Bolwbys theory of attachment Essay

Outline and Evaluate Bowlby’s Evolutionary Theory of Attachment. (12mark) Attachment can be described using two theories, one being Bowlby’s attachment theory which is based on an evolutionary perspective. The theory suggests that evolution has produced a behaviour that is essential to the survival to allow the passing on of genes. An infant that keeps close to their mother is more likely to survive. The traits that lead to that attachment will be naturally selected. Bowlby has the idea that attachment has evolved and it is innate as it increases the likelihood of survival and reproduction, he suggests that children are already born with this innate drive and that they were born to perform these behaviours and born to attain attachment. To enhance the survival of their offspring caregiving is also adaptive and we are born to care for our children. He suggests that infants were born with social releasers (for example: crying/smiling) which encourage caregiving. Bowlby also suggests that there is a best time to form an attachment, this is called the sensitive period where infants are most sensitive to development of attachments and Bowlby would suggest that this is when the child is 3-6 months old. However, attachment can still take place at other times but it becomes increasingly difficult. Attachment acts as a secure base for exploration, which influences independence rather than dependence. Bowlby argues that infants form a single special attachment with one particular attachment figure, usually the mother. This is called monotropy. Other attachments may develop in a hierarchy. An infant may therefore have a primary monotropy attachment to its mother, and below her the hierarchy of attachments might include its father, siblings, grandparents, etc. Another key feature of Bowlby’s theory is that the infant develops an internal working model of relationships that guides relationship behaviour as an older child and an adult. This leads to the continuity hypothesis and the view that there is a link between the early attachment and later emotional behaviour. A strength of this theory is that research appears to suggest that once the sensitive period has passed it is difficult to form attachments. Hodges and Tizard (1989) found that children who have formed no attachments had later difficulties with their peers. This therefore supports Bowlby’s concept of a sensitive period during which infants are most sensitive to the development of attachments. Another strength is that if attachment did evolve as Bowlby suggests then we would expect attachment and caregiving to be universal. Tronick et all (1992) studied an African family tribe where infants were fed by different women but slept with their own mother at night. However, despite this, after six months the children all still showed one primary attachment. This supports the view that we are born to attain attachment because attachment and caregiving are universal and not influenced by different cultures. Finally, Bowlby suggested that infants form multiple attachments which then form a hierarchy and there is much evidence to support this. The study by Schaffer and Emerson also found that most infants have many attachments. They reported that there was little relationship between time spent together and attachment. This suggests that it is the quality of caregiving rather than the quantity of it. This supports Bowlby’s theory because it goes against the Learning theory as the learning theory suggests that food is the main key to developing an attachment. A weakness of this theory is the multiple attachment model as this model suggests that there are no primary and secondary attachments but instead they are all integrated into one single model. Grossman and Grossman researched infant-father attachment and found that there is a key role for the father’s in social development. This is a criticism because Grossman and Grossman are suggesting that there is not one particular figure as Bowlby suggests but that fathers and mothers both play a role in the development of a child and therefore they both are as important as each other. Another weakness includes the internal working model as according to Bowlby it is expected that children form similar attachments with all people because they are working from the same model. Lamb (1977) found that some children form secure relationships with their mothers and insecure relationships with their fathers. This suggests that there is more to attachment than just a sensitive response to a social releaser. Kagan (1984) found that children have an innate temperament, e. g. easy going or difficult, that influences early attachments with their caregivers and later relationships when they are adults. This is called temperament hypothesis. This means that attachments form as a result of temperament not an innate gene for attachment.

Book Review of a Thousand Splendid Suns

Book Review of A Thousand Splendid Suns 17th century Afghanistan poet Saib-e-Tabrizi wrote this commendatory poem after visiting Kabul. ‘Every street of Kabul is enthralling to the eye; Through the bazaars, caravans of Egypt pass; One could not count the moons that shimmer on her roofs; And the thousand splendid suns that hide behind her walls. ’ In this world there are still many women say that they are suffering unfair treatment and demand for the right to vote, the right to manage.But to the women who had experienced two Afghanistan war (The first time Afghanistan war: from 1979 to 1989, the former Soviet Union armed invasion of Afghanistan. Second Afghanistan war: the second Afghanistan war in 2001 is based on United States-led coalition forces on October 7, 2001 for Afghanistan war cover to the Organization and the Taliban, for the United States on the revenge of the 911 incident, also marks the start of the war against terrorism. Not ended. ), the only thing what t hey want is to live.Khaled Hosseini has lived in the United States since he was fifteen years old and is an American citizen. His 2003 debut novel, The Kite Runner, was an international bestseller, selling more than 12 million copies worldwide. His second, A Thousand Splendid Suns, was released on May 22, 2007. In 2008, the book was the bestselling novel in Britain (as of April 11, 2008), with more than 700,000 copies sold. In 2006, he was appointed United Nations High Commissioner for Refugees (Office) goodwill ambassadors, currently residing in Northern California.The Buffalo News says ‘Hosseini's literary abilities are such that he is able to do what all great artists do: take individual stories and, through the alchemy of insight, compassion and expression, universalize them—thereby turning them into art. ’ For reasons why he wrote this novel, Khaled Hosseini is saying ‘ although life is filled with pain and bitterness but each a sad plot can let people see hope in the Sun. Each faces behind dusty has a soul. Dedicated to Afghanistan's women.In 2003, returning to Kabul I see wearing traditional female twos and threes to go masked costume in the streets, was trailing behind their children dressed in rags, begging passers-by give change. At that moment, I would like to know, where they have been taken to life. What they dream, hope and desire? Did they talk about love? Husband how man? Spread in Afghanistan in the years to 20 years of war, they lost what? I talked with many women in Kabul; their stories are real people and heart.When I began to write of the thousand splendid Suns (a Thousand Splendid Suns), I find myself constantly think of those full of toughness of Afghanistan women. I though they may not be thrown describing Laila or Mariam source of inspiration for the role of the story, however their voices, faces and life stories of perseverance has always haunted me, and about the novel, I had a most inspiring is from Afghani stan collective spiritual power of women. ’ Mariam (She is my favorite role in this book), the illegitimate child of a Herat businessman, is forced into a loveless marriage at age fifteen to a middle-aged Kabul shoemaker, Rasheed.He demands absolute obedience from his spouse, as well as strict observance of Islamic customs restricting the movement, appearance and attire of women. In the early years of their marriage, Rasheed's mandates run counter to the modernizing forces in Kabul, where many women hold professional jobs, teach at the university, or run for public office. But with the rise of the Taliban, a whole society falls into lockstep with these dictates of Sharia, traditional Muslim law.Laila, a woman young enough to be Mariam's daughter, becomes a reluctant member of this household, when her parents are killed in a bombing, and all her friends have either die d or departed from Kabul. Rasheed takes her on as a second wife, and his bullying and overbearing behavior gr ow all the worse as the two women band together to resist his authoritarian control over their lives. When they try to escape, an Afghani man betrays them at the bus station and takes Laila's hard-saved money. This makes Rasheed even more abusive.A few years later the Taliban come into town, and all the stereotypes of the Taliban are emphasized, as if Hosseini was given the charter to reinforce them. Mariam ends up killing Rasheed in trying to save Laila from being killed by him. So, Mariam is executed by the Taliban, who â€Å"cannot† accept her story because of her being a woman. Thus, Mariam's woeful existence comes to end. Her whole life is a necklace of tragic events, pieced together one after another. And with her death, the reader is left with an enduring sense of sadness for M ariam, especially in the fact that Hosseini never did give her a break in her fictional life.As for Laila, she ends up traveling to Pakistan to marry her original love(r), eventually returning b ack to Kabul to work with an orphanage. The novel traces the trials and tribulations of Mariam and Laila as they struggle for survival, and eventually plan for a daring escape attempt that puts them at odds. Not only with Rasheed, but also with an entire society that sees them as little more than chattel. Hosseini skillfully develops the complexities and predicaments of his plot, which constantly intersects with political and social events in recent Afghan history.When I saw this book, thinking it may like The Kite Runner; finally, we will smile for the happy ending. But I was wrong. I was shocked when I read to Mariam lastly dead in order for Laila’s escaping. In the past years, Mariam has been in a miserable life. A birth is being neighbors’ laugh at, played a trick on illegitimate. Once a month to see her father. Then, naively think can and live with the father, but has to face her mother's death and father’s betrayal. At the age of 15, she is arranged to mar ry Rasheed, a shoemaker from Kabul who is thirty years her senior Also is not out of the mother's grief is far to marry someone from distance. She turned to Jalil again,’ tell them. Tell them you won’t do this’ Waiting. A silence fell over the room. Jalil kept twirling his wedding band, with a bruised, helpless look on his face. From inside the cabinet, the clock ticked on and on. † When I saw here, I feel myself becoming Mariam, despite knowing the answer is ‘ no ‘ but also hope that their father would not do such cruel things. In Kabul, Mariam becomes pregnant seven successive times, but is never able to carry a child to term, and Rasheed gradually becomes more abusive. â€Å"His powerful hands clasped her jaw.He shoved two fingers into her mouth and pried it open, then forced the cold, hard pebbles into it. Mariam struggled against him, mumbling, but he kept pushing the pebbles in, his upper lip curled in a sneer. ‘Now chew,’ h e said. Through the mouthful of grit and pebbles, Mariam mumbled a plea. Tears were leaking out of the corners of her eyes. ‘CHEW! ’ he bellowed. A gust of his smoky breath slammed against her face. Mariam chewed. Something in the back of her mouth cracked. ’Good,’ Rasheed said. His cheeks were quivering. ‘Now you know what your rice tastes like.Now you know what you've given me in this marriage. Bad food, and nothing else. ‘Then he was gone, leaving Mariam to spit out pebbles, blood, and the fragments of two broken molars†. Beside the shortly peace time of weeding,, Mariam has always been that a dozen years of life. Full of cursing and render phase. Read here, how much I hope that she will be a turning point in life. She can have a happy life, a long time to heal he pain since childhood and adolescence. But life is often not as we expected. After Laila marry to Rasheed, Mariam's identity than wife more like a maid.Mariam also abhorred La ila, but after all, both they are poor women. So, when Mariam says â€Å"There's nothing more I want. Everything I'd ever wished for as a little girl, you've already given me. You and your children have made me so very happy. It's all right, Laila jo. This is all right. Don't be sad. â€Å"Laila could find no reasonable answer for anything Mariam said. But she rambled on anyway, incoherently, childishly, about fruit trees that awaited planting and chickens that waited rising. She went on about small houses in unnamed towns, and walks to trout filled lakes.And, in the end, when the words dried up, the tears did not, and all Laila could do was surrender and sob like a child over whelmed by an adult's unassailable logic. All she could do was roll herself up and bury her face one last time in the welcoming warmth of Mariam's lap. Later that morning, Mariam packed Zalmai a small lunch of bread and dried figs. For Aziza too she packed some figs, and a few cookies shaped like animals. Sh e put it all in a paper bag and gave it to Laila. â€Å"Kiss Aziza for me,† she said. â€Å"Tell her she is the noon of my eyes and the sultan of my heart.Will you do that for me? † I can not control my excitement and couldn't help but shed tears. This great Mariam, although she was so limited in education, her fate has been so bumpy. But she still pay her own life in exchange for the freedom of Laila . And finally, as she died lonely, was killed by Taliban with stones. Her fate was unfortunate. Her fate was always driven. Even if Her one day have mastered fate, ending is ironic. She is not demanding from fate what, a little happy, it will make them happy. ‘Mariam wished for so much in those final moments.Yet as she closed her eyes, it was not regret any longer but a sensation of abundant peace that washed over her. She thought of her entry into this world, the harami child of a lowly villager, an unintended thing, a pitiable, regrettable accident. A weed. And ye t she was leaving the world as a woman who had loved and been loved back. She was leaving it as a friend, a companion, a guardian. A mother. A person of consequence at last. No. It was not so bad, Mariam thought, that she should die this way. Not so bad. This was legitimate end to a life of illegitimate beginnings. This paragraph for Mariam after her and Laila killed Rasheed, at the end of the execution ground inner monologue. ) Fate did not forgive her, but she eventually forgave fate. She was patience, she is great. Than Mariam, I personally think that Laila is much more fortunate. She was born in a wealthy family, has a good education. But war deprived this beauty girl of happy life. She was forced to separate from her lover- Tariq and all her families died because of the war. Due to be alone in the world, she was forced married Rasheed.The girl's life was completely changed because of the war. It is no doubt that she felled from heaven into hell. But luckily the nice girl met be auty minded Mariam. Because Rasheed found that the first child is not his own, also began to maltreat her. All the good luck seemed to give the Laila. After Mariam and Laila’s escape failed, Laila met Tariq again on the streets of Kabul. Finally, Mariam and Laila killed their husband together. Mariam clocked all charges and let Laila peaceful leave with Tariq. Thanks author for Laila does a person know to be grateful. As she walks to her desk at the front of the class, Laila thinks of the naming game they'd played again over dinner the night before. It has become a nightly ritual ever since Laila gave Tariq and the children the news. Back and forth they go, making a case for their own choice. Tariq likes Mohammad. Zalmai, who has recently watched Superman on tape, is puzzled as to why an Afghan boy cannot be named Clark. Aziza is campaigning hard for Aman. Laila likes Omar . But the game involves only male names. Because if it's a girl, Laila has already named her. In the end of this novel, Laila with Tariq together go back to Kabul and set up a locally school. Laila do this in order to repay this piece of land and her Savior Mariam. Finally, I want to talk about on the Mariam and Laila common husband Rasheed. Mariam and Laila live in a patriarchal authoritarian society, where women must obey their fathers, husbands and sons, only a son can give them access to social status. Rasheed for their husbands, the â€Å"me, and do not allow cursing, screaming, begging and howling, only the daily routine of playing and being hit. And that violence is a social and legal recognition. To a certain extent, we should not condemn Rasheed. Although he married to the pretty young girl Laila by telling lies, said Tariq is dead. Has a very oppressive side of his character. He was the victim of the system. He not only represents himself, mapped out a malformation of social moral values. In Afghanistan even more we don't know where in the world, there are many men are affe cted by social oppression and do the same cruel treatment of women and children.This book makes me sigh, how many injustices and tribulations a woman can bear. Originally Jalil like Nana, instead finally came into Nana seduce Jalil; just because have no child, ridiculed in a wife bear husband ridicule, irony and even beatings; to innocent little lives in the stomach, Laila can give up name node, you can discard face, She can give up everything that she can give up. Afghanistan woman in the face of suffering like a snowflake falls in General on other people's Windows, quietly melting, no sound, no moaning, only silent obedience of loneliness and despair.But suffering does not make them progressive annihilation, but shaped their great personality and will. Beset the outbreak of war, disease, families of the lost, which, on their face with a bear patiently the calm, give them the desire to live more strongly. Any suffering won't make them shaken confidence in life, because in their min d, have no â€Å"disappointed†, not â€Å"sad†. Unfortunately for it, they must endure, and it is still affordable. Normally I'm more of an action-adventure type reader when it comes to novels and recreational reading.But I was given the chance to read A Thousand Splendid Suns by Khaled Hosseini (author of The Kite Runner), so I decided to try something out of my normal genre. I am so glad I did. This is a stunning and moving novel of life and love in Afghanistan over a 30 year period. And the past Afghanistan in my eyes has been always associated with wars, the Taliban, Bin Laden, displacement, terrorists and Jihad. By the author and his beautiful writing, I saw Afghan are yearning for freedom, hope in the future In our society now, from the films, books or other media, we tend to see are both indifference of humanity in a little bit.And this book tells the inexcusable age, two Afghanistan unlikely friendships between a woman and not destroying love story. Husseini st roke light, sincere, simple, time spans forty or fifty years, depicting two different character actress: Mariam and Laila, struggling their tragic twists and turns of fate, their stories heavy despair and warm bright, behind the sad story of the stubborn looking good and hope not to be destroyed. Through it, we should realize, that human society still need to love and trust. Humanity just like the splendid suns will follow in every corner of the world.

Humor, Satire, Irony, and Parody Essay Example | Topics and Well Written Essays - 1000 words

Humor, Satire, Irony, and Parody - Essay Example Z.† by M. Carl Holman, â€Å"A Visit from St. Sigmund† by K.J. Kennedy, and â€Å"AD† Kenneth Fearing. The sources will be identified first, then genre and themes will be discussed with that source. â€Å"Will and Grace† is first and foremost a drama. Since it involves actors it is a drama. Drama means to do in Greek, so some action must be taking place in a drama. In this particular episode, Will hurts his leg and becomes addicted to pills. While serious, some humor is involved in this particular episode. An example is when Will finds a tic tac instead of a pain killer. Irony was also be used in this episode. One example is when Grace exclaims â€Å"Crack whores are sneaky!† She does not mean Will is a crack whore, but is acting like one. Drama is mixed with irony and humor in this â€Å"Will and Grace† episode. This episode explains in a light way how a person can become addicted without even realizing it. â€Å"A Visit from St. Sigmund† by K.J. Kennedy is a parody and full of satire. This is formed in a poetry form. Taking the form of â€Å"A Night Before Christmas† this author chooses to attack Sigmund Freud and his psychotherapy. Parodies attack things the authors do not approve. Obviously in this poem, Kennedy does not approve of Sigmund Freud and his theories. Throughout the poem, psychology terms are used loosely. â€Å"Not an Ego was stirring, not even an Id,† or He drove a wheeled couch pulled by five fat psychoses† use Freud’s terms like Id, Ego, and psychoses with almost scorn. The line â€Å"And Mamma with her bar off and I on her lap† is a direct slap at Freud’s Oedipus complex. Kennedy mocks Freud in a blatant attempt to discredit him with parody. The satire is used in all of the above because the human vices Freud is trying to cure seems to be dismissed by Kennedy. â€Å"AD† by Kenneth Fearing is a poem that uses irony. This is a poem that was written during the

Nicaragua's vampire problem Essay Example | Topics and Well Written Essays - 250 words

Nicaragua's vampire problem - Essay Example Killing vampire bats is a vicious chain of never-ending diseases because of the variety of bats both harmful and beneficial. Rogers masterfully explains the confusion caused by these vampire bats by first dealing with the problem caused by these bats in the poor town of Nicaragua. He reveals how people are scandalized by the presence of these bats and how eventually the bats are killed and wiped off from the community altogether. Here Roger introduces a method of awareness by telling his readers that there are beneficial bats as well who take care of humans as they are involved in consuming insects, leading to pollination of flowers and lead to increase in forestation by throwing the seeds at different points. As opposed to the vampire bats, these bats do not transmit rabies. Roger employs another method to introduce his main purpose of the article. He informs the readers that in the process of killing all the bats, one neglects the fact that mosquito bites are even more deadly as they cause dengue fever. Killing beneficial bats hence increases the risk of another noxious disease. According to Roger the death of the various species of bats is not a positive sign. He chooses to inform the readers of this negligence in a roundabout manner so that they understand the gravity of the

Explication Paper Essay Example | Topics and Well Written Essays - 500 words

Explication Paper - Essay Example By use of the penny symbolism, the author shows that whites in that period prefer that blacks depended on them. The hat symbolism, however, does not have defined positive implications on the authors attempt to make it look that whites and blacks were now equal. In my view, it has a more profound reflection on the Africans reaction to the integration as described bellow. Morality: this theme tries to justify the reactions of the characters in the event of change which is the driving force behind the author’s ideas. Julian’s mother is condescending, as most white people with a conscience were during the days of slavery. However, she no prejudices towards any child even black ones. She maintains this stand even in the face of conflict. Caroline, Julian’s mother’s nanny, is a true representation of the ideal black women before the integration. When Julian’s mother calls out to Caroline, it is perhaps the author’s way of portraying the security and comfort whites derived from the past state of blacks. This reflects on the types of whites the author chose; she picked poor whites to represent her ideas. On another level, it can be the author’s way of portraying whites as the victims. In retrospect, the author tries to point out that the impact of wealth on social class. Julian represents the present American; he is hiding, behind the faà §ade of education, to justify his support for change. The black woman is a representation of black people in recent times. Her aggression against condescending whites is a reflection of black people’s feelings towards slavery and segregation. Back to the hat symbolism, it reflects the blacks need to be not equal to but like the whites. Style: third person narration is a style that stands out in this text as much as racial integration. This technique in my view gives the text a futuristic tag. Though debatable, this writing is still relevant

Culture and Organisations of Daimler Essay Example | Topics and Well Written Essays - 3500 words

Culture and Organisations of Daimler - Essay Example Two German automobile manufacturers Benz & Co. and Daimler Motor Company merged together in 1926 and named the new company Daimler-Benz. Its Mercedes cars were arguably the best example of German quality and engineering. Another merger came in 1998 when Daimler-Benz and U.S. based Chrysler Corporation, two leading global car manufacturers, agreed to combine their businesses which was then perceived to be a ‘merger of equals’ (Casestudy, 2008). This merger was supposed to be the third in the world in terms of revenues, market capitalization and earnings, ranking after GM and Ford. It was also considered to be fifth in terms of the number of passenger cars and trucks sold, ranking GM, Ford, Toyota and Volkswagen. However, within two years of the Daimler-Chrysler merger, the company suffered third quarter losses of more than half a billion dollars and in 2001 they slashed about 26000 jobs at its ailing Chrysler division. What was described as ‘marriage made in heavenà ¢â‚¬â„¢ in 1998, the Daimler-Chrysler merger proved to be a costly mistake for both the companies. In early 2007, Daimler was forced to sell 80 percent of Chrysler to private equity firm Cerberus Capital Management LLC which ended a nine-year merger. Critics believe that though strategically the merger made good business sense, the two organizations had contrasting culture and management styles that hindered the synergy. Organizations are no more constrained by national borders and partnerships are driven by the need to achieve economies of scale. The expected synergies fail because the cultural fit is ignored. Globalization may have brought companies and nations closer but the difference in organizational culture is perceivable. Culture has been recognized as a strong determinant of beliefs, attitudes and behavior. Research suggests that decision-makers give disproportionate attention to strategic fit as compared to integration

How to Keep A Good Job Essay Example | Topics and Well Written Essays - 500 words

How to Keep A Good Job - Essay Example Hence having a perspective is good, however keeping a few things to oneself is better for the period that the individual is at the job. b) Do not Excel at the Job nor underperform: At a job it is best not to try to excel, this is because it will cause unnecessary attention and talks in the office. Same is the case with underperformance. Hence it is best to keep a low profile and complete the job in hand at time and keep up with all the jobs that have been assigned. c) Make a Clear Decision: Making a clear decision as to the choice of wither staying or leaving the job needs to be planned and well decided. There is nothing worse than being on the edge and not being able to decide whether to stay or leave the job. This will only lead the person to show low performance and also unprofessional behaviour. It is however better if the plan is clear and if a person des want to leave the job, it is best to provide the employers with the notice and work professionally until the last day of the job to leave the place with a good name (MPR News, 2008). Also in some cases taking time out and thinking about the factors that affect the job is a good option rather than just jumping to conclusions. d) Be happy with the Job and No Complaints: In the current period having a job is a very great thing. It is essential that employees understand this and also do not complain about their job or the work that is involved in the job. It is always better to keep what one feels to themselves rather than sharing the issues within the office. At the current time the employers are not interested in the hearing the issues of the employees as the current economy is already quite taxing especially for the management. e) Being Content with the job and the salary: In the current period if one needs to keep the job it is essential to be content with the salary and to cope up with all the

College Essay Example | Topics and Well Written Essays - 500 words - 1

College - Essay Example One of the most valuable talents that I believe I can bring to the University of Wisconsin is my baseball game and capabilities. I have researched on the University of Wisconsin’s baseball team and found that the team is a regional champion. I believe I have what it takes to add onto an already stellar team. I first played baseball as a four year old for the neighborhood club. Since then, I have tried to be the best I can in baseball and been selected for the school teams throughout junior high school and, in my senior year at Elkhorn Area High School, I was chosen as team captain of the Varsity team. This was my second year on the Varsity team, and I believe that it is important for me to join a college that will offer me the chance to better my game. The varsity team is trying to qualify for the regional finals for the third year in a row, and this has tested my mettle greatly. However, it has taught me to take each game as a final and I believe this trait can be transmitted to other areas of my life, as well. As a dedicated baseball player, I find that there are times when I am alone, and in the solitude of the team’s afternoon jogs, my thoughts begin to wander to more significant events in my life. Late last year, my father was diagnosed with Stage 4 head and neck cancer and is now in remission. The man who for the longest time was my biggest baseball fan and motivator is living on what is more or less a definite timeline. However, in a quest to extend his life, he has exhibited great strength in the face of challenges that dwarf those I face with the Varsity team. Our goals in confronting our challenges are very different, but I always feel that every baseball win and medal I bring home gives him a sense of victory. Every time I recount how we almost lost a game but won at the death, he smiles proudly as if he was the one on the pitch with me. In a way, I think that my

Personal statement Essay Example | Topics and Well Written Essays - 500 words - 5

Personal statement - Essay Example First, I could tell her absolutely everything. For the first time in my life, Ive found someone with whom I could share my deepest, darkest secrets. She also did the same and revealed personal details about her family and everything else in her life. It was so good for me to be able to share everything with someone else who is not only close to me emotionally but also physically for a great portion of the day, and that I could always go to. Second, she became a wonderful source of support for me. No matter what I told her, no matter what I was going through, she is always there to support me, show her empathy and caring, and do whatever she can to help me and encourage me in everything I do and in every decision I make. She is also great in giving me advice, consulting me on what I should no. I cant even count the times that I relied on her great advice which helped me so much. Third, with her remarkable sense of humor, she can always make me laugh. Regardless of what Im going throug h or how sad or depressed I might be, she always succeeds in making me laugh and smile and be cheered up. Then and only then I can relate to my problems and think about them, of course with her assistance.

Comparison of Uncle Tom's Cabin(by Harriet Beecher Stowe and Surfacing Essay

Comparison of Uncle Tom's Cabin(by Harriet Beecher Stowe and Surfacing (byMargaret Atwood) - Essay Example In contrast, Stowe would show the transcendent in the ordinary life through the singularity of the individual. For Stowe, the individuals are unique not because they are very different from one another but because they are alike in being unique types of the same spiritual truth. Stowe presents a sentimental type of person, which is therefore presenting a taxonomic view of the individual. The individual mirrors a set of personal emotions which convery universal truths and moral claims that is replete with the complex and contrasting influences of the social, religious, and political discourses. In the opening scene of Uncle Tom’s cabin, Stowe presents the common figure of â€Å"the gentleman† and highlights the role of Haley from the given group. Haley was described as a crude person with a gaudy vest with many colors, coarse speech and gaudy hands and a free and easy speech. In her writing, she emphasized the capacity of physical appearances to influence the reader. She explained how a commercial transaction had penetrated the domestic front and she had showed how these transactions threaten the very moral and social levels that make one social group distinct from another. The novel showed the fact that Tom is a Christian and has never cheated Shelby. The exceptional moral stature of Tom makes him a valuable asset on the slave market. Stowe also described the New England household which is characterized by incessant and uninterrupted household work. Her specific descriptions of the novel’s characters revealed a strong ethic of self-reliance and hard w ork as shown by the character of Ophelia. Stowe also features the first of Christian virtues: cleanliness. After one of the characters of Uncle Tom’s Cabin, Ophelia, changes the young girls shirt, the sight of Topsys whip-scarred back changes Ophelias hardened rectitude and racism. The description of the welts at Topsy’s back showed the predatory

European Tourism Essay Example for Free

European Tourism Essay The article in question paints a perfect picture of the little country of Andorra, one of the few places remaining on earth where culture and sanctity has have not been overrun by the trappings of modern life. After reading the article, one comes away with a warm and happy feeling about what is going on in Andorra. It is a place, to be frank, that any person would want to visit in order to feel the beauty of the Pyrenees Mountains and understand the history of Europe. The author is careful to point out the fact that Andorra is certainly not stuck in the 15th century, though. It has updated itself to modern culture and although you cannot catch a flight to the country, one could certainly drive there to take advantage of a few conveniences. Among those are the shopping, which the author spends a great deal of time talking about. It is interesting that a place with such a richness and wealth of history and culture would have to offer bargain basement tax breaks for people to come and visit. In a way, this speaks to today’s culture, where people are more concerned with commerce than they are with culture. Andorra is a perfect mix of that commerce and culture, though. It is a place that is naturally torn and conflicted between two of Europe’s most traditional powers, yet it somehow maintains a measure of neutrality and independence. It is similar to plenty of other countries in Europe in regards to size, but does not share many similarities beyond that. Andorra is a place that, according to the author, every person should get to see because of the beauty and history that will immediately engulf the senses.

End to End VoIP Security

End to End VoIP Security Introduction User communications applications are in high demand in the Internet user community. Two classes of such applications are of great importance and attract interest by many Internet users: collaboration systems and VoIP communication systems. In the first category reside systems like ICQ , MSN Messenger and Yahoo! Messenger while in the latter, systems like Skype and VoipBuster are dominating among the public VoIP clients. In the architecture plane, collaboration systems form a distributed network where the participants communicate with each other and exchange information. The data are either routed from the source through a central server to the recipient or the two clients communicate directly. The participants in such networks are both content providers and content requestors . On the other hand, the data communication path in the VoIP systems is direct between the peers, without any involvement of the service network in the data exchange path with some exceptions like Skypes â€Å" supernode† communications. Data are carried over public Internet infrastructures like Ethernets, WiFi hotspots or wireless ad hoc networks. Security in these networks is a critical issue addressed in several different perspectives in the past. In this assignment I focus on cryptographic security implementation in VoIP. Security is implemented dynamically in cooperation by the two (or more) peers with no prior arrangements and requirements, like out of band exchanged keys, shared secrets etc. Ease of use (simplicity), user friendliness (no special knowledge from the user side) and effectiveness (ensuring confidentiality and integrity of the applications) combined with minimal requirements on end user devices are the goals achieved by our approach. We leverage security of user communications, meeting all the above requirements, by enhancing the applications architecture with VoIPSec security elements. Over the past few years, Voice over IP (VoIP) has become an attractive alternative to more traditional forms of telephony. Naturally, with its in-creasing popularity in daily communications, re-searchers are continually exploring ways to improve both the efficiency and security of this new communication technology. Unfortunately, while it is well understood that VoIP packets must be encrypted to ensure confidentiality, it has been shown that simply encrypting packets may not be sufficient from a privacy standpoint. For instance, we recently showed that when VoIP packets are first compressed with variable bit rate (VBR) encoding schemes to save bandwidth, and then encrypted with a length preserving stream cipher to ensure confidentiality, it is possible to determine the language spoken in the encrypted conversation. As surprising as these findings may be, one might argue that learning the language of the speaker (e.g., Arabic) only affects privacy in a marginal way. If both endpoints of a VoIP call are known (for example, Mexico City and Madrid), then one might correctly conclude that the language of the conversation is Spanish, without performing any analysis of the traffic. In this work we show that the information leaked from the combination of using VBR and length preserving encryption is indeed far worse than previously thought. VOIP This assignment is about security, more specifically, about protecting one of your most precious assets, your privacy. We guard nothing more closely than our words. One of the most important decisions we make every day is what we will say and what we wont. But even then its not only what we say, but also what someone else hears, and who that person is. Voice over IP- the transmission of voice over traditional packet-switched IP networks—is one of the hottest trends in telecommunications. Although most computers can provide VoIP and many offer VoIP applications, the term â€Å"voice over IP† is typically associated with equipment that lets users dial telephone numbers and communicate with parties on the other end who have a VoIP system or a traditional analog telephone. (The sidebar, â€Å"Current voice-over-IP products,† de-scribes some of the products on the market today.) As with any new technology, VoIP introduces both opportunities and problems. It offers lower cost and greater flexibility for an enterprise but presents significant security challenges. Security administrators might assume that because digitized voice travels in packets, they can simply plug VoIP components into their already se-cured networks and get a stable and secure voice net-work. Unfortunately, many of the tools used to safeguard todays computer networks—firewalls, network address translation (NAT), and encryption—dont work â€Å"as is† in a VoIP network. Although most VoIP components have counterparts in data networks, VoIPs performance demands mean you must supplement ordinary network software and hardware with special VoIP components. Integrating a VoIP system into an already congested or overburdened network can be disastrous for a companys technology infra-structure. Anyone at- tempting to construct a VoIP network should therefore first study the procedure in great detail. To this end, weve outlined some of the challenges of introducing appropriate security measures for VoIP in an enterprise. End-to-End Security IN this assignment I am going to describe the end-to-end security and its â€Å"design principle† that one should not place mechanisms in the network if they can be placed in end nodes; thus, networks should provide general services rather than services that are designed to support specific applications. The design and implementation of the Internet followed this design principle well. The Internet was designed to be an application-agnostic datagram de-livery service. The Internet of today isnt as pure an implementation of the end-to-end design principle as it once was, but its enough of one that the collateral effects of the network not knowing whats running over it are becoming major problems, at least in the minds of some observers. Before I get to those perceived problems, Id like to talk about what the end-to-end design principle has meant to the Internet, technical evolution, and society. The Internet doesnt care what you do—its job is just to â€Å"deliver the b its, stupid† (in the words of David Isenberg in his 1997 paper, â€Å"Rise of the Stupid Network†2). The â€Å"bits† could be part of an email message, a data file, a photograph, or a video, or they could be part of a denial-of-service attack, a malicious worm, a break-in attempt, or an illegally shared song. The Net doesnt care, and that is both its power and its threat. The Internet (and by this, I mean the Arpanet, the NSFNet, and the networks of their successor commercial ISPs) wasnt designed to run the World Wide Web. The Internet wasnt designed to run Google Earth. It was designed to support them even though they did not exist at the time the foundations of the Net were designed. It was designed to support them by being designed to transport data without caring what it was that data represented. At the very first, the design of TCP/IP wasnt so flexible. The initial design had TCP and IP within a single protocol, one that would only deliver data reliably to a destination. But it was realized that not all applications were best served by a protocol that could only deliver reliable data streams. In particular, timely delivery of information is more important than reliable delivery when trying to support interactive voice over a network if adding reliability would, as it does, increase delay. TCP was split from IP so that the application running in an end node could determine for itself the level of reliability it needed. This split created the flexibility that is currently being used to deliver Skypes interactive voice service over the same network that CNN uses to deliver up-to-the-minute news headlines and the US Patent and Trademark office uses to deliver copies of US patents. Thus the Internet design, based as it was on the end-to-end principle, became a generative facility. Unlike the traditional phone system, in which most new applications must be installed in the phone switches deep in the phone net-work, anyone could create new applications and run them over the Internet without getting permission from the organizations that run the parts of the Net. This ability was exploited with â€Å"irrational exuberance†4 during the late 1990s Internet boom. But, in spite of the hundreds of billions of dollars lost by investors when the boom busted, the number of Internet users and Web sites, the amount of Internet traffic, and the value of Internet commerce have continued to rise, and the rate of new ideas for Internet-based services hasnt no- ticeably diminished. Security and privacy in an end-to-end world The end to end arguments paper used â€Å"se-cure transmission of data† as one reason that an end-to-end design was required. The paper points out that network-level or per-link encryption doesnt actually provide assurance that a file that arrives at a destination is the same as the file that was sent or that the data went unobserved along the path from the source to the destination. The only way to ensure end-to-end data integrity and confidentiality is to use end-to-end encryption. Thus, security and privacy are the responsibilities of the end nodes. If you want to ensure that a file will be transferred without any corruption, your data-transfer application had better include an integrity check, and if you didnt want to allow anyone along the way to see the data itself, your application had better encrypt it before transmitting it. There are more aspects to security on a network than just data encryption. For example, to ensure that communication over the net-work is reliable, the network itself needs to be secure against attempts—purposeful or accidental—to disrupt its operation or redirect traffic away from its intended path. But the original Internet design didnt include protections against such attacks. Even if the network is working perfectly, you need to actually be talking to the server or person you think you are. But the Internet doesnt pro-vide a way, at the network level, to assure the identities of its users or nodes. You also need to be sure that the message your computer re receives isnt designed to exploit weaknesses in its software (such as worms or viruses) or in the ways that you use the Net. Protection against such things is the end systems responsibility. Note that there is little that can be done â€Å"in the Net† or in your end system to protect your privacy from threats such as the government demanding the records of your use of Net-based services such as Google, which collect information about your network usage. Many of todays observers assume that the lack of built-in protections against attacks and the lack of a se-cure way to identify users or nodes was a result of an environment of trust that prevailed when the original Internet design and protocols were developed. If you trusted the people on the Net, there was no need for special defensive functions. But a few people who were â€Å"at the scene† have told me that such protections were actively discouraged by the primary sponsor of the early Internet—that is to say, the US military wasnt all that interested in having good nonmilitary security, maybe because it might make its job harder in the future. Whatever the reason, the Internet wasnt designed to provide a secure environment that included protection against the malicious actions of those who would disrupt it or attack nodes or services provided over it. End-to-end security is not dead yet, but it is seriously threatened, at least at the network layer. NATs and firewalls interfere with some types of end-to-end encryption technology. ISPs could soon be required by regulations to, by default, filter the Web sites and perhaps the protocols that their customers can access. Other ISPs want to be able to limit the protocols that their customers can access so that the ISP can give service providers an â€Å"incentive† to pay for the customers use of their lines—they dont see a way to pay for the net-work without this ability. The FBI has asked that it be able to review all new Internet services for tapability before theyre deployed, and the FCC has hinted that it will support the request If this were to happen, applications such as Skype that use end-to-end encryption could be outlawed as inconsistent with law enforcement needs. Today, its still easy to use end-to-end encryption as long as its HTTPS, but that might be short-lived. It could soon reach the point that the use of end-to-end encryption, without which end-to-end security cant exist, will be seen as â€Å"an antisocial act† (as a US justice department official once told me). If that comes to be the case, end-toend security will be truly dead, and we will all have to trust functions in the network that we have no way of knowing are on our side. What is VoIP end to end security? Achieving end-to-end security in a voice-over-IP (VoIP) session is a challenging task. VoIP session establishment involves a jumble of different protocols, all of which must inter-operate correctly and securely. Our objective in this paper is to present a structured analysis of protocol inter-operation in the VoIP stack, and to demonstrate how even a subtle mismatch between the assumptions made by a protocol at one layer about the protocol at another layer can lead to catastrophic security breaches, including complete removal of transport-layer encryption. The VoIP protocol stack is shown in figure 1. For the purposes of our analysis, we will divide it into four layers: signaling, session description, key exchange and secure media (data) transport. This division is quite natural, since each layer is typically implemented by a separate protocol. Signaling is an application-layer (from the viewpoint of the underlying communication network) control mechanism used for creating, modifying and terminating VoIP sessions with one or more participants. Signaling protocols include Session Initiation Protocol (SIP) [27], H.323 and MGCP. Session description protocols such as SDP [20] are used for initiating multimedia and other sessions, and often include key exchange as a sub-protocol. Key exchange protocols are intended to provide a cryptographically secure way of establishing secret session keys between two or more participants in an untrusted environment. This is the fundamental building block in se-cure session establishment. Security of the media transport layer—the layer in which the actual voice datagrams are transmitted—depends on the secrecy of session keys and authentication of session participants. Since the established key is typically used in a symmetric encryption scheme, key secrecy requires that nobody other than the legitimate session participants be able to distinguish it from a random bit-string. Authentication requires that, after the key exchange protocol successfully completes, the participants respective views of sent and received messages must match (e.g., see the notion of â€Å"matching conversations† in [8]). Key ex-change protocols for VoIP sessions include SDPs Security DEscriptions for Media Streams (SDES) , Multim edia Internet KEYing (MIKEY) and ZRTP [31]. We will analyze all three in this paper. Secure media transport aims to provide confidentiality, message authentication and integrity, and replay protection to the media (data) stream. In the case of VoIP, this stream typically carries voice datagrams. Confidentiality means that the data under encryption is indistinguishable from random for anyone who does not have the key. Message authentication implies that if Alice receives a datagram apparently sent by Bob, then it was indeed sent by Bob. Data integrity implies that any modification of the data in transit We show how to cause the transport-layer SRTP protocol to repeat the keystream used for datagram encryption. This enables the attacker to obtain the xor of plaintext datagrams or even to completely decrypt them. The SRTP keystream is generated by using AES in a stream cipher-like mode. The AES key is generated by applying a pseudo-random function (PRF) to the session key. SRTP, however, does not add any session-specific randomness to the PRF seed. Instead, SRTP assumes that the key exchange protocol, executed as part of RTP session establishment, will en-sure that session keys never repeat. Unfortunately, S/MIME-protected SDES, which is one of the key ex-change protocols that may be executed prior to SRTP, does not provide any replay protection. As we show, a network-based attacker can replay an old SDES key establishment message, which will cause SRTP to re-peat the keystream that it used before, with devastating consequences. This attack is confirmed by our analysis of the libsrtp implementation. †¢ We show an attack on the ZRTP key exchange protocol that allows the attacker to convince ZRTP session participants that they have lost their shared secret. ZID values, which are used by ZRTP participants to retrieve previously established shared secrets, are not authenticated as part of ZRTP. Therefore, an attacker can initiate a session with some party A under the guise of another party B, with whom A previously established a shared secret. As part of session establishment, A is supposed to verify that B knows their shared secret. If the attacker deliberately chooses values that cause verification to fail, A will decide—following ZRTP specification—that B has â€Å"forgotten† the shared secret. The ZRTP specification explicitly says that the protocol may proceed even if the set of shared secrets is empty, in which case the attacker ends up sharing a key with A who thinks she shares this key with B. Even if the participants stop the protocol after losing their shared secrets, but are using VoIP devices without displays, they cannot confirm the computed key by voice and must stop communicating. In this case, the attack becomes a simple and effective denial of service. Our analysis of ZRTP is supported by the AVISPA formal analysis tool . †¢ We show several minor weaknesses and potential vulnerabilities to denial of service in other protocols. We also observe that the key derived as the result of MIKEY key exchange cannot be used in a standard cryptographic proof of key exchange security (e.g., ). Key secrecy requires that the key be in-distinguishable from a random bitstring. In MIKEY, however, the joint Diffie-Hellman value derived as the result of the protocol is used directly as the key. Membership in many Diffie-Hellman groups is easily checkable, thus this value can be distinguished from a random bitstring. Moreover, even hashing the Diffie-Hellman value does not allow the formal proof of security to go through in this case, since the hash function does not take any random inputs apart from the Diffie-Hellman value and cannot be viewed as a randomness extractor in the proof. (This observation does not immediately lead to any attacks.) While we demonstrate several real, exploitable vulnerabilities in VoIP security protocols, our main contribution is to highlight the importance of analyzing protocols in con-text rather than in isolation. Specifications of VoIP protocols tend to be a mixture of informal prose and pseudocode, with some assumptions—especially those about the protocols operating at the other layers of the VoIP stack—are left implicit and vague. Therefore, our study has important lessons for the design and analysis of security protocols in general. The rest of the paper is organized as follows. In section 2, we describe the protocols, focusing on SIP (signaling), SDES, ZRTP and MIKEY (key exchange), and SRTP (transport). In section 3, we describe the attacks and vulnerabilities that we discovered. Related work is in section 4, conclusions are in section 5. VoIP security different from normal data network security To understand why security for VoIP differs from data network security, we need to look at the unique constraints of transmitting voice over a packet network, as well as the characteristics shared by VoIP and data networks. Packet networks depend on many configurable parameters: IP and MAC (physical) addresses of voice terminals and addresses of routers and firewalls. VoIP networks add specialized software, such as call managers, to place and route calls. Many network parameters are established dynamically each time a network component is restarted or when a VoIP telephone is restarted or added to the net-work. Because so many nodes in a VoIP network have dynamically configurable parameters, intruders have as wide an array of potentially vulnerable points to attack as they have with data networks. But VoIP systems have much stricter performance constraints than data networks, with significant implications for security. Threats for VoIP VoIP security threats contain Eavesdropping, Denial of Service, Session Hijacking, VoIP Spam, etc. For preventing these threats, there are several VoIP standard protocols. And we discuss this in Section 3. Eavesdropping VoIP service using internet technology is faced with an eavesdropping threat, in which is gathering call setting information and audio/voice communication contents illegally. Eavesdropping can be categorized largely by eavesdropping in a LAN(Local Area Network) environment, one in a WAN( Wide Area Network) environment, one through a PC(Personal Computer) hacking, etc. Denial of Service Denial of Service is an attack, which makes it difficult for legitimate users to take telecommunication service regularly. Also it is one of threats, which are not easy to solve the most. Since VoIP service is based on internet technology, it also is exposed to Denial of Service. Denial of Service in VoIP service can be largely divided into system resource exhaustion, circuit This work was supported by the IT RD program of MIC/IITA resourceexhaustion,VoIP communication interruption/blocking, etc. Session Hijacking Session Hijacking is an attack, which is gathering the communication session control between users through spoofing legitimate users, and is interfering in their communication, as a kind of man-in-the-middle attack. Session Hijacking in VoIP communication can be categorized largely by INVITE session hijacking, SIP Registration hijacking, etc. VoIP Spam VoIP Spam is an attack, which is interrupting, and violating user privacy through sending voice advertisement messages, and also makes VMS(Voice Mailing System) powerless. It can be categorized by Call Spam, IM(Instant Messaging) Spam, Presence Spam, etc. Security trade-offs Trade-offs between convenience and security are routine in software, and VoIP is no exception. Most, if not all, VoIP components use integrated Web servers for configuration. Web interfaces can be attractive, easy to use, and inexpensive to produce because of the wide availability of good development tools. Unfortunately, most Web development tools focus on features and ease of use, with less attention paid to the security of the applications they help produce. Some VoIP device Web applications have weak or no access control, script vulnerabilities, and inadequate parameter validation, resulting in privacy and DoS vulnerabilities. Some VoIP phone Web servers use only HTTP basic authentication, meaning servers send authentication information without encryption, letting anyone with network access obtain valid user IDs and passwords. As VoIP gains popularity, well inevitably see more administrative Web applications with exploitable errors. The encryption process can be unfavorable to QoS Unfortunately, several factors, including packet size expansion, ciphering latency, and a lack of QoS urgency in the cryptographic engine can cause an excessive amount of latency in VoIP packet delivery, leading to degraded voice quality. The encryption process can be detrimental to QoS, making cryptodevices severe bottlenecks in a VoIP net-work. Encryption latency is introduced at two points. First, encryption and decryption take a nontrivial amount of time. VoIPs multitude of small packets exacerbates the encryption slowdown because most of the time consumed comes as overhead for each packet. One way to avoid this slowdown is to apply algorithms to the computationally simple encryption voice data before packetization. Although this improves throughput, the proprietary encryption algorithms used (fast Fourier-based encryption, chaos-bit encryption, and so on) arent considered as secure as the Advanced Encryption Standard,16 which is included in many IPsec implementations. AESs combination of speed and security should handle the demanding needs of VoIP at both ends. following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform encryption, placing this Recent studies indicate that the greatest contributor to the encryption bottleneck occurs at the cryptoengine scheduler, which often delays VoIP packets as it processes larger data packets.17 This problem stems from the fact that cryptoschedulers are usually first-in first-out (FIFO) queues, inadequate for supporting QoS requirements. If VoIP packets arrive at the encryption point when the queue already contains data packets, theres no way they can usurp the less time-urgent traffic. Some hardware manufacturers have proposed (and at least one has implemented) solutions for this, including QoS reordering of traffic just before it reaches the cryptoengine.18 But this solution assumes that the cryptoengines output is fast enough to avoid saturating the queue. Ideally, youd want the cryptoengine to dynamically sort incoming traffic and force data traffic to wait for it to finish processing the VoIP packets, even if these packets arrive later. However, this solution adds considerable over head to a process most implementers like to keep as light as possible. Another option is to use hardware-implemented AES encryption, which can improve throughput significantly. Past the cryptoengine stage, the system can perform further QoS scheduling on the encrypted packets, provided they were encrypted using ToS preservation, which copies the original ToS bits into the new IPsec header. Virtual private network (VPN) tunneling of VoIP has also become popular recently, but the congestion and bottlenecks associated with encryption suggest that it might not always be scalable. Although researchers are making great strides in this area, the hardware and soft-ware necessary to ensure call quality for encrypted voice traffic might not be economically or architecturally vi-able for all enterprises considering the move to VoIP. Thus far, weve painted a fairly bleak picture of VoIP security. We have no easy â€Å"one size fits all† solution to the issues weve discussed in this article. Decisions to use VPNs instead of ALG-like solutions or SIP instead of H.323 must depend on the specific nature of both the current network and the VoIP network to be. The technical problems are solvable, however, and establishing a secure VoIP implementation is well worth the difficulty. To implement VoIP securely today, start with the following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform burden at a central point ensures the encryption of all VoIP traffic emanating from the enterprise network. Newer IP phones provide AES encryption at reason-able cost. Look for IP phones that can load digitally (cryptographically) signed images to guarantee the integrity of the software loaded onto the IP phone. Avoid softphone systems (see the sidebar) when security or privacy is a concern. In addition to violating the separation of voice and data, PC-based VoIP applications are vulnerable to the worms and viruses that are all too common on PCs. Consider methods to harden VoIP platforms based on common operating systems such as Windows or Linux. Try, for example, disabling unnecessary services or using host-based intrusion detection methods. Be especially diligent about maintaining patches and current versions of VoIP software. Evaluate costs for additional power backup systems that might be required to ensure continued operation during power outages. Give special consideration to E-91 1 emergency services communications, because E-911 automatic location service is not always available with VoIP. VoIP can be done securely, but the path isnt smooth. It will likely be several years before standards issues are settled End to End VoIP Security End to End VoIP Security Introduction User communications applications are in high demand in the Internet user community. Two classes of such applications are of great importance and attract interest by many Internet users: collaboration systems and VoIP communication systems. In the first category reside systems like ICQ , MSN Messenger and Yahoo! Messenger while in the latter, systems like Skype and VoipBuster are dominating among the public VoIP clients. In the architecture plane, collaboration systems form a distributed network where the participants communicate with each other and exchange information. The data are either routed from the source through a central server to the recipient or the two clients communicate directly. The participants in such networks are both content providers and content requestors . On the other hand, the data communication path in the VoIP systems is direct between the peers, without any involvement of the service network in the data exchange path with some exceptions like Skypes â€Å" supernode† communications. Data are carried over public Internet infrastructures like Ethernets, WiFi hotspots or wireless ad hoc networks. Security in these networks is a critical issue addressed in several different perspectives in the past. In this assignment I focus on cryptographic security implementation in VoIP. Security is implemented dynamically in cooperation by the two (or more) peers with no prior arrangements and requirements, like out of band exchanged keys, shared secrets etc. Ease of use (simplicity), user friendliness (no special knowledge from the user side) and effectiveness (ensuring confidentiality and integrity of the applications) combined with minimal requirements on end user devices are the goals achieved by our approach. We leverage security of user communications, meeting all the above requirements, by enhancing the applications architecture with VoIPSec security elements. Over the past few years, Voice over IP (VoIP) has become an attractive alternative to more traditional forms of telephony. Naturally, with its in-creasing popularity in daily communications, re-searchers are continually exploring ways to improve both the efficiency and security of this new communication technology. Unfortunately, while it is well understood that VoIP packets must be encrypted to ensure confidentiality, it has been shown that simply encrypting packets may not be sufficient from a privacy standpoint. For instance, we recently showed that when VoIP packets are first compressed with variable bit rate (VBR) encoding schemes to save bandwidth, and then encrypted with a length preserving stream cipher to ensure confidentiality, it is possible to determine the language spoken in the encrypted conversation. As surprising as these findings may be, one might argue that learning the language of the speaker (e.g., Arabic) only affects privacy in a marginal way. If both endpoints of a VoIP call are known (for example, Mexico City and Madrid), then one might correctly conclude that the language of the conversation is Spanish, without performing any analysis of the traffic. In this work we show that the information leaked from the combination of using VBR and length preserving encryption is indeed far worse than previously thought. VOIP This assignment is about security, more specifically, about protecting one of your most precious assets, your privacy. We guard nothing more closely than our words. One of the most important decisions we make every day is what we will say and what we wont. But even then its not only what we say, but also what someone else hears, and who that person is. Voice over IP- the transmission of voice over traditional packet-switched IP networks—is one of the hottest trends in telecommunications. Although most computers can provide VoIP and many offer VoIP applications, the term â€Å"voice over IP† is typically associated with equipment that lets users dial telephone numbers and communicate with parties on the other end who have a VoIP system or a traditional analog telephone. (The sidebar, â€Å"Current voice-over-IP products,† de-scribes some of the products on the market today.) As with any new technology, VoIP introduces both opportunities and problems. It offers lower cost and greater flexibility for an enterprise but presents significant security challenges. Security administrators might assume that because digitized voice travels in packets, they can simply plug VoIP components into their already se-cured networks and get a stable and secure voice net-work. Unfortunately, many of the tools used to safeguard todays computer networks—firewalls, network address translation (NAT), and encryption—dont work â€Å"as is† in a VoIP network. Although most VoIP components have counterparts in data networks, VoIPs performance demands mean you must supplement ordinary network software and hardware with special VoIP components. Integrating a VoIP system into an already congested or overburdened network can be disastrous for a companys technology infra-structure. Anyone at- tempting to construct a VoIP network should therefore first study the procedure in great detail. To this end, weve outlined some of the challenges of introducing appropriate security measures for VoIP in an enterprise. End-to-End Security IN this assignment I am going to describe the end-to-end security and its â€Å"design principle† that one should not place mechanisms in the network if they can be placed in end nodes; thus, networks should provide general services rather than services that are designed to support specific applications. The design and implementation of the Internet followed this design principle well. The Internet was designed to be an application-agnostic datagram de-livery service. The Internet of today isnt as pure an implementation of the end-to-end design principle as it once was, but its enough of one that the collateral effects of the network not knowing whats running over it are becoming major problems, at least in the minds of some observers. Before I get to those perceived problems, Id like to talk about what the end-to-end design principle has meant to the Internet, technical evolution, and society. The Internet doesnt care what you do—its job is just to â€Å"deliver the b its, stupid† (in the words of David Isenberg in his 1997 paper, â€Å"Rise of the Stupid Network†2). The â€Å"bits† could be part of an email message, a data file, a photograph, or a video, or they could be part of a denial-of-service attack, a malicious worm, a break-in attempt, or an illegally shared song. The Net doesnt care, and that is both its power and its threat. The Internet (and by this, I mean the Arpanet, the NSFNet, and the networks of their successor commercial ISPs) wasnt designed to run the World Wide Web. The Internet wasnt designed to run Google Earth. It was designed to support them even though they did not exist at the time the foundations of the Net were designed. It was designed to support them by being designed to transport data without caring what it was that data represented. At the very first, the design of TCP/IP wasnt so flexible. The initial design had TCP and IP within a single protocol, one that would only deliver data reliably to a destination. But it was realized that not all applications were best served by a protocol that could only deliver reliable data streams. In particular, timely delivery of information is more important than reliable delivery when trying to support interactive voice over a network if adding reliability would, as it does, increase delay. TCP was split from IP so that the application running in an end node could determine for itself the level of reliability it needed. This split created the flexibility that is currently being used to deliver Skypes interactive voice service over the same network that CNN uses to deliver up-to-the-minute news headlines and the US Patent and Trademark office uses to deliver copies of US patents. Thus the Internet design, based as it was on the end-to-end principle, became a generative facility. Unlike the traditional phone system, in which most new applications must be installed in the phone switches deep in the phone net-work, anyone could create new applications and run them over the Internet without getting permission from the organizations that run the parts of the Net. This ability was exploited with â€Å"irrational exuberance†4 during the late 1990s Internet boom. But, in spite of the hundreds of billions of dollars lost by investors when the boom busted, the number of Internet users and Web sites, the amount of Internet traffic, and the value of Internet commerce have continued to rise, and the rate of new ideas for Internet-based services hasnt no- ticeably diminished. Security and privacy in an end-to-end world The end to end arguments paper used â€Å"se-cure transmission of data† as one reason that an end-to-end design was required. The paper points out that network-level or per-link encryption doesnt actually provide assurance that a file that arrives at a destination is the same as the file that was sent or that the data went unobserved along the path from the source to the destination. The only way to ensure end-to-end data integrity and confidentiality is to use end-to-end encryption. Thus, security and privacy are the responsibilities of the end nodes. If you want to ensure that a file will be transferred without any corruption, your data-transfer application had better include an integrity check, and if you didnt want to allow anyone along the way to see the data itself, your application had better encrypt it before transmitting it. There are more aspects to security on a network than just data encryption. For example, to ensure that communication over the net-work is reliable, the network itself needs to be secure against attempts—purposeful or accidental—to disrupt its operation or redirect traffic away from its intended path. But the original Internet design didnt include protections against such attacks. Even if the network is working perfectly, you need to actually be talking to the server or person you think you are. But the Internet doesnt pro-vide a way, at the network level, to assure the identities of its users or nodes. You also need to be sure that the message your computer re receives isnt designed to exploit weaknesses in its software (such as worms or viruses) or in the ways that you use the Net. Protection against such things is the end systems responsibility. Note that there is little that can be done â€Å"in the Net† or in your end system to protect your privacy from threats such as the government demanding the records of your use of Net-based services such as Google, which collect information about your network usage. Many of todays observers assume that the lack of built-in protections against attacks and the lack of a se-cure way to identify users or nodes was a result of an environment of trust that prevailed when the original Internet design and protocols were developed. If you trusted the people on the Net, there was no need for special defensive functions. But a few people who were â€Å"at the scene† have told me that such protections were actively discouraged by the primary sponsor of the early Internet—that is to say, the US military wasnt all that interested in having good nonmilitary security, maybe because it might make its job harder in the future. Whatever the reason, the Internet wasnt designed to provide a secure environment that included protection against the malicious actions of those who would disrupt it or attack nodes or services provided over it. End-to-end security is not dead yet, but it is seriously threatened, at least at the network layer. NATs and firewalls interfere with some types of end-to-end encryption technology. ISPs could soon be required by regulations to, by default, filter the Web sites and perhaps the protocols that their customers can access. Other ISPs want to be able to limit the protocols that their customers can access so that the ISP can give service providers an â€Å"incentive† to pay for the customers use of their lines—they dont see a way to pay for the net-work without this ability. The FBI has asked that it be able to review all new Internet services for tapability before theyre deployed, and the FCC has hinted that it will support the request If this were to happen, applications such as Skype that use end-to-end encryption could be outlawed as inconsistent with law enforcement needs. Today, its still easy to use end-to-end encryption as long as its HTTPS, but that might be short-lived. It could soon reach the point that the use of end-to-end encryption, without which end-to-end security cant exist, will be seen as â€Å"an antisocial act† (as a US justice department official once told me). If that comes to be the case, end-toend security will be truly dead, and we will all have to trust functions in the network that we have no way of knowing are on our side. What is VoIP end to end security? Achieving end-to-end security in a voice-over-IP (VoIP) session is a challenging task. VoIP session establishment involves a jumble of different protocols, all of which must inter-operate correctly and securely. Our objective in this paper is to present a structured analysis of protocol inter-operation in the VoIP stack, and to demonstrate how even a subtle mismatch between the assumptions made by a protocol at one layer about the protocol at another layer can lead to catastrophic security breaches, including complete removal of transport-layer encryption. The VoIP protocol stack is shown in figure 1. For the purposes of our analysis, we will divide it into four layers: signaling, session description, key exchange and secure media (data) transport. This division is quite natural, since each layer is typically implemented by a separate protocol. Signaling is an application-layer (from the viewpoint of the underlying communication network) control mechanism used for creating, modifying and terminating VoIP sessions with one or more participants. Signaling protocols include Session Initiation Protocol (SIP) [27], H.323 and MGCP. Session description protocols such as SDP [20] are used for initiating multimedia and other sessions, and often include key exchange as a sub-protocol. Key exchange protocols are intended to provide a cryptographically secure way of establishing secret session keys between two or more participants in an untrusted environment. This is the fundamental building block in se-cure session establishment. Security of the media transport layer—the layer in which the actual voice datagrams are transmitted—depends on the secrecy of session keys and authentication of session participants. Since the established key is typically used in a symmetric encryption scheme, key secrecy requires that nobody other than the legitimate session participants be able to distinguish it from a random bit-string. Authentication requires that, after the key exchange protocol successfully completes, the participants respective views of sent and received messages must match (e.g., see the notion of â€Å"matching conversations† in [8]). Key ex-change protocols for VoIP sessions include SDPs Security DEscriptions for Media Streams (SDES) , Multim edia Internet KEYing (MIKEY) and ZRTP [31]. We will analyze all three in this paper. Secure media transport aims to provide confidentiality, message authentication and integrity, and replay protection to the media (data) stream. In the case of VoIP, this stream typically carries voice datagrams. Confidentiality means that the data under encryption is indistinguishable from random for anyone who does not have the key. Message authentication implies that if Alice receives a datagram apparently sent by Bob, then it was indeed sent by Bob. Data integrity implies that any modification of the data in transit We show how to cause the transport-layer SRTP protocol to repeat the keystream used for datagram encryption. This enables the attacker to obtain the xor of plaintext datagrams or even to completely decrypt them. The SRTP keystream is generated by using AES in a stream cipher-like mode. The AES key is generated by applying a pseudo-random function (PRF) to the session key. SRTP, however, does not add any session-specific randomness to the PRF seed. Instead, SRTP assumes that the key exchange protocol, executed as part of RTP session establishment, will en-sure that session keys never repeat. Unfortunately, S/MIME-protected SDES, which is one of the key ex-change protocols that may be executed prior to SRTP, does not provide any replay protection. As we show, a network-based attacker can replay an old SDES key establishment message, which will cause SRTP to re-peat the keystream that it used before, with devastating consequences. This attack is confirmed by our analysis of the libsrtp implementation. †¢ We show an attack on the ZRTP key exchange protocol that allows the attacker to convince ZRTP session participants that they have lost their shared secret. ZID values, which are used by ZRTP participants to retrieve previously established shared secrets, are not authenticated as part of ZRTP. Therefore, an attacker can initiate a session with some party A under the guise of another party B, with whom A previously established a shared secret. As part of session establishment, A is supposed to verify that B knows their shared secret. If the attacker deliberately chooses values that cause verification to fail, A will decide—following ZRTP specification—that B has â€Å"forgotten† the shared secret. The ZRTP specification explicitly says that the protocol may proceed even if the set of shared secrets is empty, in which case the attacker ends up sharing a key with A who thinks she shares this key with B. Even if the participants stop the protocol after losing their shared secrets, but are using VoIP devices without displays, they cannot confirm the computed key by voice and must stop communicating. In this case, the attack becomes a simple and effective denial of service. Our analysis of ZRTP is supported by the AVISPA formal analysis tool . †¢ We show several minor weaknesses and potential vulnerabilities to denial of service in other protocols. We also observe that the key derived as the result of MIKEY key exchange cannot be used in a standard cryptographic proof of key exchange security (e.g., ). Key secrecy requires that the key be in-distinguishable from a random bitstring. In MIKEY, however, the joint Diffie-Hellman value derived as the result of the protocol is used directly as the key. Membership in many Diffie-Hellman groups is easily checkable, thus this value can be distinguished from a random bitstring. Moreover, even hashing the Diffie-Hellman value does not allow the formal proof of security to go through in this case, since the hash function does not take any random inputs apart from the Diffie-Hellman value and cannot be viewed as a randomness extractor in the proof. (This observation does not immediately lead to any attacks.) While we demonstrate several real, exploitable vulnerabilities in VoIP security protocols, our main contribution is to highlight the importance of analyzing protocols in con-text rather than in isolation. Specifications of VoIP protocols tend to be a mixture of informal prose and pseudocode, with some assumptions—especially those about the protocols operating at the other layers of the VoIP stack—are left implicit and vague. Therefore, our study has important lessons for the design and analysis of security protocols in general. The rest of the paper is organized as follows. In section 2, we describe the protocols, focusing on SIP (signaling), SDES, ZRTP and MIKEY (key exchange), and SRTP (transport). In section 3, we describe the attacks and vulnerabilities that we discovered. Related work is in section 4, conclusions are in section 5. VoIP security different from normal data network security To understand why security for VoIP differs from data network security, we need to look at the unique constraints of transmitting voice over a packet network, as well as the characteristics shared by VoIP and data networks. Packet networks depend on many configurable parameters: IP and MAC (physical) addresses of voice terminals and addresses of routers and firewalls. VoIP networks add specialized software, such as call managers, to place and route calls. Many network parameters are established dynamically each time a network component is restarted or when a VoIP telephone is restarted or added to the net-work. Because so many nodes in a VoIP network have dynamically configurable parameters, intruders have as wide an array of potentially vulnerable points to attack as they have with data networks. But VoIP systems have much stricter performance constraints than data networks, with significant implications for security. Threats for VoIP VoIP security threats contain Eavesdropping, Denial of Service, Session Hijacking, VoIP Spam, etc. For preventing these threats, there are several VoIP standard protocols. And we discuss this in Section 3. Eavesdropping VoIP service using internet technology is faced with an eavesdropping threat, in which is gathering call setting information and audio/voice communication contents illegally. Eavesdropping can be categorized largely by eavesdropping in a LAN(Local Area Network) environment, one in a WAN( Wide Area Network) environment, one through a PC(Personal Computer) hacking, etc. Denial of Service Denial of Service is an attack, which makes it difficult for legitimate users to take telecommunication service regularly. Also it is one of threats, which are not easy to solve the most. Since VoIP service is based on internet technology, it also is exposed to Denial of Service. Denial of Service in VoIP service can be largely divided into system resource exhaustion, circuit This work was supported by the IT RD program of MIC/IITA resourceexhaustion,VoIP communication interruption/blocking, etc. Session Hijacking Session Hijacking is an attack, which is gathering the communication session control between users through spoofing legitimate users, and is interfering in their communication, as a kind of man-in-the-middle attack. Session Hijacking in VoIP communication can be categorized largely by INVITE session hijacking, SIP Registration hijacking, etc. VoIP Spam VoIP Spam is an attack, which is interrupting, and violating user privacy through sending voice advertisement messages, and also makes VMS(Voice Mailing System) powerless. It can be categorized by Call Spam, IM(Instant Messaging) Spam, Presence Spam, etc. Security trade-offs Trade-offs between convenience and security are routine in software, and VoIP is no exception. Most, if not all, VoIP components use integrated Web servers for configuration. Web interfaces can be attractive, easy to use, and inexpensive to produce because of the wide availability of good development tools. Unfortunately, most Web development tools focus on features and ease of use, with less attention paid to the security of the applications they help produce. Some VoIP device Web applications have weak or no access control, script vulnerabilities, and inadequate parameter validation, resulting in privacy and DoS vulnerabilities. Some VoIP phone Web servers use only HTTP basic authentication, meaning servers send authentication information without encryption, letting anyone with network access obtain valid user IDs and passwords. As VoIP gains popularity, well inevitably see more administrative Web applications with exploitable errors. The encryption process can be unfavorable to QoS Unfortunately, several factors, including packet size expansion, ciphering latency, and a lack of QoS urgency in the cryptographic engine can cause an excessive amount of latency in VoIP packet delivery, leading to degraded voice quality. The encryption process can be detrimental to QoS, making cryptodevices severe bottlenecks in a VoIP net-work. Encryption latency is introduced at two points. First, encryption and decryption take a nontrivial amount of time. VoIPs multitude of small packets exacerbates the encryption slowdown because most of the time consumed comes as overhead for each packet. One way to avoid this slowdown is to apply algorithms to the computationally simple encryption voice data before packetization. Although this improves throughput, the proprietary encryption algorithms used (fast Fourier-based encryption, chaos-bit encryption, and so on) arent considered as secure as the Advanced Encryption Standard,16 which is included in many IPsec implementations. AESs combination of speed and security should handle the demanding needs of VoIP at both ends. following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform encryption, placing this Recent studies indicate that the greatest contributor to the encryption bottleneck occurs at the cryptoengine scheduler, which often delays VoIP packets as it processes larger data packets.17 This problem stems from the fact that cryptoschedulers are usually first-in first-out (FIFO) queues, inadequate for supporting QoS requirements. If VoIP packets arrive at the encryption point when the queue already contains data packets, theres no way they can usurp the less time-urgent traffic. Some hardware manufacturers have proposed (and at least one has implemented) solutions for this, including QoS reordering of traffic just before it reaches the cryptoengine.18 But this solution assumes that the cryptoengines output is fast enough to avoid saturating the queue. Ideally, youd want the cryptoengine to dynamically sort incoming traffic and force data traffic to wait for it to finish processing the VoIP packets, even if these packets arrive later. However, this solution adds considerable over head to a process most implementers like to keep as light as possible. Another option is to use hardware-implemented AES encryption, which can improve throughput significantly. Past the cryptoengine stage, the system can perform further QoS scheduling on the encrypted packets, provided they were encrypted using ToS preservation, which copies the original ToS bits into the new IPsec header. Virtual private network (VPN) tunneling of VoIP has also become popular recently, but the congestion and bottlenecks associated with encryption suggest that it might not always be scalable. Although researchers are making great strides in this area, the hardware and soft-ware necessary to ensure call quality for encrypted voice traffic might not be economically or architecturally vi-able for all enterprises considering the move to VoIP. Thus far, weve painted a fairly bleak picture of VoIP security. We have no easy â€Å"one size fits all† solution to the issues weve discussed in this article. Decisions to use VPNs instead of ALG-like solutions or SIP instead of H.323 must depend on the specific nature of both the current network and the VoIP network to be. The technical problems are solvable, however, and establishing a secure VoIP implementation is well worth the difficulty. To implement VoIP securely today, start with the following general guidelines, recognizing that practical considerations might require adjusting them: †¢ Put voice and data on logically separate networks. You should use different subnets with separate RFC 1918 address blocks for voice and data traffic and separate DHCP servers to ease the incorporation of intrusion-detection and VoIP firewall protection. †¢ At the voice gateway, which interfaces with the PSTN, disallow H.323, SIP, or Media Gateway Control Protocol (MGCP) connections from the data network. As with any other critical network management component, use strong authentication and access control on the voice gateway system. †¢ Choose a mechanism to allow VoIP traffic through firewalls. Various protocol dependent and independent solutions exist, including ALGs for VoIP protocols and session border controllers. Stateful packet filters can track a connections state, denying packets that arent part of a properly originated call. Use IPsec or Secure Socket Shell (SSH) for all remote management and auditing access. If practical, avoid using remote management at all and do IP PBX access from a physically secure system. Use IPsec tunneling when available instead of IPsec transport because tunneling masks the source and destination IP addresses, securing communications against rudimentary traffic analysis (that is, determining whos making the calls). If performance is a problem, use encryption at the router or other gateway to allow IPsec tunneling. Be-cause some VoIP end points arent computationally powerful enough to perform burden at a central point ensures the encryption of all VoIP traffic emanating from the enterprise network. Newer IP phones provide AES encryption at reason-able cost. Look for IP phones that can load digitally (cryptographically) signed images to guarantee the integrity of the software loaded onto the IP phone. Avoid softphone systems (see the sidebar) when security or privacy is a concern. In addition to violating the separation of voice and data, PC-based VoIP applications are vulnerable to the worms and viruses that are all too common on PCs. Consider methods to harden VoIP platforms based on common operating systems such as Windows or Linux. Try, for example, disabling unnecessary services or using host-based intrusion detection methods. Be especially diligent about maintaining patches and current versions of VoIP software. Evaluate costs for additional power backup systems that might be required to ensure continued operation during power outages. Give special consideration to E-91 1 emergency services communications, because E-911 automatic location service is not always available with VoIP. VoIP can be done securely, but the path isnt smooth. It will likely be several years before standards issues are settled