Did Lebanon fall apart in the 1970s and 1980s because of the Essay

Did Lebanon fall apart in the 1970s and 1980s because of the Arab-Israeli conflict – Essay Example

The Arab-Israeli conflict had a direct hand in the political instability which developed in Lebanon since, as an Arab country, it came to be pulled into the conflict.i Lebanon, in an attempt to show solidarity with the Palestinians because of Israeli occupation got themselves in the wars, which the Arab states of Jordan, Egypt, and Syria launched against Israel. Despite the fact that the Lebanese army did not do much during this conflict and its success was minimal, it came to become one of the havens for the Palestinian liberation movements. While these groups were provided with a safe haven in Lebanon, their strength within the country grew so much that they started getting involved in the local political affairs. The arrival of these groups as well as the influx of Palestinian refugees increased the sectarian tensions, which were lurking just beneath the surface of the Lebanese society.

One of the most significant events that developed from the Arab-Israeli conflict and came to be a contributing factor in the destabilization of Lebanon is that which led to the Black September in Jordan.ii When the Jewish state was formed in 1948, the remaining Palestinian territories came under the control of Jordan and Egypt, with the former occupying the West Bank for maintaining its own security. Jordan had quite a large number of Palestinian refugees, who formed about half of its population, and when it occupied the West Bank, the Palestinian population doubled to form one third of the total Jordanian population. This country suddenly found itself in a situation where its native population had become a ruling minority. This situation inevitably led to a conflict between the two groups that formed the population of Jordan, especially when the Palestinian Liberation Organization (PLO) established itself within the country. Black September is the conflict, which arose between the Jordanian government of King Hussein, and the

Zero-Day Vulnerability Attack

Zero-Day Vulnerability Attack

As Forensics Expert discuss the process involve in investigating Zero-Day Vulnerability attack
Introduction
The Internet became essential in this 21st generation and people can’t live without Internet. As the growth of the use of Internet, new technologies are also invented to support our life. However this new technologies may also exploit to the vulnerability attack. One of the vulnerability attack is zero-day attack (0day). A zero-day attack is an attack that exploits a previously unknown vulnerability in a computer application, one that developers have not had time to address and patch.( Wikipedia, (2014)) The zero-day threat can be undetectable and unknown for most of the antivirus software and it is keep increasing in new form which try to hide itself. The incident handlers have to fight against this threat which may include both corporate and home users and security vendors. Once they found or discovered the new threat, they have to respond to it.
In order to investigate and have better understanding to zero-day attack, research and pratices are carrying out. Different security researchers have different opinion and ways to handle the zero-day threat. Most of the incident response program will usually implemented using a aphased methodology. This is because by using phased methodology will allow the lifecycle of incident response to be break down into seperate managable components. However, there are two popular methodology which one is from SANS Institute and one from the National Institute of Standards and Technology (NIST). Both the phased methodology are useful for handling incidents when zero-day exploits. The benefits of both the phased incident response plan and corresponding measures are they can detect and identify zero-day threat efficiently.
1. Phased Methodology 1.1 SANS Institute phased methodology
SANS Institute phased methodology consist of six phases which include
1) Preparation 2) Identification 3) Containment 4) Eradication 5) Recovery
6) Lessons Learned (Murray,2007)

1.2 NIST phased methodology
NIST version phased methodology consist of four phases which include
1) Preparation 2) Detection and Analysis 3) Containment, Eradication and Recovery
4) Post-Incident Activity (Scarfone, Grance, Masone, 2008)

Both of the phased methodology have the similarity. However, the incident response team (IRT) may need to modify the methodology so that it can specifically to handle zero-day attack. From IRT, the phases that have most impact to zero-day incident response will be preparation, identification or analysis and containment. This three important phases is essential when handling incident response to zero-day attack.
1.3 Incident Response Team Methodology
In order to deal with the zero-day threats, IRT have a methodology to perform proactively and reactively. The proactive will be focus to external threat when zero-day is known but haven’t any impacted to the organization. The reactive will be focus on how to response to the actual zero-day incident. This methodology consist of a cycle of three phases which are : 1) Monitor 2) Analyze 3) Mitigate

The monitor phase refer to monitor the public resources which is still ongoing. This is to identify the zero-day threats. The analyze phase refer to analyze of the threats exploited which conduct in a lab environment. This purpose is to identify the potential threat that may impact to the organization. In mitigate phase, the information that gathered from analysis will be build and implement inside the mitigation mechanisms.
2. Three important phases
2.1 Preparation
The two primary objective of preparation is to ensure incident response team (IRT) and sufficient controls to mitigate security incidents. (Scarfone,Grance,Masone,2008) First of all, IRT need to monitor on the Internet at all times to ensure the security. IRT should be able to react immediately to ensure the risk is mitigated. IRT need adequate controls to prevent and detect any possible attack. Besides that, this can be divided into two types of response which is external response and internal response.
2.1.1 External Response
External response can include analyzing external advisories. This can help to gather the information about zero-day attack through 5W1H (what,where,when,why,who,how). How does zero-day works and exploits? What is the target is? When is the exploitation? Where zero-day exploited? Who get impacted by zero-day? Why zero-day attack such platform? The following methodology is for external response.

2.1.1.1 Build an Incident Response Lab
IRT can have a lab environment which consist of system that can simulate the role of attacker and victim. The lab should also include machine that have tools, interpreters and compilers in order to provide different types of source code files that related with zero-day. However, the victim machines should in exactly the same condition within that organization include operating system used.
2.1.1.2 Monitoring to Public Resources
Monitoring what happen to the Internet is one of the essential component in our daily life. IRT needs to be constantly monitoring and keeping an eye on new trends of attacks, public internet resources and any other security vulnerabilities. One of the well-known resources for notification is the SANS Internet Storm Center (ISC) (http://isc.sans.org). The ISC monitors different types of public resources which included the logs from devices that used by businness and home users.
2.1.1.3 Analyze the Threat
Once a zero-day is found, IRT should able to reproduce it in lab environment to find out the impact level of it. This consist of few steps need to carry out. The first step is to review the targeted software or application, operating system or version of it. After that, all the settings and platform are set up so that it is applicable to the environment. The last step is to monitor the system and it should run a sniffer to capture all the packets. Once completed, the exploit is launched to attack the target. After the attack succesful, IRT can start to investigate and identify the threats include the ports use, payload size and others.
2.1.1.4 Mitigation
Once the threat is been analyzed, IRT should gather all the information and start to mitigate. All the ports that was used, can be checked and filtered through firewall to ensure that it is blocked.
2.1.2 Internal Response
For the internal response, the following methodology is used.

2.1.2.1 Monitoring Internal Log
The log monitoring is an essential factors in secure network. All the information should recorded in log in order to trace back and secure the network. On eo f an open source platform is Alien Vault’s Open Source Security Information Management (OSSIM) (http://www.ossim.net).
2.1.2.2 Monitoring Suspicious Network Activity
As most of the malicious are try to hide itself and traverse through the network, network activity logs is crucial. The network analyser should look for the malware propagation, command of communication and the network traffic. There are different types of tools that can be used to improve netowrk security systems such as Ourmon (http://ourmon.sourceforge.net/), Bothunter (http://www.bothunter.net/), Honeynet (http://www.honeynet.org/) and others.
2.1.2.3 Monitoring Host Activity
In order to improve the monitoring, monitoring an individual systems can be also crucial to identify zero-day. This is because it attacks can be unnoticed, so host monitoring is important for indentification and detection. Some of the tools can used to identify anomalous activity such as Tripwire (http://www.tripwire.com), OSSEC (http://www.ossec.net) and others.
2.1.2.4 Malware Analysis and Collection
In order to collect the malware and respond to it, some of the tools is needed to capture it. The IRT should ensure that they have the ability to capture and analyze malware. One of the best way to capture malware is using honeypots. Honeypots are used to identify new types of attack, track hackers and collect the malware. There are some tools that can be used as honeypots such as Honeyd (http://www.honeyd.org/).
2.1.2.5 Application Whitelisting
Application whitelisting is popular used recently. It permits all known and safe production applications to run and install, but block all unkown applications. This will prevent any remote code execution. One of the benefit by using application whitelisting is it only allowed known trusted applications to run. On the other hand, the limitation could be malware injected itself into the whitelisting process memory.
2.2 Detection and Analaysis
In order to detect and analyse, the following methodology is used.

2.2.1 Identify
The IRT needs to identify the potential signs of compromise, gather events and investigate it. After gathered the information, it should analyzed and mitigated. The potential signs oof compromise may include strange log entries or network activities or any others anomalous activity. Besides that, end users are also can be indicators of suspicious activity. They may click suspect links, surf social netowrking sites and respond to phishing emails.
2.2.2 Correlate
After all the information is identified and gathered, correlate events to investigate the source of the suspicious activity. All the connections should be identified in the netowrk logs and determine where is the source come from. One of the tools is Sysinternals (http://technet.microsoft.com/en-us/sysinternals/bb545021) used to gather system information which included incident response tools (Helix).
2.2.3 Analyze
After the process is identified, it is going to analyze it. IRT should analyse all the suspicious process include the processes that hidden in Explorer.exe. As most of the times malicious are try to hide itself, IRT needs some trusted tools to identify and analysis all the processes. One of the tools that is useful to dump a process without killing it is Microsoft’s User Mode Process Dumper.( http://www.microsoft.com/en-us/download/details.aspx?id=4060)
2.2.4 Mitigate
Once the processes is identified, in order to protect the mechanism, IRT should prevent it from executing. IRT should identified the child process launched, DLLs, and any related user information. One of the tools is CurrProcess by NirSoft (http://www.nirsoft.net/utils/cprocess.html). This useful tools will show all the process information which include name, priority level, process id and memory usage.
2.3 Containment
The purpose of the containment phase is to prevent any further spread of the threats or incident. Once the incident is been detected and analyzed, action should be taken in order to prevent any further damaging make by the threats.
2.3.1 Network Level Containment
In network level, the best way is to block on network devices. While IRT identified the particular was zero-day, other systems may get infected too. It is important that to implement containment across the network. This is to prevent any incident from propagation from one system to another.
2.3.2 Host Level Containment
In host level containment, the information gathered previously in detection and analysis phase can be used. First of all, IRT should kill all the running proces

Aerospace Engineers :: essays research papers

Aerospace engineers examine, analyze, design, produce, and occasionally install components that make up aircraft, spacecraft, high-altitude vehicles, and high-altitude delivery systems (missiles). Satisfaction with the romantic image of rocket building can buoy many engineers through the highly anonymous work environments that many of them face. Individuals don’t assemble rockets; teams do, dozens of teams working in highly supervised coordination. An aerospace engineer plays some part on one of the teams, spending more of her time (roughly 70 percent) in a lab, at a computer, and assembling reports than doing anything else. Not being able to see the “big picture” frustrates some professionals. The path to becoming an aerospace engineer is a rigorous one, but those who manage to survive the difficult lift-off emerge with an above-average degree of career satisfaction.

Academic requirements are strict and wide-ranging: Physics, chemistry, computer science, mathematics, materials science, statistics and engineering courses provide the base for any aspiring rocket scientist. Some colleges offer a degree in aerospace engineering; others offer a more generalized engineering degree with some coursework in aerospace engineering. These courses might include aerospace guidance systems, extreme-altitude material science, and the physics of high-altitude radiation. Internships, summer jobs, and any experience in the field are helpful, as entry into this industry is highly competitive. Many aspirants may need to relocate to California, Washington State, or Texas, where the majority of defense industry aerospace work is done, to work for companies such as NASA, Boeing and Lockheed Martin.Two years into their job an aerospace engineer can be planning on being Junior members of research staff are swamped with work, both in the lab and in offices, crunching data and organizing research. More like “lab assistants,” their early years are marked by relatively menial tasks (testing of equipment, tracking results) with little input into the testing or recommendation process.

Average hours and pay characterize these environments, but education continues apace. Few people leave the profession during these years; the hours already devoted in school make it easier to tolerate these few extra workplace indignities. And in about five years one will be leading research teams and turn into people managers as well as project managers. This is an unanticipated turn of events for some, as it removes them from the challenging, intellectually rarefied environment they enjoy and places them in a more administrative role. Most significant design and production work is done in these years.

Skip to toolbar