internetwork. Each IP address has specific components and follows a basic format. These IP addresses can be subdivided and used to create addresses for sub networks. Each computer (known as host) on a TCP/IP network is assigned a unique logical address (32-bit in IPv4) that is divided into two main parts: the network number and the host number. The network number identifies a network and must be assigned by the Internet Network Information Center (InterNIC) if the network is to be part of the Internet. An Internet Service Provider (ISP) can obtain blocks of network addresses from the InterNIC and can itself assign address space as nece ssary. The host number identifies a host on a network and is assigned by the local network administrator.   IPv6 (IPng): Internet Protocol version 6 IPv6 is the new version of Internet Protocol (IP) based on IPv4, a network-layer (Layer 3) protocol that contains addressing information and some control information enabling packets to be routed in the network. There are two basic IP versions: IPv4 and IPv6. IPv6 is also called next generation IP or IPng. IPv4 and IPv6 are de-multiplexed at the media layer. For example, IPv6 packets are carried over Ethernet with the content type 86DD (hexadecimal) instead of IPv4s 0800. The IPv4 is described in separate documents. IPv6 increases the IP address size from 32 bits to 128 bits, to support more levels of addressing hierarchy, a much greater number of addressable nodes, and simpler auto-configuration of addresses. IPv6 addresses are expressed in hexadecimal format (base 16) which allows not only numerals (0-9) but a few characters as well (a-f). A sample ipv6 address looks like: 3ffe: ffff: 100:f101:210:a4ff:fee3:9566. Scalability of multicast addresses is introduced. A new type of address called an any cast address is also defined, to send a packet to any one of a group of nodes. Two major improvements in IPv6 vs. v4: * Improved support for extensions and options IPv6 options are placed in separate headers that are located between the IPv6 header and the transport layer header. Changes in the way IP header options are encoded to allow more efficient forwarding, less stringent limits on the length of options, and greater flexibility for introducing new options in the future.  · Flow labeling capability A new capability has been added to enable the labeling of packets belonging to particular traffic flows for which the sender requests special handling, such as non-default Quality of Service or real-time service.   Comparison between IPv6 with IPv4 Data structure of IPv6 has modified as follows: Header length field found in IPv4 is removed in IPv6. Type of Service field found in IPv4 has been replaced with Priority field in IPv6. Time to live field found in IPv4 has been replaced with Hop Limit in IPv6. Total Length field has been replaced with Payload Length field Protocol field has been replaced with Next Header field Source Address and Destination Address has been increased from 32-bits to 128-bits.   Major Similarities IPv6 with IPv4 Both protocols provide loopback addresses. IPv6 multicast achieves the same purpose that IPv4 broadcast does. Both allow the user to determine datagram size, and the maximum number of hops before termination. Both provide connectionless delivery service (datagrams routed independently). Both are best effort datagram delivery services.   Major Differences between IPv6 with IPv4 IPv6 host to IPv6 host routing via IPv4 network: Here, IPv6 over IPv4 tunneling is required to send a datagram. IPv6 packets are encapsulated within IPv4 packets, allowing travel over IPv4 routing infrastructures to reach an IPv6 host on the other side of the .IPv6 over IPv4 tunnel. The two different types of tunneling are automatic and cond. For a cond tunnel, the IPv6 to IPv4 mappings, at tunnel endpoints, have to be manually specified. Automatic tunneling eases tunneling, but nullifies the advantages of using the 128-bit address space. IPv6 host to IPv4 host and vice versa: The device that converts IPv6 packets to IPv4 packets (a dual IP stack/ dual stack router) allows a host to access both IPv4 and IPv6 resources for communication. A dual IP stack routes as well as converts between IPv4 and IPv6 datagrams ICMP: IPv6 enhances ICMP with ICMPv6. The messages are grouped as informational and error. An ICMPv6 message can contain much more information. The rules for message handling are stricter. ICMPv6 uses the Neighbor Discovery Protocol. New messages have been added also. Absence of ARP RARP: Features of Transport Layer Security (TLS) Features of Transport Layer Security (TLS)   TRANSPORT LAYER SECURITY TLS is a successor to Secure Sockets Layer protocol. TLS provides secure communications on the Internet for such things as e-mail, Internet faxing, and other data transfers. There are slight differences between SSL 3.0 and TLS 1.0, but the protocol remains significantly the same. It is good idea to keep in mind that TLS resides on the Application Layer of the OSI model. This will save you a lot of frustrations while debugging and troubleshooting encryption troubles connected to TLS.   TLS Features TLS is a generic application layer security protocol that runs over reliable transport. It provides a secure channel to application protocol clients. This channel has three primary security features: Authentication of the server. Confidentiality of the communication channel. Message integrity of the communication channel. Optionally TLS can also provide authentication of the client. In general, TLS authentication uses public key based digital signatures backed by certificates. Thus, the server authenticates either by decrypting a secret encrypted under his public key or by signing an ephemeral public key. The client authenticates by signing a random challenge. Server certificates typically contain the servers domain name. Client certificates can contain arbitrary identities.   The Handshake Protocols The TLS Handshake Protocol allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged. In a typical scenario, only the server is authenticated and its identity is ensured while the client remains unauthenticated. The mutual authentication of the servers requires public key deployment to clients. Provide security parameters to the record layer. A Client sends a ClientHello message specifying the highest TLS protocol version it supports, a random number, a list of suggested cipher suites and compression methods. The Server responds with a ServerHello, containing the chosen protocol version, a random number, cipher, and compression method from the choices offered by the client. The Server sends its Certificate (depending on the selected cipher, this may be omitted by the Server). The server may request a certificate from the client, so that the connection can be mutually authenticated, using a Certificate Request. The Server sends a ServerHelloDone message, indicating it is done with handshake negotiation. The Client responds with a ClientKeyExchange which may contain a PreMasterSecret, public key, or nothing. (Again, this depends on the selected cipher). The Handshake protocol provides a number of security functions. Such as Authentication, Encryption, Hash Algorithms  · Authentication A certificate is a digital form of identification that is usually issued by a certification authority (CA) and contains identification information, a validity period, a public key, a serial number, and the digital signature of the issuer. For authentication purposes, the Handshake Protocol uses an X.509 certificate to provide strong evidence to a second party that helps prove the identity of the party that holds the certificate and the corresponding private key.  · Encryption There are two main types of encryption: symmetric key (also known as Private Key) and asymmetric key (also known as public key. TLS/SSL uses symmetric key for bulk encryption and public key for authentication and key exchange.  · Hash Algorithms A hash is a one-way mapping of values to a smaller set of representative values, so that the size of the resulting hash is smaller than the original message and the hash is unique to the original data. A hash is similar to a fingerprint: a fingerprint is unique to the individual and is much smaller than the original person. Hashing is used to establish data integrity during transport. Two common hash algorithms are Message Digest5 (MD5) produce 128-bit hash value and Standard Hash Algorithm1 (SHA-1) produce 160-bit value.   The Change Cipher Spec The Change Cipher Spec Protocol signals a transition of the cipher suite to be used on the connection between the client and server. This protocol is composed of a single message which is encrypted and compressed with the current cipher suite. This message consists of a single byte with the value1. Message after this will be encrypted and compressed using the new cipher suite.   The Alert The Alert Protocol includes event-driven alert messages that can be sent from either party. the session is either ended or the recipient is given the choice of whether or not to end the session. Schannel SSP will only generate these alert messages at the request of the application.   The Record Layer/Protocol The TLS record protocol is a simple framing layer with record format as shown below: struct { ContentType type; ProtocolVersion version; uint16 length; opaque payload[length]; } TLSRecord; As with TLS, data is carried in records. In both protocols, records can only be processed when the entire record is available. The Record Layer might have four functions: It fragments the data coming from the application into manageable blocks (and reassemble incoming data to pass up to the application). Schannel SSP does not support fragmentation at the Record Layer. It compresses the data and decompresses incoming data. Schannel SSP does not support compression at the Record Layer. It applies a Message Authentication Code (MAC), or hash/digest, to the data and uses the MAC to verify incoming data. It encrypts the hashed data and decrypts incoming data.   Application Protocol TLS runs on application protocol such as HTTP, FTP, SMTP, NNTP, and XMPP and above a reliable transport protocol, TCP for example. While it can add security to any protocol that uses reliable connections (such as TCP), it is most commonly used with HTTP to form HTTPS. HTTPS is used to secure World Wide Web pages for applications such as electronic commerce and asset management. These applications use public key certificates to verify the identity of endpoints.   TSL/ SSL Security The client may use the CAs public key to validate the CAs digital signature on the server certificate. If the digital signature can be verified, the client accepts the server certificate as a valid certificate issued by a trusted CA. The client verifies that the issuing Certificate Authority (CA) is on its list of trusted Cas. The client checks the servers certificate validity period. The authentication process stops if the current date and time fall outside of the validity period.   IPSec IPSec acts at the network layer, protecting and authenticating IP packets between participating IPSec devices (peers), such as PIX Firewalls, Cisco routers, Cisco VPN 3000 Concentrators, Cisco VPN Clients, and other IPSec-compliant products. IPSec is not bound to any specific encryption or authentication algorithms, keying technology, or security algorithms. IPSec is a framework of open standards. Because it isnt bound to specific algorithms, IPSec allows newer and better algorithms to be implemented without patching the existing IPSec standards. IPSec provides data confidentiality, data integrity, and data origin authentication between participating peers at the IP layer. IPSec is used to secure a path between a pair of gateways, a pair of hosts, or a gateway and a host. Some of the standard algorithms are as follows: Data Encryption Standard (DES) algorithm—Used to encrypt and decrypt packet data. 3DES algorithm—effectively doubles encryption strength over 56-bit DES. Advanced Encryption Standard (AES)—a newer cipher algorithm designed to replace DES. Has a variable key length between 128 and 256 bits. Cisco is the first industry vendor to implement AES on all its VPN-capable platforms. Message Digest 5 (MD5) algorithm—Used to authenticate packet data. Secure Hash Algorithm 1 (SHA-1)—Used to authenticate packet data. Diffie-Hellman (DH)—a public-key cryptography protocol that allows two parties to establish a shared secret key used by encryption and hash algorithms (for example, DES and MD5) over an insecure communications channel. IPSec security services provide four critical functions: Confidentiality (encryption)—the sender can encrypt the packets before transmitting them across a network. By doing so, no one can eavesdrop on the communication. If intercepted, the communications cannot be read. Data integrity—the receiver can verify that the data was transmitted through the Internet without being changed or altered in any way. Origin authentication—the receiver can authenticate the packets source, guaranteeing and certifying the source of the information. Anti-replay protection—Anti-replay protection verifies that each packet is unique, not duplicated. IPSec packets are protected by comparing the sequence number of the received packets and a sliding window on the destination host, or security gateway. Late and duplicate packets are dropped. v How IPSec works The goal of IPSec is to protect the desired data with the needed security services. IPSecs operation can be broken into five primary steps: Define interesting traffic—Traffic is deemed interesting when the VPN device recognizes that the traffic you want to send needs to be protected. IKE Phase 1—This basic set of security services protects all subsequent communications between the peers. IKE Phase 1 sets up a secure communications channel between peers. IKE Phase 2—IKE negotiates IPSec security association (SA) parameters and sets up matching IPSec SAs in the peers. These security parameters are used to protect data and messages exchanged between endpoints. Data transfer—Data is transferred between IPSec peers based on the IPSec parameters and keys stored in the SA database. IPSec tunnel termination—IPSec SAs terminate through deletion or by timing out. TASK 1(b) IPSecs advantage over TLS: It has more plasticity on choosing the Authentication mechanisms (like the Pre Shared Key), and therefore makes it hard for the attacker to do man in the middle.TLS is based only on Public key and with tools, its possible to do man in the Middle breaking TLS. Going one step down the OSI stack, IP Security (IPSec) guarantees the data privacy and integrity of IP packets, regardless of how the application used the sockets. This means any application, as long as it uses IP to send data, will benefit from the underlying secure IP network. Nothing has to be rewritten or modified; it even is possible that users wont be aware their data is being processed through encrypting devices. This solution is the most transparent one for end users and the one most likely to be adopted in the future in the widest range of situations. The main drawback of IPSsec lies in its intrinsic infrastructural complexity, which demands several components to work properly. IPSec deployment must be planned and carri ed out by network administrators, and it is less likely to be adopted directly by end users. TLSs advantage over IPSec: The advantage of TLS over generic application-level security mechanisms is the application no longer has the burden of encrypting user data. Using a special socket and API, the communication is secured. The problem with TLS is an application wishing to exploit its functionality must be written explicitly in order to do so (see Resources). Existing applications, which constitute the majority of data producers on the Internet, cannot take advantage of the encryption facilities provided by TLS without being rewritten. Think of the common applications we use everyday: mail clients, web browsers on sites without HTTPS, IRC channels, peer-to-peer file sharing systems and so on. Also, most network services (such as mail relays, DNS servers, routing protocols) currently run over plain sockets, exchanging vital information as clear text and only seldomly adopting application-level counter-measures (mostly integrity checks, such as MD5 sums).   IGMP IGMP is a protocol used by IP hosts, and adjacent multicast network devices to identify their memberships. If they are part of the same multicast group they communicate with each other. ICMP communicates 1 to 1.IGMP communicates 1 to many.   Establish Multicast group We describe a distributed architecture for managing multicast addresses in the global Internet. A multicast address space partitioning scheme is proposed, based on the Unicast host address and a per-host address management entity. By noting that port numbers are an integral part of end-to-end multicast addressing we present a single, unified solution to the two problems of dynamic multicast address management and port resolution. We then present a framework for the evaluation of multicast address management schemes, and use it to compare our design with three approaches, as well as a random allocation strategy. The criteria used for the evaluation are blocking probability and consistency, address acquisition delay, the load on address management entities, robustness against failures, and processing and communications overhead. With the distributed scheme the probability of blocking for address acquisition is reduced by several orders of magnitude, to insignificant levels, while consi stency is maintained. At the same time, the address acquisition delay is reduced to a minimum by serving the request within the host itself. It is also shown that the scheme generates much less control traffic, is more robust against failures, and puts much less load on address management entities as compared with the other three schemes. The random allocation strategy is shown to be attractive primarily due to its simplicity, although it does have several drawbacks stemming from its lack of consistency (addresses may be allocated more than once) The Routing and Remote Access administrative tool is used to enable routing on a Windows 2000 server that is multihomed (has more than one network card). Windows 2000 professional cannot be a router. The Routing and Remote Access administrative tool or the route command line utility can be used to con a static router and add a routing table. A routing table is required for static routing. Dynamic routing does not require a routing table since the table is built by software. Dynamic routing does require additional protocols to be installed on the computer. When using the Routing and Remote Access tool, the following information is entered: Interface Specify the network card that the route applies to which is where the packets will come from. Destination Specify the network address that the packets are going to such as 192.168.1.0. Network Mask The subnet mask of the destination network. Gateway The IP address of the network card on the network that is cond to forward the packets such as 192.168.1.1. Metric The number of routers that packets must pass through to reach the intended network. If there are more than 1, the Gateway address will not match the network address of the destination network.   Dynamic Routing Windows 2000 Server supports Network Address Translation (NAT) and DHCP relay agent. Three Windows 2000 supported Dynamic routing protocols are: Routing Information Protocol (RIP) version 2 for IP Open Shortest Path First (OSPF) Internet Group Management Protocol (IGMP) version 2 with router or proxy support. The Routing and Remote Access tool is used to install, con, and monitor these protocols and routing functions. After any of these dynamic routing protocols are installed, they must be cond to use one or more routing interfaces.   Protocol Independent Multicast (PIM): This document describes an architecture for efficiently routing to multicast groups that may span wide-area (and inter-domain) internets. We refer to the approach as Protocol Independent Multicast (PIM) because it is not dependent on any particular unicast routing protocol. The most significant innovation in this architecture is the efficient support of sparse, wide area groups. This sparse mode (SM) of operation complements the traditional { dense-mode} approach to multicast routing for campus networks, as developed by Deering [2][3] and implemented previously in MOSPF and DVMRP [4][5]. These traditional dense mode multicast schemes were intended for use within regions where a group is widely represented or bandwidth is universally plentiful. However, when group members, and senders to those group members, are distributed sparsely across a wide area, these schemes are not efficient; data packets (in the case of DVMRP) or membership report information (in the case of MOSPF) are occasionally sent over many links that do not lead to receivers or senders, respectively. The purpose of this work is to develop a multicast routing architecture that efficiently establishes distribution trees even when some or all members are sparsely distributed. Efficiency is evaluated in terms of the state, control message, and data packet overhead required across the entire network in order to deliver data packets to the members of the group.   The Protocol Independent Multicast (PIM) architecture: maintains the traditional IP multicast service model of receiver-initiated membership; can be cond to adapt to different multicast group and network characteristics; is not dependent on a specific unicast routing protocol; uses soft-state mechanisms to adapt to underlying network conditions and group dynamics. The robustness, flexibility, and scaling properties of this architecture make it well suited to large heterogeneous inter-networks. This document describes an architecture for efficiently routing to multicast groups that may span wide-area (and inter-domain) internets. We refer to the approach as Protocol Independent Multicast (PIM) because it is not dependent on any particular unicast routing protocol. The most significant innovation in this architecture is the efficient support of sparse, wide area groups. This sparse mode (SM) of operation complements the traditional { dense-mode} approach to multicast routing for campus networks, as developed by Deering [2][3] and implemented previously in MOSPF and DVMRP [4][5]. These traditional dense mode multicast schemes were intended for use within regions where a group is widely represented or bandwidth is universally plentiful. However, when group members, and senders to those group members, are distributed sparsely across a wide area, these schemes are not efficient; data packets (in the case of DVMRP) or membership report information (in the case of MOSPF) are occas ionally sent over many links that do not lead to receivers or senders, respectively. The purpose of this work is to develop a multicast routing architecture that efficiently establishes distribution trees even when some or all members are sparsely distributed. Efficiency is evaluated in terms of the state, control message, and data packet overhead required across the entire network in order to deliver data packets to the members of the group. A user of an internet- connected pc, Adam; send an email message to another internet connected pc user beryl. 1. Outlinethe function of four internet host that would normally be involved be involved in this task. . : 1. Adams Computer : :2. Server of Adams Internet Service Provider : : 3. Server of Beryls Internet Service Provider: :4. Beryls Computer : . This program allows you to build and deal with a large mailing list, and to create modified messages from predefined templates while sending. It lets you define multiple independent SMTP server connections and will utilize the latest in multithreading technology, to send emails to you as fast as it is possible. You can use all the standard message formats like plain text, HTML or even create a rich content message in the Microsoft Outlook Express and export it into the program. The interface of the program is very simple and easy to learn nearly all functions can be performed using hotkeys on the keyboard. E-mail is a growing source of an enterprises records and needs to be treated as any written memo, letter or report has been treated. The information in e-mail has the potential to add to the enterprises knowledge assets, from interactions with the users or customers in the enterprise to interactions with colleagues overseas. 2. List the internet protocol which would be used in this task. Internet Protocol (IP) is packet-based protocol that allows dissimilar hosts to connect to each other for the purpose of delivering data across the resulting networks. Applications combine IP with a higher- level protocol called Transport Control Protocol (TCP), which establishes a virtual connection between a destination and a source. IP by itself is something like the postal system. It allows you to address a package and drop it in the system, but theres no direct link between you and the recipient. . : 1. HTTP : :2. IMAP(Version 4): : 3.SMTP : :4.POP (Version 3) : .   HTTP (Hyper-Text Transfer Protocol) is the underlying protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. HTTP/1.0, as defined by RFC 1945 [6], improved the protocol by allowing messages to be in the format of MIME-like messages, containing meta information about the data transferred and modifiers on the request/response semantics.   IMAP4 (Internet Message Access Protocol) A mail protocol that provides management of received messages on a remote server. The user can review headers, create or delete folders/mailboxes and messages, and search contents remotely without downloading. It includes more functions than the similar POP protocol.   POP3 (Post Office Protocol 3) is the most recent version of a standard protocol for receiving e-mail. POP3 is a client/server protocol in which e-mail is received and held for you by your Internet server. Periodically, you (or your client e-mail receiver) check your mail-box on the server and download any mail, probably using POP3. This standard protocol is built into most popular e-mail products, such as Eudora and Outlook Express. Its also built into the Netscape and Microsoft Internet Explorer browsers. POP3 is designed to delete mail on the server as soon as the user has downloaded it. However, some implementations allow users or an administrator to specify that mail be saved for some period of time. POP can be thought of as a store-and-forward service.   SMTP (Simple Mail Transfer Protocol) is a TCP/IP protocol used in sending and receiving e-mail. However, since it is limited in its ability to queue messages at the receiving end, it is usually used with one of two other protocols, POP3 or IMAP, that let the user save messages in a server mailbox and download them periodically from the server. In other words, users typically use a program that uses SMTP for sending e-mail and either POP3 or IMAP for receiving e-mail. On Unix-based systems, send mail is the most widely-used SMTP server for e-mail. A commercial package, Send mail, includes a POP3 server. Microsoft Exchange includes an SMTP server and can also be set up to include POP3 support. SMTP usually is implemented to operate over Internet port 25. An alternative to SMTP that is widely used in Europe is X.400. Many mail servers now support Extended Simple Mail Transfer Protocol (ESMTP), which allows multimedia files to be delivered as e-mail. 3. Taking the case that the message include the text please find attached abstract and 1. as well as in MS-Word format and an attachment in jpeg, list format of the send mail messages. .. : 1. MIME : ..   MIME (Multi-Purpose Internet Mail Extensions) is an extension of the original Internet e-mail protocol that lets people use the protocol to exchange different kinds of data files on the Internet: audio, video, images, application programs, and other kinds, as well as the ASCII text handled in the original protocol, the Simple Mail Transport Protocol (SMTP). In 1991, Nathan Borenstein of Bellcore proposed to the IETF that SMTP be extended so that Internet (but mainly Web) clients and servers could recognize and handle other kinds of data than ASCII text. As a result, new file types were added to mail as a supported Internet Protocol file type. Servers insert the MIME header at the beginning of any Web transmission. Clients use this header to select an appropriate player application for the type of data the header indicates. Some of these players are built into the Web client or browser (for example, all browsers come with GIF and JPEG image players as well as the ability to handle HTML files). 4. How would received message differ the sent messages? The email address that receives messages sent from users who click  ¿Ã‚ ½reply ¿Ã‚ ½ in their email clients. Can differ from the  ¿Ã‚ ½from ¿Ã‚ ½address which can be an automated or unmonitored email address used only to send messages to a distribution list.  ¿Ã‚ ½Reply-to ¿Ã‚ ½ should always be a monitored address.   IPv4: Internet Protocol (Version 4) The Internet Protocol (IP) is a network-layer (Layer 3) protocol in the OSI model that contains addressing information and some control information to enable packets being routed in network. IP is the primary network-layer protocol in the TCP/IP protocol suite. Along with the Transmission Control Protocol (TCP), IP represents the heart of the Internet protocols. IP is equally well suited for both LAN and WAN communications. IP (Internet Protocol) has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through a network; and providing fragmentation and reassembly of datagrams to support data links with different maximum-transmission unit (MTU) sizes. The IP addressing scheme is integral to the process of routing IP datagrams through an internetwork. Each IP address has specific components and follows a basic format. These IP addresses can be subdivided and used to create addresses for sub networks. Each computer (known as host) on a TCP/IP network is assigned a unique logical address (32-bit in IPv4) that is divided into two main parts: the network number and the host number. The network number identifies a network and must be assigned by the Internet Network Information Center (InterNIC) if the network is to be part of the Internet. An Internet Service Provider (ISP) can obtain blocks of network addresses from the InterNIC and can itself assign address space as nece ssary. The host number identifies a host on a network and is assigned by the local network administrator.   IPv6 (IPng): Internet Protocol version 6 IPv6 is the new version of Internet Protocol (IP) based on IPv4, a network-layer (Layer 3) protocol that contains addressing information and some control information enabling packets to be routed in the network. There are two basic IP versions: IPv4 and IPv6. IPv6 is also called next generation IP or IPng. IPv4 and IPv6 are de-multiplexed at the media layer. For example, IPv6 packets are carried over Ethernet with the content type 86DD (hexadecimal) instead of IPv4s 0800. The IPv4 is described in separate documents. IPv6 increases the IP address size from 32 bits to 128 bits, to support more levels of addressing hierarchy, a much greater number of addressable nodes, and simpler auto-configuration of addresses. IPv6 addresses are expressed in hexadecimal format (base 16) which allows not only numerals (0-9) but a few characters as well (a-f). A sample ipv6 address looks like: 3ffe: ffff: 100:f101:210:a4ff:fee3:9566. Scalability of multicast addresses is introduced. A new type of address called an any cast address is also defined, to send a packet to any one of a group of nodes. Two major improvements in IPv6 vs. v4: * Improved support for extensions and options IPv6 options are placed in separate headers that are located between the IPv6 header and the transport layer header. Changes in the way IP header options are encoded to allow more efficient forwarding, less stringent limits on the length of options, and greater flexibility for introducing new options in the future.  · Flow labeling capability A new capability has been added to enable the labeling of packets belonging to particular traffic flows for which the sender requests special handling, such as non-default Quality of Service or real-time service.   Comparison between IPv6 with IPv4 Data structure of IPv6 has modified as follows: Header length field found in IPv4 is removed in IPv6. Type of Service field found in IPv4 has been replaced with Priority field in IPv6. Time to live field found in IPv4 has been replaced with Hop Limit in IPv6. Total Length field has been replaced with Payload Length field Protocol field has been replaced with Next Header field Source Address and Destination Address has been increased from 32-bits to 128-bits.   Major Similarities IPv6 with IPv4 Both protocols provide loopback addresses. IPv6 multicast achieves the same purpose that IPv4 broadcast does. Both allow the user to determine datagram size, and the maximum number of hops before termination. Both provide connectionless delivery service (datagrams routed independently). Both are best effort datagram delivery services.   Major Differences between IPv6 with IPv4 IPv6 host to IPv6 host routing via IPv4 network: Here, IPv6 over IPv4 tunneling is required to send a datagram. IPv6 packets are encapsulated within IPv4 packets, allowing travel over IPv4 routing infrastructures to reach an IPv6 host on the other side of the .IPv6 over IPv4 tunnel. The two different types of tunneling are automatic and cond. For a cond tunnel, the IPv6 to IPv4 mappings, at tunnel endpoints, have to be manually specified. Automatic tunneling eases tunneling, but nullifies the advantages of using the 128-bit address space. IPv6 host to IPv4 host and vice versa: The device that converts IPv6 packets to IPv4 packets (a dual IP stack/ dual stack router) allows a host to access both IPv4 and IPv6 resources for communication. A dual IP stack routes as well as converts between IPv4 and IPv6 datagrams ICMP: IPv6 enhances ICMP with ICMPv6. The messages are grouped as informational and error. An ICMPv6 message can contain much more information. The rules for message handling are stricter. ICMPv6 uses the Neighbor Discovery Protocol. New messages have been added also. Absence of ARP RARP:

Manage Recruitment, Selection & Induction Essay

Question 1: Explain the role of probation as part of the recruitment process. All new staff employees are required to serve a probationary period. The probationary period allows the Department and the employee the opportunity to assess each others suitability. It is the responsibility of the Supervisor to continually review the services of staff on probation. An employee must be consulted if there are any problems with performance. Question 2: Explain the term ‘merit selection’ and its implication on equal employment opportunity. Selection based on merit is where the best possible match is made between qualifications, knowledge, skills, abilities and relevant experience of the applicants, and the selection criteria in the Position Description. When assessing applicants, only selection criteria are taken into account; that is, unlawful discrimination based on other applicant characteristics must not occur. In the case of casual and sessional staff, merit is determined by assessing applicants qualifications, skills, knowledge and experience against the duties to be performed. Question 3: Explain the relevant terms and conditions of employment. Not every code of practice of the employer which is referenced within the contract may have any force, but rather, can be used as a guideline. Therefore, when considering whether or not a specific document imposes contractual obligations, the test to be applied in determining intention, is whether a reasonable person would come to the conclusion that the person making the promise, had the intention of being bound by the statement. Question 4: Explain at least 2 valid psychometric testing that you can use in your selection process. Aptitude or Ability Tests Aptitude or ability tests provide information on a person’s ability to perform certain tasks and their potential to learn and understand new information and tasks. The tests cover skills such as: Verbal reasoning (critical evaluation of written information) Comprehension/grammar Numerical reasoning (logical interpretation of numerical and statistical information) Abstract, mechanical or spatial reasoning (pattern recognition) Information checking (checking errors / attention to detail tasks) IQ (how quickly you can learn and master a new task) They can be designed to indicate suitability for specific tasks eg computing, keyboard or foreign?language skills. Work style questionnaires (personality/motivation/Emotional Intelligence) Work style questionnaires or inventories are concerned with how you typically behave, such as?the way you relate to others or the way you approach and solve problems. They generally?explore personality characteristics relevant to the world of work. To answer the questions you often need to think about what you would do in a work situation. If you have no formal work experience, think about how you behave in similar situations such as voluntary work, university activities or when you are participating in your hobbies. Work style questionnaires look at factors such as: Ways of thinking, feeling and acting in different situations Interpersonal style, conflict style, leadership style Patterns of coping with stress Interests – how much do you like carrying out various types of activities at work. Motivations – look at the energy with which you approach your work, and the different conditions which increase or decrease your motivation. Work values– what factors make work worthwhile for you How you interpret your own and others emotions and behaviours Question 5: A. Explain the term outsourcing? Outsourcing is the act of one company contracting with another company to provide services that might otherwise be performed by in-house employees. Often the tasks that are outsourced could be performed by the company itself, but in many cases there are financial advantages that come from outsourcing. Many large companies now outsource jobs such as call center services, e-mail services, and payroll. These jobs are handled by separate companies that specialize in each service, and are often located overseas. b. What functions can Human Resources outsource in terms of recruitment selection and induction, please states advantages and disadvantages of each. Functions include: – Employee assistance/counseling – Retirement planning help – Pension administration – Temporary staffing – Background checks – Training and management development programs – Executive development and coaching – Health care benefits administration – Employee benefit administration – Payroll – Risk management – Executive staffing – Employee relocation – HRIS selection, training implementation – Recruitment – Executive compensation and incentive plans – Policy writing – Administration of compensation/incentive plans – Wage and salary administration Advantages Brings new ideas/talent into the organization get needed competencies Helps organization get needed competencies Provides cross-industry insights May reduce training costs Helps organization meet equal employment opportunity/affirmative action goals Disadvantages May result in misp lacements? Increases recruitment costs? May cause morale problems for internal candidates? Requires longer orientation or adjustment time Question 6: Research the following links to assist you in your answer. a) What is the role of the HREOC? Leading the promotion and protection of human rights in Australia by: Making human rights values part of everyday life and language. Empowering all people to understand and exercise their human rights. Working with individuals, community, business and government to inspire action. Keeping government accountable to national and international human rights standards. Securing an Australian charter of rights. b) What types of complaint can you make to the Commission The Australian Human Rights Commission can investigate and resolve complaints of discrimination, harassment and bullying based on a person’s: Sex, including pregnancy, marital status, breastfeeding, family responsibilities and sexual harassment Disability, including temporary and permanent disabilities; physical, intellectual, sensory, psychiatric disabilities, diseases or illnesses; medical conditions; work related injuries; past, present and future disabilities; and association with a person with a disability Race, including colour, descent, national or ethnic origin, immigrant status and racial hatred Age, covering young people and older people sexual preference, criminal record, trade union activity, political opinion, religion or social origin (in employment only) c) Human Rights and Equal Opportunity Commission Act 1986 Grounds of discrimination – Breaches of human rights by any Commonwealth body or agency and discrimination in employment on the basis of race, colour, sex, religion, political opinion, national extraction, social origin, age, medical record, criminal record, marital status, impairment, disability, nationality, sexual preference, trade union activity. Areas covered – Commonwealth body or agency; employment and occupation. Process for decision making – Complaint must be in writing. It is then assessed and if within jurisdiction is investigated. If complaint is not declined, conciliation is attempted. If it cannot be conciliated, the Commission prepares a report to the federal Attorney General who then tables the report in Parliament. Question 7 : Summarise the national 10 privacy principles. There are ten National Privacy Principles (NPPs) that regulate how private sector organizations manage personal information. They cover the collection, use and disclosure, and secure management of personal information. They also allow individuals to access that information and have it corrected if it is wrong. NPP 1: collection – Describes what an organization should do when collecting personal information and what is told to the individual on collection. NPP 2: use and disclosure – Outlines how organization discloses and uses individual personal information. Under certain conditions and organization doesn’t always need the individuals consent to disclose personal information. NPPs 3 & 4: information quality and security – An organisation must take steps to ensure the personal information it holds is accurate and up-to-date, and is kept secure from unauthorised use or access. NPP 5: openness – An organisation must have a policy on how it manages personal information, and make it available to anyone who asks for it. NPP 6: access and correction – Gives individuals a general right of access to their personal information, and the right to have that information corrected if it is inaccurate, incomplete or out-of-date. NPP 7: identifiers – Generally prevents an organisation from adopting an Australian Government identifier for an individual (e.g. Medicare numbers) as its own. NPP 8: anonymity – Where possible, organisations must give individuals the opportunity to do business with them without the individual having to identify themselves. NPP 9: transborder data flows – Outlines how organisations should protect personal information that they transfer outside Australia. NPP 10: sensitive information – Sensitive information includes information such as health, racial or ethnic background, or criminal record. Higher standards apply to the handling of sensitive information. Question 8: List the elements contained in a contract of employment. The full name of employer and employee The address of the employer The place of work The title of job or nature of work The date the employment started If the contract is temporary, the expected duration of the contract If the contract of employment is for a fixed term, the details Details of rest periods and breaks as required by law The rate of pay or method of calculation of pay The pay reference period for the purposes of the National Minimum Wage Act 2000 Pay intervals Hours of work That the employee has the right to ask the employer for a written statement of his/her average hourly rate of pay as provided for in the National Minimum Wage Act 2000 Details of paid leave Sick pay and pension (if any) Period of notice to be given by employer or employee Details of any collective agreements that may affect the employee’s terms of employment

Letter to Newspaper Essay

Traditionally adult learners are students who are pursuing education in either, college (undergraduate or graduate degrees), vocational or occupational programs, continuing education or noncredit courses, correspondence courses and tutoring, as well as courses and other educational activities provided by employers, community groups, and other providers (â€Å"Adult Learner,† 2012). The average age of an adult learner is 25 years or older, it usually is a diverse group of people (â€Å"Adult Learner,† 2012). These adult learners can be an independent student, employed full time, a person with dependents, a person who as a result of a death or divorce, is now single and wishes to complete a degree program and a veteran of the United States military (â€Å"Adult Learner,† 2012). There also the lifelong learners who generally have additional responsibilities such as family, career, military, or community, and are seeking a degree or other educational offering to enha nce their professional and or personal lives (â€Å"Adult Learner,† 2012). Education is any formally structured learning activity in which there are an instructor and curriculum. According to Bringhamton University (2012), the largest and fastest expanding market segment for higher education is the adult learner. Universities and colleges need to adjust their infrastructure to attract better and serve adult learners. There is less high school graduates entering colleges versus the adult learner (â€Å"Demographics,† 2012). With less traditional aged students and more non-traditional or adult learners there will be less public support, political leverage, and legislative support to finance an educational system that is designed primarily to serve the needs of traditional aged students without considering the special needs of a more age diverse student body (â€Å"Demographics,† 2012). There is a push in Washington for more federal dollars in adult training. They believe the  return on investment (ROI) from adult education and training is posi tive as billions of dollars could be earned, saved, and pumped back into the struggling economy (Gonzalez, 2011). The argument at capital is that adult education actually saves governments money by reducing societal healthcare, public assistance, and incarceration costs. It also improves and expands the nation’s available pool of workers by helping motivated, but undereducated people get jobs (Gonzalez, 2011). The theory of adult learning is the assumptions about how adults learn. Emphasizes the value of the process of learning in adults (â€Å"Adult Learning Theory,† 2007). Malcom Knowles and American practitioner and theorist of adult education defined is as an art and science of helping adults learn (â€Å"Adult Learning Theory,† 2007). Knowles also defined six adult learning principles as adults are internally motivated and self-directed, adults bring life experiences and knowledge to learning experiences and are goal orientated. They also relevancy oriented and are practical learners who like to be respected when in the classroom (â€Å"Adult Learning Theory,† 20 07). As educators, we need to foster the adult learner’s internal motivation to learn. Develop a rapport with the adult learner, encourage them to ask questions and explore concepts. Some adult learners come with years of experience and knowledge, with this as an instructor or teacher we need to harvest this information and have them apply it to their new learning experiences. The need to for effective adult education over the past few years have increased. It is important we support adult learners. As with the increasing adult learning population, we are also increasing our nation’s available pool of workers. It is important that we invest in adult education as it nurture’s creativity, imagination and fulfilling lives. Investing in adult education is also important for families, communities and our country as a whole. Education is an important first step for some adult learners as it is a second chance in learning. Adult education is a great way for students that didn’t finish high school to get their high school diploma and continue on with their lives. Adult education is usually at night, so that the adults who attend it may still continue to go to work. This allows theses adults to continue to progress in their lives while adding more education to their resume and mind. References Becoming familiar with adult learning theory and the six principles of adult learning. (2007). Retrieved from http://www.qotfc.edu.au/resource/?page=65375 Gonzalez, J. (2011). Adult-education leaders visit capitol hill to push for more federal dollars. The Chronicle of Higher Education. Retrieved from http://chronicle.com/article/Adult-Education-Leaders-Visit/127448/ The effects of changing demographics on higher education. (2012). Retrieved from http://www.binghamton.edu/cice/documents/NYSTAKeynotePPT.pdf Who is an adult learner? (2012). Retrieved from http://universitycollege.illinoisstate.edu/adult/who.shtml

India as an Emerging Market Free Essay Example, 2750 words

The particular Sectors in India’s Industrial Infrastructure that have been key to the economy are in the areas of: automotive, banking, communications, education and infrastructure. In the automotive sector, India has become quite competitive with the industry having both global and local players. India is an original equipment manufacturer (OEM) of: motorcycles, passenger cars, trucks and others; with major global players like Hyundai, Toyota and Bosch and local participants such as Tata, Maruti, Biston and Sundarm (Sennik when all is said and done the local players however usually have the largest shares of the market. The growth in India’s domestic and export automotive markets is often influenced by certain factors such as rising incomes, increasing urbanization, cost competitiveness, skilled manpower, favorable government policies as well as a strong GDP. Therefore, success in the Indian auto market is possible if companies follow a proven pathway. Banking in India has three-pronged regulatory framework: the insurance regulatory and development authority that oversees the insurance industry, the reserve bank of India that often controls scheduled commercial banks, financial institutions, cooperative banks and non-banking finance companies and the last framework being the securities and exchange board of India which often covers mutual funds and capital market intermediaries. We will write a custom essay sample on India as an Emerging Market or any topic specifically for you Only $17.96 $11.86/pageorder now India’s banking sector is strengthened by the large sums of cash that come from the household savings. Foreign banks operating in the country also have a positive track record of flourishing through establishing branches in already existing banks. This is because they are unable to stand independently due to existing entry barriers that are as a result of regulations in place. Banks growth in the Indian market is usually upheld by either one of the four different strategies: Organic growth by investing in green-field presence, investing in already existing financial institutions, forming joint ventures with banks already in place or by launching non-bank financial institutions like funds or fund management services. Of all foreign banks Standard Chartered is the largest and most profitable player in the Indian market. Communication as an industrial infrastructure in India continues to experience great growth and remains highly competitive.